Abstract: Aimed at the complex compositeness of level transition scenes of the CTCS-3 system, according to the CTCS-3 system functional requirements specification, selecting the demand of the system life cycle stage, the safety of level transition scene is studied. Firstly, based on the UML extensibility mechanism, the hybrid UML model is established, complex compositeness of level transition scene is described. Secondly, according to the CTCS-3 system functional requirements specification, functional requirements are summarised, the correctness of level transition scenes is verified. Then, by analyzing the level transition process, the possible faults of function modules of system components are found out. The fault model of level transition scenes is established using FFDN. By integrating the PHAVer model and the fault model, the PHAVer model containing faults is built. Finally, functional module failures when functional requirements of level transition scenes are not satisfied are analysed with PHAVer, the function safety analysis of level transition scenes is implemented.

Key words: Level transition process of CTCS-3 system, Hybrid UML, PHAVer, function safety analysis

摘要： 针对CTCS-3级列控系统等级转换场景的混成性，以CTCS-3级列控系统需求规范为研究依据，选取系统生命周期的需求阶段，研究了等级转换场景的功能安全性。首先，基于UML扩展机制，建立了等级转换场景的Hybrid UML模型，实现了等级转换场景的混成性描述；进而依据CTCS-3级列控系统需求规范，总结等级转换场景的功能需求，根据UML到PHAVer的转换规则，构建了PHAVer模型并验证了该模型的正确性；其次，通过分析等级转换过程，找出各相关设备可能的功能模块失效情况，采用功能模块失效描述符号(Function Failure Description Notation，FFDN)建立了等级转换场景的故障模型，并将PHAVer模型和故障模型整合，获得了包含故障的PHAVer模型；最后，运用PHAVer分析出导致等级转换场景功能需求不能满足时的功能模块失效情况，实现了等级转换场景的功能安全分析。

关键词: CTCS-3级列控系统等级转换场景, Hybrid UML, PHAVer, 功能安全分析