Skip to Main Content

 

Case Study

Rail-Mil Ensures Functional Safety of Railway Systems


"Using Ansys’ model-based software solutions, we were able to successfully develop the embedded software necessary to control a CBTC class automatic train control system according to EN 50128 SIL 4 and verify its safe operation to meet the EN 50129 railway safety standard."

— Wawrzyniec Wychowanski, BEng, PhD, Software Sales Director / Rail-Mil


Introduction

Rail-Mil is developing a new communication-based train control (CBTC) system, based mostly on Rail-Mil’s own hardware components, which are fully compliant with European Train Control System (ETCS), as well as unique bidirectional wireless data transmission. This CBTC implementation with moving-block principle functionality ensures energy-efficient automatic train control, with headway optimization on the GoA3 level with full readiness to GoA4 level autonomous operation.

Challenges

To complete this project, Rail-Mil had to:

  • Develop embedded control software for a CBTC-class automatic train control system
  • Validate the system’s safety under all operating conditions

The only way to achieve this on time and on budget was to use model-based engineering techniques to analyze the safety of the system, capture the software’s behavior and automatically generate the code.

The EN 50128 railway software safety standard recommends the use of model-based software development and verification tools for the needs of safety-related systems development, especially to reach the highest Safety Integrity Levels (SIL), up to SIL 4.

Engineering Solution

Rail-Mil used Ansys SCADE on the stationary (wayside) components to generate 60% of the embedded code for the ATO (Automatic Train Operation) computer and 80% of the embedded code for the MAC (interface connection to the existing SIL 4 interlocking system).

For components onboard the train, they used SCADE to generate 90% of the embedded code for ATO and ATP (Automatic Train Protection) functions, including:

  • Complete rmVC vital computer for ATO+ATP functions execution
  • Intelligent odometry sub-system based on a sensor fusion approach with Inertial Measurement Units support
  • WiFi-based odometry
  • Balise Transmission Module
  • I/O train control signals interface

In addition, Rail-Mil used Ansys medini analyze for Safety Case documentation and analysis according to railway safety standard EN 50129. In this case, the FMEA worksheet was adopted according to the railway standards requirements.

Benefits

  • Easily readable SCADE models for better comprehension by railway engineers without computer science skills
  • Automatic code generation based on the system model
  • Generation of the EN 50128 SIL 4 qualified/certified code
  • Time savings for system specification and verification
  • Quick analysis of the causes/effects of potential failures
  • Migration of existing functionalities to Ansys SCADE after less than one-half year of use
  • Easy exchange of information between project teams
  • Attachment of the test documentation generated by SCADE to the System Safety Case
  • Ansys support throughout the system certification process