From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_40,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,732030daa45ab98a X-Google-Attributes: gid103376,public X-Google-Thread: 115aec,732030daa45ab98a X-Google-Attributes: gid115aec,public X-Google-ArrivalTime: 2001-04-27 08:21:02 PST Path: newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!colt.net!dispose.news.demon.net!news.demon.co.uk!demon!mail2news.demon.co.uk!not-for-mail From: peb@amleth.demon.co.uk ("Paul E. Bennett") Newsgroups: comp.lang.ada,comp.realtime Subject: Re: European train deaths Date: Fri, 27 Apr 01 14:42:18 GMT Organization: HIDECS Consultancy Message-ID: <988382538snz@amleth.demon.co.uk> References: Reply-To: peb@amleth.demon.co.uk X-Trace: mail2news.demon.co.uk 988384841 mail2news:20623 mail2news mail2news.demon.co.uk X-Complaints-To: abuse@demon.net X-Mail2News-Path: news.demon.net!amleth.demon.co.uk X-Newsreader: Demon Internet Simple News v1.30 Xref: newsfeed.google.com comp.lang.ada:6978 comp.realtime:2426 Date: 2001-04-27T14:42:18+00:00 List-Id: In article Colin_Paul_Gloster@ACM.org "Colin Paul Gloster" writes: > Something which occured to me only yesterday (unless I cleanly > forgot before) is that Ada and formal methods are used for > European train systems and so these may be involved in some > of the spate of fatal crashes over the last circa two years > in the U.K.; Norway; and elsewhere in the E.U.. At least one > in the U.K. had to do with a light signalling error if > memory serves correctly but I do not recall if this had > anything to do with software. It may be worthwhile to investigate this -- > would any of ye happen to remember if computers were involved in these > locomotive incidents? Despite the existence of SSI and MBP systems (where Ada and Formal Methods were used in the specification) the penetration of such in the UK is not that great at present (long time getting round to the investment that should have been committed over the past 30 or 40 years). I believe that the two Paddington Crashes happened on sections that have SSI implemented. In the case of the Great Western Driver who (with AWS turned off) was packing his bag on the run in to Paddington and collided with the goods train. In the case of the Thames Trains driver, he didn't see a red signal on his early morning exit from Paddington and thus passed it leading to the crash at Ladbroke Grove. The view of the signal was considered to be very poor and thus the layout was brought into question. I believe we are still awaiting the final report from the Paddington (Ladbroke Grove) incident. In both cases, if a philosophy of "Permit to Move" was built into the signalling and control system both situations could probably have been avoided. I have made such comments before, with HMRI and DETR personnel but little notice seems to have been taken. -- ******************************************************************** Paul E. Bennett .................... Forth based HIDECS Consultancy ..... Mob: +44 (0)7811-639972 .........NOW AVAILABLE:- HIDECS COURSE...... Tel: +44 (0)1235-814586 .... see http://www.feabhas.com for details. Going Forth Safely ..... EBA. www.electric-boat-association.org.uk.. ********************************************************************