If you register, you can do a lot more. And become an active part of our growing community. You'll have access to hidden forums, and enjoy the ability of replying and starting conversations.

European Train Control System

Discussion in 'Steam Traction' started by MellishR, Nov 21, 2018.

  1. MellishR

    MellishR Resident of Nat Pres Friend

    Joined:
    Apr 16, 2009
    Messages:
    8,068
    Likes Received:
    5,164
    There has been some discussion on the Tornado thread of the future need for, and the possible problems with, fitting ETCS to steam locos. I think this deserves its own thread. It could go in General Railway Chat, because of applicability to heritage diesels as well as steam, but adding electronic gizmos to diesels should be not too different from doing so on any modern traction, whereas there are additional complications for steam. So I'm posting it here. Mods maybe move some of the posts currently on the Tornado thread?

    For background, see https://en.wikipedia.org/wiki/European_Train_Control_System

    I'm starting this thread with something slightly peripheral but relevant. On the Tornado thread,
    The fact of the matter is that almost all software is full of bugs. See for example a series of lectures about this problem and how things could be done better at https://www.gresham.ac.uk/series/living-in-a-cyber-enabled-world/
     
  2. threelinkdave

    threelinkdave Well-Known Member

    Joined:
    Aug 1, 2013
    Messages:
    2,065
    Likes Received:
    1,240
    Gender:
    Male
    Occupation:
    Retired
    Location:
    Stratford-upon-Avon or in a brake KD to BH
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    ONE time I was involved with a major software project as a user tester. On running one test script changing one variable had no effect. I checked with the software team who founfd this message "I have absolutely no idea what this variable does so I have hard coded a 1". I wonder how often that happens. One thing I did with the scrips was to add a negative test - the ROBBIE TEST. We knew that if a certain engineer could bugger up the system he would. so if the variable was 1 to 5 we put a 6. I met a software engineer on a project for a major store through a mutual friend and he was astonished we did negative testing. Do signalling software writers do negative testing?
     
  3. The Green Howards

    The Green Howards Nat Pres stalwart

    Joined:
    Feb 20, 2016
    Messages:
    14,116
    Likes Received:
    7,639
    Occupation:
    Layabout
    Location:
    Naughty step
    Heritage Railway Volunteer:
    No I do not currently volunteer
    I have just bought an FPGA development board for the first time, and am considering looking at VHDL.

    I am terrified. :Nailbiting:
     
  4. simon

    simon Resident of Nat Pres

    Joined:
    Jun 26, 2006
    Messages:
    11,567
    Likes Received:
    5,224
    Ist putting 6 in when the system shoild only accept 1 -5 or whatever, a standard part of everyone's UAT?
     
  5. Forestpines

    Forestpines Well-Known Member

    Joined:
    Jun 5, 2009
    Messages:
    1,681
    Likes Received:
    2,438
    Gender:
    Female
    Location:
    Somewhere in the UK
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    Saying "all software is full of bugs" is a little unfair - but as a developer, I would say that! The main issues I have seen that software development faces in this regard are:

    * developers who do not understand the importance of testing or the differences between different types of test, and who, because they work in small isolated teams, never learn any better.
    * project managers who do not understand the importance of testing or the differences between different types of test, and who therefore do not budget sufficiently for it (in time, money, or both)

    However one would hope that this would not be a problem in safety-critical systems. A larger issue is that of being able to prove the safety of the system in all potential hardware failure modes. Moreover, when you are talking about applying ETCS to a steam loco, the fundamental issue to solve is that the ETCS equipment must be able to safely shut off power at any time, whatever the footplate crew are doing.
     
    Jamessquared likes this.
  6. jnc

    jnc Well-Known Member

    Joined:
    Apr 3, 2012
    Messages:
    1,511
    Likes Received:
    2,706
    Gender:
    Male
    Location:
    Western Atlantic
    Heritage Railway Volunteer:
    No I do not currently volunteer
    How can that be done on the typical steam loco? It must involve some non-trivial surgery, no?

    Noel
     
    Forestpines likes this.
  7. Andy Williams

    Andy Williams Member

    Joined:
    Apr 23, 2010
    Messages:
    851
    Likes Received:
    908
    Occupation:
    Design Engineer
    Location:
    Shropshire
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    There needs to be a means of automatically closing the regulator, via air or steam pressure actuation, similar to that used successfully in Germany on the INDUSI system. See here for a photo of a typical device:http://steamtrainsunlimited.net/03-03-modern-signalling-and-steam-locomotives/

    It is certainly possible to adapt locos to this type of system, but there would need to be extensive testing and approval periods for each generic type. The main problem lies with certain types of slide-valve regulator where, once cracked into second valve, it is impossible to close them without fully opening them first.
     
    Jamessquared likes this.
  8. 8126

    8126 Member

    Joined:
    Mar 17, 2014
    Messages:
    823
    Likes Received:
    962
    Gender:
    Male
    That looks quite simple, but I do wonder about the wisdom of a system where it looks like a driver can end up holding a bloody great steel lever with a big air cylinder shoving it the other way; I hope there's some sort of decoupling mechanism in there so the driver only has authority over the regulator valve if the system permits, but equally the system doesn't have any way of back-driving the regulator handle. I'd also think that a means of automatically operating the blower if the regulator is forced closed might be a good idea.
     
  9. flying scotsman123

    flying scotsman123 Resident of Nat Pres

    Joined:
    Sep 9, 2013
    Messages:
    10,440
    Likes Received:
    17,937
    Gender:
    Male
    Location:
    Cheltenham
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    That was what I was always taught, and I only did a GCSE in computer programming! That said, with a coursework deadline looming and only screenshots of actual the program and testing required, a "fudge" or two may have slipped in.... :rolleyes:
     
    Forestpines likes this.
  10. daveannjon

    daveannjon Well-Known Member

    Joined:
    Mar 31, 2006
    Messages:
    1,059
    Likes Received:
    372
    Location:
    Waiting for the Right Away
    Would it really be necessary to close the regulator with steamers, or is that a mandatory part of the system? I recall a test of the HUDD system on the LTSR where when activated the train stopped within the specified distance when still having a full open regulator.

    Dave
     
  11. meeee

    meeee Member

    Joined:
    Mar 28, 2006
    Messages:
    864
    Likes Received:
    1,319
    Bigger issues before you get to that would be the space and power requirements. You're going to have to tow a diesel around just to power it. An easier solution maybe to treat the steam loco as a snow plough, partially fitted with what the driver needs to see. Then an ECTS fitted loco inside transmitting that info.

    Tim
     
  12. Forestpines

    Forestpines Well-Known Member

    Joined:
    Jun 5, 2009
    Messages:
    1,681
    Likes Received:
    2,438
    Gender:
    Female
    Location:
    Somewhere in the UK
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    So the GCSE is like the real world! :)
     
    jnc likes this.
  13. flying scotsman123

    flying scotsman123 Resident of Nat Pres

    Joined:
    Sep 9, 2013
    Messages:
    10,440
    Likes Received:
    17,937
    Gender:
    Male
    Location:
    Cheltenham
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    Forestpines likes this.
  14. Fred Kerr

    Fred Kerr Resident of Nat Pres Friend

    Joined:
    Mar 24, 2006
    Messages:
    8,239
    Likes Received:
    5,250
    Gender:
    Male
    Occupation:
    Freelance photo - journalist
    Location:
    Southport
    It depends on the basic software methinks. In 1976 I was responsible foe amending a suite of payroll programmes that involved the use of a sub-routine provided by ICL. When I began testing a field using the sub-routine that should have produced a '0' (zero) value actually produced a space value. In some systems that space had a value different from '0' but the ICL software team had neither understood or appreciated the difference. I the same context I recall that NASA found that a major fault was discovered to be caused by a comma in the wrong place in the programme. Both events happened in the 1970s so it seems that three has been little improvement in either programme standards or resilience testing.

    No wonder this luddite fears a future increasingly dependant on technology.
     
  15. Andy Williams

    Andy Williams Member

    Joined:
    Apr 23, 2010
    Messages:
    851
    Likes Received:
    908
    Occupation:
    Design Engineer
    Location:
    Shropshire
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    My understanding is that ETCS requires the means of propulsion to be shut off immediately in order to achieve the required braking distances. Remember that on heavily used sections of track, ETCS (Level 3) is used as a means of increasing the number of trains through a given section by using a moving block.

    Andy
     
    Last edited: Nov 21, 2018
  16. Andy Williams

    Andy Williams Member

    Joined:
    Apr 23, 2010
    Messages:
    851
    Likes Received:
    908
    Occupation:
    Design Engineer
    Location:
    Shropshire
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    The system has been successfully used in Germany since 1934. If the INDUSI system is activated, and an emergency brake application is taking place, there would be no reason for the driver to be trying to open the regulator at the same time. During normal operation there is no air pressure in the actuation cylinder, so the regulator can be opened and closed in the usual manner. I am not certain what you mean about "back-driving the regulator handle". I believe that the regulator does not fully close with this system, and that a small amount of 'cushioning' steam is still admitted to the cylinders. I also believe that it is the norm to keep the blower cracked open when running.

    Andy
     
  17. simon

    simon Resident of Nat Pres

    Joined:
    Jun 26, 2006
    Messages:
    11,567
    Likes Received:
    5,224
    Hardly. Proper UAT would have shown up these errors. The first rule of UAT is test that the software rejects out of range inputs.
     
    Forestpines likes this.
  18. 8126

    8126 Member

    Joined:
    Mar 17, 2014
    Messages:
    823
    Likes Received:
    962
    Gender:
    Male
    As a general rule, having a hand control which can also be influenced by a powered system operating under completely separate control logic is frowned upon these days; powered equipment usually needs guards and to be isolated unless the guard is in place, regardless of whether you should be touching it. I'd suggest that any circumstances under which the system is making an emergency brake application are not normal operation, and therefore it's dangerous to assume the driver won't be trying to use the regulator. However, I'm fairly sure it would be possible to implement some kind of linkage in which the regulator handle is free at all times to move through the whole travel, but only actually drives the valve when the auto-shut mechanism is in the "open" position, and equally is not driven itself when the auto-shut mechanism closes the valve. I have one loosely in mind, just trying to work out if something more elegant is possible.

    I know steam engines will never be H&S paradises, and I've no interest in making them so, but introducing the German system as-is over here with no grandfather rights may not be straightforward.

    While the required braking distances are a problem, would it not be possible to have steam locomotives under a restrictive regime (implemented by the locos own ETCS) in which their moving block distances are greater? Having the equipment at all is a prerequisite, but I'd think with such a system it's actually easier to accommodate a train which doesn't meet the braking distance specifications than with fixed block sections.
     
    MellishR and jnc like this.
  19. 5944

    5944 Resident of Nat Pres

    Joined:
    Jan 14, 2006
    Messages:
    8,031
    Likes Received:
    7,605
    Gender:
    Male
    Occupation:
    Train Maintainer for GTR at Hornsey
    Location:
    Letchworth
    Heritage Railway Volunteer:
    No I do not currently volunteer
    You would think so. Different trains will have different braking characteristics, so the system should be adaptable to cope with the variations. A single carriage class 153 is going to take longer to stop than an 11 carriage class 390, and you'd expect ETCS to recognise that and adjust block sections accordingly.
     
    Will RL likes this.
  20. threelinkdave

    threelinkdave Well-Known Member

    Joined:
    Aug 1, 2013
    Messages:
    2,065
    Likes Received:
    1,240
    Gender:
    Male
    Occupation:
    Retired
    Location:
    Stratford-upon-Avon or in a brake KD to BH
    Heritage Railway Volunteer:
    Yes I am an active volunteer
    You dont need a diesel to power it. You need a Stones steam turbine as fitted to Southern pacifics with battery backup. These grnerators are fairly compact, fitted behind the cab steps on Spam cans. I am sure most loco would be able to find a home
     

Share This Page