Experimenting with diversity in the formal development of railway signalling systems

In this paper we discuss how we have introduced elements of diversity in the experimental model driven development process of a railway signalling system. The experience has been done inside a larger industrial project undertaken to evaluate the feasibility of employing formal modelling and automatic code generation in the development of a new generation of railway signalling systems hosted by an innovative fault-tolerant platform. Diversity has been introduced where an analysis of the safety measures employed against design faults has revealed possible weakness of the development process.