A formal and pragmatic approach to engineering safety-critical rail vehicle control software
The engineering processes for safety-critical systems, for instance in the health care or transportation domains, are regulated by law. For software in the railroad industry in Europe the certification procedures have to obey the norm EN50128. This paper presents the method that was introduced and employed for the development and the successful certification of the software for the vehicle control unit (VCU) of the Vossloh Locomotives' G6 shunting locomotives. The primary goal in the development of the software was conformity to EN50128, the secondary goal is a cost-efficient process without sacrificing safety. To achieve these goals our method is based on formal techniques, but also designed to be easily applicable in our context (pragmatics). Central to our method are functional trees as a design specification mechanism. The outcome of employing this method was the successful certification of the locomotive G6 without any software-related problems.
Full Text: PDF