CN103440184A - Method for space-borne computer state rollback warm backup of pico-satellite - Google Patents
Method for space-borne computer state rollback warm backup of pico-satellite Download PDFInfo
- Publication number
- CN103440184A CN103440184A CN2013103648666A CN201310364866A CN103440184A CN 103440184 A CN103440184 A CN 103440184A CN 2013103648666 A CN2013103648666 A CN 2013103648666A CN 201310364866 A CN201310364866 A CN 201310364866A CN 103440184 A CN103440184 A CN 103440184A
- Authority
- CN
- China
- Prior art keywords
- key message
- dsp
- backrush
- fpga
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for space-borne computer state rollback warm backup of a pico-satellite. The method is conducted in a system comprising a double-module isomorphism microprocessor module, an FPGA and an FLASH, wherein the double-module isomorphism microprocessor module, the FPGA and the FLASH are connected in sequence and the double-module isomorphism microprocessor module is composed of two isomorphism DSPs; key data in the process of DSP calculation are stored through the FLASH so that a key data array can be formed, the correct key data are selected from the data array according to a comparing method in the process of switching, and DSP previous work is recovered. The method is mainly used in a pico-satellite space-borne computer system with small size and low efficiency, satisfies the requirements for combination of instantaneity and reliability and has certain universality.
Description
Technical field
The present invention relates to the implementation method of the state backrush warm spare of satellite, relate in particular to a kind of method of skin satellite carried computer state backrush warm spare.
Background technology
The skin satellite refers to the ultra micro moonlet that weight is feather weight, it is generally with microelectronics, MEMS(Micro Electronic Mechanical System, Micro Electro Mechanical System), the microminaturization technology such as multi-chip package assembling is basis, has from the main control degree is high, lightweight, the lead time is short, mobility strong, cost and the characteristics such as launch cost is low.
The skin satellite, as a complete orbiter, will experience and bear each severe environmental conditions in powered phase and orbital flight process.This requires the spaceborne computer management system of skin satellite to have very high reliability.In traditional design of satellites, usually adopt the integrated application of the several different methods such as high-grade device, a large amount of discrete component and other backup of subsystem level and measure to guarantee reliability.This method for designing, conflict mutually with the own characteristic of skin satellite.Especially the Chinese Universities ' of take is in main skin satellite development, lacks that high-grade device obtains channel, research fund is limited, and the limitation of the method is more obvious.
In order to improve the reliability of skin satellite system, the core calculations unit is adopted usually to the measures such as bimodulus backup, triplication redundancy.Wherein bimodulus backs up relative triplication redundancy, is a kind of to power consumption and the lower reliability guarantee method of volume requirement, and range of application is comparatively extensive.
The bimodulus backup is usually by cold standby, Hot Spare, three kinds of methods of warm spare.Wherein, cold standby is concerning device, and SEU event (Single Event Upset, single-particle inversion) is the safest relatively, but the real-time of cold standby is poor, need to wait for for a long time that when active and standby switching backup units enters normal operating conditions; The Hot Spare real-time is best, but its reliability to SEU does not have essential lifting, with main frame, has identical probability to be subject to the impact of SEU; Warm spare falls between, and can reduce to a certain extent the impact of SEU event, can meet again the requirement of real-time of General System.
At present, warm spare scheme deficiency is both at home and abroad: only the critical data in operational process is adopted to single backup, lack and consider that there is wrong situation in the key message that backs up itself, this will impact continuity and the correctness of system after the backup switching.
Summary of the invention
The invention provides a kind of method of skin satellite carried computer state backrush warm spare, the method mainly applies to the board computer system of skin satellite, taken into account real-time and the reliability requirement of skin satellite system, there is certain versatility, extended in other satellite systems.
A kind of method of skin satellite carried computer state backrush warm spare, be implemented in the system that comprises the bimodulus isomorphism microprocessor module, FPGA and the FLASH that connect successively, and described bimodulus isomorphism microprocessor module is comprised of two isomorphism DSP; Described method comprises the following steps:
(1) load successively two isomorphism DSP, and two DSP export loading simultaneously and successfully identify to FPGA, FPGA successfully identifies and wakes arbitrary DSP up as main DSP according to described loading, and another DSP is as backup DSP;
(2) main DSP is saved to the key message produced in calculating process in the key message queue of FLASH, and main DSP timed sending heartbeat signal is given described FPGA simultaneously;
(3) FPGA judges the running status of main DSP according to the monitoring situation of heartbeat signal;
If a) main DSP is working properly, cycling step (2);
B) abnormal if main DSP occurs, FPGA sends the switching action command and enables backup DSP;
(4) the last correct key message is extracted in backup DSP backrush from described key message queue, and will back up DSP as new main DSP, the processor active task that the described correct key message of take is the last main DSP of recovery point continuation.
FPGA comprises data interaction module, bus selection module and the heartbeat monitor module connected successively, and two isomorphism DSP all are connected with described data interaction module, bus selection module and heartbeat monitor module; FLASH is provided with the data management module be connected with described data interaction module.
Described bimodulus isomorphism microprocessor module is by 2 isomorphism low-power consumption DSP(Digital Signal Processor, digital signal processor) form active/standby mode, groundwork is divided into Star Service and calculates, extracts key point, loads key point three parts.Realize the functions such as the management of skin satellite Star Service, instruction transmitting-receiving, data acquisition, computing and processing when normal operation; To take regularly or event is that the key point information Sampling hold that triggers is to message queue; When switching action, obtain correct key point information by comparing mechanism from described data management module, guarantee continuity and correctness that Star Service calculates.
The heartbeat monitor module is realized by FPGA, mainly completes and realizes bimodulus isomorphism microprocessor work status monitoring.The listen mode that module is monitored in described heartbeat adopts house dog mechanism, periodically receive the heartbeat signal from current main DSP, do not judge that current main DSP lost efficacy if listen at the appointed time current main DSP heartbeat signal, otherwise judge that current main DSP is normal, and this court verdict is informed to described bus selection module.
The bus selection module is realized by FPGA, according to described heartbeat monitor module feedback, according to the dsp bus switchover policy, adjudicates the active and standby machine state of bimodulus isomorphism DSP.Described dsp bus switchover policy, receive described heartbeat monitor module heartbeat and monitor feedback, if current main DSP heartbeat stops, by bus switch to backing up DSP.
The data interaction module is realized by FPGA, provides the program of bimodulus isomorphism microprocessor to load the key point information queue stores passage produced in passage and bimodulus isomorphism microprocessor computation process.
Data management module provides the storage of bimodulus isomorphism microprocessor loading procedure and the storage that bimodulus isomorphism microprocessor calculates the key point information queue produced in FLASH.Further, for the key point information queue of data management module, can be as required to key point information queue set, but generally be not less than 8; To the setting of key point status information, usually select the important input parameter etc. of system time, sustainable amount, computing function have before and after the parameter of dependence arrange.When carrying out the system recovery, adopt the backrush mode, extract successively up-to-date key point and recover comparison from the key message queue.
After described backup DSP enables, send corresponding signal to described FPGA, FPGA is according to the opening of the reception condition judgement backup DSP of signal, normal if signal receives, and carries out next step operation, if signal takes defeat, sends alerting signal.
Described key message comprises data source and the result corresponding with data source, the key message that backup DSP extracts backrush is verified successively, described correct key message should be satisfied condition be: the backup DSP calculate the result corresponding with data source according to the data source in key message, this result equates with the result in former key message.
The process that the key message that backup DSP extracts backrush is verified is: take the last key message as initial, successively each time each key message forward verified, until extract correct key message.
While being verified, the key message Bi to be verified for any, i means sequence number;
If a) key message Bi meets the condition of correct key message, using key message Bi as correct key message;
B), if key message Bi does not meet the condition of correct key message, delete key message Bi, enter key message B(i-1 next time) checking.
After all key messages all extract one time in the key message queue, do not search out correct key message, send the alarm signal.
Compared with prior art, the present invention has following useful technique effect:
1) the present invention has adopted the storage mode of key message queue for important parameter, compares single key point storage mode in the past, has reliability high, but the strong characteristics of recovery capability.
2) the present invention relies on the Programmadle logic gate array FPGA, the system fast operation, but efficient solution is softened part, improves software work efficiency.
3) lift-launch of the present invention and microsatellite, Primary Component all adopts low-power chip, has overcome the larger weakness of bimodulus warm spare system power dissipation in the past.
The accompanying drawing explanation
Fig. 1 is skin satellite carried computer state backrush warm spare hardware connection diagram.
Fig. 2 is state backrush warm spare DSP main program flow chart.
Fig. 3 is state backrush warm spare DSP handover scheme program flow diagram.
Fig. 4 is that theory diagram is called in state backrush warm spare FLASH key message queue stores and backrush.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further details.
A kind of device of skin satellite carried computer state backrush warm spare, comprising: bimodulus isomorphism microprocessor module, heartbeat monitor module, bus selection module, data interaction module, data management module.Be illustrated in figure 1 the hardware annexation schematic diagram between modules.Described bimodulus isomorphism microprocessor module is connected with described bus selection module, heartbeat monitor module, data interaction module; Described bus selection module is connected with described heartbeat monitor module, data interaction module; Described data management module is connected with the data interaction module.
Bimodulus isomorphism microprocessor module is comprised of two isomorphism low-power consumption DSP, and outside exented memory is selected the SDRAM that 2 capacity are 256Mb, and input clock is provided by the 24Mhz crystal oscillator, and all designs comprise that its supply module all keeps highly consistent on hardware.Bimodulus isomorphism microprocessor module sends instruction, operation result to FPGA by the EMA interface, receives the data that FPGA gathers from each subsystem simultaneously; Design interrupt priority level administration module, respond each road external interrupt by the GPIO interface; After choosing the DSP loading mode, by general SPI interface, be used for loading the dsp software program; In addition, GPIO interface timing output synchronous square-wave signal is for the high precision alignment of clock synchronization module.As the master control device of state backrush warm spare, this module is mainly used in realizing the functions such as the management of skin satellite Star Service, instruction transmitting-receiving, data acquisition, computing, processing.
Bimodulus isomorphism microprocessor module main program flow chart as shown in Figure 2.The implementation method that DSP normally starts work is as follows:
(1) two isomorphism DSP loads successively;
(2) EMA, GPIO are configured;
(3) output loads successfully and identifies to FPGA, and wake-up interrupts is configured;
(4) enter the Idle pattern and wait for external interrupt wakeup;
(5) read key message from the key message queue and recover correct duty;
(6) send heartbeat signal to FPGA;
(7) poll is carried out the tasks such as Star Service management, instruction transmitting-receiving, data acquisition, computing, processing;
(8) key message in task is saved in the key message queue in FLASH.
When the heartbeat monitor module listens to current main DSP Lungs from Non-Heart-Beating signal, will send backrush warm spare switching action command, and be illustrated in figure 3 state backrush warm spare DSP handover scheme program flow diagram, its implementation is as follows:
(1) main DSP normal operation, be saved to the key message produced in calculating process in the key message queue of FLASH;
(2) when the heartbeat monitoring module listens to current main DSP Lungs from Non-Heart-Beating signal, send switching command;
(3) up-to-date key point is read in backup DSP backrush from the queue of FLASH key message, and is calculated;
(4) if calculating the key point data correctly usings this key point and recover previous computing as recovery point, otherwise continue to read time new key point from FLASH key message queue backrush, circulate with this;
(5) complete recovery operation, before having backed up DSP becomes current main DSP, and previous main DSP becomes current backup DSP, and re-starts the key message preservation;
In this state backrush warm spare implementation method, the FLASH data management module to the principle of key message queue management as shown in Figure 4.
At first, when main DSP normal operation, will constantly produce critical data, data management module is preserved this critical data with the form of queue.
Receive, when main DSP loses efficacy, the warm spare handoff procedure occurred, backup DSP will backrush read the last key message from the key message queue of data management module, and to the key message the read judgement of being corrected errors, if the mistake of being judged as, by this, wrong key message is deleted from queue, and again extracts current the last key message and judged.
Finally, when backup DSP searches out correct key message, show the backrush success, previous backup DSP will become current main DSP, and continue previous task, the critical data in work will be saved in the critical data queue of data management module simultaneously.
Claims (6)
1. the method for a skin satellite carried computer state backrush warm spare, it is characterized in that, be implemented in the system that comprises the bimodulus isomorphism microprocessor module, FPGA and the FLASH that connect successively, described bimodulus isomorphism microprocessor module is comprised of two isomorphism DSP; Described method comprises the following steps:
(1) load successively two isomorphism DSP, and two DSP export loading simultaneously and successfully identify to FPGA, FPGA successfully identifies and wakes arbitrary DSP up as main DSP according to described loading, and another DSP is as backup DSP;
(2) main DSP is saved to the key message produced in calculating process in the key message queue of FLASH, and main DSP timed sending heartbeat signal is given described FPGA simultaneously;
(3) FPGA judges the running status of main DSP according to the monitoring situation of heartbeat signal;
If a) main DSP is working properly, cycling step (2);
B) abnormal if main DSP occurs, FPGA sends the switching action command and enables backup DSP;
(4) the last correct key message is extracted in backup DSP backrush from described key message queue, and will back up DSP as new main DSP, the processor active task that the described correct key message of take is the last main DSP of recovery point continuation.
2. the method for skin satellite carried computer state backrush warm spare as claimed in claim 1, it is characterized in that, in step (3), after described backup DSP enables, send corresponding signal to described FPGA, FPGA is according to the opening of the reception condition judgement backup DSP of signal, if signal receives normal, carry out next step operation, if signal takes defeat, send alerting signal.
3. the method for skin satellite carried computer state backrush warm spare as claimed in claim 1, it is characterized in that, described key message comprises data source and the result corresponding with data source, the key message that backup DSP extracts backrush is verified successively, described correct key message should be satisfied condition be: the backup DSP calculate the result corresponding with data source according to the data source in key message, this result equates with the result in former key message.
4. the method for skin satellite carried computer state backrush warm spare as claimed in claim 1, it is characterized in that, the process that the key message that backup DSP extracts backrush is verified is: take the last key message as initial, successively each time each key message forward verified, until extract correct key message.
5. the method for skin satellite carried computer state backrush warm spare as claimed in claim 4, is characterized in that, while being verified, and the key message Bi to be verified for any, i means sequence number;
If a) key message Bi meets the condition of correct key message, using key message Bi as correct key message;
B), if key message Bi does not meet the condition of correct key message, delete key message Bi, enter key message B(i-1 next time) checking.
6. the method for skin satellite carried computer state backrush warm spare as claimed in claim 5, is characterized in that, after all key messages all extract one time in the key message queue, do not search out correct key message, sends the alarm signal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310364866.6A CN103440184B (en) | 2013-08-20 | 2013-08-20 | The method of one seed coat satellite carried computer state backrush warm spare |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310364866.6A CN103440184B (en) | 2013-08-20 | 2013-08-20 | The method of one seed coat satellite carried computer state backrush warm spare |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103440184A true CN103440184A (en) | 2013-12-11 |
| CN103440184B CN103440184B (en) | 2016-12-28 |
Family
ID=49693875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310364866.6A Active CN103440184B (en) | 2013-08-20 | 2013-08-20 | The method of one seed coat satellite carried computer state backrush warm spare |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103440184B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104216846A (en) * | 2014-08-12 | 2014-12-17 | 西北工业大学 | Pico-satellite computer system based on quad-core microprocessor of android mobile phone |
| CN105320805A (en) * | 2015-08-21 | 2016-02-10 | 浙江大学 | Pico-satellite multi-source reliability information fusion method |
| CN111736453A (en) * | 2020-06-18 | 2020-10-02 | 西安微电子技术研究所 | Method and circuit structure for controlling abnormal instruction output |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080066381A (en) * | 2007-01-12 | 2008-07-16 | 엘지전자 주식회사 | Method for upgrading software |
| CN101615147A (en) * | 2009-07-23 | 2009-12-30 | 浙江大学 | The skin satellite is based on the fault-tolerance approach of the memory module of FPGA |
| CN101866308A (en) * | 2009-08-06 | 2010-10-20 | 浙江大学 | FPGA expansion based Picosat house-keeping system |
| CN103226484A (en) * | 2013-04-15 | 2013-07-31 | 浙江大学 | On-orbit update method for satellite-borne integrated electronic system program |
-
2013
- 2013-08-20 CN CN201310364866.6A patent/CN103440184B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080066381A (en) * | 2007-01-12 | 2008-07-16 | 엘지전자 주식회사 | Method for upgrading software |
| CN101615147A (en) * | 2009-07-23 | 2009-12-30 | 浙江大学 | The skin satellite is based on the fault-tolerance approach of the memory module of FPGA |
| CN101866308A (en) * | 2009-08-06 | 2010-10-20 | 浙江大学 | FPGA expansion based Picosat house-keeping system |
| CN103226484A (en) * | 2013-04-15 | 2013-07-31 | 浙江大学 | On-orbit update method for satellite-borne integrated electronic system program |
Non-Patent Citations (2)
| Title |
|---|
| 张程烨: "面向星载计算的局部检查点机制", 《中国优秀硕士学位论文全文数据库 工程科技II集》, no. 7, 15 July 2012 (2012-07-15) * |
| 黄影: "星载COTS计算机的体系结构设计", 《中国优秀硕士学位论文全文数据库 工程科技II集》, no. 5, 15 November 2007 (2007-11-15) * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104216846A (en) * | 2014-08-12 | 2014-12-17 | 西北工业大学 | Pico-satellite computer system based on quad-core microprocessor of android mobile phone |
| CN105320805A (en) * | 2015-08-21 | 2016-02-10 | 浙江大学 | Pico-satellite multi-source reliability information fusion method |
| CN105320805B (en) * | 2015-08-21 | 2018-06-19 | 浙江大学 | A kind of skin satellite multi-source reliability information fusion method |
| CN111736453A (en) * | 2020-06-18 | 2020-10-02 | 西安微电子技术研究所 | Method and circuit structure for controlling abnormal instruction output |
| CN111736453B (en) * | 2020-06-18 | 2023-06-06 | 西安微电子技术研究所 | Method and circuit structure for controlling abnormal instruction output |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103440184B (en) | 2016-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102053882B (en) | Heterogeneous satellite-borne fault-tolerant computer based on COTS (Commercial Off The Shelf) device | |
| CN102331786B (en) | Dual-computer cold-standby system of attitude and orbit control computer | |
| CN101833536B (en) | Reconfigurable on-board computer of redundancy arbitration mechanism | |
| CN111352338B (en) | Dual-redundancy flight control computer and redundancy management method | |
| CN103389914B (en) | Based on the spaceborne triple-modular redundancy system of Clock Synchronization Technology | |
| CN102521059B (en) | On-board data management system self fault-tolerance method | |
| US20200210304A1 (en) | Server power consumption management method and device | |
| CN102402220B (en) | Load sharing fault tolerant flight control system and fault detection method | |
| CN103853622A (en) | Control method of dual redundancies capable of being backed up mutually | |
| CN102650962A (en) | Soft core fault-tolerant spaceborne computer based on FPGA (Field Programmable Gata Array) | |
| CN201252572Y (en) | Device for reducing sensor node dormancy power consumption | |
| CN108228391B (en) | LockStep processor and management method | |
| CN104050061A (en) | Multi-main-control-panel redundant backup system based on PCIe bus | |
| CN105279049A (en) | Method for designing triple-modular redundancy type fault-tolerant computer IP core with fault spontaneous restoration function | |
| CN102521066A (en) | On-board computer space environment event fault tolerance method | |
| CN104025066A (en) | Heterogeneous memory die stacking for energy efficient computing | |
| CN103440184A (en) | Method for space-borne computer state rollback warm backup of pico-satellite | |
| CN108259227A (en) | A kind of method of data synchronization of two-node cluster hot backup interlock system | |
| CN102508746A (en) | Management method for triple configurable fault-tolerant computer system | |
| CN111737038A (en) | Control method based on small satellite double-machine system cutter | |
| CN104915271A (en) | Method for redundancy of multi-screen display function of display-control console | |
| CN102708012B (en) | Parallel-processing dual fault-tolerant on-satellite processing system | |
| CN103823708A (en) | Virtual machine read-write request processing method and device | |
| CN204406385U (en) | The management devices of computer system | |
| CN105471652A (en) | Big data all-in-one machine and redundancy management unit thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |