First, there is a switch in the common lead of the panel so that automatic operation and the local control panel are not enabled at the same time.
Secondly, the PLC also processes signal/switch requests on a "first come/first serve" basis and it has a built in provision (all inputs are checked with multiple "Exclusive OR" gates) to reject coincidental and conflicting requests from any single loop antenna.
What happens when a train and the maintenance person happen to pick the same relay (issue the same command) at nearly the same time ? Since this would presumably be a physical impossibility without the pushbuttons (unlikely two trains would be in range of the same inductive loop at the same time), my guess is that the control program might well get confused by this and run amok.
I am assuming that the control program has provisions for dealing with simultaneous requests on multiple inputs, but maybe not. Again, the nature of the physical plant or the way the trains are operated may mean that this never happens in the absence of the pushbuttons, and thus the possibility of multiple commands that is presented by the added buttons may also have been not coverred in the programs.
I was posted to the lab to support my share of cruise missle verification. We had accomplised the B-52 version. This was the OAS B-1 version in the B-52 as Carter killed the B-1. Note that nothing the military wants stays dead. We had one of the three system compters. There were three in the system as they voted and checked each other. But the system as not working. The simulation was not working and the guy responsible was shuffling the cards in the Harris /5. He got a lot of greif for doing that becuase the was a precedence - order that the cards were called. Hey at least he was trying something. Asked about this and that trying to figure something out - any thing at all. We were looking at the three ports at OAS computer. Remember the three computers are tied to gether. The first port was used as directed. Well let's just try the other ports how would we do that. Just unplug the cable and plug it into #2. And the computer started working. The reason as I under stood it. The primary expected checking by the secondary and tertiary computer. But if it was not working then the secondary would takeover. And if it was the last computer it would run alone. Then I had to go to work.
There are occasions when the biggest hurdle engineering has to vault is purchasing. I remember a story of an astronaut feeling uneasy when he stopped to realize he was sitting atop a space vehicle all made by "The Losest Bidder".
Someone really dropped the ball. I would have thought in the design meetings this would have been discussed. OR, they didn't understand the customer's needs to begin with and just did the basics. It is so important that the customer's needs are top priority. If you build it, they may come and be disappointed...
I had a very similar situation some 60 years ago when wiring the control panel for my LIONEL set. It was quite a challenge then since (redundant) PLCs had not yet been invented, but I muddled through despite this major limitation.
Regarding the issue of approvals and safety certification, all modifications to a rail signaling system must be approved by the agency's Bureau Of Engineering. The process also provides for "peer review" before a change order is finally issued.
The state division of railway safety also requires a comprehensive report of any modifications to signaling systems and the results of the final testing.
The addition of local control involved the "Non-Vital" *** portion of the system which does not directly execute any safety critical functions.
*** the actual safety critical functions of a railroad signal system are referred to as "Vital" and non-safety critical are classified as "Non-vital". The PLC used for railroad signaling is specially built for that application and actually contains 4 PLCS working on the checked redundant principle. The first PLC where requests are inputed is the non-vital level.
The original specifications for the installation were written by a private consultant to the agency and supposedly reviewed by the agency's own project management team (and any other parties having a stake in the final product). Somehow, this issue wasn't caught and corrected before the contractor got the notice to proceed.
It's also interesting to note there is one track switch (out of the 16 total in the system) which is manually controlled (it is not provided with motorized operation) and cannot be automatically aligned by a request through the TWC or PLC.
However it does have position feedback to the PLC and if the switch is not properly aligned for the requested route, the PLC will reject the request and the signal light will be stuck on a red "X". In that case, the yard attendant has to use a switch iron (a pry bar) to flip the switch to the correct position and allow the signal to turn green.
The price tag on the entire control system was about $1.5 Million and I believe that adding the option for pushbuttons (and one additional motorized switch) would have added only $50,000.00 to the total cost.
My guess is that the oversight may have been due to the usual culprit – the gremlin of mismanagement in government or the bean counters (rather than just the designers) may have had their say in the final outcome.
That's why I thought it qualified for the Made By Monkeys column!!!
It would be interesting to know if this item was specified without the pushbuttons or if was an oversight by the manufacturer. It might be a case of trying to staying below budget on a new installation
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.