EKE-Electronics
Eurocity trains run safely with the help of model-based design
The train control system in Eurocity trains has been designed according to precise safety criteria. The system oversees the operations of trains that travel faster than 200 km/h while preventing potential dangerous situations.
Picture stock footage, no connection to project.
CHALLENGE
Ensuring high-level functional safety
EKE-Electronics Ltd. is one of the leading providers of Train Control and Management Systems in the world. Between 2022 and 2023, the company implemented a safety function to Eurocity trains that utilises data from the train’s electric motors to independently detect and prevent derailment risks.
“The function automates train safety and helps the train driver observe the sliding between the driving wheel and rail. Ultimately, the goal was to ensure that the trains can travel safely,” states Mikko Pajakkala, the Head of Project Management at EKE-Electronics.
Strict safety criteria and the need to ensure functional safety at all times made it necessary to produce two SIL 2 level (Safety Integrity Level) versions of the function using different implementation methods. This method of increasing reliability is also known as diversity, and it, together with redundancy, are important tools for ensuring reliability.
“Implementation was challenging because such a critical function like this requires a lot of documentation, reporting, parametrisation and testing in accordance with safety processes. Moreover, although the implementation methods had to be different from one another, they also needed to yield the same test results,” Pajakkala states.
"Implementation was challenging because such a critical function like this requires a lot of documentation, reporting, parametrisation and testing in accordance with safety processes. Moreover, although the implementation methods had to be different from one another, they also needed to yield the same test results."
Mikko Pajakkala, Head of Project Management, EKE-Electronics
SOLUTION
Model-based design works well with functional safety
The team at EKE-Electronics made the first version of the train safety function using C programming. Safety criteria required for a second version to be created, and a decision was made to implement it using a completely different method: model-based design. EKE-Electronics had no prior experience with model-based design applications. However, they were familiar with Gofore’s ability to utilise the method for implementations that adhere to strict safety requirements. Thus, Gofore was called for help.
In model-based design, visual elements are used to create a model of the system from which code can be generated automatically. The biggest benefit of this approach is that it ensures quality while also accelerating development.
“Model-based design is a perfect solution for functional safety implementations that require accurate traceability and documentation. With model-based design, some of the documentation is produced automatically as a side product of software development. As the model changes, so does the documentation,” describes Karl-Kristian Högström, who is an Account Manager at Gofore.
Gofore carried out the model-based design based on a prototype of sorts, a Simulink model, that the end customer had previously created. A certified MathWorks process was strictly followed during the design, which determined the tools, testing methods and documentation for the process.
"Model-based design is a perfect solution for functional safety implementations that require accurate traceability and documentation. With model-based design, some of the documentation is produced automatically as a side product of software development. As the model changes, so does the documentation."
Karl-Kristian Högström, Account Manager, Gofore
Testing the safety function
This diagram depicts the train motor accelerating and braking forces in relation to speed in different scenarios as measured by the implemented safety function. The function uses this information to initiate monitoring and restriction measures as necessary.
RESULT
Established safety through tests and new insights
The EC train safety function was carried out using model-based design, and the end result met all of the objectives. Its functionality was validated through safety tests that yielded the same numbers as the tests conducted for the C-programmed version of the solution. EKE-Electronics also needed documentation for the SIL 2 evaluation of the function, and we were able to produce all of the required documentation.
In addition to functional implementation, EKE-Electronics was also able to gain valuable insights into the benefits and utilisation of model-based design.
“We reached the desired outcome and were left with good experiences of model-based design. Model-based design has proven to be a viable solution for implementing challenging functional safety solutions. It is an especially useful tool when using the Simulink model. Our cooperation with Gofore was professional and smooth from start to finish,” Pajakkala states.
The functionality of the EC train safety function was validated using the testing device in the picture.
Important figures
- 5+5 months spent on the design process and testing
- 2 members in Gofore's team
- 2 different implementations
- 70+ trains that use the safety function
EXPERTISE
The skills & competences utilised in the project
- Model-based design
- Functional Safety
- Software Development
