Research On Hardware Safety Integrity Level Verification Method Of Train Control System

As a typical safety critical system for controlling and protecting train operation,the safety of the train control system whether can meet the functional safety requirements of the system is increasingly concerned by users.As the main reference standard for safety assessment in the railway field,IEC61508 proposes a Probability of Dangerous Failure per Hour(PFH)quantitative calculation and hardware Safety Integrity Level(SIL)verification requirements for safety-related systems.In engineering practice,the parameters involved in the PFH calculation model can not be obtained completely accurately.The PFH calculation results and the SIL verification results obtained by the "determined" parameters may cause the actual response of the system to deviate significantly from the expected situation.This deviation poses a significant safety hazard to device applications.Therefore,in order to improve the credibility of the safety assessment results,it is necessary to analyze the influence of the uncertainty of the parameters on the hardware SIL verification.This paper deeply analyzes the reality of the safety assessment of railway signal field in China.Based on the analysis of the architectural requirements of the train control system and the research status at home and abroad,the input parameter contribution calculation,the common cause failure fraction quantitative calculation and the hardware SIL verification method are studied.The research results are as follows:(1)From the two aspects of "PFH calculation" and "hardware SIL impact",the calculation method of input parameter contribution degree is proposed.Based on the analysis of the influence characteristics of the input parameters on the output results in the PFH calculation model,the orthogonal test and the range analysis method are used to obtain the order of contribution of the input parameters to the PFH calculation results under two typical redundant structures(double 2-vote-2 structure and 3-vote-2 structure)of the train control system.By creating a multivariate linear regression machine learning model,linear regression coefficients were obtained by repeated supervised learning,and used to verify the results of orthogonal test.At the same time,the contribution calculation method of the influence of input parameter uncertainty on the hardware SIL of the train control system is further studied.The contribution calculation model of the influence of single parameter uncertainty on the hardware SIL is proposed.It’s concluded that the single channel dangerous side failure probability,diagnostic coverage and undetected common cause failure fraction are key parameters that affect the hardware SIL verification results.(2)A quantitative calculation model of common cause failure fraction for high-order redundant structures of train control systems is presented.After analyzing the limitations of the SBF model adopted by the train control system,the Alpha parameter model applied in the nuclear energy field is introduced into the common cause failure fraction calculation.Firstly,the calculation model of the dangerous side failure probability caused by the common cause failure under high-order redundant structure is obtained by the inductive method.The coupling relationship between the common cause failure factor and the PFH calculation model is established by model derivation,and a quantifiable common cause failure fraction calculation model is obtained.Afterwards,in view of the lack of common cause failure data in China’s train control system,a Bayesian inference-based common cause failure fraction calculation model based on prior data missing conditions is proposed,and two hyperparametric prior data calculation methods are provided.Through the construction of the common cause failure fraction quantitative calculation model,the quantitative calculation of the dangerous side failure probability caused by the common cause failure under the high-order redundant structure is realized.Finally,the effectiveness and superiority of the proposed model are verified by two typical redundant structures(double 2-vote-2 structure and 3-vote-2 structure)of the train control system.(3)To solve the problem that the input parameters are not completely certain in the PFH calculation model,hardware SIL verification method combining Monte Carlo analysis and fuzzy theory is proposed.Firstly,based on the Monte Carlo analysis method,the hardware SIL verification method when the input parameters of the train control system are certain is given.Based on the conservative degree of the evaluation conclusion,the recommended distribution of each input parameter in hardware SIL verification is proposed.Furthermore,based on the fuzzy theory,the PFH trapezoidal fuzzy number calculation model of the train control system is established.Through the fuzzy operation and fuzzy measure theory,the possibility measure and inevitability measure method of hardware SIL verification are established.By studying the distribution of PFH fuzzy numbers,a SIL compliance probability calculation method is proposed,which can be used to the hardware SIL verification when the input parameters are completely uncertain.Then,considering the possible incomplete certain of input parameters,a hardware SIL verification method for PFH fuzzy numbers driven by Monte Carlo sampling is proposed,and two SIL verification methods(unfuzzification verification and average fuzzy number verification)are provided.Finally,the effectiveness of the proposed hardware SIL verification method is illustrated by an example application,and the degree of conservation of different measurement methods is obtained by comparing the two verification methods.