Yang Li,Dongqin Feng

DOI: https://doi.org/10.1007/978-3-642-34528-9_86

2013-01-01

Abstract:Automatic train protection system (ATP) is the key safety-related system of train control system, so its safety reliability requirements are much higher. This article studies functional safety assessment (FSA) including function analysis, hazard identification, risk rank evaluation, risk reduction, and safety integrity verification during the development of carborne ATP. A risk rank evaluation method is proposed combining as low as reasonably practically (ALARP) criteria and risk matrix. Many safety defects of carborne ATP are found and then the design scheme is improved through FSA. The results of risk analysis software Isograph prove that carborne ATP meets the safety integrity level of its design goals at last.

WANG Shuai,JI Yin-dong,YANG Shi-yuan

DOI: https://doi.org/10.3969/j.issn.1001-8360.2011.09.010

2011-01-01

Abstract:Test,analysis and verification of China train control system level 3(CTCS-3) are important ways to ensure the safety of train running and people lives.Especially,the formalized model is the foundation of these work.In this paper,we use the automata net to model the CTCS-3.The method transforming the sequence charts into the automata net model is studied.The sequence charts of the system firstly are transformed into the sub-automata of each sub-system,and then the sub-automata are combined into the automata model for the each sub-system.At last,the automata net model is constructed for the system after modeling the communication channels between each two sub-systems.The sequence charts of the system are transformed into the automata net model of the system automatically through using our method.

Lupeng Liu,Wei Dong,Xinya Sun,Yindong Ji

DOI: https://doi.org/10.1109/iccsit.2009.5234986

2009-01-01

Abstract:A new driver model for the Chinese Train Control System Level 3 (CTCS-3) simulation system is proposed in this paper to achieve safe, punctual and smooth control of train under complex situations. Particularly, a rule library for the driver actions is established to deal with the complex environments, and a two-step speed control strategy is adopted to meet the requirements of safety. By using the maximum acceleration change rate strategy, the driver model fits for the online action which is required by the research of Automatic Train Operation (ATO) system. Simulation results show that the modeling targets can be achieved by using the proposed modeling method.

Lu Lu,Xu Zhengguo,Wang Wenhai,Sun Youxian

DOI: https://doi.org/10.13879/j.issn1000-7458.2010.05.022

2010-01-01

Abstract:The safety is one of the most important and fundamental requirements for train operation.As the key technical equipment for train monitoring,control,and scheduling,the reliability of train control systems (TCSs) is directly related to the safety of train operation.Fault diagnosis for TCSs is an important way to guarantee the reliability of TCSs.This paper made a review over TCSs fault diagnosis techniques.First,fault diagnosis methods for TCSs are classified and summarized.Then,some research achievements of TCSs fault prediction were summarized.Finally,some potential directions for future TCSs fault diagnosis research are pointed out.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Wenbo Zhang,Xiangkun Meng,Jianyuan Wang,Tieshan Li,Qihe Shan,Fei Teng

DOI: https://doi.org/10.1109/iccss53909.2021.9722016

2021-12-10

Abstract:Automatic crane is a complex system affected by the external environment and the internal components of the system, information fusion, software and hardware combination, and man-machine integration. The improvement of its automation and informatization proposes various challenges in the accident model construction and safety analysis. However, the safety analysis methods based on fault types consider that the occurrence of accidents is linear and ignore the correlation among components of the system. This paper adopts the system-theoretic accident model and process (STAMP) and system-theoretic process analysis (STPA) mode is to implement safety analysis of the automatic crane trolley running system (ACTRs). The paper starts from the identification of system-level losses and hazards, clarifies the function and internal logical control relationships of the system’s components, and then finds potential unsafe control actions (UCAs) and loss scenarios during the trolley running. The results show that the control requirements for the regular operation of the trolley running system can be analyzed in detail. Therefore, the STAMP/STPA can apply to the safety investigation of automatic cranes.

Xin CHEN,Peng JIANG,Yi-Fan ZHANG,Chao HUANG,Yan ZHOU

DOI: https://doi.org/10.13328/j.cnki.jos.004780

2015-01-01

Abstract:The train control system is a safety-critical system. To assure its safety, it requires the testing process to cover all possible runs in its safety-critical scenarios. Existing methods of scenario modeling and test case generation cannot completely satisfy the requirement. The paper focuses on the methods of modeling safety-critical scenarios in train control system and the tools for automatically generating test cases for the system. UML activity diagram is extended with event-driven and time characteristic description mechanism to satisfy the requirement of modeling safety-critical scenarios. A simple path coverage criterion is also proposed to define the coverage of all possible runs in a scenario and a method is provided for automatic test case generation. The experiment on ground train control system shows the effectiveness and limitation of the proposed method.

Xianhui Yang,Ming Xu,Yao Cheng

DOI: https://doi.org/10.1109/3CA.2010.5533881

2010-01-01

Abstract:The automatic train control system (ATC) is the safety critical system (SCS). Based on the revised parts of the ATC, this paper analyzes the risks which may be triggered by the parts of modification. The paper follows the international standard of railway function safety, and describes the relevant requirements and basic methods. From the basic structure of the ATC, the required safety integrity level (SIL) of each part of the system is discussed. The paper concludes the methods for risk analysis and evaluation in the modified system. They contain hazard identification, hazard validation, consequence analyzing, the methods for determining risk category, hazard severity, possible hazard frequency, stages for dividing risks and recommended management for eliminate and alleviate risks. Those results of the revised system were analyzed by using lists of hazard identification, hazard influence and hazard liber. And risk monitoring is implemented by using the hazard liber. © 2010 IEEE.

Huijuan Zhou,Limin Jia,Yong Qin

DOI: https://doi.org/10.1109/KAMW.2008.4810609

2008-01-01

Abstract:The railway transportation safety system is a complex dynamic system with spatio-temporal characteristics. Taking railway line section as the research object, we propose a new cellular automation (CA) model - a safety system model for railway (SSM-R) - to simulate the railway safety. In the proposed CA model, we consider a railway line section as a cell and the neighbouring sections as the neighbors, and emphasize particularly on the transition rules including train speed limit rules, train update rules, Signal update rules, block section rules, etc. Then a simulation experiment is carried out with ArcGIS Engine 9.1 and Dot Net, the results show that the model can interpret the evolutional law of the railway transportation safety system.

FANG Youtong,LIU Li,MA Jien,PEI Chunxing

DOI: https://doi.org/10.3969/j.issn.1001-4632.2012.04.13

2012-01-01

Abstract:Based on the structure of traction drive system and the traction characteristics of CIT400 high-speed comprehensive inspection train,a simulation model was established by MATLAB/Simulink for the traction drive system of high-speed comprehensive inspection train under predictive current control.The operation characteristics of CIT400 high-speed inspection train were simulated and analyzed upon short-time power failure of pantograph and net voltage fluctuation under traction and brake conditions.Simulation results were compared with measured data.Research shows that the simulation result and measured data are basically identical.The established model can correctly reflect the operation characteristics of the train and can meet the dynamic and static requirements for the actual operation of train.

Yan Luo,Qinghua Liu,Yuelei Xie

DOI: https://doi.org/10.3969/j.issn.1673-808X.2014.02.011

2014-01-01

Abstract:In order to ensure the safety of the running train,fault tree analysis is applied into the early warning (EW)module of the train data showing center.A fault tree of equipment system is established,then the quantitative and qualitative analy-sis of the fault tree model is carried out,and the equivalent model of the system and fault probability is obtained.The DS system will make the corresponding alert by comparing the failure probability with the prior warning threshold.The applica-tion result shows that FTA is an effective way to diagnose system fault for the security of the running train.

Lei Bu,Xin Chen,Linzhang Wang,Xuandong Li

IF: 4.755

2011-01-01

Clinical Orthopaedics and Related Research

Abstract:Communication Based Train Control (CBTC) system is the state-of-the-art train control system. In a CBTC system, to guarantee the safety of train operation, trains communicate with each other intensively and adjust their control modes autonomously by computing critical control parameters, e.g. velocity range, according to the information they get. As the correctness of the control parameters generated are critical to the safety of the system, a method to verify these parameters is a strong desire in the area of train control system. In this paper, we present our ideas of how to model and verify the control parameter calculations in a CBTC system efficiently. - As the behavior of the system is highly nondeterministic, it is difficult to build and verify the complete behavior space model of the system online in advance. Thus, we propose to model the system according to the ongoing behavior model induced by the control parameters. - As the parameters are generated online and updated very quickly, the verification result will be meaningless if it is given beyond the time bound, since by that time the model will be changed already. Thus, we propose a method to verify the existence of certain dangerous scenarios in the model online quickly. To demonstrate the feasibility of these proposed approaches, we present the composed linear hybrid automata with readable shared variables as a modeling language to model the control parameters calculation and give a path-oriented reachability analysis technique for the scenario-based verification of this model. We demonstrate the model built for the CBTC system, and show the performance of our technique in fast online verification. Last but not least, as CBTC system is a typical CPS system, we also give a short discussion of the potential directions for CPS verification in this paper.

Yuemiao Wang

2018-07-01

Abstract:A Train Control System (TCS) is utilised to guard the operational safety of the trains in railway systems. Therefore, functional testing is applied to verify consistency between the TCS and specification requirements. Traditional functional testing in TCSs is mainly based on manually designed test cases, which is becoming unsuitable for testing increasingly complex TCSs. Therefore, Model-Based Testing (MBT) methods have been introduced into TCS functional testing, to improve the efficiency and coverage of TCS testing, with application difficulties. To overcome the difficulties of applying MBT methods to test TCSs, the author introduces simulation combined MBT which combines an MBT method with simulation. Modelling method and implementation method for the proposed approach were explained in detail. Two case studies were undertaken to explore the effectiveness of the testing platform developed. The testing results obtained prove that the testing platform can be utilised to implement the functional testing of TCSs. To prove that the MBT platform is effective in detecting errors in the SUT, validation and verification was undertaken, which include validation of specification requirements and verification of the MBT platform. The testing performance is proven to be better than existing MBT methods in terms of coverage and efficiency.

Computer Science,Engineering

Zhang Yong,Sha Shuo,Wang Shu

DOI: https://doi.org/10.1109/ICICIP.2013.6568081

2013-06-09

Abstract:As a unified technology platform for high speed railway in China, CTCS-3 train control system can ensure the safety and high efficiency of train operation. In order to verify whether a CTCS-3 system is consistent with the system requirements specification, it is necessary to carry out a series of testing, including laboratory testing, field testing, integrated testing and commissioning, as well as interoperability testing, for whose purposes a set of test sequences must be prepared. The manual preparation of test sequence is characteristic of heavy work load, low efficiency and high demand for professional expertise. Although a computer-aided tool has been developed to provide an integrated graphical editing environment, with such functions as automatic generation of WORD test sequence files and XML test scripts, as well as electronic management of test cases, test sub-sequences and test sequences, however its intelligence and flexibility is limited because human efforts and expertise are stilled needed in such works as preparing pre-defined test sub-sequences, choosing proper test sub-sequences and concatenating them to form a test sequence, as well as setting up various test conditions. To address these issues, this paper proposes a new approach for generating the test sequence by building an expert system, with the aim to increase the degree of automation in concatenating test cases, determining test location and setting up test condition for each test case. Firstly on the basis of analyzing the process of manually generating test sequence, the related domain knowledge are summarized; secondly the knowledge tree method is adopted for compiling the knowledge about test cases and their test method, the typical test scenarios and some rules of thumb; thirdly production rules are adopted to represent the knowledge and relational database is utilized to build the knowledge base; finally a hybrid inference mechanism by combining model-based forward inference and rule-based backward inference is adopted to generate the test sequence.

Computer Science,Engineering

Lei He,Junyi Chen,Xiucai Zhang,Jun Li,Jingquan Tian

DOI: https://doi.org/10.1109/access.2024.3349964

IF: 3.9

2024-01-01

IEEE Access

Abstract:In recent years, autonomous driving technology has been developing rapidly, but there is still a certain gap from commercial production, in which the safety issue is one of the important factors. In the working of most companies and colleges, the Traffic Jam Pilot (TJP), serving as a prototypical Level 3 autonomous driving function, has predominantly focused on functional implementation and enhancement, prioritizing functional completeness and user comfort. However, the aspect of functional safety in the system has received comparatively less attention. To guarantee the safety of the driver’s life and property, it is essential to consider the functional safety aspect regarding automobile operation after system function failure. In this paper, according to the functional safety development process and related regulations in ISO 26262, the functions and operation environment of the TJP system are defined in detail, and the longitudinal function is taken as an example to be developed following the functional safety process and verified by simulation. Simulation verification results show that the control algorithm is safe and reliable, and can ensure the safety and stability of the vehicle during operation. The research in this paper further explores the combination of functional safety and high-level automated driving function, providing some ideas for their practical application in industry.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Wu,Yindong Ji

DOI: https://doi.org/10.1109/iccsit.2009.5234985

2009-01-01

Abstract:Chinese train control system level 3 (in short, CTCS3) is extremely complicated, and must be reliable and safe. Therefore, its design and development need to be validated by simulation. Particularly, we need to guarantee the reliability of the hardware-in-the-loop simulation (in short, HILS) system via verification and validation (V&V) during the modeling and simulation (M&S) for each sub-system. First, we analyze the common problem of most current V&V methods that they do not verify the model in this HILS system dynamically and automatically. Then, we present a dynamic V&V method based on HILS, and sequentially discuss the structure of the verifier, the verification algorithm and the validation criterion. Finally, we show how this method is successfully applied in CTCS3 HILS system.

Chen Qiu,Tan Chen,Shaofeng Lu,Haifeng Wang,Haifeng WANG

DOI: https://doi.org/10.1109/mits.2021.3049369

IF: 5.293

2021-01-01

IEEE Intelligent Transportation Systems Magazine

Abstract:For modern railway transportation, dynamic moving block train control systems have been well studied to shorten train tracking intervals and increase capacity. In this article, a novel train tracking method based on train-to-train communication is developed for a dynamic moving block train control system to prevent chain collisions when lead trains experience a sudden speed loss. First, a 3D dynamic safe braking model is built to show the train control mode. Second, a multitrain information synchronization method is proposed to ensure the validity of received messages. Finally, a cooperative collision avoidance mechanism is put forward. Simulation experiments are carried out with practical line data, and the effectiveness of the method is verified by a comparative simulation study with two other benchmark case studies. The results show that the proposed approach can successfully prevent chain collisions in a three-train scenario. By ensuring the normal operation of train-to-train communication through high-frequency information exchanges, the described method is able to successfully prevent chain collisions caused by abrupt decelerations on a high-density network.

engineering, electrical & electronic,transportation science & technology

HUANG Quanan,SONG Jian,ZHANG Guosheng,LI Lei

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.11.016

2010-01-01

Abstract:To enhance the diagnostic and self-protected ability of automated mechanical transmission(AMT),and to improve the system reliability,this paper proposes a concept of the controller system safety.By way of system analysis method,the traditional development of hardware and software is changed to the design of system input,internal logic and output.The methods of circuit adaptive,fault rapid diagnosis,safety redundancy,sub-system replacement and open-loop fault-tolerant control were used to design the power management module,sensor signal processing,system internal control unit and actuators' driver,with an AMT controller developed,which is stable and controllable,adaptive to input environment and has limp-home and fail-safe characteristic.Laboratory experiments and road tests proved that the proposed design methods can improve the control performance of AMT and enhance the whole system stability and reliability.

Yanfeng Li,Hongzhong Huang,Shun‐Peng Zhu,N. Xiao

Abstract:Along with the development of modern design technology and the increasing complication of modern engineering systems, component dependency has become a universal phenomenon during the failure analysis of systems. Ignoring the dependency among the failure behaviors of system components may lead to a huge error or even yield faulty results. In this paper, three types of models and two kinds of modeling methods are introduced for solving the common cause failure issues. The fault tree model of the train rear-end collision accident has been proposed based on the explicit modeling method. The probability of occurrence of the train rear-end collision accident is calculated using the square root model. The result shows that common cause failure has significant influences on the system reliability.

Engineering