Model-based testing of digital control and safety technology
Model-based testing of digital control and safety technology
Modelling the behaviour of a switch as a SysML state diagram.
Credit:
DLR
DLR has many years of experience in testing on-board units. Its accredited RailSiTe® laboratory tests whether these train-side computers are compliant with the standardised European Train Control System (ETCS).
But where do the test cases that an on-board unit has to pass actually come from? As is common practice in testing today, they are derived by test experts from the system specification. This is time-consuming and results in a large number of test cases for complex systems - there are currently 1800 for the on-board unit. And yet it can happen that important parts of the system are not covered by the test cases.
Model-based testing
This is where DLR's research activity on model-based testing of railway control and safety technology comes in: if a system specification is available in the form of a model - as is the case for the interfaces of Deutsche Bahn's new digital interlockings - it is in principle possible to automatically generate a set of test cases from it that completely covers the model. The aim of this research activity is to make this usable.
In a first step, a component of the control and safety technology, the Radio Block Centre, which is also part of ETCS, was modelled at DLR. The behaviour was mapped in SysML state diagrams. The model can be configured for any route sections, from which an executable radio block centre can then be generated. In this way, the model could be integrated into the RailSiTe® laboratory's railway operations simulation and validated for an example route.
The video shows a train journey carried out in the RailSiTe laboratory with the European Train Control System ETCS Level 2. As the required ETCS component "Radio Block Centre" (RBC) was developed on the basis of models using state diagrams, the current internal RBC states and state transitions (in red) can be observed live during the journey.
RBC Modell Simulation ETCS NGRS3
Your consent to the storage of data ('cookies') is required for the playback of this video on Youtube.com. You can view and change your current data storage settings at any time under privacy.
RBC Modell Simulation ETCS NGRS3
The video shows a train journey carried out in the RailSiTe laboratory with the European Train Control System ETCS Level 2. As the required ETCS component "Radio Block Centre" (RBC) was developed on the basis of models using state diagrams, the current internal RBC states and state transitions (in red) can be observed live during the journey.
The validated component model can now serve as a reference for real implementations. Or test cases can be generated from it; a suitable test case generator must be selected for this purpose. DLR is currently researching how suitable models and generators can be used to test control and safety technology components with the highest possible coverage and for use on any route sections.
Interface and system tests
At the same time, the experience gained with testing on-board units is to be transferred to other components: for the digital interlocking interfaces already mentioned, it is essential that they conform to the standard, just as it is for ETCS components. In future, it should be possible to combine components from different manufacturers like building blocks in order to reliably secure and control railway traffic. The successful integration of a light signal and the Radio Block Centre model described above into the RailSiTe® laboratory's railway operations simulation means that the first interfaces - in addition to those to the on-board unit - can already be tested. At the same time, these are important steps towards complete system tests in the laboratory, which should replace expensive field tests on the interaction of real railway signalling systems in the future.
