CN102768531A - Method for improving safety of automatic pilot system (APS) with uniprocessor structure - Google Patents
Method for improving safety of automatic pilot system (APS) with uniprocessor structure Download PDFInfo
- Publication number
- CN102768531A CN102768531A CN2012101907642A CN201210190764A CN102768531A CN 102768531 A CN102768531 A CN 102768531A CN 2012101907642 A CN2012101907642 A CN 2012101907642A CN 201210190764 A CN201210190764 A CN 201210190764A CN 102768531 A CN102768531 A CN 102768531A
- Authority
- CN
- China
- Prior art keywords
- data
- monitoring
- control computer
- flight control
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a method for improving safety of an automatic pilot system (APS) with a uniprocessor structure. The method mainly comprises the following steps of: (1) transmitting through a redundant path and sampling; (2) performing classification monitoring on data stream: comparing two groups of sampling data by using a flight control computer, determining based on the criterion of consistency, performing logical validity judgment on the compared data, calculating control rate of the data subjected to logical validity judgment, comparing with the dynamic reference value to identify correctness of the calculation value result and controlling output data; and (3) performing output classification monitoring: arranging a servo amplification link and a two-level safety switch on an output channel of the output data and determining whether the data is safe or not on the servo amplification link by a method for returning and comparing the output data. By the method, the safety requirement of the APS is met under the uniprocessor structure and the safe work characteristic of the single-channel flight control computer is guaranteed.
Description
Technical field
The present invention relates to a kind of method that improves uniprocessor configuration APS security of system.
Background technology
The general theory of constitution of autopilot system (APS-Automatic Pilot System) is as shown in Figure 1; Flight control computer is the intrasystem core component of APS; Because the APS system is relevant with flight safety; Therefore flight control computer adopts the security feature of the redundancy structure of multiprocessor passage with the assurance system usually, like the dual-redundancy structure based on " fault/safety ".But under the limited situation of system's control authority lower (being no more than 10%) financial cost; It also is a kind of selection that the APS system adopts the uniprocessor channel architecture; And have low financial cost, short lead time, (comprising: characteristics key elements such as spatial volume, weight, power consumption), key are the securities that needs to improve through technological approaches the uniprocessor passage to low physical resource demand.
Summary of the invention
The present invention is to be that core proposes a kind of method that improves uniprocessor configuration APS security of system with the flight control computer, to satisfy the security requirement of APS system, the trouble free service characteristic of bonding passage flight control computer.
For realizing above goal of the invention, the present invention provides following basic technical scheme:
Improving the method for uniprocessor configuration APS security of system, is hardware foundation with flight control computer processor and flight control computer latch-up logic circuit, carries out following processing links:
(1) redundant path transmission, sampling
The data that signal source produces are through two transmission path parallel transmissions, by corresponding two sampling sampling interfaces;
(2) data stream hierarchical monitoring
The flight control computer processor is that criterion is confirmed with the consistance through two groups of sampled datas of mutual ratio; Mutually than after data get into logical validity and adjudicate; Getting into control rate through the data after the logical validity judgement calculates; Again through relatively realize to the calculated value identification of correctness as a result the control output data with the dynamic benchmark value;
(3) output hierarchical monitoring
The output channel of output data is provided with servo amplifying element and two-stage safety switch, adopts the unroll method of comparison of output data to confirm data safety whether on servo amplifying element; Wherein, it is inner at flight control computer that watching in the two-stage safety switch put the prime switch, when permanent fault occurring, controls its disconnection by the flight control computer latch-up logic circuit; Watch and put a back level switch and flying to control amplifier inside, flight control computer is implemented the outer monitoring of unrolling to watching the front and back ends signal of putting back level switch, watches to put back level switch and also controlled by the flight control computer latch-up logic circuit, to prevent fault spreading to steering wheel topworks.
Based on above basic technical scheme, can further optimize the following technical characterictic of qualification:
Above-mentioned flight control computer latch-up logic circuit mainly can comprise watch dog monitoring, Power Supply Monitoring, software supervision, unroll monitoring and artificial preferential control, and wherein each monitoring or control all form the control to said two-stage safety switch through latched logic.
Above-mentioned watchdog circuit is used for the monitoring period task to be carried out, and its monitoring period thresholding is greater than frame period of twice but be no more than 1/2 of control convergence border time point.
The meaningful verification of decision method, overproof identification, the data rationality of above-mentioned logical validity judgement are differentiated.
The present invention has following technique effect:
The present invention has realized under uniprocessor configuration, satisfying the security requirement of APS system, the trouble free service characteristic of bonding passage flight control computer.Technological thought of the present invention is not limited to the system at APS, can also be adopted by other embedded control systems with security requirement, makes system under the prerequisite that guarantees basic security property, effectively reduce design cost.
Description of drawings
Fig. 1 is autopilot system architectural principles figure.
Fig. 2 is a uniprocessor configuration APS security of system design concept block diagram of the present invention.
Embodiment
Below provided most preferred embodiment of the present invention and combined detailed description of the drawings, the perfect and optimization to basic scheme of the present invention among this embodiment should not be regarded as the restriction to claim scheme of the present invention.
As shown in Figure 2, scheme of the present invention mainly comprises: the system-level safety of a., adopt hierarchical monitoring-failure removal strategy to guarantee the signal controlling output safety; B. the two redundancies of physical pathway are guaranteed the signal reliable transmission; C. key signal adopts two redundant interfaces to support obtaining the relatively monitoring of information; D. the data stream hierarchical monitoring is realized the discovery in advance to error message before control signal output; E. adopt the latch-up logic circuit inhibition hardware fault of many informixs (initiatively monitor message, the artificial preferential control etc. of Power Supply Monitoring information, watch dog monitoring information, software) to spread; F. the definite indicating circuit of fault is realized in time declaring fault; G. the time domain safety Design is guaranteed the trouble free service characteristic of flight control computer in the time field; H. design of Reducing Rating; I. healthy early warning.
Path redundancy.Adopt two transmission paths when in machine, connecting up, can not influence flight control computer when the physics open fault appears in individual paths, guaranteeing that security can effectively improve system's reliably working time simultaneously the obtaining of critical data for system core class signal.Redundancy strategy can be implemented to flight control computer casing connector pin level, under resource permission situation, should can be implemented to other signal extension by key signal by strategy.
Dual sampling.Though flight control computer adopts the single-pass process machine, similar path redundancy strategy can adopt two sampling interfaces at the data-interface layer, can in time find single interface circuit fault through mutual than monitoring, effectively guarantees the trouble free service characteristic of flight control computer.
The data stream hierarchical monitoring.After the flight control computer processor gets access to data message in inside through the data flow procedure hierarchical monitoring is guaranteed information security effectively suppress misdata backward level spread, comprising: data are mutually than monitoring, the validity judge, operation values monitoring, the output monitoring of unrolling.Data are that hardware foundation is that criterion is confirmed the data of being obtained with the consistance through comparing two groups of sampled datas with the dual interface than monitoring mutually; Mutually than after data get into logical validity and adjudicate, decision method generally has: content verification, overproof identification, the resolution of data rationality etc.; Getting into control rate through the data after the above Two monitor levels calculates; Again through with relatively the realizing of dynamic benchmark value to the calculated value identification of correctness as a result; Because control self-driving system control authority is in 10%; Computational data has certain correlated characteristic during week, when comparative result exceeds the characteristic thresholding, then can confirm the calculated value mistake, through the method in time recognition processor carry out the transient state computing fault that control rate computation process is occurred.
The output hierarchical monitoring.It is the expansion of data stream monitoring strategy in system's one-level that output data is carried out hierarchical monitoring, adopts output data to unroll and confirms that with desired value method relatively whether data amplify on the output element safety in system.Output control setting two-stage switch; Watch and put the prime switch in flight control computer inside; When permanent fault occurring, control its disconnection by the breech lock control logic circuit; Watch and put back level switch and flying to control the monitoring of unrolling outside the front and back ends signal of this grade switch is implemented of the inner flight control computer of amplifier, switch is still flown to control the breech lock control logic circuit and is controlled.The strategy of this hierarchical monitoring can be realized failure location and isolation, effectively prevents fault spreading to steering wheel topworks.
The breech lock steering logic.The comprehensive many control information inputs of the inner breech lock steering logic of flight control computer; Comprise watch dog monitoring (whether monitored results indication software presses predetermined period is carried out dog feeding operation), Power Supply Monitoring (monitoring primary power source and inner secondary power supply duty; Comprise voltage and current), software supervision (forming the criterion result with monitoring), the monitoring of unrolling (output control signal sample grading is relatively formed monitored results with desired value), artificial preferential control (control that the driver exports flight control computer through the realization of passenger cabin switch) through carrying out self-test, wherein each monitoring can form the control to system-level safety switch through latched logic.
Safety switch.Drive link and from system perspective the two-stage safety switch is set and realizes that failure location effectively suppresses fail-safe control information to the spreading of steering wheel topworks with isolating, and makes the security of system be able to guarantee watching to put at flight control computer output signal.
Fault is declared.For guaranteeing that the passenger cabin driver can find fault more in time, can design independently fault based on the thinking of the definite indication of fault again and declare approach to the real-time indication fault of passenger cabin.
Time domain safety.The time domain safety Design can be guaranteed the trouble free service characteristic of flight control computer in the time field, relate to the frame period, house dog regularly, transient fault filtering equal time factor.Frame period is the time minimal circulation cycle of operation of flight control computer task, this cycle should be much smaller than control convergent border time point, be not less than 20% time derate space satisfying should have on the basis that periodic duty carries out simultaneously; Watchdog circuit is used for the monitoring period task to be carried out, and its monitoring period thresholding should be greater than frame period of 2 times but is no more than 1/2 of control convergence border time point; Transient fault filtering purpose is to reduce false-alarm; Operate through carrying out to declare behind the setting failure count thresholding filtering transient affair assurance fault recognition with safety cut-off; The counting of fault filtering confirms that the thresholding lower bound should be greater than 2 times frame period, the thresholding upper bound be controlled at the convergence border time 1/2 in.
Healthy early warning.Single pass flight control computer can find that before getting into the task state it is the effective ways that guarantee work safety that self and the existing fault of system and early warning are in time declared.Certainly detect, safeguard that three kinds of approach of detection realize the healthy early warning functions before specifically surveying, fly through power-on self-test; Wherein to survey be that flight control computer energising back gets into test mode automatically and accomplishes the detection to self core resource to power-on self-test, should not have influence on other operation of peripheral devices in the test; Before detection is flight, carry out on the basis of autoscopy before the flight, accomplish test self-driving systemic-function and relevant device at flight control computer; Safeguard the functional test when detection is used for self-driving system maintenance; Interlocking condition (wheel carrying signal indication ground, maintenance switch are connected) possesses the back and gets into test mode; Test is carried out in the man-machine interaction process, allows the operator that each detected object is carried out the selectivity full test.
Claims (4)
1. improving the method for uniprocessor configuration APS security of system, is hardware foundation with flight control computer processor and flight control computer latch-up logic circuit, carries out following processing links:
(1) redundant path transmission, sampling
The data that signal source produces are through two transmission path parallel transmissions, by corresponding two sampling sampling interfaces;
(2) data stream hierarchical monitoring
The flight control computer processor is that criterion is confirmed with the consistance through two groups of sampled datas of mutual ratio; Mutually than after data get into logical validity and adjudicate; Getting into control rate through the data after the logical validity judgement calculates; Again through relatively realize to the calculated value identification of correctness as a result the control output data with the dynamic benchmark value;
(3) output hierarchical monitoring
The output channel of output data is provided with servo amplifying element and two-stage safety switch, adopts the unroll method of comparison of output data to confirm data safety whether on servo amplifying element; Wherein, it is inner at flight control computer that watching in the two-stage safety switch put the prime switch, when permanent fault occurring, controls its disconnection by the flight control computer latch-up logic circuit; Watch and put a back level switch and flying to control amplifier inside, flight control computer is implemented the outer monitoring of unrolling to watching the front and back ends signal of putting back level switch, watches to put back level switch and also controlled by the flight control computer latch-up logic circuit, to prevent fault spreading to steering wheel topworks.
2. the method for raising uniprocessor configuration APS security of system according to claim 1; It is characterized in that: described flight control computer latch-up logic circuit comprises watch dog monitoring, Power Supply Monitoring, software supervision, unroll monitoring and artificial preferential control, and wherein each monitoring or control all form the control to said two-stage safety switch through latched logic.
3. the method for raising uniprocessor configuration APS security of system according to claim 2; It is characterized in that: said watchdog circuit is used for the monitoring period task to be carried out, and its monitoring period thresholding is greater than frame period of twice but be no more than 1/2 of control convergence border time point.
4. the method for raising uniprocessor configuration APS security of system according to claim 1 is characterized in that: the meaningful verification of decision method of said logical validity judgement, overproof identification, data rationality are differentiated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210190764.2A CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210190764.2A CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102768531A true CN102768531A (en) | 2012-11-07 |
| CN102768531B CN102768531B (en) | 2014-09-24 |
Family
ID=47095962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210190764.2A Active CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102768531B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528445A (en) * | 2016-08-17 | 2017-03-22 | 中国航空工业集团公司西安飞行自动控制研究所 | Flight control computer partition variable self-adaption monitoring and exciting method |
| CN112198860A (en) * | 2020-09-11 | 2021-01-08 | 中国航空工业集团公司成都飞机设计研究所 | Electric steering engine monitoring method |
| CN113885306A (en) * | 2021-09-08 | 2022-01-04 | 中国航空工业集团公司西安航空计算技术研究所 | Signal output circuit supporting interchangeability under safety framework |
| CN114783162A (en) * | 2022-06-20 | 2022-07-22 | 商飞软件有限公司 | Alarm voting method for three-redundancy system of airplane |
| CN115877753A (en) * | 2022-11-16 | 2023-03-31 | 广州汽车集团股份有限公司 | Flight control system, aircraft control system and aircraft |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996110A (en) * | 2010-11-17 | 2011-03-30 | 中国航空工业集团公司第六三一研究所 | Three-redundancy fault-tolerant computer platform based on modular structure |
-
2012
- 2012-06-11 CN CN201210190764.2A patent/CN102768531B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996110A (en) * | 2010-11-17 | 2011-03-30 | 中国航空工业集团公司第六三一研究所 | Three-redundancy fault-tolerant computer platform based on modular structure |
Non-Patent Citations (4)
| Title |
|---|
| 张鹏利: "自动驾驶仪软件开发与管理", 《航空计算技术》 * |
| 房建成等: "小型无人机自动驾驶仪技术", 《中国惯性技术学报》 * |
| 杜大程等: "小型无人机自动驾驶仪设计与实现", 《计算机测量与控制》 * |
| 王冲: "高空长航时无人机飞控计算机仿真机***余度管理技术研究", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528445A (en) * | 2016-08-17 | 2017-03-22 | 中国航空工业集团公司西安飞行自动控制研究所 | Flight control computer partition variable self-adaption monitoring and exciting method |
| CN106528445B (en) * | 2016-08-17 | 2019-10-18 | 中国航空工业集团公司西安飞行自动控制研究所 | A kind of flight control computer subregion variable adaptive monitoring and motivational techniques |
| CN112198860A (en) * | 2020-09-11 | 2021-01-08 | 中国航空工业集团公司成都飞机设计研究所 | Electric steering engine monitoring method |
| CN113885306A (en) * | 2021-09-08 | 2022-01-04 | 中国航空工业集团公司西安航空计算技术研究所 | Signal output circuit supporting interchangeability under safety framework |
| CN113885306B (en) * | 2021-09-08 | 2024-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | Signal output circuit supporting interchangeability under security architecture |
| CN114783162A (en) * | 2022-06-20 | 2022-07-22 | 商飞软件有限公司 | Alarm voting method for three-redundancy system of airplane |
| CN114783162B (en) * | 2022-06-20 | 2022-10-28 | 商飞软件有限公司 | Alarm voting method for three-redundancy system of airplane |
| CN115877753A (en) * | 2022-11-16 | 2023-03-31 | 广州汽车集团股份有限公司 | Flight control system, aircraft control system and aircraft |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102768531B (en) | 2014-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102768531B (en) | Method for improving safety of automatic pilot system (APS) with uniprocessor structure | |
| CN107408808B (en) | triple redundant digital protective relay and method of operation | |
| CN103344271B (en) | The signal acquiring system of sensor malfunction diagnostic device and method and sensor | |
| CN106908811B (en) | A kind of system-level single-particle monitoring of LEO-based GPS receiver and means of defence | |
| US9625894B2 (en) | Multi-channel control switchover logic | |
| CN102142291B (en) | Method and system for displaying monitoring parameters after nuclear power station accident | |
| CN104240781B (en) | Signal distribution method and signal distribution system of digital instrument control system (DCS) of nuclear power plant | |
| KR101022606B1 (en) | Apparatus and method of electronic control processing of digital signal in nuclear power plant | |
| DE102015118875A1 (en) | Circuit protection devices and methods for monitoring protection devices in an energy distribution system | |
| CN107484430A (en) | A kind of security system and its operating method for nuclear power plant | |
| CN104405443A (en) | Coal and gas outburst alarming method of coal face | |
| Rawat et al. | A dominance based rough set classification system for fault diagnosis in electrical smart grid environments | |
| CN109802355B (en) | Method and device for preventing misoperation of relay protection soft pressing plate | |
| KR101023533B1 (en) | Automatic train control real time remote restore system and its control method thereof | |
| CN104500138A (en) | Coal and gas outburst warning method of coal mine heading face | |
| CN103869732A (en) | Method of realizing in-orbit independent restoration of single TT&C transponder by utilizing AGC value | |
| Wäfler et al. | Interdependency modeling in smart grid and the influence of ICT on dependability | |
| CN106814604B (en) | Triple-redundancy passive independent current mutual-detection power-off restarting system and method | |
| CN105184685B (en) | Usability evaluation method for the nuclear power design phase | |
| KR101199625B1 (en) | Apparatus and method of electronic control processing of digital signal in nuclear power plant | |
| JP5319636B2 (en) | Distance relay device, distance relay processing system, and distance relay processing method | |
| CN107065817A (en) | A kind of automatic pilot fault detection method based on parameter monitoring | |
| CN106292637A (en) | A kind of airborne collision avoidance system centralized maintenance system and maintaining method | |
| CN115826392A (en) | Decision method and device for redundancy control system of unmanned aerial vehicle | |
| CN105242628A (en) | High-precision intelligent cabinet with self-detecting function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |