A New Algebraic Approach to Decision Making in a Railway Interlocking System Based on Preprocess
The safety of railway networks is a very important issue. Roughly speaking, it can be split into safety along lines and safety of railway facilities such as stations, junctions, yards, etc. In modern networks the safety along lines is controlled by automatic block systems that do not give clearance to trains to enter a section (block) until the latter is detected to be unoccupied. Meanwhile, the safety within railway facilities is supervised by railway interlocking systems. Decision making in a railway interlocking is a very important issue which is considered to be very labour-intensive. Decision-making in both automatic block systems and railway interlocking systems, unlike road traffic light systems, is not based on time (they are not scheduling problems) but in space. Basically, two different trains should never be allowed to access the same section (whatever time has passed). There are many different approaches to automate decision-making in railway interlocking systems. The classic approaches are offline: only certain routes are allowed and their compatibility is decided in advance. Meanwhile, modern approaches make decisions in real time and are independent from the topology of the railway network, but can be applied only to small or medium size railway networks. Nevertheless, these last approaches have the following drawbacks: the performances are very dependent on the number of trains in the railway network; and are unsuitable to large networks since they take long time to be run. On the other hand, algebraic approaches based on computer algebra concepts have been used in artificial intelligence for implementing expert systems. In this paper we present a completely new algebraic model, based on these concepts of computer algebra that overcomes these drawbacks: the performance of our approach is independent of the number of trains in the railway network and also is suitable for large railway networks.
The safety of railway networks is a very important issue. Roughly speaking, it can be split in safety along lines and safety of railway facilities such as stations, junctions, yards, etc.
In modern networks the safety along lines is controlled by automatic block systems, that do not give clearance to trains to enter a section (block) until the latter is detected to be unoccupied.
Meanwhile, the safety within railway facilities is supervised by railway interlocking systems. Decision making in a railway interlocking is a very important issue which is considered very labour-intensive.
Railway interlocking systems are conceived so that different trains can be placed on different sections. Semaphores (mechanical devices) or light signals and turnouts must be stated so that two trains cannot collide when moving, if obeying the signalling. A railway interlocking system has the purpose of not allowing unsafe situations in the railway network. In fact the most sophisticated railway interlocking systems also forbid the switches under the train to be changed before the train has left that section, an issue that is not addressed in this article.
Let us underline that decision making in both automatic block systems and railway interlocking systems, unlike road traffic light systems, are not based on time (that is, they are not scheduling problems) but in space: basically, two different trains should never be allowed to access the same section (whatever time has passed since the first one entered the section). The reason is that trains need long distances to break and a train can be unexpectedly found stopped at a certain place due, for instance, to a breakdown. This approach has allowed to introduce semiautomatic train operation and even driverless train operation in some subways and airport shuttle services much earlier than autonomous cars were developed, although that is not the topic of this article.
The first railway interlocking systems were mechanical and were installed in the second half of the nineteenth century (Figure 1). In the mid twentieth century the control was relays-based (Figure 2). From the 1980s, most of the new railway interlocking systems are computer-controlled (electronic interlocking systems) [1–4]. Many of the interlocking systems are specifically designed for a particular railway network and they are not topology-independent. For instance, the first topology-independent railway interlocking system in Spain was installed only in 1993 . Detecting if the situation of trains in a railway network is dangerous is an eye-catching problem. Traditionally, an offline approach is followed: only certain routes are considered and what is allowed by the interlocking is established in advance, usually by hand .
Modern approaches use algorithms for checking in real time the safety of a railway network: any proposed change in the position of switches and the signals aspects is analyzed in real time before being authorized. Clearly, an exhaustive analysis of all the possible movements allowed to all trains according to the proposal has to be performed. Obviously, the performance of the algorithm is a crucial issue of these approaches. It is surprising that, in real railway interlocking systems, unacceptable errors can be found (this happened, for instance, in the railway interlocking system of a tiny subway station ).
There are many different papers regarding computer applications to railway interlocking systems in general  and decision making in particular. These latter works either create a formal specification for an existing railway system (in order to verify it or to create a new decision making tool) or describe a completely new model for railway interlocking systems. Some of these approaches depend strongly on the number of trains in the railway network and are not suitable for large railway networks.
This paper deals with a new algebraic method for detecting the safety in a railway network that overcomes these previous drawbacks. It uses computer algebra concepts (like Boolean polynomials, ideals, Groebner bases, or normal forms) to solve the problem of decision making in a railway interlocking system.
The paper is structured in the following way. In Section 2, we will discuss techniques related to ours. In Section 3, we will define formally concepts related to railway networks. In Section 4, we will describe our method (as a black box) for determining the safety of a railway network. In Section 5, we will explain the basis of our algebraic approach based on the calculations of Groebner bases and normal forms. In Section 6, we will show the advantages of our model. As said above in this section, there are very many different approaches to decision making in a railway interlocking (see, e.g., the survey ), but usually the code is not available. That is why different approaches are described in Section 6 but the new system proposed is just compared with four (but very different) approaches, for which the complete implementation was available. Finally, in Section 8, we will set our conclusions.
2. Related Works
2.1. An Overview of Different Approaches
In this section, we will analyze different approaches for the problem of detecting the safety of a certain situation in a railway network.
In the classic approach, admissible train routes are predefined. A route denotes a path along the topology of the station or junction (for instance a path from an entrance of the station to a certain track where the train will stop). Establishing a route implies adequately setting the switches of the turnouts and light signals along the train route. Once an engine driver has been given a proceed signal concerning a route, the route is locked (that is, it cannot be changed before the train has completely cleared it). The standard approach to railway interlocking systems design is to predefine the admissible train routes and to manually study in advance their compatibility.
Many works have been proposed for railway interlocking systems (see, for instance, the survey ). These works either are specifically designed for an existing railway system or develop a generic new model. The Ph.D. thesis  uses a theorem prover implemented in higher-order logic to detect the safety of a certain situation in a railway interlocking. This work is revisited using an annotated logic program with temporal reasoning in . The work  uses ordered binary decision diagrams to model railway interlocking systems. The work  uses Z notation for an example in the Slovak National Railways. In , a VDM model is presented for a case in the Danish State Railways. In [13–15] statecharts are used instead.
An early topology-independent formal model is . It uses different layers of abstraction (called domains). Petri nets are used for the dynamic domains and double point graphs as well as logic invariants for the static domains. It is implemented in Objective-C and PROLOG. Let us underline that it does not follow the standard approach to railway interlocking systems; the concept of routes has been replaced with a context-free check of the permissibility for each controlling command.
A generic tool for verifying and validating railway interlocking systems is detailed in . The track interlocking tables corresponding to an existing tramway network is represented using a domain-specific language (DSL) as illustration, and they are automatically transformed into an executable control system model expressed in SystemC.
In  DSL is also used to represent and analyze the track layout diagrams, interlocking tables, and circuit diagrams of existing relay interlockings of the DSB (Danish state Railways).
In  the size of the layouts that can be addressed using formal methods for checking interlocking tables described with control tables is explored. The symbolic model checker NuSMV and the verification system SPIN are used and the conclusion is that these methods cannot be used to address large layouts.
The model checker NuSMV is also used in , where a formal model is built from a high-level (logic) description. The interlocking system is interpreted as an Abstract State Machine (ASM). The approach is applied to certain railway interlocking systems of Queensland Rails (QR) network.
2.2. Some Approaches with Available Code
The following topologically independent approaches do not consider the direction of the trains (allowing to directly deal with special situations like reversing loops and reversing triangles).
Model Based on Graphs. In  the problem is translated into graph theory language and treated using a matrices-based approach. This approach cannot be used for large railways networks because the matrices involved are square and sparse but (where is the number of sections of the network).
Algebraic Model. In , the problem is directly translated into an algebraic problem. According to this model, the safety of a railway network may be detected by calculating the Groebner basis [25–27] of a polynomial ideal. This approach is not suitable for large stations since the calculation of the Groebner bases of these polynomial ideals usually take a long time. These Groebner bases depend not only on the position of the switches of the turnouts and the color of the light signals, but also on the position of the trains. Curiously, computing times decrease in this model when the number of trains increases, as variables (representing sections) are substituted by numbers (representing trains).
Model Based on Boolean Propositional Logic. In , the problem is directly translated into many SAT problems which can be solved using an algorithm based on the DPLL technique . Indeed, the safety of a railway network may be detected by solving SAT problems where is the number of sections of the railway network. These SAT problems depend on the position of the switches of the turnouts and the color of the light signals, as well as on the position of the trains. Like the previous approaches, this approach is not suitable for large stations, since many SAT problems need to be solved for a particular configuration of the railway network.
Logic-Algebraic Model. According to the model , the safety of the railway network may be detected by calculating a Groebner basis of an ideal of Boolean polynomials, (which usually takes considerable time), and the normal forms of polynomials modulo (which is usually very fast computed). Like in , only a Groebner bases calculation is required for a particular state of the railway network. However, this model is much faster than , since the Groebner basis of this model (unlike the model ) is calculated on Boolean polynomials. This model is also faster than the previous one . Nevertheless, this approach depends on the position of the trains and the performing time for calculations strongly depends on the number of trains.
ASP Model. According to , the problem to check the safety of the railway network is directly translated in the answer set programming (ASP) paradigm, defining relations and derived relations and solving the problem with logic techniques from ASP. This approach is much faster and efficient than previous approaches and thus can be applied to larger railway stations. From an operational point of view, the response time of this model depends on the number of trains in the station; i.e., more trains means more time to check the safety.
However, all of the previous approaches (except ASP) are not suitable for very large railway networks with many trains, since they involve long time to detect dangerous situation. In this paper, we will propose a completely new approach based on the calculation of a Groebner basis. In this new algebraic approach, unlike the algebraic approach in , we deal with Boolean polynomials and we use specialized algorithms for calculating Groebner bases over Boolean polynomials . The approach here presented is completely different from . Indeed, the set of polynomials for which we calculate the Groebner basis does not depend on the trains in the railway network (unlike ). As we will see in Section 6, once a precomputation has been performed, our approach is much faster than the previous ones (see Section 6) and is suitable for very large stations.
3. Basic Concepts regarding a Railway Interlocking System
Let us consider the tiny station in Figure 3(Notice that the turnouts represented in the figures are really punctual elements that do not represent section themselves, they only represent the connectivity between sections.). As may be seen, the railway network represented is divided into sections, denoted in this case (there is a light signal between sections and , a turnout connecting sections and , and another light signal between sections and , and so on).
Taking on Figure 3 as example, the position of the switches can hold two states:(i)Direct track position: the switch of turnout connects sections and .(ii)Diverted track position: the switch of connects sections and .
The position of the switches of the turnouts in Figure 3 is as follows: is in the direct track position (connecting and ) and in the diverted track position (connecting and ). Note the symbols under the turnouts.
In this paper only nontrailable turnouts will be considered. However, it will be easy to extend this approach in order to model trailable turnouts just adding more polynomials. Let us underline that a trailable turnout is a turnout that allows to be passed even when the switch is not in the correct position.
A light signal can hold two states:(i)Proceed, represented by or in the figures. For instance, in Figure 3, indicates “proceed", thus it is possible to pass from to ,(ii)Stop, represented by or in the figures. For instance, in Figure 3, indicates “stop", thus it is not possible to pass from to .
If, for instance, three trains are placed on , and (respectively), and the switch of is in the direct track position, and the switch of is in the diverted track position; , , indicate “proceed" and , , , indicate “stop" (see Figure 4); the proposed situation is dangerous because section and are reachable by the trains placed in and .
If, for instance, two trains are placed on and (respectively), and the switch of is in the direct track position, and the switch of is in the diverted track position; , , indicate “proceed" and , , , indicate “stop" (see Figure 5); the proposed situation is safe.
More formally, let us consider a railway network with sections and trains placed in it. A section is a connected (single piece) part of the network, separated from the adjacent (neighbour) sections by a light signal or a turnout.
It is possible to pass from section to the adjacent section if and only if(i)there is a turnout between sections and section , and its switch directs trains from to section and conversely (like and in Figure 3),(ii)there is a light signal controlling the pass from to , and it indicates “proceed” (for instance, the light signal controlling the movement from to in Figure 3, indicates “proceed”),(iii)there is no light signal controlling the pass from to , and they are not connected by a turnout, but there is a light signal controlling the pass from to (like and in Figure 3).
We provide afterwards a recursive definition illustrating the idea that a train may reach a given section.
Definition 1. The notion “a train can reach section ” is recursively defined as (i)if train is in section then it can reach section ,(ii)if train is in section and it can reach section and it is possible to pass from section to section according to the position of the switches and the color of the light signals, then train can reach section .
Definition 2. Let be a positive integer, , and let . The position of trains in sections (one in each section) is dangerous if and only if there is a section reachable from two sections and () where two different trains are placed.
4. Overview of Our Approach
In this section we will describe the approach proposed for determining the safety of a railway network composed of sections, denoted as .
Our approach is based on defining a set of Boolean polynomials (that is to say, polynomials whose coefficients are in ) in variables . A variable and a variable are considered for each section in the railway network. More precisely,(i)a polynomial variable, , is assigned to each section ;(ii)another polynomial variable, , is considered for each section . Let us underline that variables represent neither a section nor a train. The polynomial variables will be used to introduce both the allowed connectivity between sections (see the paragraphs immediately below and Section 5) and the sections occupancy (through the membership of some of these polynomial variables to a certain polynomial monomial that introduces the positions of the trains).
For a configuration of the railway network (defining the position of the switch of each turnout and the color of each light signal), we will consider the following steps.
Step 1. Obtain a set of polynomials according to the connectivity of the railway network: if it is possible to pass from section to section , we will consider the polynomial . That is to say, we have that
Step 2. Calculate the Groebner basis, , of the following ideal: (with respect to a certain order for the monomials and a certain order for the polynomial variables). Although Groebner bases [25–27] is a complicated concept of algebra to be completely detailed here, in Section 5.1, we will describe those properties of this concept which are relevant for our purpose.
Once these two steps are calculated, we can determine whether the position of a set of trains is dangerous or not. In this approach, a train only can be placed in one section at the same time, however, as we will see later in Section 7, we can extend the proposed model to take into account when a train occupies several sections at the same time.
Step 3. Let be a positive integer, , and let . For determining if the position of trains in sections (one in each section) is dangerous, we calculate the normal form of the monomial modulo ( can be given through the Groebner basis previously calculated): Like Groebner bases, the concept of normal form is also enough complicated to be completely described here. Nevertheless, in Section 5.1, we will describe those properties relevant for our purpose.
In this step we can detect if the position of the trains is dangerous. Indeed, as we will see in Theorem 9, we have that the position of the trains is dangerous if and only if contains a number of variables lower than .
As we will see, Step 1 and Step 2 are only needed to be performed again if the configuration of the railway network changes. Only Step 3 must be performed (which is very fast done, around 0.0001 seconds) for different placement of the trains. As we have previously stated, this is an important advantage of the present approach over the previous approaches, which require to completely run the algorithm for different positions of the trains.
4.2. Example of the Approach
Let us consider the example of the railway network depicted in Figure 3. Since this railway network contains 11 sections, we will make use of polynomials in variables .
Step 1. We calculate the set of polynomials related to the connectivity of the railway network (defined in Step 1 of Section 4.1):(for instance, is included in because it is possible to pass from section to section ). Observe that trailing through a switch set against is not allowed. Then it is as if the turnout was guarded by (possibly) nonexistent light signals. For instance, it is considered that moving from to and from to is forbidden.
Step 2. We calculate the Groebner basis of the ideal:andis obtained.
Step 3. Once the Groebner basis is calculated, we can immediately determine if the position of a set of trains is dangerous for this configuration of the railway network.(i)As example, if there are three trains respectively placed in sections , in order to determine if the position of the trains is dangerous, we just simply need to calculate: As may be seen, there are only two variables in , which is lower than the number of trains. Therefore, we determine that the position of the trains in is dangerous (as may be seen, section is reachable from sections and section , where trains are placed).(ii)As example, if there are now two trains respectively placed in sections , in order to determine if the the position of the trains is dangerous we just simply need to calculate: As may be seen, there are two variables in , which is equal to the number of trains in the railway network. Therefore, we determine that the position of the trains in is not dangerous.
5. Theoretical Foundations of Our Approach
In this section we will detail the theoretical foundations of our algebraic approach for the problem of detecting dangerous situation in a railway network. In Section 5.1, we will give some outlines about concepts of computer algebra (like Boolean polynomials, ideals, Groebner bases, normal forms) which are relevant for this paper. In Section 5.2 we will describe the problem of detecting dangerous situation in an interlocking system by means of states and transformation of the states by means of operations. As we will see in Section 5.3, these states may be represented in algebraic terms (by means of Boolean monomials) which will allow us to determine whether the position of the trains is dangerous or not.
5.1. Some Introductory Notes about Boolean Polynomials and Ideals
In this section we will describe some outlines about Boolean polynomial. A polynomial is a polynomial in the variables whose coefficients lie in the field . An example of this kind of polynomials is
We must take into account the fact that the coefficients lie in , and therefore, we have that (since 1+1=0 in ), for example,
As we have previously seen, the concept of ideal will play an important role in our approach. An ideal is a special kind of subset of a ring: it is also a ring and has the curious property that the product of an element of the subring by an element of the ring (and vice versa, if the ring is not a commutative one) always belongs to the subring. For instance, the set of even numbers is an ideal of the integers. In our case, the ideal , generated by , denoted , turns out to be the set of polynomials of the following form: where are polynomials in , that is, is the set of algebraic combinations of .
Given a polynomial , we define as the set of polynomials of the form where . It is possible that although .
Example 3. Let us consider the ideal and the polynomial . We have that
In this paper, we will consider polynomials in . The ideal defined in Section 4 is generated by the following polynomials:(i)The polynomials , ,. This involves that, for every polynomial , we can get a polynomial such that and the exponents of all the variables in is 1.
Example 4. Let us consider, for example, the ideal and the polynomial . We have that
Remember that (as we have seen before) and (ii)The polynomial if it is possible to pass from section to section . This involves that for every monomial we can obtain other monomials in variables and .
Example 5. In the example of the railway network described in Figure 3, we have that :
By means of these substitutions induced by the ideal , we can obtain, for every monomial , another monomial whose variables are to power 1 and such that .
An important solved issue in computer algebra is to find the “simplest” monomial such that . In a formal way, we pose the problem of finding the minimal polynomial (where a total order between monomials, , must be defined) such that . This polynomial is what is called normal form of modulo the ideal (under the order ), , which can be calculated by performing pseudodivisions of the polynomial by a Groebner basis of the ideal (which are required to be previously calculated). In this way, the concept of normal form requires defining a monomial order.
For the purpose of this paper, we will define the following order between monomials:(i)If contains a lower number of variables than , we have that .(ii)If contains exactly the same number of variables as , we have that , where is the typical lexicographical order used in computer algebra.
By means of this order , the normal form of modulo , , returns the monomial with minimal number of variables in such that . Next equations are examples of order used in this approach:
5.2. An Approach to the Railway Interlocking Problem Based on States
Here we will see how the interlocking problem can be described by means of states which are transformed by means of operations. On the one hand a state describes the sections where the trains are presently placed in the railway network at a given moment; on the other one, past states describe the sections where the trains were placed in the railway network in the past. Operations of the states (i.e., transitions between states) represent possible movements of the trains in the railway network.
For our purpose, each state is described by a subset of variables , .
The following are examples of possible states of the railway network in Figure 3: ,.
We can transform a state into another one by means of one of these operations (we will denote ):(i)When it is possible, substitute all in by the monomial if it is possible to pass from to . For example, we have that ( and ) by substituting by , because .(ii)When it is possible, substitute all in by the variable if it is possible to pass from to . For example, we have that ( and ) by substituting by , because .
Variables and in these states inform about possible movements of the trains. Variables indicate the present position of the trains, and variables the sections through which these trains have gone. Indeed,(i)the state represents that there are trains in the sections , (variables appear in );(ii)the state represents that there are trains in the sections (variables appear in ) and that (at least) one of these trains has passed through the section (variable appears in );(iii)the state represents that there are trains in the sections (variables appear in ) and that (at least) one of these trains has passed through the sections (variables appear in );(iv)the state represents that there are trains in the sections (variables appear in ) and that (at least) one of these trains has passed through the sections (variables appear in ).
As may be seen, states , contain the same number of variables representing the position of the trains in different times. However, we can transform the state into the state by substituting with (the train which was in section moves to section ). In this case, the number of “” variables is lower than the cardinal of , since the variable (that we add with the operation) indeed belongs to the previous state . The operation means that the train which was in section moves to section , and, since section was occupied by another train, a possible collision may happen.
Following this reasoning, we have the following.
Proposition 6. Let be a positive integer, , and let . The position of trains in sections (one in each section) is dangerous the state can be transformed into a state with a number of variables lower than .
In the previous example we had . According to the previous proposition, the position of the trains in sections , , (related to the state ) is dangerous in the railway network (as we saw in Section 3).
5.3. Interpretation of States in Algebraic Terms
In this section, we will represent each of the states described in the previous section by means of a Boolean monomial. As we will see, this representation will be useful for determining whether the position of the trains is dangerous or not.
We represent each state , a set consisting in one monomial, by means of precisely such monomial, so , and can be expressed as follows: where . In this way, we have the following:(i)(ii)(iii)(iv)(v)
As we saw in Section 5.1, the operations previously defined for transforming a state into are completely related to the fact that . Therefore, we have the following.
Proposition 7. Let be two states. We have that
Let us clarify this proposition with the example of Figure 6. In this case we have that because the light signal represented by indicates “proceed", thus .
We can define as possible states where State is equivalent to state and different from state ( and ). Calculating that represents two trains placed in sections and respectively, we have that
Consequently, Proposition 6 can be stated in the following way.
Proposition 8. Let us consider a railway network composed of sections, let be a positive integer, and let . The position of trains in sections (one in each section) is dangerous there is a monomial with a number of variables lower than , such that .
In order to find this polynomial , we make use of , the normal form of the monomial modulo the ideal . According to Section 5.1, , returns the monomial with minimal number of variables such that . Consequently, we have the following result.
Theorem 9. Let us consider a railway network composed of sections and let be a positive integer, . The position of trains located in sections is dangerous contains a number of variables lower than .
6. Evaluation and Discussion
In this section, we will analyze the performance of the approach presented here, comparing it with other techniques with available implementations. Indeed, we have made a comparison between the times required to calculate the safety of the railway network with different sections and trains. All experiments have been carried out on the same computer.
6.1. Comparing the Performances of the Logic, Algebraic, and Logic-Algebraic Models
In Table 1, a comparison between the times required to calculate the safety of certain railway networks in different situations using different models is shown. The Logic , Algebraic , and Logic-Algebraic  models were implemented in the computer algebra system Maple.
We can state that these three models are strongly dependent on the number of sections and trains. From the experiments carried out (and as can be seen in the first two columns of Table 1), we can affirm that timings grow very quickly with the number of sections. The timings obtained make it clear that these models are not appropriate for middle size or large size railway networks.
Regarding the influence of the number of trains on timings, they grow quickly both in the Logic and Logic-Algebraic models. In the Algebraic Model, the polynomial variable corresponding to the section is substituted by an integer number when a train is declared to be in a certain section. Therefore more trains mean less variables in the Groebner basis. So, curiously, if the number of sections is fixed, timings decrease if the number of trains increases. In the degenerated case of one different train in each section, we would have time to be equal to 0 in the Groebner basis computation, as there is no variable left.
6.2. Comparing the Performances of the ASP and the New Model
Meanwhile, the ASP model  and the new proposed model can be applied to large railway networks. We have used as example for the benchmarks Madrid Chamartin station in its state prior to the transformation of some of its tracks into international gauge , with 300 sections and more than 200 turnouts and light signals.
The ASP model was implemented in Smodels. Finally, the model introduced in this article has been implemented in PolyBoRi , an specialized software to calculate Groebner bases and normal forms on Boolean rings. Table 2 shows the times obtained considering different numbers of trains (Times in Smodels are calculated taking into account the lparse and smodels executions. We apply the same rule in PolyBoRi.).
The main results from Table 2 are, one the one hand, that the efficiency of our method is always high superior to the other approaches tested when the GB is previously calculated; on the other hand, the time to calculate the GB is reasonably fast (e.g., for Chamartin Station), providing very competitive times for large networks. Moreover, the Groebner bases computed in the preprocess step can be stored and used in case the same situation is proposed again. Let us observe that our two steps method connects somehow with the traditional methods that check the compatible routes in advance.
In our approach, computation timings for the Groebner bases preprocess grow when the number of sections increases (as happens in all the other models).
But, unlike the other approaches, ours does not need to perform all the calculations for the different positions of the trains for a given specific particular state of the turnouts and light signals. Indeed, we only need to calculate the normal form of one monomial (once the Groebner basis is calculated for this particular state of turnouts and light signals), as detailed in Theorem 9. The time for calculating this normal form grows with the number of trains, as can be seen in Table 2. Nevertheless, these timings of this second step have always been negligible (lower than 0.01s in all the experiments carried out, regardless of the size of the railway network or the number of trains).
On the contrary, the other approaches require to recalculate all the computations.
6.3. Comparison: Final Remarks
The approach presented in this paper only focuses on the safeness of the proposed situation; meanwhile other approaches like [23, 34] also consider other properties such as reachability of sections or the situation of the switches of the turnouts under a train (that shouldn’t be changed under any circumstance to avoid derailments due to a premature change of the switch during the transit of the train). Another issue not treated in our model is the confirmation that the switches of the turnouts and the light signals have really been set to the ordered situation (something considered, for instance, in ; this latter approach uses a real-time system, a flexible approach with a wide variety of applications ).
On the other hand, our new approach can handle really big layouts (like the one in the example of Table 1, with, as said above, 300 sections and more than 200 turnouts and light signals, what is a far bigger layout than any one that we have found treated in real time). For instance, the authors of  mention that “our study is unique in the fact that modeling and verification of mid to large size railway yard is being undertaken in UPPAAL model checker (…)” and the example presented (Rawalpindi Cantt station) has 25 semaphores and 27 mechanically operated points.
7. Model Extension for Trains Occupying Several Sections at the Same Time
Two trains are represented in Figure 7, one placed on section and another one placed on sections at the same time. It is common to find these situations in a real railway when several trains can occupied several sections at the same time.
In order to check the safety of a railway network with trains that can occupy several sections at the same time, we will redefine Step 3 of Section 4 as follows.
Step 3.1. As long as represents the sections occupied by a given train , we calculate . is a reduced initial state representing the sections occupied by a train.
Step 3.2. Once initial states have been calculated, we calculate the joint state which of all initial states.
Step 3.3. For determining if the position of trains with initial states is dangerous, we need to check if
where is a function that returns the number of variables in the monomial .
Example 10. As example, the safety of the railway network on Figure 7 will be checked.
Step 3.1. The first train is represented by and the second one is represented by . Therefore, the initial train states will be Step 3.2. Joint calculations of all initial states are Step 3.3. Check the number of variables in both monomials: so we have that the proposed situation of the trains on Figure 7 is safe.
Example 11. Let us propose another example where the situation in the railway network is dangerous. Figure 8 represents two trains, one located in and another one located on . In order to check if exists a dangerous situation, we will calculate the following.
Step 3.1. The first train is represented by and the second one is represented by . Therefore, the initial train states will be as follows: Step 3.2. Joint calculations of all initial states areStep 3.3. Check the number of variables in both monomials: So we have that the proposed situation of the trains on Figure 8 is dangerous.
In this paper we have presented a new algebraic model for railway interlocking systems. According to this new model, the position of the trains in a railway network is dangerous if and only if the normal form of a certain monomial (representing the present position of the trains) contains a lower number of variables than the number of trains in the railway network. We have implemented this model on the computer algebra system PolyBoRi resulting in a very short program code. Moreover, we have compared the execution times with other very fast models implemented previously.
As said above, the code has been developed in Smodels. The maximum number of trains and sections has been set to 300 in the ring definition (function __init__(self)) in order to book memory space, but these values can be increased. The whole code is included afterwards, except(i)the body of the definition of Buchberger function (that computes Groebner bases), taken from http://polybori.sourceforge.net/doc/tutorial/tutorialse3.html has been substituted by “...”,(ii)the input corresponding to the connectivity between sections, included in function define_ideals(self) has been shortened (substituting all the polynomials but three by “…”).
The code used in the tests is as follows:
from polybori.PyPolyBoRi import *
from polybori.gbcore import *
from polybori import *
from polybori.interred import *
from polybori.nf import *
from polybori.gbrefs import *
""" Variables ring declaration in Z2 by default in
r = declare_ring([Block("t", 300), Block ("s", 300)],
def _buchberger(self, l):
""" Define the main Ideal
# Init timer to calculate elapsed time
t_start = time()
# Ideal definition
self.K = [t(2) + s(2) * t(1),
t(3) + s(3) * t(2),
(t(275) + s(275) * t(265))]
""" Computes the Groebner Basis of a given Ideal K
# Calculate Groebner basis
self.gb = self._buchberger(self.K)
def get_gb_polys(self, gb):
""" Returns the polynomials of a computed Groebner Basis
return [poly for poly in gb]
def calculate_nf(self, poly):
""" Computes and returns the normal form of a polynomial
if __name__ == ‘ __main__’:
t_start = time()
# Create object
safety = Safety()
# Define main ideal
# Calculate Groebner Basis
print("Elapsed time: f" (time() - t_start))
# Get polynomials from the Groebner basis
# Calculate Normal Form of a given polynomial
t_start = time()
print(safety.calculate_nf(t(0) * t(1) * t(4)))
print("Elapsed time: f" (time() - t_start))
(In the last procedure that there are trains in sections , , and introduced as data.)
The data used to support the findings of this study are available from the corresponding author upon request.
Conflicts of Interest
The authors declare that there are no conflicts of interest regarding the publication of this paper.
This work was partially supported by the research projects TIN2015-66471-P (Government of Spain) and CASI-CAM S2013/ICE-2845 (Comunidad Autónoma de Madrid).
Anonymous, “Proyecto y obra del enclavamiento electrónico de la estación de Madrid-Atocha. Proyecto Técnico,” Siemens, Madrid, 1988.View at: Google Scholar
Anonymous, “Microcomputer Interlocking Hilversum,” Siemens, Munich, 1986.View at: Google Scholar
Anonymous, “Microcomputer Interlocking Rotterdam,” Siemens, Munich, 1989.View at: Google Scholar
Anonymous, “Puesto de enclavamiento con microcomputadoras de la estación de Chiasso de los SBB,” Siemens, Munich, 1989.View at: Google Scholar
L. Villamandos, Sistema informático concebido por Renfe para diseñar los enclavamientos, vol. 65, Va Libre, 1993.
K. Winter, W. Johnston, P. Robinson, P. Strooper, and L. van den Berg, “Tool Support for Checking Railway Interlocking Designs,” in Proceedings of the 10th Australian Workshop on Safety Related Programmable Systems, T. Cant, Ed., pp. 101–107, Australian Computer Society, Inc., Sydney, Australia, 2006.View at: Google Scholar
M. J. Morley, Modelling British Rail’s Interlocking Logic: Geographic Data Correctness, Technical Report ECS-LFCS-91-186, Laboratory for Foundations of Computer Science, Department of Computer Science, University of Edinburgh, 1991.
A. Janota, “Using Z specification for railway interlocking safety,” Periodica Polytechnica Transportation Engineering, vol. 28, no. 1-2, pp. 39–53, 2000.View at: Google Scholar
K. M. Hansen, “Formalising Railway Interlocking Systems,” in Nordic Seminar on Dependable Computing Systems, pp. 83–94, Department of Computer Science, Technical University of Denmark, Lyngby, Denmark, 1994.View at: Google Scholar
M. Montigel, Modellierung und Gewährleistung von Abhängigkeiten in Eisenbahnsicherungsanlagen (Ph.D. Thesis), ETH Zurich, Zurich, Switzerland, 1994, http://www.inf.ethz.ch/research/disstechreps/theses.
A. Ferrari, G. Magnani, D. Grasso, and A. Fantechi, “Model checking interlocking control tables,” in Proceedings of the Formal Methods for Automation and Safety in Railway and Automotive Systems FORMS/FORMAT 2010, E. Schnieder and G. Tarnai, Eds., pp. 107–115, Springer, Berlin, Germany, 2011.View at: Google Scholar
K. Winter and N. J. Robinson, “Modelling large interlocking systems and model checking small ones,” in Proceedings of the 26th Australasian Computer Science Conference (ACSC’2003), M. Oudshoorn, Ed., vol. 16, pp. 309–316, Australian Computer Science Communications, 2003.View at: Google Scholar
C. Zhou and M. R. Hansen, Duration Calculus: A Formal Approach to Real-Time Systems, Monographs in Theoretical Computer Science. An EATCS Series, Springer-Verlag, NY, USA, 2004.View at: MathSciNet
S. Veloudis and N. Nissanke, “Duration Calculus in the specification of safety requirements,” in Formal Techniques in Real-Time and Fault-Tolerant Systems. FTRTFT 1998, A. P. Ravn and H. Rischel, Eds., pp. 103–112, Springer, LNCS 1486, Berlin, Heidelberg, Germany, 1998.View at: Publisher Site | Google Scholar
A. G. Akritas, Elements of Computer Algebra with Applications, John Wiley Interscience, NY, USA, 1989.View at: MathSciNet
E. Roanes-Lozano, J. A. Alonso, and A. Hernando, “An approach from answer set programming to decision making in a railway interlocking system,” Revista de la Real Academia de Ciencias Exactas, Fisicas y Naturales. Serie A. Matematicas, vol. 108, no. 2, pp. 973–987, 2014.View at: Publisher Site | Google Scholar | MathSciNet