CN103612650B - A kind of method of designing of Introduction of Train Operation Control System - Google Patents
A kind of method of designing of Introduction of Train Operation Control System Download PDFInfo
- Publication number
- CN103612650B CN103612650B CN201310603679.9A CN201310603679A CN103612650B CN 103612650 B CN103612650 B CN 103612650B CN 201310603679 A CN201310603679 A CN 201310603679A CN 103612650 B CN103612650 B CN 103612650B
- Authority
- CN
- China
- Prior art keywords
- input
- management layer
- safety
- introduction
- operation control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Train Traffic Observation, Control, And Security (AREA)
Abstract
The invention discloses a kind of method simplifying Introduction of Train Operation Control System belonging to track traffic control technology field.The method is specially: 1) improve universal safety computer platform method of designing; 2) vehicular applications or the Ground Application of Introduction of Train Operation Control System is simplified.The universal safety computer platform of design realizes based on hardware/software otherness principle of design, grading diagnosis principle, and software aspect realizes the function of multiple application controls logic based on the support of dual certainty principle simultaneously.The universal safety computer platform logical process layer of the method design can support that control logical process function is transported in multiple conventional rails traffic simultaneously, decreases conventional rails traffic train operation control system number of devices, improves fortune Ore-controlling Role reliability; The universal safety computer platform portable of the method design, to the different rail transit train fortune Ore-controlling Role required, decreases exploitation and safety assessment work capacity, reduces exploitation and safety assessment cost.
Description
Technical field
The invention belongs to track traffic control technology field, particularly a kind of method of designing of Introduction of Train Operation Control System.
Background technology
Rail Transit System mainly comprises railway and urban track traffic (hereinafter referred to as city rail).In recent years, new Introduction of Train Operation Control System, as being applied to the Train operation control system (ChineseTrainControlSystem of railway, CTCS) and be applied to city rail based on communication train operation control system (CommunicationBasedTrainControlSystem, CBTC) arise at the historic moment, for railway high speed and city rail densification, low compartmentation provide solid technical foundation and foundation for security.
By analyzing current CTCS and CBTC system architecture, being not difficult to find that these systems are all continue to use the thinking of classical signal equipment de-sign, different subsystems being adopted for different running control function, realizes whole system based on superposing type principle.
Such as: CTCS-2 level ground system comprises computer interlock CBI, Train Detection and Identification center TCC and is controlled by its track circuit, trackside electronic unit LEU (containing active balise) etc., as shown in Figure 1; CTCS-2 level onboard system comprises on-vehicle safety computing machine VC (containing the distance measurement function that tests the speed), responser information receiving module BTM, track circuit information receiving element TCR, man machine operation interface DMI etc., as shown in Figure 2.
CTCS-3 level ground system comprises radio block center RBC and the GSM-R wayside equipment be attached thereto, temporary speed limitation server TSRS, computer interlock CBI, Train Detection and Identification center TCC and is controlled by its track circuit, trackside electronic unit LEU (containing active balise) etc., as shown in Figure 3; CTCS-3 level onboard system comprises C3 vehicle-mounted ATP main frame, C2 vehicle-mounted ATP main frame, the intelligent first SDU that tests the speed, responser information receiving module BTM, track circuit information receiving element TCR, man machine operation interface DMI, GSM-R mobile unit etc., as shown in Figure 4, in Fig. 4,3 vehicle-mounted ATP main frames, C2 vehicle-mounted ATP main frame, the intelligent first SDU that tests the speed, responser information receiving module BTM have 2 covers, use in two cover cold standby mode.
Typical CBTC ground system comprises zone controller ZC, data storage cell DSU, computer interlock CBI and is controlled by its axis-counting device, trackside electronic unit LEU (containing active balise) etc., as shown in Figure 5; Typical CBTC onboard system comprises vehicle-mounted ATP controller VOBC (containing the distance measurement function that tests the speed), vehicle-mounted ATO controller, responser information receiving module BTM, man machine operation interface DMI, wireless vehicle mounted equipment MR etc., as shown in Figure 6.
Realizing the maximum benefit of Introduction of Train Operation Control System is in the manner described above clear-cut between each subsystem, can as much as possible not revise or the original subsystem of minimal modifications, reduce the work capacity of therefore brought research and development, test, confirmation, checking and safety assessment etc., reduce the possibility occurring mistake.
But the shortcoming realizing Introduction of Train Operation Control System in the manner described above is also apparent.First, do like this and train operation control system can be caused to contain a lot of subsystem, complex structure, number of devices is many, and according to the groundwork of reliability, system architecture is more complicated, and number of devices is more, and its system MTBF is lower.Even if whole system meets relevant safety standard, reach corresponding safety integrity level (SIL) requirement, because system MTBF is low, can break down more continually and cause system recovery time elongated, not only reduce running efficiency of system, but also easily bring out other grave accident, this point with regard to sufficient proof that track traffic grave accident in recent years occurs during being much all breakdown of equipment.
Secondly, owing to there is many subsystems, mutual coordination (by communication) between subsystem can take a large amount of software resource of each subsystem, and simultaneously again because there is electromagnetic interference, reliable, secure data communication between subsystem also need software, hardware resource outside occupying volume.
Finally, equipment is more, and the problems such as the space hold brought, energy consumption are large, heat radiation are more difficult to process, and especially these problems of mobile unit are more outstanding.
Therefore, be necessary very much to study a kind of Introduction of Train Operation Control System structure to reduce the method for number of devices.
Computer hardware technique develop rapidly in recent years.CPU is more and more towards future developments such as multinucleation, low power consumption, support are virtual, and its comprehensive treatment capability is more and more stronger, needs the function of multiple CPU process to be completed by single cpu now in the past and becomes a reality.The simultaneously develop rapidly of the technology such as internal memory, disk, network, also make the processing speed of computing machine and processing capacity also more and more strong, these make the present invention be implemented.
Summary of the invention
For the shortcoming that above-mentioned prior art exists, a kind of method of designing of Introduction of Train Operation Control System, it is characterized in that, the method is based on universal safety computer platform designed path traffic train operation control system, concrete steps are: 1) propose a kind of universal safety computer platform method of designing, this universal safety computer platform is based on hardware/software otherness principle of design, grading diagnosis principle realizes, software is based on dual certainty principle, support to realize multiple application controls logic function simultaneously, 2 are used to take advantage of 2 to get 2 structures, mainly comprise logical process layer, external device management layer, fault-tolerant and safety management layer three parts,
2) determine that the application of Introduction of Train Operation Control System is vehicular applications or Ground Application;
For Ground Application, divide the applied logic processing capacity of existing ground row control equipment, input/output function, man machine operation interface DMI function, then multiple ground row control applied logic processing capacity is merged in core main frame type configure generic safety computer platform, merge the Different Ground row control input/output function of identical field position in long-range peripheral hardware type configure generic safety computer platform, according to field condition, multiple long-range peripheral hardware type configure generic safety computer platform is set, finally according to field condition, one or more man machine operation interface DMI is set for ground row control,
For vehicular applications, divide applied logic processing capacity, input/output function, the man machine operation interface DMI function of existing vehicle-mounted row control equipment, then multiple ground row control applied logic processing capacity is merged in the logical process layer of universal safety computer platform, merge vehicle-mounted row control input/output function in universal safety computer platform external device management layer, driver's man machine operation interface DMI is set according to field condition.
Described logical process layer by 2 groups totally 4 Logical processing unit LPU form, it is that 2 LPU being meet hardware/software otherness principle of design that every 2 LPU form 1 group 2 to get one of 2 structures, and two is that formation 2 takes advantage of 2 to get 2 structures; This logical process layer provides and meets 2 and take advantage of 2 to get safe, the highly reliable and high performance computation processing capacity of the height of 2 mechanism, to support the realization of multiple conventional rails traffic Train Detection and Identification logic function.
Described external device management layer by 2 groups totally 4 external device management unit PMU form, every 2 PMU form 1 group 2 and get one of 2 structures, the selection of one 2 PMU being meets hardware/software otherness principle of design, and two is form hot standby 2 to get 2 redundancy structures or parallel 2 and get 2 redundancy structures;
This external device management layer provides: the fan-out capability of the input of (1) general digital quantity, analog quantity, pulsed quantity or general digital quantity, analog quantity; (2) for track circuit, LEU, BTM, TCR application, based on DSP or FPGA realize intelligent input or intelligent fan-out capability; (3) the various communication external of Introduction of Train Operation Control System use, comprising: the asynchronous serial communication using RS-232, RS-485, RS-422 interface; Field bus communication: CAN, Profibus; TCN TCN standard MVB communicates; Ethernet communication; Car ground mobile communication: GSM-R, WLAN WLAN.
Described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, each road of often kind of general digital quantity, analog quantity, pulsed quantity incoming signal and DSP or FPGA intelligent input signal is all that 2 roads input simultaneously, gives 4 LPU of logical process layer after 2 PMU of isomery get 2 logical process based on 2.
Described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, each road of often kind of general digital quantity output signal is all that 2 roads export simultaneously, 2 get 2 votings after be form parallel redundancy to export again with another, its feedback signal give simultaneously external device management layer parallel redundancy two be in 4 PMU to ensure output safety;
For Universal Die analog quantity output signal and DSP or FPGA intelligence output signal common requirements, described external device management layer hot standby 2 get two of 2 redundancy structures be in principal series, adopt 1 PMU to export the intelligent output signal of analog quantity and DSP or FPGA, another 1 PMU of isomery supervises this output signal to ensure output safety; External device management layer hot standby 2 get two of 2 redundancy structures be in standby system, 2 PMU of isomery all do not export the intelligent output signal of analog quantity and DSP or FPGA, the only output signal of supervision principal series, once principal series output signal is abnormal, takes over it and exports and become principal series.
For the common requirements of communication external redundant fashion, described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, the PMU of a road input employing 1 PMU input of often kind of communication external redundancy, another 1 isomery directly inputs or monitors the mode of input, give 4 LPU of logical process layer after 2 PMU of isomery get 2 logical process based on 2, other one is another road input of this communication external redundancy of input;
One tunnel of often kind of communication external redundancy exports employing 1 PMU and exports, another 1 PMU of isomery exports directly input to this communication external or monitoring input is supervised to ensure output safety, and other one is that another road exporting this communication external redundancy exports and supervised to ensure output safety to this communication external output;
Man machine operation interface DMI is by redundant external ethernet or redundant external asynchronous serial communication bus access external device management layer.
By 2 or multiple, fault-tolerant and security managing unit FTSMU is formed described fault-tolerant and safety management layer, and the realization of 2 FTSMU meets hardware/software otherness principle of design; Fault-tolerant and safety management layer and logical process layer have cooperatively interacted and 2 have taken advantage of 2 to get 2 mechanism, cooperatively interacted hot standby 2 get 2 redundancy schemes or walk abreast and 2 get 2 redundancy schemes with external device management layer.
By the safety communication Intranet VCIN of redundancy between 4 Logical processing unit LPU of described logical process layer, 4 external device management unit PMU of external device management layer, 2 or multiple of fault-tolerant and safety management layer fault-tolerant and security managing unit FTSMU, the 1st class based on EN50159 regulation is closed transmission system secure communication protocols and is intercomed mutually.
The software run on 4 Logical processing unit LPU of described logical process layer, 4 external device management unit PMU of external device management layer, 2 or multiple of fault-tolerant and safety management layer fault-tolerant and security managing unit FTSMU, supports to realize multiple application controls logic simultaneously.
Described hardware/software otherness principle of design is that different processor framework selected by hardware, software is selected different operating system, different compilers or different programming languages.
Described grading diagnosis principle is:
(1) all input channels are diagnosed by the input reading special value, and input diagnosis is initiated by treater; Interval between diagnosis is fixed, and completes in the specific time period in treater control cycle;
(2) 2 input channels of getting 2 structures are carried out 2 of input and are got 2 and compare in each treater control cycle, inconsistent or the analog input amount of digital input amount, Puled input amount deviation exceed preset range, then 2 groups of input channels of this input go wrong, and no longer approve this input;
(3) all delivery channels complete diagnosis by carrying out feedback to the output of special value, and export diagnosis and apply initiation by signal specific, treater controls, and completes within the specific period;
(4) delivery channel carries out output feedack in each treater control cycle, and compare with real output value, digital output is once inconsistent or imitated output quantity, pulse output deviation exceed preset range, then this delivery channel goes wrong, and failure to the safe side is answered in this output that 2 of its correspondence gets 2 structures;
(5) diagnosis of treater and relative memory device and other peripheral hardware, under getting 2 groups of otherness hardware and softwares cooperations of 2 structures and the supervision of third party FTSMU 2, asynchronously complete identical qualitative work really and mutually the comparing of complete independently execution result separately in specific time period in each control cycle of treater, only have completely the same diagnostic result just can judge normally;
(6) universal safety computer platform initially powers on the moment, and treater completes the diagnosis of scans to himself and relative memory device and various input, output and other peripheral hardware.
Described dual certainty principle refers to the circulation implementation strategy based on fixed allocation and the memory protect strategy based on fixed allocation respectively; Based on the execution time certainty of multiple control logics that the circulation implementation strategy of fixed allocation is supported with guarantee; Based on the data space certainty of multiple control logics that the memory protect strategy of fixed allocation is supported with guarantee.
For rail transit train fortune control ground system, based on distributed treatment principle, described universal safety computer platform is divided into core main frame type to configure and the configuration of long-range peripheral hardware type;
The configuration of core main frame type comprises logical process layer, portion of external facility management layer, fault-tolerant and safety management layer three parts and safety communication Intranet VCIN; Portion of external facility management layer wherein only supports redundant external ethernet communication function;
The configuration of long-range peripheral hardware type comprises external device management layer, fault-tolerant and safety management layer two parts and safety communication Intranet VCIN.
Described step 2) in the vehicular applications of Introduction of Train Operation Control System or Ground Application be CTCS-2 level ground system, CTCS-2 level onboard system, CTCS-3 level ground system, CTCS-3 level onboard system, CBTC ground system, CBTC onboard system.
The beneficial effect of the invention:
(1) by making full use of the powerful software and hardware processing capacity of current computing machine, universal safety computer platform logical process layer can support that control logical process function is transported in multiple conventional rails traffic simultaneously, change the mode that tradition fortune control system is realized by superposition difference in functionality subsystem, decrease number of devices, improve fortune Ore-controlling Role reliability.
(2) for rail transit train fortune control ground system, based on distributed treatment principle, core host machine part and long-range peripheral hardware part is divided into.Long-range peripheral hardware is as far as possible near field control object, and the hardwired between them shortens as far as possible, decreases wiring cost, reduces the introducing of various electromagnetic interference, decreases trouble point, improve serviceability.
(3) universal safety computer platform possesses different configuration mode, and portable, to the different rail transit train fortune Ore-controlling Role required, decreases exploitation and safety assessment work capacity, reduces exploitation and safety assessment cost.
(4) the rail transit train fortune Ore-controlling Role structure based on universal safety computer platform is not only applicable to improve current rail transit train fortune Ore-controlling Role, is also applicable to the realization of rail transit train of future generation fortune Ore-controlling Role.
Accompanying drawing explanation
Fig. 1 is typical ct findings CS-2 level ground system constructional drawing;
Fig. 2 is typical ct findings CS-2 level onboard system constructional drawing;
Fig. 3 is typical ct findings CS-3 level ground system constructional drawing;
Fig. 4 is typical ct findings CS-3 level onboard system constructional drawing;
Fig. 5 is typical CBTC ground system constructional drawing;
Fig. 6 is typical CBTC onboard system constructional drawing;
Fig. 7 is the diagram of circuit of the method for designing of the Introduction of Train Operation Control System that the present invention proposes;
Fig. 8 be 2 take advantage of 2 get 2 structures universal safety computer platform structures composition;
Fig. 9 is universal safety computer platform external device management layer input processing functional block diagram;
Figure 10 is universal safety computer platform external device management layer general digital output processing functional block diagram;
Figure 11 is that universal safety computer platform external device management layer Universal Die analog quantity exports and intelligent output processing functional block diagram;
Figure 12 is universal safety computer platform external device management layer redundant external communication process functional block diagram;
Figure 13 is the multiple application controls logic of universal safety computer platform software support;
Figure 14 is the realization of universal safety computer platform software double certainty principle;
Figure 15 is the universal safety computer platform under the configuration of core main frame type;
Figure 16 is the universal safety computer platform under the configuration of long-range peripheral hardware type;
Figure 17 is the CTCS-2 level ground system functional block diagram based on universal safety computer platform;
Figure 18 is the CTCS-2 level onboard system functional block diagram based on universal safety computer platform;
Figure 19 is the CTCS-3 level ground system functional block diagram based on universal safety computer platform;
Figure 20 is the CTCS-3 level onboard system functional block diagram based on universal safety computer platform;
Figure 21 is the CBTC ground system functional block diagram based on universal safety computer platform;
Figure 22 is the CBTC onboard system functional block diagram based on universal safety computer platform.
Detailed description of the invention
Below in conjunction with accompanying drawing, the method that this invention proposes is further described.
The present invention is based on universal safety computer platform designed path traffic train operation control system, be illustrated in figure 7 the diagram of circuit of the method for designing of the Introduction of Train Operation Control System that the present invention proposes.The method is based on universal safety computer platform designed path traffic train operation control system, proposes a kind of universal safety computer platform method of designing, then processes the vehicular applications of Introduction of Train Operation Control System or Ground Application.
Universal safety computer platform used in the present invention realizes based on hardware/software otherness principle of design, grading diagnosis principle, and its software, based on dual certainty principle, is supported to realize multiple application controls logic function simultaneously.
The same hardware framework that hardware/software otherness principle of design generally adopts mainly for the design of current safety computer platform and same operation system, compiler or programming language realize the common cause failure that redundant safety comparison architecture brings and cause dangerous problem, by hardware being selected different processor framework, select different operating system, different compilers or different programming languages to realize simultaneously, common cause failure can be reduced further.Hardware such as, select different X86-baseds, PowerPC framework, ARM framework etc., select operating system and the development environment thereof of different brands.
Consider practical situations and the relevant regulations of current track traffic train operation control system, recommend universal safety computer platform use 2 take advantage of 2 get 2 structures (note: this 2 get 2 take advantage of 2 and 2 to take advantage of 2 to get 2 implications identical).
2 take advantage of the 2 universal safety computer platforms getting 2 structures mainly to comprise logical process layer, external device management layer, fault-tolerant and safety management layer three parts, as shown in Figure 8.
Wherein, logical process layer by 2 groups totally 4 Logical processing unit LPU form, it is that two is that formation 2 takes advantage of 2 to get 2 structures that every 2 LPU form 1 group 2 to get one of 2 structures.The selection of each 2 LPU being should meet hardware/software otherness (isomery) principle of design, such as 1 based on X86-based, another 1 based on PowerPC framework, select different operating system, different compilers or different programming languages simultaneously.
Logical process layer provides and meets 2 and take advantage of 2 to get safe, the highly reliable and high performance computation processing capacity of the height of 2 mechanism, to support that multiple rail transit train runs the realization of control logic function.
External device management layer by 2 groups totally 4 external device management unit PMU form, every 2 PMU form 1 group 2 and get one of 2 structures and are, two is form hot standby (2 take advantage of) 2 to get 2 redundancy structures or parallel 2 and get 2 redundancy structures, preferred parallel redundancy structure.The selection of each 2 PMU being also should meet hardware/software otherness (isomery) principle of design, such as 1 based on X86-based, another 1 based on PowerPC framework, select different operating system, different compilers or different programming languages simultaneously.
External device management layer provides:
(1) fan-out capability of the input of general digital quantity, analog quantity, pulsed quantity or general digital quantity, analog quantity;
(2) for the special applications such as track circuit, LEU, BTM, TCR, need based on DSP or FPGA realize intelligent input or intelligent fan-out capability;
(3) the various communication external of Introduction of Train Operation Control System use, comprising: the asynchronous serial communication using RS-232, RS-485, RS-422 interface; Field bus communication: CAN, Profibus; TCN TCN standard MVB communicates; Ethernet communication; Car ground mobile communication: GSM-R, WLAN WLAN.
External device management layer parallel redundancy two be in arbitrary system in, often kind of general digital quantity, analog quantity, pulsed quantity incoming signal and each road based on the intelligent input signal of DSP or FPGA are all that 2 roads input simultaneously, 4 LPU of logical process layer are given, as shown in Figure 9 after 2 PMU of isomery get 2 logical process based on 2.
External device management layer parallel redundancy two be in arbitrary system in, each road of often kind of general digital quantity output signal is all that 2 roads export simultaneously, 2 get 2 votings after be form parallel redundancy to export again with another, its feedback signal give simultaneously external device management layer parallel redundancy two be in 4 PMU to ensure output safety, as shown in Figure 10.
For the common requirements of Universal Die analog quantity output signal and the intelligent output signal based on DSP or FPGA, two of external device management layer hot standby (2 take advantage of) be in principal series, adopt 1 PMU to export analog signals and the intelligent output signal based on DSP or FPGA, another 1 PMU of isomery supervises this output signal to ensure output safety.Two of external device management layer hot standby (2 take advantage of) be in standby system, 2 PMU of isomery all do not export analog signals and based on DSP or FPGA intelligent output signal and only supervise the output signal of principal series, once this output signal of principal series is abnormal, takes over it and export and become principal series, as shown in figure 11.
For the common requirements of communication external redundant fashion, external device management layer parallel redundancy two be in arbitrary system in, the PMU of a road input employing 1 PMU input of often kind of communication external redundancy, another 1 isomery directly inputs or monitors the mode of input, give 4 LPU of logical process layer after 2 PMU of isomery get 2 logical process based on 2, other one is another road input of this communication external redundancy of input.One tunnel of often kind of communication external redundancy exports employing 1 PMU and exports, another 1 PMU of isomery exports directly input to this communication external or monitors input supervision to ensure output safety, other one is that another road exporting this communication external redundancy exports and supervised to ensure output safety to this communication external output, as shown in figure 12.
Fault-tolerant and security managing unit FTSMU is formed by 2 or multiple for fault-tolerant and safety management layer, the preferably scheme of 2 FTSMU, the realization of 2 FTSMU also should meet hardware/software otherness (isomery) principle of design, such as 1 uses C language to realize based on ARM framework, another 1 based on programmable logic device (PLD), such as FPGA, use hardware description language, such as VHDL, realizes.
Fault-tolerant and safety management layer and logical process layer cooperatively interacted 2 take advantage of 2 get 2 machine-processed, get 2 redundancy schemes or parallel 2 get 2 redundancy schemes with external device management layer hot standby (2 take advantage of) 2 that cooperatively interacted, its concrete methods of realizing can see Chinese invention patent CN201010235370.5 and CN201010241067.6.
Man machine operation interface DMI is by redundant external ethernet or redundant external asynchronous serial communication bus access external device management layer.
By the safety communication Intranet VCIN of redundancy between 4 Logical processing unit LPU of above-mentioned logical process layer, 4 external device management unit PMU of external device management layer, 2 or multiple of fault-tolerant and safety management layer fault-tolerant and security managing unit FTSMU, the 1st class close network secure communication protocols based on EN50159 regulation intercoms mutually.
The present situation that grading diagnosis principle uses caused complex processor and relative memory device and other peripheral hardware fully to diagnose mainly for COTS hardware more and more widely, solves the logistic nightmare of " oneself diagnoses oneself ", thus improves diagnosis coverage rate.
Grading diagnosis principle is:
(1) all input channels are diagnosed by the input reading special value, and input diagnosis is initiated by treater; Interval between diagnosis is fixed, preferably identical with treater control cycle, completes in the specific time period in treater control cycle;
(2) 2 input channels of getting 2 structures are carried out 2 of input and are got 2 and compare in each treater control cycle, inconsistent or the analog input amount of digital input amount, Puled input amount deviation exceed preset range, then 2 groups of input channels of this input go wrong, and no longer approve this this input being;
(3) all delivery channels complete diagnosis by carrying out feedback to the output of special value, and export diagnosis and apply initiation by signal specific, treater controls, and completes within the specific period;
(4) delivery channel carries out output feedack in each treater control cycle, and compare with real output value, digital output is once inconsistent or imitated output quantity, pulse output deviation exceed preset range, then this delivery channel goes wrong, and failure to the safe side is answered in this this output being that 2 of its correspondence gets 2 structures;
(5) diagnosis of treater and relative memory device and other peripheral hardware, under getting 2 groups of otherness hardware and softwares cooperations of 2 structures and the supervision of third party FTSMU 2, asynchronously complete identical qualitative work really and mutually the comparing of complete independently execution result separately in specific time period in each control cycle of treater, only have completely the same diagnostic result just can judge normally;
(6) universal safety computer platform initially powers on the moment, and treater completes the diagnosis of scans to himself and relative memory device and various input, output and other peripheral hardware.
Above-mentioned Logical processing unit LPU, external device management unit PMU, based on the software run on the fault-tolerant of ARM framework and security managing unit FTSMU, all support to realize multiple signal application controls logic, as shown in figure 13 simultaneously.
Software aspect, supports that realize the dual certainty principle that multiple signal application controls logic relies on refers to the circulation implementation strategy based on fixed allocation and the memory protect strategy based on fixed allocation simultaneously respectively.Based on the execution time certainty of multiple control logics that the circulation implementation strategy of fixed allocation is supported with guarantee, the data space certainty of multiple control logics that the memory protect strategy based on fixed allocation is supported with guarantee, as shown in figure 14.These 2 measures can improve software safety further.
For track traffic fortune control ground system, based on distributed treatment principle, above-mentioned universal safety computer platform can also be simplified as the configuration of core main frame type, long-range peripheral hardware type configure 2 kinds of modes.During the configuration of core main frame type, comprise logical process layer, portion of external facility management layer, fault-tolerant and safety management layer three parts and safety communication Intranet VCIN, as shown in figure 15.Portion of external facility management layer wherein only supports redundant external ethernet communication function.During the configuration of long-range peripheral hardware type, comprise external device management layer, fault-tolerant and safety management layer two parts and safety communication Intranet VCIN, as shown in figure 16.
Vehicular applications or Ground Application based on universal safety computer platform process Introduction of Train Operation Control System:
Ground Application, divide the applied logic processing capacity of existing ground row control equipment, input/output function, man machine operation interface DMI function, then multiple ground row control applied logic processing capacity is merged in core main frame type configure generic safety computer platform, merge the Different Ground row control input/output function of identical field position in long-range peripheral hardware type configure generic safety computer platform, according to field condition, multiple long-range peripheral hardware type configure generic safety computer platform is set, finally according to field condition, one or more man machine operation interface DMI is set for ground row control,
Vehicular applications, divide applied logic processing capacity, input/output function, the man machine operation interface DMI function of existing vehicle-mounted row control equipment, then multiple ground row control applied logic processing capacity is merged in the logical process layer of universal safety computer platform, merge vehicle-mounted row control input/output function in universal safety computer platform external device management layer, driver's man machine operation interface DMI is set according to field condition.
For the typical Rail Transit System such as railway, city rail, the train operation control system specific embodiments based on universal safety computer platform is as follows:
(1) CTCS-2 level ground system embodiment
Based on distributed treatment principle, CTCS-2 level ground system is divided into core host machine part and long-range peripheral hardware part.The safety computer platform that core main frame configures based on core main frame type realizes, be positioned over current signal machinery indoor, the man machine operation interface DMI function supported the core control logic of current computer interlock CBI, Train Detection and Identification center TCC and adapt with computer interlock CBI.And the safety computer platform that long-range peripheral hardware configures based on long-range peripheral hardware type realizes, as far as possible near field control object, guarantee that the hardwired between long-range peripheral hardware and field control object shortens as far as possible, reduce wiring cost, reduce the introducing of various electromagnetic interference, reduce the fault point.Long-range peripheral hardware supports that computer interlock general digital quantity inputs or outputs function, track circuit general digital quantity inputs or outputs function and intelligent input or intelligent output function, trackside electronic unit LEU general digital quantity input or output function and intelligent input or intelligent output function, as shown in figure 17.
(2) CTCS-2 level onboard system embodiment
CTCS-2 level onboard system is realized, the current vehicle-mounted ATP of its logical process layer support, range finding of testing the speed, responser information processing, track circuit information processing capacity based on universal safety computer platform.The general digital quantity input and output function of its external device management layer support train interface unit, the universal impulse amount input function of speed sensor, the track circuit information intelligent input function based on DSP, the responser information intelligent input function based on DSP or FPGA and man machine operation interface DMI communication function, as shown in figure 18.
(3) CTCS-3 level ground system embodiment
Based on distributed treatment principle, CTCS-3 level ground system is divided into core host machine part and long-range peripheral hardware part.The safety computer platform that core main frame configures based on core main frame type realizes, be positioned over current signal machinery indoor, support current radio block center RBC, temporary speed limitation server TSRS, computer interlock CBI, the core control logic of Train Detection and Identification center TCC and the man machine operation interface DMI function that adapts with temporary speed limitation server TSRS, computer interlock CBI.And the safety computer platform that long-range peripheral hardware configures based on long-range peripheral hardware type realizes, as far as possible near field control object, guarantee that the hardwired between long-range peripheral hardware and field control object shortens as far as possible, reduce wiring cost, reduce the introducing of various electromagnetic interference, reduce the fault point.Long-range peripheral hardware supports that computer interlock general digital quantity inputs or outputs function, track circuit general digital quantity inputs or outputs function and intelligent input or intelligent output function, trackside electronic unit LEU general digital quantity input or output function and intelligent input or intelligent output function, as shown in figure 19.
(4) CTCS-3 level onboard system embodiment
CTCS-3 level onboard system is realized, the current C3 vehicle-mounted ATP of its logical process layer support, C2 vehicle-mounted ATP, range finding of testing the speed, responser information processing, track circuit information processing capacity based on universal safety computer platform.The communication function of the general digital quantity input and output function of its external device management layer support train interface unit, the universal impulse amount input function of speed sensor, the track circuit information intelligent input function based on DSP, the responser information intelligent input function based on DSP or FPGA and man machine operation interface DMI, GSM-R wireless communication unit RTU, TCN MVB, as shown in figure 20.
(5) CBTC ground system embodiment
Based on distributed treatment principle, CBTC ground system is divided into core host machine part and long-range peripheral hardware part.The safety computer platform that core main frame configures based on core main frame type realizes, be positioned over current signal machinery indoor, the man machine operation interface DMI function supported the core control logic of current zone controller ZC, data storage cell DSU, computer interlock CBI and adapt with data storage cell DSU, computer interlock CBI.And the safety computer platform that long-range peripheral hardware configures based on long-range peripheral hardware type realizes, as far as possible near field control object, guarantee that the hardwired between long-range peripheral hardware and field control object shortens as far as possible, reduce wiring cost, reduce the introducing of various electromagnetic interference, reduce the fault point.Long-range peripheral hardware supports that computer interlock general digital quantity inputs or outputs function, axis-counting device general digital quantity inputs or outputs function and intelligent input or intelligent output function, as shown in figure 21.
(6) CBTC onboard system embodiment
CBTC onboard system is realized, the current vehicle-mounted ATP of its logical process layer support, vehicle-mounted ATO, range finding of testing the speed, the responser information processing function based on universal safety computer platform.Its external device management layer supports the universal impulse amount input function of the general digital quantity input and output function of train interface unit, speed sensor, the communication function based on the responser information intelligent input function of DSP or FPGA and man machine operation interface DMI, wireless vehicle mounted equipment MR, TCN MVB, as shown in figure 22.
The above; be only the present invention's preferably detailed description of the invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.
Claims (14)
1. a method of designing for Introduction of Train Operation Control System, is characterized in that, the method is that concrete steps are based on universal safety computer platform designed path traffic train operation control system:
1) a kind of universal safety computer platform method of designing is proposed, this universal safety computer platform realizes based on hardware/software otherness principle of design, grading diagnosis principle, software is based on dual certainty principle, support to realize multiple application controls logic function simultaneously, use 2 to take advantage of 2 to get 2 structures, mainly comprise logical process layer, external device management layer, fault-tolerant and safety management layer three parts;
2) determine that the application of Introduction of Train Operation Control System is vehicular applications or Ground Application;
For Ground Application, divide the applied logic processing capacity of existing ground row control equipment, input/output function, man machine operation interface DMI function, then multiple ground row control applied logic processing capacity is merged in core main frame type configure generic safety computer platform, merge the Different Ground row control input/output function of identical field position in long-range peripheral hardware type configure generic safety computer platform, according to field condition, multiple long-range peripheral hardware type configure generic safety computer platform is set, finally according to field condition, one or more man machine operation interface DMI is set for ground row control,
For vehicular applications, divide applied logic processing capacity, input/output function, the man machine operation interface DMI function of existing vehicle-mounted row control equipment, then multiple ground row control applied logic processing capacity is merged in the logical process layer of universal safety computer platform, merge vehicle-mounted row control input/output function in universal safety computer platform external device management layer, driver's man machine operation interface DMI is set according to field condition.
2. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, described logical process layer by 2 groups totally 4 Logical processing unit LPU form, every 2 LPU form 1 group 2 and get one of 2 structures, one 2 LPU being meet hardware/software otherness principle of design, and two is that formation 2 takes advantage of 2 to get 2 structures; This logical process layer provides and meets 2 and take advantage of 2 to get safe, the highly reliable and high performance computation processing capacity of the height of 2 mechanism, to support the realization of multiple conventional rails traffic Train Detection and Identification logic function.
3. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, described external device management layer by 2 groups totally 4 external device management unit PMU form, every 2 PMU form 1 group 2 and get one of 2 structures, the selection of one 2 PMU being meets hardware/software otherness principle of design, and two is form hot standby 2 to get 2 redundancy structures or parallel 2 and get 2 redundancy structures;
This external device management layer provides: the fan-out capability of the input of (1) general digital quantity, analog quantity, pulsed quantity or general digital quantity, analog quantity; (2) for track circuit, LEU, BTM, TCR application, based on DSP or FPGA realize intelligent input or intelligent fan-out capability; (3) the various communication external of Introduction of Train Operation Control System use, comprising: the asynchronous serial communication using RS-232, RS-485, RS-422 interface; Field bus communication: CAN, Profibus; TCN TCN standard MVB communicates; Ethernet communication; Car ground mobile communication: GSM-R, WLAN WLAN.
4. the method for designing of a kind of Introduction of Train Operation Control System according to claim 3, it is characterized in that, described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, each road of often kind of general digital quantity, analog quantity, pulsed quantity incoming signal and DSP or FPGA intelligent input signal is all that 2 roads input simultaneously, gives 4 LPU of logical process layer after 2 PMU of isomery get 2 logical process based on 2.
5. the method for designing of a kind of Introduction of Train Operation Control System according to claim 3, it is characterized in that, described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, each road of often kind of general digital quantity output signal is all that 2 roads export simultaneously, 2 get 2 votings after be form parallel redundancy to export again with another, its feedback signal give simultaneously external device management layer parallel redundancy two be in 4 PMU to ensure output safety;
For Universal Die analog quantity output signal and DSP or FPGA intelligence output signal common requirements, described external device management layer hot standby 2 get two of 2 redundancy structures be in principal series, adopt 1 PMU to export the intelligent output signal of analog quantity and DSP or FPGA, another 1 PMU of isomery supervises this output signal to ensure output safety; External device management layer hot standby 2 get two of 2 redundancy structures be in standby system, 2 PMU of isomery all do not export the intelligent output signal of analog quantity and DSP or FPGA, the only output signal of supervision principal series, once principal series output signal is abnormal, takes over it and exports and become principal series.
6. the method for designing of a kind of Introduction of Train Operation Control System according to claim 3, it is characterized in that, for the common requirements of communication external redundant fashion, described external device management layer walk abreast 2 get 2 redundancy structures two be in arbitrary system in, the PMU of a road input employing 1 PMU input of often kind of communication external redundancy, another 1 isomery directly inputs or monitors the mode of input, give 4 LPU of logical process layer after 2 PMU of isomery get 2 logical process based on 2, other one is another road input of this communication external redundancy of input;
One tunnel of often kind of communication external redundancy exports employing 1 PMU and exports, another 1 PMU of isomery exports directly input to this communication external or monitoring input is supervised to ensure output safety, and other one is that another road exporting this communication external redundancy exports and supervised to ensure output safety to this communication external output;
Man machine operation interface DMI is by redundant external ethernet or redundant external asynchronous serial communication bus access external device management layer.
7. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, by 2 or multiple, fault-tolerant and security managing unit FTSMU is formed described fault-tolerant and safety management layer, and the realization of 2 FTSMU meets hardware/software otherness principle of design; Fault-tolerant and safety management layer and logical process layer have cooperatively interacted and 2 have taken advantage of 2 to get 2 mechanism, cooperatively interacted hot standby 2 get 2 redundancy schemes or walk abreast and 2 get 2 redundancy schemes with external device management layer.
8. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, by the safety communication Intranet VCIN of redundancy between 4 Logical processing unit LPU of described logical process layer, 4 external device management unit PMU of external device management layer, 2 or multiple of fault-tolerant and safety management layer fault-tolerant and security managing unit FTSMU, the 1st class based on EN50159 regulation is closed transmission system secure communication protocols and is intercomed mutually.
9. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, the software run on 4 Logical processing unit LPU of described logical process layer, 4 external device management unit PMU of external device management layer, 2 or multiple of fault-tolerant and safety management layer fault-tolerant and security managing unit FTSMU, supports to realize multiple application controls logic simultaneously.
10. the method for designing of a kind of Introduction of Train Operation Control System according to claim 1, it is characterized in that, described hardware/software otherness principle of design is that different processor framework selected by hardware, software is selected different operating system, different compilers or different programming languages.
The method of designing of 11. a kind of Introduction of Train Operation Control Systems according to claim 1, is characterized in that, described grading diagnosis principle is:
(1) all input channels are diagnosed by the input reading special value, and input diagnosis is initiated by treater; Interval between diagnosis is fixed, and completes in the specific time period in treater control cycle;
(2) 2 input channels of getting 2 structures are carried out 2 of input and are got 2 and compare in each treater control cycle, inconsistent or the analog input amount of digital input amount, Puled input amount deviation exceed preset range, then 2 groups of input channels of this input go wrong, and no longer approve this input;
(3) all delivery channels complete diagnosis by carrying out feedback to the output of special value, and export diagnosis and apply initiation by signal specific, treater controls, and completes within the specific period;
(4) delivery channel carries out output feedack in each treater control cycle, and compare with real output value, digital output is once inconsistent or imitated output quantity, pulse output deviation exceed preset range, then this delivery channel goes wrong, and failure to the safe side is answered in this output that 2 of its correspondence gets 2 structures;
(5) diagnosis of treater and relative memory device and other peripheral hardware, under getting 2 groups of otherness hardware and softwares cooperations of 2 structures and the supervision of third party FTSMU 2, asynchronously complete identical qualitative work really and mutually the comparing of complete independently execution result separately in specific time period in each control cycle of treater, only have completely the same diagnostic result just can judge normally;
(6) universal safety computer platform initially powers on the moment, and treater completes the diagnosis of scans to himself and relative memory device and various input, output and other peripheral hardware.
The method of designing of 12. a kind of Introduction of Train Operation Control Systems according to claim 1, is characterized in that, described dual certainty principle refers to the circulation implementation strategy based on fixed allocation and the memory protect strategy based on fixed allocation respectively; Based on the execution time certainty of multiple control logics that the circulation implementation strategy of fixed allocation is supported with guarantee; Based on the data space certainty of multiple control logics that the memory protect strategy of fixed allocation is supported with guarantee.
The method of designing of 13. a kind of Introduction of Train Operation Control Systems according to claim 1, it is characterized in that, for rail transit train fortune control ground system, based on distributed treatment principle, described universal safety computer platform is divided into core main frame type to configure and the configuration of long-range peripheral hardware type;
The configuration of core main frame type comprises logical process layer, portion of external facility management layer, fault-tolerant and safety management layer three parts and safety communication Intranet VCIN; Portion of external facility management layer wherein only supports redundant external ethernet communication function;
The configuration of long-range peripheral hardware type comprises external device management layer, fault-tolerant and safety management layer two parts and safety communication Intranet VCIN.
The method of designing of 14. a kind of Introduction of Train Operation Control Systems according to claim 1, it is characterized in that, described step 2) in the vehicular applications of Introduction of Train Operation Control System or Ground Application be CTCS-2 level ground system, CTCS-2 level onboard system, CTCS-3 level ground system, CTCS-3 level onboard system, CBTC ground system, CBTC onboard system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603679.9A CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603679.9A CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103612650A CN103612650A (en) | 2014-03-05 |
| CN103612650B true CN103612650B (en) | 2016-01-20 |
Family
ID=50163380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310603679.9A Active CN103612650B (en) | 2013-11-25 | 2013-11-25 | A kind of method of designing of Introduction of Train Operation Control System |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103612650B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104332075B (en) * | 2014-10-09 | 2017-04-05 | 北京交通大学 | A kind of row control HWIL simulation training system and method based on B/S frameworks |
| CN104361160B (en) * | 2014-10-30 | 2017-12-19 | 交控科技股份有限公司 | The cycle dynamicses design method and system of a kind of 2oo2 safety computer platforms |
| CN105472005B (en) * | 2015-12-10 | 2019-06-11 | 交控科技股份有限公司 | A kind of ground ATP equipment method for remote updating and system |
| CN106741013B (en) * | 2016-11-15 | 2019-02-26 | 交控科技股份有限公司 | The control method of onboard system, CBTC control system and the switching of CTCS control system |
| CN106915367B (en) * | 2017-01-22 | 2018-12-21 | 北京和利时系统工程有限公司 | A kind of train control system |
| CN107985349B (en) * | 2017-10-24 | 2021-04-13 | 北京全路通信信号研究设计院集团有限公司 | Method and device for realizing single hardware and multiple software and computer storage medium |
| CN107885099A (en) * | 2017-11-08 | 2018-04-06 | 交控科技股份有限公司 | Emulation and enhancing emulation 2oo2 security platforms equipment, security platform maintaining method |
| CN109412160A (en) * | 2018-12-10 | 2019-03-01 | 中车大连机车研究所有限公司 | It is a kind of to be arranged based on the centralized of four-quadrant control for administrative unit and system |
| CN110138643B (en) * | 2019-05-23 | 2021-03-09 | 山东省科学院激光研究所 | Bus network double-computer main station |
| CN110361979B (en) * | 2019-07-19 | 2022-08-16 | 北京交大思诺科技股份有限公司 | Safety computer platform in railway signal field |
| CN110389871B (en) * | 2019-07-24 | 2023-08-01 | 北京交大思诺科技股份有限公司 | Safety computer platform with system integrity confirmation function |
| CN110502306B (en) * | 2019-08-26 | 2023-02-03 | 湖南中车时代通信信号有限公司 | Safety man-machine interaction system and method for automatic protection system of vehicle-mounted train |
| CN112572533A (en) * | 2020-12-22 | 2021-03-30 | 卡斯柯信号有限公司 | Light train control system applied to overseas freight railway |
| CN112817819B (en) * | 2021-01-26 | 2023-02-28 | 北京交通大学 | Method for carrying out logic monitoring on deployment running program on cloud by edge security node |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916068A (en) * | 2010-07-29 | 2010-12-15 | 北京交通大学 | Computer control system based on 2-out-of-2 structure and implementation method thereof |
| JP4783258B2 (en) * | 2006-10-19 | 2011-09-28 | 東日本旅客鉄道株式会社 | Train control network system |
| CN102233887A (en) * | 2011-05-16 | 2011-11-09 | 铁道部运输局 | CTCS (China train control system)-3 train operation control system |
-
2013
- 2013-11-25 CN CN201310603679.9A patent/CN103612650B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4783258B2 (en) * | 2006-10-19 | 2011-09-28 | 東日本旅客鉄道株式会社 | Train control network system |
| CN101916068A (en) * | 2010-07-29 | 2010-12-15 | 北京交通大学 | Computer control system based on 2-out-of-2 structure and implementation method thereof |
| CN102233887A (en) * | 2011-05-16 | 2011-11-09 | 铁道部运输局 | CTCS (China train control system)-3 train operation control system |
Non-Patent Citations (1)
| Title |
|---|
| 2取2乘2安全计算机平台的设计与实现;王悉等;《都市快轨交通》;20110831;第24卷(第04期);参见正文第1页右栏,第2页左栏,图1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103612650A (en) | 2014-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103612650B (en) | A kind of method of designing of Introduction of Train Operation Control System | |
| CN201293929Y (en) | Universal safety type input-output controller for subway | |
| CN106494457B (en) | CBTC and regional interlock integral system and method | |
| JP3412349B2 (en) | Control device | |
| CN104458298B (en) | Bullet train suspension system multi executors fault detect and partition method based on multi-model | |
| CN102935853B (en) | Tracking method of self-adaptive trains in complicated turnout state | |
| CN110351174A (en) | A kind of safety computer platform of module redundancy | |
| CN110435723A (en) | A kind of Distributed Area computer interlock system | |
| JP2000159105A (en) | Train interval control system for radio train | |
| Wang et al. | Safety monitor for train‐centric CBTC system | |
| CN101109165B (en) | Monitor system for operation safety and operation quality of railway large-scale maintenance machinery | |
| CN110758489A (en) | Automatic protection system of train | |
| Wen et al. | Design and analysis of double one out of two with a hot standby safety redundant structure | |
| CN104484626B (en) | The method and system of row control fail-safe computer is realized based on general COTS software and hardwares | |
| CN106696991B (en) | Point type rank Train safety protecting method and system | |
| CN112734164B (en) | Full life cycle intelligent operation and maintenance method for high-speed railway signal system | |
| Yan et al. | An automated accident causal scenario identification method for fully automatic operation system based on STPA | |
| CN113665630A (en) | VOBC and TCMS integrated train control equipment | |
| Zamouche et al. | Ultra-safe and reliable enhanced train-centric communication-based train control system | |
| CN104787089A (en) | Device in intelligent computing railway route sheet | |
| CN202138395U (en) | Synchronous control controllable train tail system | |
| Wang et al. | An approach to eliminate train route setting errors through application of parallel monitoring | |
| CN113448256A (en) | Urban rail transit operation simulation system | |
| CN104298220B (en) | A kind of access node apparatus | |
| Yuan et al. | Modelling and verification of the system requirement specification of train control system using SDL |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |