Train fire linkage and modeling verification method

[0037] Example 1

[0038] figure 1 ISCS is a schematic structural diagram of the system, see figure 1 , ISCS including: FAS, BAS, ACS, PA (public address), PIS (Passenger Information System) and CCTV (closed circuit television) and other subsystems, ISCS integrated automation control system, a high degree of integration with the Internet, etc., ISCS will separate weak monitoring capabilities of each system of deep integration is conducive to coordinated interaction when critical events occur. In addition, ISCS also with the railway signaling systems, mainly for the ATS (Automatic Train Supervision) with a communication interface. ISCS system deployed in the OCC (Operations Control Center), OOC achieve the full range of monitoring and control of trains and equipment by the dispatcher through the ISCS.

[0039] Specifically, BAS responsible for the HVAC system equipment, to conduct a comprehensive water supply and drainage system equipment, elevator systems, low voltage power distribution equipment, lighting systems and power equipment, effective automated monitoring and management, procedural automatic, real-time, regular, on-site situ monitoring apparatus operating state, controlling the opening and shutting down, detecting environmental parameters. FAS subsystem controller and a fire alarm zone fire alarm controller bus by way of the temperature field smoke detectors, manual alarm, a telephone jack, phone is on hook, alarm network modules and other equipment, is responsible for monitoring the entire vehicle base station within the scope of states associated fire fighting equipment, fire alarm received message, alarm and display portion. Staff published when PA subsystem for operational command and the job notice, circular train information and security, guidance and other information services to passengers, and cater to disaster prevention and operation and maintenance broadcast. CCTV monitoring subsystem for special area covering station, the device region, trains, and other important entrance channel. PIS subsystem for publishing guided by passenger information, train arrival information, time information, and other scenic features introductory information. ACS subsystem for passage in and out privileges, and out of the way, out of time management. ATS subsystem enables signal train track, display, control and adjustment.

[0040]TCMS is MVB (Multifunction vehicle bus) and WTB (Wired Train Bus) or the like of the TCN (Train Communication Network) configuration. Wherein data communication between the trains WTB responsible vehicle, the interior of the vehicle MVB responsible for data communication. TCMS control and management of the various subsystems of the train car by TCN.

[0041] The train fire linkage method comprising: FAS fire detection device detects a train fire, FAS fire control panel to determine the position of the fire, FAS fire information uploaded to TCMS, TCMS wireless communication systems by the vehicle alarm forwarding information to the OCC ISCS while TCMS fire that location information of fire information contained and controlled CCTV corresponding to the position of the camera, the picture of the camera is synchronized to the ISCS, OCC combined alarm information and the camera screen is determined whether a fire occurs, the corresponding execution fire mistakenly reporting system reset or start a fire evacuation.

[0042] Specifically, a train fire linkage method comprising the steps of:

[0043] S1: FAS fire detection device detects a train fire.

[0044] In step S1, the smoke fire detection apparatus comprises temperature detectors, smoke by at least two of said temperature detectors in a carriage. Since each of the temperature detectors tobacco smoke chamber has a separate, special infrared transmitting and receiving means, when a fire is detected smoke chamber, to achieve an alarm condition, only warning, only when the two chambers smoke alarm condition after simultaneous arrival , FAS fire alarm will be, thereby improving the reliability of fire detection. The chassis of the train and the train equipment box etc. is not suitable for fire detection smoke detectors temperature, employed in the present embodiment the temperature sensing probe cable suitable for use without smoke detectors temperature fire detection position, temperature sensing cable having a detection threshold, when the temperature is higher than the threshold value, the temperature sensing circuit is broken, then the fire alarm can be determined at a host site abnormal temperature, so that an alarm. In the present embodiment, the train is provided on the manual alarm button, when the passenger detection of fire, fire alarm may be performed directly by manual alarm button, an alarm upon receiving the artificial information, FAS found train fire and the fire alarm.

[0045] S2: FAS fire control panel to determine the position of the fire, FAS fire information uploaded to the TCMS.

[0046] In step S2, the temperature of the smoke detectors each have a separate location information, the fire control panel each time access data smoke detector temperature, when the temperature of the smoke detector detects a fire, the fire can be determined fire control panel, and binding alarm detector determines the position of the fire position. For temperature sensing cable, each channel corresponds to a temperature cable alarm address information, leading to a high temperature when the temperature sensing cable cut, the address corresponding to the alarm circuit is open, the fire control panel in this determination based on the fire occurrence position. For manual fire alarm, FAS fire control panel to determine the location of the fire according to the position corresponding to the manual alarm button.

[0047] S3: FAS upload fire information to TCMS, TCMS by the vehicle wireless communication systems alarm forwarding information to the OCC ISCS, while TCMS fire that location information of fire information contained and a control position corresponding to the camera CCTV, and the camera picture synchronization to ISCS.

[0048] In step S3, when the TCMS receiving the fire alarm FAS transmitted to forward the alarm information corresponding to the ISCS, while TCMS will fire that location alarm information includes, and controls the camera CCTV corresponding position, the CCTV picture camera synchronized to ISCS.

[0049] S4: OCC screen alarm information in conjunction with the camera and determining whether a fire occurs, the corresponding execution false fire evacuation system reset or start a fire.

[0050] After the step S4, ISCS receives an alarm signal, the first linkage signal system ATS, to fire the train station where the interval before and after the deduction of issued commands, and then call the police, it was confirmed by the fire dispatcher. OCC dispatcher alarm information in conjunction with a CCTV camera screen is determined whether the fire.

[0051] After confirming the false fire, the fire reset information according to the TCMS the ISCS to the fire reset command issued FAS, and linkage fire emergency exit ISCS subsystem response.

[0052] After confirming the fire, ISCS linkage PIS train before and after the fire station, PA equipment and system for fire emergency response plan corresponding broadcast evacuation of passengers, etc., at the same time, ISCS will also fire confirmation message back to TCMS, TCMS receive confirmation fire after the information linked BAS, PA and PIS vehicle subsystem enable fire emergency response program corresponding. In order to avoid system failure in the implementation of fire or emergency communications interruption, TCMS system to maintain continuous monitoring of the linkage of equipment and systems to ensure that the linkage system is to work properly, in each communication cycle, TCMS will need monitoring device connected to the linkage state;

[0053] When the end of the fire, the OCC end command issued by the dispatcher, and ISCS TCMS after receiving transferred to normal operation, and controls the corresponding linkage system in response to a corresponding linkage canceled.

[0054] figure 2 Is a schematic view of a method linkage train fire, image 3 FAS is a flowchart for detecting a fire, Figure 4 TCMS is a flowchart linkage, Figure 5 OCC is a flowchart linkage, see Figure 1 - Figure 5 , When the fire detection equipment FAS found, the corresponding alarm information forwarded to the TCMS. After receiving the alarm information from TCMS FAS, while the vehicle by wireless communication systems alarm forwarding information to the OCC ISCS, while synchronizing CCTV signal, the picture synchronizing CCTV fire compartment to the ISCS. ISCS after receiving the alarm signal, the first linkage signal system ATS, to fire the train station where the interval before and after the deduction of issued commands, and then call the police, were confirmed by the fire dispatcher. If confirmed fire, ISCS station control systems and related equipment, fire emergency response, such as the PA and PIS, not to inform passengers on the train platform, and evacuated to the outside of the station. Meanwhile, ISCS will also fire confirmation message back to TCMS, TCMS receive a confirmation message after the fire, and immediately linked car BAS, PIS, PA and other related systems, to train fire in response, for example by BAS turn off air conditioning and fresh air train system, by PA inform passengers away from the cabin on fire and ready to get off and so on. When the end of the fire, the OCC end command issued by the dispatcher, and ISCS TCMS after receiving transferred to normal operation, and controls the corresponding linkage system in response to a corresponding linkage canceled.

[0055] Example 2

[0056] Compared with the traditional timed automata automaton, a mechanism to increase the time constraints, but also have joined the state transition diagram Notes, the expression of a real-time constraints of the system features that will have very good results. Using finite variables representing time, and annotated with a constraint state transition diagram. Constraints based on transition conditions of the system, wherein, if the time-related constraints, time variables to determine the timing of the state transition occurs, is called the time limit. A real-time system, typically constituted by a plurality of network time automata automata work time.

[0057] UPPAAL by Aalborg University and the University of Uppsala in Sweden, Denmark jointly developed automaton model of time formal tool built on time automata theory. UPPAAL use professional grammar, state space model of the system for safety search, verification system, accessibility and limited activity and other characteristics. UPPAAL use of a BNF grammar, be detected by the system state space traversal. UPPAAL verify three main indicators considered model, namely security, accessibility, restricted activity. The main security for the safety properties of the model validation, such as checking whether the system deadlock and so on. The main function of the accessibility properties to verify the model, such as checking whether a state can migrate correctly. Restricted mainly active functional attributes of the inspection system, the main time constraints verification system is valid.

[0058] A method for the automatic train fire linkage needs to consider not only the drive linkage during the operation result, control linkage required time, the time between the different linkage systems with different requirements. Further, since each system work independently, different systems prone to various problems, consider the instability of the entire interior of the linkage program. Thus, a method to achieve linkage with real-time train fire and concurrency. As a real-time system simulation time introduced by the automatic machine can be a set of parallel, mutually communicating automata time to represent the link between the linkage system of each embodiment of the process and system, the entire system will be described as a network time automatic machine, whereby to meet the requirements of real-time and concurrent linkage program, and therefore, the present invention proposes to employ UPPAAL linkage program modeling analysis to security attributes and functional attributes authentication scheme.

[0059] Linkage Model train fire in the verification method of the present invention comprises: time-based UPPAAL tool automata theory, establishing automaton model, comprising: a time the FAS automaton model, communication detection time automaton model, the TCMS time automaton model and automatic time OCC machine model, including the deployment of the OCC and subsystems therein ISCS; time automaton constituted by the network automata model described and verify the linkage train fire the method of Example 1, the linkage method of the train fire in response to the linkage between the various processes and systems to verify the logic, and the logic flow is determined whether an error occurs in response to the linkage. FAS automaton model time, detection time communications automaton model, and the TCMS time automaton model automaton model OCC time, each time the automaton clock independent variable, a timing of data processing within the various processes, tetrakis time automata automata network time constitute described automatic train fire in the driving linkage.

[0060] Image 6 FAS is a schematic diagram automaton model time, the main channel and the state model, the variables described in Table 1 below.

[0061] Table 1 FAS Timed Automata Model Description

[0062]

[0063] Combine Image 6 And shown in Table 1, when there is no fire, FAS in an initial idle state. When a smoke alarm conditions are temperature detectors SHD1, transferred to a warning state, this state is detected in the second temperature detectors SHD2 smoke reaches the alarm condition, if only one symbol smoke detector alarm temperature conditions may be considered It is false because environmental problems, as a result of electromagnetic interference, return to the initial state. If the second temperature detectors also smoke reaches the alarm condition is deemed detected fire, FAS alarm to TCMS, alarmed state and alarm. Similarly, when the temperature sensing cable is cut, if the temperature cable alarm address corresponding to the read, FAS will alarm to TCMS, and transferred to the alarm state, if the temperature sensing is not read to the cable corresponding alarm address, then FAS prove abnormal operation, into an abnormal state Error. Further, the passenger car alarm can manual, manual alarm when a passenger, FAS directly alert the system to the TCS, and alarmed state alarm.

[0064] When FAS is in alarm alarm, the train is in the fire on behalf of the state, this time, if an exception occurs and the connection TCMS may cause alarm information is not forwarded success, FAS needs immediately transferred to an abnormal state Error. If the information received TCMS end of the fire, the fire has been completed on behalf of, FAS initial state into idle. If the reset signal is received from the TCMS, it represents TCMS for some reason, is reset by a human operator, and orders that FAS is reset to the initial state idle.

[0065] When an abnormal state FAS Error, the need to manually reset the cabinet of the FAS. All comes to manual operation, whether by hand to confirm the end of the fire and security.

[0066] Figure 7 Is a schematic view of the communication automaton model detection time, the main channel and the state model, the variables described in Table 2 below.

[0067] Table 2 Time communication detection automaton model described

[0068]

[0069] Combine Figure 7 And shown in Table 2, when there is no communication request, the communication is detected in an initial state TCMS idle. After receiving the connection request of FAS, FAS starts waiting for reception of the alarm information, if the corresponding information is not received within a predetermined time T_FAS2TCMS, then the communication abnormality occurs. Upon receiving the alarm information, the alarm information is received on behalf of TCMS. Further, for CCTV, ISCS, BAS, PA, PIS systems, when applying the TCMS into interlocking respective wait state corresponding to the communication, if the feedback set in the corresponding time, represents the successful communication, or as a communication abnormality .

[0070] Figure 8 Is a schematic view automaton model TCMS time, the main channel and the state model, the variables described in Table 3 below.

[0071] Table 3 TCMS Timed Automata Model Description

[0072]

[0073] Combine Figure 8 And shown in Table 3, when the fire alarm is not received, the TCMS is in the idle state. After receiving the fire alarm, TCMS into RecvFireAlarm state. In this state, the TCMS information necessary to forward the fire alarm OCC ISCS to the vehicle by wireless communication, if a forwarding failure, abnormalities may occur ISCS is connected into an abnormal state Error. In addition, the TCMS CCTV cameras also need to be close to the fire screen to the position synchronization ISCS, if the synchronization fails, into an abnormal state Error. When the fire alarm and the screen information to the synchronization ISCS, TCMS OCC dispatcher waits to confirm whether a fire occurs, it is determined if the dispatcher is false, i.e. there is no fire, the fire-free state into NoFire, and immediately forwarded to the fire end of FAS information, then the initial state into idle. If the dispatcher confirmed the fire, the TCMS into joint state LinkageOthers, ready to fire linkage other emergency response systems.

[0074] When TCMS located LinkageOthers state, need to continue joint fire-related emergency response systems, including BAS close linkage fresh air, air conditioning, fire linkage PA and PIS were broadcast and passenger evacuation. If TCMS system linkage and related abnormalities, then transferred to an abnormal state Error, or as a joint success. At the end of each life cycle, check that all the systems were connected and connections are successful, if not met, the representatives of TCMS system is abnormal, the abnormal state into Error. If all satisfied, the clock is reset and the connection state of each device, the connection re-request, in order to achieve the effect of continuous linkage. In this state, TCMS OCC received the information after the fire, no fire into the state NoFire, and forwarded immediately to the fire FAS end message, then transferred to the initial state idle.

[0075] When an abnormal state TCMS Error, need to confirm the cancellation by the staff after a fire, the system of the TCMS manual reset, and resets respectively forward the information to the OCC with FAS, so that both ends of fire-related operations performed to avoid a deadlock state.

[0076] Figure 9 OCC is a schematic diagram automaton model time, the main channel and the state model, the variables described in Table 4 below.

[0077] Table 4 OCC Model Description Timed Automata

[0078]

[0079] Combine Figure 9 And Table 4, when the fire alarm message is not received, in an initial state of the OCC idle. When receiving the synchronization ISCS picture from the CCTV and forwarded by the message until the TCMS, alarm, alarm state into the OCC WARNING. After the alarmed state, the OCC has been confirmed SelectStation station and released state deduction command status HoldTrain, train position respectively an acknowledgment of the train station and a longitudinal section which deduction command issued to the corresponding station, and proceeds to wait for confirmation state Wait_FireSure, waiting for the fire dispatchers confirm.

[0080] If there is no fire dispatcher confirmed, it sends false signal, to cancel a previously issued command deduction, the initial state into idle. If the dispatcher confirmed the fire, the OCC linkage corresponding to the station PA and PIS and other fire-related emergency response system after the end of the fire into the waiting state Wait_FireOver. When the end of the fire, the OCC dispatcher by remote reset, can be reset manually by the train fire TCMS to the reset, and cancel command corresponding deduction linkage, again into the initial state ilde.

[0081] Models requires authentication security, limited activity as well as various functions for verification, can in turn enter the BNF is required to verify the nature of statements in the list UPPAAL validator, Figure 10 The method of linkage is a train fire schematic model validation results, Table 5 shows the train fire alarm system needs to verify the nature and the corresponding BNF statement verification result.

[0082] Table 5 in conjunction train fire properties verification method UPPAAL

[0083]

[0084] Combine Figure 10 And as shown in Table 5, the model train fire verification method established linkage FAS automaton model time, detection time communications automaton model, the TCMS OCC time and time automaton model automaton model configured by four time automata model automatic machine network, and described in conjunction train fire method described in Example 1 is verified. By settling time automaton model validation process and avoid the interlocking logic error, resulting in problems such as deadlock system failure, to ensure the safe train operation.