Train Control System in Model-Based Real Time System Design
A Train Control System Case Study in Model-Based Real Time System Design
The future European Train Control System (ETCS) will be based on mobile communication and overcome fixed blocks in order to increase track utilization and interoperability throughout Europe. Data processing on board the train and in radio block centers as well as the radio communication link are crucial factors for the safe and efficient operation. Their real-time behavior under inevitable link failures needs to be modeled and evaluated. The paper presents a first simplified model of communication failure and recover behavior as well as safety-critical data exchange. Performance evaluation of the stochastic Petri net model shows that the official quality of service specifications may lead to a bad utilization.
Train control is an important part of the railway operations management system. Traditionally it connects the fixed signaling infrastructure with the trains. With the European Union ERTMS/ETCS project (European Rail Traffic Management System/European Train Control System), a standardised European train control system is designed, which will gradually replace the great number of different train control systems in use today. It will allow trains to cross borders without the need to change locomotive or driver, as it is still necessary today. The system forms the cornerstone of a common system for train control and traffic management.
At the final stage of ETCS implementation throughout Europe, more or less all train control infrastructure will be either on-board the trains or distributed in control centers. There is no need for optical signals, wheel counters, or a fixed arrangement of track parts into blocks. Trains and control centers are connected by mobile communication links. The safety of passengers depends on the communication system reliability. Real-time communication and information processing play a major role for the implementation of ETCS. The case study presented in this paper is thus a truly distributed real-time system.
The importance of quality of service parameters for the communication and specification of the real-time behavior of subsystems has been addressed in the specifications of ETCS . The requirements are however not very detailed, e.g. no distributions are considered, but only probabilities of meeting certain deadlines. While it is important to specify subsystem characteristics, the real-time behavior of the system as a whole can only be assessed by looking at their interaction. This paper goes a first step into that direction by evaluating one safety-critical communication structure together with its failure behavior. In addition to offer interoperability between the different European railroad companies, another major goal is to increase track utilization with higher throughput of highspeed trains. It is obvious that dropping the standard block synchronization of trains and migrating to a virtual block system has the potential of allowing closer distances between trains. However, we show that the anticipation of driving in brake distance behind another train cannot be reached with ETCS under worst-case assumptions. The mentioned evaluations can only be done using some kind of model, independent of whether it is a simulation program or based on a formal modeling technique.