Welcome to Scribd!

Skip carousel

Deadman Printversion

Uploaded by

moni

0% found this document useful (0 votes)

2 views21 pages

Original Title

20031125_Deadman_printversion

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

2 views21 pages

Deadman Printversion

Uploaded by

moni

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 21

Search inside document

Model Checking Dead Man

Functionality in a Tram

Meine van der Meulen

mjpm@adelard.com
Outline
O The project
O The dead man functionality
O EN50126
O The safety case
O Experiences with FMEA, FTA and Model Checking
O Conclusion

2
Rotterdam Citadis

3
The Project
O Built by
O Alstom Ridderkerk, NL: electronics, traction
O Alstom La Rochelle, F: the rest

O For: Rotterdam Tram Company, RET

O This means splitting up the safety case

4
The Dead Man Switch

5
Dead man electronics

Dead man
switch

Relay

PLC

6
Braking a Tram
O Recuperating brakes
O Brake discs
O Rail brakes

7
Recuperating Brakes

Pantograph

Brake resistor

Switch

Inverter

Motor
M

8
Pantograph

9
Inverter

10
Communication PLC to Inverter
O MVB – Vehicle Bus
O Vehicle Wires (fail-safe), e.g.:
O Torque
O No_Emergency_Brake
O No_Brake
O Torque_100%

11
Dependability Requirements
O Apply EN50126: Railway applications; The
specification and demonstration of dependability,
reliability, availability, maintainability and safety
(RAMS)

O Compare part I of IEC61508

O Almost no technical guidance
O Very usable

12
Activities
O FMEA
O Fault Tree
O Model Checking Using SMV

13
Observations from FMEA
O Large amount of work
O But necessary: gives safety engineer insight
O Leads to fruitful discussions with design team
O Some failure modes difficult to detect: acceptable?

14
Observations from FTA
O Almost no redundancy: acceptable?
O Improvement by automatic testing
O Software is single point of failure
O Comparison to state-of-the-art

15
Model Checking Using SMV
O SMV is very suitable for modelling PLC software

O Properties proved:
O If dead man switch is released, then PLC will command
braking action
O If dead man switch is always closed, then PLC will
command braking action

16
Greater-than Translation
module gt_int(in1, in2, _out) {
INPUT in1, in2: -_max.._max;
OUTPUT _out: boolean;
case{
in1>in2: _out:=1;
default: _out:=0;
}
}

17
Off-timer Delay Translation
module tof(_in, q) {
INPUT _in: boolean;
OUTPUT q: boolean;
state_tof: {idle, wait, active};
init(state_tof):=idle;
case{
state_tof=idle & _in=0: next(state_tof):=wait;
state_tof=wait & _in=0: next(state_tof):={wait, active};
state_tof=active & _in=0: next(state_tof):=active;
default: next(state_tof):=idle;
}
case{
state_tof=idle: q:=1;
state_tof=wait: q:=1;
state_tof=active: q:=0;
}
}

18
Properties
deadman18_mode1: assert (
(F (IDeadmanIn & (X G ~IDeadmanIn)) &
F (NIDeadmanInMc1 &
(X G ~NIDeadmanInMc1)) &
(G MCabinActive) & G MCabinID))
-> F G (~QEmerTorque1 & ~QEmerTorque2 & ~QNoBrake));
using fair_tof_163_10, fair_tof_163_74 prove deadman18_mode1;

19
Observations from Model Checking

O Identified no faults in software

O Modelling time is difficult
O Automatic conversion from PLC logic diagrams to
SMV logic would help:
O Is my rendering correct (especially after changes)?
O Definitions of logic blocks?
O Design team understands and appreciates it

20
Conclusion
O Model checking PLC gives evidence for safety claim
O Model checking work appreciated by client

White Lies - Core Rulebook
Document136 pages
White Lies - Core Rulebook
Thiago Almeida
No ratings yet
Fitness RX For Women - December 2013
Document124 pages
Fitness RX For Women - December 2013
renrmrm
100% (2)
Marine Control, Practice
From Everand
Marine Control, Practice
D A Taylor
Rating: 2.5 out of 5 stars
2.5/5 (2)
SVT Greske
Document17 pages
SVT Greske
Peter
100% (6)
3512 Throttle Position Error 91-8
Document13 pages
3512 Throttle Position Error 91-8
harikrishnanpd3327
100% (3)
Assignment in English Plus Core 11 Full Circle
Document76 pages
Assignment in English Plus Core 11 Full Circle
Ritu Maan
68% (38)
PAForge D20 Weapons Compendium
Document29 pages
PAForge D20 Weapons Compendium
djbonefish
100% (1)
Projects With Microcontrollers And PICC
From Everand
Projects With Microcontrollers And PICC
Guillermo Perez Guillen
Rating: 5 out of 5 stars
5/5 (1)
RE5R05A Overview 2007 - 1 - 12
Document4 pages
RE5R05A Overview 2007 - 1 - 12
Chee Bai
100% (6)
Sprinter MY2020 Fuse Supplement
Document20 pages
Sprinter MY2020 Fuse Supplement
mausinger
No ratings yet
Still r70
Document86 pages
Still r70
mateiola
83% (35)
Thomson Electrac HD Linear Actuator Motion Control per CAN Bus
From Everand
Thomson Electrac HD Linear Actuator Motion Control per CAN Bus
Wilfried Voss
No ratings yet
EE208 Lab Manual
Document38 pages
EE208 Lab Manual
sakib shaukat
No ratings yet
Actual Freedom - Made Easy (Print Friendly Edition)
Document186 pages
Actual Freedom - Made Easy (Print Friendly Edition)
Justine
100% (5)
Rensselaer Polytechnic Institute ECSE-4760 Real-Time Applications in Control & Communications ANALOG AND DIGITAL CONTROL OF A DC MOTOR
Document23 pages
Rensselaer Polytechnic Institute ECSE-4760 Real-Time Applications in Control & Communications ANALOG AND DIGITAL CONTROL OF A DC MOTOR
sara_ogl7
No ratings yet
Analog Layout Design (Industrial Training)
Document10 pages
Analog Layout Design (Industrial Training)
Shivaksh Sharma
No ratings yet
3rd Periodic Test in English4
Document7 pages
3rd Periodic Test in English4
Santa Dela Cruz Naluz
100% (1)
Modatek Level 2 Robot Training Course Overview
Document166 pages
Modatek Level 2 Robot Training Course Overview
Ivan Paul Medellin Castro
No ratings yet
MID 039 - CID 1847 - FMI 09: Pantalla Anterior
Document6 pages
MID 039 - CID 1847 - FMI 09: Pantalla Anterior
Walter
No ratings yet
Vag Immo Emulator Schematics V.1: CX: 10uf
Document5 pages
Vag Immo Emulator Schematics V.1: CX: 10uf
williamrojasmendoza
No ratings yet
Codigo 0070-02 de D6N Akm
Document5 pages
Codigo 0070-02 de D6N Akm
Miguel Lopez
No ratings yet
Implement elevator controller using microcontroller
Document38 pages
Implement elevator controller using microcontroller
Rajesh Aaitha
100% (2)
Tau k205m Boomgate Manual
Document11 pages
Tau k205m Boomgate Manual
Penta Guard
No ratings yet
Intake and Exhaust Manifolds Emission Control System
Document47 pages
Intake and Exhaust Manifolds Emission Control System
Greg Hanna
No ratings yet
Traffic Control System Using 89C51: Project Title
Document27 pages
Traffic Control System Using 89C51: Project Title
Hafza Ghafoor
No ratings yet
Untitled
Document20 pages
Untitled
Juanma Doce
No ratings yet
Railway Gate Control Project
Document42 pages
Railway Gate Control Project
Tathagata
No ratings yet
Automatic Power Factor Controller Using Microcontroller
Document29 pages
Automatic Power Factor Controller Using Microcontroller
vallery1
100% (3)
Unit-V 8051 Microcontroller Applications by S.Sayeekumar, AP/RMDEEE
Document43 pages
Unit-V 8051 Microcontroller Applications by S.Sayeekumar, AP/RMDEEE
Kiran Neog
No ratings yet
CNC Interface Board CM101 Manual
Document17 pages
CNC Interface Board CM101 Manual
Zorica Solunac
No ratings yet
Fast automatic sizing of charge pump phase-locked loop based on behavioral models
Document22 pages
Fast automatic sizing of charge pump phase-locked loop based on behavioral models
Gc Veeresh
No ratings yet
3UF5 SIMOCODE-DP System Motor Protection and Control Device
Document20 pages
3UF5 SIMOCODE-DP System Motor Protection and Control Device
Kamal Tomar
No ratings yet
DCS Interview Question
Document8 pages
DCS Interview Question
Zulhelmi
No ratings yet
Fault Codes Cat 12 PDF
Document1 page
Fault Codes Cat 12 PDF
Carlos
No ratings yet
ABB SPEM Relay
Document12 pages
ABB SPEM Relay
siva_984
No ratings yet
Commissioning Protocol Stacker Reclaimer
Document2 pages
Commissioning Protocol Stacker Reclaimer
Sagar G Reddy
No ratings yet
Smart Parking System: A Major Project Report
Document62 pages
Smart Parking System: A Major Project Report
Nikhil Rastogi
No ratings yet
HHP Loco Driver Guide
Document63 pages
HHP Loco Driver Guide
Devidatta Satapathy
83% (6)
LT9 Manual Mimoinsa KS1 M6 - Rev01 - in
Document19 pages
LT9 Manual Mimoinsa KS1 M6 - Rev01 - in
RezhaNugraha
No ratings yet
V.C.U (Vehicle Control Unit) PDF
Document5 pages
V.C.U (Vehicle Control Unit) PDF
rahul k
No ratings yet
PLC Question
Document14 pages
PLC Question
Waseem Ahmad
No ratings yet
FlowCAD An PSpice AutoConvergence
Document10 pages
FlowCAD An PSpice AutoConvergence
Sirish Oruganti
No ratings yet
ConverterUnit 56426
Document2 pages
ConverterUnit 56426
Carlo Gomez
No ratings yet
MID 039 - CID 1847 - FMI 02: Pantalla Anterior
Document4 pages
MID 039 - CID 1847 - FMI 02: Pantalla Anterior
Walter
No ratings yet
DCS Interview Questions
Document5 pages
DCS Interview Questions
Hardik Mantri
No ratings yet
Notes: Cam Operated Rotary Switches Cam Operated Rotary Switches
Document16 pages
Notes: Cam Operated Rotary Switches Cam Operated Rotary Switches
atanumaster1987
No ratings yet
Guest Klnit
Document42 pages
Guest Klnit
mohan
No ratings yet
Micro 133 Midterm Lecture 2 - IO Interfacing With 8255 & Assembly Language - Edited
Document10 pages
Micro 133 Midterm Lecture 2 - IO Interfacing With 8255 & Assembly Language - Edited
Keilla Romabiles Leopando
No ratings yet
Unit8-RK 3
Document27 pages
Unit8-RK 3
sba
No ratings yet
GAL16V8: Features Functional Block Diagram
Document22 pages
GAL16V8: Features Functional Block Diagram
Lharchichi Aniss
No ratings yet
Mercedes-Benz-Sprinter 2021 EN Manual de Taller Diagrama de Fusibles 9067fe22cb
Document18 pages
Mercedes-Benz-Sprinter 2021 EN Manual de Taller Diagrama de Fusibles 9067fe22cb
Owuell leonardo Belmonte
No ratings yet
EMTP-RV Nuclear Power Plant Studies
Document20 pages
EMTP-RV Nuclear Power Plant Studies
Anonymous zfmlsb2GjA
No ratings yet
SM Charts and Microprogramming: ELEC 418 Advanced Digital Systems Dr. Ron Hayne
Document38 pages
SM Charts and Microprogramming: ELEC 418 Advanced Digital Systems Dr. Ron Hayne
ashwani22
No ratings yet
GAL16V8: Features Functional Block Diagram
Document23 pages
GAL16V8: Features Functional Block Diagram
Wilmar Diaz Rodriguez
No ratings yet
DC Motor Speed Control Part I: Open-Loop Command
Document5 pages
DC Motor Speed Control Part I: Open-Loop Command
Ebd Rahman
No ratings yet
BN 180 AutroKeeper PDF
Document2 pages
BN 180 AutroKeeper PDF
MOHD HAIDAR
No ratings yet
Eocr Total en
Document38 pages
Eocr Total en
Arturo Sanchez
No ratings yet
DC Motor Speed Control
Document7 pages
DC Motor Speed Control
Biyadglgne Eskezia Ayalew
No ratings yet
120H Sens Ouput Transm Caf 4
Document4 pages
120H Sens Ouput Transm Caf 4
Miguel Angel Garrido Cardenas
No ratings yet
Effective Study Material
Document74 pages
Effective Study Material
Santhosh Anantharaman
No ratings yet
Network Cable Tester: User Operation Manual
Document15 pages
Network Cable Tester: User Operation Manual
sebibv2
No ratings yet
Review The General Troubleshooting Information: Report A Problem With This Article
Document4 pages
Review The General Troubleshooting Information: Report A Problem With This Article
Dio Arkana
No ratings yet
GSM Robotic Arm
Document68 pages
GSM Robotic Arm
Parveen Kumar
No ratings yet
ES Lab File
Document37 pages
ES Lab File
Møhït Jáñgír
No ratings yet
Stepper Motor Control Using 8051
Document7 pages
Stepper Motor Control Using 8051
hksaifee
100% (1)
10 SEP671 REL670 Exercise 9 Autorecloser and 1-3 Phase Operations
Document15 pages
10 SEP671 REL670 Exercise 9 Autorecloser and 1-3 Phase Operations
Messias De Oliveira Santos
No ratings yet
Anais Do Workshop De Micro-ondas
From Everand
Anais Do Workshop De Micro-ondas
Alexandre Maniçoba De Oliveira, Dr.
No ratings yet
Ceiling Fans Sensa Series: F Yuragi Function (Natural Breeze)
Document1 page
Ceiling Fans Sensa Series: F Yuragi Function (Natural Breeze)
TY
No ratings yet
Tugas Bahasa Inggris-1
Document8 pages
Tugas Bahasa Inggris-1
Nur Komariyah
No ratings yet
Lab Report
Document9 pages
Lab Report
Qi Yi Tan
No ratings yet
Fundamental aim training routines and benchmarks
Document8 pages
Fundamental aim training routines and benchmarks
Achilles SeventySeven
No ratings yet
Fundamental Calculations To Convert Intensities Into Concentrations in Optical Emission Spectrochemical Analysis
Document14 pages
Fundamental Calculations To Convert Intensities Into Concentrations in Optical Emission Spectrochemical Analysis
PYD
No ratings yet
ON Code (Aci 318-77) : Commentary Building Requirements For Reinforced Concrete
Document132 pages
ON Code (Aci 318-77) : Commentary Building Requirements For Reinforced Concrete
Azmi Bazazou
No ratings yet
Commsec - Co Profile - 20150521
Document14 pages
Commsec - Co Profile - 20150521
Muhammad Nisar Khan
No ratings yet
Estimation of Fabric Opacity by Scanner
Document7 pages
Estimation of Fabric Opacity by Scanner
JatiKrismanadi
No ratings yet
What Is The Kingdom of God
Document10 pages
What Is The Kingdom of God
Sunil Chelladurai
No ratings yet
David Lawrence CV
Document32 pages
David Lawrence CV
M.Awais Akhter
No ratings yet
Service Manual: Freestanding Cooling Double Door ARC 2140
Document5 pages
Service Manual: Freestanding Cooling Double Door ARC 2140
Sergio Zapata
No ratings yet
Guess The Animal!: Model
Document2 pages
Guess The Animal!: Model
Giovanni Vilcapoma Laura
No ratings yet
3 Soal Ganjil Inggris Maritim
Document8 pages
3 Soal Ganjil Inggris Maritim
Fikri Mu'iz
No ratings yet
Solar Collectors Final Word
Document14 pages
Solar Collectors Final Word
Vaibhav Vithoba Naik
No ratings yet
CHAPT 12a PDF
Document2 pages
CHAPT 12a PDF
indocode
100% (1)
Rate Constant Determination 2
Document8 pages
Rate Constant Determination 2
Divya Upadhyay
No ratings yet
Tutorial - DGA Analysis
Document17 pages
Tutorial - DGA Analysis
w automation
No ratings yet
Rites of Acceptance For Altar Servers PDF
Document3 pages
Rites of Acceptance For Altar Servers PDF
John Carl Aparicio
100% (1)
IRIScan Book Executive 3 PDF
Document86 pages
IRIScan Book Executive 3 PDF
ssampling
No ratings yet
Marketing 5 0
Document23 pages
Marketing 5 0
gmusicestudio
No ratings yet
Rotating Sharp Shooting Multi Target Mechanism Improves Military Aim
Document13 pages
Rotating Sharp Shooting Multi Target Mechanism Improves Military Aim
Vishal G
No ratings yet
Waste Management in Vienna. MA 48
Document12 pages
Waste Management in Vienna. MA 48
4rtttt4ttt44
No ratings yet
Mvf404 Mhn-Seh2000w 956 b4 Si
Document2 pages
Mvf404 Mhn-Seh2000w 956 b4 Si
luisneiralopez
No ratings yet