Book contents
- Frontmatter
- Contents
- Prologue: Faultless systems – yes we can!
- Acknowledgments
- 1 Introduction
- 2 Controlling cars on a bridge
- 3 A mechanical press controller
- 4 A simple file transfer protocol
- 5 The Event-B modeling notation and proof obligation rules
- 6 Bounded re-transmission protocol
- 7 Development of a concurrent program
- 8 Development of electronic circuits
- 9 Mathematical language
- 10 Leader election on a ring-shaped network
- 11 Synchronizing a tree-shaped network
- 12 Routing algorithm for a mobile agent
- 13 Leader election on a connected graph network
- 14 Mathematical models for proof obligations
- 15 Development of sequential programs
- 16 A location access controller
- 17 Train system
- 18 Problems
- Index
17 - Train system
Published online by Cambridge University Press: 05 March 2013
- Frontmatter
- Contents
- Prologue: Faultless systems – yes we can!
- Acknowledgments
- 1 Introduction
- 2 Controlling cars on a bridge
- 3 A mechanical press controller
- 4 A simple file transfer protocol
- 5 The Event-B modeling notation and proof obligation rules
- 6 Bounded re-transmission protocol
- 7 Development of a concurrent program
- 8 Development of electronic circuits
- 9 Mathematical language
- 10 Leader election on a ring-shaped network
- 11 Synchronizing a tree-shaped network
- 12 Routing algorithm for a mobile agent
- 13 Leader election on a connected graph network
- 14 Mathematical models for proof obligations
- 15 Development of sequential programs
- 16 A location access controller
- 17 Train system
- 18 Problems
- Index
Summary
Informal introduction
The purpose of this chapter is to show the specification and construction of a complete computerized system. The example we are interested in is called a train system. By this, we mean a system that is practically managed by a train agent, whose role is to control the various trains crossing part of a certain track network situated under his supervision. The computerized system we want to construct is supposed to help the train agent in doing this task.
Before entering in the informal description of this system (followed by its formal construction), it might be useful to explain the reason why we think it is important to present such a case study in great detail. There are at least four reasons which are the following:
(i) This example presents an interesting case of quite complex data structures (the track network), whose mathematical properties have to be defined with great care: we want to show that this is possible.
(ii) This example also shows a very interesting case where the reliability of the final product is absolutely fundamental: several trains have to be able to cross the network safely under the complete automatic guidance of the software product we want to construct. For this reason, it will be important to study the bad incidents that could happen and which we want either to avoid completely or manage safely. In this chapter, however, we are more concerned by fault prevention than fault tolerance. We shall come back to this in the conclusion.
[…]
- Type
- Chapter
- Information
- Modeling in Event-BSystem and Software Engineering, pp. 508 - 549Publisher: Cambridge University PressPrint publication year: 2010