CN103885846B - System for managing faults on basis of single-CPU (central processing unit) software and two channels - Google Patents
System for managing faults on basis of single-CPU (central processing unit) software and two channels Download PDFInfo
- Publication number
- CN103885846B CN103885846B CN201310064789.2A CN201310064789A CN103885846B CN 103885846 B CN103885846 B CN 103885846B CN 201310064789 A CN201310064789 A CN 201310064789A CN 103885846 B CN103885846 B CN 103885846B
- Authority
- CN
- China
- Prior art keywords
- fault management
- fault
- passage
- management passage
- message queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a system for managing faults on the basis of single-CPU (central processing unit) software and two channels. The system comprises a fault management channel 1, a fault management channel 2, a fault management message queue and a fault management memory area. The fault management channel 1 adopts task scheduling to deal with faults, the fault management channel 2 adopts interrupted polling to deal with faults, and the fault management message queue and the fault management memory area are respectively connected with the fault management channel 1 or the fault management channel 2. Any modules in the system are in faults, agreement frames which should be composed according to formats defined by the system are respectively transmitted through the fault management message queue and the message management memory area, faults are monitored by the fault management channel 1 and the fault management channel 2 in real time, and according to fault levels, corresponding safety reaction is taken. The system comprises two different fault management channels, when the system is in fault, fault messages are formed into the agreement frames according to levels and types, the message queue and the shared memory area can respectively transmit safety reaction, and the system is ensured to smoothly send out the fault messages and to be safely guided in case that the message queue mechanism fails or the memory fails to read and write.
Description
Technical field
The invention belongs to safe design field, for realizing the fault management in Safety-Critical System.
Background technology
At present, in industrial control system and safety signal system(It is applied to the industries such as aviation electronics, railway signal, nuclear power)
In, the reply system failure is managed, to guarantee that any fault can record, diagnose, and the situation in any channel failure
Under take security reaction.
Fig. 1 is existing system failure trigger model figure, represents that any process of security system includes safe input, safety
Output, On-line self-diagnosis, safe computing, secure communication can trigger system failure management in time, according to different fault ranks
Take corresponding security reaction.
Fig. 2 is the illustraton of model of fault management passage 1 under an existing system, and fault management task is when system is normally run
For blocked state, activate this task when receiving the semaphore of main task release.By message queue, take out and analysis protocol
Frame.For systematic failure, this task record daily record to NVRAM and is sent to diagnosis terminal, takes difference according to fault rank
Security reaction.For hello Canis familiaris L. message, periodic triggers hardware watchdog.Fault or the system causing in the triggering of any process
Time window goes beyond the scope, system timely failure to the safe side state.Do not affected system safety in the case that single channel loses efficacy.
Fig. 3 is the illustraton of model of fault management passage 2 under an existing system, and fault management interrupt timing inquires about shared drive
Failure message in area.When inquiring system failure message, read and analysis protocol frame by shared section key.For system
Property fault, takes different security reaction according to fault rank.Do not affected system safety in the case that single channel loses efficacy.
Content of the invention
The technical problem to be solved in the present invention is that offer is a kind of
System, its can effective management to the system failure, with guarantee single channel lost efficacy in the case of timely failure to the safe side.
For solving above technical problem, the invention provides a kind of realize fault management based on single CPU software dual pathways
System;Including:Fault management passage 1, its handling failure by the way of task scheduling;Fault management passage 2, it adopts interruption
The mode handling failure of poll;Fault management message queue and fault management memory field, fault management message queue and fault pipe
Reason memory field is connected respectively to fault management passage 1 or fault management passage 2;The fault that in system, any module produces be both needed to by
The form composition protocol frame of lighting system definition, is sent by fault management message queue and message management memory field respectively, then by event
Barrier management passage 1 and the generation of fault management passage 2 monitor in real time fault, and according to fault rank, take safety accordingly anti-
Should.
The beneficial effects of the present invention is:The dual pathways includes the communication channel of two differentiation, system when fault produces,
Failure message is formed protocol frame according to Class Type etc., respectively security reaction is issued to by message queue and shared section key
Complete, failure message, in the case that message queue mechanism lost efficacy or memory read-write lost efficacy, can smoothly be sent out by safeguards system
Go out, timely failure to the safe side.
Fault message is sent, wherein by fault management passage 1 or fault management passage 2 using two kinds of different communication channels
, by the way of message queue, another passage is by the way of shared section key for one fault management passage.
When the system failure produces in the case that single channel lost efficacy, timely failure to the safe side passage.
Fault management passage 1 and fault management passage 2 all can be independent take safety measures, force system alarm, prohibit
Only export and delay machine.
Fault management passage 1 connects watchdog module, triggers fault management task by Interruption and feeds Canis familiaris L., by hardware
House dog ensures the normal operation of fault management passage 1;When fault management passage 1 breaks down, pass through hardware watchdog immediately
Force the system into deadlock state, cut off all Safety outputs.
Trigger the operation of main task by fault management passage 2, when fault management passage 2 breaks down, main task is entered
Enter deadlock state.
Brief description
With reference to the accompanying drawings and detailed description the present invention is described in further detail.
Fig. 1 is fault trigger model figure under a kind of existing system;
Fig. 2 is the illustraton of model of fault management passage 1 under an existing system;
Fig. 3 is the illustraton of model of fault management passage 2 under an existing system;
Fig. 4 is the schematic diagram of the system realizing fault management described in present example based on single CPU software dual pathways.
Specific embodiment
The system realizing fault management based on single CPU software dual pathways of the present invention;It can be effective to the system failure
Management, with guarantee single channel lost efficacy in the case of timely failure to the safe side.It includes fault management passage 1(Fault management task),
Fault management passage 2(Fault management interrupts), fault management message queue, fault management memory field.In system, any module is produced
Raw fault is both needed to the form composition protocol frame according to system definition, respectively by fault management message queue and fault management internal memory
Area sends, then the generation by fault management passage 1 and fault management passage 2 monitor in real time fault, and according to fault rank, takes
Corresponding security reaction, safeguards system in the case of single channel inefficacy, timely failure to the safe side.The present invention can be to the system failure
Effectively manage, with guarantee single channel lost efficacy in the case of failure to the safe side in time.
The software dual pathways includes the communication channel of two differentiation, system when fault produces, by failure message according to level
Other type etc. forms protocol frame, is issued to security reaction by message queue and shared section key respectively and completes, safeguards system exists
In the case that message queue mechanism lost efficacy or memory read-write lost efficacy, can smoothly failure message be sent, timely failure to the safe side.
The software dual pathways includes the failure handling mechanisms of two differentiation, and wherein fault management passage 1 adopts task scheduling
Mode handling failure.When system is normally run, this task is in blocked state;When system produces fault, discharge this resistance
Fill in the semaphore task of this task, and corresponding security reaction is taken according to fault rank, be i.e. the failure logging day of 0,1 rank
Will, and be sent to diagnosis terminal, the fault of 2 ranks cuts off Safety output immediately, and the fault of 3 ranks is delayed machine immediately.And fault pipe
Reason passage 2 handling failure by the way of interrupting poll.Main task execution is triggered by Interruption, and periodically inquires about in shared
Deposit the failure message in area, after inquiring failure message, take immediately and passage 1 identical security reaction.
This system realizing fault management based on single CPU software dual pathways, using fault management passage 2 clocked flip master
Appoint the mechanism run, and the fault in real-time monitoring system, when Interruption lost efficacy, main task is losing the feelings of clocked flip
House dog time-out is led to force system to be delayed machine under condition.And it is ensured that system is normally transported by the way of fault management passage 1 feeds Canis familiaris L.
OK, in the case of fault management passage 1 inefficacy, system is not because feeding house dog and machine of delaying.Thus in system jam, protecting
Barrier, in the case that fault management single channel lost efficacy, can take corresponding security reaction.
Of the present invention based on the system that single CPU software dual pathways realizes fault management can be applied to including but not office
It is limited to the fields such as safety signal system, industrial control system, be particularly suited for meeting the railway signal of fault-safety principle principle
System.
Fig. 4 is the schematic diagram of the system realizing fault management based on single CPU software dual pathways of the present invention, including event
Barrier management passage 1(Fault management task), fault management passage 2(Fault management interrupts), fault management message queue, fault pipe
Reason memory field.
The fault that in system, any module produces is both needed to the form composition protocol frame according to system definition, respectively by fault pipe
Reason message queue and fault management memory field send, then by fault management passage 1 and fault management passage 2 monitor in real time fault
Produce, and according to fault rank, take corresponding security reaction, safeguards system, in the case of single channel inefficacy, guides in time
Safety.
It is the execution of Interruption triggering main task using fault management passage 2 in Fig. 4, passed through by fault management passage 1
The generation of the mode monitoring system fault of task scheduling, passes through semaphore trigger port 1 when system produces fault, and according to event
Barrier rank takes corresponding security reaction;Simultaneously by fault management passage 2 automatic regular polling shared section key, when the system that is polled to is former
During barrier, take corresponding security reaction also according to fault rank.
Adopt fault management passage 1 to feed Canis familiaris L. in Fig. 4, main task is triggered by Interruption, send in the time of regulation and feed
Canis familiaris L. message carries out feeding Canis familiaris L. to fault management passage 1.When fault management passage 1 breaks down, led to by house dog time-out be
System is delayed machine.
The communication channel of differentiation is adopted, by the way of message queue, passage 2 adopts shared section key to passage 1 in Fig. 4
Mode call for main task, do not affected system failure to the safe side when wherein single channel loses efficacy.
The present invention is not limited to embodiment discussed above.Description to specific embodiment is intended to retouch above
State and illustrate technical scheme according to the present invention.Obvious conversion based on present invention enlightenment or replacement should also be as being considered
Fall into protection scope of the present invention.Above specific embodiment is used for disclosing the optimal enforcement system of the present invention, so that this
The those of ordinary skill in field can apply the numerous embodiments of the present invention and multiple alternative to reach the present invention's
Purpose.
Claims (6)
1. a kind of system realizing fault management based on single CPU software dual pathways;It is characterized in that, including:
Fault management passage 1, its handling failure by the way of task scheduling;
Fault management passage 2, its handling failure by the way of interrupting poll;
Wherein, fault management message queue is connected to fault management passage 1, and fault management memory field is connected to fault management passage
2;
The fault that in system, any module produces is both needed to the form composition protocol frame according to system definition, is disappeared by fault management respectively
Cease queue and fault management memory field, that is, shared section key sends, more real-time by fault management passage 1 and fault management passage 2
The generation of monitoring fault, and according to fault rank, take corresponding security reaction.
2. the system realizing fault management based on single CPU software dual pathways as claimed in claim 1;It is characterized in that, fault
Fault message is sent by management passage 1 or fault management passage 2 using two kinds of different communication channels, wherein fault management passage
1 by the way of message queue, and fault management passage 2 is by the way of shared section key.
3. the system realizing fault management based on single CPU software dual pathways as claimed in claim 1;It is characterized in that, system
When fault produces in the case that single channel lost efficacy, timely failure to the safe side.
4. the system realizing fault management based on single CPU software dual pathways as claimed in claim 1;It is characterized in that, fault
Management passage 1 and fault management passage 2 all can be independent take safety measures, force system alarm, forbid output and machine of delaying.
5. the system realizing fault management based on single CPU software dual pathways as claimed in claim 1;It is characterized in that, fault
Management passage 1 connects watchdog module, triggers fault management task by Interruption and feeds Canis familiaris L., by hardware watchdog guarantee event
The normal operation of barrier management passage 1;When fault management passage 1 breaks down, forced the system into by hardware watchdog immediately
Deadlock state, cuts off all Safety outputs.
6. the system realizing fault management based on single CPU software dual pathways as claimed in claim 1;It is characterized in that, pass through
Fault management passage 2 triggers the operation of main task, and when fault management passage 2 breaks down, main task enters deadlock state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310064789.2A CN103885846B (en) | 2013-03-01 | 2013-03-01 | System for managing faults on basis of single-CPU (central processing unit) software and two channels |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310064789.2A CN103885846B (en) | 2013-03-01 | 2013-03-01 | System for managing faults on basis of single-CPU (central processing unit) software and two channels |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103885846A CN103885846A (en) | 2014-06-25 |
| CN103885846B true CN103885846B (en) | 2017-02-15 |
Family
ID=50954754
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310064789.2A Active CN103885846B (en) | 2013-03-01 | 2013-03-01 | System for managing faults on basis of single-CPU (central processing unit) software and two channels |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103885846B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111031094B (en) * | 2019-11-06 | 2022-07-12 | 远景智能国际私人投资有限公司 | Data transmission method, device, equipment and storage medium in IoT system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5880568A (en) * | 1994-10-29 | 1999-03-09 | Robert Bosch Gmbh | Method and arrangement for controlling the drive unit of a vehicle |
| CN101247412A (en) * | 2008-03-07 | 2008-08-20 | 中兴通讯股份有限公司 | Device and method for double-channel detecting state of physical layer/medium access control layer |
| CN102023900A (en) * | 2010-12-06 | 2011-04-20 | 中国航空工业集团公司第六三一研究所 | Two-channel fault logical arbitration method and system thereof |
-
2013
- 2013-03-01 CN CN201310064789.2A patent/CN103885846B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5880568A (en) * | 1994-10-29 | 1999-03-09 | Robert Bosch Gmbh | Method and arrangement for controlling the drive unit of a vehicle |
| CN101247412A (en) * | 2008-03-07 | 2008-08-20 | 中兴通讯股份有限公司 | Device and method for double-channel detecting state of physical layer/medium access control layer |
| CN102023900A (en) * | 2010-12-06 | 2011-04-20 | 中国航空工业集团公司第六三一研究所 | Two-channel fault logical arbitration method and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| 基于uC/OS-II操作***的多任务看门狗设计;胡玉霞,李绪勇,杨育霞,张红涛;《衡水学院学报》;20090831;第11卷(第4期);第31-33页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103885846A (en) | 2014-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100480913C (en) | Safety-oriented control system | |
| CN205068381U (en) | A secure computer platform for track traffic | |
| CN100593776C (en) | Periodic task reliability control method based on watchdog and timer | |
| CN105159863A (en) | Secure computer platform used for rail transit | |
| US20130315362A1 (en) | Nuclear digital instrumentation and control system | |
| WO2024099231A1 (en) | Motion control system and methods | |
| CN103744753B (en) | A kind of data interactive method of dual systems and device | |
| CN104142869A (en) | Monitoring method and watchdog module for car body control system | |
| CN103853626A (en) | Duplex redundant backup bus communication method and device for satellite-borne electronic equipment | |
| US6604006B2 (en) | Control device in a system and method for monitoring a controller | |
| CN106301840B (en) | Method and device for sending Bidirectional Forwarding Detection (BFD) message | |
| CN107147690A (en) | A kind of electrical power system wide-area method for message transmission | |
| CN103885846B (en) | System for managing faults on basis of single-CPU (central processing unit) software and two channels | |
| CN111831507A (en) | TCMS-RIOM control unit with safety level design | |
| CN109062753A (en) | A kind of hard disk monitoring system and monitoring method | |
| CN103389934B (en) | The system of operation monitoring is realized based on hardware binary channels | |
| CN101221518B (en) | Method, device and system for preventing timing device overflow of hardware watchdog | |
| CN201317379Y (en) | Urban track traffic signal system security computer | |
| US8923138B2 (en) | Packet relay device, packet relay system, and fault detection method | |
| CN102495786A (en) | Server system | |
| CN105573869B (en) | System controller fault tolerant control method based on I2C bus | |
| US20160197766A1 (en) | Soft redundancy protocol | |
| CN202583865U (en) | Dual-redundancy control circuit | |
| CN103995759A (en) | High-availability computer system failure handling method and device based on core internal-external synergy | |
| CN102156669B (en) | Arbitration system of vehicle-mounted train control equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |