The ELEKTRA railway signalling system: field experience with an actively replicated system with diversity

Since the beginning of the century, Alcatel Austria has been the main supplier of railway signalling products in Austria. In 1985, Alcatel Austria began developing the electronic interlocking system ELEKTRA. In order to meet the stringent safety requirements for railway interlocking applications, a two channel system based on design diversity has been developed. High availability and reliability are achieved by using actively triplicated redundancy with on-line recovery. In 1989, the first system was put into operation. About 15 railway interlocking systems are in operation and further installations are ongoing. The paper presents the fault tolerance mechanisms used for design faults as well as physical faults. The experience gained with these concepts is also discussed.<<ETX>>

[1]  A. Erb Safety Measures of the Electronic Interlocking System “Elektra” , 1989 .

[2]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[3]  G. Wirthumer Votrics—Fault Tolerance Realized in Software , 1989 .

[4]  Michael R. Lyu,et al.  In search of effective diversity: a six-language study of fault-tolerant flight control software , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[5]  P. Reynier,et al.  Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[6]  Gérard D. Guiho,et al.  SACEM: A fault tolerant system for train speed control , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[7]  Yutaka Hasegawa,et al.  The design concepts and operational results of fault-tolerant computer systems for the Shinkansen train control , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[8]  Nancy G. Leveson,et al.  The Use of Self Checks and Voting in Software Error Detection: An Empirical Study , 1990, IEEE Trans. Software Eng..

[9]  Brian Randell Design Fault Tolerance , 1986 .

[10]  B. Appel,et al.  Implications of fault management and replica determinism on the real-time execution scheme of VOTRICS , 1993, [1993] Proceedings of the IEEE Workshop on Real-Time Applications.

[11]  Hermann Kopetz,et al.  Distributed fault-tolerant real-time systems: the Mars approach , 1989, IEEE Micro.

[12]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.