Research On Hardware Safety Integrity Estimation Methods Of Railway Signal Safety-Related System

EN 50129 is the first European standard to define requirements for the acceptance and approval of safety-related electronic systems in the field of railway signaling field.The relevant concepts and definitions of safety integrity in this standard basically inherit the International Functional Safety Standard IEC 61508,the latter mainly gives the requirements and regulations of "structural constraints of hardware safety integrity"and "calculation of failure probability of safety function caused by random hardware failure(target failure quantity)" for the quantitative prediction of hardware safety integrity,but there are some problems when it is applied to railway signal safety related system.firstly,the system which is usually aimed by IEC 61508 is mainly used in the field of industrial process control to realize the function of safety protection.Such system is significantly different from the railway signal safety-related system integrating control and safety assurance oriented by EN 50129,This makes the calculation formulas of target failure quantity in IEC 61508 are not fully applicable to the prediction of hardware safety integrity of railway signal safety related system.secondly,the parameter uncertainty caused by the lack of reliability parameter data and insufficient feedback of field failure data has become the main reason affecting the hardware safety integrity estimation of railway signal safety-related system,but Route 1H of structural constraints does not require uncertainty,although Route 2H stipulates the analysis of the uncertainty of failure data and the measurement of the confidence of target results,it does not give a specific and operable implementation method.Based on this,on the basis of consulting the research literature in related fields at home and abroad,this paper discusses the quantitative estimation methods of hardware safety integrity,quantitative evaluation method of common cause failure,uncertainty analysis method and so on.On the one hand,the differences between IEC 61508 and EN 50129 in safety-related systems are studied and analyzed,such as structure,functions implemented and dangerous side judgment,then the applicability of the quantitative formula of target failure quantity provided by IEC 61508 in railway signal safety-related system is analyzed.On the other hand,the quantitative model of target failure quantity of common redundant structures in railway signal safety-related system are constructed,and the estimation method of common cause failure factor under the influence of cognitive uncertainty is studied.Finally,the estimation methods of hardware safety integrity under the influence of parameter uncertainty is proposed.The main achievements and innovations of this paper are as follows(1)In view of the fact that most literatures have not studied the applicability of the target failure calculation formula provided by IEC 61508.Firstly,this paper discusses the shortcomings and limitations of some concepts and definitions of hardware safety integrity in IEC 61508,such as operation mode decision,target failure quantity PFH,structural constraint,etc.Secondly,the differences between the safety-related system oriented by IEC 61508(system S1)and railway signal safety-related system oriented by EN 50129(system S2)are compared one by one from four aspects:the characteristics of system safety-related functions,the boundary and object characteristics of system functions,the ways and strategies to realize safety assurance,and the principle of dangerous failure judgment,the differences between the system S1 and system S2 are analyzed.Finally,it focuses on the differences of the effects of loo2 and 2oo2,the two most representative redundant structures,on the safety of the two systems,and it also provides the evaluation basis for the applicability of the target failure quantity calculation formula recommended in IEC 61508 on railway signal safety-related systems.(2)In order to solve the problems of cumbersomeness process and difficult calculation of complex redundant system's safety model constructed by traditional methods,a THR quantitative model based on dynamic fault tree is proposed,and three common redundancy structures,hot standby(loo2),double 2-vote-2(2×2oo2)and 2 out of 3(2oo3)in railway signal safety-related system are constructed by using this method,then the THR calculation formula of each structure is obtained.At the same time,in view of the limitation of the existing sensitivity analysis method that only one parameter is allowed to change at a time,a sensitivity analysis method based on grey correlation is proposed,which provides an effective quantitative evaluation strategy for the sensitivity determination of mutual influencing parameters.(3)In order to solve the problem of cognitive uncertainty caused by the subjectivity of analysts' ratings in the process of ? factor determination,a ? factor estimation method based on D-S evidence theory is raised.The method uses the Basic Probability Assignment function of evidence theory to express the trust degree of experts in different value intervals of factor ?,and uses evidence synthesis rules to fuse the evaluation opinions of different experts,which effectively reduces the impact of cognitive uncertainty on the ? factor estimation results.At the same time,in view of the problem that the traditional evidence synthesis rules may cause the results contrary to intuition when synthesizing evidence,this paper proposes an evidence theory synthesis method based on improved discount coefficient.The example results show that the proposed method is superior to the traditional evidence synthesis method and can quickly converge to the identified target primitives.(4)Aiming at the problem of the influence of parameter uncertainty on hardware safety integrity estimation results,firstly,a method of hardware safety integrity prediction based on Monte Carlo analysis is proposed to solve the uncertainty problem of known-type of parameter probability distribution.The SIL of the structure is determined by 95%confidence of the result,which effectively makes up for the defect of single fixed result without considering the influence of uncertain factors.Secondly,for the Monte Carlo analysis is difficult to deal with the uncertainty of unknown type of parameter probability distribution,a hardware safety integrity estimation method based on fuzzy number is proposed.At the same time,considering the shortcomings and limitations of traditional fuzzy result evaluation methods,such as reintroducing cognitive uncertainty and evaluating fuzzy results without considering confidence,a fuzzy result evaluation method based on measure theory and compliance probability is proposed.The example shows that the proposed method is effective and the fuzzy evaluation result is more conservative than that of Monte Carlo analysis.Finally,aiming at the problem that membership function of fuzzy number may be difficult to determine,a hardware safety integrity prediction method based on interval number is proposed.NSG possibility degree method is used to calculate the results to meet the possibility degree of different SIL.Then an example is given to prove that interval number is more suitable for hardware safety integrity prediction under the influence of high uncertainty.