【作者】 赵显琼；

【导师】 唐涛；

【作者基本信息】 北京交通大学 ， 交通信息工程及控制， 2012， 博士

【摘要】 随着列车运行控制系统的飞速发展,人们对于其能否安全可靠的完成承载运输任务越来越关注,而列控系统的可信性是否达到需求是影响这一点的关键。采用科学、系统的可信性验证方法对高速列控系统的复杂结构和功能进行可信性的验证是这一类系统设计开发过程不可缺少的环节。随着计算机技术的飞速发展,系统的结构复杂性、嵌入式特性和功能逻辑复杂性,给高速列控系统的可信性验证带来了极大的挑战。论文针对高速列控系统的特点,在深入分析现有可信性验证方法侧重点和局限性的基础上,将可信性验证的内容确定为四个属性和两个部分。四个属性包括：可靠性,可用性,可维修性和安全性；两个部分包括：结构可信性验证和功能可信性验证。对基于嵌入式系统的高速列控系统来说,结构可信性是功能可信性的基础。本文针对当前列控系统结构可信性验证验证存在的问题,提出了多形式化语义融合方法,在对扩展参数化故障树(Extended Parametric Fault Tree, EPFT)、可维修故障树(Repairable Fault Tree, RFT)、混成马尔可夫链(Hybrid Morkov Chain, HMC和扩展有色Petri网(Extended Colored P etri Net, ECPN)四种方法进行融合后,得到混成马尔可夫——参数化可维修故障树(HMC-PRFT)结构可信性验证方法,为系统结构可信性验证提供了更加准确、高效的分析方法。针对功能可信性的重要组成——功能安全性,研究了功能安全性自动测试方法,提出了基于CPN模型和贝叶斯假设的功能安全性自动测试方法,通过概率描述的定量方式来反应系统功能是否达到安全需求,从而有效提高了测试效率,降低了测试负荷,同时也为系统安全性测试提供了理论支持。论文的主要创新点如下：(1)针对既有结构可信性验证方法的建模能力局限,包括复杂冗余策略建模能力局限和复杂维修策略建模能力局限,提出一种对参数化故障树的扩展机制,并运用这种机制将传统的“热备门”引入到参数化故障树中,扩展了参数化故障树的热备策略描述能力；提出了混成马尔可夫链维修策略描述方法；(2)针对既有结构可信性验证方法的可信性数值计算困难的缺陷,扩展了有色Petri网的随机事件描述能力和数值计算能力；在此基础上,提出多形式化语义融合方法,得到HMC-PRFT结构可信性建模分析方法,提高了建模能力并实现了可信性数值计算；(3)针对目前功能安全性测试内容不明确问题,提出了安全性自动测试方法,运用基于CPN的面向测试生成的建模方法和测试生成算法实现,包括：测试案例生成算法,功能测试序列及其输入域生成方法和诱导功能执行序列生成方法；(4)针对目前功能安全性测试评判标准的不明确问题,提出了基于贝叶斯假设的功能SIL等级定量评价测试方法,针对无历史测试数据和有历史测试数据两种情况下,分别提出了与SIL等级对应的无失效通过的测试案例数目计算方法。论文最后以中国列车运行控制系统第3级(CTCS-3)中的重要子系统——无线闭塞中心(Radio Block Center, RBC)子系统为例,采用HMC-PRFT方法完成其结构可信性验证,通过维修策略对比分析、部件可信性灵敏度分析和冗余策略可信性灵敏度分析对RBC系统结构设计提出了建议；采用基于CPN和贝叶斯假设的安全性自动测试方法,对RBC进行了功能安全性测试过程设计,通过这样的测试直接为RBC系统的安全性检验提供依据。更多还原

【Abstract】 With the rapid development of the Train Control System, people are increasingly concerned about its ability to safe and reliable completion of the transport tasks, while its dependability reaches corresponding demand is the most important fact. Making use of scientific and systematic dependability verifying approaches to verify High-speed train control system both from structure and function is an indispensable component in the designing and development process of this type of system. With the fast development of computer technology, the complexity and embedded of the system brings a great challenge to the dependability verifying of high-speed train control system.Based on the characteristics of high-speed train control system and the in-depth analysis of the focus and limitation of the existing dependability verifying approaches, this paper has determined that the content of dependability verification includes four attributes and two parts. Four attributes are reliability, availability, maintainability and safety; while two parts are structure dependability analysis and functional dependability test; while for the embedded high-speed train control system, structure dependability satisfied the demand is the basis of functional dependability test. Focus on the limitation of existing structure dependability analysis, this paper proposes a multi-formalism fusing approach, which fusing the following four formal methods:Extended Parametric Fault Tree (EPFT), Repairable Fault Tree (RFT), Hybrid Morkov Chain (HMC) and Extended Colored Petri Net (ECPN), and finally get the HMC-PRFT structure analysis approach which provide a more accurate and efficient analysis methods for the dependability analysis of system structure. Further focus on the important component of functional dependability--unctional safety, this article proposes the CPN and Bayesian assumption based functional SILs level quantitative evaluation testing approach, which makes use of probability to determine whether the functional safety requirements have been satisfied and effectively improve the efficiency of the test, reduce the test load, and provides a theoretical basis for the quantitative assessment of system safety.The main innovations of this article are as follows:(1) Focus on the limitation of traditional methods’modeling capabilities, including ccomplex redundancy strategy modeling capacity and complex repairing strategy modeling capacity, the study extends the modeling capability of parametric fault tree, and proposes hybrid Markov Chain for the complex repairing policy modeling;(2) Against traditional methods cannot get the numerical results, the study extended the stochastic distribute description capability and numerical calculating capability of CPN. On this basis, the study proposes a multiformalism fusion method to get HMC-PRFT, which improves the modeling capabilities and implements the numerical calculating of system structure dependability.(3) Focus on the uncertain contents of functional safety testing, this thesis proposes a safety quantitative evaluation testing method, which makes use of CPN to modeling and generating, including:test case generating algorithms, functional test sequences and input field generating algorithm and induction functional execution sequences generating method.(4) Focus on the uncertain criteria of functional safety testing; this article proposes Bayesian assumption based SILs level quantitative evaluation testing method, which helps to calculating the required unfail passed test cases number under two different situations:with history testing data and without history testing data.Finally in this thesis, the important subsystem of Chinese Train Control System Level3-Radio Block Center (RBC) is taken as a case study. HMC-PRFT method is implemented to analysis RBC structure dependability. Through the comparation of different repairing strategies, the components’sensitivity analysis and redundancy policy sensitivity analysis, give some recommendations to RBC system structure design; CPN and Bayesian assumption based functional safety quantitative evaluation testing method is used for test design of RBC functional safety assessment testing, provides proof for the safety inspection of the RBC system.更多还原