CN103612650A - Method for simplifying rail transit train operation control system - Google Patents
Method for simplifying rail transit train operation control system Download PDFInfo
- Publication number
- CN103612650A CN103612650A CN201310603679.9A CN201310603679A CN103612650A CN 103612650 A CN103612650 A CN 103612650A CN 201310603679 A CN201310603679 A CN 201310603679A CN 103612650 A CN103612650 A CN 103612650A
- Authority
- CN
- China
- Prior art keywords
- output
- operation control
- input
- train operation
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012545 processing Methods 0.000 claims abstract description 64
- 230000006870 function Effects 0.000 claims abstract description 60
- 238000003745 diagnosis Methods 0.000 claims abstract description 27
- 238000013461 design Methods 0.000 claims abstract description 24
- 230000009977 dual effect Effects 0.000 claims abstract description 7
- 238000007726 management method Methods 0.000 claims description 95
- 238000004891 communication Methods 0.000 claims description 65
- 230000002093 peripheral effect Effects 0.000 claims description 37
- 230000015654 memory Effects 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 claims description 10
- 230000008901 benefit Effects 0.000 claims description 5
- 238000010295 mobile communication Methods 0.000 claims description 3
- 230000033228 biological regulation Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 claims description 2
- 101100489867 Mus musculus Got2 gene Proteins 0.000 claims 2
- PLAIAIKZKCZEQF-UHFFFAOYSA-N methyl 6-chloro-2-oxo-3h-1,2$l^{4},3-benzodithiazole-4-carboxylate Chemical compound COC(=O)C1=CC(Cl)=CC2=C1NS(=O)S2 PLAIAIKZKCZEQF-UHFFFAOYSA-N 0.000 claims 2
- 238000007789 sealing Methods 0.000 claims 1
- 238000004088 simulation Methods 0.000 claims 1
- 238000011161 development Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 16
- 238000005259 measurement Methods 0.000 description 9
- 238000012905 input function Methods 0.000 description 8
- 238000013500 data storage Methods 0.000 description 5
- 230000010365 information processing Effects 0.000 description 5
- 208000032365 Electromagnetic interference Diseases 0.000 description 4
- 125000004122 cyclic group Chemical group 0.000 description 4
- 230000009258 tissue cross reactivity Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000004069 differentiation Effects 0.000 description 2
- 108091008874 T cell receptors Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Train Traffic Observation, Control, And Security (AREA)
Abstract
本发明公开了属于轨道交通控制技术领域的一种简化轨道交通列车运行控制系统的方法。该方法具体为:1)改进通用安全计算机平台设计方法;2)简化轨道交通列车运行控制系统的车载应用或地面应用。设计的通用安全计算机平台基于硬件/软件差异性设计原则、分级诊断原则实现,软件方面基于双重确定性原则支持同时实现多个应用控制逻辑的功能。该方法设计的通用安全计算机平台逻辑处理层能够同时支持多个传统轨道交通运控逻辑处理功能,减少了传统轨道交通列车运行控制系统设备数量,提高了运控系统可靠性;该方法设计的通用安全计算机平台可移植到不同要求的轨道交通列车运控系统,减少了开发和安全评估工作量,降低了开发和安全评估成本。
The invention discloses a method for simplifying a rail traffic train operation control system and belongs to the technical field of rail traffic control. The method specifically includes: 1) improving the design method of the general safety computer platform; 2) simplifying the on-vehicle application or ground application of the rail transit train operation control system. The designed universal secure computer platform is based on the principle of hardware/software difference design and the principle of hierarchical diagnosis. The software supports the simultaneous realization of multiple application control logic functions based on the principle of dual certainty. The logic processing layer of the general security computer platform designed by this method can support multiple traditional rail transit operation control logic processing functions at the same time, which reduces the number of equipment in the traditional rail transit train operation control system and improves the reliability of the operation control system; The safety computer platform can be transplanted to rail transit train operation control systems with different requirements, which reduces the workload of development and safety assessment, and reduces the cost of development and safety assessment.
Description
技术领域technical field
本发明属于轨道交通控制技术领域,特别设计一种简化轨道交通列车运行控制系统的方法。The invention belongs to the technical field of rail traffic control, and particularly designs a method for simplifying a rail traffic train operation control system.
背景技术Background technique
轨道交通系统主要包括铁路和城市轨道交通(以下简称城轨)。近年来,新的轨道交通列车运行控制系统,如应用于铁路的中国列车运行控制系统(Chinese Train Control System,CTCS)以及应用于城轨的基于通信的列车运行控制系统(Communication Based TrainControl System,CBTC)应运而生,为铁路高速化和城轨高密度化、低间隔化提供了坚实的技术基础和安全基础。The rail transit system mainly includes railways and urban rail transit (hereinafter referred to as urban rail). In recent years, new rail transit train operation control systems, such as the Chinese Train Control System (CTCS) applied to railways and the Communication Based Train Control System (CBTC) applied to urban rail ) emerged as the times require, providing a solid technical foundation and safety foundation for high-speed railways and high-density and low-interval urban rails.
通过分析目前的CTCS和CBTC系统结构,不难发现这些系统都是沿用传统信号设备设计的思路,对于不同运行控制功能采用不同的子系统,基于叠加式原则实现整个系统。By analyzing the current CTCS and CBTC system structures, it is not difficult to find that these systems follow the idea of traditional signal equipment design, adopt different subsystems for different operation control functions, and realize the entire system based on the principle of superposition.
例如:CTCS-2级地面系统包括计算机联锁CBI、列车运行控制中心TCC以及受控于其的轨道电路、轨旁电子单元LEU(含有源应答器)等,如图1所示;CTCS-2级车载系统包括车载安全计算机VC(含测速测距功能)、应答器信息接收模块BTM、轨道电路信息接收单元TCR、人机操作界面DMI等,如图2所示。For example: CTCS-2 ground system includes computer interlocking CBI, train operation control center TCC, track circuit controlled by it, trackside electronic unit LEU (including active transponder), etc., as shown in Figure 1; CTCS-2 The on-board system includes on-board safety computer VC (including speed and distance measurement function), transponder information receiving module BTM, track circuit information receiving unit TCR, man-machine interface DMI, etc., as shown in Figure 2.
CTCS-3级地面系统包括无线闭塞中心RBC以及与之连接的GSM-R地面设备、临时限速服务器TSRS、计算机联锁CBI、列车运行控制中心TCC以及受控于其的轨道电路、轨旁电子单元LEU(含有源应答器)等,如图3所示;CTCS-3级车载系统包括C3车载ATP主机、C2车载ATP主机、测速智能元SDU、应答器信息接收模块BTM、轨道电路信息接收单元TCR、人机操作界面DMI、GSM-R车载设备等,如图4所示,图4中3车载ATP主机、C2车载ATP主机、测速智能元SDU、应答器信息接收模块BTM有2套,以双套冷备方式运用。The CTCS-3 level ground system includes the radio block center RBC and the GSM-R ground equipment connected to it, the temporary speed limit server TSRS, the computer interlocking CBI, the train operation control center TCC and the track circuit controlled by it, the trackside electronic Unit LEU (including active transponder), etc., as shown in Figure 3; CTCS-3 vehicle-mounted system includes C3 vehicle-mounted ATP host, C2 vehicle-mounted ATP host, speed measurement intelligent unit SDU, transponder information receiving module BTM, track circuit information receiving unit TCR, man-machine interface DMI, GSM-R vehicle-mounted equipment, etc., as shown in Figure 4, in Figure 4, there are 2 sets of 3 vehicle-mounted ATP hosts, C2 vehicle-mounted ATP hosts, speed measurement intelligent unit SDU, and transponder information receiving module BTM. Two sets of cold standby mode is used.
典型的CBTC地面系统包括区域控制器ZC、数据存储单元DSU、计算机联锁CBI以及受控于其的计轴设备、轨旁电子单元LEU(含有源应答器)等,如图5所示;典型的CBTC车载系统包括车载ATP控制器VOBC(含测速测距功能)、车载ATO控制器、应答器信息接收模块BTM、人机操作界面DMI、无线车载设备MR等,如图6所示。A typical CBTC ground system includes zone controller ZC, data storage unit DSU, computer interlocking CBI, axle counting equipment controlled by it, wayside electronic unit LEU (including active transponder), etc., as shown in Fig. 5; typical The CBTC vehicle-mounted system includes vehicle-mounted ATP controller VOBC (including speed and distance measurement function), vehicle-mounted ATO controller, transponder information receiving module BTM, man-machine interface DMI, wireless vehicle-mounted equipment MR, etc., as shown in Figure 6.
按照上述方式实现轨道交通列车运行控制系统最大的好处是各子系统之间界限分明,能够尽最大可能不修改或最小修改原有子系统,减少因此所带来的研发、测试、确认、验证和安全评估等的工作量,降低出现错误的可能。The biggest advantage of implementing the rail transit train operation control system in the above way is that the boundaries between the subsystems are clear, and the original subsystems can be modified as much as possible without or with minimal modification, reducing the resulting research and development, testing, confirmation, verification and Reduce the workload of security assessment, etc., and reduce the possibility of errors.
但是按照上述方式实现轨道交通列车运行控制系统的缺点也是显而易见的。首先,这样做会造成列车运行控制系统含有很多子系统,结构复杂,设备数量多,而根据可靠性的基本原理,系统结构越复杂,设备数量越多,其系统MTBF越低。即使整个系统符合相关安全标准,达到相应的安全完整性等级(SIL)要求,由于系统MTBF低,会比较频繁地出现故障而导致系统恢复时间变长,不仅降低系统运行效率,而且还容易诱发其它重大事故,近年来轨道交通重大事故很多都是设备故障期间出现的就充分证明了这一点。But the shortcoming that realizes rail transit train operation control system in the above-mentioned way is also obvious. First of all, doing so will cause the train operation control system to contain many subsystems with a complex structure and a large number of devices. According to the basic principle of reliability, the more complex the system structure and the more devices, the lower the system MTBF. Even if the entire system complies with the relevant safety standards and meets the corresponding safety integrity level (SIL) requirements, due to the low MTBF of the system, failures will occur more frequently and the system recovery time will be longer, which not only reduces the operating efficiency of the system, but also easily induces other problems. Major accidents, in recent years, many major rail transit accidents occurred during equipment failures, which fully proves this point.
其次,由于存在许多子系统,子系统之间的相互协调(通过通信)会占用各子系统大量的软件资源,同时又因存在电磁干扰,子系统之间的可靠、安全数据通信还需要占用额外的软件、硬件资源。Secondly, due to the existence of many subsystems, the mutual coordination (through communication) between the subsystems will occupy a large amount of software resources of each subsystem. software and hardware resources.
最后,设备越多,所带来的空间占用、能耗大、散热等问题越难于处理,尤其是车载设备这些问题更为突出。Finally, the more equipment there is, the more difficult it is to deal with problems such as space occupation, high energy consumption, and heat dissipation, especially for vehicle-mounted equipment.
因此,非常有必要研究简化轨道交通列车运行控制系统结构减少设备数量的方法。Therefore, it is very necessary to study the method of simplifying the structure of rail transit train operation control system and reducing the number of equipment.
近年来计算机软硬件技术飞速发展。CPU越来越朝着多核化、低功耗化、支持虚拟化等方向发展,其综合处理能力越来越强,以前需要多个CPU处理的功能现在由单个CPU完成已经成为现实。同时内存、磁盘、网络等技术的飞速发展,也使得计算机的处理速度和处理能力也愈来愈强,这些使得本发明得以实施。In recent years, computer hardware and software technology has developed rapidly. CPUs are increasingly developing towards multi-core, low power consumption, and support for virtualization, etc., and their comprehensive processing capabilities are getting stronger and stronger. Functions that previously required multiple CPUs to be processed are now completed by a single CPU. Simultaneously, the rapid development of technologies such as memory, disk, and network also makes the processing speed and processing capability of computers stronger and stronger, and these enable the present invention to be implemented.
发明内容Contents of the invention
针对上述现有技术存在的缺点,本发明提出一种简化轨道交通列车运行控制系统的方法,其特征在于,该方法是基于通用安全计算机平台设计简化轨道交通列车运行控制系统,具体步骤为:1)改进通用安全计算机平台设计方法;2)简化轨道交通列车运行控制系统的车载应用或地面应用。For the shortcoming that above-mentioned prior art exists, the present invention proposes a kind of method that simplifies rail traffic train operation control system, it is characterized in that, this method is to simplify rail traffic train operation control system based on general safety computer platform design, concrete steps are: 1 ) Improve the design method of the general security computer platform; 2) Simplify the vehicle application or ground application of the rail transit train operation control system.
所述步骤1)中该通用安全计算机平台基于硬件/软件差异性设计原则、分级诊断原则实现,软件基于双重确定性原则,支持同时实现多个应用控制逻辑功能。In the step 1), the universal secure computer platform is implemented based on the principle of hardware/software differentiation and hierarchical diagnosis, and the software is based on the principle of dual certainty, supporting the simultaneous realization of multiple application control logic functions.
所述通用安全计算机平台使用2乘2取2结构,主要包括逻辑处理层、外部设备管理层、容错和安全管理层三个部分。The general secure computer platform uses a 2 by 2 out of 2 structure, and mainly includes three parts: a logic processing layer, an external device management layer, a fault-tolerant and a security management layer.
所述逻辑处理层由2组共4个逻辑处理单元LPU构成,每2个LPU构成1组2取2结构的一系,一系的2个LPU符合硬件/软件差异性设计原则,两系构成2乘2取2结构;该逻辑处理层提供符合2乘2取2机制的高安全、高可靠和高性能运算处理能力,以支持多个传统轨道交通列车运行控制逻辑功能的实现。The logical processing layer is composed of 2 groups of 4 logic processing units LPU in total, and each 2 LPUs constitute a group of 2-out-of-2 structure. 2 by 2 out of 2 structure; the logic processing layer provides high security, high reliability and high-performance computing processing capabilities in line with the 2 by 2 out of 2 mechanism to support the realization of multiple traditional rail transit train operation control logic functions.
所述外部设备管理层由2组共4个外部设备管理单元PMU构成,每2个PMU构成1组2取2结构的一系,一系的2个PMU的选择符合硬件/软件差异性设计原则,两系构成热备2取2冗余结构或并行2取2冗余结构,优选并行2取2冗余结构;The external equipment management layer is composed of 2 groups of 4 external equipment management units PMU, each 2 PMUs constitute a series of 2 out of 2 structure, and the selection of the 2 PMUs of a series conforms to the hardware/software difference design principle , the two systems constitute a hot-standby 2-out-2 redundant structure or a parallel 2-out-2 redundant structure, preferably a parallel 2-out 2 redundant structure;
该外部设备管理层提供:(1)通用数字量、模拟量、脉冲量的输入或通用数字量、模拟量的输出能力;(2)针对轨道电路、LEU、BTM、TCR应用的、基于DSP或FPGA实现的智能输入或智能输出能力;(3)轨道交通列车运行控制系统使用的各种外部通信,包括:使用RS-232、RS-485、RS-422接口的异步串行通信;现场总线通信:CAN、Profibus;列车通信网络TCN标准MVB通信;以太网通信;车地移动通信:GSM-R、无线局域网WLAN。The external device management layer provides: (1) general digital, analog, pulse input or general digital, analog output capabilities; (2) for track circuit, LEU, BTM, TCR applications, based on DSP or Intelligent input or output capability realized by FPGA; (3) Various external communications used by rail transit train operation control system, including: asynchronous serial communication using RS-232, RS-485, RS-422 interfaces; field bus communication : CAN, Profibus; train communication network TCN standard MVB communication; Ethernet communication; vehicle-ground mobile communication: GSM-R, wireless local area network WLAN.
所述外部设备管理层并行2取2冗余结构两系中的任一系中,每种通用数字量、模拟量、脉冲量输入信号以及DSP或FPGA智能输入信号的每一路都是2路同时输入,经过异构的2个PMU基于2取2逻辑处理后送给逻辑处理层的4个LPU。In any one of the two systems of the two systems of the parallel 2-out-2 redundant structure of the management layer of the external device, each of the general-purpose digital, analog, and pulse input signals and each of the DSP or FPGA intelligent input signals are 2 simultaneous The input is sent to the four LPUs of the logical processing layer after being processed by two heterogeneous PMUs based on 2-out-2 logic.
所述外部设备管理层并行2取2冗余结构两系中的任一系中,每种通用数字量输出信号的每一路都是2路同时输出,2取2表决后再与另一系构成并行冗余输出,其反馈信号同时送给外部设备管理层并行冗余两系中的4个PMU以保证输出安全;In any one of the two systems in the parallel 2-out-of-2 redundant structure of the management layer of the external equipment, each channel of each general-purpose digital output signal is 2 channels of simultaneous output, and is formed with another system after 2-out of 2 voting Parallel redundant output, its feedback signal is sent to the four PMUs in the parallel redundant system of the external equipment management layer at the same time to ensure output safety;
针对通用模拟量输出信号以及DSP或FPGA智能输出信号的普遍需求,所述外部设备管理层热备2取2冗余结构的两系中的主系,采用1个PMU输出模拟量以及DSP或FPGA的智能输出信号,异构的另1个PMU对该输出信号监督以保证输出安全;外部设备管理层热备2取2冗余结构的两系中的备系,异构的2个PMU均不输出模拟量以及DSP或FPGA的智能输出信号,只监督主系的输出信号,一旦主系输出信号异常则接替其输出而变为主系。In view of the common demand for general analog output signals and DSP or FPGA intelligent output signals, the main system of the two systems of the two systems of the external device management layer is hot standby 2 out of 2 redundant structures, and one PMU is used to output analog values and DSP or FPGA The intelligent output signal of the heterogeneous PMU is supervised by the other PMU to ensure the output safety; the external device management layer hot standby 2 takes the backup system of the two redundant systems, and the two heterogeneous PMUs are not Output analog and intelligent output signals of DSP or FPGA, only monitor the output signal of the main system, once the output signal of the main system is abnormal, it will take over its output and become the main system.
针对外部通信冗余方式的普遍需求,所述外部设备管理层并行2取2冗余结构两系中的任一系中,每种外部通信冗余的一路输入采用1个PMU输入、另1个异构的PMU直接输入或监听输入的方式,异构的2个PMU基于2取2逻辑处理后送给逻辑处理层的4个LPU,另外一系输入该外部通信冗余的另一路输入;Aiming at the common requirement of external communication redundancy mode, in any of the two systems in the parallel 2-out-2 redundant structure of the management layer of the external equipment, one input of each external communication redundancy adopts one PMU input and the other one Heterogeneous PMU direct input or monitor input mode, two heterogeneous PMUs are processed based on 2 out of 2 logic and then sent to 4 LPUs in the logic processing layer, and the other input is another input of the external communication redundancy;
每种外部通信冗余的一路输出采用1个PMU输出,异构的另1个PMU对该外部通信输出直接输入或监听输入监督以保证输出安全,另外一系输出该外部通信冗余的另一路输出并对该外部通信输出予以监督以保证输出安全。One PMU output is used for one output of each external communication redundancy, and another heterogeneous PMU directly inputs or monitors the input supervision of the external communication output to ensure output safety, and the other one outputs the other output of the external communication redundancy output and supervise the external communication output to ensure output safety.
人机操作界面DMI通过冗余外部以太网或冗余外部异步串行通信总线接入外部设备管理层。The man-machine operation interface DMI is connected to the management layer of external equipment through redundant external Ethernet or redundant external asynchronous serial communication bus.
所述容错和安全管理层由2个或多个容错和安全管理单元FTSMU构成,优选2个FTSMU的方案,2个FTSMU的实现符合硬件/软件差异性设计原则;容错和安全管理层与逻辑处理层相互配合完成2乘2取2机制,与外部设备管理层相互配合完成热备2取2冗余机制或并行2取2冗余机制。The fault-tolerant and safety management layer is composed of 2 or more fault-tolerant and safety management units FTSMU, preferably the scheme of 2 FTSMUs, the realization of 2 FTSMUs conforms to the hardware/software difference design principle; the fault-tolerant and safety management layer and logic processing Layers cooperate with each other to complete the 2 by 2 out of 2 mechanism, and cooperate with the external device management layer to complete the hot standby 2 out of 2 redundancy mechanism or parallel 2 out of 2 redundancy mechanism.
所述逻辑处理层的4个逻辑处理单元LPU、外部设备管理层的4个外部设备管理单元PMU、容错和安全管理层的2个或多个容错和安全管理单元FTSMU之间通过冗余的安全通信内网VCIN,基于EN50159规定的第1类封闭传输系统安全通信协议相互通信。4 logical processing units LPU of the logical processing layer, 4 external equipment management units PMU of the external equipment management layer, 2 or more fault tolerance and security management units FTSMU of the fault tolerance and security management layer through redundant security The communication intranet VCIN communicates with each other based on the safety communication protocol of the first type of closed transmission system stipulated in EN50159.
所述逻辑处理层的4个逻辑处理单元LPU、外部设备管理层的4个外部设备管理单元PMU、容错和安全管理层的2个或多个容错和安全管理单元FTSMU之上运行的软件,支持同时实现多个应用控制逻辑。The software running on 4 logical processing units LPU of the logical processing layer, 4 external equipment management units PMU of the external equipment management layer, and 2 or more fault-tolerant and security management units FTSMU of the fault-tolerant and security management layer, supports Simultaneously implement multiple application control logic.
所述硬件/软件差异性设计原则为硬件上选择不同处理器架构,软件上选择不同的操作系统、不同的编译器或不同的编程语言。The hardware/software difference design principle is to choose different processor architectures for hardware, and choose different operating systems, different compilers or different programming languages for software.
所述分级诊断原则为:The principles of grading diagnosis are as follows:
(1)所有输入通道通过读取特定数值的输入量来进行诊断,输入诊断由处理器发起;诊断周期固定,优选与处理器控制周期相同,在处理器控制周期内的特定时段内完成;(1) All input channels are diagnosed by reading the input of a specific value, and the input diagnosis is initiated by the processor; the diagnosis period is fixed, preferably the same as the processor control period, and is completed within a specific period of time within the processor control period;
(2)2取2结构的输入通道在每个处理器控制周期内进行输入量的2取2比较,数字输入量不一致或模拟输入量、脉冲输入量偏差超出预定范围,则该输入量的2组输入通道出现问题,不再认可该系的此输入量;(2) The input channel of 2 out of 2 structure performs a 2 out of 2 comparison of the input value in each processor control cycle. If the digital input value is inconsistent or the deviation of the analog input value and the pulse input value exceeds the predetermined range, the 2 There is a problem with the input channel of the group, and the input volume of the department is no longer recognized;
(3)所有输出通道通过对特定数值的输出量进行反馈来完成诊断,输出诊断由特定信号应用发起,处理器控制,在特定的时段内完成;(3) All output channels complete the diagnosis by feedbacking the output of a specific value. The output diagnosis is initiated by a specific signal application, controlled by the processor, and completed within a specific period of time;
(4)输出通道在每个处理器控制周期内进行输出反馈,并与实际输出值比较,数字输出量一旦不一致或模拟输出量、脉冲输出量偏差超出预定范围,则该输出通道出现问题,其对应的2取2结构的该系的此输出应导向安全;(4) The output channel performs output feedback in each processor control cycle and compares it with the actual output value. Once the digital output is inconsistent or the deviation of the analog output and pulse output exceeds the predetermined range, there is a problem with the output channel, and other This output of the system of the corresponding 2 out of 2 structure should lead to safety;
(5)处理器及与其相关的存储器和其它外设的诊断,在2取2结构的2组差异性硬件与软件配合和第三方FTSMU的监督下,异步完成相同的确定性工作并在处理器每个控制周期内的特定时段内各自独立完成执行结果的相互比较,只有完全一致诊断结果才会判定正常;(5) The diagnosis of the processor and its related memory and other peripherals, under the supervision of the third-party FTSMU, complete the same deterministic work asynchronously and in the processor The mutual comparison of the execution results is independently completed within a specific period of time in each control cycle, and only when the diagnostic results are completely consistent can it be judged normal;
(6)通用安全计算机平台初始上电时刻,处理器完成对其自身及与其相关的存储器和各种输入、输出以及其它外设的扫描诊断。(6) At the moment when the universal secure computer platform is initially powered on, the processor completes the scan diagnosis of itself and its related memory, various inputs, outputs and other peripherals.
所述双重确定性原则分别指基于固定分配的循环执行策略和基于固定分配的内存保护策略;基于固定分配的循环执行策略以保证所支持的多个控制逻辑的执行时间确定性;基于固定分配的内存保护策略以保证所支持的多个控制逻辑的数据存储空间确定性。The dual deterministic principle respectively refers to the cyclic execution strategy based on fixed allocation and the memory protection strategy based on fixed allocation; the cyclic execution strategy based on fixed allocation ensures the execution time determinism of multiple control logics supported; the fixed allocation-based Memory protection strategy to ensure the data storage space determinism of multiple control logics supported.
对于轨道交通列车运控地面系统,基于分布式处理原则,所述通用安全计算机平台分为核心主机型配置和远程外设型配置;For the rail transit train operation control ground system, based on the principle of distributed processing, the general security computer platform is divided into core host configuration and remote peripheral configuration;
核心主机型配置包括逻辑处理层、部分外部设备管理层、容错和安全管理层三个部分以及安全通信内网VCIN;其中的部分外部设备管理层只支持冗余外部以太网通信功能;The core host type configuration includes logical processing layer, part of external device management layer, fault tolerance and safety management layer, and safety communication intranet VCIN; part of the external device management layer only supports redundant external Ethernet communication function;
远程外设型配置包括外部设备管理层、容错和安全管理层两个部分以及安全通信内网VCIN。Remote peripheral configuration includes two parts: external device management layer, fault tolerance and safety management layer, and safety communication intranet VCIN.
所述步骤2)确定是车载应用还是地面应用:The step 2) determines whether it is a vehicle application or a ground application:
地面应用,划分现有地面列控设备的应用逻辑处理功能、输入输出功能、人机操作界面DMI功能,然后合并多个地面列控应用逻辑处理功能于核心主机型配置通用安全计算机平台,合并相同现场位置的不同地面列控输入输出功能于远程外设型配置通用安全计算机平台,根据现场情况设置多个远程外设型配置通用安全计算机平台,最后根据现场情况设置一个或多个人机操作界面DMI供地面列控使用;For ground applications, divide the application logic processing functions, input and output functions, and DMI functions of the existing ground train control equipment, and then merge multiple ground train control application logic processing functions into the core host type to configure a general-purpose secure computer platform, and merge the same The different ground train control input and output functions at the site position are configured with a general-purpose secure computer platform for the remote peripheral type, and multiple remote peripheral types are configured with a general-purpose secure computer platform according to the site conditions, and finally one or more man-machine operation interfaces (DMI) are set according to the site conditions For ground train control;
车载应用,划分现有车载列控设备的应用逻辑处理功能、输入输出功能、人机操作界面DMI功能,然后合并多个地面列控应用逻辑处理功能于通用安全计算机平台的逻辑处理层,合并车载列控输入输出功能于通用安全计算机平台外部设备管理层,根据现场情况设置司机人机操作界面DMI。On-vehicle application, divide the application logic processing function, input and output function, and man-machine interface DMI function of the existing on-board train control equipment, and then merge multiple ground train control application logic processing functions into the logic processing layer of the general security computer platform, and merge the on-board The train control input and output functions are in the external equipment management layer of the general safety computer platform, and the driver man-machine operation interface DMI is set according to the site conditions.
所述步骤2)中的轨道交通列车运行控制系统的车载应用或地面应用为CTCS-2级地面系统、CTCS-2级车载系统、CTCS-3级地面系统、CTCS-3级车载系统、CBTC地面系统、CBTC车载系统。The vehicle-mounted or ground-based applications of the rail transit train operation control system in step 2) are CTCS-2 level ground system, CTCS-2 level vehicle-mounted system, CTCS-3 level ground system, CTCS-3 level vehicle-mounted system, CBTC ground system system, CBTC vehicle system.
发明的有益效果:Beneficial effects of the invention:
(1)通过充分利用目前计算机强大软硬件处理能力,通用安全计算机平台逻辑处理层能够同时支持多个传统轨道交通运控逻辑处理功能,改变了传统运控制系统通过叠加不同功能子系统而实现的方式,减少了设备数量,提高了运控系统可靠性。(1) By making full use of the current computer's powerful software and hardware processing capabilities, the logic processing layer of the general security computer platform can support multiple traditional rail transit operation control logic processing functions at the same time, changing the traditional operation control system that is realized by superimposing different functional subsystems. The method reduces the number of equipment and improves the reliability of the operation and control system.
(2)对于轨道交通列车运控地面系统,基于分布式处理原则,将其分为核心主机部分和远程外设部分。远程外设尽量靠近现场控制对象,它们之间的硬连线尽可能缩短,减少了布线成本,降低了各种电磁干扰的引入,减少了故障点,提高了运用可靠性。(2) For the rail transit train operation control ground system, based on the principle of distributed processing, it is divided into the core host part and the remote peripheral part. The remote peripherals should be as close to the on-site control objects as possible, and the hard wiring between them should be shortened as much as possible, which reduces wiring costs, reduces the introduction of various electromagnetic interferences, reduces failure points, and improves operational reliability.
(3)通用安全计算机平台具备不同配置方式,可移植到不同要求的轨道交通列车运控系统,减少了开发和安全评估工作量,降低了开发和安全评估成本。(3) The universal security computer platform has different configuration methods and can be transplanted to rail transit train operation control systems with different requirements, which reduces the workload of development and safety assessment, and reduces the cost of development and safety assessment.
(4)基于通用安全计算机平台的轨道交通列车运控系统结构不仅适用于简化目前的轨道交通列车运控系统,还可适用于下一代轨道交通列车运控系统的实现。(4) The rail transit train operation control system structure based on the general security computer platform is not only suitable for simplifying the current rail transit train operation control system, but also suitable for the realization of the next generation rail transit train operation control system.
附图说明Description of drawings
图1为典型CTCS-2级地面系统结构图;Figure 1 is a typical CTCS-2 ground system structure diagram;
图2为典型CTCS-2级车载系统结构图;Figure 2 is a typical CTCS-2 vehicle system structure diagram;
图3为典型CTCS-3级地面系统结构图;Figure 3 is a typical CTCS-3 ground system structure diagram;
图4为典型CTCS-3级车载系统结构图;Figure 4 is a typical CTCS-3 vehicle system structure diagram;
图5为典型的CBTC地面系统结构图;Figure 5 is a typical CBTC ground system structure diagram;
图6为典型的CBTC车载系统结构图;Fig. 6 is a typical CBTC vehicle-mounted system structure diagram;
图7为本发明提出的简化轨道交通列车运行控制系统的方法的流程图;Fig. 7 is the flow chart of the method for the simplified rail transit train operation control system that the present invention proposes;
图8为2乘2取2结构的通用安全计算机平台结构组成;Fig. 8 is that 2 is multiplied by 2 and gets 2 structure and is made up of the general security computer platform structure;
图9为通用安全计算机平台外部设备管理层输入处理原理框图;Fig. 9 is a functional block diagram of the input processing principle of the external equipment management layer of the universal security computer platform;
图10为通用安全计算机平台外部设备管理层通用数字输出处理原理框图;Fig. 10 is a block diagram of the general digital output processing principle of the external equipment management layer of the general security computer platform;
图11为通用安全计算机平台外部设备管理层通用模拟量输出和智能输出处理原理框图;Fig. 11 is a block diagram of general analog quantity output and intelligent output processing of the external equipment management layer of the general security computer platform;
图12为通用安全计算机平台外部设备管理层冗余外部通信处理原理框图;Fig. 12 is a functional block diagram of redundant external communication processing of the external equipment management layer of the general security computer platform;
图13为通用安全计算机平台软件支持多个应用控制逻辑;Fig. 13 supports multiple application control logics for the general security computer platform software;
图14为通用安全计算机平台软件双重确定性原则的实现;Fig. 14 is the realization of the principle of double certainty of general safety computer platform software;
图15为核心主机型配置下的通用安全计算机平台;Fig. 15 is the universal security computer platform under the configuration of the core mainframe;
图16为远程外设型配置下的通用安全计算机平台;Fig. 16 is the universal secure computer platform under the configuration of remote peripheral device;
图17为基于通用安全计算机平台简化的CTCS-2级地面系统原理框图;Figure 17 is a schematic block diagram of a simplified CTCS-2 ground system based on a general-purpose security computer platform;
图18为基于通用安全计算机平台简化的CTCS-2级车载系统原理框图;Figure 18 is a schematic block diagram of a simplified CTCS-2 vehicle-mounted system based on a general-purpose security computer platform;
图19为基于通用安全计算机平台简化的CTCS-3级地面系统原理框图;Figure 19 is a schematic block diagram of a simplified CTCS-3 level ground system based on a general-purpose security computer platform;
图20为基于通用安全计算机平台简化的CTCS-3级车载系统原理框图;Figure 20 is a schematic block diagram of a simplified CTCS-3 vehicle system based on a general-purpose security computer platform;
图21为基于通用安全计算机平台简化的CBTC地面系统原理框图;图22为基于通用安全计算机平台简化的CBTC车载系统原理框图。Figure 21 is a simplified schematic block diagram of the CBTC ground system based on a general secure computer platform; Figure 22 is a simplified schematic block diagram of a CBTC vehicle-mounted system based on a general secure computer platform.
具体实施方式Detailed ways
下面结合附图对该发明提出的方法作进一步的说明。The method proposed by the invention will be further described below in conjunction with the accompanying drawings.
本发明基于通用安全计算机平台设计简化轨道交通列车运行控制系统,如图7所示为本发明提出的简化轨道交通列车运行控制系统的方法的流程图。该方法是基于通用安全计算机平台设计简化轨道交通列车运行控制系统,首先改进通用安全计算机平台设计方法;然后简化轨道交通列车运行控制系统的车载应用或地面应用。The present invention simplifies the rail transit train operation control system based on a general-purpose security computer platform design, as shown in FIG. The method is to design and simplify the rail transit train operation control system based on the general safety computer platform, firstly improve the design method of the general safety computer platform; and then simplify the vehicle application or ground application of the rail transit train operation control system.
本发明改进了中国发明专利CN201010235370.5和CN201010241067.6给出的安全计算机平台设计方法。具体而言,本发明所使用的通用安全计算机平台基于硬件/软件差异性设计原则、分级诊断原则实现,其软件基于双重确定性原则,支持同时实现多个应用控制逻辑功能。The present invention improves the safe computer platform design method provided by Chinese invention patents CN201010235370.5 and CN201010241067.6. Specifically, the universal secure computer platform used in the present invention is implemented based on the principle of hardware/software differentiation and hierarchical diagnosis, and its software is based on the principle of dual certainty, supporting the simultaneous realization of multiple application control logic functions.
硬件/软件差异性设计原则主要针对目前安全计算机平台设计普遍采用的相同硬件架构和相同操作系统、编译器或编程语言实现冗余安全比较架构所带来的共因失效导致危险问题,通过硬件上选择不同处理器架构,同时选择不同的操作系统、不同的编译器或不同的编程语言来实现,能够进一步降低共因失效。例如硬件上选择不同的X86架构、PowerPC架构、ARM架构等,选择不同品牌的操作系统及其开发环境。The hardware/software difference design principle is mainly aimed at the common cause failure caused by the common cause failure caused by the same hardware architecture and the same operating system, compiler or programming language commonly used in the current security computer platform design. Choosing different processor architectures, and at the same time choosing different operating systems, different compilers, or different programming languages for implementation can further reduce common cause failures. For example, choose different X86 architecture, PowerPC architecture, ARM architecture, etc. on the hardware, and choose different brands of operating systems and their development environments.
考虑目前轨道交通列车运行控制系统的实际应用情况和相关规定,推荐通用安全计算机平台使用2乘2取2结构(注:在此2取2乘2与2乘2取2含义相同)。Considering the actual application and relevant regulations of the current rail transit train operation control system, it is recommended that the general security computer platform use a 2 by 2 out of 2 structure (note: here 2 out of 2 by 2 and 2 out of 2 have the same meaning).
2乘2取2结构的通用安全计算机平台主要包括逻辑处理层、外部设备管理层、容错和安全管理层三个部分,如图8所示。The general secure computer platform with 2x2 structure mainly includes three parts: logical processing layer, external equipment management layer, fault tolerance and security management layer, as shown in Figure 8.
其中,逻辑处理层由2组共4个逻辑处理单元LPU构成,每2个LPU构成1组2取2结构的一系,两系构成2乘2取2结构。每一系的2个LPU的选择应符合硬件/软件差异性(异构)设计原则,例如1个基于X86架构,另1个基于PowerPC架构,同时选择不同的操作系统、不同的编译器或不同的编程语言。Among them, the logical processing layer is composed of 2 groups of 4 logical processing units LPU, each 2 LPUs constitute a group of 2 out of 2 structure, and the two systems form a 2 by 2 out of 2 structure. The selection of 2 LPUs for each series should conform to the hardware/software difference (heterogeneous) design principle, for example, one is based on the X86 architecture and the other is based on the PowerPC architecture, and at the same time choose different operating systems, different compilers or different programming language.
逻辑处理层提供符合2乘2取2机制的高安全、高可靠和高性能运算处理能力,以支持多个轨道交通列车运行控制逻辑功能的实现。The logic processing layer provides high-safety, high-reliability and high-performance computing processing capabilities in line with the 2 by 2 take-2 mechanism to support the realization of multiple rail transit train operation control logic functions.
外部设备管理层由2组共4个外部设备管理单元PMU构成,每2个PMU构成1组2取2结构的一系,两系构成热备(2乘)2取2冗余结构或并行2取2冗余结构,优选并行冗余结构。每一系的2个PMU的选择也应符合硬件/软件差异性(异构)设计原则,例如1个基于X86架构,另1个基于PowerPC架构,同时选择不同的操作系统、不同的编译器或不同的编程语言。The external equipment management layer consists of 2 groups of 4 external equipment management units PMU, each 2 PMUs constitute a group of 2 out of 2 structure, and the two systems form a hot standby (2 times) 2 out of 2 redundant structure or parallel 2 Take 2 redundant structures, preferably parallel redundant structures. The selection of 2 PMUs in each series should also conform to the hardware/software difference (heterogeneous) design principle, for example, one is based on the X86 architecture and the other is based on the PowerPC architecture, and at the same time choose different operating systems, different compilers or different programming languages.
外部设备管理层提供:The external device management layer provides:
(1)通用数字量、模拟量、脉冲量的输入或通用数字量、模拟量的输出能力;(1) General digital, analog, pulse input or general digital, analog output capability;
(2)针对轨道电路、LEU、BTM、TCR等特殊应用的、需要基于DSP或FPGA实现的智能输入或智能输出能力;(2) For special applications such as track circuits, LEUs, BTMs, and TCRs, intelligent input or output capabilities that need to be realized based on DSP or FPGA;
(3)轨道交通列车运行控制系统使用的各种外部通信,包括:使用RS-232、RS-485、RS-422接口的异步串行通信;现场总线通信:CAN、Profibus;列车通信网络TCN标准MVB通信;以太网通信;车地移动通信:GSM-R、无线局域网WLAN。(3) Various external communications used by rail transit train operation control systems, including: asynchronous serial communications using RS-232, RS-485, and RS-422 interfaces; fieldbus communications: CAN, Profibus; train communication network TCN standard MVB communication; Ethernet communication; vehicle-ground mobile communication: GSM-R, wireless local area network WLAN.
外部设备管理层并行冗余两系中的任一系中,每种通用数字量、模拟量、脉冲量输入信号以及基于DSP或FPGA的智能输入信号的每一路都是2路同时输入,经过异构的2个PMU基于2取2逻辑处理后送给逻辑处理层的4个LPU,如图9所示。In any of the two systems of parallel redundancy of the external equipment management layer, each of the general digital, analog, and pulse input signals and each of the DSP or FPGA-based intelligent input signals is 2 simultaneous inputs, after different The two PMUs in the structure are processed based on the 2-out-2 logic and then sent to the 4 LPUs in the logic processing layer, as shown in Figure 9.
外部设备管理层并行冗余两系中的任一系中,每种通用数字量输出信号的每一路都是2路同时输出,2取2表决后再与另一系构成并行冗余输出,其反馈信号同时送给外部设备管理层并行冗余两系中的4个PMU以保证输出安全,如图10所示。In any of the two systems of parallel redundancy in the management layer of external equipment, each channel of each general-purpose digital output signal is 2 channels of simultaneous output, and after 2 out of 2 votes, it forms a parallel redundant output with the other system. Feedback signals are sent to the four PMUs in the parallel redundant systems of the external equipment management layer at the same time to ensure output safety, as shown in Figure 10.
针对通用模拟量输出信号以及基于DSP或FPGA的智能输出信号的普遍需求,外部设备管理层热备(2乘)的两系中的主系,采用1个PMU输出模拟量信号以及基于DSP或FPGA的智能输出信号,异构的另1个PMU对该输出信号监督以保证输出安全。外部设备管理层热备(2乘)的两系中的备系,异构的2个PMU均不输出模拟量信号以及基于DSP或FPGA的智能输出信号而只监督主系的输出信号,一旦主系该输出信号异常则接替其输出而变为主系,如图11所示。For the common demand of general analog output signals and intelligent output signals based on DSP or FPGA, the main system of the two series of external equipment management layer hot standby (2 times), uses 1 PMU to output analog signals and DSP or FPGA-based Intelligent output signal, another heterogeneous PMU supervises the output signal to ensure output safety. The standby system of the two systems of the external equipment management layer is hot standby (2 times). If the output signal of the system is abnormal, it will take over its output and become the main system, as shown in Figure 11.
针对外部通信冗余方式的普遍需求,外部设备管理层并行冗余两系中的任一系中,每种外部通信冗余的一路输入采用1个PMU输入、另1个异构的PMU直接输入或监听输入的方式,异构的2个PMU基于2取2逻辑处理后送给逻辑处理层的4个LPU,另外一系输入该外部通信冗余的另一路输入。每种外部通信冗余的一路输出采用1个PMU输出,异构的另1个PMU对该外部通信输出直接输入或监听输入监督以保证输出安全,另外一系输出该外部通信冗余的另一路输出并对该外部通信输出予以监督以保证输出安全,如图12所示。In view of the general demand for external communication redundancy, in any of the two systems of parallel redundancy of the external equipment management layer, one input of each external communication redundancy adopts 1 PMU input and the other 1 heterogeneous PMU direct input Or in the way of monitoring input, the two heterogeneous PMUs are processed based on 2 out of 2 logic and then sent to the 4 LPUs of the logic processing layer, and the other one is input to the other input of the external communication redundancy. One PMU output is used for one output of each external communication redundancy, and another heterogeneous PMU directly inputs or monitors the input supervision of the external communication output to ensure output safety, and the other one outputs the other output of the external communication redundancy output and supervise the external communication output to ensure output safety, as shown in Figure 12.
容错和安全管理层由2个或多个容错和安全管理单元FTSMU构成,优选2个FTSMU的方案,2个FTSMU的实现也应符合硬件/软件差异性(异构)设计原则,例如1个基于ARM架构使用C语言实现,另1个基于可编程逻辑器件,例如FPGA,使用硬件描述语言,例如VHDL,实现。The fault-tolerant and security management layer consists of two or more fault-tolerant and security management units FTSMU. The solution of two FTSMUs is preferred, and the implementation of the two FTSMUs should also conform to the hardware/software difference (heterogeneous) design principle, for example, one based on The ARM architecture is implemented using C language, and the other one is implemented based on a programmable logic device, such as FPGA, using a hardware description language, such as VHDL.
容错和安全管理层与逻辑处理层相互配合完成2乘2取2机制,与外部设备管理层相互配合完成热备(2乘)2取2冗余机制或并行2取2冗余机制,其具体实现方法可参见中国发明专利CN201010235370.5和CN201010241067.6。The fault-tolerant and safety management layer cooperates with the logical processing layer to complete the 2 by 2 out of 2 mechanism, and cooperates with the external device management layer to complete the hot standby (2 by 2) 2 out of 2 redundancy mechanism or parallel 2 out of 2 redundancy mechanism. For the implementation method, please refer to Chinese invention patents CN201010235370.5 and CN201010241067.6.
人机操作界面DMI通过冗余外部以太网或冗余外部异步串行通信总线接入外部设备管理层。The man-machine operation interface DMI is connected to the management layer of external equipment through redundant external Ethernet or redundant external asynchronous serial communication bus.
上述逻辑处理层的4个逻辑处理单元LPU、外部设备管理层的4个外部设备管理单元PMU、容错和安全管理层的2个或多个容错和安全管理单元FTSMU之间通过冗余的安全通信内网VCIN,基于EN50159规定的第1类封闭网络安全通信协议相互通信。4 logical processing units LPU of the above-mentioned logical processing layer, 4 external equipment management units PMU of the external equipment management layer, and 2 or more fault-tolerant and security management units FTSMU of the fault-tolerant and security management layer through redundant secure communication The intranet VCIN communicates with each other based on the first type of closed network security communication protocol stipulated in EN50159.
分级诊断原则主要针对COTS硬件越来越广泛地使用所导致的复杂处理器及与其相关的存储器和其它外设充分诊断的现状,解决“自己诊断自己”的逻辑难题,从而提高诊断覆盖率。The principle of hierarchical diagnosis is mainly aimed at the current situation of full diagnosis of complex processors and related memories and other peripherals caused by the more and more extensive use of COTS hardware, and solves the logic problem of "diagnosing yourself", thereby improving the diagnostic coverage.
分级诊断原则为:The principles of graded diagnosis are:
(1)所有输入通道通过读取特定数值的输入量来进行诊断,输入诊断由处理器发起;诊断周期固定,优选与处理器控制周期相同,在处理器控制周期内的特定时段内完成;(1) All input channels are diagnosed by reading the input of a specific value, and the input diagnosis is initiated by the processor; the diagnosis period is fixed, preferably the same as the processor control period, and is completed within a specific period of time within the processor control period;
(2)2取2结构的输入通道在每个处理器控制周期内进行输入量的2取2比较,数字输入量不一致或模拟输入量、脉冲输入量偏差超出预定范围,则该输入量的2组输入通道出现问题,不再认可该系的此输入量;(2) The input channel of 2 out of 2 structure performs a 2 out of 2 comparison of the input value in each processor control cycle. If the digital input value is inconsistent or the deviation of the analog input value and the pulse input value exceeds the predetermined range, the 2 There is a problem with the input channel of the group, and the input volume of the department is no longer recognized;
(3)所有输出通道通过对特定数值的输出量进行反馈来完成诊断,输出诊断由特定信号应用发起,处理器控制,在特定的时段内完成;(3) All output channels complete the diagnosis by feedbacking the output of a specific value. The output diagnosis is initiated by a specific signal application, controlled by the processor, and completed within a specific period of time;
(4)输出通道在每个处理器控制周期内进行输出反馈,并与实际输出值比较,数字输出量一旦不一致或模拟输出量、脉冲输出量偏差超出预定范围,则该输出通道出现问题,其对应的2取2结构的该系的此输出应导向安全;(4) The output channel performs output feedback in each processor control cycle and compares it with the actual output value. Once the digital output is inconsistent or the deviation of the analog output and pulse output exceeds the predetermined range, there is a problem with the output channel, and other This output of the system of the corresponding 2 out of 2 structure should lead to safety;
(5)处理器及与其相关的存储器和其它外设的诊断,在2取2结构的2组差异性硬件与软件配合和第三方FTSMU的监督下,异步完成相同的确定性工作并在处理器每个控制周期内的特定时段内各自独立完成执行结果的相互比较,只有完全一致诊断结果才会判定正常;(5) The diagnosis of the processor and its related memory and other peripherals, under the supervision of the third-party FTSMU, complete the same deterministic work asynchronously and in the processor The mutual comparison of the execution results is independently completed within a specific period of time in each control cycle, and only when the diagnostic results are completely consistent can it be judged normal;
(6)通用安全计算机平台初始上电时刻,处理器完成对其自身及与其相关的存储器和各种输入、输出以及其它外设的扫描诊断。(6) At the moment when the universal secure computer platform is initially powered on, the processor completes the scan diagnosis of itself and its related memory, various inputs, outputs and other peripherals.
上述逻辑处理单元LPU、外部设备管理单元PMU、基于ARM架构的容错和安全管理单元FTSMU之上运行的软件,均支持同时实现多个信号应用控制逻辑,如图13所示。The software running on the logic processing unit LPU, the external equipment management unit PMU, and the fault tolerance and security management unit FTSMU based on the ARM architecture all support the simultaneous realization of multiple signal application control logics, as shown in Figure 13.
软件方面,支持同时实现多个信号应用控制逻辑所依赖的双重确定性原则分别指基于固定分配的循环执行策略和基于固定分配的内存保护策略。基于固定分配的循环执行策略以保证所支持的多个控制逻辑的执行时间确定性,基于固定分配的内存保护策略以保证所支持的多个控制逻辑的数据存储空间确定性,如图14所示。这2个措施可以进一步提高软件安全性。In terms of software, the dual deterministic principles that support the simultaneous implementation of multiple signal application control logics refer to the cyclic execution strategy based on fixed allocation and the memory protection strategy based on fixed allocation respectively. The cyclic execution strategy based on fixed allocation ensures the deterministic execution time of multiple supported control logics, and the memory protection strategy based on fixed allocation ensures the deterministic data storage space of multiple supported control logics, as shown in Figure 14 . These two measures can further improve software security.
对于轨道交通运控地面系统,基于分布式处理原则,上述的通用安全计算机平台还可以精简为核心主机型配置、远程外设型配置2种方式。核心主机型配置时,包括逻辑处理层、部分外部设备管理层、容错和安全管理层三个部分以及安全通信内网VCIN,如图15所示。其中的部分外部设备管理层只支持冗余外部以太网通信功能。远程外设型配置时,包括外部设备管理层、容错和安全管理层两个部分以及安全通信内网VCIN,如图16所示。For the ground system of rail transit operation control, based on the principle of distributed processing, the above-mentioned general security computer platform can also be simplified into two modes: core host configuration and remote peripheral configuration. When the core host type is configured, it includes three parts: the logical processing layer, some external device management layers, fault tolerance and security management layers, and the security communication intranet VCIN, as shown in Figure 15. Some of the external device management layers only support redundant external Ethernet communication functions. For remote peripheral configuration, it includes two parts: the external device management layer, the fault-tolerant and security management layer, and the secure communication intranet VCIN, as shown in Figure 16.
基于通用安全计算机平台简化轨道交通列车运行控制系统的车载应用或地面应用:Simplify the vehicle application or ground application of the rail transit train operation control system based on the general security computer platform:
地面应用,划分现有地面列控设备的应用逻辑处理功能、输入输出功能、人机操作界面DMI功能,然后合并多个地面列控应用逻辑处理功能于核心主机型配置通用安全计算机平台,合并相同现场位置的不同地面列控输入输出功能于远程外设型配置通用安全计算机平台,根据现场情况设置多个远程外设型配置通用安全计算机平台,最后根据现场情况设置一个或多个人机操作界面DMI供地面列控使用;For ground applications, divide the application logic processing functions, input and output functions, and DMI functions of the existing ground train control equipment, and then merge multiple ground train control application logic processing functions into the core host type to configure a general-purpose secure computer platform, and merge the same The different ground train control input and output functions at the site position are configured with a general-purpose secure computer platform for the remote peripheral type, and multiple remote peripheral types are configured with a general-purpose secure computer platform according to the site conditions, and finally one or more man-machine operation interfaces (DMI) are set according to the site conditions For ground train control;
车载应用,划分现有车载列控设备的应用逻辑处理功能、输入输出功能、人机操作界面DMI功能,然后合并多个地面列控应用逻辑处理功能于通用安全计算机平台的逻辑处理层,合并车载列控输入输出功能于通用安全计算机平台外部设备管理层,根据现场情况设置司机人机操作界面DMI。On-vehicle application, divide the application logic processing function, input and output function, and man-machine interface DMI function of the existing on-board train control equipment, and then merge multiple ground train control application logic processing functions into the logic processing layer of the general security computer platform, and merge the on-board The train control input and output functions are in the external equipment management layer of the general safety computer platform, and the driver man-machine operation interface DMI is set according to the site conditions.
针对铁路、城轨等典型的轨道交通系统,基于通用安全计算机平台简化的列车运行控制系统具体实施方案如下:For typical rail transit systems such as railways and urban rail, the specific implementation plan of the simplified train operation control system based on the general security computer platform is as follows:
(1)CTCS-2级地面系统实施方案(1) CTCS-2 ground system implementation plan
基于分布式处理原则,将CTCS-2级地面系统分为核心主机部分和远程外设部分。核心主机基于核心主机型配置的安全计算机平台实现,放置于目前信号机械室内,支持目前计算机联锁CBI、列车运行控制中心TCC的核心控制逻辑以及与计算机联锁CBI相适应的人机操作界面DMI功能。而远程外设基于远程外设型配置的安全计算机平台实现,尽量靠近现场控制对象,确保远程外设和现场控制对象之间的硬连线尽可能缩短,减少布线成本,降低各种电磁干扰的引入,减少故障点。远程外设支持计算机联锁通用数字量输入或输出功能、轨道电路通用数字量输入或输出功能以及智能输入或智能输出功能、轨旁电子单元LEU通用数字量输入或输出功能以及智能输入或智能输出功能,如图17所示。Based on the principle of distributed processing, the CTCS-2 ground system is divided into the core host part and the remote peripheral part. The core host is implemented based on a secure computer platform configured with the core host type, placed in the current signal machinery room, and supports the core control logic of the current computer interlocking CBI, train operation control center TCC, and the man-machine interface DMI that is compatible with the computer interlocking CBI Function. The remote peripherals are implemented on a secure computer platform based on remote peripheral configurations, as close as possible to on-site control objects, ensuring that the hard wiring between remote peripherals and on-site control objects is as short as possible, reducing wiring costs, and reducing the risk of various electromagnetic interferences Introduced to reduce points of failure. Remote peripherals support computer interlocking general digital input or output functions, track circuit general digital input or output functions and intelligent input or intelligent output functions, trackside electronic unit LEU general digital input or output functions and intelligent input or intelligent output functions function, as shown in Figure 17.
(2)CTCS-2级车载系统实施方案(2) CTCS-2 vehicle system implementation plan
基于通用安全计算机平台实现CTCS-2级车载系统,其逻辑处理层支持目前车载ATP、测速测距、应答器信息处理、轨道电路信息处理功能。其外部设备管理层支持列车接口单元的通用数字量输入和输出功能、速度传感器的通用脉冲量输入功能、基于DSP的轨道电路信息智能输入功能、基于DSP或FPGA的应答器信息智能输入功能以及人机操作界面DMI通信功能,如图18所示。The CTCS-2 vehicle-mounted system is implemented based on a general-purpose security computer platform, and its logic processing layer supports the current vehicle-mounted ATP, speed measurement and distance measurement, transponder information processing, and track circuit information processing functions. Its external equipment management layer supports the general digital input and output functions of the train interface unit, the general pulse input function of the speed sensor, the intelligent input function of track circuit information based on DSP, the intelligent input function of transponder information based on DSP or FPGA, and the human The DMI communication function of the machine operation interface, as shown in Figure 18.
(3)CTCS-3级地面系统实施方案(3) CTCS-3 ground system implementation plan
基于分布式处理原则,将CTCS-3级地面系统分为核心主机部分和远程外设部分。核心主机基于核心主机型配置的安全计算机平台实现,放置于目前信号机械室内,支持目前无线闭塞中心RBC、临时限速服务器TSRS、计算机联锁CBI、列车运行控制中心TCC的核心控制逻辑以及与临时限速服务器TSRS、计算机联锁CBI相适应的人机操作界面DMI功能。而远程外设基于远程外设型配置的安全计算机平台实现,尽量靠近现场控制对象,确保远程外设和现场控制对象之间的硬连线尽可能缩短,减少布线成本,降低各种电磁干扰的引入,减少故障点。远程外设支持计算机联锁通用数字量输入或输出功能、轨道电路通用数字量输入或输出功能以及智能输入或智能输出功能、轨旁电子单元LEU通用数字量输入或输出功能以及智能输入或智能输出功能,如图19所示。Based on the principle of distributed processing, the CTCS-3 level ground system is divided into the core host part and the remote peripheral part. The core host is implemented based on a secure computer platform configured with the core host type, placed in the current signal machinery room, and supports the core control logic of the current wireless block center RBC, temporary speed limit server TSRS, computer interlocking CBI, train operation control center TCC, and temporary Man-machine interface DMI function compatible with speed limit server TSRS and computer interlocking CBI. The remote peripherals are implemented on a secure computer platform based on remote peripheral configurations, as close as possible to on-site control objects, ensuring that the hard wiring between remote peripherals and on-site control objects is as short as possible, reducing wiring costs, and reducing the risk of various electromagnetic interferences Introduced to reduce points of failure. Remote peripherals support computer interlocking general digital input or output functions, track circuit general digital input or output functions and intelligent input or intelligent output functions, trackside electronic unit LEU general digital input or output functions and intelligent input or intelligent output functions function, as shown in Figure 19.
(4)CTCS-3级车载系统实施方案(4) CTCS-3 vehicle system implementation plan
基于通用安全计算机平台实现CTCS-3级车载系统,其逻辑处理层支持目前C3车载ATP、C2车载ATP、测速测距、应答器信息处理、轨道电路信息处理功能。其外部设备管理层支持列车接口单元的通用数字量输入和输出功能、速度传感器的通用脉冲量输入功能、基于DSP的轨道电路信息智能输入功能、基于DSP或FPGA的应答器信息智能输入功能以及人机操作界面DMI、GSM-R无线通信单元RTU、列车通信网络MVB的通信功能,如图20所示。The CTCS-3 vehicle-mounted system is realized based on a general-purpose security computer platform, and its logic processing layer supports the current C3 vehicle-mounted ATP, C2 vehicle-mounted ATP, speed and distance measurement, transponder information processing, and track circuit information processing functions. Its external equipment management layer supports the general digital input and output functions of the train interface unit, the general pulse input function of the speed sensor, the intelligent input function of track circuit information based on DSP, the intelligent input function of transponder information based on DSP or FPGA, and the human The communication functions of the machine operation interface DMI, the GSM-R wireless communication unit RTU, and the train communication network MVB are shown in Figure 20.
(5)CBTC地面系统实施方案(5) CBTC ground system implementation plan
基于分布式处理原则,将CBTC地面系统分为核心主机部分和远程外设部分。核心主机基于核心主机型配置的安全计算机平台实现,放置于目前信号机械室内,支持目前区域控制器ZC、数据存储单元DSU、计算机联锁CBI的核心控制逻辑以及与数据存储单元DSU、计算机联锁CBI相适应的人机操作界面DMI功能。而远程外设基于远程外设型配置的安全计算机平台实现,尽量靠近现场控制对象,确保远程外设和现场控制对象之间的硬连线尽可能缩短,减少布线成本,降低各种电磁干扰的引入,减少故障点。远程外设支持计算机联锁通用数字量输入或输出功能、计轴设备通用数字量输入或输出功能以及智能输入或智能输出功能,如图21所示。Based on the principle of distributed processing, the CBTC ground system is divided into the core host part and the remote peripheral part. The core host is implemented based on a secure computer platform configured with a core host type, placed in the current signal machine room, and supports the core control logic of the current zone controller ZC, data storage unit DSU, computer interlocking CBI, and interlocking with the data storage unit DSU and computer Man-machine interface DMI function compatible with CBI. The remote peripherals are implemented based on a secure computer platform configured with remote peripherals, and are as close as possible to the on-site control objects to ensure that the hard wiring between the remote peripherals and the on-site control objects is as short as possible, reducing wiring costs and reducing the risk of various electromagnetic interferences Introduced to reduce points of failure. Remote peripherals support computer interlock general digital input or output functions, axle counting equipment general digital input or output functions, and intelligent input or intelligent output functions, as shown in Figure 21.
(6)CBTC车载系统实施方案(6) CBTC vehicle system implementation plan
基于通用安全计算机平台实现CBTC车载系统,其逻辑处理层支持目前车载ATP、车载ATO、测速测距、应答器信息处理功能。其外部设备管理层支持列车接口单元的通用数字量输入和输出功能、速度传感器的通用脉冲量输入功能、基于DSP或FPGA的应答器信息智能输入功能以及人机操作界面DMI、无线车载设备MR、列车通信网络MVB的通信功能,如图22所示。The CBTC vehicle-mounted system is realized based on a general-purpose security computer platform, and its logic processing layer supports the current vehicle-mounted ATP, vehicle-mounted ATO, speed measurement and distance measurement, and transponder information processing functions. Its external equipment management layer supports the general digital input and output functions of the train interface unit, the general pulse input function of the speed sensor, the intelligent input function of transponder information based on DSP or FPGA, and the man-machine operation interface DMI, wireless vehicle equipment MR, The communication function of the train communication network MVB is shown in Figure 22.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.
Claims (17)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603679.9A CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603679.9A CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103612650A true CN103612650A (en) | 2014-03-05 |
| CN103612650B CN103612650B (en) | 2016-01-20 |
Family
ID=50163380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310603679.9A Active CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103612650B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104332075A (en) * | 2014-10-09 | 2015-02-04 | 北京交通大学 | Train control semi-physical simulation training system based on B/S framework and method thereof |
| CN104361160A (en) * | 2014-10-30 | 2015-02-18 | 北京交控科技有限公司 | Method and system for dynamic cycle design of 2oo2 safety computer platform |
| CN105472005A (en) * | 2015-12-10 | 2016-04-06 | 北京交控科技股份有限公司 | Remote updating method and system for ground ATP equipment |
| CN106741013A (en) * | 2016-11-15 | 2017-05-31 | 交控科技股份有限公司 | The control method of onboard system, CBTC control systems and CTCS control systems switching |
| CN106915367A (en) * | 2017-01-22 | 2017-07-04 | 北京和利时系统工程有限公司 | A kind of train control system |
| CN107885099A (en) * | 2017-11-08 | 2018-04-06 | 交控科技股份有限公司 | Emulation and enhancing emulation 2oo2 security platforms equipment, security platform maintaining method |
| CN109412160A (en) * | 2018-12-10 | 2019-03-01 | 中车大连机车研究所有限公司 | It is a kind of to be arranged based on the centralized of four-quadrant control for administrative unit and system |
| WO2019080473A1 (en) * | 2017-10-24 | 2019-05-02 | 北京全路通信信号研究设计院集团有限公司 | Method and device for implementing single hardware and multiple software, and computer storage medium |
| CN110138643A (en) * | 2019-05-23 | 2019-08-16 | 山东省科学院激光研究所 | Bus network duplex computer main website |
| CN110361979A (en) * | 2019-07-19 | 2019-10-22 | 北京交大思诺科技股份有限公司 | A kind of safety computer platform in railway signal field |
| CN110389871A (en) * | 2019-07-24 | 2019-10-29 | 北京交大思诺科技股份有限公司 | A kind of safety computer platform having system integrity confirmation function |
| CN110502306A (en) * | 2019-08-26 | 2019-11-26 | 湖南中车时代通信信号有限公司 | A kind of safe man-machine interactive system and method for vehicle-mounted automatic train protection system |
| CN112572533A (en) * | 2020-12-22 | 2021-03-30 | 卡斯柯信号有限公司 | Light train control system applied to overseas freight railway |
| CN112817819A (en) * | 2021-01-26 | 2021-05-18 | 北京交通大学 | Method for carrying out logic monitoring on deployment running program on cloud by edge security node |
| CN117048670A (en) * | 2023-09-21 | 2023-11-14 | 上海富欣智能交通控制有限公司 | Safety control system and method beside general track |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916068A (en) * | 2010-07-29 | 2010-12-15 | 北京交通大学 | Computer control system based on 2 out of 2 structure and its realization method |
| JP4783258B2 (en) * | 2006-10-19 | 2011-09-28 | 東日本旅客鉄道株式会社 | Train control network system |
| CN102233887A (en) * | 2011-05-16 | 2011-11-09 | 铁道部运输局 | CTCS (China train control system)-3 train operation control system |
-
2013
- 2013-11-25 CN CN201310603679.9A patent/CN103612650B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4783258B2 (en) * | 2006-10-19 | 2011-09-28 | 東日本旅客鉄道株式会社 | Train control network system |
| CN101916068A (en) * | 2010-07-29 | 2010-12-15 | 北京交通大学 | Computer control system based on 2 out of 2 structure and its realization method |
| CN102233887A (en) * | 2011-05-16 | 2011-11-09 | 铁道部运输局 | CTCS (China train control system)-3 train operation control system |
Non-Patent Citations (1)
| Title |
|---|
| 王悉等: "2取2乘2安全计算机平台的设计与实现", 《都市快轨交通》, vol. 24, no. 04, 31 August 2011 (2011-08-31) * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104332075A (en) * | 2014-10-09 | 2015-02-04 | 北京交通大学 | Train control semi-physical simulation training system based on B/S framework and method thereof |
| CN104361160B (en) * | 2014-10-30 | 2017-12-19 | 交控科技股份有限公司 | The cycle dynamicses design method and system of a kind of 2oo2 safety computer platforms |
| CN104361160A (en) * | 2014-10-30 | 2015-02-18 | 北京交控科技有限公司 | Method and system for dynamic cycle design of 2oo2 safety computer platform |
| CN105472005B (en) * | 2015-12-10 | 2019-06-11 | 交控科技股份有限公司 | A kind of ground ATP equipment method for remote updating and system |
| CN105472005A (en) * | 2015-12-10 | 2016-04-06 | 北京交控科技股份有限公司 | Remote updating method and system for ground ATP equipment |
| CN106741013A (en) * | 2016-11-15 | 2017-05-31 | 交控科技股份有限公司 | The control method of onboard system, CBTC control systems and CTCS control systems switching |
| CN106741013B (en) * | 2016-11-15 | 2019-02-26 | 交控科技股份有限公司 | The control method of onboard system, CBTC control system and the switching of CTCS control system |
| CN106915367A (en) * | 2017-01-22 | 2017-07-04 | 北京和利时系统工程有限公司 | A kind of train control system |
| WO2019080473A1 (en) * | 2017-10-24 | 2019-05-02 | 北京全路通信信号研究设计院集团有限公司 | Method and device for implementing single hardware and multiple software, and computer storage medium |
| CN107885099A (en) * | 2017-11-08 | 2018-04-06 | 交控科技股份有限公司 | Emulation and enhancing emulation 2oo2 security platforms equipment, security platform maintaining method |
| CN109412160A (en) * | 2018-12-10 | 2019-03-01 | 中车大连机车研究所有限公司 | It is a kind of to be arranged based on the centralized of four-quadrant control for administrative unit and system |
| CN110138643B (en) * | 2019-05-23 | 2021-03-09 | 山东省科学院激光研究所 | Bus network dual computer master station |
| CN110138643A (en) * | 2019-05-23 | 2019-08-16 | 山东省科学院激光研究所 | Bus network duplex computer main website |
| CN110361979A (en) * | 2019-07-19 | 2019-10-22 | 北京交大思诺科技股份有限公司 | A kind of safety computer platform in railway signal field |
| CN110361979B (en) * | 2019-07-19 | 2022-08-16 | 北京交大思诺科技股份有限公司 | Safety computer platform in railway signal field |
| CN110389871A (en) * | 2019-07-24 | 2019-10-29 | 北京交大思诺科技股份有限公司 | A kind of safety computer platform having system integrity confirmation function |
| CN110389871B (en) * | 2019-07-24 | 2023-08-01 | 北京交大思诺科技股份有限公司 | Safety computer platform with system integrity confirmation function |
| CN110502306A (en) * | 2019-08-26 | 2019-11-26 | 湖南中车时代通信信号有限公司 | A kind of safe man-machine interactive system and method for vehicle-mounted automatic train protection system |
| CN110502306B (en) * | 2019-08-26 | 2023-02-03 | 湖南中车时代通信信号有限公司 | Safety man-machine interaction system and method for automatic protection system of vehicle-mounted train |
| CN112572533A (en) * | 2020-12-22 | 2021-03-30 | 卡斯柯信号有限公司 | Light train control system applied to overseas freight railway |
| CN112817819A (en) * | 2021-01-26 | 2021-05-18 | 北京交通大学 | Method for carrying out logic monitoring on deployment running program on cloud by edge security node |
| CN112817819B (en) * | 2021-01-26 | 2023-02-28 | 北京交通大学 | Method for Logical Monitoring of Deployed Running Programs on Cloud by Edge Security Nodes |
| CN117048670A (en) * | 2023-09-21 | 2023-11-14 | 上海富欣智能交通控制有限公司 | Safety control system and method beside general track |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103612650B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103612650B (en) | A kind of method of designing of Introduction of Train Operation Control System | |
| CN110361979B (en) | Safety computer platform in railway signal field | |
| CN106494457B (en) | CBTC and regional interlock integral system and method | |
| CN102514598B (en) | High-speed rail signal system level 'fail-safe' method | |
| CN103057567B (en) | A kind of general trackside security platform of railway signal field | |
| CN113157499B (en) | Secure computer platform based on cloud computing | |
| CN106741004A (en) | Suitable for the automatic train protection system of single track | |
| CN107650950A (en) | A kind of urban railway transit train timetable is met an urgent need method of adjustment | |
| CN105539522A (en) | Train operation monitoring device based on double 2-vote-2 safety computer structure and method for train operation monitoring device | |
| CN107967194A (en) | Safety computer system based on redundant Ethernet | |
| Wang et al. | Safety monitor for train‐centric CBTC system | |
| CN102955903A (en) | Method for processing safety critical information of rail transit computer control system | |
| CN113665630B (en) | VOBC and TCMS integrated train control equipment | |
| CN110758489A (en) | Automatic protection system of train | |
| CN105501259B (en) | Suitable for the ground controlled approach and system of CBTC | |
| CN206606211U (en) | Suitable for the automatic train protection system of single track | |
| Shi et al. | Reliability analysis on the train control system in the CTCS-3 operating mode | |
| CN117056199A (en) | Train operation control system test case generation method based on tabu search | |
| Wen et al. | Design and analysis of double one out of two with a hot standby safety redundant structure | |
| CN216313114U (en) | Motor train unit control system fusion framework | |
| CN112734164B (en) | Full life cycle intelligent operation and maintenance method for high-speed railway signal system | |
| Chandra et al. | A fail-safe interlocking system for railways | |
| CN113992308A (en) | Motor train unit control system fusion framework | |
| CN102923166A (en) | Main plug-in connector for integrated train overspeed protection equipment | |
| Wang et al. | Study on modeling and verification of CBTC interlocking system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |