CN202771317U - Safe computer based on divide binary digit (DIVBIT) technology - Google Patents
Safe computer based on divide binary digit (DIVBIT) technology Download PDFInfo
- Publication number
- CN202771317U CN202771317U CN 201220331279 CN201220331279U CN202771317U CN 202771317 U CN202771317 U CN 202771317U CN 201220331279 CN201220331279 CN 201220331279 CN 201220331279 U CN201220331279 U CN 201220331279U CN 202771317 U CN202771317 U CN 202771317U
- Authority
- CN
- China
- Prior art keywords
- processing unit
- divbit
- technology
- computer based
- safe computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Hardware Redundancy (AREA)
Abstract
The utility model relates to a safe computer based on divide binary digit (DIVBIT) technology. The safe computer comprises a safe computing host machine, a safe computing backup machine, a host and backup switching module, a diagnosing and maintaining unit and a redundancy universal gateway. The safe computing host machine is connected with the safe computing backup machine. The host and backup switching module, the diagnosing and maintaining unit and the redundancy universal gateway are respectively connected with the safe computing host machine and the safe computing backup machine. Compared with the prior art, the safe computer has the advantages of being low in cost and short in researching and developing cycle.
Description
Technical field
The utility model relates to a kind of fail-safe computer for rail traffic signal system, especially relates to a kind of fail-safe computer based on the DIVBIT technology.
Background technology
The rail traffic signal system fail-safe computer is the core component of signal system, fail-safe computer is realized the combination security functions such as safety control function, safe computing, security communication function (SCF) usually, finish above all functions such as vehicle-mounted ATP safety computer, trackside ATP fail-safe computer is finished safe computing and security communication function (SCF).
In traditional fail-safe computer, safety depends on the security component of customization and proprietary safety technique (such as safe coding system, safety " bit-by-bit " arbitration unit) usually, R﹠D costs and cycle are longer, and these gordian techniquies generally all belong in external advanced person's the signal system manufacturer hand, and have formed thus long-term technology barriers.
Summary of the invention
The purpose of this utility model is exactly to provide the fail-safe computer based on the DIVBIT technology that a kind of cost is low, the R﹠D cycle is short for the defective that overcomes above-mentioned prior art existence.
The purpose of this utility model can be achieved through the following technical solutions:
A kind of fail-safe computer based on the DIVBIT technology, comprise safety compute main frame, safety compute standby host, active and standby handover module, diagnosis maintenance unit and redundant universal gateway, described safety compute main frame is connected with the safety compute standby host, and described active and standby handover module, diagnosis maintenance unit and the universal gateway of being connected connect safety compute main frame and safety compute standby host respectively.
Described safety compute main frame and safety compute standby host form by operation processing unit, secure communication processing unit, Security Checking arbitration unit, described operation processing unit, secure communication processing unit are connected with the Security Checking arbitration unit and are connected, described operation processing unit is connected with active and standby handover module, and described secure communication processing unit and Security Checking arbitration unit all are connected with redundant universal gateway.
Described operation processing unit adopts little processing integrated circuit board of MPC8572CPU chip to form by two.
Described secure communication processing unit is comprised of a little processing integrated circuit board, and described little processing integrated circuit board is provided with two low-power consumption micro treatment modules that are connected.
Described operation processing unit and secure communication processing unit are the processing unit that adopts the DIVBIT technology.
Compared with prior art, the utility model has not only been considered the random failure problem of hardware, also considered simultaneously the software defect problem, consider the safety problem of fail-safe computer from the height of system, it is embodied as this and the cycle shortens much than the former, and therefore security does not reduce, and has the advantage that cost is low, the R﹠D cycle is short.
Description of drawings
Fig. 1 is structural representation of the present utility model.
Embodiment
Below in conjunction with the drawings and specific embodiments the utility model is elaborated.
Embodiment
As shown in Figure 1, a kind of fail-safe computer based on the DIVBIT technology, comprise safety compute main frame (MPS-N) 1, safety compute standby host (MPS-R) 2, active and standby handover module (STBY) 3, diagnosis maintenance unit (SDMS) 4 and redundant universal gateway (GGW) 5, described safety compute main frame 1 is connected connection with the safety compute standby host, described active and standby handover module 3, diagnosis maintenance unit 4 and the universal gateway 5 of being connected connect safety compute main frame 1 and safety compute standby host 2 respectively.Active and standby handover module 3 is finished the manual and automatic switching function between the active and standby system; Diagnosis maintenance unit 4 is realized the diagnosis maintenance to safety compute main frame 1, safety compute standby host 2 and redundant universal gateway, the functions such as processing, log recording of reporting to the police; Redundant universal gateway 5 realize the intranet and extranet network datas forwarding capability.
Described safety compute main frame 1 and safety compute standby host 2 form by operation processing unit (MPU) 11, secure communication processing unit (MCU) 12, Security Checking arbitration unit (VPS) 13, described operation processing unit 11, secure communication processing unit 12 and Security Checking arbitration unit are connected successively and are connected, described operation processing unit 11 is connected with active and standby handover module 3, and described secure communication processing unit 12 is connected with the Security Checking arbitration unit and all is connected with redundant universal gateway 5.
Described operation processing unit 11 adopts little processing integrated circuit board (MPU1 and MPU2) of MPC8572CPU chip to form by two, links to each other with secure communication processing unit 12 with difference string row bus (RS-422) by redundant network; Described secure communication processing unit 12 is comprised of a little processing integrated circuit board, and described little processing integrated circuit board is provided with two low-power consumption micro treatment modules that are connected, and bears respectively secure communication and Security Checking word and produces task; The major function of Security Checking arbitration unit 13 is that the Security Checking word that secure communication processing unit 12 sends is carried out verification, and determines whether to cut off correspondence with foreign country according to check results.
Two little processing integrated circuit board MPU1 and the MPU2 of operation processing unit 11 move respectively VxWorks and QNX real time operating system.Vxworks operating system and all tasks all are positioned at same public address space; All tasks all can be moved with kernel mode, to access all processor instructions and physical memory (comprising the kernel internal memory) fully.The QNX real time operating system is a kind of based on micro-kernel and have the operating system of microkernel designs, and it can provide one group of minimum service that cooperating process is required, guarantees that they provide more senior operation system function.QNX
The multithreading operation system of Neutrino or a kind of processed-based; it can realize the operating system service; for example can send primitive by the information of QNX Neutrino micro-kernel management and communicate by letter mutually with synchronization primitives, and with the consumer process that is subjected to memory protect of interapplication communications.Therefore these two operating system frameworks differ greatly, exist identical software " defective " probability extremely low, the embodiment of an aspect of DIV diversity technology that Here it is, in addition, adopt respectively the C compiler of different company based on the software code of two little processing integrated circuit boards, different pending data have been adopted, " role " that two little disposable plates are stuck in the system is slightly variant, be not to be equal to fully, by above means common mode software " defective " is produced probability and be controlled at allowed band, and obtain the approval of third party's safety certification company.
Described operation processing unit 11 and secure communication processing unit 12 are the processing unit that adopts the DIVBIT technology.Described DIVBIT technology comprises following two parts:
(1) DIV technology, the english abbreviation of DIV is " Design Diversity "---design diversity, adopt multiple isomery technology (such as different operating system, different C compilers, different test datas, different check words) design, such as different operating system and the application software of operation in two computing machines, so that there be not identical " code defective " in two computing machines, be similar in human inheritance's genetics, " close relative " unmarriageable principle, thereby some non-general character " defective " can not show, thereby can not cause systematic failure;
(2) BIT technology, the english abbreviation of BIT is " Built-in-test ", it is the built in test technology, calculation process module on the integrated circuit board is carried out register, instruction and associated internal memory district to be checked, in case note abnormalities, to hang up the arithmetic operation of computing machine, thus with Failure elimination at " rudiment " state.
The BIT technology can be divided into two parts: power-on self-test IBIT and On-line self-diagnosis CBIT.
Power-on self-test (IBIT) just can be found trouble unit and isolated fault unit when the init state in order to ensure system---" finding early, in time isolation " principle.Power-on self-test carries out after system powers on, and will detect CPU, RAM and ROM successively.Detect and down carry out just now after errorless, otherwise will carry out the fault management subfunction.
IBIT comprises general-purpose register, specified register test and instruction testing to the content measurement of CPU, and register testing adopts the method for testing that walks, and instruction testing will be tested among the CPU all available and may be used by user reduced instruction set computer instructions.Be credibility and the test coverage of guaranteeing test result, register testing and instruction testing code all adopt assembly language to write.
The ram test of IBIT adopts the method that walks that RAM to be measured district is tested (comprising the test of memory address bus and data line).The value that writes at every turn and read is 32.
ROM tests the integrality of main test data storage area, and deposit data district content comprises operating system mirror image, application program and application data, checks word by the computational data storage area and comes proving correctness with the check word that prestores.
According to the general design principles of BIT, in case find fault or mistake, system is with interrupt test, and record trouble information is autoboot then.
Each duty cycle timing operation of On-line self-diagnosis (CBIT) because application program and application data all leave in the internal memory (RAM), does not therefore need to carry out the ROM test, has greatly reduced like this test required time.The On-line self-diagnosis test specification comprises cpu test, ram test.
Native system has adopted real time operating system, and when running application in system, most of specified register is invisible to the user, so the CPU register testing only need be concerned about general-purpose register.General-purpose register test to On-line self-diagnosis writes first test data and then reads out, and checks whether register value is modified according to expectation value.At the test period that walks, also need to consider the coupling fault between the general-purpose register, if namely the test data of certain general-purpose register changes, not only to check this register, other general-purpose registers also must check.
The instruction testing content is consistent with the power-on self-test instruction testing, no longer repeats.
At present the employed internal memory of general-purpose built-in type operating system is larger, and the disposable time of finishing the internal memory self check is longer, therefore usually internal memory is divided into some, each period measuring one fritter, and N cycle of accumulative total finishes once and tests.
CBIT is as an independent task module, separate with the main task module, independently deposit, independent operating, independent memory zone, not acceptor's task module control, when design, take into full account software reliability, its size of code is no more than 10% of main task block code amount, and failure message will be sent to the signal system maintenance terminal except show also record with pilot lamp when next normal operation.
Claims (5)
1. fail-safe computer based on the DIVBIT technology, it is characterized in that, comprise safety compute main frame, safety compute standby host, active and standby handover module, diagnosis maintenance unit and redundant universal gateway, described safety compute main frame is connected with the safety compute standby host, and described active and standby handover module, diagnosis maintenance unit and the universal gateway of being connected connect safety compute main frame and safety compute standby host respectively.
2. a kind of fail-safe computer based on the DIVBIT technology according to claim 1, it is characterized in that, described safety compute main frame and safety compute standby host form by operation processing unit, secure communication processing unit, Security Checking arbitration unit, described operation processing unit, secure communication processing unit are connected with the Security Checking arbitration unit and are connected, described operation processing unit is connected with active and standby handover module, and described secure communication processing unit and Security Checking arbitration unit all are connected with redundant universal gateway.
3. a kind of fail-safe computer based on the DIVBIT technology according to claim 2 is characterized in that, described operation processing unit adopts little processing integrated circuit board of MPC8572CPU chip to form by two.
4. a kind of fail-safe computer based on the DIVBIT technology according to claim 2 is characterized in that, described secure communication processing unit is comprised of a little processing integrated circuit board, and described little processing integrated circuit board is provided with two low-power consumption micro treatment modules that are connected.
5. a kind of fail-safe computer based on the DIVBIT technology according to claim 2 is characterized in that, described operation processing unit and secure communication processing unit are the processing unit that adopts the DIVBIT technology.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201220331279 CN202771317U (en) | 2012-07-09 | 2012-07-09 | Safe computer based on divide binary digit (DIVBIT) technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201220331279 CN202771317U (en) | 2012-07-09 | 2012-07-09 | Safe computer based on divide binary digit (DIVBIT) technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN202771317U true CN202771317U (en) | 2013-03-06 |
Family
ID=47777880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201220331279 Expired - Lifetime CN202771317U (en) | 2012-07-09 | 2012-07-09 | Safe computer based on divide binary digit (DIVBIT) technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN202771317U (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103176876A (en) * | 2013-03-19 | 2013-06-26 | 卡斯柯信号有限公司 | Method and device for efficient and safe computer on-line self-checking |
CN103176875A (en) * | 2013-03-19 | 2013-06-26 | 卡斯柯信号有限公司 | Embedded system power on self test method |
CN113467808A (en) * | 2021-07-12 | 2021-10-01 | 卡斯柯信号有限公司 | Redundant network-based trackside safety platform automatic upgrading method and system |
-
2012
- 2012-07-09 CN CN 201220331279 patent/CN202771317U/en not_active Expired - Lifetime
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103176876A (en) * | 2013-03-19 | 2013-06-26 | 卡斯柯信号有限公司 | Method and device for efficient and safe computer on-line self-checking |
CN103176875A (en) * | 2013-03-19 | 2013-06-26 | 卡斯柯信号有限公司 | Embedded system power on self test method |
CN103176876B (en) * | 2013-03-19 | 2016-09-28 | 卡斯柯信号有限公司 | A kind of computer On-line self-diagnosis method of highly effective and safe and self-checking unit |
CN113467808A (en) * | 2021-07-12 | 2021-10-01 | 卡斯柯信号有限公司 | Redundant network-based trackside safety platform automatic upgrading method and system |
CN113467808B (en) * | 2021-07-12 | 2022-07-26 | 卡斯柯信号有限公司 | Redundant network-based trackside safety platform automatic upgrading method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8576707B2 (en) | Method and apparatus for bus coupling of safety-relevant processes | |
US20140156253A1 (en) | Functional built-in self test for a chip | |
US9275757B2 (en) | Apparatus and method for non-intrusive random memory failure emulation within an integrated circuit | |
CN112714173B (en) | Platform door controller cloud platform system and control method | |
JP2011043957A (en) | Fault monitoring circuit, semiconductor integrated circuit, and faulty part locating method | |
US8527714B2 (en) | Secure avionics equipment and associated method of making secure | |
CN110095978A (en) | One kind 2 multiplies 2 and takes 2 systems and its security diagnostics method | |
CN100468075C (en) | System and method for testing chip | |
CN202771317U (en) | Safe computer based on divide binary digit (DIVBIT) technology | |
CN102968363A (en) | Apparatus and method for the protection and for the non-destructive testing of safety-relevant registers | |
CN102662808B (en) | Method and device for realizing hardware fault detection on PCIE (peripheral component interconnect express) | |
CN101135984A (en) | Hardware information backup device, and method for backup operation information and saving detecting information | |
CN102521086B (en) | Dual-mode redundant system based on lock step synchronization and implement method thereof | |
US10467889B2 (en) | Alarm handling circuitry and method of handling an alarm | |
CN101095119B (en) | Device and method for analyzing embedded systems with test interfaces | |
CN113791937A (en) | Data synchronous redundancy system and control method thereof | |
CN112052113B (en) | Communication link layer message single event effect fault tolerance method and device | |
CN104484260A (en) | Simulation monitoring circuit based on GJB289 bus interface SoC (system on a chip) | |
US20200104204A1 (en) | Fault detection circuit with progress register and status register | |
CN103144657A (en) | Main processing subsystem provided with check plate and used for general trackside safety platform | |
CN106294153A (en) | Method for detecting consistency of UEFI BIOS versions of multiple servers | |
US20240219462A1 (en) | Techniques for debug, survivability, and infield testing of a system-on-a-chip or a system-on-a-package | |
Benso et al. | Online and offline BIST in IP-core design | |
US20230395181A1 (en) | Glitch detection redundancy | |
Tan et al. | Design and reliability, availability, maintainability, and safety analysis of a high availability quadruple vital computer system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CX01 | Expiry of patent term |
Granted publication date: 20130306 |
|
CX01 | Expiry of patent term |