Computers replacing safety relays in railway signalling: Analysis of different methods, description of and experience from two applications. LME first Interlocking and ATC system containing computers.

Abstract

During 40 years safety relays have been the predominant technology in practical use for railway signalling systems with fail-safe demands. During the last two - three years computers have been introduced for vital functions. To fulfil fail-safe requirements different methods have been used to overcome the non-asymmetric fail-function of electronic components and systems. This paper will cover some different methods and evaluate them. As a result an approach to achieve a fail-safe computer system will be suggested. In a computer system for vital functions the information is processed twice by two independently designed and executed program versions in the same computer resulting in a safe and economic solution. The first LME computerbased interlocking plant is now being delivered and the experience of the development work is covered. Modern Automatic Train Control (ATC-) system is now equipped with microcomputers. Experience from development and field tests of an intermittent ATC-system is summarized. The two projects make it evident that general, standard computers can be used for fail-safe systems, if careful adaption of fail-safe design philosophy is maintained.