The Coded Microprocessor Certification

Abstract

In France, the coded microprocessor is certified as a fail-safe component. It is increasingly used in Automatic Train Protection in the guided transport systems. The safety operation of coded microprocessor is based on the information redundancy concept using an error-detecting codes. This redundancy allows a high level of protection against all types of microprocessor failures, as well as against compiler errors. Two coded microprocessor types have been certified by French Duly Authorised Body : -the first one uses a separable code with two fields : 32 bits of data information and 48 bits of check word. It was certified in 1989 and used in the protection of ligne A of the Paris RER express metro and of the POMA system in Laon. -the second one differs from the first by the check word length which is 31 bits. A new certification has been necessary for this second type which will be used in the MAGGAJLY (Metro Automatique & Grand Gabarit de Lyon) system in the line D. Other applications will be put into service shortly in the track-side equipment of the VAL (Vehicule Automatic Leger) in Chicago (fullfilling many operational features: two-way operation, shuttle and run around) and also in the Channel Fixed Link signaling system. In this paper we present a brief introduction to the coded microprocessor principles and explain the main steps of safety proof which have been necessary to certify this component according a safety objective). The error detection capabilities using an arithmetic code and signature technique as well as the assessment of the probability of an undetected error will be presented. We also describe the certification process and organization.