TRAIN STATION SYSTEM

Case Study

Geoff Dromey
Software Quality Institute
GRIFFITH UNIVERSITY

© R.G.Dromey, Griffith University, 2003

 Purpose of this Case Study

•The Train Station case study is used as the

first translation exercise to introduce people
to the process of translating functional
requirements into Behavior Trees.

•The exercise is also used to illustrate

requirements integration
 TRAIN-STATION PROBLEM (Sherwood Station)

Develop a system to model the behavior of a Train-Station. You need to model a train entering the station from the north and
then leaving the station to the south. A crossing with boom gates and flashing red lights is located just south of the station.
There is a signal to the north of the station that only allows a train to enter when the station is not occupied, that is, when the
north signal is green. There is also an exit signal light that ensures the train can only leave the station when the boom gates
are down. There is also a north detector that can detect the train approaching the station region from the north. And, there is
an exit detector that detects when a train leaves to the south.

1. Initially the station is not occupied. The north signal turns green whenever the station is not occupied. Whenever the north
signal is green a train may approach from the north. When approaching from the north a train is detected, by the north
detector, which causes the north signal to turn red.

2. When the north detector detects a train it causes the crossing lights to start flashing red. At the same time, a timer starts
timing and when it times out it causes the boom gates to be lowered after which the exit light turns green.

3. After the train is detected the north detector, it subsequently arrives at the station, the doors open, the people disembark,
and then the doors close.

4. After the doors close the train may leave the station only when and if the exit light is green. When the train leaves the
station, heading south, it is detected by the exit detector which means the station is again not occupied. This causes the north
signal to turn green and the exit light to turn red. When the exit detector detects the train leaving, it also causes the boom
gates to be raised and then the crossing lights to stop flashing red.

For the purposes of the exercise ignore trains approaching the station from the south. This additional requirement can be
integrated later as a separate exercise. Also ignore situations where the train does not stop at the station - this too requires
some refinements to the design.
Translation to Behavior Trees
Translation Process (Abridged)

1. Look for Components - Nouns

2. Look for States – Verbs or Actions done to

components or Events or Conditions
3. Look for indicators of flow or relative time –
conjunctions, disjunctions, then, before, after
4. Account for every word and don’t leave out
out any words in your translation. Also do not
introduce any new words.
Behavior Tree Notation
Component-State Label Semantics
Indicates that the component
tag
COMPONENT Internal State has realized the particular
[ State ] internal state and then passes
control to its output.
Indicates that the component
tag
COMPONENT Attribute - State w ill assign a value to one of
[Attribute := Value] its attributes.

Indicates that the component

COMPONENT IF - State will only pass control if If-state
tag ? IF-State ? is T RUE

Indicates that the component

COMPONENT WHEN - State will only pass control when AND
tag ?? WHEN-State ??
if the event WHEN-state happens
after reaching this component-state.

Indicates that the component

COMPONENT WHEN - State will only pass control when the
tag ??? WHEN-State ???
event WHEN-state happens OR
has happened prior to reaching
this component-state.
Indicates that when the
tag COMPONENT Data-out State component has realized the
< Dataflow-State >
state it will pass the data to
the component that receives
the flow.
Indicates that when the
tag COMPONENT Data-in State component has realized the
> Dataflow-State <
state it will have received the
data from the component that
sends the flow.

System-Name System - State T he system component,

tag [ State ] System-Name realizes the
state "State" and then passes
control to its output.
Translation to Behavior Trees
First, Second and Third Sentences
Translation to Behavior Trees
First, Second and Third Sentence
REQUIREMENT-R1
Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
north signal is green a train may approach
from the north. When approaching from the
north, a train is detected by the north detector,
which causes the north signal to turn red.

TRAIN STATION NORTH SIGNAL

[ ??? ] [ ??? ] [ ??? ]
Translation to Behavior Trees
First, Second and Third Sentence
REQUIREMENT-R1
Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
north signal is green a train may
approach from the north. When
approaching from the north, a train is
detected by the north detector, which
causes the north signal to turn red.

TRAIN
??Approaching/?? STATION NORTH SIGNAL
R1 [ Not( Occupied) ]
R1 [ Green ]
where
[from] North
Translation to Behavior Trees
Fourth Sentence

REQUIREMENT-R1
Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
north signal is green a train may
approach from the north. When
approaching from the north, a train is
detected by the north detector, which
causes the north signal to turn red.
Translation to Behavior Trees
Fourth Sentence
REQUIREMENT-R1
Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
north signal is green a train may
approach from the north. When
approaching from the north, a train is detected
by the north detector, which causes the north
signal to turn red.

TRAIN NORT H DET ECT OR NORTH SIGNAL

[ ??? ] [ ??? ] [ ??? ]
Translation to Behavior Trees
Fourth Sentence
REQUIREMENT-R1
Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
north signal is green a train may
approach from the north. When
approaching from the north, a train is detected
TRAIN by the north detector, which causes the north
?? Detected ??
signal to turn red.

NORTH DETECTOR NORTH SIGNAL

?? Train[Detected]?? [ Red ]
 Translation to Behavior Trees
STATION
[NOT:Occupied ]

TRAIN
?? Detected ??

NORTH SIGNAL
[ Green ]

NORTH DETECTOR
?? Train[Detected]??

How to arrange component-states

NORTH SIGNAL
to specify behavior? [ Red ]
R1 – Translated Behavior Tree
STATION
1 [ NOT ( Occupied ) ]

REQUIREMENT-R1
NORTH-SIGNAL
1 [ Green ] Initially the station is not occupied. The
north signal turns green whenever the
station is not occupied. Whenever the
1
TRAIN#
??Approaching/??
north signal is green a train may
where
approach from the north. When
North
[from]
approaching from the north, a train is
detected by the north detector, which
1
NORTH-DETECTOR
?? Train[Detected ]??
causes the north signal to turn red.

NORTH-SIGNAL
1 [ Red ]
 R2 – Translated Behavior Tree
NORTH-DETECTOR
2 ?? Train[Detected ] ??

TIMER CROSSING-LIGHTS
2 [ [Starts]Timing ] 2 [Flashing-Red ]

TIMER
2 ?? Times-out ?? REQUIREMENT-R2
When the north detector detects a train it
BOOM-GATES
causes the crossing lights to start
2 [Lowered ]
flashing red. At the same time a timer
starts timing and when it times out, it
causes the boom gates to be lowered,
2
EXIT-LIGHT
[Green] after which the exit light turns green.
R3 – Translated Behavior Tree
REQUIREM ENT-R3
After the train is detected by the north detector, it
subsequently arrives at the station, the doors open, the
people disembark, and then the doors close.

NORTH DETECTOR
3 ??Train[Detected]??]

TRAIN
3 ?? Arrived / ??

where
STATION
[ at ]

DOORS 3 STATION
3 [ Open ]
+ [ Occupied ]
Implied (+)
PEOPLE
3 [ Disembark ]

DOORS
3 ?? Close ??
 R4 – Translated Behavior Tree
REQUIREM ENT-R4 DOORS
4 ?? Closed ??
After the doors close the train may leave the station
provided the exit light is green. When the train leaves the
station, heading south, it is detected by the exit detector,
w hich means the station is again not occupied. This
causes the north signal to turn green and the exit light to EXIT_LIGHT
turn red. When the exit detector detects the train , it also 4 ?? Green ??
causes the boom gates to be raised and then the
crossing lights to stop flashing red.

TRAIN
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

X-ING LIGHTS
BOOM-GATES
4 [NOT:Flashing-Red]
?? Raised ?? 4 STATION
[ NOT ( Occupied ) ]

CROSSING_LIGHTS
BOOM-GATES NORTH- SIGNAL EXIT_LIGHT
4 [NOT(Flashing-Red
[ Raised ] )] 4 [Green] 4 [Red]]
 Integrating the
Requirements Behavior Trees
Integration – Base Case
STATION
1 [ NOT( Occupied ) ]

NORTH-SIGNAL
1 [ Green ]

TRAIN#
1 ?? Approaching / ??

where
[ from ] North

NORTH-DETECTOR
1 ?? Train[Detected ]??

NORTH-SIGNAL
1 [ Red ]
Integration of R2 with R1
STATION
1 [ NOT ( Occupied )]

NORTH-SIGNAL
1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

Point of 1 NORTH-DETECTOR
Integration @@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 1 [ Red ]

TIMER
2 ?? Times-out ??

BOOM-GATES
2 [Lowered ]

EXIT-LIGHT
2 [Green]
Integration of R3 into IBT
STATION
1 [ NOT( Occupied ) ]

NORTH-SIGNAL
1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

Point of 1 NORTH-DETECTOR
Integration @@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

EXIT-LIGHT DOORS
2 [Green] 3 ?? Close ??
Integration of R4 into IBT
STATION
1 [ NOT( Occupied ) ]

NORTH-SIGNAL
1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

EXIT-LIGHT 3 DOORS
Point of
2 [Green]
@@ ?? Close ?? Integration

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

X-ING LIGHTS
BOOM-GATES
4 [NOT:Flashing-Red]
?? Raised ?? 4 STATION
[ NOT ( Occupied ) ]

CROSSING_LIGHTS
BOOM-GATES NORTH- SIGNAL EXIT_LIGHT
4 [NOT (Flashing-Red
[ Raised ] )] 4 [Green] 4 [Red]]
Now inspect IBT
for Defects
and Refine
Integrated Behavior Tree - IBT
STATION
1 [ NOT( Occupied ) ]

NORTH-SIGNAL
1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

2
EXIT-LIGHT 3 DOORS
[Green] ?? Close ??
@@

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

X-ING LIGHTS
BOOM-GATES
4 [NOT:Flashing-Red]
?? Raised ?? 4
STATION
[ NOT ( Occupied ) ]

CROSSING_LIGHTS
BOOM-GATES NORTH- SIGNAL EXIT_LIGHT
4 [NOT (Flashing-Red
[ Raised ] )] 4 [Green] 4 [Red]]
There is something important
Missing from these requirements
– what is it?
The exit detector should
initially be red.
Fully Integrated IBT – With Correction
Originally Missing
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

2
EXIT-LIGHT 3 DOORS
[Green] @@ ?? Close ??

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

X-ING LIGHTS
BOOM-GATES
4 [NOT:Flashing-Red]
?? Raised ?? 4
STATION
[ NOT ( Occupied ) ]

CROSSING_LIGHTS
BOOM-GATES NORTH- SIGNAL EXIT_LIGHT
4 [NOT (Flashing-Red
[ Raised ] )] 4 [Green] 4 [Red]]
Fully Integrated IBT – With Redundancy
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

2 EXIT-LIGHT 3 DOORS
[Green] @@ ?? Close ??

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

X-ING LIGHTS
4 BOOM-GATES
[NOT:Flashing-Red]
?? Raised ?? 4 STATION
[ NOT ( Occupied ) ]
No longer needed
with reversion (^)

CROSSING_LIGHTS
BOOM-GATES NORTH- SIGNAL EXIT_LIGHT
4 [NOT (Flashing-Red
[ Raised ] )] 4 [Green] 4 [Red]]
Refined Fully Integrated IBT → DBT
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

2
EXIT-LIGHT 3 DOORS
[Green] ?? Close ??
@@

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

4
X-ING LIGHTS
BOOM-GATES STATION ^ Reverts (^) back
[NOT:Flashing-Red]
?? Raised ?? 4 [ NOT ( Occupied ) ]
to initial state

CROSSING_LIGHTS
BOOM-GATES
4 [NOT (Flashing-Red
[ Raised ] )]
 Now derive
Component Interaction Network
( CIN )
Refined Fully Integrated IBT → DBT
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ]

TRAIN#
1 ??Approaching / ??

where
[ from ] North

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

2 [Flashing-Red ] 2 [ [Starts]Timing ] 3 ?? Arrived / ?? 1 [ Red ]

where
[ at ] STATION

TIMER DOORS 3 STATION

2 ?? Times-out ?? 3 [ Open ] [ Occupied ]
+

BOOM-GATES PEOPLE
2 [Lowered ] 3 [ Disembark ]

2
EXIT-LIGHT 3 DOORS
[Green] ?? Close ??
@@

EXIT_LIGHT
4 ?? Green ??

TRAIN#
4 ??[ Leaves] Station ??

EXIT-DETECTOR
4 ??Train[ Detected ] ??

4
X-ING LIGHTS
BOOM-GATES STATION ^ Reverts (^) back
[NOT:Flashing-Red]
?? Raised ?? 4 [ NOT ( Occupied ) ]
to initial state

CROSSING_LIGHTS
BOOM-GATES
4 [NOT (Flashing-Red
[ Raised ] )]
 DBT → Architecture (Level 3)

Station
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ] Exit_Light North-Signal

TRAIN#
1
where
[ from ]
??Approaching / ??

North
3rd - Level Train
 DBT → Architecture (step 5)

Station
STATION
1 [ NOT( Occupied ) ]

EXIT_LIGHT NORTH-SIGNAL
- [Red]] 1 [ Green ]
Exit_Light North-Signal

TRAIN#
1 ??Approaching / ??

where
[ from ] North Train

1 NORTH-DETECTOR
@@ ?? Train[Detected ]??

CROSSING-LIGHTS TIMER TRAIN# NORTH-SIGNAL

North-Detector
2 2 3 1

5rd - Level
[Flashing-Red ] [ [Starts]Timing ] ?? Arrived / ?? [ Red ]

where
[ at ] STATION

Crossing-Lights Timer
Complete Component Interaction Network - CIN
Train-Station System

Station

North_Signal

North_Detector

Timer Train

Boom_Gates Doors Exit_Detector

Crossing_Lights

Exit_Light People