Distributing the challenge of model checking interlocking control tables

Railway interlocking systems represent a challenge for model checkers: although encoding interlocking rules as finite state machines can be quite straightforward, and safety properties to be proved are easily expressible, the inherent complexity related to the high number of variables involved makes the verification of such systems typically incur state space explosion problems. Domain-specific techniques have been adopted to advance the size of interlocking systems that can be successfully proved, but still not reaching the size needed for large deployment cases. We propose a novel approach in which we exploit a distributed modelling of an interlocking system and a careful selection of verification scenarios, so that parallel verifications conducted on multiple processors can address systems of a large size. Some experiments in this direction are presented and new directions of research according to this proposal are discussed.