Example: Railroad Crossing

1
Example Railroad Crossing

• There are 3 processes a train, a controller and
  a gate
• Safety property
• When a train is in the crossing, a gate should be
  down

Satisfy the safety property
Violate the safety property
2
Monitoring Script for Railroad Crossing
MonScr RailRoadCrossing export event startIC,
endIC, startGD, endGD MonVarDcl
float RRC.train_x int
RRC.train_length int RRC.cross_x
int RRC.cross_length MonMethodDcl
Gate.gd() Gate.gu() CondDef
Cond IC RRC.train_x
RRC.train_length gt RRC.cross_x
RRC.train_x lt RRC.cross_x RRC.cross_length
EventDef Event startIC start(IC)
Event endIC end(IC) Event startGD
end_m(Gate.gd()) Event endGD
start_m(Gate.gu()) End
ReqSpec RailRoadCrossing import event
startIC, endIC, startGD, endGD
CondDef Cond IC startIC, endIC Cond GD
startGD, endGD SafePropDef SafeProp
safeRRC IC -gt GD End
3
Demo Scenario
Source Host
Destination Host
RRC
4
Demo Scenario
Proxy
Safety Violation Detection
RRC
RRC (instrum- ented)
Monitoring Script
Desti- nation Host
Host2
Host1
RRC (instrum- ented)
Event Recognizer
Checker
5
Demo Slide
Proxy
Safety Violation Detection
RRC
RRC (instrum- ented)
Monitoring Script
Desti- nation Host
Host2
Host1
RRC (instrum- ented)
Event Recognizer
Checker