We are delighted that Vector Software has integrated its industry-leading VectorCAST suite with AdaCore’s GNAT Pro Safety Critical product for...Read More »
Keep Your Railway Embedded Software on Track with CENELEC Standards
TÜV SÜD Certified Tool for EN 50128 Safety Related Development
Meeting rigorous standards for the railway industry requires both predictable and repeatable software operation. Railway industry requirements are defined by CENELEC, the European Committee for Electrotechnical Standardization. The three standards produced by CENELEC, EN 50126, EN 50128, and EN 50129 represent the backbone of the process of demonstrating safety of a railway system.
EN 50128 outlines the maximum probabilities of dangerous failure and the associated reductions in overall risk. It provides five different Software Integrity Levels (SIL) covering various embedded railway systems, ranging from SIL 0 for systems like management information that don't impact safety to SIL 5 for systems like those that control switching and signaling.
EN 50126 ensures that the embedded software is suitable for use in safety-critical settings. EN 50129 provides guidelines similar to EN 50128, but for the electronics systems used for signaling.
The standards EN 50128 Software for railway control and protection systems and EN 50129 Safety related electronic systems for signaling represent the railway application-specific interpretation of the international standard series - IEC 61508 (Functional safety of electrical/ electronic/programmable electronic safety-related systems).
The EN 50128 standard describes software safety integrity levels and identifies requirements for personnel and their responsibilities, lifecycle issues, and documentation. It gives detailed descriptions of objectives, input documents, output documents and requirements for software requirements specification, architecture, design and implementation, verification and testing as well as software/hardware integration, software validation, quality assurance, and maintenance.
EN51028 takes into account the five software integrity levels (SIL) that range from the very critical (SIL-4), such as safety signaling to the non-critical, such as management information systems (SIL-0).
|Safety Integrity Level||PROBABILITY OF DANGEROUS FAILURE||RISK REDUCTION FACTOR|
|SIL 4||>=10-5 to 10-4||100,000 to 10,000|
|SIL 3||>=10-4 to 10-3||10,000 to 1,000|
|SIL 2||>=10-3 to 10-2||1,000 to 100|
|SIL 1||>=10-2 to 10-1||100 to 10|
Definition of EN 50128 Safety Integrity Levels
Other standards based on IEC 61508 may implement either of two definitions of Safety Integrity Levels. The Demand Mode definition of IEC 61508 is reserved for systems which frequency of operation is intermittent (such as systems covered under EN 51028), while the Continuous Mode covers systems that are used in a sustained manner over a period of time. The following table provides the difference between the two definitions, and what a failure of the system may mean at different SIL levels.
|SAFETY INTEGRITY LEVEL||DEMAND MODE
("LOW DEMAND MODE")
("HIGH DEMAND MODE")
|CONSEQUENCE OF A FAILURE|
|Level||AVAILABILITY||Probability of a failure on demand||Probability of a dangerous failure per hour|
|SIL 4||>99.99%||>=10-5 to 10-4||>=10-9 to 10-8||Potential for fatalities in the community|
|SIL 3||99.9%||>=10-4 to 10-3||>=10-8 to 10-7||Potential for multiple fatalities|
|SIL 2||99%-99.9%||>=10-3 to 10-2||>=10-7 to 10-6||Potential for major injuries or one fatality|
|SIL 1||90-99%||>=10-2 to 10-1||>=10-6 to 10-5||Potential for minor injuries|
|SIL 0||No Requirement||N/A|
Ensuring Complete Embedded Software Testing
To ensure predictable software operation, organizations need to know they tested 100% of the application code. VectorCAST/Cover does this easily by collecting coverage information during system test activities. The tool allows you to determine adequacy of your system testing. If parts of the code are not covered, then perhaps more testing is required for those areas of the application.
Why System Testing Isn't Enough for 100% Reliability
System testing does not ensure 100% coverage because many functions have error-handling code, which can be difficult or impossible to stimulate using a fully integrated application. The solution is to perform unit and integration testing on those functions using VectorCAST/C++ or VectorCAST/Ada. Because VectorCAST/Cover shares coverage information with VectorCAST for C/C++ and VectorCAST for Ada, you can easily produce coverage reports showing the combined coverage from all of your test activities.
Compliance with Highest Railway Standards
Our tools have been successfully used by numerous clients that need to comply with rigorous industrial standards, including those used in the Railway industry.
See the Benefits of VectorCAST for Your Railway Application
If you would like to see how VectorCAST embedded testing tools improve performance in your exact testing environment, register today for a 30-day, fully-functional trial.
You may also arrange a demo for your railway project.