Spray Pattern Pruning and Compositional Graph Repair for Railway Signalling
System
{{entity:Railway Signalling System}} ({{hex:50F77A59}}), QC review of the first-pass-complete decomposition. The project carries 245 requirements across 8 documents (6 STK, 7 SYS, 90 SUB, 45 IFC, 8 ARC, 74 VER, plus hazard and traceability stubs), 13 block diagrams, and 182 trace links at session start. 11 subsystems decomposed to component level with full interface specifications.
Findings
Trace link spray patterns — the primary quality issue. {{sys:SYS-REQS-FUNC-001}} (interlocking logic, 10⁻⁹ wrong-side failure rate) had 21 downstream links, many to requirements with no derivation relationship: timetable import ({{sub:SUB-REQS-FUNC-089}}), remote diagnostics ({{sub:SUB-REQS-FUNC-071}}), conflict detection ({{sub:SUB-REQS-FUNC-086}}), operator session lockout ({{sub:SUB-REQS-FUNC-083}}), emergency access ({{sub:SUB-REQS-FUNC-082}}), audit trail ({{sub:SUB-REQS-FUNC-077}}), operator input acknowledgment ({{sub:SUB-REQS-FUNC-076}}), automatic route setting ({{sub:SUB-REQS-FUNC-084}}), two-stage confirmation ({{sub:SUB-REQS-FUNC-075}}), event logger ({{sub:SUB-REQS-FUNC-069}}), and engineering terminal access ({{sub:SUB-REQS-FUNC-009}}). These requirements contribute to the signalling domain but are not derived from interlocking logic — they exist because of their own stakeholder needs.
{{sys:SYS-REQS-FUNC-003}} (redundant processing, 500ms failover) had 25 links. Four were spurious: condition monitoring aggregation ({{sub:SUB-REQS-FUNC-070}}), lamp status reporting ({{sub:SUB-REQS-FUNC-060}}), alarm display ({{sub:SUB-REQS-FUNC-078}}), junction route indicator ({{sub:SUB-REQS-FUNC-059}}). The remaining 21 are defensible — the requirement genuinely cascades to every vital subsystem’s redundancy implementation.
PART_OF graph nearly empty. Only 2 of ~60 entities had PART_OF relationships established. The compositional hierarchy was not recorded during decomposition sessions.
Entity namespace contamination. 60 duplicate entities existed in both the SE:railway-signalling namespace and the global namespace with identical hex codes.
Orphan ARC entries. All 11 architecture decision records had no trace links. No ARC→SYS linkset exists in the project schema, so these were structurally orphaned rather than negligently unlinked.
Rationale and verification. All 245 requirements have both rationale and verification method set — no gaps. All trace links have rationale. Lint flagged 1 medium finding (operating hour lacks statistical parameters) and 6 low findings (ontological classification ambiguity between abstract systems and physical components, acknowledged in session 311).
Corrections
Deleted 15 spurious trace links: 11 from {{sys:SYS-REQS-FUNC-001}} (21→10 links) and 4 from {{sys:SYS-REQS-FUNC-003}} (25→21 links). Each deleted link connected a system requirement to a subsystem requirement that merely contributes to the same domain rather than being derived from it.
Established 22 PART_OF facts: 11 subsystem→system relationships and 11 component→subsystem relationships (5 for {{entity:Computer-Based Interlocking}}, 4 for {{entity:Train Detection Subsystem}}, 4 for {{entity:ETCS Radio Block Centre}}, plus 2 pre-existing for {{entity:Traffic Management System}}).
Removed 60 duplicate entities from the global namespace that mirrored the SE namespace.
Tagged all 11 ARC entries as informational to distinguish them from traceable requirements.
Created baseline QC-2026-03-19.
flowchart TB
RSS["Railway Signalling System"]
CBI["Computer-Based Interlocking"]
TDS["Train Detection Subsystem"]
RBC["ETCS Radio Block Centre"]
CLO["Colour-Light Signalling Output"]
PCS["Points and Crossing Drive"]
LXP["Level Crossing Protection"]
TMS["Traffic Management System"]
SWS["Signaller Workstation"]
SCN["Signalling Comms Network"]
SPS["Signalling Power Supply"]
SDM["Diagnostic and Monitoring"]
TDS -->|Track occupancy data| CBI
CBI -->|Signal aspect commands| CLO
CBI -->|Point drive commands| PCS
PCS -->|Point detection feedback| CBI
CBI -->|Crossing activation| LXP
CBI -->|Route status for MA| RBC
TMS -->|Automatic route requests| CBI
CBI -->|Interlocking state| SWS
SWS -->|Signaller commands| CBI
SCN -->|Data transport| CBI
Residual
Three spray patterns remain above threshold: {{sys:SYS-REQS-FUNC-005}} (ETCS MA computation, 16 links), {{sys:SYS-REQS-PERF-002}} (signal update timing, 11 links), and {{sys:SYS-REQS-FUNC-003}} (still at 21 after pruning). The FUNC-003 count is justified — it is a genuine cascading safety requirement. FUNC-005 and PERF-002 need review in validation to confirm whether their link counts reflect real derivation.
Remaining PART_OF gaps: 8 subsystems still lack component-level PART_OF facts (Level Crossing Protection, Points and Crossing Drive, Signalling Communication Network, Colour-Light Signalling Output, Signalling Power Supply, Signalling Diagnostic and Monitoring, Signaller Workstation, and remaining TMS components beyond TMS-CBI Interface Gateway and Train Describer).
Operating hour statistical parameter finding (lint medium) not addressed — requires engineering judgement on confidence level and test conditions.
Next
Validation session should assess overall coherence and completeness. Priority checks: verify the residual spray patterns on {{sys:SYS-REQS-FUNC-005}} and {{sys:SYS-REQS-PERF-002}}, complete the remaining PART_OF component facts, and evaluate whether the 64% VER coverage (87/135 SUB+IFC requirements traced to verification) is sufficient or needs supplementation.