1. Field of the Invention
The invention relates to a device for checking logical software engines for commanding railway plants, particularly station plants, comprising at least a computer with at least a central processing unit and at least a memory for loading and executing programs:
a logical engine for commanding a plant, particularly a station plant, being loaded or loadable in said memory for its execution, which plant comprises a plurality of operating units for actuating and/or detection and/or measurement and/or signalling, so-called wayside equipments, which units are provided for receiving command signals and for transmitting control signals about the operating condition, and which logical software engine reads control signals given by the operating units for actuating and/or detection and/or measurement and/or signalling and it processes command signals of said operating units basing on an operation protocol of the plant itself.
2. Description of Related Art
In railway field, the command of station plants occurs by means of command logical engines which are based on Boolean algorithms. Control and command signals are univocally associated to state variables which are processed by Boolean logic that provides output command signals as modifications of said Boolean variables. Depending on the features of provided operating units, each of the said variables may have various state conditions and the associated variables representing the state controls and the state commutation commands of operating units may vary within predetermined values, each of the said values represents an operating condition of the operating unit as far as variables representing control signals are concerned, while the said values represent a commutation command from a predetermined operating condition to a different predetermined operating condition or a command for maintaining the operating condition as far as command signals are concerned.
Starting from a traditional realization of command and control logics, particularly of railway plants, in the shape of relay networks, at present the greater reliability and stability, as well as the greater comfort and flexibility in using computers, have caused the transfer of command functions from the relay hardware structure to a software command system emulating the behaviour of the traditional relay network by means of a command and control logical program composed of Boolean algorithms.
Because of the complexity of railway plants, even the logic for controlling and commanding the plant is relatively complex specially considering that in railway field the security operation standards are very high.
In order to transform the control and command hardware logic formed by relay networks into a program in the form of a control and command Boolean engine, hardware/software smart systems have been developed to process automatically the control and command Boolean program by starting from a traditional relay hardware network layout or from a table wherein the operation conditions of the plant are encoded in the shape of lists of state variables and state commutation variables, the so-called condition table.
At present the validation, i.e. tests, are directly made on the plant. However, this is a serious drawback firstly because an operating plant is actually required to which the control and command logic has to be applied. This causes great problems due to great prolongation of time for definitive installing a railway plant, since in addition to time for actual structural installation, such as line laying, and the hardware installation of operating units, it is necessary to make long validation phases of the command logic thereof.
To solve this problem, at least partially, software programs for validating command software logics have been provided, i.e. Boolean engines for controlling and commanding the station plants, that process individually and in parallel the same command and control logical engine by means of at least two generation programs of the control and command logical engine, starting from the same basic information about the system structure and the operation modes thereof. Two command and control logical engines are therefore generated and are therefore compared, whereas the validation is based on diversity criterions of the programs generating the two logical engines which are considered correct in case of functional identity basing on said diversity of the two generating programs.
Such validation or certification mode does not meet fully considerations that are made from the security perspective of the plant operation and so the control and command logical program that has been obtained is always subjected to a deep validation directly on the plant. The certification or validation mode by means of the diversity criterion of the software generating the command and control logical program lacks an interface with the plant.
Therefore, even in this case of software certification and validation, such defect influences again the time for fabricating the plant in operation condition and the time for developing and setting up both the control and command logic and the plant itself. The situation becomes more serious considering not only the installation of a new plant, but also the modification of an existing plant. In such case certifications and validations made on field influence railway traffic that pass anyway and must continue to pass on railway lines already existing. Therefore times are smaller and working conditions are more critical both for the difficulty in working on a plant in use and for the considerations about traffic security that cannot be interrupted except for short periods.
Therefore, the purpose of the invention is to provide a device as described hereinbefore that overcomes the drawbacks existing at present and described above.