CN109409138B - High-safety mimicry microprocessor device and data processing method - Google Patents

High-safety mimicry microprocessor device and data processing method Download PDF

Info

Publication number
CN109409138B
CN109409138B CN201811351742.3A CN201811351742A CN109409138B CN 109409138 B CN109409138 B CN 109409138B CN 201811351742 A CN201811351742 A CN 201811351742A CN 109409138 B CN109409138 B CN 109409138B
Authority
CN
China
Prior art keywords
computing
heterogeneous micro
mimicry
controllers
heterogeneous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811351742.3A
Other languages
Chinese (zh)
Other versions
CN109409138A (en
Inventor
李丹丹
刘勤让
张兴明
宋克
沈剑良
谭力波
刘汉卿
魏帅
王盼
于洪
张文建
李庆龙
姜海滨
汤先拓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Technology Innovation Center Of Tianjin Binhai New Area
China National Digital Switching System Engineering and Technological R&D Center
Original Assignee
Information Technology Innovation Center Of Tianjin Binhai New Area
China National Digital Switching System Engineering and Technological R&D Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Technology Innovation Center Of Tianjin Binhai New Area, China National Digital Switching System Engineering and Technological R&D Center filed Critical Information Technology Innovation Center Of Tianjin Binhai New Area
Priority to CN201811351742.3A priority Critical patent/CN109409138B/en
Publication of CN109409138A publication Critical patent/CN109409138A/en
Application granted granted Critical
Publication of CN109409138B publication Critical patent/CN109409138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Safety Devices In Control Systems (AREA)
  • Hardware Redundancy (AREA)

Abstract

The invention provides a high-safety and high-reliability mimicry microprocessor device and a data processing method; the mimic microprocessor device comprises a scheduler and a plurality of heterogeneous micro-computing controllers respectively connected with the scheduler; the scheduler distributes data sent by the external equipment to the heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers, receives operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performs mimicry judgment on the operation results according to a current working mode, and outputs the judged operation results. According to the invention, the plurality of heterogeneous micro-computing controllers participate in operation at the same time, even if a few heterogeneous micro-computing controllers receive external attacks or generate internal loopholes, the normal work of the mimicry microprocessor device can be ensured, and the correctness of an output result is ensured, so that the reliability and the attack defense capability of the mimicry microprocessor device are improved.

Description

High-safety mimicry microprocessor device and data processing method
Technical Field
The invention relates to the technical field of microprocessing, Micro-Computing and Micro-control, in particular to a high-safety and high-reliability microprocessor device and a data processing method, and provides a Mimic microprocessor (Mimic Micro Computing Controller Unit) device, a system structure, a working mechanism and a data Computing processing method.
Background
A microprocessor (Micro Processor Unit), also called a Single Chip Microcomputer (Single Chip Microcomputer) or a Single Chip Microcomputer, is to reduce the frequency and specification of a Central Processing Unit (CPU) appropriately, and integrate peripheral interfaces such as a Memory (Memory), a counter (Timer), a USB (Universal Serial Bus), an a/D (analog/digital) converter, a UART (Universal Asynchronous Receiver/Transmitter), a PLC (Programmable Logic Controller), a DMA (Direct Memory Access), and even an LCD (Liquid Crystal Display) driving circuit on a Single Chip to form a Chip-level computer.
At present, microprocessors are widely applied and play a key control role in a circuit, but the reliability of a single microprocessor is poor, and calculation results are likely to be wrong or invalid due to external attacks or internal bugs.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a high-security Mimic microprocessor (mic Micro Processor Unit) device and a data processing method, wherein a plurality of heterogeneous Micro computing controllers participate in the operation at the same time, so that even if a few heterogeneous Micro computing controllers receive an external attack or generate an internal bug, the Mimic microprocessor device can be guaranteed to work normally, and the correctness of the output result is guaranteed, thereby improving the reliability of the Mimic microprocessor device.
In a first aspect, an embodiment of the present invention provides a high-security mimic microprocessor apparatus, where the mimic microprocessor apparatus includes a scheduler and a plurality of heterogeneous micro-computing controllers respectively connected to the scheduler; the multiple heterogeneous micro-computing controllers are mutually heterogeneous pairwise; the dispatcher is also in communication connection with an external device; the scheduler is used for distributing the data to the heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers after receiving the data sent by the external equipment, so that the heterogeneous micro-computing controllers respectively operate the data; the scheduler is also used for receiving the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performing mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputting the judged operation results.
In a preferred embodiment of the present invention, the scheduler includes an uplink buffer control module, a traffic balancing distribution scheduling management module, a mimicry channel data buffer management module, a mimicry decision module, and a decision data transmission module; the uplink cache control module is used for caching data after receiving the data sent by the external equipment; the flow balance distribution scheduling management module is used for monitoring the receiving rates of the heterogeneous micro-computing controllers and distributing data to the heterogeneous micro-computing controllers according to a preset receiving rate; the flow balance distribution scheduling management module is also used for receiving operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate so as to keep the difference value of the transmission rate among the heterogeneous micro-computing controllers within a preset difference value range; the mimicry channel data cache management module is used for caching the operation result returned by the heterogeneous micro-computing controller; the mimicry judgment module is used for performing mimicry judgment on an operation result returned by the heterogeneous micro-computing controller and outputting data after the judgment is successful; and the judgment data transmission module is used for outputting the data after the judgment is successful to the external equipment.
In a preferred embodiment of the present invention, the number of the plurality of heterogeneous micro computing controllers is four; the working modes comprise a primary safety mode, a primary cleaning mode, a secondary safety mode, a secondary cleaning mode, a tertiary safety mode and a tertiary cleaning mode; in a first-level safety mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is used for backup; in a first-stage cleaning mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is in a cleaning state; in a secondary safety mode, two heterogeneous micro-computing controllers are used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the other heterogeneous micro-computing controller is in a cleaning state; in a secondary cleaning mode, the two heterogeneous micro-computing controllers are used for mimicry judgment and are in a cleaning state; in a three-level safety mode, one heterogeneous micro-computing controller is used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the two heterogeneous micro-computing controllers are in a cleaning state; in the three-level cleaning mode, one heterogeneous micro-computing controller is used for mimicry judgment, and the three heterogeneous micro-computing controllers are in a cleaning state.
In the preferred embodiment of the present invention, in the initial state, the operation mode of the mimic microprocessor apparatus is the first-level security mode; in the first-level safety mode, the scheduler is also used for carrying out mimicry judgment on operation results output by the three heterogeneous micro-computing controllers for mimicry judgment, outputting a final result and comparing the final result with the operation results output by the heterogeneous micro-computing controllers for backup; if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, but the operation results output by the heterogeneous micro-computing controllers for backup are inconsistent with the final results, and the inconsistent times reach a preset time threshold, converting the heterogeneous micro-computing controllers for backup into a cleaning state, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode; if the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation results output by the heterogeneous micro-computing controller for backup are consistent with the final result, the heterogeneous micro-computing controller for outputting the inconsistent operation results is converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary safety mode; if the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation results output by the heterogeneous micro-computing controller for backup are inconsistent with the final results, the heterogeneous micro-computing controller for outputting the inconsistent operation results and the heterogeneous micro-computing controller for backup are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode; if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the three heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controller with the operation result inconsistent with the heterogeneous micro-computing controller for backup in the three heterogeneous micro-computing controllers is converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode; if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other and the inconsistent times reach a preset time threshold value, and the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the three heterogeneous micro-computing controllers, obtaining the reliability of each heterogeneous micro-computing controller based on system operation result analysis, using the heterogeneous micro-computing controller with the highest reliability for mimicry judgment, converting the other three heterogeneous micro-computing controllers into a cleaning state, and converting the working mode of the mimicry microprocessor device into a three-level cleaning mode.
In the preferred embodiment of the present invention, when the operation mode of the mimic microprocessor apparatus is the first-level cleaning mode; if the state of the heterogeneous micro-computing controller in the cleaning state is successfully recovered and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into a heterogeneous micro-computing controller for backup; converting the working mode of the mimicry microprocessor device into a first-level safety mode; if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered and the three heterogeneous micro-computing controllers are used for mimicry judgment, wherein the operation results output by one heterogeneous micro-computing controller and the other two heterogeneous micro-computing controllers are inconsistent, and the inconsistent times reach a preset time threshold value, the heterogeneous micro-computing controllers outputting the inconsistent operation results are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode; if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the state is recovered, the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold, the credibility of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest credibility is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
In the preferred embodiment of the present invention, when the operation mode of the mimic microprocessor device is the second-level security mode; if the state of the heterogeneous micro-computing controller in the cleaning state is successfully recovered and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into a heterogeneous micro-computing controller for mimicry judgment; converting the working mode of the mimicry microprocessor device into a first-level safety mode; if the heterogeneous micro-computing controller in the cleaning state is not cleaned and the state is recovered after the cleaning times of the heterogeneous micro-computing controller reach a preset time threshold, and the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result of the final result, converting the heterogeneous micro-computing controller for backup into a heterogeneous micro-computing controller for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode; if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered, the operation result output by the heterogeneous micro-computing controller for backup is inconsistent with the final result, and the inconsistent times reach a preset time threshold value, the heterogeneous micro-computing controller for backup is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode; if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the state is recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the two heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controller for mimicry judgment, which is inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode; if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the states are recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the two heterogeneous micro-computing controllers, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest reliability is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
In the preferred embodiment of the present invention, when the operation mode of the mimic microprocessor apparatus is the second-level cleaning mode; if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, converting the heterogeneous micro-computing controller with the recovered state into a heterogeneous micro-computing controller for mimicry judgment; the working mode of the mimicry microprocessor device is converted into a first-level cleaning mode; if the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, converting one of the heterogeneous micro-computing controllers in the state recovery into a heterogeneous micro-computing controller for mimicry judgment, and converting the other heterogeneous micro-computing controller into a heterogeneous micro-computing controller for backup; converting the working mode of the mimicry microprocessor device into a first-level safety mode; if the two heterogeneous micro-computing controllers in the cleaning state do not finish cleaning and the state is recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other, the inconsistent times reach a preset time threshold value, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the lowest reliability is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-stage cleaning mode.
In the preferred embodiment of the present invention, when the operation mode of the mimic microprocessor apparatus is the three-level security mode; if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, converting the heterogeneous micro-computing controller with the recovered state into a heterogeneous micro-computing controller for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a secondary safety mode; if the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, converting the two heterogeneous micro-computing controllers in the state recovery into heterogeneous micro-computing controllers for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a primary safety mode; if the cleaning times of the two heterogeneous micro-computing controllers in the cleaning state reach the preset time threshold respectively, cleaning is not finished and the state is recovered, the heterogeneous micro-computing controllers for backup are converted into heterogeneous micro-computing controllers for mimicry judgment, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning safety mode; if the two heterogeneous micro-computing controllers in the cleaning state do not finish cleaning and the states are recovered, and the operation result of the heterogeneous micro-computing controller for mimicry judgment is inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, converting the heterogeneous micro-computing controller for backup into the cleaning state; the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
In the preferred embodiment of the invention, when the working mode of the mimicry microprocessor device is the three-level cleaning mode, the mimicry microprocessor device stops outputting the operation result of the heterogeneous micro-computation controller for mimicry judgment; comparing the states of the three heterogeneous micro-computing controllers in the cleaning state with the states of the heterogeneous micro-computing controllers for mimicry judgment respectively; if the states of two heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, the two heterogeneous micro-computing controllers with the same states are converted into heterogeneous micro-computing controllers for mimicry judgment, the two heterogeneous micro-computing controllers with different states are converted into cleaning states, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode; if the states of three heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, converting the three heterogeneous micro-computing controllers with the same states into heterogeneous micro-computing controllers for mimicry judgment, converting the heterogeneous micro-computing controllers with different states into cleaning states, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode; if the states of the four heterogeneous micro-computing controllers are the same, randomly converting the three heterogeneous micro-computing controllers into heterogeneous micro-computing controllers for mimicry judgment, and converting the other heterogeneous micro-computing controller into a heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode.
In a second aspect, an embodiment of the present invention provides a data processing method, which is applied to the above high-security mimetic microprocessor apparatus; the method comprises the following steps: after receiving data sent by external equipment, the scheduler distributes the data to the heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers so that the heterogeneous micro-computing controllers respectively operate the data; and the scheduler receives the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performs mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputs the judged operation results to external equipment.
The embodiment of the invention has the following beneficial effects:
according to the high-safety mimicry microprocessor device and the data processing method provided by the embodiment of the invention, after the scheduler receives data sent by external equipment, the data are distributed to the heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers, so that the heterogeneous micro-computing controllers respectively operate the data; and then receiving the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performing mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputting the judged operation results. In the mode, a plurality of heterogeneous micro-computing controllers participate in operation at the same time, and even if a few heterogeneous micro-computing controllers receive external attacks or generate internal loopholes, the normal work of the mimicry microprocessor device can be ensured, and the correctness of an output result is ensured, so that the reliability of the mimicry microprocessor device is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention as set forth above.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a block diagram of a high security emulated microprocessor device according to an embodiment of the present invention;
FIG. 2 is a diagram of another embodiment of a high security emulated microprocessor device;
FIG. 3 is a diagram of another embodiment of a high security emulated microprocessor device;
FIG. 4 is a schematic diagram illustrating data flow among models in a scheduler, the scheduler, a heterogeneous micro-computing controller, and an external device according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating various operating modes of a high security mimic microprocessor device according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating a primary security mode converted into another working mode according to an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating a first-level cleaning mode being switched to another working mode according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a secondary security mode converted into another operation mode according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of the second cleaning mode being switched to another operation mode according to an embodiment of the present invention;
fig. 10 is a schematic diagram of the three-level security mode converted into another operation mode according to the embodiment of the present invention;
fig. 11 is a schematic diagram illustrating the three-stage cleaning mode is converted into another operation mode according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In consideration of the problems that the existing microprocessor has poor reliability and is likely to cause errors or failures of calculation results due to external attacks or internal vulnerabilities, the embodiment of the invention provides a high-safety mimicry microprocessor device and a data processing method; the technology can be applied to various scenes such as intelligent instruments, real-time industrial control, communication equipment, navigation systems, household appliances, navigation devices of missiles, control of various instruments on airplanes, network communication and data transmission of computers, real-time control and data processing of industrial automation processes and the like; for the convenience of understanding the present embodiment, a high-security mimic microprocessor apparatus disclosed in the present embodiment will be described in detail first.
Referring to FIG. 1, a schematic diagram of a high security mimic microprocessor device is shown; the pseudo microprocessor device includes a scheduler 10 and a plurality of heterogeneous micro-computing controllers respectively connected to the scheduler 10, and four heterogeneous micro-computing controllers are illustrated as an example in fig. 1, which are a heterogeneous micro-computing controller 11, a heterogeneous micro-computing controller 12, a heterogeneous micro-computing controller 13, and a heterogeneous micro-computing controller 14, but not limited to this embodiment; the number of the plurality of heterogeneous micro-computing controllers connected by the scheduler can be set according to the actual scene requirement of the mimicry microprocessor device, for example, the number of the mimicry microprocessor device can be four, five, six, etc. The scheduler is also in communication connection with an external device; the external equipment can be data acquisition equipment and can also be data demand equipment. In the mimicry microprocessor device, the kernels among the heterogeneous micro-computing controllers are different, so that all the heterogeneous micro-computing controllers are prevented from being paralyzed when external attack or internal leak occurs, and the reliability of the mimicry microprocessor device is improved. However, generally, the external interfaces of the heterogeneous micro-computing controllers are substantially the same, so as to ensure smooth and uniform data transmission with the scheduler.
The scheduler 10 is configured to, after receiving data sent by an external device, distribute the data to the plurality of heterogeneous micro computing controllers according to receiving rates of the plurality of heterogeneous micro computing controllers, so that the plurality of heterogeneous micro computing controllers perform operations on the data, respectively; the scheduler 10 is further configured to receive operation results returned by the multiple heterogeneous micro-computing controllers according to a preset transmission rate, perform mimicry decision on the operation results returned by the multiple heterogeneous micro-computing controllers according to the current working mode, and output the decided operation results to an external device.
Because the kernels of the plurality of heterogeneous micro-computing controllers are different, the data receiving rate and the data operation rate are different; in order to avoid data confusion, the scheduler needs to cache and distribute data and receive and cache operation results for a plurality of heterogeneous micro-computing controllers. The scheduler also needs to judge the operation results sent by the multiple heterogeneous micro-computation controllers, and can output the final result by adopting a majority judgment principle, so that the correctness of the final result is not influenced even if a few heterogeneous micro-computation controllers generate operation errors.
Generally, when the external device is a data acquisition device, the mimicry microprocessor device receives data and outputs an operation result to other devices such as a driving device and a control device after completing the calculation; when the external equipment is data demand equipment, the mimicry microprocessor device receives the data and outputs an operation result to the data demand equipment after the data is calculated.
The high-safety mimicry microprocessor device provided by the embodiment of the invention comprises a scheduler and a plurality of heterogeneous micro-computing controllers respectively connected with the scheduler; after receiving data sent by external equipment, the scheduler distributes the data to the heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers so that the heterogeneous micro-computing controllers respectively operate the data; and then receiving the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performing mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputting the judged operation results. In the mode, a plurality of heterogeneous micro-computing controllers participate in operation at the same time, and even if a few heterogeneous micro-computing controllers receive external attacks or generate internal loopholes, the normal work of the mimicry microprocessor device can be ensured, and the correctness of an output result is ensured, so that the reliability of the mimicry microprocessor device is improved.
The embodiment of the invention also provides another high-safety mimicry microprocessor device which is realized on the basis of the embodiment; in this embodiment, the scheduler in the pseudo microprocessor device may be implemented by an FPGA (Field-Programmable Gate Array), an ASIC (Application Specific Integrated Circuit, for a specially-applied Integrated Circuit), or the like, and may specifically be selected according to an Application scenario of the pseudo microprocessor device; the scheduler and the heterogeneous microcomputers may be implemented by a hardware Interface, as shown in fig. 2 (in fig. 2, four heterogeneous microcomputers are connected to the scheduler for explanation), the hardware Interface may be SPI (Serial Peripheral Interface), UART (Universal Asynchronous Receiver/Transmitter), I2C (Inter-Integrated Circuit, two-wire Serial bus), or the like; the scheduler may be connected to the external device through hardware interfaces such as SPI, UART, ETH (Ethernet interface), CAN (Controller Area Network), and the like.
The architecture of the mimicry heterogeneous micro-computing controller can adopt a heterogeneous micro-computing controller and a scheduler architecture to realize the function of one heterogeneous micro-computing controller, the four heterogeneous micro-computing controllers are heterogeneous and operate simultaneously, the scheduler judges the operation data of the heterogeneous micro-computing controllers and outputs the operation result which is considered to be correct by the scheduler. For the outside, the whole structure of the mimicry microprocessor device is a heterogeneous micro-computing controller device, only a scheduler and an external interface can be seen, the four heterogeneous micro-computing controllers do not directly communicate with the outside, and all communication is controlled by the scheduler; the four heterogeneous micro-computing controllers work simultaneously and are four isomers, and the dynamic scheduling of the four heterogeneous micro-computing controllers is controlled by a mimicry strategy; a dynamic heterogeneous redundant mimicry microprocessor architecture is realized.
FIG. 3 is a schematic diagram of another high security mimic microprocessor device; unlike the emulated microprocessor device of FIG. 2, the emulated microprocessor device is an integrated chip architecture; the scheduler is connected to the heterogeneous micro-computing controllers via an AXI (Advanced eXtensible Interface) or other protocol Interface.
Furthermore, the scheduler comprises an uplink cache control module, a flow balance distribution scheduling management module, a mimicry channel data cache management module, a mimicry judgment module and a judgment data transmission module; FIG. 4 is a schematic diagram of the data flow between models in the scheduler and between the scheduler and the heterogeneous micro-computing controller and external devices.
The uplink cache control module is used for caching data after receiving the data sent by the external equipment; the flow balance distribution scheduling management module is used for monitoring the receiving rates of the heterogeneous micro-computing controllers and distributing data to the heterogeneous micro-computing controllers according to a preset receiving rate; the flow balance distribution scheduling management module is also used for receiving operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate so as to keep the difference value of the transmission rate among the heterogeneous micro-computing controllers within a preset difference value range; the mimicry channel data cache management module is used for caching the operation result returned by the heterogeneous micro-computing controller; the mimicry judgment module is used for performing mimicry judgment on an operation result returned by the heterogeneous micro-computing controller and outputting data after the judgment is successful; and the judgment data transmission module is used for outputting the data after the judgment is successful to the external equipment.
In addition, the scheduler also needs to use a mimicry strategy and a cleaning control function in the data processing process; the mimicry strategy can be set according to the number of heterogeneous micro-computing controllers in the mimicry microprocessor device, when the heterogeneous micro-computing controllers generate computing errors, the heterogeneous micro-computing controllers can be cleaned, the current working state of the mimicry microprocessor device is set according to the cleaning number of the current heterogeneous micro-computing controllers, and then in the working state, the corresponding mimicry strategy is selected to conduct mimicry judgment on the output result of the heterogeneous micro-computing controllers, so that the final result is obtained and output.
The operation mode of the mimic microprocessor apparatus can be divided into a plurality of modes according to the number of heterogeneous micro-computing controllers in a cleaning state in the mimic microprocessor apparatus, and the description will be given by taking an example in which four heterogeneous micro-computing controllers are included in the mimic microprocessor apparatus. FIG. 5 is a schematic diagram of various operating modes of a high security, mimetic microprocessor apparatus; specifically, the working modes of the mimicry microprocessor device comprise a primary safety mode, a primary cleaning mode, a secondary safety mode, a secondary cleaning mode, a tertiary safety mode and a tertiary cleaning mode; in a first-level safety mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is used for backup; each heterogeneous micro-computing controller in the four heterogeneous micro-computing controllers can be used for backup and can also be used for mimicry judgment; therefore, the selection can be carried out randomly or according to the kernel of the heterogeneous micro-computing controller. In a first-level cleaning mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is in a cleaning state.
In a secondary safety mode, two heterogeneous micro-computing controllers are used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the other heterogeneous micro-computing controller is in a cleaning state; except the heterogeneous micro-computing controller in the cleaning state, each of the other three heterogeneous micro-computing controllers can be used for backup or mimicry judgment; therefore, the selection can be carried out randomly or according to the kernel of the heterogeneous micro-computing controller. In the secondary cleaning mode, two heterogeneous micro-computing controllers are used for mimicry judgment, and the other two heterogeneous micro-computing controllers are in a cleaning state.
In a three-level safety mode, one heterogeneous micro-computing controller is used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the two heterogeneous micro-computing controllers are in a cleaning state; except the heterogeneous micro-computing controller in the cleaning state, each of the other two heterogeneous micro-computing controllers can be used for backup or mimicry judgment; therefore, the selection can be carried out randomly or according to the kernel of the heterogeneous micro-computing controller. In the three-level cleaning mode, one heterogeneous micro-computing controller is used for mimicry judgment, and the three heterogeneous micro-computing controllers are in a cleaning state.
It will be appreciated that in each of the above-described modes of operation, a heterogeneous micro-computing controller may perform only one function, such as only for mimicry decisions, only for backup, or only in a flush state; often a heterogeneous micro-computing controller may not implement multiple of the above functions simultaneously.
When the scheduler monitors that the state of a certain heterogeneous micro-computing controller needs to be cleaned, the heterogeneous micro-computing controller is reset globally, the judgment working mode of the current scheduler for the four heterogeneous micro-computing controllers is adjusted, and the state recovery is needed after cleaning; the state recovery is that when the heterogeneous micro-computing controller is in a cleaning state, the heterogeneous micro-computing controller starts to operate, but the operation result does not participate in normal mimicry judgment, but is collated with the final result of the normal mimicry judgment, when the number of times that the collation result is correct and correct reaches a preset threshold value of a system, the state recovery of the heterogeneous micro-computing controller can be considered to be successful, and the scheduler changes the current working mode according to a mimicry strategy.
Based on the above various operating modes, the adjustment and manner of the interconversion between the operating modes, i.e. the strategy of the mimicry decision, are further described below. FIG. 6 is a schematic diagram of the primary security mode being converted to other operating modes; in the first-level safety mode, the scheduler is further used for performing mimicry judgment on operation results output by the three heterogeneous micro-computing controllers for mimicry judgment, outputting a final result, and comparing the final result with the operation results output by the heterogeneous micro-computing controllers for backup.
If the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, but the operation results output by the heterogeneous micro-computing controllers for backup are inconsistent with the final results, and the inconsistent times reach a preset time threshold, the heterogeneous micro-computing controllers for backup are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a primary cleaning mode.
If the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation results output by the heterogeneous micro-computing controllers for backup are consistent with the final result, the heterogeneous micro-computing controllers for outputting the inconsistent operation results are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary safety mode.
If the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation results output by the heterogeneous micro-computing controller for backup are inconsistent with the final results, the heterogeneous micro-computing controller for outputting the inconsistent operation results and the heterogeneous micro-computing controller for backup are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode.
If the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other and the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the three heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controller with the operation result inconsistent with the heterogeneous micro-computing controller for backup in the three heterogeneous micro-computing controllers is converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode.
If the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other and the inconsistent times reach a preset time threshold value, and the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the three heterogeneous micro-computing controllers, the credibility of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest credibility is used for mimicry judgment, the other three heterogeneous micro-computing controllers are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
Specifically, the above-described reliability may also be referred to as reliability; the heterogeneous micro-computing controller can count the probability of correctly completing the preset function of the system under the preset condition and within the preset time in real time in the running process of the system, and the probability can be used as the credibility of the heterogeneous micro-computing controller; the preset conditions, time and functions can be preset by a user.
FIG. 7 is a schematic diagram of the conversion of the primary cleaning mode to other operating modes; if the state of the heterogeneous micro-computing controller in the cleaning state is successfully recovered and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into a heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode.
And if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered after the cleaning times of the heterogeneous micro-computing controller reach a preset time threshold, generating an alarm, and keeping the mimicry microprocessor device in a first-stage cleaning mode at the moment.
If the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered and the operation results output by one of the heterogeneous micro-computing controllers and the other two heterogeneous micro-computing controllers are inconsistent and the inconsistent times reach a preset time threshold value in the three heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controllers outputting the inconsistent operation results are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode.
If the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the state is recovered, the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest reliability is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
FIG. 8 is a schematic diagram of the secondary security mode being converted to another operational mode; if the state of the heterogeneous micro-computing controller in the cleaning state is successfully recovered and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into a heterogeneous micro-computing controller for mimicry judgment; the working mode of the mimicry microprocessor device is converted into a primary safety mode.
And if the cleaning times of the heterogeneous micro-computing controller in the cleaning state reach a preset time threshold, the cleaning is not finished and the state is recovered, and the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result of the final result, converting the heterogeneous micro-computing controller for backup into a heterogeneous micro-computing controller for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode.
And if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered, the operation result output by the heterogeneous micro-computing controller for backup is inconsistent with the final result, and the inconsistent times reach a preset time threshold, converting the heterogeneous micro-computing controller for backup into the cleaning state, and converting the working mode of the mimicry microprocessor device into a secondary cleaning mode.
If the heterogeneous micro-computing controllers in the cleaning state do not finish cleaning and the state is recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the two heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controller for mimicry judgment, which is inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode.
If the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the states are recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the two heterogeneous micro-computing controllers, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest reliability is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
FIG. 9 is a schematic diagram of the secondary cleaning mode being switched to another operation mode; if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, converting the heterogeneous micro-computing controller with the recovered state into a heterogeneous micro-computing controller for mimicry judgment; the working mode of the mimicry microprocessor device is converted into a first-level cleaning mode. If the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, converting one of the heterogeneous micro-computing controllers in the state recovery into a heterogeneous micro-computing controller for mimicry judgment, and converting the other heterogeneous micro-computing controller into a heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode. If the two heterogeneous micro-computing controllers in the cleaning state do not finish cleaning and the state is recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other, the inconsistent times reach a preset time threshold value, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the lowest reliability is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-stage cleaning mode.
FIG. 10 is a schematic diagram of the transition from the three-level security mode to the other operation mode; if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, the heterogeneous micro-computing controller with the recovered state is converted into a heterogeneous micro-computing controller for mimicry judgment, and the working mode of the mimicry microprocessor device is converted into a secondary safety mode. If the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, the two heterogeneous micro-computing controllers in the state recovery are converted into heterogeneous micro-computing controllers for mimicry judgment, and the working mode of the mimicry microprocessor device is converted into a primary safety mode. If the cleaning times of the two heterogeneous micro-computing controllers in the cleaning state reach the preset time threshold respectively, cleaning is not finished and the state is recovered, the heterogeneous micro-computing controller for backup is converted into a heterogeneous micro-computing controller for mimicry judgment, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning safety mode. If the two heterogeneous micro-computing controllers in the cleaning state do not finish cleaning and the states are recovered, and the operation result of the heterogeneous micro-computing controller for mimicry judgment is inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, converting the heterogeneous micro-computing controller for backup into the cleaning state; the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
FIG. 11 is a schematic diagram of the three-stage cleaning mode being switched to another operation mode; when the working mode of the mimicry microprocessor device is a three-level cleaning mode, the mimicry microprocessor device stops outputting the operation result of the heterogeneous micro-computing controller for mimicry judgment; comparing the states of the three heterogeneous micro-computing controllers in the cleaning state with the states of the heterogeneous micro-computing controllers for mimicry judgment respectively;
if the states of two heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, the two heterogeneous micro-computing controllers with the same states are converted into heterogeneous micro-computing controllers for mimicry judgment, the two heterogeneous micro-computing controllers with different states are converted into cleaning states, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode;
if the states of three heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, converting the three heterogeneous micro-computing controllers with the same states into heterogeneous micro-computing controllers for mimicry judgment, converting the heterogeneous micro-computing controllers with different states into cleaning states, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode;
if the states of the four heterogeneous micro-computing controllers are the same, randomly converting the three heterogeneous micro-computing controllers into heterogeneous micro-computing controllers for mimicry judgment, and converting the other heterogeneous micro-computing controller into a heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode.
Based on the mimicry microprocessor device provided by the embodiment, the embodiment of the invention also provides a data processing method, which is applied to the mimicry microprocessor device; the method comprises the following steps:
102, after receiving data sent by external equipment, a scheduler distributes the data to a plurality of heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers so that the heterogeneous micro-computing controllers respectively operate the data;
and 104, receiving the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate by the scheduler, performing mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputting the judged operation results to external equipment.
The data processing method can be realized by the following steps:
the method comprises the following steps: data enters a mimicry heterogeneous micro-computing controller system (equivalent to the mimicry microprocessor device) through an interface of a mimicry scheduler (equivalent to the scheduler), and firstly enters an uplink cache control module for caching the data;
step two: the flow balance distribution scheduling management module monitors the data receiving rate of the current heterogeneous micro-computing controller, performs distribution scheduling according to the current rate, and controls the rate of data transmission to the heterogeneous micro-computing controller;
step three: the heterogeneous micro-computing controller performs operation and outputs the operated data;
step four: the data is managed by a flow balance distribution scheduling module, and the data transmission rate difference of the heterogeneous micro-computing controller with high and low running speed is controlled within a certain range;
step five: caching four groups of heterogeneous micro-computing controller operation data;
step six: performing data judgment according to the current working mode in the mimicry strategy;
step seven: and taking out the data after the judgment is successful, and transmitting the data to the outside.
In the data processing method provided by the embodiment of the present invention, after receiving data sent by an external device, a scheduler distributes the data to a plurality of heterogeneous micro-computing controllers according to receiving rates of the plurality of heterogeneous micro-computing controllers, so that the plurality of heterogeneous micro-computing controllers respectively perform operations on the data; and then receiving the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performing mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputting the judged operation results. In the mode, a plurality of heterogeneous micro-computing controllers participate in operation at the same time, and even if a few heterogeneous micro-computing controllers receive external attacks or generate internal loopholes, the normal work of the mimicry microprocessor device can be ensured, and the correctness of an output result is ensured, so that the reliability of the mimicry microprocessor device is improved.
The high-safety mimicry microprocessor device and the data processing method provided by the embodiment of the invention realize a dynamic heterogeneous redundant mimicry microprocessor device, so that a system can still keep a normal working state or quickly recover the normal working state after a single or a plurality of heterogeneous micro-computing controllers receive external attacks. In particular, it has the following advantages: the method has the advantages of reliability, multiple heterogeneous micro-computing controllers running, multiple decision operation results and more reliable operation results. The system has dynamic property, and four heterogeneous micro-computing controllers of the system dynamically select the working mode according to the mimicry strategy. The method has the advantages of resisting attack, realizing the dynamic heterogeneous redundant architecture of the heterogeneous micro-computing controller, reducing the probability of the occurrence of most or completely same errors, and reducing the probability of the error of the computing result caused by external attack or internal loophole. The safety is high, the multi-core heterogeneous architecture can improve the random fault tolerance of the system, and potential common faults of homogeneous systems can be avoided.
The computer program product of the above high-security mimic microprocessor apparatus and the data processing method provided in the embodiments of the present invention includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A high-safety mimicry microprocessor device is characterized in that the mimicry microprocessor device comprises a scheduler and a plurality of heterogeneous micro-computing controllers respectively connected with the scheduler; the multiple heterogeneous micro-computing controllers are mutually heterogeneous pairwise; the scheduler is also in communication connection with an external device;
the scheduler is configured to distribute, after receiving data sent by the external device, the data to the heterogeneous micro-computing controllers according to receiving rates of the heterogeneous micro-computing controllers, so that the heterogeneous micro-computing controllers respectively perform operations on the data;
the scheduler is also used for receiving the operation results returned by the heterogeneous micro-computation controllers according to a preset transmission rate, performing mimicry judgment on the operation results returned by the heterogeneous micro-computation controllers according to the current working mode, and outputting the judged operation results;
the scheduler comprises a flow balance distribution scheduling management module, wherein the flow balance distribution scheduling management module is used for monitoring the receiving rate of the heterogeneous micro-computing controllers and distributing the data to the heterogeneous micro-computing controllers according to a preset receiving rate;
the flow equilibrium distribution scheduling management module is further configured to receive operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, so that a difference value of the transmission rates among the heterogeneous micro-computing controllers is kept within a preset difference value range.
2. The mimicry microprocessor device of claim 1, wherein the scheduler comprises an uplink buffer control module, a mimicry channel data buffer management module, a mimicry decision module and a decision data transmission module;
the uplink cache control module is used for caching the data after receiving the data sent by the external equipment;
the mimicry channel data cache management module is used for caching the operation result returned by the heterogeneous micro-computing controller;
the mimicry judgment module is used for performing mimicry judgment on an operation result returned by the heterogeneous micro-computing controller and outputting data after the judgment is successful;
and the judgment data transmission module is used for outputting the data after the judgment is successful to the external equipment.
3. The mimicry microprocessor device of claim 1, wherein the plurality of heterogeneous micro-compute controllers is four in number; the working modes comprise a primary safety mode, a primary cleaning mode, a secondary safety mode, a secondary cleaning mode, a tertiary safety mode and a tertiary cleaning mode;
in the first-level safety mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is used for backup;
in the first-stage cleaning mode, three heterogeneous micro-computing controllers are used for mimicry judgment, and the other heterogeneous micro-computing controller is in a cleaning state;
in the secondary safety mode, the two heterogeneous micro-computing controllers are used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the other heterogeneous micro-computing controller is in a cleaning state;
in the secondary cleaning mode, two heterogeneous micro-computing controllers are used for mimicry judgment, and the other two heterogeneous micro-computing controllers are in a cleaning state;
in the three-level safety mode, one heterogeneous micro-computing controller is used for mimicry judgment, one heterogeneous micro-computing controller is used for backup, and the two heterogeneous micro-computing controllers are in a cleaning state;
in the three-level cleaning mode, one heterogeneous micro-computing controller is used for mimicry judgment, and three heterogeneous micro-computing controllers are in a cleaning state.
4. The mimicry microprocessor device of claim 3, wherein in an initial state, the operating mode of the mimicry microprocessor device is a level one secure mode;
in the first-level safety mode, the scheduler is further configured to perform mimicry decision on operation results output by the three heterogeneous micro-computing controllers for mimicry decision, output a final result, and compare the final result with operation results output by the heterogeneous micro-computing controllers for backup;
if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, but the operation results output by the heterogeneous micro-computing controllers for backup are inconsistent with the final result, and the inconsistent times reach a preset time threshold, converting the heterogeneous micro-computing controllers for backup into a cleaning state, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode;
if the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation results output by the heterogeneous micro-computing controllers for backup are consistent with the final result, the heterogeneous micro-computing controllers for outputting the inconsistent operation results are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary safety mode;
if the operation results output by one of the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the number of inconsistent times reaches a preset number threshold, but the operation results output by the heterogeneous micro-computing controller for backup are inconsistent with the final result, the heterogeneous micro-computing controller for outputting the inconsistent operation results and the heterogeneous micro-computing controller for backup are converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode;
if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent and the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the three heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controller with the operation result inconsistent with the heterogeneous micro-computing controller for backup in the three heterogeneous micro-computing controllers is converted into a cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode;
if the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent with each other and the inconsistent times reach a preset time threshold value, and the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the three heterogeneous micro-computing controllers, obtaining the reliability of each heterogeneous micro-computing controller based on system operation result analysis, using the heterogeneous micro-computing controller with the highest reliability for mimicry judgment, converting the other three heterogeneous micro-computing controllers into a cleaning state, and converting the working mode of the mimicry microprocessor device into a three-level cleaning mode.
5. The mimicry microprocessor device of claim 3, wherein when the operating mode of the mimicry microprocessor device is a one-level washing mode;
if the state recovery of the heterogeneous micro-computing controller in the cleaning state is successful and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into the heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode;
if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered and the operation result output by one of the heterogeneous micro-computing controllers is inconsistent with the operation result output by the other two heterogeneous micro-computing controllers and the inconsistent times reach a preset time threshold value, the heterogeneous micro-computing controller outputting the inconsistent operation result is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode;
if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the state is recovered, the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest reliability is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
6. The mimicry microprocessor device of claim 3, wherein when the operating mode of the mimicry microprocessor device is a two-level security mode;
if the state of the heterogeneous micro-computing controller in the cleaning state is successfully recovered and the operation results output by the three heterogeneous micro-computing controllers for mimicry judgment are consistent, converting the heterogeneous micro-computing controller in the cleaning state into the heterogeneous micro-computing controller for mimicry judgment; the working mode of the mimicry microprocessor device is converted into a primary safety mode;
if the heterogeneous micro-computing controller in the cleaning state is not cleaned and the state is recovered after the cleaning times of the heterogeneous micro-computing controller reach a preset time threshold value, and the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result of the final result, converting the heterogeneous micro-computing controller for backup into the heterogeneous micro-computing controller for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode;
if the heterogeneous micro-computing controller in the cleaning state does not finish cleaning and the state is recovered, the operation result output by the heterogeneous micro-computing controller for backup is inconsistent with the final result, and the inconsistent times reach a preset time threshold value, the heterogeneous micro-computing controller for backup is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode;
if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the state is recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, but the operation result output by the heterogeneous micro-computing controller for backup is consistent with the operation result output by one of the two heterogeneous micro-computing controllers for mimicry judgment, the heterogeneous micro-computing controllers for mimicry judgment, which are inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level safety mode;
if the heterogeneous micro-computing controllers in the cleaning state are not cleaned and the states are recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold, the operation results output by the heterogeneous micro-computing controllers for backup are also inconsistent with the operation results output by the two heterogeneous micro-computing controllers, the credibility of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the highest credibility is used for mimicry judgment, the other two heterogeneous micro-computing controllers are converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
7. The mimicry microprocessor device of claim 3, wherein when the operating mode of the mimicry microprocessor device is a two-stage wash mode;
if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, converting the heterogeneous micro-computing controller with the recovered state into the heterogeneous micro-computing controller for mimicry judgment; the working mode of the mimicry microprocessor device is converted into a first-level cleaning mode;
if the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, converting one of the heterogeneous micro-computing controllers in the state recovery into the heterogeneous micro-computing controller for mimicry judgment, and converting the other heterogeneous micro-computing controller into the heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode;
if the two heterogeneous micro-computing controllers in the cleaning state are not cleaned and the states are recovered, the operation results output by the two heterogeneous micro-computing controllers for mimicry judgment are inconsistent, the inconsistent times reach a preset time threshold value, the reliability of each heterogeneous micro-computing controller based on system operation result analysis is obtained, the heterogeneous micro-computing controller with the lowest reliability is converted into the cleaning state, and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
8. The mimicry microprocessor device of claim 3, wherein when the operating mode of the mimicry microprocessor device is a three-level security mode;
if one of the heterogeneous micro-computing controllers in the cleaning state finishes cleaning and the state is recovered, converting the heterogeneous micro-computing controller in the state recovery into the heterogeneous micro-computing controller for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a secondary safety mode;
if the two heterogeneous micro-computing controllers in the cleaning state finish cleaning and the state is recovered, converting the two heterogeneous micro-computing controllers in the state recovery into the heterogeneous micro-computing controllers for mimicry judgment, and converting the working mode of the mimicry microprocessor device into a primary safety mode;
if the cleaning times of the two heterogeneous micro-computing controllers in the cleaning state reach preset time thresholds respectively, cleaning is not finished and the state is recovered, the heterogeneous micro-computing controllers for backup are converted into the heterogeneous micro-computing controllers for mimicry judgment, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning safety mode;
if the two heterogeneous micro-computing controllers in the cleaning state are not cleaned and the states are recovered, and the operation result of the heterogeneous micro-computing controller for mimicry judgment is inconsistent with the operation result output by the heterogeneous micro-computing controller for backup, converting the heterogeneous micro-computing controller for backup into the cleaning state; and the working mode of the mimicry microprocessor device is converted into a three-level cleaning mode.
9. The mimicry microprocessor device according to claim 3, wherein when the operation mode of the mimicry microprocessor device is a three-level washing mode, the mimicry microprocessor device stops outputting the operation result of the heterogeneous micro-computation controller for mimicry decision; comparing the states of the three heterogeneous micro-computing controllers in the cleaning state with the states of the heterogeneous micro-computing controllers for mimicry judgment respectively;
if the states of two heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, the two heterogeneous micro-computing controllers with the same states are converted into the heterogeneous micro-computing controllers for mimicry judgment, the two heterogeneous micro-computing controllers with different states are converted into cleaning states, and the working mode of the mimicry microprocessor device is converted into a secondary cleaning mode;
if the states of three heterogeneous micro-computing controllers in the four heterogeneous micro-computing controllers are the same, converting the three heterogeneous micro-computing controllers with the same states into the heterogeneous micro-computing controllers for mimicry judgment, converting the heterogeneous micro-computing controllers with different states into cleaning states, and converting the working mode of the mimicry microprocessor device into a primary cleaning mode;
if the states of the four heterogeneous micro-computing controllers are the same, randomly converting the three heterogeneous micro-computing controllers into the heterogeneous micro-computing controller for mimicry judgment, and converting the other heterogeneous micro-computing controller into the heterogeneous micro-computing controller for backup; the working mode of the mimicry microprocessor device is converted into a primary safety mode.
10. A data processing method, wherein the method is applied to the mimicry microprocessor apparatus of any one of claims 1-9; the method comprises the following steps:
after receiving data sent by external equipment, a scheduler distributes the data to a plurality of heterogeneous micro-computing controllers according to the receiving rates of the heterogeneous micro-computing controllers so that the heterogeneous micro-computing controllers respectively calculate the data;
and the scheduler receives the operation results returned by the heterogeneous micro-computing controllers according to a preset transmission rate, performs mimicry judgment on the operation results returned by the heterogeneous micro-computing controllers according to the current working mode, and outputs the judged operation results.
CN201811351742.3A 2018-11-13 2018-11-13 High-safety mimicry microprocessor device and data processing method Active CN109409138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811351742.3A CN109409138B (en) 2018-11-13 2018-11-13 High-safety mimicry microprocessor device and data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811351742.3A CN109409138B (en) 2018-11-13 2018-11-13 High-safety mimicry microprocessor device and data processing method

Publications (2)

Publication Number Publication Date
CN109409138A CN109409138A (en) 2019-03-01
CN109409138B true CN109409138B (en) 2020-12-01

Family

ID=65473270

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811351742.3A Active CN109409138B (en) 2018-11-13 2018-11-13 High-safety mimicry microprocessor device and data processing method

Country Status (1)

Country Link
CN (1) CN109409138B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109932891A (en) * 2019-03-12 2019-06-25 天津芯海创科技有限公司 A kind of mimicry MCU of isomery redundancy
CN110417738A (en) * 2019-06-26 2019-11-05 天津芯海创科技有限公司 Raw security system scheduler realization device and implementation method in one kind
CN110740077B (en) * 2019-09-24 2021-05-11 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Simulation system heterogeneity testing system, method and device based on network packet capturing
CN111427294B (en) * 2020-03-26 2021-09-07 郑州信大捷安信息技术股份有限公司 Redundant PLC program execution system and method
CN112118219B (en) * 2020-07-29 2023-03-24 天津芯海创科技有限公司 Mimicry judgment method and device, electronic equipment and computer readable storage medium
CN115834140B (en) * 2022-10-31 2023-11-10 中国国家铁路集团有限公司 Railway network security management method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103226541A (en) * 2013-03-29 2013-07-31 江苏复芯物联网科技有限公司 Embedded high-performance heterogeneous computing platform based on FPGA and ARM
CN105282209A (en) * 2014-06-24 2016-01-27 现代自动车株式会社 Network system for vehicle and data transmission method of heterogeneous communication controllers in the same system
CN105893151A (en) * 2016-04-01 2016-08-24 浪潮电子信息产业股份有限公司 High-dimensional data stream processing method based on CPU + MIC heterogeneous platform

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161417B (en) * 2015-06-01 2019-05-14 上海红神信息技术有限公司 A kind of isomery function equivalence body dispatching device and its method
CN106534063B (en) * 2016-09-27 2019-11-12 上海红阵信息科技有限公司 A kind of device, method and apparatus encapsulating isomery function equivalence body
CN107040530A (en) * 2017-03-31 2017-08-11 中国人民解放军信息工程大学 The output judgment device and method of a kind of isomery triplication redundancy processor
CN108667826B (en) * 2018-04-25 2020-09-04 中国人民解放军战略支援部队信息工程大学 Scheduling device and scheduling method based on four-mode heterogeneous redundant processor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103226541A (en) * 2013-03-29 2013-07-31 江苏复芯物联网科技有限公司 Embedded high-performance heterogeneous computing platform based on FPGA and ARM
CN105282209A (en) * 2014-06-24 2016-01-27 现代自动车株式会社 Network system for vehicle and data transmission method of heterogeneous communication controllers in the same system
CN105893151A (en) * 2016-04-01 2016-08-24 浪潮电子信息产业股份有限公司 High-dimensional data stream processing method based on CPU + MIC heterogeneous platform

Also Published As

Publication number Publication date
CN109409138A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
CN109409138B (en) High-safety mimicry microprocessor device and data processing method
CN109918916B (en) Dual-system trusted computing system and method
US11509679B2 (en) Trust topology selection for distributed transaction processing in computing environments
US8909978B2 (en) Remote access diagnostic mechanism for communication devices
CN107395414B (en) Negative feedback control method and system based on output arbitration
US9954885B2 (en) Software/hardware device with uncertain service function and structural characterization, and scheduling method thereof
US20110307639A1 (en) Virtual serial port management system and method
US7181651B2 (en) Detecting and correcting a failure sequence in a computer system before a failure occurs
RU2008133312A (en) COMPUTER ACCOMMODATING MANY PROTECTED runtimes
CN109413024B (en) Reverse data verification method and system for multi-mode judgment result of heterogeneous functional equivalent
KR102030462B1 (en) An Apparatus and a Method for Detecting Errors On A Plurality of Multi-core Processors for Vehicles
CN112637013B (en) CAN bus message abnormity detection method and device, equipment and storage medium
CN208210006U (en) A kind of high safety trusted servers based on domestic TPM
US20220292228A1 (en) Alert Handling
CN109932891A (en) A kind of mimicry MCU of isomery redundancy
US20140143597A1 (en) Computer system and operating method thereof
CN109240822A (en) The method, apparatus and storage medium and electronic equipment of application program elastic telescopic
KR101469179B1 (en) System for diagnosing communication error of nuclear power plant simmulator
CN109213657B (en) Power grid operation data cloud storage device
CN113536306A (en) Processing health information to determine whether an exception occurred
CN105589821B (en) A kind of device and method preventing bus deadlock
US20190243953A1 (en) Enhanced security for multiple node computing platform
CN109828855B (en) Multiprocessor error detection system and method thereof
RU2569576C1 (en) Control module
CN115755570A (en) Scheduling arbitration method and device of multi-redundancy heterogeneous scheduling arbitrator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant