Presentation is loading. Please wait.

Presentation is loading. Please wait.

A new fail-safe principle for railway signaling

Published bySharlene Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "A new fail-safe principle for railway signaling"— Presentation transcript:

1 A new fail-safe principle for railway signaling
Yinghua Min Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China

2 Outline Introduction Old fail-safe principle
Difficulty in implementing the old fail-safe principle A new fail-safe principle Conclusions

3 signaling When trains run on railway tracks they follow rules of operations in which safety plays a very important role. The most important rule in respect of safety is ensuring that two trains do not occupy the same position on the track at the same time. To make this rule work operation of trains uses signaling to control movement of trains on tracks and divides tracks into several sections which are protected by the signals.

4 Importance Transportation efficiency vs safety
In case both cannot be achieved simultaneously we prefer to lost efficiency, but guarantee safety. The need to ensure safety is always the topmost consideration and under no circumstances the signaling arrangement can compromise with this primary requirement. Fail-safe principle is critical for railway signaling systems. Railway accidents teach us the importance of signaling safety.

5 Old fail-safe principle
A number of decades ago when relays were widely used in railway signaling systems. The fail-safe principle said that railway signaling had to guarantee the safety when any element in the system was faulty, including signals degraded running.

6 Relay interlocking In some form of partial route relay Interlocking systems electrical switches are provided which allows electrical feeds to signals of appropriate colors and to points as desired. Through use of suitable relay logic the safety of the system for train running is ensured. In such systems electrical detection of point is used and track circuits are used for proving safety of train running. When relays are unoperated, no unsafe condition of train running occurs.

7 Reliability of relays L C Ideal unreliable (p>>q=1-p) L C 1 L C
1 unreliable L C P{C=0}=p P{C=1}=q 1 P{C=0}=q P{C=1}=p (p>>q=1-p)

8 Safety relays It is impossible for C to stuck-at 1. For instance,
Gravity type relays Gravity always exists in any case Single signal lamp machanism Gravity type to guarantee red light in case L C P{C=0}=1 P{C=1}=0 1 P{C=0}=q P{C=1}=p

9 Metal to metal contact relay
It is possible to use metal to metal contact relays for realizing the logic circuits but such circuits have to be designed with care to ensure that even under failure condition train operations are safe. This is achieved by designing the circuits in a manner that for every clearance of a signal the relays that pick up to cause the signal to clear is also checked with respect to its back contact.

10 Track circuits That a track section is occupied or empty is indicated by a track relay, which is a safety relay. Train occupancy or in whatever case, the relay will go down with 100% probability. Any disconnection Power off Bulb broken wire (no display equals to red light)

11 The system commands a red signal if the track circuit is faulty, no matter a train is running in its forward interval or not. The old fail-safe principle is then implemented.

12 Automatic block system(ABS)
ABS operation allows trains operating in the same direction to follow each other in a safe manner without risk of rear end collision. The automatic operation comes from an ability to detect if blocks are occupied or otherwise obstructed and then convey that information to approaching trains. The term "Automatic" means the operation of the system without any outside intervention. it rejects external control to establish a flow of traffic, which is inconsistent with the idea of CTC.

13 ABS Movement of train between two stations is controlled by a pair of equipment called “Block Instrument” in railways. Automatic Block signal(ABS) is the vital interlocking hardware located at the remote location.

14 Centralized Traffic Control
CTC is very much centralized . It controls not only traffic scheduling, but also control all signal facilities, and command train operations, and managements. Highly centralized systems have the advantages of high efficiency But with disadvantages of degrading reliability and safety.

15 Interface Controls Interface controls should be arranged to fail safe principles and an absence of circuit continuity is indicating train approach.

16 Warning Light Controls
Warning lights shall be designed to operate in a fail-safe mode so that an absence of indication is considered as a warning. Separate warning lights shall be used for separate tracks unless specifically approved otherwise. The warning given by the system shall be initiated by the detected approach of any rail traffic movements routed towards the protected area, and shall be maintained until such time as all those movements are detected as being clear of the protected area. Operation of the warning lights shall be automatic and not require any action by the signaler. Fail safe means of train detection shall be used. Failure of train detection equipment shall ensure that the system is maintained in a "warning" state.

17 Fail-safe principle All signaling must be designed in accordance with accepted railway fail safe principles for both mechanical and electrical equipment, e.g., the failure of any component is not to present an unsafe condition. be reliable but fail-safe such that any predictable type of failure of an item of signaling equipment will lead to a more rather than less restrictive operating condition.

18 Microprocessor interlocking
Microprocessor interlocking system with microprocessors or full fledged computers carries out the logical operation under software control. The Drives to external functions as signal lights, point machine etc. are typically given through suitable serial ports and decoder/controller drivers at site. Design on the system is made keeping in view the safety requirements.

19 Fail-safe with software
The requirement of safety is a logical analysis of the state of the points, track circuits and signals. To generate commands to operate points, signals as required, the logic of signal operation can be implemented by relay logic or even mechanical logic, so it should be a pretty simple job for the modern computers. But, if some fault occurs during the process with a long path, the actuator may not act as desired. In the case Solid State Interlocking safety is attained mainly through redundancies.

20 Redundancy Redundancy alone cannot ensure reliability or safety of a system in operation. Correct management of redundancy is essential in making a redundant system fault tolerant and fail-safe.

21 Difficulty in implementing the old fail-safe principle
Nowadays with the advance of electronics control systems, the principle is no longer practical. Since the electronic system is too complicated that there is no way to exhaustively consider all possible element faults. No contact elements No unified model Too many are used. Faulty behavior is various. The old fail-safe principle needs updated.

22 A new fail-safe principle
Given a system and a state transition diagram Define critical states Life-threatening Threating major property losses Depends on system functions Define safe states Depends on systems A system is fail-safe if any critical state will transit to a safe state when any single fault occurs, which will be detected in time.

23 State transition diagram
Critical state Safe state The shortest path to reach the safe state

24 The shortest path The shortest signal path for fail-safe is to guarantee the highest reliability in critical situations when critical faults occur in the system. Ignoring any faults in other nodes No matter how many paths are able to be activated. The shortest path is the only one activated.

25 Shortest path control Field sensor Track circuits Etc. Actuator
Signal lamp Automatic stopping dispatcher monitor Data base analysis channel command Field sensor actuator

26 What faults can be safe? Any fault in the electronic system
Hardware faults Software faults A dispatcher’s operation fault Care should be taken for Severe weather Lightning stroke protecting direct lightning flash to the sensor and actuator Track circuit Short circuit sensitivity degradation due to moisture

27 conclusions The fail-safe principle is to identify a critical fault and mask its effect until recovery is taken. A system is fail-safe if any critical state will transit to a safe state when any single critical fault occurs, which will be detected in time. The fail-safe requirement is that the probability of keeping train operation safe larger than ( ), MTBF is typically 100 years. The shortest signal path principle for fail-safe is to guarantee the safety with highest reliability in critical situations when fault occurs in the system.

28 Thank you for your attention!
Comments & questions?

Download ppt "A new fail-safe principle for railway signaling"

Similar presentations

PLC Applications[ATE-1212] Module-1

PLC Applications[ATE-1212] Module-1
SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September 20101.

SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
NERC Lessons Learned Summary December 2014. NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.

NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.
In this presentation you will:

In this presentation you will:
Thales Axle Counter The Challenges for a modern Train Detection System

Thales Axle Counter The Challenges for a modern Train Detection System
Lecture 5: PLC Programming

Lecture 5: PLC Programming
Materials developed by K. Watkins, J. LaMondia and C. Brakewood Rail Capacity Unit 3: Measuring & Maximizing Capacity.

Materials developed by K. Watkins, J. LaMondia and C. Brakewood Rail Capacity Unit 3: Measuring & Maximizing Capacity.
Ing. Tomáš Vicherek, Ing. Vlastimil Polach, Ph.D. Research and development Automatic Route Setting According to Train Paths in Anticipated Time Schedule.

Ing. Tomáš Vicherek, Ing. Vlastimil Polach, Ph.D. Research and development Automatic Route Setting According to Train Paths in Anticipated Time Schedule.
Location of Signals. Considerations for Location of Signals Braking Distance Overlaps Isolation Simultaneous Reception.

Location of Signals. Considerations for Location of Signals Braking Distance Overlaps Isolation Simultaneous Reception.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Copier Jam Detector Design Problem

Copier Jam Detector Design Problem
 A system consisting of a number of remote terminal units (or RTUs) collecting field data connected back to a master station via a communications system.

 A system consisting of a number of remote terminal units (or RTUs) collecting field data connected back to a master station via a communications system.
During a mains supply interruption the entire protected network is dependent on the integrity of the UPS battery as a secondary source of energy. A potential.

During a mains supply interruption the entire protected network is dependent on the integrity of the UPS battery as a secondary source of energy. A potential.
EMBEDDED SOFTWARE Team victorious Team Victorious.

EMBEDDED SOFTWARE Team victorious Team Victorious.
Distributed Control Systems Emad Ali Chemical Engineering Department King SAUD University.

Distributed Control Systems Emad Ali Chemical Engineering Department King SAUD University.
ANTI LOCK BRAKING SYSTEM

ANTI LOCK BRAKING SYSTEM
Airbus flight control system  The organisation of the Airbus A330/340 flight control system 1Airbus FCS Overview.

Airbus flight control system  The organisation of the Airbus A330/340 flight control system 1Airbus FCS Overview.
SISTEMA Example One. Schneider Electric – Sistema Example 1 – June 2010 2 Example 1: Start/Stop Facility with Emergency Stop Device Circuit Diagram.

SISTEMA Example One. Schneider Electric – Sistema Example 1 – June Example 1: Start/Stop Facility with Emergency Stop Device Circuit Diagram.
Airbus flight control system

Airbus flight control system

Similar presentations

Ads by Google