CN108170120A - A kind of framework and main/standby switching method of high ferro row control fail-safe computer - Google Patents

A kind of framework and main/standby switching method of high ferro row control fail-safe computer Download PDF

Info

Publication number
CN108170120A
CN108170120A CN201711339969.1A CN201711339969A CN108170120A CN 108170120 A CN108170120 A CN 108170120A CN 201711339969 A CN201711339969 A CN 201711339969A CN 108170120 A CN108170120 A CN 108170120A
Authority
CN
China
Prior art keywords
high ferro
fail
branches
standby
safe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711339969.1A
Other languages
Chinese (zh)
Inventor
许斌斌
颜纪迅
佘刚
牛萌
宋阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Flight Automatic Control Research Institute of AVIC
Original Assignee
Xian Flight Automatic Control Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Flight Automatic Control Research Institute of AVIC filed Critical Xian Flight Automatic Control Research Institute of AVIC
Priority to CN201711339969.1A priority Critical patent/CN108170120A/en
Publication of CN108170120A publication Critical patent/CN108170120A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0286Modifications to the monitored process, e.g. stopping operation or adapting control
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

The invention belongs to high ferro row control technologies, and in particular to a kind of framework and main/standby switching method of high ferro row control fail-safe computer.Existing fail-safe computer is using simple active and standby system structure, and data do not carry out intersection comparison in monosystem, and safety is low, and fail-safe computer is using different interrupt source, poor synchronization.The present invention uses 2 × 2 architecture design, is divided into and forms identical principal series and standby system, and key control unit VCU, wireless energy control units RTU and safe train interface unit TIU include X branches and Y branches, and X branches are identical with the data of Y branches and synchronize mutually visible.The active and standby system switching of high ferro row control computer platform is realized, improves the safety of high ferro train control system.

Description

A kind of framework and main/standby switching method of high ferro row control fail-safe computer
Technical field
The invention belongs to high ferro row control technologies, and in particular to a kind of framework of high ferro row control fail-safe computer and active and standby cut Change method.
Background technology
High ferro train control system mainly completes the vehicle-mounted logic control of high ferro, speed monitoring, the range-measurement system that tests the speed, system platform pipe Manage the functions such as function.High ferro row control fail-safe computer is the control core of train control system, and existing fail-safe computer is using simple Active and standby system structure, data do not carry out intersection comparison in monosystem, and safety is low, and fail-safe computer is using in different Disconnected source, poor synchronization.
Invention content
The technical problem to be solved in the present invention:Framework and the active-standby switch side of a kind of high ferro row control fail-safe computer are provided Method, the switching of the active and standby system of fail-safe computer are realized by safety computer platform.
The framework of the high ferro row control fail-safe computer of the present invention, using 2 × 2 architecture design, is divided into and forms identical master System and standby system, including communications interface unit MBI, key control unit VCU, wireless energy control units RTU and safe train interface Unit TIU, and idagnostic logout unit MTN is shared, wherein the key control unit VCU, wireless energy control units RTU and security column Vehicle interface unit TIU includes X branches and Y branches, and X branches are identical with the data of Y branches and synchronize mutually visible.
Using 659 buses, machine is calculated for safety reasons, unified interrupt source and communications status monitoring mark are provided.
10ms is divided between interruption minimal disruption.
The communications interface unit MBI realizes the communication with all external equipments;The key control unit VCU is responsible for reality Existing vehicle-mounted logic control, speed monitoring, the range-measurement system that tests the speed, system platform management function;The wireless energy control units RTU is realized The communication of vehicular station, the management to vehicular station, Subset-037 protocol realizations and key management;The peace Full train interface unit TIU realizes that the input or output of safe train relay interface signal and non-security signal and speed pass The acquisition input of square-wave signal.
A kind of method for carrying out active-standby switch using above-mentioned high ferro row control fail-safe computer framework, active and standby two be core Control unit VCU is inquired and the signal of the X branches and Y branches, and the identical data of signal value after comparison are externally exported, Active and standby two be that key control unit VCU judges whether that normally, this is if abnormal by the transmission status indicator inquired in bus It is stopped;It is key control unit VCU by cyclic check to being state that key control unit VCU is sent by active and standby two Information judges whether effectively, if invalid to think to being failure, this is into control, and is controlled to being to be stopped.
This is the status information that key control unit VCU monitors oneself transmission, if continuous 3 times send failure, then this System is abnormal.
The status information include local time stamp, order and this be VCU operating statuses.
Judge to be the timestamp sent with local time stamp absolute difference whether in 10ms, if continuous 3 times exceed Think to being that the status information sent is invalid.
Advantageous effect:The present invention realizes the active and standby system switching of high ferro row control computer platform, improves high ferro row control system The safety of system.
Description of the drawings
Fig. 1 is the configuration diagram of high ferro row control fail-safe computer of the present invention.
Specific embodiment
As shown in Figure 1, the high ferro row control fail-safe computer of the present invention uses 2 × 2 architecture design, it is identical to be divided into composition Principal series and standby system, connect including communications interface unit MBI, key control unit VCU, wireless energy control units RTU and safe train Mouth unit TIU, wherein:
Communications interface unit MBI:It realizes all external communication interfaces, leads to including Profibus bus communications, MVB bus Letter, the communication of RS422 serial communications, CAN bus and the control of the physical layer of ethernet communication and Liang Ge radio stations (refer to including AT Handover operation of the transmitting-receiving of order, control model and data pattern etc.).
Key control unit VCU:The key control unit of mobile unit, be responsible for realizing vehicle-mounted logic control, speed monitoring, Test the speed the functions such as range-measurement system, system platform management function.
Wireless energy control units RTU:Realize the communication, the management to vehicular station, Subset- of vehicular station The functions such as 037 protocol realization and key management.
Safe train interface unit TIU:Realize numeral input/output of safe train relay interface signal;Realize speed Pass the acquisition input of square-wave signal;It realizes the input and output of non-security signal, is often (to be noted, the signal of TIU is defeated comprising one piece Enter/exported safe self-checking function, do not differentiate between safety signal or non-security signal, safety signal should be in system-level application Increase double hardware cross in redundancy and plate to adopt certainly).
The fail-safe computer further includes idagnostic logout unit MTN, is shared by principal series and standby system.
Idagnostic logout unit MTN:It collects the idagnostic logout function of other functional units and is stored for maintenance personnel's reading, Maintenance system RTC clock provides Maintenance bus entrance.
Each unit is communicated by safebus buses.Key control unit VCU, wireless energy control units RTU and security column Vehicle interface unit TIU includes X branches and Y branches again.The safebus buses that we use is 659 buses.Based on 659 buses Function, in same board unit, the data of X branches and Y branches are mutually visible, are carried out by the data of two branches After intersecting relatively, just relatively rear correctly data are externally exported, so 2 × 2 frame of the fail-safe computer of this method design Structure is than common active and standby system structure safety higher.
Machine being calculated for safety reasons using 659 buses, unified interrupt source being provided, 10ms is divided between minimal disruption.Fail-safe computer Middle each unit must be stringent synchronous operation under same interrupt source.
The main/standby switching method of the present invention, high ferro row control safety computer platform are between key control unit VCU by two Communication realize active and standby system's switching, defining the key control unit VCU of safety computer platform, there are four types of states at runtime:
(1) this is for principal series, to being normal;
(2) this is to be principal series to being failure;
(3) this is to be to be standby, to being normal;
(4) this is standby system, to being failure.
Other units of each system are that key control unit VCU units inform it for principal series or standby system by this.
For safety computer platform after upper electricity operation, this is that key control unit VCU will be to being core control per 10ms Unit VCU processed sends status information, status information include local time stamp, order and this be key control unit VCU operation shapes State.This is key control unit VCU by inquiring the transmission status indicator in bus, monitor oneself transmission status information whether Success, if continuous 3 times send failure, then this is that key control unit VCU delays machine.
This is that key control unit VCU will be checked to being status information that key control unit VCU is sent, is judged to being hair Whether the timestamp come in 10ms, if meeting the condition, is considered as to being what is sent with local time stamp absolute value of the difference Message is effective, otherwise it is assumed that being the message invalid sent.If to being that continuous 3 times of the status information sent is invalid, it is considered as To being failure, otherwise it is assumed that being normal.If two be VCU normal, left system VCU is just set as principal series, and operating status is this It is principal series to being normal to be, right system VCU is standby system, and it is to be standby system to being normal that operating status, which is this,.
If principal series VCU is judged to being key control unit VCU failures, principal series VCU enters this and is be principal series to being therefore Barrier pattern sends machine order of delaying to standby system.
This, which is key control unit VCU, will check per 10ms to being status information that key control unit VCU is sent, if And originally it is the machine of delaying to being order to being for principal series, then this is that key control unit VCU delays machine.
If standby is that VCU is judged to being key control unit VCU failures, to prevent the situation that two systems are principal series, Standby is that VCU cannot be upgraded to principal series at once, and whether it will be also judged to being to go offline.If to being to go offline, then standby is that VCU is upgraded to master System, it is principal series to being fault mode to be into this, to being that transmission is delayed machine order.If to being not go offline, then standby is VCU It is to be waited for for system to being to be upgraded to principal series after going offline being fault mode to be into this.
Judge if this is key control unit VCU to being still to be received after going offline to being the effective status information sent, It is considered that this to be that key control unit VCU occurs abnormal, this is that key control unit VCU delays machine.
The main/standby switching method of the iron row control fail-safe computer of this method design has the following advantages:
High ferro row control fail-safe computer uses 2 × 2 architecture design, safety higher;
Each unit uses same interrupt source in computer, has stringent synchronism;
Key control unit VCU monitors the state of oneself, and judges that active-standby switch logic is rigorous, safety to being state, Both active-standby switch is effectively realized, in turn avoids the dangerous situation that two systems are principal series occur.

Claims (8)

1. a kind of framework of high ferro row control fail-safe computer, it is characterised in that:Using 2 × 2 architecture design, it is identical to be divided into composition Principal series and standby system, including communications interface unit MBI, key control unit VCU, wireless energy control units RTU and safe train Interface unit TIU, and idagnostic logout unit MTN is shared, wherein the key control unit VCU, wireless energy control units RTU and peace Full train interface unit TIU includes X branches and Y branches, and X branches are identical with the data of Y branches and synchronize mutually visible.
2. the framework of high ferro row control fail-safe computer according to claim 1, it is characterised in that:Using 659 buses, for peace All computer provides unified interrupt source and communications status monitoring mark.
3. the framework of high ferro row control fail-safe computer according to claim 2, it is characterised in that:Interrupt minimal disruption interval For 10ms.
4. the framework of high ferro row control fail-safe computer according to any one of claim 1-3, it is characterised in that:It is described Communications interface unit MBI realizes the communication with all external equipments;The key control unit VCU is responsible for realizing vehicle-mounted logic control System, speed monitoring, the range-measurement system that tests the speed, system platform management function;The wireless energy control units RTU realizes vehicular station Communication, the management to vehicular station, Subset-037 protocol realizations and key management;The safe train interface list First TIU realizes that the input or output of safe train relay interface signal and non-security signal and speed pass adopting for square-wave signal Collection input.
5. a kind of method that high ferro row control fail-safe computer framework using as described in claim 1-4 carries out active-standby switch, It is characterized in that:Active and standby two be the signal of key control unit VCU inquiries and the X branches and Y branches, will after believe Number identical data of value externally export, and active and standby two be that key control unit VCU is sentenced by the transmission status indicator inquired in bus Whether disconnected normal, this is to be stopped if abnormal;By active and standby two be key control unit VCU by cyclic check to being core The status information that heart control unit VCU is sent judges whether effectively, if invalid to think to being failure, this be into control, and Control is to being to be stopped.
6. the method for high ferro row control fail-safe computer active-standby switch according to claim 5, it is characterised in that:This is core Control unit VCU monitors the status information of oneself transmission, if continuous 3 times send failure, then this is exception.
7. the method for high ferro row control fail-safe computer active-standby switch according to claim 5, it is characterised in that:The state Information include local time stamp, order and this be VCU operating statuses.
8. the method for high ferro row control fail-safe computer active-standby switch according to claim 7, it is characterised in that:Judge to being Whether the timestamp sent in 10ms, is thought if exceeding if continuous 3 times to being the shape sent with local time stamp absolute difference State information is invalid.
CN201711339969.1A 2017-12-14 2017-12-14 A kind of framework and main/standby switching method of high ferro row control fail-safe computer Pending CN108170120A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711339969.1A CN108170120A (en) 2017-12-14 2017-12-14 A kind of framework and main/standby switching method of high ferro row control fail-safe computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711339969.1A CN108170120A (en) 2017-12-14 2017-12-14 A kind of framework and main/standby switching method of high ferro row control fail-safe computer

Publications (1)

Publication Number Publication Date
CN108170120A true CN108170120A (en) 2018-06-15

Family

ID=62525381

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711339969.1A Pending CN108170120A (en) 2017-12-14 2017-12-14 A kind of framework and main/standby switching method of high ferro row control fail-safe computer

Country Status (1)

Country Link
CN (1) CN108170120A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049468A (en) * 2019-03-14 2019-07-23 北京交通大学 A kind of vehicle-ground wireless communication system of high speed magnetic-levitation train
CN110254475A (en) * 2019-07-23 2019-09-20 北京交大思诺科技股份有限公司 A kind of new type train operation monitoring system
CN110466564A (en) * 2019-08-15 2019-11-19 北京交大思诺科技股份有限公司 LKJ Logical processing unit based on dual processors security architecture

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022378A (en) * 2007-03-13 2007-08-22 株洲南车时代电气股份有限公司 Train communication network management method and apparatus
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN202142052U (en) * 2011-01-26 2012-02-08 中国铁道科学研究院通信信号研究所 Safe redundant computer system of train-control vehicle-mounted equipment
CN102536033A (en) * 2011-12-23 2012-07-04 南京理工大学 Intelligent door control system of rail train
JP2013084121A (en) * 2011-10-11 2013-05-09 Hitachi Ltd Multiple system control device
CN104859683A (en) * 2015-05-26 2015-08-26 北京交通大学 Ground equipment of high-speed railway train control system
CN205068381U (en) * 2015-09-09 2016-03-02 株洲南车时代电气股份有限公司 A secure computer platform for track traffic
CN106168830A (en) * 2016-07-26 2016-11-30 中国航空工业集团公司西安飞行自动控制研究所 RTC clock synchronous method between a kind of serial backplane bus node
CN106445852A (en) * 2016-08-12 2017-02-22 中国航空工业集团公司西安飞行自动控制研究所 Inter-task communication apparatus and method based on self-monitoring architecture
CN206541169U (en) * 2017-03-02 2017-10-03 通号通信信息集团上海有限公司 A kind of dual master control locomotive communication equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022378A (en) * 2007-03-13 2007-08-22 株洲南车时代电气股份有限公司 Train communication network management method and apparatus
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN202142052U (en) * 2011-01-26 2012-02-08 中国铁道科学研究院通信信号研究所 Safe redundant computer system of train-control vehicle-mounted equipment
JP2013084121A (en) * 2011-10-11 2013-05-09 Hitachi Ltd Multiple system control device
CN102536033A (en) * 2011-12-23 2012-07-04 南京理工大学 Intelligent door control system of rail train
CN104859683A (en) * 2015-05-26 2015-08-26 北京交通大学 Ground equipment of high-speed railway train control system
CN205068381U (en) * 2015-09-09 2016-03-02 株洲南车时代电气股份有限公司 A secure computer platform for track traffic
CN106168830A (en) * 2016-07-26 2016-11-30 中国航空工业集团公司西安飞行自动控制研究所 RTC clock synchronous method between a kind of serial backplane bus node
CN106445852A (en) * 2016-08-12 2017-02-22 中国航空工业集团公司西安飞行自动控制研究所 Inter-task communication apparatus and method based on self-monitoring architecture
CN206541169U (en) * 2017-03-02 2017-10-03 通号通信信息集团上海有限公司 A kind of dual master control locomotive communication equipment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049468A (en) * 2019-03-14 2019-07-23 北京交通大学 A kind of vehicle-ground wireless communication system of high speed magnetic-levitation train
CN110049468B (en) * 2019-03-14 2020-07-14 北京交通大学 Train-ground wireless communication system of medium-high speed maglev train
CN110254475A (en) * 2019-07-23 2019-09-20 北京交大思诺科技股份有限公司 A kind of new type train operation monitoring system
CN110254475B (en) * 2019-07-23 2021-06-29 北京交大思诺科技股份有限公司 Train operation monitoring system
CN110466564A (en) * 2019-08-15 2019-11-19 北京交大思诺科技股份有限公司 LKJ Logical processing unit based on dual processors security architecture
CN110466564B (en) * 2019-08-15 2021-05-14 北京交大思诺科技股份有限公司 LKJ logic processing unit based on double-CPU safety architecture

Similar Documents

Publication Publication Date Title
CN107995079B (en) Hot standby vehicle-mounted ATP (automatic train protection) equipment based on MVB (multifunction vehicle bus)
CN110361979A (en) A kind of safety computer platform in railway signal field
CN102238231B (en) CTCS (China train contrl system)-3 level radio blocking center device and system
WO2019080477A1 (en) Computer-based interlocking system and redundancy switching method thereof
CN202004776U (en) Redundant hot swapping system
CN108170120A (en) A kind of framework and main/standby switching method of high ferro row control fail-safe computer
US8620497B2 (en) Computer interlocking system and code bit level redundancy method therefor
CN110351174A (en) A kind of safety computer platform of module redundancy
CN105416344B (en) Earthquake monitoring early warning signal interface unit for high-speed railway
CN105187248A (en) Redundancy switching system
CN102866690B (en) Redundancy switching method between Redundant process control station in scattered control system
US20160292106A1 (en) Bus Participant Device and Method for Operating a Bus Subscriber Device
CN108459496A (en) Safety Redundancy system for railway signal system
CN110376876A (en) A kind of safety computer platform that double systems are synchronous
CN107248933A (en) A kind of method of the double main protection of rail traffic signal system
CN108551397A (en) The communication control method of network bridge device and application and more PLC master stations and more PLC slave stations
CN102193543A (en) Control system based on profibus redundant network topological structure and switching method of control system
CN107992027A (en) A kind of DCS redundant communication modules switching method
CN108082219B (en) 2-by-2-out-of-2 redundant structure data processing method
CN113127270A (en) Cloud computing-based 2-out-of-3 safety computer platform
CN105334729A (en) Method for redundancy switch of two independent PLC systems in railway locomotive depot signal control
KR20080052711A (en) System and signal processing method for railway control network by means of switched ethernet
KR101210930B1 (en) Control apparatus for automatic switch of trackside signal processing modules in railroad
CN109005477A (en) Railway signal digitizes trackside secure communication device and method
CN110053650B (en) Automatic train operation system, automatic train operation system architecture and module management method of automatic train operation system

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180615

RJ01 Rejection of invention patent application after publication