Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[EN] Success Story Eiffage Energie

23 views

Published on

Software in the railway industry needs to meet the requirements of the standard CENELEC 50128. Eiffage Energie Railway Systems worked with Itris Automation to integrate PLC Checker into their project, to ensure compliance with the standard throughout the development of their PLC programs and to support the certification process.

Find out now how PLC Checker can support compliance needs and the certification process.

Find us at http://www.itris-automation.com
Contact us at contact@itris-automation.com for more information.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

[EN] Success Story Eiffage Energie

  1. 1. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 1 Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard. The use of PLC Checker by Eiffage to support the certification process. The context Eiffage is a group in the construction and public works industry. Their entity Eiffage Energie Systèmes Ferroviaire designs, produces, and operates rail networks and systems. The challenge In a project for the railway industry, the PLC programs created by Eiffage were required to be conform with the good practice development methods defined by the standard CENELEC 50128. Eiffage then needed to be able to prove this conformity to an external certification body for approval. The solution PLC Checker, an automatic verification tool for PLC programs, was identified as being able to meet a number of the requirements of CENELEC 50128 and therefore able to support Eiffage in the development and certification of their PLC programs. The results The PLC Checker reports supported Eiffage’s certification application and the certification body approved the conformity of their PLC programs with the standard. Since commissioning, no software anomalies have been observed.
  2. 2. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 2 THE CONTEXT Eiffage is a group in the building and public works industry. Their entity, Eiffage Energie Systèmes Ferroviaires (EESF), specialised in the railway industry, designs, produces, and operates rail networks and systems. In a recent project for the new high-speed train line between Brittany and the Loire Valley in France, EESF was responsible for the financing, conception, and construction of the line, and they will be responsible for its maintenance for the next 25 years. In the railway industry, safety is fundamental. Therefore, any software bearing a safety risk and destined for an application in this industry must be managed correctly. This is the reason for the existence of the standard CENELEC 50128. This standard defines the process and technical criteria for the development of control/command system software in the railway industry to ensure the safety of people and goods. The programs that EESF developed for this railway project carried a security level SIL 2. Consequently, they had to ensure the respect of CENELEC 50128 from the very beginning of the project. At the end of the program development, they were required to prove the conformity of these programs to an external certification body in order to validate them. THE CHALLENGE Itris Automation started working with EESF to support them with the development of their CENELEC 50128-compliant PLC programs and to support their certification process. Previously, EESF performed manual code reviews to verify the respect of their PLC programs with their corporate programming standard. But this technique is too limited and cannot ensure the safety level required by the standard. Manual code reviews are never exhaustive given the large number of lines of code and the amount of time and resources they require. Finally, Eiffage’s corporate programming standard is based on experience from
  3. 3. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 3 previous projects which were not necessarily within the railway industry. It was therefore necessary to update the programming standard for this project to take into account the requirements specific to CENELEC 50128. Certifer, the external certification body responsible for the certification of EESF’s project, suggested the use of a static analysis tool for PLC programs, such as PLC Checker, in order to meet the requirements of the CENELEC 50128 standard. PLC Checker, developed by the French company Itris Automation, is a collaborative application for the static analysis of PLC code. The tool can verify the conformity with programming standards, calculate metrics, and detect anomalies in PLC programs. Industry leaders such as Schneider Electric, Ford, and EDF are already using PLC Checker. Given that the standard CENELEC 50128 demands the use of appropriate verification techniques and after Certifer’s recommendation, EESF decided to use PLC Checker to support the development of their PLC programs for the high-speed railway project. THE SOLUTION To start with, it was necessary to qualify PLC Checker by demonstrating that it meets the usage requirements of the high-speed railway project and a security level SIL 2. According to the tool classes as defined by CENELEC 50128, PLC Checker is classed T2, “a tool which allows for the testing or verification of a program, where any internal faults could lead to an error in the results of the verification but would not have an impact on the final executable software.” EESF, with the help of Itris Automation, put a testing strategy in place to: validate the functions to be used; ensure that any errors would not be detectable in the final product; manage any anomalies; and define the limits of use. The results of these tests were used to create a qualification file for the approval of the use of PLC Checker for the high-speed railway project. This file could PLC Checker helps integrate compliance with standards, such as CENELEC 50128 for railway, early on in a project.
  4. 4. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 4 also be useful for future projects in certified contexts (railway or other), thus enriching the offer of both Itris Automation and Eiffage. After the tool qualification process, EESF was able to start integrating PLC Checker into their development process. Firstly, it was necessary to prepare the programming rules set for the tool. To do this, EESF presented their corporate coding standard and their needs to Itris Automation so that their requirements were taken into account during the creation of the customised rules set for PLC Checker. In turn, Itris Automation presented the rules from their own program development guidelines to evaluate if they could be useful for EESF and if they could contribute to verifying the conformity with CENELEC 50128. EESF decided to adapt their coding rules set for this project by adding some of the pertinent rules from Itris Automation’s guidelines, resulting in a hybrid solution, better adapted to the needs of the project. Once the rules had been defined, Itris Automation created the personalised PLC Checker rules set. This rules set was delivered to EESF and the verification of their PLC programs with PLC Checker was able to begin. EESF used PLC Checker to meet several of the requirements of CENELEC 50128. Firstly, they ran the tool to verify that the coding rules had been respected throughout the program development stage, an aspect highly recommended by the standard for programs with a security level SIL 2. Then, as simply recommended, EESF used the tool to monitor metrics, in order to follow the progress of the project and to judge the complexity and maintainability of the program. Finally, EESF used PLC Checker to analyse the control flow and the data flow of the program, another aspect highly recommended by CENELEC 50128. These analyses allowed any incoherencies in the sequence of the program to be detected, such as the presence of dead code for example. PLC Checker facilitated all of these inspections and analyses by automatizing the most tedious part and by automatically producing results that EESF simply needed to interpret. Finally, PLC Checker was used during different levels of testing in order to ensure the highest quality from the very beginning of the development. The flexibility of the tool allowed the different teams to use it according to their specific needs. For the developers, the tool allowed them to test the applications during the development stage and thus to find any major non-conformity issues earlier, when it is easier to correct them. Then, the testing team used the tool to check certain parts of the program and certain coding rules that are particularly important. Finally, the tool allowed the internal verification team and the external validation team to have an overview of all 4 PLCs 10.000 Inputs / outputs 200 Different software components +17.000 Lines of code +11.000 Alarms Some key project figures
  5. 5. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 5 the analyses so that they could audit the development process. EESF especially appreciated this collaborative characteristic of PLC Checker as it enabled the results to be easily shared between the different stakeholders and it provided a global view of the project. THE RESULTS EESF tested all the programs and components of their project with PLC Checker, and the issues brought up in the tool’s analysis reports were corrected. The reports generated by PLC Checker were then analysed by the verification and validation teams to confirm that the programs and the quality management process were compliant with the CENELEC 50128 standard. After all the efforts of EESF, the external certification authority, Certifer, declared themselves satisfied with the process and approved the conformity of EESF’s programs with the standard: “The creation, the verification, and the validation of the software is conform with the CENELEC 50128: 2011 norm for software with a security level SIL 2.” Since the commissioning of the high-speed railway line Brittany – Loire Valley in July 2017, no software anomalies have been observed. Eiffage Energie Systèmes Ferroviaire is now planning to systematise the use of PLC Checker for all certified projects. PLC Checker is available for • CoDeSys v2.x, v3.x • Beckoff TwinCAT 2 and 3 • ICS Triplex ISaGRAF 4.12 • Phoenix Contact PC Worx and MULTIPROG 5.50 • PLCopen XML • Rockwell Automation RSLogix 5, RSLogix 500, and RSLogix 5000 • Schneider Electric Unity Pro, PL7 Pro, Orphee, XTEL, and SoMachine 4 • Siemens Step5, Step7, and TIA Portal • Yokogawa Stardom
  6. 6. User Story Quality verification of PLC programs in the railway industry to meet the requirements of the CENELEC 50128 standard - 6 About Itris Automation Based in Grenoble, France, Itris Automation is a software engineering company that provides development and production tools for the verification, conversion, documentation and troubleshooting of PLC codes to complement the programming tools of international PLC vendors. Thanks to their advanced technologies, Itris Automation helps companies improve their development processes and thus deliver higher quality programs in shorter timeframes. The Itris Automation team are experts in software quality and coding standards, and they have combined their knowledge and skills to provide innovative solutions for the industry. Schneider Electric, EDF, Sanofi, Ford, Eiffage, Soitec, and ArianeGroup are among Itris Automation’s main customers. For more information, please visit our website www.itris-automation.com

×