This paper proposes a new method of combining SAT with discrete event simulation. This new integration proved useful for designing a solver for capacity analysis in early phase railway construction design. Railway capacity is complex to define and analyze, and existing tools and methods used in practice require comprehensive models of the railway network and its timetables. Design engineers working within the limited scope of construction projects report that only ad-hoc, experience-based methods of capacity analysis are available to them. Designs often have subtle capacity pitfalls which are discovered too late, only when network-wide timetables are made—there is a mismatch between the scope of construction projects and the scope of capacity analysis, as currently practiced. We suggest a language for capacity specifications suited for construction projects, expressing properties such as running time, train frequency, overtaking and crossing. Such specifications can be used as contracts in the interface between construction projects and network-wide capacity analysis. We show how these properties can be verified fully automatically by building a special-purpose solver which splits the problem into two: an abstracted SAT-based dispatch planning, and a continuous-domain dynamics with timing constraints evaluated using discrete event simulation. The two components communicate in a CEGAR loop (counterexample-guided abstraction refinement). This architecture is beneficial because it clearly distinguishes the combinatorial choices on the one hand from continuous calculations on the other, so that the simulation can be extended by relevant details as needed. We describe how loops in the infrastructure can be handled to eliminate repeating dispatch plans, and use case studies based on data from existing infrastructure and ongoing construction projects to show that our method is fast enough at relevant scales to provide agile verification in a design setting. Similar SAT modulo discrete event simulation combinations could also be useful elsewhere where one or both of these methods are already applicable such as in bioinformatics or hardware/software verification.

本文提出了一种将SAT与离散事件仿真相结合的新方法。事实证明，这种新的集成方法对于设计用于早期铁路建设设计中的能力分析的求解器很有用。定义和分析铁路能力很复杂，实践中使用的现有工具和方法需要铁路网络及其时间表的综合模型。在有限的建筑项目范围内工作的设计工程师报告说，他们只能使用基于经验的临时容量分析方法。设计通常会有细微的能力陷阱，只有在制定全网时间表时才发现为时已晚—按照目前的实践，建设项目的范围与能力分析的范围之间是不匹配的。我们建议一种适用于建筑项目的容量规格语言，用于表达诸如运行时间，列车频率，超车和穿越等属性。这样的规范可以用作建设项目和网络范围容量分析之间的接口中的合同。我们展示了如何通过构建一个特殊用途的求解器来完全自动地验证这些属性，该求解器将问题分为两部分：基于SAT的抽象调度计划，以及使用离散事件模拟评估的具有时序约束的连续域动态。这两个组件在CEGAR循环中进行通信（以反例为指导的抽象改进）。这种架构是有益的，因为它一方面可以明显区分组合选择，另一方面可以将连续选择区别开来，因此可以根据需要通过相关细节扩展仿真。我们描述了如何处理基础架构中的循环以消除重复的调度计划，并基于现有基础架构和正在进行的建设项目中的数据进行了案例研究，以表明我们的方法在相关规模下足够快，可以在设计环境中提供敏捷验证。类似的SAT模量离散事件模拟组合也可以在已经适用这些方法中的一种或两种的其他地方使用，例如在生物信息学或硬件/软件验证中。以及基于来自现有基础设施和正在进行的建设项目的数据的用例研究表明，我们的方法在相关规模下足够快，可以在设计环境中提供敏捷验证。类似的SAT模量离散事件模拟组合也可以在已经适用这些方法中的一种或两种的其他地方使用，例如在生物信息学或硬件/软件验证中。以及基于来自现有基础设施和正在进行的建设项目的数据的用例研究表明，我们的方法在相关规模下足够快，可以在设计环境中提供敏捷验证。类似的SAT模量离散事件模拟组合也可以在已经适用这些方法中的一种或两种的其他地方使用，例如在生物信息学或硬件/软件验证中。