Home stretch| On the right track
In a few years, the safety system for switches and signals along European railroads will change so that the same system will be used across the entire network. The system will no longer be controlled via a direct cable, but with packets of information transmitted through a fiber optic network. To ensure the continued safe transportation of train passengers, the software must be flawless down to the smallest detail. Together with ProRail and Deutsche Bahn, TU/e researcher Mark Bouwman conducted an international study on software reliability.
Whenever TU/e computer scientist Mark Bouwman is on the train - which is quite often, he deliberately does not own a car - his attention is almost automatically drawn toward the trackside. After years of research, the various boxes along the railroad tracks hold few secrets for him. As part of a research consortium with the University of Twente and railroad companies ProRail and Deutsche Bahn, Bouwman explored how to safely switch to a new communication system for controlling signals and switches. On Monday, October 23, he will defend his doctoral research at the Department of Mathematics and Computer Science.
Red signal
When you see a signal turn red, it is controlled by a central computer - the interlocking in technical terms - via a direct cable, Bouwman explains. “The interlocking ensures that trains don’t collide. Every European station has its own interlocking that uses the same basic control principle. But nevertheless, they’re all slightly different. And that’s what European railroad companies want to change. In a few years, all field elements within Europe must be controlled using the same protocol.”
That is why they are switching to a different method of communication. No longer via direct cable, but through a fiber optic network. For example, the interlocking will be able to address packets of information to a specific signal: you turn red now. There are several advantages to having such a uniform system throughout Europe, says Bouwman. “It means a sudden expansion of the equipment market. A Dutch signal can then also be used in other countries, and we can use foreign switches. This way, innovations get to the market faster. And by using a fiber optic network, the whole system is less susceptible to cable breaks. Now, if a cable breaks during excavation work, the result is a signal malfunction, which causes all sorts of problems. A fiber optic network is much more flexible so that signals can be rerouted more easily. Separating the interlocking and wiring is also beneficial for durability since the whole system does not need to be replaced every time.”
Stone in the switch
So there are many advantages. But before a new communication standard can be implemented, safety must be guaranteed down to the smallest detail. And that is where Bouwman’s mathematics came into play. “By logically specifying a protocol you check all the possibilities so you know exactly how it works and can lock down the system securely.” For this step-by-step approach, Bouwman had a whole toolkit at his disposal, including the modeling language mCLR2 that was developed at TU/e. “That reprogramming is very important. If you write something down in regular language, this can lead to ambiguities, whereas everything should be as unambiguous as possible. After that, we could start calculating all the possible behaviors of the system. A switch can change position at the right time, but there could also be a stone caught in between, or someone could jam it with a crowbar. It’s important to not make assumptions, but to describe all the states it could potentially be in.”
Supercomputer
In order to efficiently convert specifications to mCLR2 language, Bouwman set up a new system. This was quite a challenge and required a lot of computing power, he explains. “You have to calculate millions, or rather billions of states; all the paths the system could ever take. Within our research group, we use the Mastodont, a supercomputer capable of performing all those complex calculations. But because the state space - all the possibilities and paths in between - had grown so large, even the Mastodont couldn’t handle it.”
So the state space had to be reduced. Bouwman takes a sheet of paper and covers it with small dots. He then divides the large cloud into four, and crosses out a good number of dots within the smaller clouds. “By fragmenting the model, we were finally able to perform calculations and thus reduce the state space of each component. We then put the minimized parts back together as a whole. This is very important, because ultimately, you want to check requirements that span the entire system; when a switch changes position, many sensors and components are involved.”
This approach turned out to be a success. While initially, the supercomputer would regularly crash and at best take weeks to complete calculations, Bouwman’s fragmentation has now reduced the calculation time to a few hours. ProRail and DB are enthusiastic. “At the moment, the toolkit is still a bit too complex for them, but hopefully, we can make it applicable in a follow-up project so they can use it to make a smooth transition to the new communication standard. It’s great that we have now taken the first, big steps towards this goal.”
Puzzles
Even though his doctoral research is complete, Bouwman remains an avid problem-solver who enjoys puzzling out challenges. Not only at his job at Rijkswaterstaat, where he currently researches the software reliability of water barrier and lock control, but also for his one-man business Brickonomics. A hobby project that got out of hand, Bouwman laughingly confesses. He currently spends one day a week on it. “I wanted to build my LEGO Star Wars models to the same scale, and had to order quite a few extra bricks for that. But because of the many online stores, all of which offer different sets, it’s easy to lose track. Due to an algorithm I wrote, ordering bricks is now a lot easier. You can upload your own design, check where you can find the best prices, and directly add the bricks to your shopping cart. It was a bit of a puzzle but it reduces frustration and increases building fun.”
Editorial note
The amount of journalistic freedom at Cursor is very unclear at the moment. In collaboration with the unions, the editorial staff has submitted a proposal letter with suggestions regarding press freedom to the Executive Board, and a first discussion has taken place. This article was published in anticipation of the outcome of the negotiation process.
Discussion