With the rapid development of railway enterprise in China,train's speed has been constantly improved and the departure interval has become shorter and shorter. Train control system has played a vital role in ensuring the safety of the train,improving the operational efficiency,satisfying the punctuality and comfort of passenger's transportation and so on.ATP subsystem directly guarantees the safety of the train,the safety and reliability of which are getting more and more concerned.However with the development of computer technology and the application of large-scale software,Functionality requirements have increased because of the many benefits of computer-based control and the availability of inexpensive yet powerful computing hardware.Software testing and verification have become more and more difficult.Errors and bugs of software have become the major causes of the system failure.The safety technology,which is researched in the paper,comes into being just under such a background.It admits that there are errors and bugs in software,by means of verifying the commands that application software sends to safety related devices,to avoid sending dangerous commands to safety critical devices and guarantee the safety of the system.First in this paper,the similarity and difference between safety and reliability are analyzed.Then the theory and methodology of the safety technology are researched, including safety kernel and safety shell technology.By comparison,it's believed that safety kernel is more suitable for the on-board devices,but some real-time concepts from safety shell should be added to enhance the timing constraints of safety kernel. After that safety kernel is studied in aspects of safety,transparency,isolation,generality and the safety of itself,and the concepts of construction of multi-layered reflection mechanism and the separation of safety strategy is proposed respectively.Next taking VxWorks operation system for example,the software structure,control and management of I/O system of VxWorks have been analyzed in this paper.In the overall structure of the software system,safety kernel is placed between application software and operation system,and is divided into several parts according to the requirement of safety kernel in ATP,that are safety agency,safety verification,safety monitor and safety recording.One focus of the paper is the generation of safety strategy of the safety kernel.In the paper,taking train's door protection,mode change and break protection of the train for example,the safety strategies are generated manually and the generating methods and steps of safety strategy are illustrated.Then the safety strategies are verified with SMV (Symbolic Model Verification) tools,proving the safety of the model that designed.Last in the laboratory environment,a simulation and test system is created,and then the functions of safety kernel in on-board devices mentioned above,are realized.The test cases are carried out one by one.The results indicate that the safety kernel designed in the paper is feasible and workable,meeting the design requirements. |