"The best way to predict the future is to create it." - Peter Drucker   

Main menu

Return to Main Page

· About Association
· Events
· Statute of Association

Editorial staff
· About us
· Contact

· Transport

· Telematics dictionary
· Events
· Links
· Download



Artykuły :: Transport :: Conference papers

The modeling of multicomputer structure in railway control applications
2007-06-01 12:32:18

The integrated railway system with respect to ERTMS project may be decomposed to some subsystems (for example interlocking, dispatcher and automatic train protection control) presented on Fig.1. The ERTMS system may be treated as conjunction of tree subsystems. The safety of the systems is defined as acceptable level of risk. The CENELEC approach [5] introduces the probability of fail-safe work (including state of correct operation and state of controlled failures). Such philosophy is related to Table 1, where acceptable level of risk – one dangerous accident per year in whole UE railways – corresponds to appropriate failure rates of subsystems, devices, modules and components.

Integrated Railway
Fig.1. Integrated Railway

Table 1. The risk and reliability of railway systems

The risk and reliability of railway systems

The rough analysis of simple three states Markov model [3, 5], allows to estimate:
• the probability of dangerous (catastrophic) failure :


where λ is a failure rate, pFS is a probability of controlled failure with respect to all failures, and 1/μd is a time of return after catastrophic failure,

• the mean time to dangerous, catastrophic failure tF:


The estimation of model towards communication between elementary computers in the system we can estimate:
• the mean time of waiting for service of income messages (including message master or supervisory subsystems) tw :


where λ’ is a intensity of messages, 1/μ' is a time of service.

Such analysis for composed systems is rather sophisticated, because the Markov models regard the many states corresponding to all possible combination of failures in the subsystem.

The paper presents the method of verification the assumption from Table 1: how safety of components has an influence to safety of modules, subsystems and systems.

The Fig.2 shows typical TMR structure of interlocking computer. The state 0 corresponds to correct work of three coupled computers, the state 12, 11 and 2 structures with one, two and three failed computers. The state 3 correspond to fail-safe reaction of the failure of first and second computer in the structure. The state with index correspond to waiting for service of message [2, 8].

Typical TMR structure
Fig.2. Typical TMR structure

Using Matlab software for MC simulation [1, 4, 7], we can obtain the results of safety system (assume typical value of failure rate λ=10-6h-1, μ=10-1h, λ1=3*10-3h-1, μ1=2,7*10-2h ) in the form from Fig.2, (Fig.3):
• the safety (1-PF) is better than 0,987
• time tF is approximately equal to: t'/PF where t’ is a time of stable value PF

The window of Matlab software for MC simulation
Fig. 3. The window of Matlab software for MC simulation

• time tw require another simulation, for this example the results of NS environment give values less than 20ms [4]

The Fig.4 shows the duplex structure of dispatcher center. The basis safety parameters may be evaluated using analytical methods [3, 5, 7, 9].

Duplex structure of dispatcher center

Fig.4. Duplex structure of dispatcher center

Detailed analysis of model from Fig.4 using Mathematica software give the fallowing result:
• probability PF


• time tF


• time tw


Assuming: p=1−10-6, λ=10-5h-1, μ =10-1h, λ2=50s-1, μ2=100s-1 and pr=0.99 the value P2 is nearest 9,99e-6, time tF is better than 0.99*109h and time tw is nearest 20,4ms. (It’s mean that such delay less than 20ms is assured when mean time of service is 0.01s and intensity of incoming messages is higher than 50 per/sec).

The two presented systems may be cooperate according to the model has from Fig.5, where state 02 and 20 correspond to catastrophic failure of subsystem I (dispatcher) and II (interlocking).

Multistate structure

Fig. 5. Multistate structure

For model presented on Fig.5 we can calculate the probability to be in the states:


Using matrix method [9], we can calculate time tw and tF. The evaluation of time tw requires additional analysis of models with queues and delays [4].

In the simple case we have serial parallel structure where the probability PF, time tF and time tw may be estimated [5]. For serial structure:


for parallel structure [3]:


For complex structure multi-state models are necessary. Presented simulation and analytical methods solution are require for assessment of new systems in design or laboratory. Obtain results may be verify by test on real systems. Based on computers simulation it is possible to determine the limits of system corresponding to railway traffic and real parameters [6].


[1] DUBI A., ”Monte Carlo application in system engineering”, John Wiley & Sons, Ltd, England 2000.
[2] GROCHOWSKI L. „Rozproszone systemy informatyczne”, Dom Wydawniczy ELIPSA, Warszawa 2003, (in Polish).
[3] JAĹšWIŃSKI J., WAĹťYŃSKA-FIOK K., „Bezpieczeństwo systemĂłw”, PWN Warszawa 1993, (in Polish).
[4] LEWINŃSKI A, PERZYŃSKI T., „The delay analysis in dissipated railway management and control systems”, V Konferencja Naukowa Telematyka SystemĂłw Transportowych Katowice – Ustron, TST 2005.
[5] LEWIŃSKI A., „Problemy oprogramowania bezpiecznych systemĂłw komputerowych w zastosowaniach transportu kolejowego”, Seria Monografie Nr 49, Wydawnictwo Politechniki Radomskiej, Radom, 2001, (in Polish).
[6] LEWIŃSKI A., SOKOŁOWSKA L.: „The simulation of computer networks for railway control and management ”, IV Konferencja Naukowa Telematyka SystemĂłw Transportowych, Katowice – Ustron, TST 2004.
[7] LEWIŃSKI A., PERZYŃSKI T., „Modelowanie bezpiecznych systemĂłw w sterowaniu ruchem kolejowym” materiały konferencji naukowej TRANSCOMP, Zakopane 2005, (in Polish).
[8] PERZYŃSKI T., „Niezawodność współczesnych systemĂłw komputerowych”. II Konferencja Naukowa „Zintegrowane środowisko usług dostepnych w Internecie”, WSB Radom 2005, (in Polish).
[9] ZAMOJSKI W. (red), „Niezawodność i eksploatacja systemĂłw”, Wydawnictwo Politechniki Wrocławskiej, Wrocław 1981, (in Polish).

Faculty of Transport, Technical University of Radom

Log In



Sign Up

Forgot password

New articles