Usage of the safety-oriented real-time OASIS approach to build deterministic protection relays

As any safety-related system, medium voltage protection relays have to comply with a Safety Integrated Level (SIL), as defined by the IEC 61508 standard. The safety-function of the software part of protection relays is first to detect any faults within the supervised power network, then ask the tripping of the circuit breakers in order to isolate the faulty portion of the network. However, it is required that detection and isolation of faults must occur within a given time, as specified by the IEC 60255 standard. Schneider Electric currently achieves the demonstration that a protection relay is performing its safety-function within such temporal constraints at the price of a costly phase of tests. The OASIS approach is a complete tool-chain to build safety-critical deterministic real-time systems, which enables the demonstration of the system timeliness. In this paper, we show how we apply the OASIS approach to build a deterministic protection relay system. We designed a software platform called OASISepam, based on an existing product from Schneider Electric, namely the Sepam 10. We show a preliminary evaluation of our implementation over a STR710 ARM-based board that runs the OASIS kernel. Notably, we show that the observed worst-case end-to-end detection time of OASISepam fulfils the specified constraint expressed in the design phase and translated in the OASIS programming model. Consequently, the temporal behaviour of protection relays is mastered, thus reducing application development costs and allowing the optimization of selectivity.