自動(dòng)控制畢業(yè)論文中英文資料外文翻譯--模塊化安全鐵路信號(hào)計(jì)算機(jī)聯(lián)鎖系統(tǒng)_第1頁(yè)
已閱讀1頁(yè),還剩13頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶(hù)提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、<p><b>  中文2570字</b></p><p><b>  外文文獻(xiàn)翻譯</b></p><p>  院 、 部: 電氣與信息工程學(xué)院 </p><p>  學(xué)生姓名: </p><p>  指導(dǎo)教師: 職稱(chēng)

2、講師 </p><p>  專(zhuān) 業(yè): 自動(dòng)化 </p><p>  班 級(jí): 09級(jí)01班 </p><p>  完成時(shí)間: 2013.06.06 </p><p>  出處:Computing, Communication, Control, and

3、Management, 2008. CCCM'08. ISECS International Colloquium on. IEEE, 2008, 1: 538-541</p><p>  Component-based Safety Computer of Railway Signal Interlocking System</p><p>  1 Introduction<

4、;/p><p>  Signal Interlocking System is the critical equipment which can guarantee traffic safety and enhance operational efficiency in railway transportation. For a long time, the core control computer adopts

5、in interlocking system is the special customized high-grade safety computer, for example, the SIMIS of Siemens, the EI32 of Nippon Signal, and so on. Along with the rapid development of electronic technology, the customi

6、zed safety computer is facing severe challenges, for instance, the high developm</p><p>  2 Railways signal interlocking system</p><p>  2.1 Functions of signal interlocking system</p>&l

7、t;p>  The basic function of signal interlocking system is to protect train safety by controlling signal equipments, such as switch points, signals and track units in a station, and it handles routes via a certain inte

8、rlocking regulation.</p><p>  Since the birth of the railway transportation, signal interlocking system has gone through manual signal, mechanical signal, relay-based interlocking, and the modern computer-ba

9、sed Interlocking System.</p><p>  2.2 Architecture of signal interlocking system </p><p>  Generally, the Interlocking System has a hierarchical structure. According to the function of equipment

10、s, the system can be divided to the function of equipments; the system can be divided into three layers as shown in figure1.</p><p>  Figure 1 Architecture of Signal Interlocking System</p><p> 

11、 3 Component-based safety computer design</p><p>  3.1 Design strategy</p><p>  The design concept of component-based safety critical computer is different from that of special customized comput

12、er. Our design strategy of SIC is on a base of fault-tolerance and system integration. We separate the SIC into three layers, the standardized component unit layer, safety software layer and the system layer. Different s

13、afety functions are allocated for each layer, and the final integration of the three layers ensures the predefined safety integrity level of the whole SIC. The three </p><p>  (1) Component unit layer includ

14、es four independent standardized CPU modules. A hardware “SAFETY AND” logic is implemented in this year.</p><p>  (2) Safety software layer mainly utilizes fail-safe strategy and fault-tolerant management. T

15、he interlocking safety computing of the whole system adopts two outputs from different CPU, it can mostly ensure the diversity of software to hold with design errors of signal version and remove hidden risks.</p>

16、<p>  (3) System layer aims to improve reliability, availability and maintainability by means of redundancy.</p><p>  3.2Design of hardware fault-tolerant structure</p><p>  As shown in fi

17、gure 2, the SIC of four independent component units (C11, C12, C21, C22). The fault-tolerant architecture adopts dual 2 vote 2 (2v2×2) structure, and a kind of high-performance standardized module has been selected

18、as computing unit which adopts Intel X Scale kernel, 533 MHZ. </p><p>  The operation of SIC is based on a dual two-layer data buses. The high bus adopts the standard Ethernet and TCP/IP communication protoc

19、ol, and the low bus is Controller Area Network (CAN). C11、C12 and C21、C22 respectively make up of two safety computing components IC1 and IC2, which are of 2v2 structure. And each component has an external dynamic circu

20、it watchdog that is set for computing supervision and switching. </p><p>  Figure 2 Hardware structure of SIC</p><p>  3.3Standardized component unit</p><p>  After component modul

21、e is made certain, according to the safety-critical requirements of railway signal interlocking system, we have to do a secondary development on the module. The design includes power supply, interfaces and other embedded

22、 circuits.</p><p>  The fault-tolerant processing, synchronized computing, and fault diagnosis of SIC mostly depend on the safety software. Here the safety software design method is differing from that of th

23、e special computer too. For dedicated computer, the software is often specially designed based on the bare hardware. As restricted by computing ability and application object, a special scheduling program is commonly des

24、igned as safety software for the computer, and not a universal operating system. The fault-to</p><p>  The safety software is vital element of secondary development. It includes Linux OS adjustment, fail-saf

25、e process, fault-tolerance management, and safety interlocking logic. The hierarchy relations between them are shown in Figure 4. </p><p>  Figure 4 Safety software hierarchy of SIC</p><p>  3.4

26、Fault-tolerant model and safety computation</p><p>  3.4.1 Fault-tolerant model</p><p>  The Fault-tolerant computation of SIC is of a multilevel model:</p><p>  SIC=F1002D(F2002(S

27、c11,Sc12),F2002(Sc21,Sc22))</p><p>  Firstly, basic computing unit Ci1 adopts one algorithm to complete the SCi1, and Ci2 finishes the SCi2 via a different algorithm, secondly 2 out of 2 (2oo2) safety comput

28、ing component of SIC executes 2oo2 calculation and gets FSICi from the calculation results of SCi1 SCi2, and thirdly, according the states of watchdog and switch unit block, the result of SIC is gotten via a 1 out of 2 w

29、ith diagnostics (1oo2D) calculation, which is based on FSIC1 and FSIC2.</p><p>  The flow of calculations is as follows:</p><p>  (1) Sci1=F ci1 (Dnet1,Dnet2,Ddi,Dfss)</p><p>  (2)

30、Sci2=F ci2 (Dnet1,Dnet2,Ddi,Dfss)</p><p>  (3) FSICi=F2oo2 (Sci1, Sci2 ),(i=1,2)</p><p>  (4) SIC_OutPut=F1oo2D (FSIC1, FSIC2)</p><p>  3.4.2 Safety computation</p><p>

31、  As interlocking system consists of a fixed set of task, the computational model of SIC is task-based. In general, applications may conform to a time-triggered, event-triggered or mixed computational model. Here the tim

32、e-triggered mode is selected, tasks are executed cyclically. The consistency of computing states between the two units is the foundation of SIC for ensuring safety and credibility. As SIC works under a loosely coupled mo

33、de, it is different from that of dedicated hardware-coupled co</p><p>  SIC can be considered as a multiprocessor distributed system, and its computational model is essentially based on data comparing via hi

34、gh bus communication. First, an analytical approach is used to confirm the worst-case response time of each task. To guarantee the deadline of tasks that communicate across the network, the access time and delay of commu

35、nication medium is set to a fixed possible value. Moreover, the computational model must meets the real time requirements of railway interlocking</p><p>  Figure 5 Safety computational model of SIC</p>

36、<p>  4. Hardware safety integrity level evaluation</p><p>  4.1 Safety Integrity </p><p>  As an authoritative international standard for safety-related system, IEC 61508 presents a defi

37、nition of safety integrity: probability of a safety-related system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time. In IEC 61508, there are four leve

38、ls of safety integrity are prescribe, SIL1~SIL4. The SIL1 is the lowest, and SIL4 highest.</p><p>  According to IEC 61508, the SIC belongs to safety-related systems in high demand or continuous mode of oper

39、ation. The SIL of SIC can be evaluated via the probability of dangerous per hour. The provision of SIL about such system in IEC 61508, see table 1.</p><p>  Table 1-Safety Integrity levels: target failure me

40、asures for a safety function operating in high demand or continuous mode of operation</p><p>  4.2 Reliability block diagram of SIC</p><p>  After analyzing the structure and working principle o

41、f the SIC, we get the bock diagram of reliability, as figure 6.</p><p>  Figure 6 Block diagram of SIC reliability</p><p>  5. Conclusions </p><p>  In this paper, we proposed an av

42、ailable standardized component-based computer SIC. Railway signal interlocking is a fail-safe system with a required probability of less than 10-9 safety critical failures per hour. In order to meet the critical constrai

43、nts, fault-tolerant architecture and safety tactics are used in SIC. Although the computational model and implementation techniques are rather complex, the philosophy of SIC provides a cheerful prospect to safety critica

44、l applications, it renders i</p><p>  模塊化安全鐵路信號(hào)計(jì)算機(jī)聯(lián)鎖系統(tǒng)</p><p><b>  1概述</b></p><p>  信號(hào)聯(lián)鎖系統(tǒng)是保證交通安全、提高鐵路運(yùn)輸效率的關(guān)鍵設(shè)備。長(zhǎng)期以來(lái),在聯(lián)鎖系統(tǒng)中采用的核心控制計(jì)算機(jī)是特定的高檔安全計(jì)算機(jī),例如,西門(mén)子的SIMIS、日本信號(hào)的EI32等。

45、隨著電子技術(shù)的飛速發(fā)展,定制的安全計(jì)算機(jī)面臨著嚴(yán)重的挑戰(zhàn),例如:高的開(kāi)發(fā)成本、可用性差、弱可擴(kuò)展性、和緩慢的技術(shù)更新。為了克服高檔特定計(jì)算機(jī)的缺點(diǎn),美國(guó)國(guó)防部提出:我們應(yīng)該采用商業(yè)標(biāo)準(zhǔn),來(lái)取代軍事準(zhǔn)則和滿(mǎn)足客戶(hù)需要的標(biāo)準(zhǔn)。與此同時(shí),有許多關(guān)于在電子設(shè)備中采用開(kāi)放式系統(tǒng)結(jié)構(gòu)的探索與實(shí)踐。美國(guó)和歐洲已經(jīng)做了很多關(guān)于利用利用劃算的容錯(cuò)計(jì)算機(jī)來(lái)代替專(zhuān)用電腦在航天和其它安全關(guān)鍵領(lǐng)域。近年來(lái),在航空航天、工業(yè)、交通和其它安全關(guān)鍵領(lǐng)域,利用標(biāo)準(zhǔn)化部件

46、正逐步成為一種新的趨勢(shì)。</p><p>  2 鐵路信號(hào)聯(lián)鎖系統(tǒng)</p><p>  2.1信號(hào)聯(lián)鎖系統(tǒng)的功能</p><p>  信號(hào)聯(lián)鎖系統(tǒng)的基本功能是通過(guò)控制信號(hào)設(shè)備,保護(hù)列車(chē)運(yùn)行安全。如控制道岔的轉(zhuǎn)換、信號(hào)的開(kāi)放和控制列車(chē)通過(guò)車(chē)站,它通過(guò)一種聯(lián)鎖處理規(guī)則控制線(xiàn)路。</p><p>  自鐵路運(yùn)輸誕生以來(lái)、信號(hào)聯(lián)鎖系統(tǒng)已經(jīng)經(jīng)歷了手動(dòng)信

47、號(hào)、機(jī)械信號(hào)、繼電器聯(lián)鎖和現(xiàn)代計(jì)算機(jī)聯(lián)鎖系統(tǒng)。</p><p>  2.2信號(hào)聯(lián)鎖系統(tǒng)的構(gòu)架</p><p>  一般來(lái)說(shuō),聯(lián)鎖系統(tǒng)具有層次結(jié)構(gòu)。根據(jù)設(shè)備的功能,系統(tǒng)可分為三層,如圖1所示。</p><p>  圖1 信號(hào)聯(lián)鎖系統(tǒng)的結(jié)構(gòu)</p><p>  3 安全計(jì)算機(jī)的組件設(shè)計(jì)</p><p><b> 

48、 3.1設(shè)計(jì)策略</b></p><p>  模塊化安全關(guān)鍵計(jì)算機(jī)組件的設(shè)計(jì)理念不同于那些特殊定制的計(jì)算機(jī)。我們對(duì)安全聯(lián)鎖計(jì)算機(jī)的設(shè)計(jì)理念是基于系統(tǒng)的容錯(cuò)性和系統(tǒng)的綜合需求。將其分為三層:標(biāo)準(zhǔn)化組成單元層、軟件安全層與系統(tǒng)層,并給每一層分配不同的安全功能,最終將三層集成,并確保系統(tǒng)達(dá)到預(yù)定的安全完整性水平。三層可以描述如下:</p><p>  (1) 標(biāo)準(zhǔn)化組成單元層包括四個(gè)

49、獨(dú)立的標(biāo)準(zhǔn)化CPU模塊。這一層實(shí)現(xiàn)硬件“安全”邏輯聯(lián)鎖。</p><p>  (2) 軟件安全層主要用故障-安用策略和容錯(cuò)算法。由于一個(gè)完整的安全聯(lián)鎖系統(tǒng)采用兩個(gè)不同的CPU輸出的結(jié)果,所以最能確保軟件設(shè)計(jì)某一版本,在設(shè)計(jì)時(shí)存在的多種錯(cuò)誤,清除潛在的風(fēng)險(xiǎn)。</p><p>  (3) 系統(tǒng)層,旨在提高系統(tǒng)的可用性和冗余系統(tǒng)的可維護(hù)性。</p><p>  3.2容錯(cuò)

50、結(jié)構(gòu)的硬件設(shè)計(jì)</p><p>  如圖2所示,安全聯(lián)鎖計(jì)算機(jī)由四個(gè)獨(dú)立單元組成(C11,C12,C21,C22)。采用雙容錯(cuò)結(jié)構(gòu)設(shè)計(jì)(2×2取2)結(jié)構(gòu),計(jì)算單元選用高可靠性、高效率的模塊,采用了英特爾XScale內(nèi)核,533兆赫的處理器。</p><p>  安全聯(lián)鎖計(jì)算機(jī)的操作基于兩層數(shù)據(jù)總線(xiàn)上。高速總線(xiàn)采用標(biāo)準(zhǔn)以太網(wǎng)結(jié)構(gòu)和TCP / IP通信協(xié)議、低總線(xiàn)控制器局域網(wǎng)(CAN

51、)。C11、C12和C21、C22分別組成兩個(gè)獨(dú)立的安全計(jì)算部件IC1和IC2,并構(gòu)成2乘2取2結(jié)構(gòu),并且每一部分都有計(jì)算機(jī)監(jiān)控和外部開(kāi)關(guān)電路動(dòng)態(tài)監(jiān)測(cè)。</p><p>  圖2 SIC硬件結(jié)構(gòu)</p><p>  3.3標(biāo)準(zhǔn)化組成單元</p><p>  在研究清楚組成模塊后,根據(jù)鐵路信號(hào)聯(lián)鎖系統(tǒng)的臨界安全性要求,我們必須做一個(gè)二次開(kāi)發(fā)的模塊。該設(shè)計(jì)主要包括電源

52、、接口和其他嵌入式電路。</p><p>  安全聯(lián)鎖計(jì)算機(jī)的容錯(cuò)計(jì)算、處理、故障的同步診斷主要依靠安全軟件。這個(gè)安全軟件的設(shè)計(jì)方法不同于其他專(zhuān)用的特殊計(jì)算機(jī)。在專(zhuān)用特殊計(jì)算機(jī)中,軟件通?;趩我宦懵队布貏e設(shè)計(jì),限于計(jì)算處理能力和軟件兼容性,在電腦上特殊的調(diào)度程序一般基于安全性軟件設(shè)計(jì),而不是一個(gè)普通的操作系統(tǒng)。專(zhuān)用計(jì)算機(jī)中容錯(cuò)處理系統(tǒng)和故障診斷系統(tǒng)通過(guò)硬件耦合。然而,安全聯(lián)鎖計(jì)算機(jī)中的安全軟件是開(kāi)放、寬松的

53、,它基于標(biāo)準(zhǔn)的Linux操作系統(tǒng)。</p><p>  安全軟件的二次開(kāi)發(fā)是至關(guān)重要的。它包括Linux系統(tǒng)調(diào)整,故障-安全導(dǎo)向、容錯(cuò)性管理,安全聯(lián)鎖的邏輯。它們之間的層次關(guān)系如圖3。</p><p>  圖3 SIC的安全軟件層次關(guān)系</p><p>  3.4容錯(cuò)模型和安全估計(jì)算</p><p>  3.4.1 容錯(cuò)模型</p>

54、;<p>  安全聯(lián)鎖計(jì)算機(jī)的多層容錯(cuò)計(jì)算模型:</p><p>  SIC= F1oo2D (F2oo2(SC11, S C12 ), F2oo2 (SC21,SC22)</p><p>  首先,根據(jù)計(jì)算單元Ci1采用一個(gè)算法來(lái)完成Sci1,Ci2計(jì)算單元通過(guò)不同的算法完成Sci2,其次,安全聯(lián)鎖計(jì)算機(jī)實(shí)行二乘二取二算法計(jì)算得到的結(jié)果和Sci1、Sci2計(jì)算,輸出到FSI

55、Ci中的結(jié)果,再進(jìn)行二乘二取二運(yùn)算,第三,根據(jù)監(jiān)視系統(tǒng)和開(kāi)關(guān)單元塊,安全聯(lián)鎖計(jì)算機(jī)運(yùn)算的結(jié)果在基于FSIC1和 FSIC2輸出的結(jié)果上,經(jīng)過(guò)與門(mén)的診斷處理(2取1),就計(jì)算出Sci1。同樣的,根據(jù)Ci2的計(jì)算結(jié)果通過(guò)不同的算法也完成Sci2。</p><p><b>  計(jì)算流程如下:</b></p><p>  (1) Sci1=F ci1 (D net1,Dnet

56、2,Ddi,Dfss);</p><p>  (2) Sci2=F ci2 (D net1,Dnet2,Ddi,Dfss);</p><p>  (3) FSIC1=F2oo2 (S ci1,Sci2),(i=1,2);</p><p>  (4) SIC OutPut=Floo2D(FSIC1,F(xiàn)SIC2)。</p><p>  3.4.

57、2 安全性計(jì)算</p><p>  由于聯(lián)鎖系統(tǒng)由一組固定的任務(wù)構(gòu)成,故SIC的計(jì)算模型是基于任務(wù)的。通常,應(yīng)用程序可符合一個(gè)時(shí)間觸發(fā)、事件觸發(fā)或者混合的計(jì)算模型。這里選用時(shí)間觸發(fā)的計(jì)算模型,循環(huán)執(zhí)行任務(wù)。為保證安全性和可信度,單元之間的計(jì)算機(jī)狀態(tài)的一致性是SIC的基礎(chǔ)。因?yàn)镾IC工作在一個(gè)松散耦合的模式,它不同于專(zhuān)用的硬件耦合的計(jì)算機(jī)。所以SIC需要一個(gè)專(zhuān)業(yè)的同步算法。</p><p>

58、  SIC可以被視為是一種多處理器分布式系統(tǒng),其計(jì)算模型實(shí)質(zhì)上是基于通過(guò)較高的總線(xiàn)通信的數(shù)據(jù)。首先,一種解析方法是用于證實(shí)每項(xiàng)任務(wù)的最差的響應(yīng)時(shí)間。為了保證通過(guò)網(wǎng)絡(luò)溝通的任務(wù)的最后期限,傳播媒介的訪(fǎng)問(wèn)時(shí)間和延遲被設(shè)計(jì)為固定值。此外,計(jì)算模型必須滿(mǎn)足鐵路聯(lián)鎖系統(tǒng)在系統(tǒng)計(jì)算周期的實(shí)時(shí)要求,我們?cè)O(shè)了許多檢查點(diǎn)Pi(i=1,2,…n),取值很小,能實(shí)現(xiàn)同步,并且在每個(gè)檢查點(diǎn)得出計(jì)算結(jié)果。SIC的安全計(jì)算流如圖4所示。</p>&l

59、t;p>  圖4 SIC的安全計(jì)算模型</p><p>  4 硬件的安全完整性水平評(píng)價(jià)</p><p><b>  4.1安全完整性</b></p><p>  作為國(guó)際權(quán)威的安全體系方面的標(biāo)準(zhǔn),國(guó)際電工委員會(huì)61508提出關(guān)于安全完整性方面的定義:在規(guī)定的條件下、規(guī)定的時(shí)間內(nèi),安全系統(tǒng)成功實(shí)現(xiàn)所要求的安全功能的概率。IEC61508定

60、義了4個(gè)層次的安全完整性,SIL1 ~ SIL4。SIL1是最低的,SIL4最高。</p><p>  根據(jù)IEC 61508,安全聯(lián)鎖計(jì)算機(jī)屬于高需求或連續(xù)運(yùn)行模式系統(tǒng)。安全聯(lián)鎖計(jì)算機(jī)的安全完整性級(jí)別可以通過(guò)系統(tǒng)每小時(shí)的潛在危險(xiǎn)估算出來(lái),在IEC61508中,安全完整性級(jí)別是這樣定義的,如表1所示:</p><p>  表1 高需求或連續(xù)運(yùn)行模式系統(tǒng)在安全功能啟動(dòng)情況下的失效點(diǎn)</

61、p><p>  4.2安全聯(lián)鎖計(jì)算機(jī)的可靠性框圖</p><p>  在分析了安全完整性級(jí)別的的結(jié)構(gòu)和工作原理的基礎(chǔ)上,我們得到其可靠性的結(jié)構(gòu)圖,如圖5所示。</p><p>  圖5 SIC的可靠性結(jié)構(gòu)圖</p><p><b>  5結(jié)論</b></p><p>  在本文中,我們提出了一種有效的

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶(hù)所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 眾賞文庫(kù)僅提供信息存儲(chǔ)空間,僅對(duì)用戶(hù)上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶(hù)上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶(hù)因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論