The SafeCap Trajectory: Industry-Driven Improvement of an Interlocking Verification Tool

This paper reports on the industrial use of our formal-method based interlocking verification tool, called SafeCap, and on what we needed to change in SafeCap as a result of our experience in applying it to a large number of commercial signalling projects. The substantial efforts dedicated to tool improvement are caused by the novelty of the technology and by a substantial gap to be bridged between the academic prototype, developed initially, and the industry-strength tool SafeCap has become now. It is our belief that when such innovative tools and technologies are developed for industrial use it is often impossible to fully understand and correctly elicit the complete set of requirements for their development. The paper describes the extensions added and the modifications made to the functionality of SafeCap after it was demonstrated to be successful in a number of real signalling projects and, as a result of this, was formally approved for use in the UK railway. We believe this experience will be useful for the developers of formal verification methods, tools and technologies to be deployed in industry.