[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

EP0796779B1 - Method for the control and the safety of a guided transport system - Google Patents

Method for the control and the safety of a guided transport system Download PDF

Info

Publication number
EP0796779B1
EP0796779B1 EP96104501A EP96104501A EP0796779B1 EP 0796779 B1 EP0796779 B1 EP 0796779B1 EP 96104501 A EP96104501 A EP 96104501A EP 96104501 A EP96104501 A EP 96104501A EP 0796779 B1 EP0796779 B1 EP 0796779B1
Authority
EP
European Patent Office
Prior art keywords
track
data
event
events
assigned
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP96104501A
Other languages
German (de)
French (fr)
Other versions
EP0796779A1 (en
Inventor
Markus Dr. Montigel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Alcatel CIT SA
Alcatel SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel CIT SA, Alcatel SA filed Critical Alcatel CIT SA
Priority to AT96104501T priority Critical patent/ATE232482T1/en
Priority to DE59610130T priority patent/DE59610130D1/en
Priority to EP96104501A priority patent/EP0796779B1/en
Publication of EP0796779A1 publication Critical patent/EP0796779A1/en
Application granted granted Critical
Publication of EP0796779B1 publication Critical patent/EP0796779B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L21/00Station blocking between signal boxes in one yard
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/60Testing or simulation

Definitions

  • the invention relates to a method according to the preamble of Claim 1.
  • the types of solutions used for system control and - Securing is based on track elements with neighboring relationships, provided with train speed data to form a Route either via geographic circuits with each other linked and then saved, or accordingly a prepared route that represents the route to be set List one after the other on their occupancy status and their current Setting checked and, if necessary, after switching to a predetermined location, be secured.
  • the method proposed there is based on close dependencies and initially refrains from formulating Safety conditions. It becomes a model of the states and Events of the system that developed the formulation of allowed illegal states and events on a local basis, i.e. no distant dependencies need to be considered.
  • the requirements for the security system are not direct described, but the behavior of the system including the itself vehicles moving in it is modeled as such, like if there was no security level.
  • the in the Security level to implement security conditions then result as consequences of the modeled System Properties.
  • the security system always contains an image of everyone States of the overall system as well as the rules as from the current one State all subsequent states can be calculated. in the another is an algorithm (so-called eunomic algorithm) implemented that every time a controllable event to be triggered, the set of all possible, by following subsequent states caused by uncontrollable events calculated and then examined whether they have one or more contains illegal states.
  • eunomic algorithm implemented that every time a controllable event to be triggered, the set of all possible, by following subsequent states caused by uncontrollable events calculated and then examined whether they have one or more contains illegal states.
  • Claim 4 relates to the representation of transport units Help of sequences of occupied track sections.
  • Fig. 1 is the structure of the data processing system with the Help the method according to the invention is carried out, shown.
  • the figure shows two levels, which - separately from each other - the control or the securing of the outdoor area forming track network including the existing switches, Signals, signaling devices and the one using the track network Trains serve.
  • the main functions of the security level and the control level are shown in the figure.
  • Fig. 2 gives an overview of the creation of the data for the Assurance level.
  • a general Petri network e.g. a predicate / transition network
  • the one includes formal specification of the system type from which over the network available information is created and based on consistency and correct Checked syntax.
  • the special Track topology data e.g. in the form of colon graphs can be present with the help of a suitable deployment tool unfolds, whereby a special Petri net, e.g.
  • An edge is defined that leads from the predicate pred to the transition trans or vice versa.
  • pred is a precondition
  • postcondition of trans is a precondition
  • solutions for condition are sought for each transitional copy of trans.
  • Each such solution then creates a copy of the edge of this type in the Petri net specially made for a track topology.
  • Colon graphs are used to represent the track topology
  • variable assignments are taken from the Object set of the track topology so that the condition ⁇ transcondition> becomes true. Each such variable assignment results in a transition instance. For each Transition specimen are searched for all edges so that the edge conditions are true with the corresponding variable assignment.
  • the runtime system leads the special to the corresponding track topology belonging to Petri nets. It contains an implementation of the EUNOMIC Algorithm,
  • Algorithm that is started when an uncontrollable event that cannot be assumed arrives and looks for an emergency dependency in the set of controllable events that prevents the occurrence of impermissible follow-up events.
  • the algorithm is formulated in Objective-C.
  • the switch loses its defined end position (uncontrollable, but usually not event to be assumed). This threatens a state in which the Switzerlandspitze of the approaching train is on a switch, that has no defined end position (edg_crash). To do this prevent, the above algorithm is started. He examines the Predecessor set of the event “edg_crash” and finds the Emergency dependency "reset_signal - head”. Then that will Event "reset_signal triggered that the main signal on hold throws.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Train Traffic Observation, Control, And Security (AREA)
  • Control Of Position, Course, Altitude, Or Attitude Of Moving Bodies (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The method involves storage in formal language of a model of all foreseeable network states and events. Type-related dynamic data are represented in the form of Petri nets or their derivatives, and example-related static track network data in the form of double-vertex graphs. A first algorithm computes all possible sequence states and prevents triggering of a verifiable event when a forbidden state is involved. A second algorithm is brought in when an unacceptable event occurs, triggering verifiable events when these reduce the expected number of consequential forbidden states.

Description

Die Erfindung betrifft ein Verfahren gemäß dem Oberbegriff des Patentanspruchs 1.The invention relates to a method according to the preamble of Claim 1.

Ein solches Verfahren ist aus der Dissertationsschrift von M. Montigel "Modellierung und Gewährleistung von Abhängigkeiten in Eisenbahnsicherungsanlagen", vorgelegt 1994 an der Eidgenössischen Technischen Hochschule, Zürich (DISS.ETH Nr. 10776) bekannt.Such a procedure is from the dissertation from M. Montigel "Modeling and ensuring dependencies in Railway safety systems ", submitted in 1994 to the Federal Technical University, Zurich (DISS.ETH No. 10776) known.

Es soll die heute verwendeten Verfahren der Steuerung und Sicherung spurgeführter Transportsysteme, insbesondere der Eisenbahnnetze ersetzen und darüberhinaus die Planung und wirtschaftliche Nutzung solcher Transportsysteme auf eine völlig neue Art und Weise unterstützen.It is intended to control and secure the methods used today Track-guided transport systems, especially railway networks replace and also planning and economic use transport systems in a completely new way support.

Die heute verwendeten Lösungsarten zur Systemsteuerung und -Sicherung stützen sich auf Gleiselemente mit Nachbarbeziehungen, versehen mit Zuggeschwindigkeitsdaten, die zur Bildung einer Fahrstraße entweder über geographische Stromkreise miteinander verknüpft und anschließend gesichert werden, oder entsprechend einer vorbereiteten, die einzustellende Fahrstraße wiedergebenden Liste nacheinander auf ihren Belegungszustand und ihre aktuelle Einstellung hin geprüft und, ggf. nach Umstellung in eine vorgegebene Lage, gesichert werden.The types of solutions used for system control and - Securing is based on track elements with neighboring relationships, provided with train speed data to form a Route either via geographic circuits with each other linked and then saved, or accordingly a prepared route that represents the route to be set List one after the other on their occupancy status and their current Setting checked and, if necessary, after switching to a predetermined location, be secured.

Diese Lösungen sind unbefriedigend im Hinblick auf eine Behandlung des Systems mit formalen Methoden. Das Konstrukt Gleiselement, von dem es relativ viele Basistypen gibt, ist hierzu noch zu komplex.These solutions are unsatisfactory in terms of treatment of the system using formal methods. The construct track element, by which there are relatively many basic types is still too complex for this.

Die o.g. Dissertation sieht deshalb die Darstellung des Gleisnetzes mit Hilfe von Doppelpunktgraphen vor, welche gegenüber einer Darstellung mit einfachen gerichteten Graphen den Vorteil hat, daß keine unnatürliche Auszeichung einer Fahrtrichtung erfolgt (was bei Gleisdreiecken und Wendeschleifen zu Problemen führt), und daß topologische Besonderheiten besser berücksichtigt werden können, beispielsweise Spitzkehren auf Weichen von vornherein nicht möglich sind, somit nicht extra ausgeschlossen werden müssen.The above The dissertation therefore sees the representation of the rail network with the help of colon graphs, which are compared to a Representation with simple directed graphs has the advantage that there is no unnatural marking of a direction of travel (which is the case with Track triangles and turning loops lead to problems), and that topological peculiarities can be better taken into account For example, hairpin bends on switches are not possible from the start are, therefore do not have to be excluded.

In der eingangs angegebenen Dissertation wird das System Eisenbahnsicherung als verteiltes diskretes Ereignissystem verstanden, das mit Hilfe formaler Sprachen als logisches Datenmodell wiedergegeben werden kann, wobei einzelne Datenbereiche wie eingangs angegeben repräsentiert sind.In the dissertation mentioned at the beginning, the system Railway protection as a distributed, discrete event system understood that with the help of formal languages as logical Data model can be reproduced, with individual data areas are represented as stated at the beginning.

Die dort vorgeschlagene Methode beruht auf nahen Abhängigkeiten und verzichtet zunächst auf die Formulierung von Sicherheitsbedingungen. Es wird ein Modell der Zustände und Ereignisse des Systems entwickelt, das die Formulierung von unzulässigen Zuständen und Ereignissen auf lokaler Basis erlaubt, d.h. es brauchen keine fernen Abhängigkeiten betrachtet zu werden. Die Anforderungen an das Sicherungssystem werden nicht direkt beschrieben, sondern das Verhalten des Systems inklusive der sich darin fortbewegenden Fahrzeuge wird als solches modelliert, wie wenn keine Sicherungsebene vorhanden wäre. Die in der Sicherheitsebene zu implementierenden Sicherheitsbedingungen ergeben sich dann als Konsequenzen der modellierten Systemeigenschaften.The method proposed there is based on close dependencies and initially refrains from formulating Safety conditions. It becomes a model of the states and Events of the system that developed the formulation of allowed illegal states and events on a local basis, i.e. no distant dependencies need to be considered. The requirements for the security system are not direct described, but the behavior of the system including the itself vehicles moving in it is modeled as such, like if there was no security level. The in the Security level to implement security conditions then result as consequences of the modeled System Properties.

Statt, wie sonst üblich, im Sicherungssystem die Sicherheitsbedingungen explizit zu implementieren, wird eine Repräsentation aller für die betriebliche Sicherheit für relevant gehaltenen Zustände und Ereignisse entwickelt, insbesondere auch solcher, die aus Sicherheitsgründen als unzulässig betrachtet werden. Die Ereignisse werden in kontrollierbare und unkontrollierbare aufgeteilt. Ein Ereignis heißt genau dann kontrollierbar, wenn in jedem beliebigen Systemzustand die Freiheit besteht, dieses am Eintreffen zu hindern, andernfalls heißt das Ereignis unkontrollierbar.Instead of, as usual, in the security system Implementing security conditions explicitly becomes one Representation of all relevant for operational security held states and events developed, especially those that are considered inadmissible for security reasons become. Events are in controllable and split uncontrollable. An event is called exactly then controllable if freedom in any system state exists to prevent it from arriving, otherwise it means Event uncontrollable.

Zur Laufzeit enthält das Sicherungssystem stets ein Abbild aller Zustände des Gesamtsystems sowie die Regeln, wie aus dem aktuellen Zustand sämtliche Folgezustände berechnet werden können. Im weiteren ist ein Algorithmus (sog. Eunomischer Algorithmus) implementiert, der jedesmal, wenn ein kontrollierbares Ereignis ausgelöst werden soll, die Menge aller möglichen, durch Folgen von unkontrollierbaren Ereignissen hervorgerufenen Folgezustände berechnet und daraufhin untersucht, ob sie einen oder mehrere unzulässige Zustände enthält.At runtime, the security system always contains an image of everyone States of the overall system as well as the rules as from the current one State all subsequent states can be calculated. in the another is an algorithm (so-called eunomic algorithm) implemented that every time a controllable event to be triggered, the set of all possible, by following subsequent states caused by uncontrollable events calculated and then examined whether they have one or more contains illegal states.

Um die große Anzahl Zustände platzsparend im System darstellen zu können, wurde eine verteilte Repräsentation mit Petri-Netzen gewählt. So können mit n binären Stellen oder Bedingungen 2n Zustände dargestellt werden. Der oben erwähnte Algorithmus, der die Zulässigkeit eines kontrollierbaren Ereignisses prüft, berechnet dann nicht wirklich die Menge der unkontrollierbar erreichbaren Folgezustände, da diese viel zu umfangreich wäre, sondern er klärt lediglich die Herleitbarkeit jeder einzelnen Stelle bzw. jedes einzelnen Ereignisses einzeln (nicht in Kombination) ab. Es kann gezeigt werden, daß jeder erreichbare Zustand bzw. jedes erreichbare Ereignis herleitbar im obigen Sinne ist, so daß kein unzulässiger Zustand erreicht werden kann, wenn die entsprechenden Stellen nicht herleitbar sind.In order to be able to represent the large number of states in the system in a space-saving manner, a distributed representation with Petri nets was chosen. In this way, 2 n states can be represented with n binary digits or conditions. The algorithm mentioned above, which checks the admissibility of a controllable event, does not really calculate the amount of subsequent states that can be reached in an uncontrollable manner, since this would be far too extensive, but only clarifies the derivability of each individual location or event individually (not in combination ). It can be shown that every achievable state or event can be derived in the above sense, so that an inadmissible state cannot be reached if the corresponding points cannot be derived.

Der Entwicklungsprozess eines Sicherungssystems gestaltet sich bei dem in der Dissertation wiedergegebenen Verfahren wie folgt:

  • Schrittweises Entwickeln eines formalen Modells der Sicherungsebene des Transportsystems auf der Ebene eines Systemtyps (z.B. System für ein bestimmtes Transportsystem oder eine bestimmte Bahnverwaltung) in Form eines Predicate/Transition-Netzes. Dieses Modell beschreibt die Zustände und Zustandsübergänge der Sicherungsebene und ist unabhängig von den zu sichernden Gleisnetzen. Wenn für dasselbe oder ein ähnliches Transportsystem bereits früher ein Modell erarbeitet wurde, können die dort definierten allgemeinen Systemeigenschaften für das neue Modell übernommen werden.
  • Erstellen der Spezifikationen der zu sichernden Gleisnetze (Daten der Systemexemplare)
  • Durchführen eines automatisierten sogenannten Entfaltungsprozesses mittels Entfaltungstools:
    • Syntax-, Typen- und Plausibilitätsprüfung des Typ-Modells
    • Vorbereitung des Typ-Modells für den eigentlichen Entfaltungsprozess
    • Erzeugung von symbolischen Schnittstellen für die von der Sicherungsebene abhängigen Ebenen (Steuerungsebene, Hardware-Interface-Ebene etc.)
    • Herstellen eines interpretier- oder ausführbaren formalen Modells für die Systemexemplare (eigentliche Entfaltung):
    • Für jeden allgemein beschriebenen Zustand und
    • Zustandsübergang im abstrakten Typmodell werden alle konkreten Instanzen gesucht, die sich aus den Exemplardaten ergeben. Resultat ist ein Condition/Event-Netz, daß das entsprechende Systemexemplar beschreibt. Jeder Knoten des Netzes besitzt einen eindeutigen Namen, der sich aus dem Namen des entsprechenden abstrakten Knotens und den Namen der konkreten Objekte des Gleisnetzes zusammensetzt, auf die er sich bezieht.
    • Überprüfen des formalen Exemplar-Modells mit einem Laufzeitsystem für Condition/Event-Netze. Dieses System enthält eine Implementation des o.g. Eunomischen Algorithmus, der die Zulässigkeit von kontrollierbaren Ereignissen überwacht. In der o.g. Dissertation wurden die von der Sicherungsebene abhängigen Ebenen (Außenanlage, Steuerungsebene etc.) mit interaktiven Tools simuliert. Die Sicherungsebene kann sowohl auf hohem Abstraktionsniveau (Simulation von Zügen) wie auch auf dem Detailniveau (Betrachtung einzelner Knoten des Condition/Event-Netzes) simuliert werden.
The development process of a security system is as follows in the procedure described in the dissertation:
  • Step-by-step development of a formal model of the security level of the transport system at the level of a system type (e.g. system for a specific transport system or a specific railway administration) in the form of a predicate / transition network. This model describes the states and state transitions of the security level and is independent of the track networks to be secured. If a model has already been developed for the same or a similar transport system, the general system properties defined there can be adopted for the new model.
  • Creation of the specifications of the track networks to be secured (data of the system copies)
  • Carrying out an automated so-called unfolding process using unfolding tools:
    • Syntax, type and plausibility check of the type model
    • Preparation of the type model for the actual development process
    • Generation of symbolic interfaces for the levels dependent on the security level (control level, hardware interface level etc.)
    • Creating an interpretable or executable formal model for the system copies (actual development):
    • For every generally described condition and
    • State transition in the abstract type model is searched for all concrete instances that result from the instance data. The result is a condition / event network that describes the corresponding system copy. Each node of the network has a unique name, which is made up of the name of the corresponding abstract node and the names of the concrete objects of the rail network to which it refers.
    • Checking the formal copy model with a runtime system for condition / event networks. This system contains an implementation of the above-mentioned eunomical algorithm, which monitors the admissibility of controllable events. In the above-mentioned dissertation, the levels dependent on the security level (outdoor facility, control level, etc.) were simulated using interactive tools. The security level can be simulated both at a high level of abstraction (simulation of trains) and at the level of detail (consideration of individual nodes of the condition / event network).

Das in der o.g. Dissertation wiedergegebene Verfahren enthält noch kein Konzept für eine Fahrstraßenüberwachung und für verschiedene andere in Eisenbahnsteuerungssystemen heute übliche Steuerungskonzepte.The in the above Procedures reproduced in thesis still contains no concept for route monitoring and for different others common in railway control systems today Control concepts.

Es ist deshalb Aufgabe der Erfindung, eine Funktion in das bekannte Verfahren zu integrieren, die eine Überwachung eines zunächst für zulässig erachteten Fahrweges ermöglicht.It is therefore an object of the invention to have a function in the known Integrate procedures that include monitoring an initially for allowed path considered permissible.

Diese Aufgabe wird durch die im Patentanspruch 1 angegebenen Merkmale gelöst.This object is achieved by the specified in claim 1 Features resolved.

Durch die Beachtung des Eintrittes sogenannter "normalerweise nicht anzunehmender Ereignisse", also Ereignissen wie z.B. Schienenbrüchen oder Verlieren der Endlage bei Weichen, deren Berücksichtigung von Anfang an jedes Fahren in einem Gleisnetz unzulässig machen würde, mit Hilfe des zusätzlichen, sogenannten revertierten eunomischen Algorithmus lassen sich gefährliche Folgen aus solchen Ereignissen in vielen Fällen vermeiden oder wenigstens in ihrer Eintrittswahrscheinlichkeit herabsetzen.By observing the entry of so-called "normally not events to be assumed ", i.e. events such as Rail breaks or loss of the end position for switches whose Taking into account every journey in a track network from the start would make inadmissible, with the help of the additional, so-called reverted eunomic algorithm can have dangerous consequences avoid from such events in many cases or at least reduce their probability of occurrence.

Weiterbildungen des Verfahrens nach der Erfindung sind in den Unteransprüchen angegeben und betreffen weitere einzubeziehende Steuerungskonzepte.Developments of the method according to the invention are in the Subclaims specified and relate to others to be included Control concepts.

So betreffen die Ansprüche 2 und 3 den Einbezug des Geschwindigkeitsbegriffs in das Steuerungssystem, Anspruch 3 betrifft die Behandlung von Zugoperationen und die Interpretation von Abschnittsbelegungen.So claims 2 and 3 concern the inclusion of Concept of speed in the control system, claim 3 concerns the treatment of train operations and the interpretation of section assignments.

Anspruch 4 betrifft die Darstellung von Transporteinheiten mit Hilfe von Folgen von belegten Gleisabschnitten.Claim 4 relates to the representation of transport units Help of sequences of occupied track sections.

Gegenstand des Anspruchs 5, schließlich, sind der Einsatz neuer Transporteinheiten und die Erfassung von Zugtrennungen mittels Belegung und Freimeldungen von Gleisabschnitten.Subject of claim 5, finally, are the use of new ones Transport units and the detection of train separations by means of Occupancy and free notifications of track sections.

Nachfolgend soll das Verfahren nach der Erfindung anhand von Ausführungsbeispielen und mit Hilfe von vier Figuren eingehend beschrieben werden.The method according to the invention is to be described below with reference to Embodiments and detailed with the help of four figures to be discribed.

Die Figuren zeigen:

Fig. 1 -
den Aufbau der verwendeten Datenverarbeitungsanalge,
Fig. 2 -
schematisch einen Überblick über die Erstellung der Sicherungsebene,
Fig. 3 -
die Bewegung der Spitze eines Zuges in einem mit Doppelpunktgraphen dargestellten Gleisnetz,
Fig. 4 -
eine schematische Darstellung der Systemreaktion bei Eintritt eines unkontrollierbaren, normalerweise nicht anzunehmenden Ereignisses.
The figures show:
Fig. 1 -
the structure of the data processing system used,
Fig. 2 -
schematically an overview of the creation of the security level,
Fig. 3 -
the movement of the tip of a train in a track network represented by a colon graph,
Fig. 4 -
a schematic representation of the system reaction when an uncontrollable, normally unlikely event occurs.

In Fig. 1 ist der Aufbau der Datenverarbeitungsanlage mit deren Hilfe das Verfahren nach der Erfindung ausgeführt wird, dargestellt. Die Figur zeigt zwei Ebenen, die - getrennt voneinander - der Steuerung bzw. der Sicherung des die Außenanlage bildenden Gleisnetzes einschließlich der vorhandenen Weichen, Signale, Freimeldeeinrichtungen und der das Gleisnetz benutzenden Züge dienen. Die wesentlichen Funktionen der Sicherungsebene und der Steuerungsebene sind in der Figur wiedergegeben.In Fig. 1 is the structure of the data processing system with the Help the method according to the invention is carried out, shown. The figure shows two levels, which - separately from each other - the control or the securing of the outdoor area forming track network including the existing switches, Signals, signaling devices and the one using the track network Trains serve. The main functions of the security level and the control level are shown in the figure.

Fig. 2 gibt einen Überblick über die Erstellung der Daten für die Sicherungsebene. Wie aus der Figur ersichtlich, wird zunächst ein allgemeines Petri-Netz z.B. ein Predicate/Transition-Netz, das eine formale Spezifikation des Systemtyps enthält, aus den über das Netz verfügbaren Informationen erstellt und auf Konsistenz und richtige Syntax hin geprüft. Es wird dann, zusammen mit den speziellen Gleistopologiedaten, die z.B. in Form von Doppelpunktgraphen vorliegen können, mit Hilfe eines geeigneten Entfaltungswerkzeuges entfaltet, wodurch ein spezielles Petri-Netz, z.B. ein Condition/Event-Netz entsteht, das die Daten für die Sicherungsebene enthält und in dem als Laufzeitsystem ein Algorithmus (sog. eunomischer Algorithmus) anwendbar ist, der vor kontrollierbaren Ereignissen alle durch diese möglich werdenden Netzveränderungen auf ihre Zulässigkeit hin untersucht und bei zu erwartenden unzulässigen Ereignissen die Auslösung des kontrollierbaren Ereignisses verhindert. Fig. 2 gives an overview of the creation of the data for the Assurance level. As can be seen from the figure, first a general Petri network e.g. a predicate / transition network, the one includes formal specification of the system type from which over the network available information is created and based on consistency and correct Checked syntax. It will then, along with the special Track topology data, e.g. in the form of colon graphs can be present with the help of a suitable deployment tool unfolds, whereby a special Petri net, e.g. on Condition / event network that creates the data for the Contains security level and in as a runtime system Algorithm (so-called eunomic algorithm) is applicable, the before controllable events all made possible by these Grid changes examined for their admissibility and at too anticipated inadmissible events triggering the controllable event prevented.

Die anschließenden Ausführungsbeispiele beschreiben konkret die Erstellung der Sicherungsebene und die Anwendung des sogenannten revertierten eunomischen Algorithmus. The following exemplary embodiments specifically describe the Creation of the security level and the application of the so-called reverted eunomical algorithm.

I. Erstellung der SicherungsebeneI. Creation of the security level 1. Erstellen einer formalen Spezifikation des Systemtyps aus einer informalen.1. Create a formal specification of the system type from a informal.

Die Beschreibungssprache sind Predicate/Transition-Netze. Die Spezifikation enthält:

  • Transitionen
  • Prädikate
  • Kanten
  • abhängige Transitionen
The description language are predicate / transition networks. The specification includes:
  • transitions
  • predicates
  • edge
  • dependent transitions

Beispiel:Example:

Bewegung einer Zugspitze über das Gleisnetz (allgemeine Spezifikation, topologieunabhängig) , gemäß Bild 3

Figure 00090001
Movement of a Zugspitze over the track network (general specification, independent of topology), according to Figure 3
Figure 00090001

Konstrukte der SpezifikationsspracheSpecification language constructs

Figure 00100001
Figure 00100001

Es wird eine Kante definiert, die vom Prädikat pred zur Transition trans führt oder umgekehrt. Im ersten Fall ist pred eine Vorbedingung, im zweiten eine Nachbedingung von trans. Bei der Entfaltung werden für jedes Transitionsexemplar von trans Lösungen für condition gesucht. Jede solche Lösung erzeugt dann ein Exemplar der Kante dieses Typs im speziell für eine Gleistopologie hergestellten Petri-Netz.
Werte für edgtype:

Figure 00110001
An edge is defined that leads from the predicate pred to the transition trans or vice versa. In the first case pred is a precondition, in the second a postcondition of trans. During the development process, solutions for condition are sought for each transitional copy of trans. Each such solution then creates a copy of the edge of this type in the Petri net specially made for a track topology.
Edgtype values:
Figure 00110001

Paar von abhängigen Ereignissen, wobei die Zulässigkeit des Eintreffens von transname1 davon abhängt, ob transname2 im Petri-Netz othernet ebenfalls zulässig ist.Pair of dependent events, the admissibility of the arrival of transname1 depends on whether transname2 in the Petri network othernet also is permissible.

2. Syntax- und Konsistenzcheck2. Syntax and consistency check

Es wird überprüft:

  • Korrekte Syntax
  • Entspricht <transtype> und <predtype> einem vordefinierten Typ?
  • Sind die Typendefinitionen der Variablen konsistent?
  • Sind <trans> und <pred> in allen Kantendefinitionen korrekt definiert?
It is checked:
  • Correct syntax
  • Does <transtype> and <predtype> correspond to a predefined type?
  • Are the type definitions of the variables consistent?
  • Are <trans> and <pred> correctly defined in all edge definitions?

3. Erstellung der Daten der Gleistopologie3. Creation of the data of the track topology

Zur Darstellung der Gleistopologie werden Doppelpunktgraphen verwendetColon graphs are used to represent the track topology

4. Entfaltung4. Unfolding

Für jeden Transitionstyp werden alle passende Variablenbelegungen aus der Objektmenge der Gleistopologie, so daß die Bedingung <transcondition> wahr wird. Jede solche Variablenbelegung ergibt ein Transitionsexemplar. Für jedes Transitionsexemplar werden alle Kanten gesucht, so daß die Kantenbedingungen mit der entsprechenden Variablenbelegung wahr sind. For each transition type, all suitable variable assignments are taken from the Object set of the track topology so that the condition <transcondition> becomes true. Each such variable assignment results in a transition instance. For each Transition specimen are searched for all edges so that the edge conditions are true with the corresponding variable assignment.

5. Laufzeitsystem5. Runtime system

Das Laufzeitsystem führt die speziellen, zur entsprechenden Gleistopologie gehörenden Petri-Netze aus. Es enthält eine Implementation des EUNOMISCHEN Algorithmus,The runtime system leads the special to the corresponding track topology belonging to Petri nets. It contains an implementation of the EUNOMIC Algorithm,

II. Beispiel einer formalen Spezifikation einer SicherungsebeneII. Example of a formal specification of a security level

Figure 00120001
Figure 00130001
Figure 00140001
Figure 00150001
Figure 00160001
Figure 00170001
Figure 00180001
Figure 00190001
Figure 00120001
Figure 00130001
Figure 00140001
Figure 00150001
Figure 00160001
Figure 00170001
Figure 00180001
Figure 00190001

III. Revertierter EUNOMISCHER AlgorithmusIII. Reverted EUNOMIC algorithm

Algorithmus, der beim Eintreffen eines nicht anzunehmenden unkontrollierbaren Ereignisses gestartet wird und in der Menge der kontrollierbaren Ereignisse nach einer Notfallabhängigkeit sucht, die das Eintreffen von unzulässigen Folgeereignissen verhindert. Der Algorithmus ist in Objective-C formuliert.

Figure 00190002
Figure 00200001
Algorithm that is started when an uncontrollable event that cannot be assumed arrives and looks for an emergency dependency in the set of controllable events that prevents the occurrence of impermissible follow-up events. The algorithm is formulated in Objective-C.
Figure 00190002
Figure 00200001

Beispiel: For example :

In dem in Bild 4 dargestellten Beispiel verliert die Weiche ihre definierte Endlage (unkontrollierbares, aber normalerweise nicht anzunehmendes Ereignis). Dadurch droht ein Zustand, in dem die Zugspitze des herannahenden Zugs sich auf einer Weiche befindet, die keine definierte Endlage besitzt (edg_crash). Um dies zu verhindern, wird der obige Algorithmus gestartet. Er untersucht die Vorgängermenge des Ereignisses "edg_crash" und findet die Notfallabhängigkeit "reset_signal--head". Anschließend wird das Ereignis "reset_signal ausgelöst, das das Hauptsignal auf Halt wirft.In the example shown in Figure 4, the switch loses its defined end position (uncontrollable, but usually not event to be assumed). This threatens a state in which the Zugspitze of the approaching train is on a switch, that has no defined end position (edg_crash). To do this prevent, the above algorithm is started. He examines the Predecessor set of the event "edg_crash" and finds the Emergency dependency "reset_signal - head". Then that will Event "reset_signal triggered that the main signal on hold throws.

Claims (5)

  1. Method of controlling and protecting the operation of any randomly configured track-guided transport system with the aid of a data processing system in which a model of all the states and events occurring in the transport system is stored in a formal language, in such a way that dynamic data that change owing to events occurring, insofar as they can be assigned to a track element type in a way independent of the track network, in the form of Petri nets of high abstraction level, insofar as they can be assigned in the track network concretely to existing track elements, are represented in the form of nets derived from said Petri nets, and static data valid for every system state, insofar as they can be assigned to a track element type in a way independent of the track network, in the form of predicates or invariants, insofar as they can be assigned in the track network concretely to existing track elements, are represented in the form of topography element data, and in which data processing system an algorithm is available that, prior to initiating a controllable event, calculates all the possible consequential states from the current state of the system and prevents the initiation if one or more inadmissible states are found among the calculated consequential states, characterized in that an uncontrollable event whose occurrence cannot be expected from the outset is defined as a normally unexpected event, and in that, during the checking of the admissibility of a controllable event, it is not expected that a normally unexpected event occurs, in that an additional algorithm is started if, after establishing the admissibility of the controllable event, a normally unexpected event occurs, in that, by means of the additional algorithm, the set of all the states achievable as a result of consequences of uncontrollable events is examined, proceeding from the actual system state generated by the occurrence of said event, in regard to whether a state designated as inadmissible occurs among them or the preliminary conditions for the occurrence of an event designated as inadmissible are fulfilled, and in that, if this applies, the set of all the events or controllable events designated particularly for this case are investigated in regard to whether the system state can be altered by its initiation in such a way that the set of the previously calculated, achievable inadmissible states or events designated as inadmissible is reduced and that, if that is the case, the appropriate controllable events are initiated.
  2. Method according to Claim 1, characterized in that speed data in the form of data tuples are assigned to the topography element data assigned to the track elements concretely existing in the track network, which speed data contain, in addition to valid maximum speeds, also data from which an achievable delay can be achieved with maximum brake use, in that the speeds valid at a track element, insofar as they are not redetermined, are calculated recursively or iteratively from data that have been assigned previously to traversed track element in the respective direction of travel, and in that the calculated speed data are used for establishing maximum speeds valid in the system.
  3. Method according to Claim 2, characterized in that the topography element data assigned to the track elements have the form of double-point diagrams and the data tuples containing the speed data are assigned to the points or edges of said double-point diagrams.
  4. Method according to any of the preceding claims, characterized in that the track segments of the track network are fitted with track idle status indicators, in that a continuous sequence of occupied segments is interpreted as a transport unit moving in the track network and the direction of travel is deduced from the order of the new occupations or idle status indications and in that an individual incorrect idle status indication does not change the assumed size of the transport unit.
  5. Method according to Claim 4, characterized in that an individual occupation of a segment is interpreted, in the case of valid idle status indication for all the adjacent segments, as a new transport unit initially having two heads and no tail, in that the occupation of a segment situated, seen in the direction of travel, behind the tail of an existing transport unit is interpreted as a change in the direction of travel of the transport unit or as a separate part of the transport unit starting to move backwards, and in that, in both cases, the original tail of the transport unit is converted into a head in the system model.
EP96104501A 1996-03-21 1996-03-21 Method for the control and the safety of a guided transport system Expired - Lifetime EP0796779B1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AT96104501T ATE232482T1 (en) 1996-03-21 1996-03-21 METHOD FOR CONTROLLING AND SECURING A TRACK-GUIDED TRANSPORT SYSTEM
DE59610130T DE59610130D1 (en) 1996-03-21 1996-03-21 Process for controlling and securing a track-guided transport system
EP96104501A EP0796779B1 (en) 1996-03-21 1996-03-21 Method for the control and the safety of a guided transport system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP96104501A EP0796779B1 (en) 1996-03-21 1996-03-21 Method for the control and the safety of a guided transport system

Publications (2)

Publication Number Publication Date
EP0796779A1 EP0796779A1 (en) 1997-09-24
EP0796779B1 true EP0796779B1 (en) 2003-02-12

Family

ID=8222584

Family Applications (1)

Application Number Title Priority Date Filing Date
EP96104501A Expired - Lifetime EP0796779B1 (en) 1996-03-21 1996-03-21 Method for the control and the safety of a guided transport system

Country Status (3)

Country Link
EP (1) EP0796779B1 (en)
AT (1) ATE232482T1 (en)
DE (1) DE59610130D1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1868051A1 (en) * 2006-06-15 2007-12-19 Société Nationale des Chemins de Fer Français Method for validating a control system and control system to be validated by this method
DE102008057750A1 (en) * 2008-11-17 2010-05-20 Deutsches Zentrum für Luft- und Raumfahrt e.V. Method for determining an optimal migration

Also Published As

Publication number Publication date
ATE232482T1 (en) 2003-02-15
EP0796779A1 (en) 1997-09-24
DE59610130D1 (en) 2003-03-20

Similar Documents

Publication Publication Date Title
DE69407452T2 (en) Train control system
DE2728362A1 (en) DATA PROCESSING SYSTEM FOR TRAVEL DATA
EP3371025B1 (en) Surroundings modeling device for a driver assistance system for a motor vehicle
EP4079600A1 (en) Method for optimising occupancy assessment when issuing permission for a railway vehicle / train to proceed with a train ahead
EP0796779B1 (en) Method for the control and the safety of a guided transport system
DE4409179A1 (en) System and method for dynamic information processing
DE102020213831B4 (en) Method for determining an existence probability of a possible element in an environment of a motor vehicle, driver assistance system and motor vehicle
DE19535856A1 (en) Computer control system with distributed requirement, non-synchronised region and control computers in different hierarchical planes for railway station signal handling where several trains are awaiting signals for the same track
EP0920391B1 (en) Process of controlling and monitoring a traffic control system
DE2704548C2 (en) Safety arrangement for lane-guided vehicles traveling in sequence or in sections
EP1109709B1 (en) Method and device for controlling a traffic installation
EP3580114B1 (en) Method and apparatus for setting at least one route for a railway installation
DE4314559A1 (en) Process for track vacancy detection by means of axle counting with automatic counting error correction
DE102016222907A1 (en) Rail vehicle and method of operation
DE602005000953T2 (en) System and method for responding to wiring faults in &#34;Resilient Packet Ring&#34; networks
EP3786026B1 (en) Railway system and method for controlling same
DE102021002160A1 (en) Process for the formation of a vehicle group
DE2849008C2 (en) Method for braking continuously influenced rail vehicles in the event of a transmission failure
EP3609763B1 (en) Track system and method for operating the same
DE102021200257A1 (en) Method for validating software functions in a driver assistance system for motor vehicles
DE112016002303T5 (en) Signal security system
DE102021207515A1 (en) Method for providing an electronic horizon for an autonomous motor vehicle
EP4098508A1 (en) Method for optimised entry into a target section by dynamically determining release speed
DE2928809C2 (en)
WO2024008453A1 (en) Method for predicting an influence of one road user on at least one other road user, and method for operating a vehicle

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19970315

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE DE DK FR GB IT NL PT SE

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

17Q First examination report despatched

Effective date: 20020502

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Designated state(s): AT BE DE DK FR GB IT NL PT SE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20030212

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20030212

REF Corresponds to:

Ref document number: 59610130

Country of ref document: DE

Date of ref document: 20030320

Kind code of ref document: P

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20030512

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20030512

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20030512

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
ET Fr: translation filed
BERE Be: lapsed

Owner name: *ALCATEL

Effective date: 20030331

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20031113

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20140311

Year of fee payment: 19

Ref country code: AT

Payment date: 20140226

Year of fee payment: 19

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20140319

Year of fee payment: 19

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20140417

Year of fee payment: 19

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20150220

Year of fee payment: 20

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 59610130

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: MM01

Ref document number: 232482

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150321

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20150321

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20151130

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20151001

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150321

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150321

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150331