SDM

SDM is a project, part of the Strategic Program for Railways research, carried out in collaboration with Rete Ferroviaria Italiana (RFI).

To fit the rising demand for high-speed, safe and efficient continental railways systems in EU, the European Railways Agency (ERA) issued several requirements specifications to support the EU members to adapt their national railway systems to achieve a common safety and interoperability standard. The standards cover all the aspects of a railways system like hardware equipment and software components, communication, onboard and track-side, operative procedures, safety and security. The specifications include functional, non-functional, safety, security and verification requirements.

The European Rail Traffic Management System (ERTMS) is a very relevant part of the ERA specifications.
ERTMS includes:

• The specification of the European Train Control System (ETCS), an onboard and track-side signalling system featuring automatic train protection.
• The Global System for Mobile communications for Railways (GSMR).
• Procedures, operating modes and rules.
• Dynamic signalling blocks: blocks are dynamically determined through the use of tokens, called Movement Authorities (MA). MAs are assigned by the system to the train, either via special track-side devices called Balises or via GSMR.

Train protection is defined by means of a component called Speed and Distance Monitoring (SDM), which is the object of the analysis of this project.

Functionally SDM is responsible for:

• Monitoring train speed and distance from targets given by the MA and other distance/speed profiles which constitute targets to monitor.
• Communicating information about the targets to the driver through the onboard Driver-Machine Interface.
• Automatically cutting off the traction and actuating brakes to ensure that the train respects those targets if the driver fails to properly react.

To perform its tasks SDM is required to calculate a set of distances required to safely ensure that the train will be able to respect each target ahead. Such a set represents the (increasing) thresholds for supervision limits: Indication, Permitted Speed, Warning, Service brake intervention and Emergency brake intervention. To compute these supervision limits, Deceleration Braking Curves (DBC) are computed taking into account track conditions (slope, slippery, temporary restrictions received from the Balises or GSMR, train conditions (brake deceleration factors, weight, rotating mass, brake conditions, operative modalities) and uncertainties (driver reaction time, speed and distance inaccuracy, brake activation delays).

SDM shall continuously compute several DBC originating from a set of selected supervised targets which dynamically change in time as the train passes them or environment conditions vary. Relevant targets to be supervised are dynamically identified by SDM from a larger set of targets transmitted from track-side or computed by SDM itself.

The objective of the project is the implementation of the SDM component in Misra-C language according to the development process of SIL4 software in standard EN50128. The input is the ERA subset 026-3 requirements specification, and the output is SDM source code that is required to execute passing all ERA tests specified in the subset 076 testing specification. Furthermore it is required that SDM complete the whole cycle loop within 10 ms on a target embedded platform featuring no Floating Point Unit.

The project was completed successfully with a full implementation of the SDM component according to ERA’s specifications and the EN50128 high-safety software development and verification standard. SDM passes all ERA’s specification tests and completes the cycle within 2 ms.

General Info

Start Date: Dec 2021
End Date: Dec 2022
Budget: 132 k€