CN102768531B - Method for improving safety of automatic pilot system (APS) with uniprocessor structure - Google Patents
Method for improving safety of automatic pilot system (APS) with uniprocessor structure Download PDFInfo
- Publication number
- CN102768531B CN102768531B CN201210190764.2A CN201210190764A CN102768531B CN 102768531 B CN102768531 B CN 102768531B CN 201210190764 A CN201210190764 A CN 201210190764A CN 102768531 B CN102768531 B CN 102768531B
- Authority
- CN
- China
- Prior art keywords
- data
- monitoring
- control computer
- flight control
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a method for improving safety of an automatic pilot system (APS) with a uniprocessor structure. The method mainly comprises the following steps of: (1) transmitting through a redundant path and sampling; (2) performing classification monitoring on data stream: comparing two groups of sampling data by using a flight control computer, determining based on the criterion of consistency, performing logical validity judgment on the compared data, calculating control rate of the data subjected to logical validity judgment, comparing with the dynamic reference value to identify correctness of the calculation value result and controlling output data; and (3) performing output classification monitoring: arranging a servo amplification link and a two-level safety switch on an output channel of the output data and determining whether the data is safe or not on the servo amplification link by a method for returning and comparing the output data. By the method, the safety requirement of the APS is met under the uniprocessor structure and the safe work characteristic of the single-channel flight control computer is guaranteed.
Description
Technical field
The present invention relates to a kind of method that improves uniprocessor configuration APS security of system.
Background technology
The general theory of constitution of autopilot system (APS-Automatic Pilot System) as shown in Figure 1, flight control computer is the intrasystem core component of APS, because APS system is relevant to flight safety, therefore flight control computer adopts the redundancy structure of multiprocessor passage to ensure the security feature of system, as the dual-redundancy structure based on " fault/safety " conventionally.But in the limited situation of system control authority lower (being no more than 10%) financial cost, it is also a kind of selection that APS system adopts uniprocessor channel architecture, and the feature with low financial cost, shorter lead time, low physical resource demand (comprising: the key elements such as spatial volume, weight, power consumption), key is the security that need to improve by technological approaches uniprocessor passage.
Summary of the invention
The present invention is a kind of method that improves uniprocessor configuration APS security of system that proposes taking flight control computer as core, to meet the security requirement of APS system, and the trouble free service characteristic of bonding passage flight control computer.
For realizing above goal of the invention, the invention provides following basic technical scheme:
Improve the method for uniprocessor configuration APS security of system, taking flight control computer processor and flight control computer latch-up logic circuit as hardware foundation, carry out following processing links:
(1) redundant path transmission, sampling
The data that signal source produces, through two transmission path parallel transmissions, are sampled by corresponding two Sampling Interfaces;
(2) data stream hierarchical monitoring
Flight control computer processor is confirmed taking consistance as criterion by two groups of sampled datas of mutual ratio, mutually than after data enter logical validity and adjudicate, data after logical validity judgement enter control rate and calculate, by relatively realizing the identification to calculated value result correctness with dynamic benchmark value, control output data again;
(3) output hierarchical monitoring
In the output channel of output data, be provided with servo amplifying element and two-stage safety switch, adopt the unroll method of comparison of output data to confirm data safety whether on servo amplifying element; Wherein, watching in two-stage safety switch put prime switch in flight control computer inside, in the time there is permanent fault by its disconnection of flight control computer latch-up logic circuit control; Watch and put rear class switch and flying to control amplifier inside, flight control computer is put rear class switch front and back ends signal to watching is implemented the outer monitoring of unrolling, and watches and puts rear class switch also by the control of flight control computer latch-up logic circuit, to prevent fault spreading to steering engine actuator.
Based on above basic technical scheme, can further optimize and limit following technical characterictic:
Above-mentioned flight control computer latch-up logic circuit mainly can comprise watch dog monitoring, Power Supply Monitoring, software supervision, unroll monitoring and artificial preferential control, and wherein each monitoring or control all form the control to described two-stage safety switch by latched logic.
Above-mentioned watchdog circuit is for monitoring period tasks carrying, and its monitoring period thresholding is greater than the frame period of twice but is no more than controls 1/2 of convergence boundary time point.
The meaningful verification of decision method, overproof identification, the data rationality of above-mentioned logical validity judgement are differentiated.
The present invention has following technique effect:
The present invention has realized the security requirement that meets APS system under uniprocessor configuration, the trouble free service characteristic of bonding passage flight control computer.Technological thought of the present invention is not limited to the system at APS, and the embedded control system that can also be had security requirement by other adopts, and makes system under the prerequisite that ensures basic security, effectively reduce design cost.
Brief description of the drawings
Fig. 1 is autopilot system architectural principles figure.
Fig. 2 is uniprocessor configuration APS security of system design concept block diagram of the present invention.
Embodiment
Below provided most preferred embodiment of the present invention and described in detail by reference to the accompanying drawings, the perfect and optimization to basic scheme of the present invention in this embodiment should not be considered as the restriction to the claims in the present invention scheme.
As shown in Figure 2, the solution of the present invention mainly comprises: the system-level safety of a., adopts hierarchical monitoring-failure removal strategy to guarantee signal controlling output safety; B. the two redundancies of physical pathway are guaranteed signal transmitting; C. key signal adopts two redundant interfaces to support the relatively monitoring to obtaining information; D. data stream hierarchical monitoring is realized the discovery in advance to error message before control signal output; E. adopt the latch-up logic circuit inhibition hardware fault of many informixs (initiatively monitor message, the artificial preferential control etc. of Power Supply Monitoring information, watch dog monitoring information, software) to spread; F. the definite indicating circuit of fault is realized declaring in time fault; G. time domain safety Design is guaranteed the trouble free service characteristic of flight control computer in time field; H. design of Reducing Rating; I. healthy early warning.
Path redundancy.While wiring in machine for system core class signal, adopt two transmission paths, when physics open fault appears in individual paths, can not affect flight control computer to the obtaining of critical data, ensureing that security can effectively improve the system reliably working time simultaneously.Redundancy strategy can be implemented to flight control computer casing connector pin level, and in resource permission situation, this strategy can be implemented to other signal extension by key signal.
Dual sampling.Although flight control computer adopts single-pass process machine, similar path redundancy strategy can adopt two Sampling Interfaces at data interface tier, can find in time single interface circuit fault by mutual than monitoring, effectively guarantees the trouble free service characteristic of flight control computer.
Data stream hierarchical monitoring.After flight control computer processor gets data message in inside by data flow procedure hierarchical monitoring being guaranteed to information security effectively suppresses misdata and spreads to rear class, comprising: data are mutually than monitoring, the validity judge, operation values monitoring, the output monitoring of unrolling.Data are confirmed the data of being obtained for criterion with consistance by two groups of sampled datas relatively for hardware foundation with dual interface than monitoring mutually; Mutually than after data enter logical validity and adjudicate, decision method generally has: content authentication, overproof identification, the resolution of data rationality etc.; Data after above Two monitor levels enter control rate and calculate, again by with dynamic benchmark value relatively realize the identification to calculated value result correctness, owing to controlling self-driving system control authority in 10%, during week, computational data has certain correlated characteristic, in the time that exceeding feature thresholding, comparative result can confirm calculated value mistake, the transient state computing fault occurring by the method recognition processor execution in time control rate computation process.
Output hierarchical monitoring.To output data, to carry out hierarchical monitoring be the expansion of data stream monitoring strategy in system one-level, adopts the unroll method of same desired value comparison of output data to confirm that whether data amplify in output element safety in system.Output is controlled two-stage switch is set, watch and put prime switch in flight control computer inside, in the time there is permanent fault by its disconnection of breech lock control logic circuit control, watch and put rear class switch flying to control the monitoring of unrolling outside the front and back ends signal of this grade of switch is implemented of the inner flight control computer of amplifier, switch is still flown to control the control of breech lock control logic circuit.The strategy of this hierarchical monitoring can be realized location and the isolation of fault, effectively prevents fault spreading to steering engine actuator.
Breech lock steering logic.The comprehensive multi-control input information of the inner breech lock steering logic of flight control computer, comprise watch dog monitoring (whether monitored results instruction software carries out dog feeding operation by predetermined period), Power Supply Monitoring (monitoring primary power source and inner secondary power supply duty, comprise voltage and current), software supervision (forming criterion result with monitoring by carrying out self-test), the monitoring (output control signal sample grading and desired value are relatively formed to monitored results) of unrolling, artificial preferential control (driver realizes the control to flight control computer output by passenger cabin switch), wherein each monitoring can form the control to system-level safety switch by latched logic.
Safety switch.Drive link, from system perspective, location that two-stage safety switch can realize fault and isolation are set effectively to suppress fail-safe control information to the spreading of steering engine actuator, the security of system is ensured watching to put in flight control computer output signal.
Fault is declared.For ensureing that passenger cabin driver can find fault more in time, can design again independently fault based on the definite thinking of indicating of fault and declare approach to the real-time indication fault of passenger cabin.
Time domain safety.Time domain safety Design can be guaranteed the trouble free service characteristic of flight control computer in time field, relates to the frame period, house dog timing, transient fault filtering equal time factor.Frame period is the time minimal circulation cycle of operation of flight control computer task, and should, much smaller than the boundary time point of controlling convergence, should there be the time derate space that is not less than 20% in this cycle simultaneously on the basis that meets periodic duty execution; Watchdog circuit is for monitoring period tasks carrying, and its monitoring period thresholding should be greater than the frame period of 2 times but be no more than controls 1/2 of convergence boundary time point; Transient fault filtering object is to reduce false-alarm, operate by carrying out to declare with safety cut-off after setting failure count threshold filter transient affair guarantee fault recognition, the counting of failure recovery confirms that thresholding lower bound should be greater than the frame period of 2 times, the thresholding upper bound be controlled at convergence boundary time 1/2 in.
Healthy early warning.Single pass flight control computer can find before task state that it is the effective ways that ensure work safety that self and the existing fault of system early warning are in time declared entering.Before specifically surveying, fly by power-on self-test, detect three kinds of approach from detection, maintenance and realize healthy early warning function, wherein power-on self-test survey is after flight control computer energising, automatically to enter test mode to complete the detection for self core resource, should not have influence on the work of other peripherals in test; Before flight, before being flight, detection carries out, on the basis of autoscopy, completing the test to self-driving systemic-function and relevant device at flight control computer; Safeguard the functional test in the time detecting for self-driving system maintenance, after possessing, interlocking condition (wheel carrying signal instruction ground, maintenance switch are connected) enters test mode, test is carried out in interactive process, allows operator to carry out selectivity full test to each detected object.
Claims (3)
1. improve the method for uniprocessor configuration APS security of system, taking flight control computer processor and flight control computer latch-up logic circuit as hardware foundation, carry out following processing links:
(1) redundant path transmission, sampling
The data that signal source produces, through two transmission path parallel transmissions, are sampled by corresponding two Sampling Interfaces;
(2) data stream hierarchical monitoring
Flight control computer processor is confirmed taking consistance as criterion by two groups of sampled datas of mutual ratio, mutually than after data enter logical validity and adjudicate, data after logical validity judgement enter control rate and calculate, by relatively realizing the identification to calculated value result correctness with dynamic benchmark value, control output data again;
(3) output hierarchical monitoring
In the output channel of output data, be provided with servo amplifying element and two-stage safety switch, adopt the unroll method of comparison of output data to confirm data safety whether on servo amplifying element; Wherein, the servo amplification prime switch in two-stage safety switch is in flight control computer inside, in the time there is permanent fault by its disconnection of flight control computer latch-up logic circuit control; Servo amplification rear class switch is flying to control amplifier inside, flight control computer is implemented the outer monitoring of unrolling to the front and back ends signal of servo amplification rear class switch, servo amplification rear class switch is also by the control of flight control computer latch-up logic circuit, to prevent fault spreading to steering engine actuator;
Described flight control computer latch-up logic circuit comprises watch dog monitoring, Power Supply Monitoring, software supervision, unroll monitoring and artificial preferential control, and wherein each monitoring or control all form the control to described two-stage safety switch by latched logic.
2. the method for raising uniprocessor configuration APS security of system according to claim 1, it is characterized in that: the watch dog monitoring in flight control computer latch-up logic circuit is for monitoring period tasks carrying, and its monitoring period thresholding is greater than the frame period of twice but is no more than controls 1/2 of convergence boundary time point.
3. the method for raising uniprocessor configuration APS security of system according to claim 1, is characterized in that: the meaningful verification of decision method of described logical validity judgement, overproof identification, data rationality are differentiated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210190764.2A CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210190764.2A CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102768531A CN102768531A (en) | 2012-11-07 |
| CN102768531B true CN102768531B (en) | 2014-09-24 |
Family
ID=47095962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210190764.2A Active CN102768531B (en) | 2012-06-11 | 2012-06-11 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102768531B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528445B (en) * | 2016-08-17 | 2019-10-18 | 中国航空工业集团公司西安飞行自动控制研究所 | A kind of flight control computer subregion variable adaptive monitoring and motivational techniques |
| CN112198860A (en) * | 2020-09-11 | 2021-01-08 | 中国航空工业集团公司成都飞机设计研究所 | Electric steering engine monitoring method |
| CN112231204B (en) * | 2020-09-28 | 2024-08-20 | 交控科技股份有限公司 | Software self-checking method and system for safe output |
| CN113885306B (en) * | 2021-09-08 | 2024-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | Signal output circuit supporting interchangeability under security architecture |
| CN114783162B (en) * | 2022-06-20 | 2022-10-28 | 商飞软件有限公司 | Alarm voting method for three-redundancy system of airplane |
| CN115877753B (en) * | 2022-11-16 | 2024-08-16 | 广州汽车集团股份有限公司 | Flight control system, aircraft control system and aircraft |
| CN115877754A (en) * | 2022-11-17 | 2023-03-31 | 中国直升机设计研究所 | High-safety and high-computing-power intelligent flight control framework |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996110A (en) * | 2010-11-17 | 2011-03-30 | 中国航空工业集团公司第六三一研究所 | Three-redundancy fault-tolerant computer platform based on modular structure |
-
2012
- 2012-06-11 CN CN201210190764.2A patent/CN102768531B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996110A (en) * | 2010-11-17 | 2011-03-30 | 中国航空工业集团公司第六三一研究所 | Three-redundancy fault-tolerant computer platform based on modular structure |
Non-Patent Citations (7)
| Title |
|---|
| 小型无人机自动驾驶仪技术;房建成等;《中国惯性技术学报》;20071231;第15卷(第6期);第658-663页 * |
| 小型无人机自动驾驶仪设计与实现;杜大程等;《计算机测量与控制》;20101231;第18卷(第11期);第2681-2683、2686页 * |
| 张鹏利.自动驾驶仪软件开发与管理.《航空计算技术》.2011,第41卷(第5期),第85-87页. |
| 房建成等.小型无人机自动驾驶仪技术.《中国惯性技术学报》.2007,第15卷(第6期),第658-663页. |
| 杜大程等.小型无人机自动驾驶仪设计与实现.《计算机测量与控制》.2010,第18卷(第11期),第2681-2683、2686页. |
| 王冲.高空长航时无人机飞控计算机仿真机***余度管理技术研究.《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》.2007,参见3.1、3.2、4.3节. * |
| 自动驾驶仪软件开发与管理;张鹏利;《航空计算技术》;20110930;第41卷(第5期);第85-87页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102768531A (en) | 2012-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102768531B (en) | Method for improving safety of automatic pilot system (APS) with uniprocessor structure | |
| CN109976141B (en) | UAV sensor signal redundancy voting system | |
| CN103344271B (en) | The signal acquiring system of sensor malfunction diagnostic device and method and sensor | |
| CN111352338B (en) | Dual-redundancy flight control computer and redundancy management method | |
| US20140018958A1 (en) | Safety system and control device | |
| CN106908811B (en) | A kind of system-level single-particle monitoring of LEO-based GPS receiver and means of defence | |
| CN110955571B (en) | Fault management system for functional safety of vehicle-specification-level chip | |
| CN111891134B (en) | Automatic driving processing system, system on chip and method for monitoring processing module | |
| US9625894B2 (en) | Multi-channel control switchover logic | |
| CN104240781B (en) | Signal distribution method and signal distribution system of digital instrument control system (DCS) of nuclear power plant | |
| US8090485B2 (en) | Low-frequency flight control system oscillatory faults prevention via horizontal and vertical tail load monitors | |
| KR101723932B1 (en) | An method for diagnosing a failure of flight control computer having dual channel | |
| US20160202701A1 (en) | Abnormal aircraft response monitor | |
| CN103294048A (en) | Methods and apparatuses for automatic fault detection | |
| CN105717787A (en) | Dual-redundancy control system and control method for intelligent power distribution device | |
| CN110689762A (en) | Flight management assembly for an aircraft and method for monitoring such a flight management assembly | |
| CN103092186B (en) | Voting structure of two out of three secure output and voting method thereof | |
| CN106326055A (en) | Method for software and hardware crashing detection and resetting of airborne collision avoidance system | |
| CN102542847B (en) | For automatically monitoring the method and apparatus being laterally guided order of airborne vehicle | |
| KR101023533B1 (en) | Automatic train control real time remote restore system and its control method thereof | |
| CN103365267A (en) | Bay level equipment with self-recovery function in substation and implementation method of bay level equipment | |
| CN107065817A (en) | A kind of automatic pilot fault detection method based on parameter monitoring | |
| CN105184685B (en) | Usability evaluation method for the nuclear power design phase | |
| CN103970010A (en) | Redundancy design method of flight control system | |
| US9772615B2 (en) | Multi-channel control switchover logic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |