EN 50657 Railway Applications – Rolling Stock Applications – Software on Board Rolling Stock
As the successor standard to EN 50128:2001, the European Standard EN 50657 specifies the process and technical requirements for the development of software for programmable electronic systems for use on rail vehicles.
The standard exclusively concerns software and the interaction between software and the system to which the software belongs - regardless of whether it is safety-relevant or non-safety-relevant software. Software that is part of a signaling device (railroad control and monitoring) of trains is not affected by EN 50657.
EN 50657 defines the objective of software testing as the verification of the behavior or performance of the software with respect to the corresponding test specification to the degree achievable by the selected test coverage (Chapter 6.1.1). The criteria and the degree of test coverage to be achieved shall be stated in the test specification. Likewise, an assessment of test coverage and test completeness must be created.
All testing, verification and analysis must have a sufficiently high coverage of the implemented code (Chapter 6.7.4.6).
According to table A.5 techniques such as static analysis, dynamic analysis and tests as well as code coverage are highly recommended for SIL 1 up to SIL 4.
The collection of metrics is recommended.
Regarding Static Analysis, limit value analysis, checklists, control and data flow analysis, failure expectation, and walkthroughs/design reviews are recommended or strongly recommended.
Required Code Coverage
Depending on the safety integration level (SIL), the EN 50657 standard requires the following test coverage in Table A.21 (R stands for "recommended", HR stands for "highly recommended"):| Basic integrity | SIL 1 | SIL 2 | SIL 3 | SIL 4 | |
| Statement Coverage | - | HR | HR | HR | HR |
| Branch Coverage | - | R | R | HR | HR |
| Compound conditions (MC/DC Coverage) |
- | R | R | HR | HR |
| Dataflow | - | R | R | HR | HR |
| Path coverage | - | R | R | HR | HR |
Tool Support
Statement-, Branch-, MC/DC- and Modified Condition Coverage (MCC) can be analysed by Testwell CTC++. This coverage tool is suitable for C, C++, Java and C# projects.Data flow analysis, path coverage and static code analysis can be done with GrammaTech CodeSonar®.
In order to analyse code complexity of C, C++, Java and C# projects, Testwell CMT++ and Testwell CMTJava can be used.
Certificate / Qualification Kit
For Testwell CTC++ 10.x we provide a Certificate of TÜV Süd Rail GmbH for the usage of Testwell CTC++ in safety critical projects (all SIL- and ASIL-levels of the supported standards).Verifysoft offers Qualification Kit for Testwell CTC++ (currently up to version 9.x) which provides documentation, test cases, and procedures that let you qualify Testwell CTC++ Test Coverage Analyser for projects based on the safety standards ISO 26262, IEC 61508, EN-50128, and DO-178C.
