Safety as the key quality property among RAMS (reliability, availability, maintainability, and safety) demonstrates the most stringent performance in correspondence with the safety requirements and performance standards like EN 50126. Meanwhile, GNSS (Global Navigation Satellite Systems) are penetrating the railway now widely in non-safety related applications as passenger information, fleet management, etc. GNSS also have great potential for safety-related applications in railway such as the train location determination function, which the safety performance needs to be assured through hazard analysis and risk assessment process.
The train location determination by satellite-based localization system is elevating the train control to the next level. The European Train Control System (ETCS) has being trying to implementing Level 3, the Chinese Train Control System (CTCS) has been implementing CTCS Level 3 low cost especially for secondary lines, and the U.S. is implementing train control systems under Positive Train Control (PTC) requirements. The train control system needs GNSS to provide more accurate location information of trains, more flexible and condensed trains on tracks with the consistency of still keeping the current safety level or even improve safety.
Some researchers are trying to understand the performance of GNSS (GPS / EGNOS / Beidou) for railway applications from the fundamental accuracy level. A satellite-based train localization unit (SaLuT) as the entity to perform the train location determination function is to bring the GNSS accuracy evaluation up to safety integrity according to the safety requirements and standards for risk assessment. One of the key consequential result derived from the train location is the adequate safety margin. The safety margin, which can also be called as “safe braking distance”, is a margin indicated to rail traffic that would allow the train to stop with the application of normal service braking. The safety margin estimation quality and the risk of the safety margin shows the hazard rate for the safety margin estimation function performed by the designed localization unit SaLuT.
This paper discusses the safety margin estimation method considering both GNSS accuracy and integrity assessment aspects of SaLuT, in accordance of the settled safety requirements of location determination function. To analyze the hazard of the safety margin estimation, a formal method is applied to model the SaLuT behavior and functions. The formal method based on stochastic Petri net enables the modeling process to include the GNSS receiver collected real data on the test track into it. The safety margin estimation method together with the risk assessment method using the real data can generate quantitative indicators to represent the localization function and safety margin estimation quality. The data used for the analysis is collected in the Qinghai-Tibet railway line from Golmud station to Ganlong station by SaLuT installed on a locomotive along the track. With the stochastic Petri net model and the systematic equation using the real collected data to estimate the safety margin based on the GNSS technologies, the SaLuT can be validated and verified for its hazard rates, which provides information for the safety cases in order to meet the industrial normative requirements.
Modeling and verification of train departure scenario for next generation train control system
