[gvr]

My understanding is that one of the reasons that relays are still used for many these systems is that the latency for going into a safe state is very low, and that they are easier to verify than so called solid-state interlocking systems.

A relay-based system like this might look simplistic and archaic to a casual observer but it's quite complex and there's no room for error. Formal proof (static analysis) is often used to verify both the formal specification that dictates what constitutes a safe system state, and the actual system's compliance with this specification.

There's a Swedish company called Prover specialized in this. I used to work there and moved to SF when we set up our US subsidiary.