Upload
phamtu
View
232
Download
7
Embed Size (px)
Citation preview
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy1
u
15 DÉCEMBRE I 2011
ClearSy
Systems EngineeringProvides turnkey safety critical systems and
software
Fersil: ClearSy’s railway systems
portfolio
q
[email protected] 2017 V2
WWW.FERSIL-RAILWAY.COM
WWW.CLEARSY.COM
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy2
u Summary
1
2
3
ClearSy
Safety integrity level
ClearSy’s railway solutions
4 ClearSy’s services and software
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy3
u Company profile
Small to Medium Enterprise (SME) created in 2001
Independent: 90% of the shares owned by employees
Located in Paris, Aix-en-Provence, Lyon, Strasbourg and Canton (CT, USA)
100 engineers & PhDs
Partnership with five factories to provide industrial equipments
Partnership with RATP (Paris metro) to adapt and distribute RATP systems and
components
Partnership with companies to add new technologies and new systems
1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy4
u ClearSy
Uses the B formal method to develop
safety critical software and to prove
system specifications
Provides the safety cases and the
support for approval or ISA
certification
Supports the software development
toolkit: Atelier B, used by Alstom and
Siemens to develop ATP Safety
critical systems
Safety critical systems design
and production
Defines new specific safety systems,
adapts its systems to specific
requirements
Provides safety critical systems SIL2
to SIL4
Provides safety critical software SIL2
to SIL4
Safety engineering services
1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy5
u ClearSy’s fields of expertise
Safety critical architecture design and development
Electronic fail-safe design
Safety critical electronic hardware design and development
Safety cases using IEC 61508 and EN50126, 128,129 standards
Safety critical software and hardware commissioning
Project
In-depth knowledge of railway standards and rules
Software and system mathematically proved (B method)
Signalling, CBTC, ERTMS, interlocking, rolling stock rules
and standards, transmission by induction loop, sensors
Particular Skills
1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy6
u Formal methods - definition
In software engineering and hardware engineering, formal methods are a
particular set of mathematically based techniques for the specification,
development and verification of software and hardware systems.
The use of formal methods for software and hardware design is motivated by
the expectation that, as in other engineering disciplines, performing
appropriate mathematical analysis can contribute to the reliability and
robustness of a design.
(Source Wikipedia)
B method is based on mathematical proof
1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy7
u Railway clients and partners 1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy8
uDesign and implementation of certified
safety critical systems and software1
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy9
u Safety Integrity Level
SIL 1Probability of failure (PFH) is between 10-5 and 10-6 per hour. A failure is
unlikely to happen before 10 years of continuous operation
All ClearSy certified systems are certified by an independent safety assessor
ClearSy makes safety cases to certify systems
Based on impacts of unwanted events (hazardous events), a Safety Integrity Level is
targeted for a system. It defines a targeted risk reduction. There are four different SIL
based on the European functional safety standards IEC 61508:
SIL 2PFH is 10-6-10-7 per hour. A failure is unlikely to happen before 100 years of
continuous operation
SIL 3PFH is 10-7-10-8 per hour. A failure is unlikely to happen before 1 000 years of
continuous operation. Used for a death hazard of one person
SIL 4PFH is 10-8-10-9 per hour. A failure is unlikely to happen before 10 000 years
of continuous operation. Used for a death hazard of several people
2
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy10
u ClearSy’s railway solutions 3
Passenger flow and safety
Train operation safety
& signallingCost reduction
ClearSy systems are designed for the following applications:
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy11
u ClearSy’s railway solutions
Passenger flow and safety
COPP, DOF1, COPPILOT: Platform screen doors
control system SIL3
DIL: Detection of a person between train and
platform screen doors SIL3
Track intrusion detection system (SIL2 to SIL4)
LP2S & GAPS: Platform detection and gap filler
control system SIL2
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy12
u
Independent system:
Doesn’t depend on train
CBTC – faster response
time and easy integration
Positioning and no
cross-talk:
Communication only
possible when sensor is
above loop antenna
SIL3: Opens platform
screen doors if there are
train doors in front of the
platform doors
SIL4: Enables train doors
to open according to the
platform side
DOF1 & COPP: SIL3/4 Safety critical
screen doors control system
Cubicle Loop
Antenna
Passenger flow and safety
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy13
u
Paris metro line 1 (four years of operation) and in service on line 13
u DOF1 and COPP are independent from the CBTC system
and complete it
DOF1 designed for RATP and Bombardier 3
DOF1-L designed for Bombardier in Kingston (developed but not in service)
u Select doors you want to open
u Automatic re-opening when a door is obstructed
u LAN connectivity
Passenger flow and safety
Quick Calculation for line 1:
25 stations and 400 trains per day
1 second saved per stop, we saved 5,5 hours per day (5H30)
For this calculation, we assume that traffic is the same during all the
day, which is wrong. Saving time is only useful during peak periods.
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy14
u COPP system – Station overview
Châtillon- Montrouge:
End of the line
Automatic Turn Back system
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy15
uCOPPILOT: SIL 3 safety critical screen
doors control system
Positioning: Wheel
sensor detects train at the
right position
Safe PSD opening:
Lasers detect opening of
train doors
Control PSD (SIL3)
No equipment on-board
only on the wayside
Independent of train
systems: easy integration
3
Passenger flow and safety
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy16
u
Used in Paris during PSD test period
In service in Sao Paulo metro
u 4 stations : Tamanduateí, Vila Matilde, Sacomã, Vila
Prudente
u 7 different train types. No equipment on-board
In test in Stockholm
u Additional functions: 2 train lengths and doors selectivity
In test in Sao Paulo Monorail
u SIL4 certification
On-going project on Los Teques Line in Caracas
u Additional functions: 2 train lengths and 2 train types
Easy to install on new and existing stations
Guaicaipuro – Los Teques
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy17
uDIL: SIL 3 platform gap safety monitoring
system
GAP SAFETY MONITORING
In operation in PARIS line 1, deployment in PARIS on Line 4, safety critical system
System to detect a person in the gap zone between platform door and train door
Laser sensors monitoring gaps
3
Passenger flow and safety
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy18
u DIL - Monitoring these spaces
Zone to be
monitoredTrain
17001818,8
Dectection zone
Platform
gate
Bastille station in Paris
Lasers are also used to detect people who try to escape
into the tunnel
System is in revenue service in 3 stations in Parisian network:
Charles de Gaulle Etoile, Nation and Bastille
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy19
uFlexible gap filler between platform and
door edge on Paris metro line 1 and Lyon
« Fuse » Device
Gap filler prevents accidental fall if a person
steps between platform and train
Fixed on the platform
Rubber material - Flexible
Already in Service
Paris metro line 1
Lyon
3
Passenger flow and safety
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy20
u Track intrusion detection system
Safety Track monitoring
Detects falling passenger on track
Passenger flow and safety
3
1
Laser pictures
They are analysed to discern an
object as a rodent or a human
Alarm and Stroboscope
They are activated to warn the
train officer in the case of a
passenger falling
2
3
System is available with or without redundancy
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy21
uLP2S and GAPS: Detects platform and
measures gap between train and platform (SIL2)
Software
Will authorise the car doors to open or the gap filler to move if
platform is present in front of doors
Laser sensors
Record and send
data
1
CPU Box
Analyses laser sensors
pictures
2
3
ALL SYSTEM COMPONENTS ARE MOUNTED ON BOARD
GAPS operating on ALSTOM Train STI PMR
3
Passenger flow and safety
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy22
u ClearSy’s railway solutions
Train operation safety & signalling
KFS: Automatic train stop and over speed control system
(SIL2)
KPVA: Train overspeed control
Axle counter (SIL4): Safety train detection
Flat tyre detection system
DPAS: Safety train detection – Research & Development
DBC: Hot box detector and dragging equipment detector
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy23
uSIL2 KFS - Automatic Train Stop (ATS) (Certifer Certificate)
Apply emergency brake control if the train overruns a restrictive
signal
3
Train operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy24
u SIL2 KFS – Automatic Train Stop (ATS)
Emergency brake controlled !!
French Valenciennes tramway
French Lyon Tram train
3
Baku metro - AzerbaijanTrain operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy25
uKPVA - Train over speed control system
Avoid train over speed, track side independent system
3
installed on all Paris metro lines (Parisian metro authority RATP patent)
Train operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy26
u SIL4 Axle Counter - TÜV certificate
SAFETY TRAIN DETECTION
SIL4 certificate for multi zone counter system
Function similar to a track circuit
3
Train operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy27
uDRF MP - flat tyre detection and steel
wheel detection
Detects steel wheel
presence up to 70 mm
Wheel
steel
Flange
Sensor
Zk24 M
Bracket
Rail
Tyre
3
Train operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy28
uDPAS - hyper frequency barrierIn Research & Development
Alternative to steel wheel sensor: when a train crosses the barrier, it is
detected.
SIL4 system
Hyper frequency technology
Less maintenance than infrared sensor:
better availability
Fit for outdoor and indoor applications
Plug and play system: system is very compact
Train operation safety & signalling
Already in test in Lyon
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy29
uDBC - Hot box detector and dragging
equipment detector
Partnership with Progress Rail (Caterpillar Company)
Dragging equipment detection
Hot box and hot wheel detector:
3
Train operation safety & signalling
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy30
u ClearSy’s railway solutions
Cost reduction
RS4: Vital relays SIL4
SATURN: Safety remote I/O network (SIL0,SIL2 and SIL4)
LCHIP: PLC for SIL4 applications – Research &
Development
3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy31
uRS4 - SIL4 safety critical relays -
Safety vital relays3
Reference Number of SIL 4
contacts guaranteed
to open
Number of NC
contacts
RS4.DIN.202.24V 2 2
RS4.DIN.202.72V 2 2
RS4.3U.202.24V 2*2 (2 relays 202) 2*2
RS4.DIN.304.24V 3 4
RS4.DIN.402.24V 4 2
RS4.DIN.406.24V 4 6
RS4.DIN.202.110V 2 2
RS4 Safety Critical Relays are not based on gravity but they are guaranteed to open.
They fit on-board (EN50155) and wayside application
They are also very compact
High cutting power relay
RS4 relay is also available as a plug version (RS4.3U.202.24V)
Cost reduction
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy32
u SATURN – Mixed SIL2, SIL4 I/O network
Reducing wiring for onboard or wayside application
Safety wiring
reduced
Different safety level
modules on the
same network
Network response
time: 10 to 15 ms,
Data rates: 12
Mbits/s over 100 m
Partnership with:
Leroy Automation
3
Cost reduction
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy33
u SATURN Certificates 3
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy34
u
LCHIP - Safe execution platform for SIL4
applicationIn Research & Development
3
Cost reducing
LCHIP will combine:
A complete development environment in
formal language (B mathematical language)
A safety executing platform to safely execute
programs
Purposes of LCHIP are:
Ease development of SIL4 certified systems
and software
Drastically reduce costs associated with their
development
a
LCHIP: Low-Cost High Integrity Platform
Cost reduction
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy35
u ClearSy’s services and software
ClearSy is expert in safety critical systems and its engineers can offer support for
vital applications and software
Safety Cases
ClearSy engineers provide supporting documentation for accreditation and
assistance to demonstrate the safety of a system
4
ClearSy’s Engineers use B models to prove a set of data is compliant with
safety requirements
For instance: they use B models to ensure signals and automatic train stop are
correctly installed, as it is specified
Software and consulting
Data validation
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy36
uSystem verification -
Safety verification of the CBTC of NYCT4
Software and consulting
Address every design detail in the
early phase
This organisation was used for the NYCT project
We used the method for verifying the CBTC
of the line 7 in New York, for CBTCs for
Paris metro (RATP), for ERTMS for SNCF
Save time
Define sufficient tests which need to
be passed before daily operation
Define tests for acceptance of
subcomponents
Enhance Safety
Ease subcomponents integration
thanks to a model of the system.
Less dependent to one supplier
Less dependent
This study is useful to demonstrate properties are compliant with specifications and which
assumptions need to be verified to ensure safety.
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy37
u ERTMS/ETCS 4
Software and consulting
We have an in-depth knowledge
of ERTMS/ETCS
SUBSET 026, ERA DMI specification
DMI development (SIL0, SIL2)
Track plan editor
EVC development
And in-depth expertise in
Simulation and Testing
Training
Testing (SUBSET 094, SUBSET
110/111/112)
Train behavior simulation
Trackside simulation (IXL, RBC, …)
We propose assistance to develop the following systems:
Development of EVC
Development of RBC
Development of interlocking
Development of BTM
Development of train integrity device
Any specific development of a system based on software/hardware
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy38
u ERTMS/ETCS on-board part
ETCS DMI
EVC
4
Software and consulting
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy39
u ERTMS/ETCS trackside part
RBC
IXL
4
Software and consulting
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy40
u
DAME - High performance railway
operation SCADA data logger, monitoring
system
Real-time supervision of large
complex systems (PLC, digital
I/O devices, …)
Real-time calculation and Alarms
triggering
Collection and archiving of input
data
Archiving of alarms
Extend on demand the range of
supported devices and protocols
Provides Data and Alarms in HMI,
Modbus, OPC
Software and consulting
4
RATP line 1 on 3 stations (DIL): PLC and
laserscan data
Sao Paulo Monorail line 15 (Coppilot): Modbus
IP, Laserscan data, video (13 stations)
Caracas Los Teques line (6 stations) (Coppilot):
PLC, Modbus IP server (export to SCADA)
Honolulu Line (21 stations): I/O board, RS485
(ATC), Modbus RTU (Doors Control Unit)
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy41
u Interlocking development
Design of signalling safety logical software
Use of SIL4 automata compliant with
CENELEC (EN50128, EN50129)
Code generation, validation and
verification
Evaluation and approval from an external
Independent Safety Assessor (ISA)
Supply of interlocking cubicle with all the
necessary equipment to safely command
signalling systems on the track
Galvanic isolation with RS4 Relays
(between automata and trackside
equipment)
Software and consulting
4
Example of realisation:
Tramway of Luxembourg: 7 cubicles, 200 relays, 3
safety critical software modules, DAME based test
bench and simulator.
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy42
u Usage of B method
Development of automatic driving subway systems: ALSTOM
(URBALIS), SIEMENS (TRAINGUARD)
• Teams in safe software design and development, V&V
Systems study using the B-method
• New York City Subway (Flushing line finished in 2015, in
progress for other)
• SNCF: NEXTRégio (ERTMS) (in progress)
• RATP: Octys (CBTC) (in progress)
Validation of safety critical data (configuration)
Software and consulting
4
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy43
u
Panama
Ningbo
TaichungMalaga
Toronto
4
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy44
u Services offered by CLEARSY
As a conclusion, at ClearSy, we are specialised in safety critical (vital)
systems and software and we propose the following related services:
Any specific development of a system based on software/hardware, potentially
based on our existing products
Assistance at any stage of system and software development
(specification, design, implementation, validation, …)
Delivery of certified safety critical turnkey solutions
Technical advice in railway safety
Elaboration of safety cases (up to SIL 4)
Safety critical data validation (B method)
Critical system study (B Method)
Technical advice about ERTMS/ETCS/CBTC matters
Training (B Method, ERTMS/ETCS)
FERSIL I CLEARSY’S RAILWAY PRODUCTS
Confidential and proprietary information – Property of ClearSy45
u Contact
www.fersil-railway.com