HINTSW - T & T Systems, a subcontractor of Siemens S.p.A., was involved in the design and implementation of the Minimetrò® in Perugia, with activities related to both safety and standard parts of the automation system:
- Safety Software Development Cycle.
- On-board to ground communication
- Variable message management software.
- Variable message management software.
Safety Software Development Cycle
T & T Systems activity, within the Software Development Cycle, consisted of applying the IEC 61508 Standard to Developing Testing and Testing Documents related to the Software Implemented for Parties Related to the Automation System Safety ; in particular for the drafting of the following documents:
- Specification of the software safety requirements.
- Specification of SW requirements of the automation functions critical for safety .
- Specification of the Automation System Requirements.
- Description of the Software Architecture.
- Description of the Function Block Architecture.
- Plan/Procedure of the test procedure of HW/SW Integration
- Description of the Software Detail Architecture - Intermediate Station.
- Description of the Software Detail Architecture - Headquarters.
- Description of the Software Detail Architecture - Concentrator of cars.
- Specification of Automation System Testing.
- Automation System Test Report.
- Dynamic Functional Analysis of the Typical Functions.
- Test Report of the Typical Functions.
The role of HINTSW - T & T Systems for this activity has involved, in addition to writing the aforementioned documents, the linking function between the project assessor and the development team, in order to agree on the most appropriate methodologies and techniques useful to perform the specification and the testing of the software related to safety.
The train-to-track communication between the cars and the central control room (located above the Pincetto terminal station) is one of the most important aspects for plant safety. In fact, this communication entails some critical information for the safety of passengers, first of all the car closing status and the possible opening of the emergency doors of the cars.
These data must be constantly transmitted from cars to the control room to allow the continuous monitoring by the automation system. The accuracy and availability of this information is very important; in fact a short break (less than 2 seconds) of the communication with a single car is enough to cause the system to stop immediately.
As the train-to-track communication is realized through Wi-Fi technology, and since the cars involved in the communication are moving, the reliability and goodness of the train-to-track communication system have been one of the many technical challenges that had faced and overcomed.
T & T Systems collaborated with Siemens for the analysis, testing and putting in place of the final solution adopted in Perugia, consisting of an innovative Wi-Fi communication system, based on a coaxial waveguide cable, extended along all the way, electromagnetically coupled to the antennas placed below the plane of the cars. A series of tests took place at the Leitner factory, in Vipiteno, to evaluate the performance and criticality of the communication system in order to find the best field installation method and to identify the self-diagnostic and testing tests necessary to ensure that the train-to-track communication system also complies with the SIL level 3, according to the requirements of IEC 61508.
Software di gestione dei messaggi variabili
Perugia's Minimetro cars, in their interior, have a bright display that can display alphanumeric strings (messages) on two distinct rows. The strings that are displayed are those received on the serial line that each car display has.
During the design phase of the Minimetro, the need to send the strings to be displayed on the car displays directly from the central control room came to light. The main reasons for this need are the following:
- The electronic devices on-board do not have the information about the car's position;
- Need to enable / disable the display of messages manually, car by car;
- Need to differentiateg the messages to be sent to each single car;
- Be able to handle the messages of the only cars actually in line;
- Need to be able to provide the operators of the central control room with the transmission diagnostics;
- Need to display two distinct typologies of messages on car displays:
- automatic messages: these are messages that automatically update in real time depending on the location of the car (for example: next station: "station name", station stop: "station name", etc.);
- manual messages: these are messages that can be selected from a list of previously stored strings, or that can be typed freely by the operator at the time of transmission.
As mentioned above, the train-to-track communication takes place through a particular Wi-Fi communication system, which actually is a WAN-type communication network. On this network there is a very large number of data concerning very different types of information; there are critical data for safety and automation: the state of the car doors; diagnostics of on-board equipment; there are data on the working status of the car (ventilation, lighting, etc.); there are the pictures of car cameras; and finally there is audio transmission of car intercoms for passenger emergency calls. Finally, all these types of information are added to the messages to be displayed on the car displays.
This latter type of data is the least critical in terms of safety, so this type of transmission does not have to affect the quality and speed of transmission of the most important safety data in any way. To send messages to cars, you have decided not to use the dedicated safety and automation data subnet, but to use the audio and video subnetwork for cameras and car telephones. This decision required the creation of an "application" capable of interfacing simultaneously with the automation data transmission network (to know in real time the position of the cars) and the audio / video data transmission network (for transmitting messages to cars); all of this, as it was said, did not affect the performance of most priority data transmission.
- An user interface that allows the operator of the control room to perform all the operations described above and which displays application diagnostics;
- A communication client with the automation system to find the position of each car online (this client, in order not to interfere with the automation system, is passive, meaning that it receives data only within the time windows where the Automation system has no more urgent tasks to perform);
- A constantly updated database containing the list of vehicles in line with their location and type of massage to be sent;
- A database server service;
- A communication client for sending messages to the audio / video network.
Writing of the user and maintenance manuals
HINTSW - T & T Systems, within the scope of the automation system provided by Siemens SpA, was responsible for writing the user and maintenance manual of the power distribution boards and of the electric control panels of ATS (Automatic Train Supervision) and ATC (Automatic Train Control); it also was responsible for writing the user manual of the ATS automation system, which is mainly based on the SCADA user manual of the entire Minimetrо plant installed at the Pincetto Central Control Room.
To do this, the "Hardcopy" of all SCADA video pages, about 325 images, were produced, and just under 350 photographs of the pictures installed at the Perugia plant were taken.