| With the traffic and environmental problems becoming increasingly prominent,and the regional economic integration developing rapidly,rail traffic is ushering in a new phase of fast progress,and higher demand of rail signalling system safety and reliability are requested.As the core of onboard and ground equipments in rail signalling system,vital computer plays an important role in guaranteeing safe and efficient operation of the train.Thus,the structure design of vital computer is particularly crucial to the research and development of rail signalling system.Taking safety and reliability as optimization objects and vital computer as application object,based on the analysis of several existing basic redundancy structures,this paper makes improvement on safety redundancy structure in light of the increasing requirements for vital computer performance and the thriving of research on rail signalling system in many countries.Firstly,according to analysis on principles and methods of safety and reliability,quantitative analysis methods of safety and reliability based on Markov model are extended,into which elements of fault detection,fault repairing and CCF are integrated,for the study on safety index PFH and reliability indices failure rate and reliability.And the accuracy of the extened Markov methods presented have been verified by taking several basic structures,such as two out of two and two out of three,as examples.Secondly,according to the characteristics and requirements of safety redundancy structure,a design scheme of a multi-multi-channel structure,which is composed of multiple subsystems with each subsystem consisting of multiple heterogeneous channels is proposed.Afterwords,focusing on the structure of a single subsystem,a "two out of two with a hot standby"structure is proposed,which is composed of two command channels and a hot standby channel,combining the advantages of the two out of three and two out of two structures.The superior comprehensive performances of the "two out of two with a hot standby"structure are proved by comparative analysis on PFH and failure rate between the proposed structure and the basic redundancy structures respectively using the extended Markov methods.And the equivalent performance parameters of a subsystem including equivalent diagnostic coverage and equivalent failure detection rate are derived for study on performance of the overall system.Then,aiming at the holistic safety redundancy structure,with a subsystem considered as a complete unit,the parallel and hot standby structures of dual-subsystem and triple-subsystem are preliminarily determined by qualitative analysis.PFH,failure rate and reliability are calculated from the equivalent performance parameters through the extended Markov methods.By comparing the system performance and subsystem average performance of the four structures respectively,it is discovered that the dual-subsystem parallel structure and the dual-subsystem hot standby structure have superiorities in reliability and safety respectively,with their integrative performances being approximate,which are superior to that of the triple-subsystem structures.With the dual-subsystem parallel structrue adopted tentatively,a "dual two out of two with a hot standby" structure is finalized.Finally,based on the improved safety redundancy structure,work modes of the channel and subsystem,as well as fault tolerant and safety management mechanism of the subsystem and the whole system are proposed.With single "two out of two with a hot standby" structure as an example,the timed automata of single-system fault tolerant and safety management mechanism is built by UPPAAL and simulated.Through verifying accessibility,activity and safety,the rationality of the mechanism is proved.On this basis,simulation design of the vital computer is made,further verifying the rationality of the fault tolerant and safety management mechanism of single "two out of two with a hot standby" is realized. |
PDF Full Text Request