Algorithms and hardware description languages in railway interlocking logic design

Proceedings of the 13th IFAC Conference on Proceedings of Devices the 13thand IFACEmbedded Conference on Programmable Systems Proceedings of of the the 13th 13th IFAC IFAC Conference Conference on Proceedings on Programmable Devices and Embedded Systems May 13-15, 2015. Cracow, Poland Available online at www.sciencedirect.com Programmable Devices and Embedded Programmable Devices and Embedded Systems Systems May 13-15, 2015. Cracow, Poland May May 13-15, 13-15, 2015. 2015. Cracow, Cracow, Poland Poland

ScienceDirect

IFAC-PapersOnLine 48-4 (2015) 498–503

Algorithms and hardware description Algorithms and hardware description Algorithms and hardware description Algorithms and hardware description languages in railway interlocking logic languages in railway interlocking logic languages in railway interlocking languages in railway interlocking logic logic design design design design ∗ ∗∗

Piotr Kawalec ∗ Marcin R˙zysko ∗∗ Piotr Kawalec ∗∗ Marcin R˙z ysko ∗∗ Piotr Piotr Kawalec Kawalec Marcin Marcin R˙ R˙z zysko ysko ∗∗ ∗ ∗ Warsaw University of Technology, Faculty of Transport, University of Faculty of Transport, ∗ Warsaw 75, Koszykowa 00-662 Warszawa (e-mail: [email protected]) ∗ Warsaw University of Technology, Technology, Faculty of Warsaw 75, University of Technology, Faculty of Transport, Transport, Koszykowa 00-662 Warszawa (e-mail: [email protected]) ∗∗ Transportation (Rail Engineering) Polska, Koszykowa 75, 00-662 Warszawa (e-mail: [email protected]) ∗∗ Bombardier Koszykowa 75, 00-662 Warszawa (e-mail: [email protected]) Transportation (Rail Engineering) Polska, ∗∗ Bombardier Ogrodowa 58, 00-876 Warszawa ∗∗ Bombardier Transportation (Rail Engineering) Bombardier Transportation (RailWarszawa Engineering) Polska, Polska, Ogrodowa 58, 00-876 (e-mail: [email protected]) Ogrodowa Ogrodowa 58, 58, 00-876 00-876 Warszawa Warszawa (e-mail: [email protected]) (e-mail: (e-mail: [email protected]) [email protected]) Abstract: Despite years of railway control and signalling development, modern formal descripAbstract: Despite years railway control signalling development, modern formal description methods are still notof used. Lackand of standards in the interlocking logic construction Abstract: Despite years of railway control and signalling modern formal descripAbstract: Despite years ofwidely railway control and signalling development, development, modern formal description methods are still not widely used. Lack of standards in the interlocking logic construction method causes the development of the railway control systems to be more and more expensive. tion methods are still not widely used. Lack of standards in the interlocking logic construction tion methods are still not widely used. Lack of standards in the interlocking logic construction method causes development of the railway systems to beits more and more expensive. Moreover, the the microprocessor usedcontrol nowadays reaches limits signal method the development of control systems to more and more method causes causes the developmenttechnology of the the railway railway control systems to be beits more and regarding more expensive. expensive. Moreover, the microprocessor technology used nowadays reaches limits regarding signal processing time in decentralised systems. This forces the industry to seek for new solutions. Moreover, the microprocessor technology used nowadays reaches its limits regarding signal Moreover, the microprocessor technology used forces nowadays reaches its limitsforregarding signal processing time in decentralised systems. This the industry to seek new solutions. This paper time presents an algorithmic approach toforces interlocking logic development, together with processing in decentralised systems. This the industry to seek for new solutions. processing time in decentralised systems. This forces the industry to seek for new solutions. This paper presents an algorithmic approach to interlocking logic development, together with aThis modern implementation methods using hardware description languages and programmable paper presents an algorithmic approach to interlocking logic development, together This paperimplementation presents an algorithmic approach to interlocking logic development, together with with a modern methods using hardware description languages and programmable devices. a a modern modern implementation implementation methods methods using using hardware hardware description description languages languages and and programmable programmable devices. devices. devices. © 2015, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: algorithms, interlocking, railways, train control Keywords: algorithms, interlocking, interlocking, railways, train train control Keywords: Keywords: algorithms, algorithms, interlocking, railways, railways, train control control 1. INTRODUCTION design is proposed, followed by an implementation method 1. INTRODUCTION INTRODUCTION designprogrammable is proposed, proposed, followed by an an implementation method method using devices.by 1. design is 1. INTRODUCTION designprogrammable is proposed, followed followed by an implementation implementation method using devices. using programmable devices. devices. Railway has become the most complex mean of transporta- using programmable 2. FORMAL DESCRIPTION Railway has become the most complex mean of transporta2. FORMAL FORMAL DESCRIPTION tion in terms of traffic and safety. Currently develRailway has the most mean of Railway has become become thecontrol most complex complex mean of transportatransporta2. tion in insolutions terms of allow traffic control and safety. safety. Currently devel2. FORMAL DESCRIPTION DESCRIPTION oped nearly autonomous train operation tion terms of traffic control and Currently develtion insolutions terms of allow trafficnearly controlautonomous and safety. Currently devel- Many various approaches to the interlocking logic design oped train operation at very high speeds, continuous train control on each have Manybeen various approaches to the interlocking logichistory. design oped solutions allow nearly operation oped solutions allowproviding nearly autonomous autonomous train operation developed over to thethe decades of railway various approaches interlocking logic design at very highthe speeds, providing continuous control on realeach Many Many various approaches to the interlocking logichistory. design level, from the track occupancy check, through have been developed over the decades of railway at very high speeds, providing continuous control on each at veryfrom highthe speeds, providing continuous on realeach have Some of the railwayover administrations their developed the railway level, thecalculation track occupancy check,control through have been been developed over the decades decades of ofestablished railway history. history. time speed profile and execution, to automatic Some of the railway administrations established their level, from the the track occupancy check, through reallevel, from profile the thecalculation track occupancy check, through real- Some unique solutions. In many of the currently developed of the railway administrations established their time speed and execution, to automatic Some of the railway administrations established their routing of multiple trains in a control area. unique solutions. In many of the currently developed time speed profile calculation and execution, to automatic time speed profile calculation and execution, to automatic unique interlocking systems the topological principle is developed used. solutions. In many of the currently routing of multiple trains in a control area. unique solutions. In many of the currently developed interlocking systems systems the the topological topological principle principle is is used. used. routing multiple aa control area. routing of of safety multiple trains in control requires area. Ensuring of trains these in operations redundant interlocking interlocking systems the topological is used. The topological principle means, thatprinciple every logical element Ensuring safety of these operations requires redundant and safety-critical appliances. Since the beginnings of the type The topological topological principle means, that every every logical logical element Ensuring safety of these operations requires redundant Ensuring safety of these operations requires redundant (such as point, signal, level-crossing) is described in The principle means, that element and safety-critical safety-critical appliances. Sincethe the train beginnings of and the The topological principle means, that every logical element railway interlocking development speeds type (such as point, signal, level-crossing) is described in and appliances. Since the beginnings of the and safety-critical appliances. Sincethe the train beginnings of and the type atype generic way and then used for a specific site application. (such as point, signal, level-crossing) is described in railway interlocking development speeds (suchway as and point, signal, level-crossing) is described in number of required functionalities increase. Today trends a generic then used for a specific site application. railway interlocking development the train speeds and railway interlocking development the train speeds and In relay interlocking this can be a relay module (see way and used for site application. numberbegin of required required functionalities increase. Today trends aIn a generic generic way and then thenthis usedcan for aabespecific specific sitemodule application. slowly to point at minimising the costs of railway relay interlocking a relay (see number of functionalities increase. Today trends number of required functionalities increase. Today trends In Miksza, nski and computerrelay interlocking this can aa relay module (see slowly begin begin to point point at minimising minimising the costs costs of railway railway In relay Olendrzy´ interlocking this Zubkow can be be (1979)), relay in module (see interlocking, but keeping the safety standards at equally based Miksza, Olendrzy´ nitski ski and Zubkow (1979)), in computerslowly to at the of slowly begin to point at minimising the costs of railway interlocking is usually a separate block of the code. Miksza, Olendrzy´ n and Zubkow (1979)), in computerinterlocking, but keeping the safety standards at equally Miksza, Olendrzy´ n ski and Zubkow (1979)), in computerhigh level. but interlocking it is is usually aa separate separate block of of the code. code. interlocking, keeping the safety standards at equally based interlocking interlocking, high level. but keeping the safety standards at equally based based interlocking it it is usually usually a separate block block of the the code. high level. high level. Most of the railway interlocking systems produced today Most of the the railway interlocking systemsThe produced today are based on railway microprocessor technology. softwaretoday part Most of interlocking systems produced Most of the interlocking systemsThe produced are based on railway microprocessor technology. softwaretoday part of these solutions is often based on the preceding relay are based on microprocessor technology. The software part are basedsolutions on microprocessor technology. The softwarerelay part of these is often based on the preceding systems. This causes that based implementing new functions of these solutions is often on the preceding relay of these solutions is often based on the preceding relay systems. more This problematic. causes that that implementing new new functions becomes systems. This causes systems. more This problematic. causes that implementing implementing new functions functions becomes becomes more problematic. becomes morethere problematic. Even though are various formal models for describing Evenproject thoughrequirements there are are various formal models models for describing the (Geographic Data for Language for Even though there formal describing Evenproject thoughrequirements there are various various formal models for describing the (Geographic Data Language for British Railways, PlanPro model for Deutsche Bahn or the the project requirements (Geographic Data Language for the project requirements (Geographic Data Language for British Railways, PlanPro model for Deutsche Bahn or the SUBSET112 for European Unionfor railways), noBahn such model British Railways, PlanPro Deutsche or British Railways, PlanPro model model for Deutsche Bahn or the the SUBSET112 for European Union railways), no such model exists for defining the interlocking logic specification itself. SUBSET112 for Union no SUBSET112 for European European Union railways), railways), no such such model model existsmatter for defining defining the interlocking interlocking logic specification itself. 1. Logical objects connection plan (from Maschek This however becomes more often a topic of the Fig. exists for the logic specification itself. Fig. (2012)) 1. Logical Logical objects connection connection plan (from (from Maschek existsmatter for defining the interlocking logic specification itself. This however becomes more often a topic of the Fig. 1. scientific discussions (see Boreck´ y , Kubal´ ık and Kub´ a tov´ a This however becomes more often aa topic of the 1. Logical objects objects connection plan plan (from Maschek Maschek (2012)) This matter matter however(see becomes more often topic of thea Fig. (2012)) scientific discussions Boreck´ y , Kubal´ ık and Kub´ a tov´ (2009) and Kawalec and R˙ zysko y (2014)). scientific discussions (see Boreck´ ,, Kubal´ ık and Kub´ aatov´ aa A basic (2012)) scientific discussions (see Boreck´ y Kubal´ ık and Kub´ tov´ building block of the topological system is a logical (2009) and and Kawalec Kawalec and and R˙ R˙zzysko ysko (2014)). (2014)). (2009) A basic basicTopological building block block of the the topological topological system is is aa logical logical (2009) and Kawalec and to R˙zysko It is therefore necessary look (2014)). for a new, complete and object. principle to completely A building of system A basicTopological building block of the allows topological system is describe a logical It is therefore necessary to look for a new, complete and object. principle allows to completely describe efficient solution for railway interlocking systems. In and this every logical objectprinciple type once, and to then use suchdescribe generic object. Topological allows completely It is necessary to for complete It is therefore therefore necessary to look look for aa new, new, complete and object. Topological principle allows completely describe efficient solution for railway railway interlocking systems. Inlogic this specification every logical logical object type once, and to then use such such generic paper an algorithmic approach to the interlocking for the designed station layout. It is then every object type once, and then use generic efficient solution for interlocking systems. In this efficient solution for railway interlocking systems. Inlogic this every logical object type once, station and thenlayout. use such generic paper an algorithmic approach to the interlocking specification for the designed It is then specification for the designed station layout. It is paper an algorithmic approach to the interlocking logic paper an algorithmic approach to the interlocking logic specification for the designed station layout. It is then then

Copyright © 2015, IFAC 2015 (International Federation of Automatic Control) 498Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © Copyright © IFAC IFAC 2015 498 Copyright © IFAC 2015 498 Peer review under responsibility of International Federation of Automatic Copyright © IFAC 2015 498Control. 10.1016/j.ifacol.2015.07.084

PDeS 2015 May 13-15, 2015. Cracow, Poland

Piotr Kawalec et al. / IFAC-PapersOnLine 48-4 (2015) 498–503

499

necessary that the objects are organised according to the topology of the station. An example of the track layout and a corresponding logical object layout is shown in Fig. 1.

When describing a single object Ei the interlocking vector was introduced. It allows the logical objects to communicate with each other.

Object communicate with each other using data channels and execute the designed functions. The connections between the logical objects are usually organised into geographical and non-geographical. The geographical connections take part in all geographical functions like routes, signalling, passage control. Non-geographical connections allow implementation of additional, custom functions such as blocking all points in particular area.

XZ = {XZA , XZB , ..., XZG }, XZ... = (xz0 , xz1 , ..., xzn ); YZ = {YZA , YZB , ..., YZG }, YZ... = (yz0 , yz1 , ..., yzn );

where A, B, ... are geographical connections to neighbouring logical objects and G - non-geographical connections, as shown in Fig. 2.

Taking the topological model as a base, the system core can now be described. For creating the formal specification of such model it is necessary to organise all data processed by the system into relevant vectors.

2.2 Notation

2.1 Data analysis Considering the railway interlocking system integrally, it has two main interfaces. One between the interlocking system and the dispatching system (Man-Machine Interface), allowing the dispatcher to issue commands and observe the results. The second is between the interlocking system and the object controllers, which are connected directly to the track-side equipment (points, signals, axle counters). This interface allows to interact with the external environment.

Having the data identified and organised, it is possible to begin construction of the algorithm. At first it is necessary to choose the notation method.

To choose the notation method for the constructed algorithm it is necessary to ensure compact form and unambiguity. For manual algorithm processing the graphical form of the notation may be more user-friendly, however the modern design tools allow to generate the specification automatically, so other solutions can be more profitable. The logical algorithm scheme is a formal description method, which has a purely mathematical form, compared to the graphical algorithm scheme, which is basically a drawing as in Fig. 3.

According to the above, data flow can be organised into following alphabets: • input data X = {XP , XK }, • output data Y = {YM , YS }.

These sets consist of the following vectors: • command vector XP = {XP 1 , XP 2 , ..., XP N }, XP... = (xp0 , xp1 , ..., xpn ); • check vector XK = {XK1 , XK2 , ..., XKN }, XK... = (xk0 , xk1 , ..., xkn ); • indication vector YM = {YM 1 , YM 2 , ..., YM N }, YM... = (ym0 , ym1 , ..., ymn ); • manoeuvre vector YS = {YS1 , YS2 , ..., YSN }, YS... = (ys0 , ys1 , ..., ysn ).

Fig. 3. Graphical algorithm scheme

where N is a number of logical objects and n - number of variables in the vector. Now when it comes to analyse the data flow inside the system, additional vectors have to be foreseen.

As described in Traczyk (1982), states (elements of the Y set) represent values of the output variables according to chosen coding convention. The input variables (X set) condition the next step to be executed. If the examined condition equals ’1’, the next step is the operation on the right. Alternatively, if the condition equals ’0’, then the next step is determined by the number over the arrow. Each arrow pointing down has a unique number and marks the transition end. The transition placed after the ω sign is executed unconditionally. The available symbols are listed below: • Yk - output vector, • xk - input variable, • Xk - input vector, Xk = (x1 , x2 , ..., xn ), i

• ↑ - condition check, if the preceding expression equals ’1’ the next action is described by the element on the right side, if it equals ’0’, a transition to the place marked with arrow number i is executed, i

• ↓ - end point for transitions marked with i, i

• ω ↑ - unconditional transition (always-false condition).

Fig. 2. Data flow between logical objects 499

PDeS 2015 500 May 13-15, 2015. Cracow, Poland

Piotr Kawalec et al. / IFAC-PapersOnLine 48-4 (2015) 498–503

The example shown in Fig. 3 can be expressed in logical 1

1

algorithm scheme as ↓YA xn ↑YB .

The use of logical algorithm schemes was proposed during the early development of the description methods for railway in Poland (see Apuniewicz (1969)). Unfortunately in these times there was no design tool which would allow to use this notation directly for the system implementation. Today such tools are available, therefore this approach can be again a profitable solution. 2.3 Algorithm construction method

according to the customer guidelines. Variants depend on functionality type and object properties. Finally this results in the general algorithm structure given below. 0

This means, that the interlocking system have to be split in two different perspectives, as shown in Fig. 4.

12

1w

0

11

11 21

21

s1

s1

0

12

12 22

22

s2

s2

0

↓ YA1 Xab1 ↑ ↓ YB1 Xbs1 ↑ ... ↓ YS1 Xsa1 ↑ ω ↑ (1)

↓ YA2 Xab2 ↑ ↓ YB2 Xbs2 ↑ ... ↓ YS2 Xsa2 ↑ ω ↑ .. .

1w

To begin constructing the algorithm, several statements are proposed. Proposition 1. The railway interlocking logic model is a set of interconnected logical objects, each one concurrently executing a set of algorithms. Each logical object Ei belongs to a set of possible object types. Each algorithm Ai is designed to execute one functionality. Every functionality Fi belongs to a set of functionalities foreseen for the particular adaptation of the system.

11

Ai = ↓YA Xab1 ↑ Xab2 ↑ ...Xabw ↑ ω ↑

1w 2w

2w

sw

sw

0

↓ YAw Xabw ↑ ↓ YBw Xbsw ↑ ... ↓ YSw Xsaw ↑ ω ↑

where A, B, ..., S are states, s is the number of states and w is the number of algorithm variants. Proposition 3. Functionalities can be local (involving one logical object) or complex (involving two or more logical objects) Using the method described above, the algorithm design process has been decomposed in a way that it is possible to create the complete specification only by identifying single dependencies. The example of such dependency is Condition for transition from setting to locking state in a route A-B in a point logical object. The designer can then focus on legal and functional aspects of creating the particular algorithm instead of creating the code itself. 2.4 An exemplary specification To illustrate the proposed method, a set of logical objects was specified. By creating descriptions of basic objects and functions, a prototype interlocking logic was developed and successfully tested. An algorithm representing one of the functionalities of point logical object is presented as an example. The algorithm AZJ is responsible for route execution functionality. The typical route life cycle, based on Theeg and Vlasenko (2009), consists of Calling, Setting, Locking, and Releasing stages. After adding Rest state as the default stage, an example of transition requirements were described in table 1. Table 1. Route life cycle in point logical object Transition Rest (S) to Calling (W) Calling (W) to Setting (N)

Fig. 4. Decomposition method One is the topological construction perspective, and the second is the functional approach. Proposition 2. Each functionality consists of steps. Each algorithm is constructed basing on executed function steps and amount of possible algorithm variants. This means that each algorithm is also decomposed in two perspectives. Functionality steps should be arranged 500

Setting (N) to Locking (U) Locking (U) to Releasing (Z) Releasing (Z) to Rest (S)

Condition point position selected by the dispatching system geographical information about neighbour objects’ readiness required position achieved track circuit occupancy train passage in required direction detected

The point modelled as a logical object has three geographical connections. Considering the two possible point positions, and two possible route directions, there are four available routes for this logical object, as presented in Fig. 5. This results in four variants of the algorithm.

PDeS 2015 May 13-15, 2015. Cracow, Poland

Piotr Kawalec et al. / IFAC-PapersOnLine 48-4 (2015) 498–503

501

taking the latest industry achievements into account (see also Boreck´ y, Kubal´ık and Kub´atov´a (2009)). The algorithm construction method shown above can be easily used for FPGA implementation. For the method development the Active-HDL integrated design environment is used. This is one of the most popular environments for specification, implementation and verification of programmable devices. It uses VHDL and Verilog hardware description languages. The Active-HDL allows to prepare the specification using three editors.

Fig. 5. Routes available for point logical object Using the construction method given above it was possible to create the algorithm 2. 0

11

12

13

14

The FSM editor allows to prepare the data in the graphical environment using finite-state machines. These are easily achievable from the logical algorithm schemes.

0

AZJ = ↓YS Xsn1 ↑ Xsn2 ↑ Xsn3 ↑ Xsn4 ↑ ω ↑ 11

11 21

21 31

31 41

41

0

12

12 22

22 32

32 42

42

0

13

13 23

23 33

33 43

43

0

14

14 24

24 34

34 44

44

0

↓ YW 1 Xwn1 ↑ ↓ YN 1 Xnu1 ↑ ↓ YU 1 Xuz1 ↑ ↓ YZ1 Xzs1 ↑ ω ↑ ↓ YW 2 Xwn2 ↑ ↓ YN 2 Xnu2 ↑ ↓ YU 2 Xuz2 ↑ ↓ YZ2 Xzs2 ↑ ω ↑ ↓ YW 3 Xwn3 ↑ ↓ YN 3 Xnu3 ↑ ↓ YU 3 Xuz3 ↑ ↓ YZ3 Xzs3 ↑ ω ↑ ↓ YW 4 Xwn4 ↑ ↓ YN 4 Xnu4 ↑ ↓ YU 4 Xuz4 ↑ ↓ YZ4 Xzs4 ↑ ω ↑ (2)

Having prepared the general layout it is now necessary to identify conditions for each transition. Table 2. Exemplary transition conditions Transition Rest (S) to Calling (W1) Calling (W1) to Setting (N1) Setting (N1) to Locking (U1) Locking (U1) to Releasing (Z1) Releasing (Z1) to Rest (S)

Condition Xsw1 = xp0 Xwn1 = xza0 Xnu1 = xk0 Xuz1 = xk1 Xzs1 = xk1 ∧ xzb1

By using this method to describe a basic set of functionalities in the most common logical object types it was possible to begin implementing and testing the designed algorithms. 3. SPECIFICATION AND IMPLEMENTATION Today the railway industry looks for new solutions allowing to increase the number of executed functions, but without changing the speed of the system. In software solutions this means that the amount of code lines should be kept on the same level. Because of the ongoing implementation of the European Rail Traffic Management System (ERTMS) and introducing local and regional control centres, new solutions, which could replace the microprocessor technology used now, are discussed. As proposed earlier in this paper, every logical object should execute required algorithms concurrently. The microprocessor implementation of the interlocking system does not allow concurrent data processing, instead providing calculation cycles of a fixed length. Every cycle processes the necessary data, for example logical objects one by one. Since the areas controlled by a single interlocking become larger, this becomes more problematic. One of the discussed solutions is the use of hardware solutions, such as Field Programmable Gate Arrays (FGPAs), 501

Fig. 6. Algorithm graph created from the logical algorithm scheme Considering every output vector Yi value as a state, and every condition check value Xi as a transition, it is easy to create a graph as shown in Fig. 6. Inserting the same graph into the FSM editor (as shown in Fig. 7) allows to automatically generate HDL code for this algorithm and use is further in the design process. Additionally it is possible to use features like default states, trap states or transition priorities, which allow to enhance the specification. The BDE editor allows to create multi-level hierarchy using blocks. Every part of the VHDL code can be presented as a single block and interconnected with the others. A group of blocks can also be presented as one, creating a higher hierarchy level. In the proposed method this editor is used for merging the algorithms into logical objects, and for creating the topology of the station. As presented in Fig. 8 this allows to create a station topology specification which is easy to design and verify. Each of the graphical editors allow automatic HDL code generation. The HDL text editor can be then used to review and adjust the code. It provides all necessary

PDeS 2015 502 May 13-15, 2015. Cracow, Poland

Piotr Kawalec et al. / IFAC-PapersOnLine 48-4 (2015) 498–503

The safety of the HDL code can be compared to the code used in the integrated circuits and ASIC design process. In both cases the code is used to describe and implement the device, rather than to be executed on the machine. Since the mentioned documents does not provide guidelines regarding the programmable devices, it can be assumed that such appliances have to confirm to the hardware requirements of the mentioned documents. Nevertheless, the VHDL language used for the specification is derived from Ada - language widely used in safety-critical solutions. To ensure the correctness of the specification, testing is crucial at every stage of the development. 4. TESTING Testing of the created specification is often one of the most difficult and time-consuming parts of the project lifetime. This is why it is most efficient to use tools that allow to have full control of the simulation process, having ability to automate the process in the same time. Many companies develop their own sophisticated tools to achieve this, but it is also an expensive solution. However it is possible to use the tools available on the market, which ensures that we can use the latest available technology.

Fig. 7. Specification of the algorithm in the FSM editor

In environment like the Active-HDL the simulation and testing process can be performed and automated in various ways.

Fig. 8. Logical objects in BDE editor functions like code completion, syntax checking and code assistant. Regardless of the technology used, every modern railway interlocking system has to conform to the high safety parameters. The following documents issued by the European Committee for Electrotechnical Standardization (CENELEC), describe the requirements for the new systems: • EN50126 - Railway applications. The specification and demonstration of reliability, availability, maintainability and safety (RAMS); • EN50128 - Railway applications. Communications, signalling and processing systems. Software for railway control and protection systems; • EN50129 - Railway applications. Communications, signalling and processing systems. Safety related electronic systems for signalling. These documents describe both hardware (EN50126 and EN50129) and software (EN50128) part of the system. However there are no strict guidelines for hardware logic implementation such as FPGAs. 502

Fig. 9. Waveform The set of internal logic simulators allow to have full control of the process. It is possible to run functional simulations, and time simulations, where the speed parameters of the selected device are taken into consideration. The simulation process can be documented as waveforms, as in Fig. 9, which allow to observe value of every variable in a specified moment in time in a graphical way. It is also possible to observe the simulation in the graphical editors, as for example the FSM editor in Fig. 10. Automatic testing is crucial for project costs and process reliability. The simulation scenarios can be prepared in the form of Active-HDL Macro Language files. These simple script files allow to execute most of the Active-HDL functions in the command-line environment, for instance changing the input variable values, running simulation for a specified time, compiling. It is therefore possible to automate the testing process by generating scripts based

PDeS 2015 May 13-15, 2015. Cracow, Poland

Piotr Kawalec et al. / IFAC-PapersOnLine 48-4 (2015) 498–503

503

Kawalec, P., Koli´ nski, D. and Mocki J. (2005). Zastosowanie programowalnych struktur logicznych w urzadzeniach sterowania ruchem kolejowym. Problemy Kolejnictwa, z.140, p.66–88. Kawalec, P. and R˙zysko, M. (2013). Weryfikacja r´owna´ n zale˙zno´sciowych z wykorzystaniem symulator´ ow logicznych na przyk¤ladzie zastosowania pakietu ActiveHDL. Technika Transportu Szynowego, 10/2013, p.1587– 1594. Kawalec, P. and R˙zysko, M. (2014). Algorytmiczne podej´scie do projektowania logiki zale˙zno´sciowej w systemach sterowania ruchem kolejowym. Pomiary, Automatyka, Kontrola, 10/2014, p.826–828. Maschek, U. (2012). Sicherung des Schienenverkhers. Springer Vieweg, Wiesbaden. Miksza E., Olendrzy´ nski W. and Zubkow A. (1979). Zblokowany system sterowania ruchem kolejowym na stacjach typu IZH 111. WKi¤L, Warszawa. Fig. 10. Simulation preview in FSM editor. The active state is marked with a lighter colour.

Theeg, G. and Vlasenko, S. (2009). Railway signalling & interlocking. Eurailpress, Hamburg.

on the customer requirements, as described in our previous papers (see Kawalec and R˙zysko (2013)).

Traczyk, W. (1982). Uklady cyfrowe. Podstawy teoretyczne i metody syntezy. Wydawnictwa Naukowo-Techniczne, Warszawa.

It is also possible to generate test scenarios for the FSM designs automatically. These Testbenches can be prepared using different scenarios. For example the test can automatically cover every transition in a graph. This makes the testing process simple and efficient. 5. CONCLUSION The proposed algorithm construction method allows to decompose the system in a unified manner, and prepare the specification using elementary conditions. Positive verification of the created model proves that the proposed specification and verification method succeeded in creating the interlocking logic. Having this model as a base, it will be possible to create an implementation in programmable devices, which will allow to prove safety and reliability of this approach. Earlier analysis (see Kawalec, Koli´ nski and Mocki (2005)) show that the results can be promising. The wide range of programmable devices allows to provide a solution adjusted to the customer needs. Using the commercial-off-the-shelf design environment like the presented Active-HDL suite allows to minimise costs of the internal design tools development. The presented approach to railway interlocking logic design, together with the use of modern hardware solutions, can be a profitable solution for the future development of railway equipment. REFERENCES Apuniewicz, S. (1969). Uklady przeka´znikowe w automatyce zabezpieczenia ruchu kolejowego. Wydawnicta Politechniki Warszawskiej. Boreck´ y, J., Kubal´ık, P. and Kub´ atov´ a, H. (2009). Reliable Railway Station System based on Regular Structure implemented in FPGA. Proc. of 12th EUROMICRO Conference on Digital System Design, Patras, p.348–354. 503