The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Introduction to Railway Signalling
1. Introduction to Signalling
What is Signalling in Railways?
• Signalling is Mechanism by which the
station master conveys information to the
Loco driver to Stop, Go with Caution or
Proceed
2. What are the Types of Signalling
Systems in Railways
• Time Interval Method
• Space Interval Method
3. Time Interval Method
• Trains are Spaced Over an length of a track
in such a way that , if the first train stops,
the following train driver should be able to
stop the train in sufficient distance without
colliding with the first one.
• This type is used where traffic is less and
weight of the trains are less, e.g: Trams
• This Type of System cannot be used in
Passenger rails since weight and traffic is
High
4. Space Interval Method
• In this method of “Control Over
Movement”, the length of the track is
divided in to sections called Blocks. The
Entry of a train in to the ‘Block’ is
controlled in such a way that only when it is
free, a train can be allowed to enter it. This
means that between two consecutive trains ,
there is definite space interval.
5. • The Space Interval Method is further
divided in two types as follows:
Signals
Visual Audible
6. Visual Audible
Movable Fixed Flare
Flag Signal Signal
Detonators Voice Whistle
7. Fixed
Signal
Two Aspect Multi Aspect
Colour Light
Semaphore
Signalling
Colour Light
Semaphore
Signalling
8. Semaphore Signalling
• Semaphore signals are rectangular or fish
tailed arm fixed to a vertical Post.
• The arm is rotated in different angles to
convey information to the Loco driver.
10. Colour Light Signals
• In This type of signalling colour lights are
used to convey information to the Loco
driver. This has many advantages over
semaphore signals. They may be elaborated
as follows:
1. The day and Night aspects are the same, so
no confusion to the driver.
11. 2. Visibility can be available for Longer
ranges, so it is easier for the driver to apply
brakes in time.
3. The Signals are Placed at drivers Eye
Level.
4. No Mechanical Transmission and no
moving parts.
12. Red Aspect: Yellow Aspect: Caution,
Stop Dead
Proceed and be
prepared to stop at the
next signal
13. Green Aspect: Double Aspect:
Proceed Attention, Proceed and
be prepared to pass the
next stop signal at
restricted speed
14. Elements of a Yard
• Signals
• Track Circuits
• Points
• Slots
15. Track Circuits
• Track Circuits are devices that convey the
presence of a train on a specified length of
a track
• There are many types of track Circuits
available as follows:
1. DC Track Circuits
2. High Frequency Track Circuits (HFTC)
16. 3. Audio Frequency Track Circuits (AFTC)
4. Axle Counters ( Digital & Analog )
• What ever may the technology used to
detect presence of train, the final element is
a relay.
18. Points
• Points also referred to as switches are
mechanical devices in the railway to change
the path that trains may take through a
junction. The switch positions are called
normal and reverse
• These mechanical switches can be manually
or Electrically Operated to Change From
Normal to Reverse or Vice-Versa
20. • Point Machine Operates on 110V DC
• The Point Machine is connected to the
mechanical levers to switch the position of
the Point
21. Slots
• A slot is an element of a Yard, which as
Dual Control, i.e. An Element of the Yard
which can be operated by Two or More
Means.
• This is generally applicable for Points,
Level Crossings and Ground Frames
22. Example: Normally a Point is operated by
means of Electric Motor but whenever the
motor is failed, a permission is granted by
the station Master of that yard to the
signalling department, so that the field staff
Can go and manually operate the point and
lock it. This is done by the means of a crank
handle. So that there is no detention of
traffic.
23. What is a Railway Interlocking system
A railway interlocking system controls the
traffic in a railway station, and between
adjacent stations. The control includes train
routes, shunting moves and the movements
of all other railway vehicles in accordance
with railway rules, regulations and
technological processes required for the
operation of the railway station
24. What is meant by term Interlocking In
Railways
A term used for the logical relationships
between physical entities in the railway
yard such as points, signals, track circuits,
and so on. In SSI, this is programmed in the
Software; in relay-based interlocking this is
hardwired into the relay circuitry, and in
ground-frame interlocking it is manifest in
the mechanical linkages between physical
components
25. What is RRI
RRI Stands for Route Relay Interlocking.
An Interlocking System When built
completely using Electro mechanical relays is
called as Route Relay Interlocking System .
26. Example RRI Relay Circuits
MAIN/SH. SIGNAL ROUTE SELECTION RELAY
Concerned
& & Own
CH/GF/LX_
KLCR GNR UNR WFR WFR ASR
MN/SH_
NWKR RWKR
LR
GNR WNR Concerned UUYNR COGGNR CNF_ UYR2
CH/GF/LX_
LRs
YR
LR
EGRNR EUYNR
27. What is SSI
SSI Stands for Solid State Interlocking. An
Interlocking System When built using
Electronics replacing traditional
Mechanical Levers and Electro
mechanical relays is called as Solid state
Interlocking System.
28. Why SSIs are Required
SSIs are required to replace the existing RRI
and PI Systems Since the traditional
systems are very expensive and difficult to
maintain because of the huge number of
relays and mechanical levers used. SSIs
are a better solution to the older systems
since they are costing only ¼ the cost of
RRI or PI and the maintenance cost is
negligible and are easy to maintain.
29. S2
S4
S14 SH5
S12 S11
Point Machine
S13
Track Circuit
Data
Logger
Serial
Control cum Indication Panel Communication
Links
SSI Rack Relay Rack Maintenance
Terminal
30. Why SSI is cheaper than RRI
SSI is cheaper than RRI because of the
following factors:
1. Number of relays Used in SSI are reduced
to ¼ of Relays used in RRI
2. Cabling cost is much lesser than compared
to RRI
3. Regular Maintenance is not required for
SSIs
31. How many Types of SSIs are Available
Based on the Deployment view SSIs are
mainly of Two Types:
1. Centralized Systems: As the Name
Suggests all Controls of the system are at
one place. Cables from the system are
taken to the field gears of the Yard.
2. Distributed Systems: In Distributed
System the Controls are Distributed across
the yard and are kept near to the field
gears keeping the cable length to a bear
minimum
32. Based on the Architectural View SSIs can be
classified in to following Types:
1. Single Processor
2. 2 out of 2 Systems
3. 2 out of 3 Systems
4. Hot standby Systems
These types are generally chosen by the
customer based on the type of requirement
such as the size of the yard, amount of
traffic in the yard and budget allotted
33. RAMS Engineering
• Reliability: The reliability can be
defined as the ability of an item to
perform a required function under
stated conditions for a stated period of
time.
• Redundancy: The existence of more
than one means of accomplishing a
given function. Each means of
accomplishing the function need not be
necessarily identical.
34. • Hardware (Software Diversity):
Two or more different Versions of
Hardware (Software) working in a
system to achieve a same result.
• Failure: The termination of the
ability of an item to perform a
required function.
35. • Maintainability: The ability of an item,
under stated conditions of use, to be
retained in, or restore to, a state in which it
can perform its required function, when
maintenance is performed under stated
conditions and using prescribed procedure
and resources.
• Availability: The ability of an item (Under
combined aspects of its reliability,
maintainability, and maintenance support)
to perform its required function over a
stated period of time.
36. What is fail safety
• Fail Safety is the concept in which even
when a system fails, it fails on the safer
side.
Example: A Relay when power is cut off the
Output drops resulting in a safe state
37. Methods to Achieve fail safety in
Electronic Systems
Processor Reading at
Time 1
System
Inputs Outputs
Processor Reading at
Time 2
Fig No: 1 Time Redundancy
38. Processor 1
Processor 1 Outputs
Inputs Identical Software
and Hardware System
V Outputs
O
T
E
R
Processor n
Processor n Outputs
Inputs Identical Software
and Hardware
Fig No: 2 Hardware Redundancy
39. Processor 1
Processor 1 Outputs
Inputs Hardware 1
Identical Software
System
V Outputs
O
T
E
R
Processor n
Processor n Outputs
Inputs Hardware n
Identical Software
Fig No: 3 Hardware Diversity
41. Processor 1
Processor 1 Outputs
Inputs Identical Hardware
Software 1
System
V Outputs
O
T
E
R
Processor n
Processor n Outputs
Inputs Identical Hardware
Software n
Fig No: 5 Diverse software on redundant hardware
42. Processor 1
Processor 1 Outputs
Inputs Hardware 1
Software 1 System
V Outputs
O
T
E
R
Processor n
Processor n Outputs
Inputs Hardware n
Software n
Fig No: 6 Diverse software on Diverse hardware
43. Selection Table
• Selection Table is representation of the
Interlocking between Signals, Tracks,
Points and Slots of particular Railway Yard.
• It gives the conditions required for setting a
route i.e. Reception and dispatch of trains
44. Route No Button Press Approach Back Controlled Detects Points Conflicting Slots
Locked Locked By Tracks Routes Involved
By Tracks By Tracks
GN UN Normal Reverse
s1_TDMA S1 TDMA 1AT 1BT,1CT, 1BT,1CT,1 11,12,18 S30_TDMA CH1,CH2
11BT,12T 1BT,12T,D
MT
S30_TDMA s30 TDMA T6 T6,T30,T4 T6,T30,T40 11,15,18, S1_TDMA,S CH1,CH2,
0,T50 ,T50,DMT 12 H10_TUM CH3
45. Start
Post Routines and diagnostic
Functions
Establish Communication with
Subsystems
Scan for Yard Inputs
A
Software Flow in SSI systems
46. Interlocking Logic
Set Field Outputs
Outputs Read Back and inform
supervisory
Log Data in Data Logger
Start
47. How errors are detected in SSI
Systems
Post: Power on Self test
• After power ON, each processor would start
its operation from a predefined vector
location irrespective of its previous state. In
this state each processor first defines all
control registers of internal and external
peripheral devices. It then performs a series
of self-checking functions to ensure the
healthiness of all its internal components.
48. • Within POST, each processor performs
following checks.
• RAM test
• ROM test
• I/O Bus Test
• Processor Identity Check
• Address Check
• I/O Configuration Check
• Relay Input Integrity Check
• Shutdown Control Voltage Check
49. Diagnostics
• Diagnostics are a series of tests conducted
on the hardware by the processor to check
their Integrity.
• The Tests performed in diagnostics are
listed below:
50. • RAM test
• ROM test
• I/O Bus Test
• Processor Identity Check
• Address Check
• I/O Configuration Check
• Relay Input Integrity Check
• Shutdown Control Voltage Check
51. Power
ON
Or User
Reset
T1
POST
T4 T3
T2
Degraded T5 Normal
Mode Mode
T6
T7
Safe
Shutdown
mode
Operational Modes of SSI
52. Need for Independent Verification
and Validation
♦ Complexity of computer based interlockings demands rigid procedures
and strict requirements for verification and validation
♦ Computer based technologies allowed for a new approach towards
signalling rules
♦ Computer technology allows much more functional flexibility through
the software
♦ CENELEC standards have been elaborated and introduced
♦ Reorganization of the railway companies, which among other issues
caused that V&V activities have been split up and assigned to
independent organizations
All these changes offer chances as well as threats for a professional
verification and validation of interlockings.
53. What are Fail safe Tests
• Fail safe tests are one of tests carried out
after system Integration.
• In these tests deliberately faults are injected
in to the system and the outputs of the
system are measured and results should be
on the safer side
54. What is FMEA
• FMEA Stands for Failure Modes and Effect
Analysis
• FMEA is a part of the fail safety tests that
are conducted on the system. This the vital
part of Validation and for obtaining safety
Certification.
55. • FMEA can be done on card Level and At a
System Level
Example:
Component
Card1 Card2
Card4
Card3
System
System Outputs
56. • In the above Example if the component fails
in the Card1, Card1 may fail or may not fail
and if the component failure is detected
Card1 will fail. If Card1 fails and if it is a
non-Vital Card, the system will still
function, but if the card is Vital Card, the
system will go to shut down.
• In all the above process the system outputs
should be noted and in none of the cases the
output should be un safe.
58. FMEA Sample Sheet
Results
Sno IC Reference Number Pin No Type of Fault
Card Level System Level
Card shall shut down since the System will function in
1 U17 1 Struck at 1
data loop test will fail 2 out of two mode
Card shall shut down since the System will function in
2 U17 1 Struck at 0
data loop test will fail 2 out of two mode
Card shall shut down since the System will function in
3 U17 1 Open
data loop test will fail 2 out of two mode
Card shall shut down since the System will function in
4 U17 2 Struck at 1
data loop test will fail 2 out of two mode
Card shall shut down since the System will function in
5 U17 2 Struck at 0
data loop test will fail 2 out of two mode
Card shall shut down since the System will function in
6 U17 2 Open
data loop test will fail 2 out of two mode
59. How Safety Integrity Levels are calculated
• A fundamental problem in estimating reliability is
whether a system will function in a prescribed
manner in a given environment for a given period
of time. This depends on many factors such as the
design of the system, the parts and components
used, and the environment. Hence it is necessary
to consider the reliability of a system as an
unknown parameter that is defined to be the
probability that the given system will perform its
required function under specified conditions for a
specified period of time.
60. • Let S(t) be the number of surviving components still operating at time
t after the beginning of the ageing experiment, let F(t) be the number
of components that have failed up to time t.. then the probability of
survival of the components, also known as the reliability R(t), is
• R(t) = S(t) / N --- (1)
• The probability of failure of the components, also known as the
unreliability Q(t), is
• Q(t) = F(t) / N --- (2)
• Since total number of components, (N) = S(t) + F(t) ---
(3)
• By adding (1) and (2) equations and substituting equation (3) in the
result, we get
• R(t) + Q(t) = 1
• The failure rate, also known as the hazard rate, Z(t) is defined to be the
number of failures per unit time compared with the number of
surviving components;
• Z(t) = [ dF(t) / dt ] / S(t) --- (4)
61. • i.e. Z(t) = λ--- (5)
• To get the reliability in terms of failure rate, combine
equations (1) (4) &(5). After combining and integrating the
final expression we get the reliability in terms of failure
rate is
• R(t) = ℯ -λt --- (6)
• It is understood that the reliability of a system falls down
as the system hazard rate rises exponentially as shown in
Fig. (2)
• The above relationship is known as the exponential failure
law; λ is typically expressed as percentage failures per
1000 hours or as failures per hour. When the product λt is
small, equation (6) becomes
• R(t) = 1 – λt --- (7)
• This gives the system reliability for system failures
occurring during the useful life period that are entirely due
to component failures.
62. • THRS ≅ FRA/SDRA X FRB/SDRB X (SDRA +
SDRB) ------------ (17)
• SDRS ≅ SDRA + SDRB
• Here FRs stands for potential hazardous failure rates.
• If periodic testing times are used as detection times then
above eqn 17 may be used with mean test times
• i.e T/2 +negation time = SDT = 1/SDR
---------------------- (18)
• For practical conditions the negation time is practically 0
(micro seconds) in our calculations
∀ ∴ SDT = 1/SDR = T/2
• In our calculations we have still considered the actual
time as T
∀ ∴ SDT = 1/SDR = T -------------------- (19)
63. • The time T as explained above is the detection and negation time.
• The reports generated by the software are enclosed in the annexure 1.
• In the report under the heading environment quality different levels of
quality can be specified as described below:
• Level 0: Components procured on commercial considerations only,
with no evidence of reliability.
• Level 1: Components are procured on commercial considerations, but
with evidence (usually from the component vendor) of reliability.
• Level 2: Components are procured on the basis of sufficient quality
and Reliability demonstration. Procurement specifications require that
the components have suitable reliability for the purpose
• Level 3: Fully assessed reliability.
64. Table for SIL Allocation
Tolerable Hazard Rate THR per hour
Safety Integrity Level
And per function
10-9 <= THR < 10-8 4
10-8 <= THR < 10-7 3
10-7 <= THR < 10-6 2
10-6 <= THR < 10-5 1
65. Presented By
Sandeep Patalay
Email: sandeep.patalay@gmail.com