deadlock free dispatching for fleets of vehicles -...

35
Franco Mazzanti ISTI CNR Pisa Italy Alessio Ferrari ISTI CNR Pisa Italy Giorgio O. Spagnolo ISTI CNR Pisa Italy Forum Méthodes Formelles Tolosa, 10 October 2017 Deadlock free dispatching for fleets of vehicles

Upload: phamkiet

Post on 16-Feb-2019

216 views

Category:

Documents


0 download

TRANSCRIPT

Franco Mazzanti ISTI CNR Pisa ItalyAlessio Ferrari ISTI CNR Pisa Italy

Giorgio O. Spagnolo ISTI CNR Pisa Italy

Forum Méthodes FormellesTolosa, 10 October 2017

Deadlock free dispatchingfor fleets of vehicles

Presentation

Tolosa, 10 October 2017Deadlock Free Dispatching … 2

Franco Mazzanti

http://fmt.isti.cnr.it/kandisti

yellow

blue >>

yellow >>

blue

red >>

green >>

green

red

Vicolo Corto

Via AccademiaBCA01

I

II

Piazza Università

I

II

BCA02Via Verdi

I

II

BCA03Piazza Dante

I

II

III

BCA05BCA04

I

II

I I

II

Vicolo Stretto

Via Marco PoloVia Roma

Viale dei Giardini

Parco della Vittoria

I

II

III I

II

III

IVViale Monterosa

5

7

8

10

11

12

15

16

1718

20

22

23

24

25

262728

29

3031

32

139641 3

2

31

25

23

201613

12

109

8

76

2728

29

30

32

5

43

2

1

26

24

2217

15

1811

Senior Researcher

http://fmt.isti.cnr.it

CONSIGLIO NAZIONALEDELLE RICERCHE

Not only Safety … Not just Trains ..

Tolosa, 10/09/2017Deadlock Free Dispatching … 3

The original TRACE-IT goal:

Tolosa, 10 October 2017Presentation Title

Design an ATS (Automatic Train Supervision) System that:

- Controls the dispatching of a set trains on a railway layout- Handling a continuously running set of circular train missions- Preventing the occurrence of (partial) deadlocks.

4

Safety of the system is guaranteed by the ATP / Interlocking systems

What we have here is essentially a problem of (mission critical) liveness

The original case study

Tolosa, 10 October 2017Presentation Title

5

�We have a metro service: 8 trains providing circular services

[1,3,4,6,7,9,10,13,15,20,23,22,17,18,11,9,8,6,5,3,1][2,3,4,6,7,9,10,13,15,20,24,22,17,18,11,9,8,6,5,3,2]

[31,30,28,27,11,13,15,20,25,22,17,18,12,27,29,30,31]

[32,30,28,27,11,13,15,20,26,22,17,18,12,27,29,30,32]

yellow

blue >>

yellow >>

blue

red >>

green >>

green

red

Vicolo Corto

Via AccademiaBCA01

I

II

Piazza Università

I

II

BCA02Via Verdi

I

II

BCA03Piazza Dante

I

II

III

BCA05BCA04

I

II

I I

II

Vicolo Stretto

Via Marco PoloVia Roma

Viale dei Giardini

Parco della Vittoria

I

II

III I

II

III

IVViale Monterosa

5

7

8

10

11

12

15

16

1718

20

22

23

24

25

262728

29

3031

32

139641 3

2

31

25

23

201613

12

109

8

76

2728

29

30

32

5

43

2

1

26

24

2217

15

1811

4

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 6

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 7

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 8

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 9

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 10

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 11

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 12

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 13

Deadlock on basic sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 14

Solution:No more than n-1 itineraries booked in any ring of lentgh n.

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 15

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 16

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 17

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 18

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 19

Deadlock on composite sections I

Tolosa, 10 October 2017Deadlock Free Dispatching … 20

Solution:No more than 3 itineraries bookedinside this section of size 5.

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 21

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 22

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 23

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 24

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 25

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 26

Deadlock on composite sections II

Tolosa, 10 October 2017Deadlock Free Dispatching … 27

Solution:No more than 5 itineraries booked inside this section of size 8

Tolosa, 10 October 2017Deadlock Free Dispatching … 28

[1 ,3, 4, 6, 7, 9, 10, 13, 15, 20 ,23, . . . ]

Extended missions

[(A++;AC++) 1, ([C<4];A--;C++) 3, 4, ([D<4];C--;AC--;D++) 6, 7, (D--) 9, . . .]

1 3

2

4

5

6 7

8

9 10

11

13

15

16

1718

20

22

23

24

25

12 262728

29

3031

32

A

B

C D

Discovering basic critical sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 29

yellow

blue >>

yellow >>

blue

red >>

green >>

green

red

Vicolo Corto

Via AccademiaBCA01

I

II

Piazza Università

I

II

BCA02Via Verdi

I

II

BCA03Piazza Dante

I

II

III

BCA05BCA04

I

II

I I

II

Vicolo Stretto

Via Marco PoloVia Roma

Viale dei Giardini

Parco della Vittoria

I

II

III I

II

III

IVViale Monterosa

5

7

8

10

11

12

15

16

1718

20

22

23

24

25

262728

29

3031

32

139641 3

2

31

25

23

201613

12

109

8

76

2728

29

30

32

5

43

2

1

26

24

2217

15

1811

Basic critical sections (rings, bidirectional segments) can be discovered by an analysis of the possible missions.

Discovering composite critical sections

Tolosa, 10 October 2017Deadlock Free Dispatching … 30

We build a formal model of the system and use model checking techniquesto find all situations of deadlock in the composite sections.

B

1 3

2

4

5

6 7

8

9 10

11

13

15

16

1718

20

22

23

24

25

12 262728

29

3031

32

AC (max 3)A C D

The role of model checking

Tolosa, 10 October 2017Deadlock Free Dispatching … 31

Initial model(handling basic deadlocks)

Model Checking

New sections, counters,and updated missions

No more deadlocks or false positives

Newdeadlocks or

false positives

Validated ATS Data

Train Missions

The role of model checking

Tolosa, 10 October 2017Deadlock Free Dispatching … 32

In the TRACE-IT case study ATS data validation is done statically at configuration / reconfiguration time.

We have also experimented a dynamic automaticapproach using a custom ad hoc model checker.

System Decomposition

Tolosa, 10 October 2017Deadlock Free Dispatching … 33

Via AccademiaBCA01I

II

Piazza UniversitàI

II

BCA02Via Verdi

I

II

3

2 5

1

BCA0374 6 9

BCA03 Piazza DanteI

II

IIIBCA05

Via Marco PoloVia Roma

Viale dei Giardini

Parco della Vittoria

I

II

III I

II

III

IV

10

11

12

15

16

1718

20

22

23

24

25

2627

9

Vicolo Corto BCA05

BCA04

I

II

I I

II

Vicolo Stretto Viale Monterosa

2728

29

3031

32

8

13

References

Tolosa, 10 October 2017Deadlock Free Dispatching … 34

More details on the approach to deadlock avoidance:

Examples and comparisons of formal modelling and verification approaches using SPIN / SMV / UMC / MCRL2Mazzanti, F., Ferrari, A., Spagnolo, G.O. Experiments in Formal Modelling of a Deadlock Avoidance Algorithm for a CBTC SystemT. Margaria and B. Steffen (Eds) ISoLA 2016, Part II Lecture Notes in Computer Science - Volume 9953, 2016

Mazzanti, F., Spagnolo, G.O., Della Longa, S., Ferrari, A.Deadlock avoidance in train scheduling: A model checking approach9th International Conference on Formal Methods for Industrial Critical Systems, FMICS 2014;Lecture Notes in Computer Science - Volume 8718, 2014

Senior Researcher

Franco Mazzanti

THANK YOU!

ISTI CNR Via Moruzzi 1, Pisa , Italy

http://fmt.isti.cnr.it/~mazzanti

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No 777561

Call identifier: H2020-S2RJU-2017Topic: S2R-OC-IP2-01-2017 – Operational conditions of the signalling and automation systems; signalling system hazard analysis and GNSS SIS characterization along with

Formal Method application in railway field

CONTACTS