MEN: software package for safe train control system menTCS
The MEN Train Control System menTCS is an open computer platform for automated train operation and protection. With the programming interface Y-COM, which is now available, users can rely on a complete software package, partly with SIL 4-certified components.
menTCS is a modular computer platform developed for safe control of all safety-critical functions in rolling-stock and wayside applications. The system is functionally safe and SIL 4-certified due to its two redundant control processors, which communicate with a dedicated I/O processor and thus also with additional external systems. The new Y-COM programming interface unites the commands of the two control processors and thus – despite redundancy – enables an easy communication between the control and the I/O level.
Y-COM is a BSD-socket-based API (Application Programming Interface) integrating well-proven open source technology into a safety-critical environment. Y-COM itself complies with SIL 0 – but by communicating via a safety protocol between the API library and the actual software application, it doesn’t affect the safe application.
The Y-COM programming interface is part of a complete software development kit for menTCS. In addition to that it consists of a BSP with diagnosis and monitoring functions; a synchronization interface for comparing data between both control processors and to guarantee their output at the exact same time; an exchange interface, which compares the data between control level and I/O processor; and the PACY framework (SIL 4), which takes care of the communication within the menTCS network.
For systems that need SIL 4 certification, certification packages for hardware and safety-relevant software are available. They include the assessment report from TÜV SÜD, the safety case, the safety user guide, support hours from MEN and the safe operating system from QNX.