The Human-Machine Interface (HMI), which displays the real-time status of electrical systems, interacts with the driver or operator, and collects and reports system fault information, is an important device in railway vehicles. The HMI is a critical component of the control and diagnosis system in the railway vehicle, thus the reliability of the HMI software affects the reliability and safety of the whole railway vehicle. Therefore, it is necessary to design the HMI software with high reliability for railway vehicles so as to ensure the reliability, stability and safety of the railway vehicle operation. This paper analyzes the HMI software function requirements, which include information display, the human-machine interaction, and communication. A kind of redundancy mechanism is proposed, which employs two structural redundancy methods: N-version programming and recovery blocks. The HMI software is divided into the information display module, the human-machine interaction module and the communication module, and each module is made up of some components. Based on the analysis of the reliability requirement, complexity, and the implementation cost for each component in the HMI software modules, the corresponding redundancy design mechanism is proposed, which consider the tradeoff between the reliability and the cost. In order to evaluate the reliability of the designed redundancy mechanism, a scenario-based reliability analysis method is used to calculate the reliability of the HMI software, which constructs five scenarios and employs the component dependency graph to compute the reliability. The reliability of the HMI software after redundancy design is compared with that before the redundancy design.
