By Broadcourt
Posted one year ago

Human factor guidelines (Providing a great comfort) for locomotives in American rail roads

Safety and RAMS

Share
banner image

Today i was travlling from LA and i wonder What are human factor guidelines (Providing a great comfort) for locomotives in American rail roads? and following are my observation please comment your observations below  - 

1. Comfort: The term "comfortable" is arbitrary and susceptible to individual interpretation. Effective seat design and evaluation are difficult without a set of precise criteria that define what constitutes comfort.

2. Insufficient Design: Inconsistent implementation across different seats or even different trains is possible in the absence of precise requirements. Due to varying expectations and preferences, some passengers may find a particular seat to be comfortable while others may find it to be unpleasant.

3. Customer Dissatisfaction: Since comfort is subjective, passengers may have varying expectations. If the seats do not meet their personal comfort preferences, passengers may experience discomfort, leading to dissatisfaction with the overall train experience. This can impact customer loyalty, perception of quality, and even influence their decision to choose alternative transportation options.

4. Cost Increase: Unclear requirements can lead to increased costs during the design and development process. Without clear criteria, designers may need to go through multiple iterations or guesswork to meet the undefined comfort standard. This can result in additional design revisions, rework, or even the need for costly modifications after the seats have been produced.

5. Safety Concerns: Although it is not directly related to the comfort requirement. For instance, if comfort is prioritized over safety features like proper lumbar support or seatbelt effectiveness, it can compromise passenger safety in the event of sudden stops or accidents.

 To mitigate these adverse consequences, it is important to establish more specific and measurable requirements. For example, specifying factors like seat cushion material, adjustable features, ergonomic support, maximum pressure points, vibration reduction, or specific measurements for seat dimensions can help improve the overall design and ensure passenger comfort is objectively addressed.

 

The given requirement is an arbitrary condition without particular measurements. It does not specify what is meant by "comfortable" in terms of the passenger seats. When designing and evaluating a product, this flaw may cause ambiguity and subjectivity.

Unfavourable effect brought on by this deficit:

Inconsistent design: - Lacking a precise and quantifiable description, different designers or manufacturers may have varying interpretations of the criteria. As a result, different seat designs might be used across the system.

Users dissatisfaction: - It is difficult to ensure that the chairs match passengers' expectations and ergonomic needs because the criterion does not provide any quantifiable criteria.

Increased risk of passenger's health issue: - Lack of precise comfort standards can result in chairs that don't support people well enough, causing bad posture and more pressure spots for passengers. Inconvenient seating for extended periods of time can aggravate musculoskeletal issues such back pain, neck strain, and joint pain.

To continue reading Register Now or Login

Suggested Articles for you

Josef Winter - Posted 3 years ago

Solar-powered video surveillance for tracks

The solar video surveillance system was specially developed for an application without power supply and network connection for railroad use. This system is the ideal and cost-effective solution for video surveillance, at locations without existing infrastructure. The RAILWAY CONTROLLING models can be used in all locations where sunlight and mobile phone reception are available. All models meet strict security requirements.   Ideally suited for: - Track surveillance - Tunnel portal surveillance - Storage yard surveillance - Weather monitoring   Visit: http://railway-controlling.com/index.html  

Read Full Article

Somnath Pal - Posted 3 years ago

RAMS of a Vital Input Card

CHAPTER -1  Introduction For a Railway Signal Interlocking system, Field Input conditions to be monitored by the Interlocking equipment are Track Cct / Axle Counter, Point Detection, Signal Aspect Proving, Level Crossing Gate, Crank Handle and Panel Buttons. The monitoring is done by reading the Pick-up or Drop contacts of corresponding Relays. This could have been done by operating a Transistor through external Voltage fed via the pick-up Contact of the Relay. The Output of Transistor is processed by the Logic Solver ( Processor). But in that case, there would be no Isolation between external Analog Input and internal Digital Output circuits. An Opto Coupler is used for this purpose, where the Input LED and Output Phototransistor are electrically isolated . The Input through Pick-up contact of Relay operates the LED of the Opto Coupler, light from which turns the output Phototransistor. The  interfacing using a Transistor and an Opto coupler is showed in Fig 1(a)&(b) When the Relay is in Pick-up condition, the Transistor is Forward biased and Collector Output to Processor is ‘0’ . During Drop condition of the Relay, Collector Output is ‘1’ . Input Interface Card converts the Analog information of DC Voltage fed through the Relay contacts to send TTL level to Processor. The basic features of the Card are: All Inputs are fed through Opto Couplers having a minimum Isolation Voltage of 1500V.   All Inputs are protected from Transient Voltages and Surges by using Varistors. To reduce Single-point Failure, both Front and Back potential-free contacts of each external Relay are interfaced. They are read through different Ports and Bits to avoid common-mode failure. Each Card gets Hardware Address of the particular Slot of the Backplane, to which it is inserted. This Address must be matched with the Software Address sent by Logic Solver Card before the external Relay Inputs are read. Input Cards can be inserted or extracted with System Power-ON conditions. A special circuit is used to prevent transient to Stable +5V Supply to ICs, Input data are read employing Input Toggle by the logic Solver or using multiple sets of Opto Couplers ensuring Hardware redundancy. The Input Data Structure of the Interlocking System Inputs is given in Fig 2: Panel Buttons and Keys are called Non-Vital Inputs and a Non-Vital Input / Output Card is used to read 32 Inputs . All other Inputs are Vital Inputs and a Vital Input Card reads 16 Relay Inputs.   A detailed diagram is showed in Fig 3 . Since Railway Interlocking is a Safety-critical System, Inputs from both Pick-up and Drop Contacts of a Relay is analysed. Each Input is monitored by Opto Couplers by supplying Current from an Isolated 12V Supply . The Input to Processor will be ‘ 01’ in Drop Condition and ‘ 10’ in Pick up Condition . These two combinations are Valid Inputs . Other two Inputs ‘ 00’ and ‘ 11’ are Invalid and Processor will show Fault. But during transition of Relay between Drop to Pick-up or Pick- up to Drop , both the Opto Couplers will be OFF . So, Output will be ‘11’ , which is Invalid A De-bouncing circuit (U1) is used for feeding steady Input to the Logic Solver. In this case, during transition of Relay, the Input to Processor will remain unchanged from Last State. When the Relay X is not operated , current flows through the Drop Contact , Inductor, L1, Current Limiter R1, Resistor R2 and input Diode of Opto Coupler OC1. The Opto Coupler conducts and a level ‘ 0 ’ is fed to Pin1 of U1 . This makes output Pin 3 of U1  as ‘ 1 ’. At the same time, since no current passes through Input Diode of OC2, it does not  conduct. Level ‘1’ is fed to  Pin 5 of U1 and output   Pin 6 of U1 to Port becomes ‘0’. Thus we get a pattern 0101 at the Port. When the Relay X is operated , current flows through the Pick-up Contact ,  Inductor L2,  Current Limiter R5, Resistor R6 and input Diode of Opto Coupler OC2. The Opto coupler conducts and a level ‘0 ’ is fed to Pin 5 of U1 . This makes output to Pin 6 of U1   as ‘0’ . At the same time, since no current passes through Input Diode of OC1, it does not  conduct. Level ‘1’ is fed to  Pin 1 of U1 and output to Pin 3 of U1 to Port becomes ‘0’ .This time, the inputs to Port changes to 1010 . We find that Port inputs 0101 and 1010 are the valid levels . All other combinations  are invalid levels. If Hardware De-bounce Cct U1 is replaced by Software De-bounce to reduce Parts Count to enhance Reliability, the inputs to Port will change to 01 when Relay X is not operated and 10 when it is  operated. If a vital decision is taken by   Pick-up condition of Relay X, then a failure to read Pick-up condition as Drop, is a Safe failure . But if Drop condition is read as Pick-up condition, it will be Unsafe failure . Now we shall have to do an Failure Mode Effects & Criticality Analysis (FMECA)  study of the Cct showed in Fig 3 and identify the critical component to cause Unsafe Failure and mitigate the Hazard. Failure Mode Effects & Criticality Analysis (FMECA) We shall first study the failure modes of the components. For every failure mode of components , we shall their effect for Drop and Pick-up conditions. Typical faults of an Electronic component are Open Cct, Short Cct, Drift in Parameter and Functional Faults. Average relative frequencies of Failure Modes of various Components are given in the Table 1 below. Terminating Resistors and Current Limiting Resistors are of mainly Metal Film type for which Short cct Mode is incredible and hence are not considered. When Resistors are used in Nodes with Pull up Totem-pole Driver , even Drift in value is not to  be considered. For open Collector Modes like Opto coupler output, the design ensures much higher Collector current as well as Diode input current , so that even  ± 20% Drift does not affect the Circuit behaviour. So, for Resistors , only Open Cct Mode is considered. For Inductors, any Drift will not affect normal operation and only Open Mode of failure is considered. For Varistor, Open Mode does not affect normal operation and if the Clamp Voltage is chosen much higher than the required Value , Drift also does not have any effect. Only Short cct Mode is analysed . For ICs, both s-a-0 and s-a-1 Faults are considered for every Pin. Now we will consider component-wise FMECA. The effects during Relay Drop  and Pick-up conditions are analysed for each Component Failure. a) If Inductor L1 is Open Relay Drop condition: Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1011’. Fault is detected as Invalid Data and failure is Safe.  Since both the Inputs to Debounce Cct are at ‘1’, its Output will remain at last State, i.e. 01. Relay Pick-up condition : Current  passes through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘0’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  b) If Inductor L2 is Open Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin5  is at ‘1’ and U1 pin 1 is at ‘0’. Output  to Port will be ’0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Current  passes through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  also at ‘1’. Output  to Port will be ’1011’. Fault is  detected  as invalid data. c) if Metal Oxide Varistor RV1 is Short : Relay Drop condition: Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1101’. Fault is detected as invalid data and failure is Safe.  Relay Pick-up condition : Current  passes through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘0’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  d) if Metal Oxide Varistor RV2 is Short : Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin5  is at ‘1’ and U1 pin 1 is at ‘0’. Output  to Port will be ’0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Current does not pass through input of Opto Coupler OC2. U1 pin 5 is at ‘1’ and U1 pin 1 is  aIso ‘1’. Output  to Port will be ’1011’. Fault is detected as invalid data and failure is Safe.  e) If Current Limiting Resistance R1 is Open: Relay Drop condition: Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1101’. Fault is detected as invalid data and failure is Safe.  Relay Pick-up condition : Current  passes through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘0’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  f) If Current Limiting Resistance R2 is Open: Relay Drop condition: Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1101’. Fault is not detected data and failure is Safe.  Relay Pick-up condition : Current  does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is also at ‘1’. Output  to Port will be ’1011’. Fault is  detected  as invalid and failure is Safe.  g) If Current Limiting Resistance R5 is Open: Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘0’ and U1 pin 5 is  aI ‘1’. Output  to Port will be ’0101’. Fault is not detected data and failure is Safe.  Relay Pick-up condition : Current  does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘1’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  h) If Current Limiting Resistance R6 is Open: Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘0’ and U1 pin 5 is  aI ‘1’. Output  to Port will be ’0101’. Fault is not detected data and failure is Safe.  Relay Pick-up condition : Current  does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘1’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  i) If Protection Diode D1 is open: Normal operation of the cct is not affected. But a reverse voltage of more than 6V during Drop condition would damage the Diode of Opto coupler OC1. During Pick-up condition, there is no effect. j) If Protection Diode D2 is open: Normal operation of the cct is not affected. But a reverse voltage of more than 6V would damage the Diode of Opto Coupler OC2 during Pick-up. There is no effect during  Drop condition. k) If Protection Diode D1 is short: Relay Drop condition: Opto coupler OC1 will be OFF since current will  be bypassed via D1. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘1’. Output  to Port will be ’1101’. Fault is detected as invalid data and failure is Safe.  Relay Pick-up condition : Opto coupler OC1 will be OFF since current will  be bypassed via D1. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘1’. Output  to Port will be ’1010’. Fault is not detected failure is Safe.  l) If Protection Diode D2 is short: Relay Drop condition: Opto coupler OC2 will be OFF since current will  be bypassed via D2. U1 pin 1 is at ‘1’ and U1 pin 5 is  also at ‘1’. Output  to Port will be ’ 0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Opto coupler OC2 will be OFF since current will  be bypassed via D2. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1011’. Fault is detected as invalid data and failure is Safe. m) If Input Diode of Opto Coupler OC1 is open: Relay Drop condition: Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  aIso ‘1’. Output  to Port will be ’1101’. Fault is detected as invalid data and failure is Safe.  Relay Pick-up condition : Current does not pass through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  at ‘0’. Output  to Port will be ’1010’. Fault is not detected  and failure is Safe.  n) If Input Diode of Opto Coupler OC2 is open: Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin 5  is at ‘1’ and U1 pin 1 is at ‘0’. Output  to Port will be ’0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Current  does not pass through input of Opto Coupler OC2. U1 pin 1 is at ‘1’ and U1 pin 5 is  also at ‘1’. Output  to Port will be ’1011’. Fault is  detected  as invalid data. o) If Collector in Opto Coupler OC1 is open: Relay Drop condition: Due to the pull up Resistor 5, Current does not pass through input of Opto Coupler OC1. U1 pin 5  is at ‘1’ and U1 pin 1 is at ‘0’. Output  to Port will be ’0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Opto Coupler OC2 starts conducting  and port input becomes 0101. Fault is not detected  and failure is Safe.  p) If Collector in Opto Coupler OC2 is open: Relay Drop condition: Current does not pass through input of Opto Coupler OC2. U1 pin5  is at ‘1’ and U1 pin 1 is at ‘0’. Output  to Port will be ’0101’. Fault is not detected and failure is Safe.  Relay Pick-up condition : Current  passes through input of Opto Coupler OC1. U1 pin 1 is at ‘1’ and U1 pin 5 is  also at ‘1’. Output  to Port will be ’1011’. Fault is  detected  as invalid data. q) If Collector and Emitter of OC1 is short: Relay Drop condition: We get  1 in Pin 1 of U1 and port gets data 0101. Fault is not detected and failure is Safe.  Relay Pick-up condition : Both pins 1 and 5 get 1 and we get 0110. Fault is  detected  as invalid data. r) If Collector and Emitter of OC 2 is short: Relay Drop condition: We get  1 in Pin 5 of U1 and port gets data 1010. Fault is not detected and failure is Safe.  Relay Pick-up condition : Both pins 1 and 5 get 1 and we get 0110. Fault is  detected  as invalid data. s) If Pull up Resistor R3 is open: Relay Drop condition: Since Opto Coupler OC1 is in operated condition, we get  0 in Pin1 of U1 and port gets data 0101. Fault is not detected and failure is Safe.  Relay Pick-up condition : If there is large leakage current from Supply and Ground, the Collector of Opto coupler OC1 will be at level ‘0’. So data to  port will be 0110. Fault is  detected  as invalid data. t) If Pull up Resistor R7 is open: Relay Drop condition: Since Opto Coupler OC2 is in operated condition, we get  0 in Pin5 of U1 and port gets data 0110. Fault is detected as invalid data and failure is Safe.  Relay Pick-up condition : If there is large leakage current from Supply and Ground, the Collector of Opto coupler OC1 will be at level ‘0’. So data to  port will be 1010. Fault is  not detected.  u) If S-a-0 fault is at Pin 1 of U1: Relay Drop condition: Pin 3 of U1 will be ‘1’ and Port Input is 0101. Fault is not detected. Relay Pick-up condition : Port Input will be 0110, which is invalid. v) If S-a-0 fault is at Pin 5 of U1: Relay Drop condition: Pin 6 of U1 will be ‘1’ and Port Input is 0110 which is invalid. Relay Pick-up condition : :Port Input will be 1010. Fault is not detected. w) If S-a-1 fault is at Pin 1 of U1: Relay Drop condition: Pin 1 and Pin 5 of U1 both will be ‘1’ and Port Input remains 0101. Fault is not detected. Relay Pick-up condition : Port Input will be 1010. Fault is not detected. x) If S-a-1 fault is at U1-5: Relay Drop condition: Pin 6 of U1 will be ‘0’ and Port Input is 0101.  Fault is not detected. Relay Pick-up condition : Pin 1 and Pin 5 of U1 both will be ‘1’ and Port Input remains 1010. Fault is not detected. y) If S-a-0 fault is at U1-3: Relay Drop condition: Pin 3 of U1 will be ‘0’ and Port Input is 0011, which is invalid. Relay Pick-up condition : Port Input is 1010. Fault is not detected. z) If S-a-0 fault is at U1-6: Relay Drop condition: Port Input is 0101. Fault is not detected. Relay Pick-up condition : Port Input is 1100, which is invalid. aa) If S-a-1 fault is at U1-3: Relay Drop condition: Port Input is 0101. Fault is not detected. Relay Pick-up condition : Port Input is 1101, which is invalid. ab) If S-a-1 fault is at U1-6: Relay Drop condition: Port Input is 0111, which is invalid. Relay Pick-up condition : Port Input is 1010. Fault is not detected. ac) If R4 is Open: Relay Drop condition: LED 1 will not glow. Since LED 2 also does not glow, fault can be usually detected. Relay Pick-up condition : Since LED 2 glows, fault cannot be detected. ad) If R8 is Open: Relay Drop condition: Since LED 1 glows, fault cannot be detected. Relay Pick-up condition : LED 2 will not glow. Since LED 1 also does not glow, fault can be usually detected . ae) If LED1 is faulty: Relay Drop condition: LED 1 will not glow. Since LED 2 also does not glow, fault can be usually detected. Relay Pick-up condition : Since LED 2 glows, fault cannot be detected. af) If LED2 is faulty: Relay Drop condition: Since LED 1 glows, fault cannot be detected. Relay Pick-up condition : LED 2 will not glow. Since LED 1 also does not glow, fault can be usually detected. In summary, Invalid Input is obtained in Relay Drop condition if OC1 Output is Short OC2 Input or Output is Open U1-3 S-a-1 U1-6 S-a-0 Similarly, Invalid Input is obtained in Relay Pick-up   condition if OC1 Input or Output is Open OC2 Output is Short U1-3 S-a-0 U1-6 S-a-1 It also shows that a single fault cannot lead to Unsafe Failure. After the completion of FMECA, we are to perform Fault Tree Analysis (FTA) of the Circuit to identify the causes of Safe and Unsafe Failures .                                                        Fault Tree Analysis (FTA) We shall now learn how the Circuit can fail to operate. So, we shall make a Fault Tree Analysis as shown below. Fault trees are individually made for both Safe as well as Unsafe Failures. Safe Failure can occur due to Two simultaneous Faults --- Open Cct Fault in Opto Coupler OC2 as well as Short Cct Fault in Opto Coupler OC1. Unsafe Failure can occur due to Two simultaneous Faults --- Open Cct Fault in Opto Coupler OC1 as well as Short Cct Fault in Opto Coupler OC2.     Unsafe Failure can happen only due to simultaneous Faults in Open cct in Relay NO path and Short cct in Relay NC path.         CCT UNSAFE FAILURE (0101 is read as 1010)               Once we prepare the Fault Tree, we are to calculate the Failure Rate of the Card .               For this, we are initially to find the Basic Failure Rate for each component as per Calculations given in MIL Std 217F . Then we are to Calculate the actual Failure Rate under environmental stress.   The environmental stress factors are : λ C =  Contact Constitution Factor λ Q = Quality Factor λ E =  Environmental Factor. We consider Ground Fixed λ T =  Temperature Factor λ s =  Electrical Stress Factor λ R =  Resistor Value factor λ CV = Capacitor Value Factor   Typical Calculations for a Components are showed in Chapter. The following Table shows the individual Component Failure Rates for the Input Interface Cct. We have seen that Unsafe Failure can be caused only by 2 simultaneous failures – Open Circuit in OC 1 and Short Circuit of OC 2 Output. So, the Failure Rate will be the Product of Individual Failure Rates of the 2 Opto Couplers. From the table above, we find that the Failure Rate of an Opto Coupler is 0.0257 X 10 -6 . So, the Unsafe Failure Rate will be ( 0.0257 X 10 -6 ) 2 = 6.6040 X 10 -16.  This is far above the requirement of SIL 4. Total Failure Rate of the Card is 3.375477 X 10 -6 giving a Mean Time Between Failure of 296254.4 Hours. Reliability after a period of One year (8760 Hrs) i s R = e – λt     = e - 0.0000033754 X 8760    = e – 0.029568    = 0.97086   Designed Life with 99% Reliability = (- ln 0.99) / 0.0000033754 = 0.01005033585 / 0.0000033754 = 2977.5 Hrs. Preventing Common- Mode Failures: To reduce Common- mode failures, we can feed U1 outputs in two different Ports and that too at different Input Pins . For example, if Pin 3 of U1 is fed to D0 of Port A, Pin 6 of U1 should be fed to D7 of Port B . Then we can match them through Software in Processor Card. See the Diagram of the connection in Fig 4 A Program for the same task is written below in 8085 Assembly language. START:          IN Port 1                     :   Read Drop Contact Data                        MOV D, A                  :    Save Data                        IN Port 2                     :    Read Pick-Up Contact Data MATCH:         PUSH D                     :    Save Drop Contact Data                        CMA                           :    Invert Pick-Up Contact Data                        MOV B, A                  :   Save Data                        MVI C, 00                  :   Initialize Register ‘C’                        LXI H, 0180                :   Initialize Registers : ‘H’ and ‘L’                        MVI E, 08                  :    Load Count (8) for the Loop Iterator LOOP  :         ANA H                        :    Mask Unconcerned Bits of the Pick-Up* Data                        JNZ ONE                    :    If Data Bit is Not 0, Go to Label ONE                         MOV A, L                   :    Transfer Data from Register ‘L’ to ‘A’.                         CMA                           :    Invert Data of Accumulator                         ANA C                        :    Mask Unconcerned Bits                         JMP ZERO                 :    Go To Label ZERO . ONE    :          MOV A, C                  :    Copy Contents of ‘C’ to Accumulator                       ORA L                        :    Make MSB ‘1’ and progress with other bits ZERO  :          MOV C, A                  :    Save the new value in Register C                      MOV A, H                  :    Load Bit Position Indicator in Accumulator                      ADD H                       :    Shift Left for Next Bit indicator                        MOV H, A                  :   Save the Bit Indicator Data.                                     MOV A, L                   :   Load Bit Position in Accumulator                            RRC                           ;    Go to Next Bit Position                        MOV L, A                :    Save Updated Bit Position Data                        MOV A, B                :    Read saved Pick-up* Contacts Data                        DCR E                    :    Check for completion of all 8 Bits           JNZ LOOP             :  Repeat Rearranging for all 8 Bits                         MOV A, C              :  Save Rearranged Pick-up* Data                         POP D                   :  Restore Saved Drop Contact Data                        RET                       :  Go back to Main Programme                        CMP D                   :   Compare Drop and Pick-up* Data                       JNZ FLT                 :   If not Matched, Go to Fault This Subroutine is Executed in 34.5 μs, considering that each State in 8085 generally takes 330 ns for execution .   Toggling of Input data to detect Opto Coupler Faults Instead of keeping the Emitter of Opto Coupler permanently Grounded, we feed ‘0’ from Processor through Port C of Programmable Peripheral Interface 8255, to the Emitters as showed in Fig 5.   After reading the input and analysing, we momentarily feed ‘1’ to the Emitters. Now, all the opto-couplers should be OFF. That means, Opto-coupler outputs should follow the Toggling input from the microprocessor. Now, we again feed ‘0’ from the Processor and analyse the Opto-coupler Outputs finally. We take inputs from Drop Contacts of 4 different relays along with the Output of U1 Pin 3 of their De-bounce circuits, via Port ‘A’ of 8255. Similarly, the pick-up Contacts of the same four Relays and Output from U1 Pin 6 are taken through Port ‘B’. For 16 relays, Interface to the Card, 4 numbers of 8255 ICs PPI 8255   1 are needed. The Programme for the Toggle Operation is given below:   MVI A, 92                 Programme Four PPIs (8255) having     OUT 03                           PORT A -- INPUT OUT 07                           PORT B -- INPUT OUT 0B                          PORT C -- OUTPUT OUT 0F                           LXI H, 1100               Starting Location to keep Drop Contacts Data SUB A                       Enable Opto Couplers in PPI 1 OUT 02 IN 00                         Read Drop contact Status from PPI 1 MOV M, A                 Save in Location 1100 IN 01                         Read Pick-up contact Status from PPI 1 CALL MATCH          Rearrange Bits and Match them. INX H                        Go to Next Location SUB A                       Enable Opto Couplers in PPI 2 OUT 06 IN 04                        Read Drop contact Status from PPI 2 MOV M, A                Save in Location 1101 IN 05                        Read Pick-up contact Status from PPI 2 CALL MATCH         Rearrange Bits and Match them. INX H                       Go to Next Location SUB A                      Enable Opto Couplers in PPI 3 OUT 0A IN 08                        Read Drop contact Status from PPI 3 MOV M, A                Save in Location 1102 IN 09                        Read Pick-up contact Status from PPI 3 CALL MATCH         Rearrange Bits and Match them. INX H                       Go to Next Location SUB A                      Enable Opto Couplers in PPI 4 OUT 0E IN 0C                        Read Drop contact Status from PPI 4 MOV M, A                Save in Location 1100 IN 0D                        Read Pick-up contact Status from PPI 4 CALL MATCH         Rearrange Bits and Match them.                            STA 1100                Bring Drop Contact Data from Location 1100 LXI H , 1200             Initialize Flag Location for First Relay of PPI 1 IN 00                       Read Drop contact Status from PPI 1        CPI 55                      Check if this Data is same as the Saved Data JZ PPI 2 CALL DELAY 1ms  Wait for 1 milli second MVI A, FF                 Disable Opto Couplers OUT 02 IN 00 CALL DELAY 1ms  Wait for 1 milli second CPI FF JNZ FLT                   If not, Go to Fault SUB A                      Again Enable Opto Couplers OUT 02 IN 00 CPI 55 CNZ PROCESS PPI 2    :             STA 1101                   Bring Drop Contact Data from Location 1101 LXI H , 1204                 Initialize Flag Location for First Relay of PPI 2 IN 04                           Read Drop contact Status from PPI 2 CPI AA JZ PPI 3 CALL DELAY 1ms     Wait for 1 milli second MVI A, FF                    Disable Opto Couplers OUT 06 IN 04                            Read Drop contact Status from PPI 2 CALL DELAY 1ms     Wait for 1 milli second CPI FF                        Check if Opto Couplers are Disabled JNZ FLT                      If not, Go to Fault SUB A                        Again Enable Opto Couplers OUT 06 IN 04                           Read Drop contact Status from PPI 2 CPI AA CNZ PROCESS PPI 3       :        STA 1102                   Bring Drop Contact Data from Location 1102 LXI H , 1208                Initialize Flag Location for First Relay of PPI 3 IN 08                          Read Drop contact Status from PPI 3 CPI 55                   JZ PPI 4 CALL DELAY 1ms   Wait for 1 milli second MVI A, FF OUT 0A IN 08                         Read Drop contact Status from PPI 3 CALL DELAY 1ms   Wait for 1 milli second CPI FF                      Check if Opto Couplers are Disabled JNZ FLT                   If not, Go to Fault SUB A                       Again Enable Opto Couplers OUT 0A IN 08                        Read Drop contact Status from PPI 2 CPI 55 CNZ PROCESS PPI 4    :             STA 1103                 Bring Drop Contact Data from Location 1104 LXI H , 120C              Initialize Flag Location for First Relay of PPI 4 IN 0C                        Read Drop contact Status from PPI 4 CPI AA   JZ NXT_CARD CALL DELAY 1ms  Wait for 1 milli second MVI A, FF                 Disable Opto Couplers OUT 0E IN 0C                         Read Drop contact Status from PPI 4 CALL DELAY 1ms  Wait for 1 milli second CPI FF                       Check if Opto Couplers are Disabled JNZ FLT                   If not, Go to Fault SUB A                       Again Enable Opto Couplers OUT 0E IN 0C                         Read Drop contact Status from PPI 4 CPI AA CNZ PROCESS   PROCESS   :    MOV B, A     MVI C, 04                MVI D, 40                              CHK             :     MOV B, A               ANA D               JNZ PICK-UP               MVI A, FF               MOV M, A PICK-UP       :  MOV A, D RLC MOV D, A ANA D JNZ FLT SUB A MOV  M, A INX H MOV A, D RLC MOV D, A DCR C JNZ CHK   dELAY 1 ms :   PUSH D BACK           :    LXI B , 0BB1                            DCX B JNZ BACK POP D RET  This Programme to check the Status of the Relays Interfaced in One Card takes about 9.64 ms . Thus to check all 16 Input Cards, a total time of 154 ms is needed. It covers up the Transition periods for QN1 Relays. Card AcCcess Whenever an Input Card is inserted into one of the I/O Slots, it gets the I/O Slot address , which is Hardwired in Back-plane . Processor Card sends Motherboard Slot addres s through the I/O Bus. When the two addresses match, the Comparator Output Pin gets low and a Decoder and Data Buffer are enabled. The arrangement is showed in Fig 6 .    The FMECA of this sub- circuit is given below. a) If Pin 19 of Comparator UA is s-a-1: The Decoder UD and Buffer UC will not be enabled. Processor cannot read ID andID* of Input Card. b) If pin 19 of Comparator UA is s-a-0: The fault will not be detected. c) If any Input Pin of P or Q Comparator of UA is s-a-0 / s-a-1 : Software data sent by Processor will not match with Hardware data from the Backplane. Failure is same as (a). d) If any Pull- up resistor for Backplane is Open: The corresponding Pin may float to either 0 or  1. Depending on that the Hardware and Software addresses may or may not match. e) If any Input Pin of Buffer UB is s-a-0 or s-a-1. Software data will be faulty and may or may not match with Hardware data. f) If Pin 19 of Bus Driver UC is s-a-1: UC will not be enabled. Card ID and ID* cannot be read. g) f) If Pin 19 of Bus Driver UC is s-a-0 : UC will be permanently enabled and the fault will remain undetected while accessing the Card. h) If Pin 1of Bus Driver UC is s-a-1 : UC will not allow reading Card ID and ID*. i) if any Data Pin of Bus Driver UC is s-a-0 or s-a-1 : Processor will get wrong ID and ID*. j) If Pins 1 and 19 of Buffers UE or UF are s-a-1 : Processor will not get ID or ID* depending on whether UE or UF has got the fault. j) If Pins 1 and 19 of Buffers UE or UF are s-a-0 : UE or UF will be permanently enabled . There will be Bus contention while reading ID and ID*.    

Read Full Article

Somnath Pal - Posted 3 years ago

FAULT TREE ANALYSIS OF ROUTE RELAY INTERLOCKING BUTTON CIRCUITS

Chapter -2  The Buttons are Self-restoring type Push Buttons and are used for the following purposes: The Signal Buttons (GN’s) are provided near the concerned Signal on the Panel, one Button for each Signal with distinct colours. For Stop Signal --  Red For Calling `ON’ Signal -- Red with White dots For Shunt Signal --  Yellow button etc) and are numbered 1,2,3 etc.   Route Buttons (UN’s) are provided in the middle of each Berthing Track / Overlap Track / Exit Track on the Panel, one Button for each Route / Overlap / Exit Route. The Colour of Route / Overlap Button is Grey / White .  They are marked alphabetically as A, B, C etc or with the respective Route number. Point Buttons (WN) nearer or on the concerned Point and Common Point Group Button WWN (NWN) & WWR (RWN) and Emergency Point Operation Button (EWN). Concerned Point Button is pressed along with the Common Point Group Button. Crank Handle Control Button (CHN) and Common Crank Handle Buttons (CHYYN, CHYRN). These Buttons are pressed for Crank Handle or Siding Key Transmissions. Emergency Signal Cancellation Button (EGGN). Emergency Route Cancellation Button (EUYYN)     and Siding Control Key Button (KTN). SIGNAL BUTTON RELAY (GNR) CIRCUIT To operate any Signal, the concerned Signal Button is to be pressed . Whenever the Signal Button is pressed, the corresponding Signal Button Relay (GNR) will operate, provided no other Signal Button is simultaneously pressed. So, Drop Contacts of all other GNR Relays are proved in the operate path of GNR Relay. The Flowchart for the operation of GNR Relay is shown in Figure 1 and State Transition Diagram is shown in Figure 2  Figure 1 Operation of GNR Relay Figure 2 State Transition Diagram The Boolean Equation is very simple --                                                GNR = GN Button . Confl GN Buttons * Refer Figure 3 for basic Circuit Diagram  Figure 3 Basic Circuit Diagram  The circuit is self-explanatory. Relay GNCR is normally in Pick up condition , proving that all Signal Button Relays are dropped i.e. no Signal Button is pressed .  Now, we will prepare a Fault Tree (Figure 4 & Figure 5)  to find out how the GNR Circuit can fail in a Safe mode (Relay does not Pick-up when Signal Button is Pressed). Figure 4 Fault Tree  Unwanted operation of GNR (Relay picks up without GN Button) can be due to two causes only. This cannot cause any Unsafe Failure since a Button-Stuck condition beyond a specified Time limit is indicated by Button Stuck-up Relay NNCR. Figure 5 Fault Tree     Failure Mode Effect and Criticality Analysis for GNR Relay is givenin Table 1. Table 1 : Failure Mode Effect Criticality Analysis  All the above failures are detected . Safe failures will not allow GNR to operate and Signal Clearance cannot be initiated. Signal will not go to OFF. Unwanted operation of GN Button is detected by Button stuck-up Alarm . The Rate of Safe Failure         λ safe = λ GNR +λ FUSE +λ POWER +λ WIRING +λ CONTACT. FLT (Button) + λ Other GNRs (13)   As per Railtrack IRM CCA Model,            λ RELAY (open )          = 0.7495 X 10 –6 / Hr.,   λ RELAY (short )          = 0.4307 X 10 –6 / Hr          λ WIRING ( Open )         = 6.554 X 10 –8 / Hr.,    λ FUSE                          = 0.04 X 10 –6 / Hr.,             λ POWER                      = 0.04 X 10 –6 / Hr.   and     As per MIL Std. 217F               λ CONTACT. FLT         = 0.3468 X 10 –6 / Hr. ( considering 5 operations / Hr.),             (for GN Button)                                     Replacing these values in the equation                  λ safe =  (0.7495 X 10 – 6 + 0.4307 X10 –6 + 6.554 X10 – 8   + 2 X 0.04 X10 – 6                                                                                             + 0.3468 X10 – 6 + 13 X 0.7495 X 10 – 6 ) / Hr                        =  1 1. 416 X 10 –6 / Hr . The Rate of Unwanted Operation is      Λ unwanted   = λ Direct Supply    + λ CONTACT. FLT (Button) In this case, Fault due to Direct Supply has negligible probability except Human Interference, which is difficult to calculate. Thus, λ unwanted can be limited to λ CONTACT. FLT    or    0.3468 X 10 –6 / Hr.   Event Tree Analysis of the GNR Relay Operation is shown in Figure 6  Figure 6 Event Tree Analysis The Timing Diagram for operation of GNR relay is given in Figure 7  Figure 7 The Timing Diagram  Figure 8 Operation  EMERGENCY SIGNAL CANCELLATION INITIATION RELAY (EGGNR) EGGNR Relay picks up without SMCR contact to allow the Signal to be thrown back to danger in case of emergencies even without SM’s Authorization .  This Relay operates as soon as EGGN Button in the Panel is pressed. T he Boolean Equation is     EGGNR = EGGN Button The basic Circuit Diagram is shown in Figure 9  Figure 9 Basic Circuit Diagram  The Fault Tree, Failure Mode Effect and Criticality Analysis, Event Tree Analysis and Timing Diagram all are similar to the GNR Relay. The Safe and Unwanted Operation Rates are same as for GNR Relays. Refer Figure 10 for a Single Line  layout of which the circuit is made  Figure 10 Single Line Layout  The detailed Circuit Diagram for all GNR Relays and EGGNR Relay of the given Yard is shown in Figure 11 . The operating path for 1GNR Relay is marked in RED Lines. The vital condition to be proved, i. e. operation of Signal Button 1GN is highlighted by Blue Box. Figure 11 Detailed Circuit Diagram 

Read Full Article