Reliability And Safety Of Double2-vote-2Redundancy System

As the rapid development of railway in China, new technology such ashigh-speed railway and electric multiple units have been put intoapplications, which largely increase the amount of railway signaltransmission and raise higher demands to reliability and safety of railwaysignal equipment. Computer interlocking system, the core part of railwaysignal equipment, controls signal lights, turnouts and track circuit to realizethe interlocking relationship between them. To ensure the reliability andsafety, double two-vote-two redundancy structure is widely adopted in thecomputer interlocking system of China. European standard series EN50126has been internationally recognized as the authoritative standard in the fieldof railway signaling equipment, and the advanced reliability and safetytheory and technology in it gradually begin to be received by the domesticresearch institutes and equipment manufacturers. Hefei Gocom Information&Technology Co. Ltd closely follows the standard series EN50126, designsand develops computer interlocking system which meets Safety IntegrityLevel (SIL)4.In the thesis, main research is focused on the followings:1. According to standard series EN50126, thesis designs and developscomputer interlocking system which meets SIL4from the full range aspectsof system composition, such as system components, regional interlockfunction, redundant structural design, safety principle of2-vote-2, cabinetlayout and electronic interface module. Based on hardware circuit FMEDAanalysis, the failure rate and nondiagnostic dangerous failure rate of singleboard are calculated.2. Thesis analyzed the reliability and safety of double two-vote-two redundancy structure by Markov process which considered comparator andswitch module failures. Compared with each element of failure, thesis madethe conclusion that the failures of computing and switch module have agreater impact on reliability, while diagnostic coverage and comparatorfailure have the same impact on safety. Compared with triple modularredundancy and double hot-spare structure, double2-vote-2redundancystructure would reach the highest level of safety at the expense of somereliability.3. Considering the problem that increasing states of Markov processwould cause state transition diagram more and more complicated, thesiscarried out the dynamic fault tree of double2-vote-2redundancy structureand the processes of module division and the solution of static and dynamicsub-tree.