Railway emergency plan modeling based on Petri net


Purpose
When a railway emergency occurs, it often leads to unexpected consequences, especially for trains of higher speed and larger passenger flow. Therefore, the railway emergency plan, a pre-established plan to deal with emergencies, plays an important role in reducing injuries and losses. However, the existing railway emergency plans remain as plain-text documents, requiring lots of manual work to capture the important regulations. This paper aims to propose a visualized, formal and digital railway emergency plan modeling method based on hierarchical timed Petri net (HTPN), which is also of better interpretability.


Design/methodology/approach
First, the general railway emergency plan was analyzed. Second, the HTPN-based framework model for the general railway emergency plan was proposed. Then, the instantiated model of electric multiple units rescue emergency plan was built by ExSpect, a Petri net simulation tool.


Findings
The experiments show that the proposed model is more digital and of better readability, visualization and performability, and, meanwhile, can generally conform to the practice well, offering a promising reference for future analysis of the optimization of railway emergency plans.


Originality/value
This study offers a promising reference for future analysis of the optimization of railway emergency plans.



Introduction
Because of its characteristics of being convenient, comfortable, environmentally friendly and higher speed but lower cost, railways are very popular in China and have been developed rapidly in the past two decades. China's 2019Railway Statistical Bulletin (2020 shows that in 2019, the number of passengers sent by the railway is 3.66 billion, an increase of 8.4% over the previous year, and the scale of China's railway network has reached a mileage of 139,000 kilometers, which have put higher and higher requirements on the safety, reliability and efficiency of the railway system. Besides, according to the report of the European Commission, it is expected that railway passenger transportation in Europe will be doubled in 2020 (Atamuradov et al., 2009).
Railway emergency management, which is an integration of multiple technologies to maintain the safety and normal operation of the railway, is of great significance to the railway system, in which failures and emergencies will inevitably occur. When a railway emergency occurs, e.g. equipment failure, railway traffic accidents and natural disasters, it often leads to unexpected consequences, including injuries and deaths, economic losses and traffic interruption. Therefore, in the face of emergencies, the railway emergency plan, a preestablished response plan to deal with emergencies, plays an important role in reducing injuries and losses for the railway and passengers.
However, the existing railway emergency plans have certain limitations in readability and operability, e.g. most railway emergency plans remain as plain-text documents, requiring lots of manual work to read and capture the important regulations and procedures. Besides, generally, it tends to be more difficult for the assessment and validation of emergency plans, urging us to build more visualized, formal and digital ones (Zhou, 2013). Therefore, the establishment of a formal and digital railway emergency plan is of great significance to improve its readability, performability and visualization.
To solve the readability problem, Can os et al. (2004) turned the emergency plan of a subway system into a multimedia software system. According to the drill exercises, both the emergency response time and human errors have been significantly reduced. But there are two essential requirements, i.e. multimedia storage and delivery must be provided and the navigation of the available information is necessary.
For emergency plan modeling, Zhong et al. (2010) established a Petri net-based model for China's typical urban emergency response system (UERS) for performance analysis, using the Markov chain. And their results conform to the practical operation of China's current UERS. Ter Mors et al. (2005) developed a mathematical modeling framework for disaster planning, which can capture the most important aspects of emergency response, and enable the construction of the decision support system. Karagiannis et al. (2010) proposed a functions interactions structure approach to model and analyze the robustness of industrial emergency plans, providing for an assessment of the functions and structure for industrial emergency plans. Zhou (2013), considering the great influence of human actions, proposed a colored hybrid Petri net model for an oil station team leader's emergency response to a fire, as an example of human response action modeling in chemical accidents. This research provides a useful reference for the modification and simulation of emergency plans. In addition, many modeling and analyzing methods of emergency plans have been proposed in many other fields (Ruiz-Martin et al., 2015;Liu et al., 2014;Elmitiny et al., 2007;Tavana, 2008).
However, for the modeling of railway emergency plans, there are relatively few studies, among which, Ai (2008) proposed a Petri net-based model for railway emergency plans, and fuzzy mathematics and Markov chain were used for analysis, and Li (2013) adopted the same method for the railway emergency plan of dangerous freight transport. In general, SRT there is a lack of research on modeling of railway emergency plans, especially for electric multiple units (EMUs) rescue, which is usually caused by the failure of railway traveling equipment (e.g. railway lines, pantograph and catenary), leading to abnormal operation or parking. The consequences will be very serious if this kind of emergency cannot be solved in time. Therefore, the study of railway emergency plans is of great significance for the recovery of railway transportation. This paper proposed a modeling method based on hierarchical timed Petri net (HTPN), a very powerful graphical and mathematical tool to describe the relationship between events and conditions. With HTPN, the proposed model is of strong descriptive ability and is able to deal with larger-scale systems in a top-down approach and do quantitative analyses with time limitations being introduced. First, we introduced and analyzed the process of the railway emergency plan. Second, we built a Petri net framework for the general railway emergency plan and then instantiated it to EMUs rescue by ExSpect. The experiments show that the instantiated HTPN model is of better readability, visualization and performability, and meanwhile, the proposed EMUs rescue model, to a certain extent, conform to the practice well, offering potential reference for future analysis of the optimization of railway emergency plans. Finally, based on the experiment results, we put forward some suggestions for the optimization of the EMUs rescue emergency plan.

Railway emergency plan
When a railway emergency occurs, e.g. equipment failure, railway traffic accidents and natural disasters, it often leads to unexpected consequences, including injuries and deaths, economic loss and traffic interruption. In the face of emergencies, the emergency plan plays an important role in reducing injuries and loss. As shown in Figure 1, the procedure of the general railway emergency plan mainly includes three main stages: early alarming stage, emergency response and rescue stage and post disposal stage (Ministry of Transport of the People's Republic of China, 2012;Ai, 2008;Li, 2013).
The early alarming stage mainly includes emergency alarming and reporting, as well as early response disposal. The detailed process of this stage is as shown in the left part of Figure 1, in which:

Railway emergency plan modeling
Emergency alarming means the staff on duty (e.g. the train driver) send an alarm to the train dispatcher or the station attendant of the nearest railway station. Alarm receiving refers to the reception of emergency information by the superior department (e.g. the dispatching office). Emergency reporting refers to the process of level by level reporting to other relevant superior departments (e.g. emergency office, railway group corporation and railway corporation). Emergency level determination refers to the determination of accident level (I, II, III, IV, V) according to some key indicators, such as the number of injuries and deaths, economic losses and time of traffic interruption. Information delivery within stations and depots refers to the process of reporting the emergency information to the neighboring stations, as well as assisting them with the adjustment of train operation. Early response disposal refers to taking preliminary measures to control the situation before the emergency leading group arrives. Auxiliary decision refers to consulting relevant experts with more practical emergency response methods and rescue measures based on the preliminary emergency plan. Alarm modification refers to the update of alarm information or accident level according to the accident development status.
As the most important and critical stage during the entire emergency process, the emergency response and rescue stage mainly includes command and launch of on-site emergency rescue work, as well as cause investigation. The detailed process of this stage is as shown in the middle part of Figure 1, in which: Establishment of emergency rescue headquarters refers to the emergency command center of both railway group corporation and the base station. Implementation of emergency rescue work refers to carrying out various emergency rescue work, including emergency disposal, medical care, emergency communication, emergency dispatching, etc. Expert decision refers to the emergency office and command center determining whether to adopt a higher-level emergency plan through previous investigation and assessment work. Assistance application refers to the application to the government for support (e.g. firefighting equipment, medical equipment and military assistance).
Post-disposal stage, which is very important for recovery, mainly includes the aftermath of accidents, work assessment, as well as record establishment. The detailed process of this stage is as shown in the right part of Figure 1.
3. Hierarchical timed Petri net 3.1 Conceptions of Petri net As a powerful graphical and mathematical tool, the Petri net was proposed by Dr Carl Adam Petri in 1962 (Petri, 1966). It is a network to describe the relationship between events and conditions, which are represented as transitions and places in Petri net, respectively. A transition can be an event, a task, a computation step, a logical statement, etc., and accordingly, places can be preconditions and postconditions, resources needed and released, input and output data, conditions and conclusions, etc. The definition of a places/transition Petri net is as follows (Murata, 1989): where: P = {p 1 , p 2 , . . .., p m } is a finite set of places; T = {t 1 , t 2 , . . ., t n } is a finite set of transitions; P [ T 6 ¼ 1 denotes the net is not empty and P \ T = 1 denotes duality; Þ is a set of arcs (the flow relation between P and T); The system state determines the firing of transitions, and the transitions, in turn, bring changes to the system state. The firing rules of transitions are defined as follows (Chongyi, 2005): where M 0 is the post-marking of M, and W (t, p) denotes the weight of the arc from t to p. As a promising tool applicable to many kinds of systems, Petri nets do well in describing and analyzing system characteristics of sequence, concurrency, conflict (Murata, 1989), etc., as shown in Figure 2, respectively, defined as follows: Railway emergency plan modeling where M is the original marking in Figure 2 It can be concluded that in the sequential relation, every transition has a specific firing order and in the concurrent relation, the firing of any transition will never affect the firing ability of the other one, which, however, will be disabled in the conflict relation.
However, one of the weaknesses of the Petri net is its complexity and confusion problem (Murata, 1989), i.e. when the selected system is large, or even just with a modest size, the Petri net-based model is prone to more difficulties in analyzing, accordingly. Therefore, based on the characteristics of the emergency plan being phased, we reduced and clarified the model by hierarchical Petri net (HPN), which builds sub-nets (each sub-net can be an abstraction of a group of transitions and places) to describe the system in a top-down approach. Figure 3 is an example of an HPN, in which a sub-net is replaced by a single transition t2 (also called a substitution transition), which enables easier understanding of the whole system by hiding the complex behavior of the system from the observer (Bago et al., 2008). Therefore, HPN makes the model object-oriented and enhances its readability.
Traditional Petri nets, which mainly describe the causal relationship between states, only have the concept of process control but not of time. However, for the quantitative analysis of an emergency plan, time is a very important parameter. Therefore, this paper extended the  (Holliday and Vernon, 1987), as defined in the following: where D: T Â P ! R þ | {0} is a set of firing durations (deterministic or stochastic) of transitions.
In the TPN, the firing of a transition is usually associated with a limitation on the duration, rather than being an atomic operation (without interruption and switch), which differentiates TPN from the traditional Petri net.

Framework model of railway emergency plan
Based on the previous analysis of the general railway emergency plan and introduction of the basic Petri net theory, the Petri net-based framework model of railway emergency plan (Ai, 2008) is as shown in Figure 4, consisting of three main parts, including the early alarming process, emergency response and rescue process and post-disposal process. And, because of its complexity, only parts of the definitions of variables in the framework model are listed in Table 1.
According to different types of railway emergencies (e.g. signal equipment failure and derailment), the framework model can be further instantiated into different types of emergency plan models. In this paper, we instantiate the framework by modeling an EMUs rescue emergency plan model based on HTPN.

.1 Instantiated railway emergency plan
In the previous section, we have analyzed the overall framework of the general railway emergency plan at the railway corporation level, based on which, various types of emergency plans can be formulated by subordinate departments (e.g. railway group corporation, railway station and depots). There are mainly ten types of railway emergency plans for signal equipment failure (Ou et al., 2019), derailment, abnormal operation of highspeed railway, etc.
The instantiated emergency plan adopted in this paper is the EMUs rescue emergency plan, which is usually caused by the failure of railway traveling equipment (e.g. railway lines, pantograph and catenary), leading to abnormal operation or parking. The consequence will be very serious if this kind of emergency cannot be solved in time, especially for the EMUs, which are of higher speed. Therefore, the study of EMUs rescue emergency plan is of great significance for the recovery of railway transportation. Figure 5 is the analysis of the process of the EMUs rescue emergency plan.

Instantiated modeling
In the previous sections, we have analyzed the railway emergency plan (EMUs rescue) and introduced the basic conceptions of HTPN. In this section, based on the framework model we have prepared, we will build an HTPN-based model for EMUs rescue emergency plan by ExSpect (Executable Specification Tool), a simulation and animation tool for Petri nets designed by Deloitte and Touche Bakkenist and the Eindhoven University of Technology in The Netherlands (van der Aalst et al., 2000). ExSpect is a powerful tool for modeling, monitoring, analyzing and tracking, with a full graphic user interface and a sound formal basis. Figure 6 is the HTPN-based model of EMUs rescue emergency plan modeled by ExSpect, where the yellow rectangular blocks represent the sub-nets of the system, i.e. sys1_report_emerg, sys2_early_repaire, sys3_response_rescue and sys4_later_disp, which represent early alarming and reporting stage, early response disposal stage, emergency response and rescue stage and post-disposal stage, respectively, according to the previous analysis.
The four sub-nets of the HTPN model of EMUs rescue emergency plan are as shown in Figures 7 and 8, where the three sub-nets of early alarming and reporting stage, early response disposal stage and post-disposal stage, have been reduced to more concise ones, respectively. While the emergency response and rescue stage remain a more detailed subnet, considering its complexity and great importance during the whole EMUs rescue process. Obviously, based on the HTPN and the ExSpect tool, this EMUs rescue emergency plan model is prone to better readability, visualization and digitization.
Relevant variables in the HTPN model of EMUs rescue emergency plan are listed in Table 2. Record establishment information t 38 End the plan SRT As we previously mentioned, the consideration of the firing duration of transitions in Petri nets is of great significance for the analysis of railway emergency plans. The main limitations on the duration are listed in Table 3, where limitations are mainly derived from the regulations of emergency response time for high-speed railway operation (China Railway Guangzhou Group, 2018).

Simulation and analysis
We conducted 625 experiments, where we found that the token generated at the beginning of the model can always reach the end place from t 19 or sys3_response_rescue sub-net, i.e. p23_response_ended always holds the token in each experiment, with no deadlock in the network. Besides, according to the simulation, we can easily conclude that the net is bounded, without requiring infinite resources.

Railway emergency plan modeling
The simulation time of the HTPN model of EMUs rescue emergency plan is as shown in Figure 9.
In Figure 9, T_transfer, T_stage1, T_stage2 and T_total refer to the simulation duration of t 16 (t16_organize_transfer_or_rescue), the first stage of early alarming, the second stage of emergency response and rescue and the total time of the complete process, respectively. According to the simulation results, the total time is prone to lead to an emergency response

SRT
of level IV (interruption of the high-speed railway >60 min), which is what we do not expect compared to level V (20 min < interruption of the high-speed railway < 60 min). Actually, according to the historical data of a railway group corporation from 2016 to 2019, the average duration of EMUs rescues is about 75 min, which is relatively close to the simulation results.
T_total mainly consists of T_stage1 and T_stage2, and it can be obviously concluded that the second stage, i.e. emergency response and rescue, is much more time-consuming with an average of simulation results of about 60 min. Meanwhile, in the second stage, T_transfer accounts for more than half of T_stage2. Therefore, to reduce the time cost and emergency response level, reducing the duration of the second stage, more precisely, t 16 , to provide and organize a more efficient transfer and rescue is very crucial, providing a potential reference for the optimization of the emergency plan. In addition, the emergency plan can be optimized from other aspects, e.g. the monitoring system, fault prediction and the technical operation of the rescue train.

Conclusions
To establish a formal and digital railway emergency plan, this paper proposed and promoted a modeling solution for railway emergency plans. First, we introduced and analyzed the process of the general railway emergency plan. Second, we explained the HTPN theory and established the framework model for the general railway emergency plan,  SRT which applies to all types of railway emergency plans. Then, we analyzed a particular type of emergency plan, i.e. the EMUs rescue, and we used ExSpect to conduct the HTPN modeling for this instantiated emergency plan. Lastly, according to the simulation results, the model can generally conform to the practice well and we put forward some suggestions to optimize the EMUs rescue emergency plan. According to the experiments, the proposed digital and visualized model is of better readability and, meanwhile, a promising tool and a significant basis for the analysis, assessment and improvement of railway emergency plans. Future work will consist of further developing the framework model, integrating with more practical data of the execution of railway emergency plans to enhance the adaptability of the proposed model.

Data availability statements
Some or all data, models or code that support the findings of this study are available from the corresponding author upon reasonable request. Data include some related documents about the railway emergency plan, code includes some .py files and models include some .ex, .h and .cfg files.