İstanbul Teknik Üniversitesi / Fen Bilimleri Enstitüsü / Kontrol ve Otomasyon Mühendisliği Anabilim Dalı
Anklaşman sistemlerinin hatada güvenli bir PLC ile gerçeklenmesi
Implementation of the interlocking systems by fail-safe PLC
Emre Dincel - 2013Teze Git (tez.yok.gov.tr)
İnsanlar demiryolu, havayolu, denizyolu ve karayolu gibi birçok seçeneğe sahip olmalarına rağmen, ülkemizde karayolu taşımacılığı hem yolcular için hem de lojistik sektörü için daha fazla tercih edilen bir ulaşım çeşididir. Ancak, bununla birlikte demiryolu taşımacılığının arttırılması yönünde gösterilen çabalar da demiryolları için bir revizyon gereksinimini doğurmuştur. Demiryollarında hem güvenli hem de hızlı bir ulaşımın sağlanması adına sinyalizasyon sistemlerinin yeniden yapılandırılması olmazsa olmazlardandır. Özellikle de insan odaklı hatalardan kaynaklanan can ve mal kayıplarının çokça yaşandığı demiryollarında sinyalizasyon sistemleri için önerilecek olan otomatik çözümler, bu kayıpların önüne geçmek için atılacak olan adımlardan biridir. Bu amaçla oluşturulan temel sistemler anklaşman sistemleri olarak adlandırılırlar. Anklaşman sistemleri, demiryolu ulaşımın güvenli olarak sağlanması için oluşturulmuş olan sinyalizasyon sistemlerinde karar verici mekanizma olarak kullanılan yapılardır. Bu sistemler kendilerine trafik kumanda merkezi tarafından gönderilen komutların, saha ekipmanlarından (makaslar, ray devreleri, sinyaller vb.) alınan bilgilerin de değerlendirilmesiyle birlikte, uygun olup olmadığını denetleyen, uygun komutları sahaya göndererek trenin en uygun güzergaha yönlendirilmesi, gerektiğinde durdurulması, tekrar hareket ettirilmesi gibi eylemleri gerçekleştiren, uygun olmayan komutları ise reddederek trafik kumanda merkezini bu durum hakkında bilgilendiren bir yapıya sahiptirler. Tüm bu eylemler için gerekli olan makas konum ayarlamaları, sinyal bildirim ayarlamaları, güzergah kilitleme vb. işlemler de tasarlanan anklaşman sistemi tarafından yürütülmektedir. Bu yönüyle anklaşman sistemleri, trafik kumanda merkezi ve saha arasındaki güvenli köprü olarak adlandırılabilir.Anklaşman sistemleri ilk zamanlarda mekanik olarak tasarlanmakta iken gelişen teknoloji ile birlikte elektronik kartlar bu amaçla kullanılmaya başlanmıştır. Günümüzde ise programlanabilir lojik kontrolörlerin (PLC) bu amacı gerçeklemek üzere kullanımları yaygınlaşmaya başlamıştır. PLC tabanlı anklaşman sistemlerinin tasarımları için çeşitli yöntemler kullanılmaktadır. Özellikle bu tür kumanda sistemlerinin ayrık olay sistem yaklaşımına uygun olmasından dolayı petri ağları modeli, otomat modeli gibi ayrık olay tasarım metotları rahatlıkla uygulanabilmektedir. Anklaşman sisteminin ana yapıları ve saha elemanları için elde edilen bu modeller PLC?lerde gerçeklenerek tasarlanan anklaşman sistemlerinin fiziksel dünyaya aktarılması tamamlanmış olur.Bu tez çalışmasında öncelikle demiryollarında kullanılan sinyalizasyon sistemleri ve bu sistemin temel elemanları hakkında genel bilgiler verilmiştir. Anklaşman sistemlerinin genel özellikleri ve tasarım yöntemleri detaylı olarak açıklanmıştır. Örnek bir demiryolu istasyonu için anklaşman sistemi tasarlanmış ve uygulama Beckhoff PLC ve Siemens hatada-güvenli PLC yardımıyla gerçeklenmiştir. Bu aşamada öncelikle kullanılan PLC?lerin donanımsal ve yazılımsal özelliklerinden bahsedilmiş, sonrasında tasarımı yapılmış olan anklaşman sistemlerin PLC yazılımlarına nasıl dönüştürülebileceği anlatılmıştır. Son olarak, trafik kumandamerkezi için bir kullanıcı arayüzü (SCADA sistemi) tasarlanmıştır
Although people have many choices for transportation such as railway, highway, seaway and airway, in our country, highway is the most preffered one by both passengers and logistic sector. In addition to this, with the increasing efforts towards enhancing railway transportation, it has led to the need for a revision to railways. The establishment of signalization systems is one of the most prior revisions in order to ensure safety which is the most important criterion for all transportation systems.Even if technological developments reduce the possibility of making mistake day by day, these mistakes may result in fatal accidents in railway transportation. In Turkey, from 2004 to 2008 total 2312 railway accidents occurred and 691 people died, 1437 people injured in these accidents caused by train collisions, passage collisions and derailments. To ensure the safety of such systems, in most of the countries the umbrella standard IEC 61508 for safety critical systems and the EN 50128 for railway applications are required.Especially for the railway systems in which life and property loses are experienced mostly because of the human-oriented mistakes, automatic solutions become an important subject to examine. Interlocking systems are used as decision-making mechanisms in railway systems in order to prevent potential accidents so that trains travel on railway safely. In the railway signalling, there are three basic elements named as track circuits, switches and signal lights. A track circuit is a simple electrical component which is used to detect existence of trains in railway systems. As the train passes over the track circuit, it is short circuited. Thus it is possible to detect if train is on track or not. Switches are another component which provide passage of trains from one track to another and are generally controlled by motors. There are two position of switches are called normal position and reverse position. Switch is called in the normal positions if train continues on the path directly and is called in reverse position if train deviates from the path. Signal lights give information to machinist about the next routes such as having a permission to pass to the next route, necessary speed of train, state of next signal lights. Signal lights are positioned on the right side of railway according to the direction of movement. There are four type signal lights are called as dwarf signal light with two lights (red and green), dwarf signal light with three lights (red, green and yellow), high signal light with three lights (red, green and yellow) and high signal light with four lights (red, green and two yellow) which are used in Turkish railways.Interlocking systems check the compliance of the route request coming from the Traffic Control Centre (TCC), in which train movements and all other processes in the railway line are monitored and carried out, with the help of feedback signals which are taken from the railway field. Using the obtained information, interlocking xxsystem make a decision to accept or reject pending route request. If route is not occupied, interlocking system locks all track circuits on the route electronically, changes positions of the all switches on the route to the appropriate position (normal position or reverse position) and sets signal lights as needed. During these processes, if all feedback signals (indications) are received as expected then pending route request is approved and train starts to move. Otherwise, in order to provide safety,pending route request is rejected. Therefore, it is possible to say that interlocking system is a safe bridge between the field and TCC.While the train is moving on reserved route for itself, track circuits are checked by interlocking system if the train is entering to tracks respectively and leaving from the tracks in the correct order. If there are switches on the reserved route, then theirpositions are always checked until route is released to ensure safety and also signal lights are checked to be sure if they give right notification or not until the end of the route. Finally, when train reaches to the end of the route, all occupations are cleared and route is released for the next request by interlocking system.Firstly a mechanical interlocking system is established in England in 1843. After that with the development of electronic systems, mechanical systems are replaced with the electronic systems. In these days, programmable logic controllers (PLC) which are specialized for industrial automation systems are started to be used for theinterlocking systems.Interlocking system design can be performed by various methods. The important thing is that the interlocking system must satisfy both of the hardware and software requirements of the standards. While it is easy to satisfy the hardware aspect by using certified COTS products, safe software design needs more effort and formal approaches. In the literature, graph based systems and interlocking table based systems are used to design interlocking systems. There are also other studies which are based on discrete event system approach such as automata and petri nets. In theinterlocking design, these formal methods should be used in order to provide defined safety standards for the railway systems on the software side.Automaton approximation, in other words state transition graph, is a graphical representation which consists of an initial state and other states, state transitions and events that provide transition between states. In order to obtain state transition graph of a system, firstly states and events are needed to be determined. Then, state transition graph is drawn and logical expressions are generated by using this graph.In the next step, state transition functions have to be generated. These functions are determined depending on conditions which bring automat to concerned state and also take out automat from concerned state. With the help of these state transition functions, it is possible to design interlocking systems and implement them on a PLC easily.In the automata based interlocking system design, firstly all fields equipments (track circuits, switches, signal lights and level crossing) should be modeled using automaton approach. Once their state transition graphs are obtained, it is possible to write logical functions using basic logical expressions called as AND, OR, NOT. Security precautions should also be taken into account while creating states and events in the automat. Obtained logical functions are ready to be implemented on PLC using programming languages such as function block diagram (FBD) and ladder diagram (LAD) which are supported in the Siemens fail-safe programming. Then it is easy to create function blocks for each element one by one. At the end, these created function blocks are combined properly in main function blocks which are created for each route of the railway yard. In these route function blocks, two main requests which are called as a route request and a route canceling request are taken as inputs and with the help of automata programmed for these requests, necessary operations are performed.Since the hardware and software requirements should be satisfied according todefined safety standards in the implementation phase of the interlocking system, on the hardware side, designed interlocking systems are implemented using fail-safe PLCs produced by several companies such as Siemens, Hima, Mitsubishi. In addition to this, on the software side, fail-safe programming is used. In this study, design of the interlocking system for a given railway yard is performed by automata. As a hardware and software, Siemens CPU 317F-2 fail-safe PLC and S7 Distributed Safety fail-safe programming package are used respectively.In the fail-safe programming, it is allowed to use only limited set of PLC commands.User defined data types or the other complex data types such as REAL, ARRAY, BYTE are not also allowed to use in the fail-safe program, only basic data types such as WORD, INT, BOOL and TIME are allowed to use. Fail-safe PLC program can be written only by ladder diagram (LD) or function block diagram (FBD) languages. In order to write a program into Siemens fail-safe PLC, first of all a program call block (F-CALL) is created and this block is called in a time-dependent interrupt program (such as OB35). Accordingly, a special main fail-safe block (F-PB) is created. After that, all programming blocks are operated in this main block. All these limitations lead to the difficulty in programming. However, with all these precautions, a safe operation is guaranteed.After the programming phase of the required program, during the compilation phase, additional data blocks and functions blocks are added to PLC program by Siemens Distributed Safety package. Thus all data used in program are also stored in another safe data blocks and this provides secure storage. Besides, with the help of the automatically created function blocks which detect the mismatches or errors and bring system to the predefined safe state, it is not allowed to make a mistake on the software side.In this study, an interlocking design for a sample railway yard is performed by a formal method called as automaton approach. Obtained state transition functions of the interlocking system elements are programmed using fail-safe programming rulesand are implemented on Siemens fail-safe PLC in order to ensure safe operationwhich is determined by safety standarts. In the first part, a short introduction is given to explain the importance of the railway signalling and necessity of the interlocking systems.In the second part, basic railway signalling elements and their main properties are introduced briefly.In the third part, automaton approach is explained in detail and then all railway signalling equipments are modeled using this formal approach. After that, logical functions (state transition functions) for the field equipments and also routes are obtained with the help of automata.In the fourth part, obtained state transition functions are converted to the function blocks using fail-safe programming and these blocks are implemented on Siemens fail-safe PLC. Lastly, a user interface is designed in order to monitor train positions, xxiifield equipments? states and unoccupied - occupied routes. Thus control of the givenrailway yard is provided.