Playing Factorio took me down the deepest of rabbit holes to understand railway signals. One of the most difficult situations to deal with is deadlock, where one train blocks another train, which blocks yet another train until the network is jammed. While there are design heuristics to avoid deadlock, I never found a formal way to verify deadlock avoidance. This in turn led me down a sub rabbit-hole about envisioning a language to specify a train network layout that could provide guarantees about deadlock.<p>Since IRL railways don't seem to deadlock as much as my in-game networks, I'm assuming railway designers have figured out a way to handle them that I haven't been able to replicate.<p>If anyone has experience in this field, I'd love to learn more. Oh, and if you're planning to play Factorio, you should probably block off your calendar for a couple weeks. It's notoriously addicting, especially for process-orientated engineering type folks.
Trains don't actually need signals anymore, there are a few fully automated rails in the world, the computer drivers the train. Most trains still have a human in control, but there is less and less for that human to do (as DoubleGlazing says, that is still a lot, he knows more than me so be sure to read what he said). However it is tricky to switch from human driven to computer driving trains as you need more signaling and it has to be perfect as humans can make judgement calls when something you didn't expect happens.<p>Unlike cars, trains are a lot easier to automate as you can ignore a lot of the failure modes autonomous cars have to deal with. Also, the signaling system knows where everything on the track is anyway, so you don't need to worry about vision systems to detect something in the way. (if something on the track the train can't stop in time anyway so it doesn't matter that you didn't detect it). Of course that assumes everything is connected to the signal system 100% of the time.
Ex-railway signaler here.<p>To expand on the article the most fundamental principle in railway signaling is the block section. That is a length of track for which there can only ever be one train inside it at any time. The length of the block section is typically decided upon by at the very minimum accommodating the train that would be the slowest to brake from its top speed at that location. However in practice most block sections are much longer because it reduces the need for extra signal boxes and line side equipment which results in a cost saving. For example in the UK the longest block section is 26 miles between Carnforth and Settle junction. The flipside to have having longer block sections is that you massively reduce the amount of trains the can run on that line and there have been major problems in the UK where block section lengths were increased in the 70s and 80s to reduce costs, but now with increasing demand they can't run extra trains.<p>Around railway stations and busy junctions block sections can be quite short, sometimes just a bit longer than the trains that run on those lines. So you might wonder how a train going at full speed could stop within its block section? In those cases there are mechanisms in place to prevent trains going faster than they should. In the UK a system called TPWS is used to control this speed of trains. If a train goes over a TPWS balun too fast then the brakes will be applied and a lot of paper work will have to be completed.<p>The three main systems used to actually control the movement the trains are absolute block, route relay interlocking and computer-based/solid state interlocking.<p>In absolute block the signals in adjacent signal boxes use a device known as a block instrument to protect the line between them. Using a bell messaging system the signaller at one box will ask the signaller at the next box if a train can enter their section, if so that signaller will turn a handle on the block instrument which will allow the first signaler to clear their starter signal to allow the train to enter that section. That signal is called the starter because it is at the start of the next section. It's worth noting absolute block is just a method of working and you could control it using old-fashioned mechanical levers, or modern switched control panels. Likewise the signals could be semaphores or electric lights.<p>Root relay interlocking was developed in the 1930s and uses huge numbers of relays to control the safety of railway operations. Track circuits indicate the presence of trains which will prevent conflicting train movements. An interesting thing to note that in the British railway rulebook is that under absolute block the signallers primary purpose is to ensure the safety of trains, whereas with route relay interlocking their primary purposes to keep the trains running on time. Route relay interlocking takes away the safety responsibility from the signaler. RRI signals are controlled using a vertical panel that shows a diagram of the railway tracks under control with buttons placed at the junctions between each block section. To set a route for the train the signaller simply presses the buttons at the start of the section and end of the section and if that's allowed by the relays then the section will light up and the points and signals will be set appropriately for the train.<p>Computer based interlocking, also known as solid state interlocking in the UK, is just basically route relay interlocking but now the logic is controlled by computers and instead of standing in front of a big panel the signaller now sits at a computer terminal.<p>One of the biggest advantages of computer-based interlocking is that it allows for the development of moving block sections. What this means is that physical block sections are replaced with virtual ones which are the length of the stopping distance of each particular train in that area. This means that each train has exactly the right amount of stopping distance in front of it. That allows for more trains to run on the same line.<p>Edit: Forgot to mention token block working which is an extension of absolute block working where a bi-directional single line is in operation. In addition to the normal signaling equipment, there is also a token machine in each signal box. In each machine there is a supply of tokens which look like big brass keys. The two token machines are linked so that only one token between them can be removed at any time. When a driver is about to enter the section they will be given a token which will be given up at the signal box at the other end and inserted into the token machine there. If you've ever seen the driver handing over a something that looks like a leather handbag with a massive metal loop for a handle then that's what's going on. Even though only one token is ever needed to go down the line, typically there might be a total of 20 or 30 tokens between the machines this is to allow for when there are a lot of trains going in the same direction repeatedly. Although it is rare there have been occasions where all the tokens ended up at one end, so a signaling engineer has to come out and remove some tokens and take them back to the other box.
A good overview but a bit short on details. Some crucial things that got omitted (and are generally valid across Central Europe - no idea about the US, India and other places notorious for railway accidents):<p>- signals, both "old" mechanical and modern filament/LED light based, are continuously monitored for their status. If a wire breaks (for mechanical signals) or the current is abnormal, a fault is detected by the interlock control and there are rigid procedures on how to operate safely under such conditions.<p>- Signals have some sort of direct connection to a railside element communicating the status of the signal (go/slow/stop) to the locomotive. In the case of the most common used system PZB [1], it's a box containing a tuned inductor circuit, with the resonance frequency changing according to the status of the signal by connecting or disconnecting a capacitor (which can also be done by a mechanical signal). The train drives over these boxes and the locomotive's antenna detects driving over a tuned or mistuned box. The French use a system applying a low voltage to a third, short center rail that gets picked up by a brush [2] or, for high-speed rails, a low-frequency FM carrier signal transmitted over the rails [3].<p>- railway sections are sub-divided into "blocks", spaced at least a full brake distance from full speed apart. Signals signal to conductors what to do, and axle counters or DC monitors verify a block of rail is free of trains. The purpose of all that effort is to make sure that a) even in the worst case of a conductor missing a red light at full speed, the safety system has enough time to stop the train before it crashes into the train ahead and b) should a train separate and someone made an error in linking the central brake pipe (leading to the front part not braking automatically), the axle counter will detect that less axles came out of the block than came into it. It has the obvious disadvantage that a lot of capacity is wasted by the requirement to have one entirely empty block between trains; as a consequence systems like ETCS or LZB got developed that monitor position, speed and condition of trains and provide a virtual "moving block" leading to better utilization. In the long term, ETCS will lead to a complete elimination of track-side signals and eventually pave the way towards fully automated driving - but that's <i>many decades</i> away.<p>[1] <a href="https://en.wikipedia.org/wiki/Punktf%C3%B6rmige_Zugbeeinflussung" rel="nofollow">https://en.wikipedia.org/wiki/Punktf%C3%B6rmige_Zugbeeinflus...</a><p>[2] <a href="https://en.wikipedia.org/wiki/Crocodile_(train_protection_system)" rel="nofollow">https://en.wikipedia.org/wiki/Crocodile_(train_protection_sy...</a><p>[3] <a href="https://de.wikipedia.org/wiki/Transmission_Voie-Machine" rel="nofollow">https://de.wikipedia.org/wiki/Transmission_Voie-Machine</a>