The research and application of fail-safe technologies in rail transit train operation control system

Abstract

The train operation control system in the rail transit has extremely high requirements in terms of reliability and functional safety due to its nature of constant operation, which is often required to achieve the Safety Integrity Level (SIL) 3 or 4. It was concluded in the article that the safety integrity is determined by the systematic failures and random failures of the control system, in which the former will be mitigated by factors of quality management, safety management, technical safety conditions, and the latter requires the achievement of safety target and technical safety conditions to be controlled. The fail-safe concept is the key design principle in the development of the train operation control system. This article summarized the major methods to control the effects of single random faults: Composite Fail Safe, Reactive Fail Safe, and Inherent Fail Safe. The target and computing method of quantified hazardous failure rate is presented for different kinds of control systems, especially for the Composite Fail Safe systems with redundant component, in which a couple of Boolean models are feasible to be applied. The system architectures with 2oo3, as the example, were analyzed. To mitigate the effects of some of multiple faults, the Common-Cause Failure (CCF) needs to be analyzed and the system design should ensure that a multiple failure is not the result of a common cause failure and could only occur by means of a combination of signal random faults. The CCF effect needs to be evaluated especially in the Composite Fail Safe systems, in whichs-factor method would be used for above estimation of the frequency of hazardous failure in this article. The detection of faults is one of key factors during fail-safe design to avoid the effects of single faults as well as the gradually accumulated effects of double or multiple faults in many cases. It turns into the issue of diagnostic methods and coverage of system elements. The diagnostic coverage of an element can be derived considering of the safe failures and hazardous failures. The actions following the detection/diagnosis, especially the retention of safety state, are required as well.