CN111679927A - Fault-tolerant computer of redundancy reconsitution - Google Patents
Fault-tolerant computer of redundancy reconsitution Download PDFInfo
- Publication number
- CN111679927A CN111679927A CN202010475060.4A CN202010475060A CN111679927A CN 111679927 A CN111679927 A CN 111679927A CN 202010475060 A CN202010475060 A CN 202010475060A CN 111679927 A CN111679927 A CN 111679927A
- Authority
- CN
- China
- Prior art keywords
- fault
- bus
- redundancy
- command table
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/008—Reliability or availability analysis
Abstract
The invention provides a redundancy reconstruction fault-tolerant computer, wherein a back board bus is ARINC659, and static reconstruction of a redundancy framework of the fault-tolerant computer is realized by changing a command table of the bus. The hardware node of each channel is divided into a processing module and an interface module, and the processing module completes the functions of system task scheduling, control calculation, execution redundancy management and the like. The interface module finishes external cross-linking signal acquisition, transmits the external cross-linking signal to the processing module, and receives the output of the processing module after calculation; and simultaneously provides redundancy-related functions such as interchannel data cross transmission (CCDL), channel fault logic and the like. The hardware composition of each channel of the redundancy reconstruction fault-tolerant computer is flexibly configured through a bus command table, and windows related to the command table channels define hardware nodes in the channels and data streams among the nodes; and isolating the node data streams among the channels in the command table window period ring to form isolation among the channels of the fault-tolerant computer.
Description
Technical Field
The invention belongs to the field of design of onboard computers, and relates to a redundancy reconstruction fault-tolerant computer.
Background
ARINC659 is an in-chassis backplane data communication protocol for data transmission and reception between Line Replaceable Modules (LRMs) within a chassis, with a high degree of reliability and fault tolerance. The fault-tolerant serial bus is a double-redundancy configuration fault-tolerant serial bus based on a time trigger architecture, supports robust time partition and space partition, is a key technology of a comprehensive and modular avionics system, meets the requirements of a new generation of advanced comprehensive avionics on a backplane bus technology, and provides high-reliability guarantee for data transmission between LRMs through a special bus communication mechanism.
The fault-tolerant computer utilizes redundancy technology to improve the reliability of system tasks, and is widely applied to flight control, actuator and engine control in the field of aviation. In the fault-tolerant computer, each redundancy is called a channel, and each channel is calculated according to external input and determines whether the channel performs output control according to the self state information of the channel and other channel information. At present, the fault-tolerant computer improves the reliability of a system through hardware and software redundancy, the hardware development period is long, and one-time investment is large.
Disclosure of Invention
The purpose of the invention is: the redundancy reconstruction fault-tolerant computer is provided, shelf-based on the fact that hardware design is not increased, the development period is shortened, and development cost is reduced.
The technical scheme of the invention is as follows:
a fault-tolerant computer of redundancy reconstruction, its back plate bus is ARINC659, LRM node on the bus is divided into two types of processing module and interface module; the backplane bus is connected with a plurality of channels, and each channel comprises a processing module and at least one interface module;
the processing module is used for completing the functions of system task scheduling, control calculation and execution redundancy management; the interface module is used for completing external cross-linking signal acquisition and transmitting to the processing module, receiving the output of the processing module after calculation, and providing the functions of interchannel data cross transmission (CCDL) and channel fault logic;
multi-node serial communication on a bus (data of a plurality of LRM nodes are in serial communication on the bus) is driven by a bus command table, bus time is divided into a series of windows, data transmission of the bus is in a periodic ring with constant length consisting of the series of windows, and channel division and isolation of a fault-tolerant computer are realized through the bus command table; distributing a plurality of corresponding windows for each channel in the bus command table, and defining a sending node, a receiving node, a data transmission address and a size of data transmission in each window; the isolation of the data stream of the LRM nodes between the channels in the window cycle ring of the bus command table forms the isolation between the channels of the fault-tolerant computer.
Further, the bus command table is stored on an external nonvolatile memory and supports online multi-time programming; when the system is powered on, the ARINC659 interface controller of each LRM node loads the bus command table by accessing the external nonvolatile memory, decodes the commands, and executes the specific commands according to the bus command table.
Furthermore, the processing module is a CPU module, and the interface module is divided into an IOC module and an IOM module; the IOM module completes interface input and output functions, and the IOC module completes CCDL between channels and channel fault logic functions.
Further, the bus command table assigns a uniquely identified module number to each LRM node on the bus.
The invention has the following advantages:
according to the redundancy-reconfigurable fault-tolerant computer, the backplane bus is ARINC659, the nodes in the channel communicate through the ARINC659 bus, high reliability and fault tolerance of communication are met, through the bus command list, the redundancy framework can be changed on the basis that hardware design is not increased, the redundancy framework matched with the hardware design is provided for specific application requirements, shelf life of the fault-tolerant computer is achieved, the research and development period is shortened, and the research and development cost is reduced.
Drawings
FIG. 1 is a system architecture diagram of the present invention;
FIG. 2 is a diagram of a cycle loop of a channel correlation window of a bus command table according to the present invention.
Detailed Description
A redundancy reconstruction fault-tolerant computer is provided, wherein a backplane bus is ARINC 659. The ARINC659 specification implements communication within the chassis, being the only specification that can meet the requirements of Integrated Modular Avionics (IMA) systems for medium/high data throughput, strict fault isolation, and data transmission determination.
In the redundancy reconstruction fault-tolerant computer, each LRM on a back board bus comprises an ARINC659 interface, and an interface module number is used for identifying LRM nodes on the bus. The LRM module on the bus includes two types, a processing module and an interface module. The hardware nodes of each channel include a processing module and one or more interface modules. The processing module completes the functions of system task scheduling, control calculation, execution redundancy management and the like. The interface module finishes external cross-linking signal acquisition and transmits the signal to the processing module, and receives the output of the processing module after calculation. And simultaneously provides redundancy-related functions such as interchannel data cross transmission (CCDL), channel fault logic and the like.
According to the practical application requirement, firstly, determining a redundancy framework of the fault-tolerant computer, wherein each redundancy corresponds to one channel. The hardware composition of each channel of the redundancy reconstruction fault-tolerant computer is flexibly configured through a bus command table, and the hardware composition is selected in the bus command table through a module number of a marked bus LRM node. The bus command table is stored on an external nonvolatile memory, such as FLASH or PROM, and can be programmed on line for multiple times, thus being easy to design and maintain the command table. The system is powered up and the ARINC659 interface controller of each LRM loads the bus command table by accessing the external non-volatile memory, decodes the commands, and executes the specific commands per bus command table. In the command table, a plurality of corresponding windows are allocated to each channel, and a sending node, a receiving node, a data transmission address and a size of data transmission are defined in each window, namely, the windows related to the channels define hardware nodes in the channels and data flows among the nodes. Isolation between channels is also achieved through the command table window. After the window definition associated with each channel is complete, the flow of data between nodes on the ARINC659 bus has been determined. And the isolation of data streams of nodes among channels in the window period ring of the command table forms the isolation among the channels of the fault-tolerant computer. The processing module in the channel can only communicate with the interface module of the channel and can not communicate with the interface modules in other channels. The interface module of the channel can only communicate with the processing module of the channel and can not communicate with the processing module of other channels.
The redundancy reconstruction fault-tolerant computer can realize the change of a redundancy framework through a bus command table on the basis of not increasing the hardware design, and provides a redundancy structure matched with the redundancy framework for specific application requirements. According to the actual ARINC659 bus LRM node condition, the channel number of the fault-tolerant computer is changed by deleting or adding a window of one or a plurality of channels in the window cycle ring of the command list, thereby realizing the change of the redundancy architecture of the fault-tolerant computer. When the redundancy is reconstructed, after the window of the relevant channel is deleted in the bus command table, the deleted LRM nodes in the channel do not participate in the bus activity, and the nodes can be removed from the chassis, so that the aims of saving the cost, reducing the weight of the product and reducing the power consumption are fulfilled. And when the redundancy reconstruction needs to delete the bus hardware nodes, the bus hardware nodes are inserted into the chassis again.
Most of the current airborne fault-tolerant computers adopt a dual-redundancy, triple-redundancy and quad-redundancy structure. The following further describes a four-redundancy reconfigurable fault-tolerant computer as an example.
A chassis back plate bus of the four-redundancy reconfigurable fault-tolerant computer is ARINC659, 12 LRM nodes are arranged on the bus, and the module number of each LRM node is configured through a pull-up resistor and a pull-down resistor. The LRM nodes on the bus are identified by module numbers. The bus comprises 4 CPU nodes and 8I/O nodes. The I/O node is divided into an IOM module and an IOC module, and the IOM module finishes the signal acquisition and output of external cross-linking equipment. The IOC module mainly completes the functions of channel fault logic and CCDL between channels and sends the redundancy data of the computer of the channel to other three channel computers through CCDL. Meanwhile, the data of the other three channel computers acquired through the CCDL is sent to other modules in the channel computer for processing through ARINC 659.
A system block diagram of a quad-redundancy reconfigurable fault-tolerant computer is shown in fig. 1, in which the module numbers of LRMs on a bus are identified. LRMs with module numbers 0,1, and 2 constitute channel 1; LRMs with module numbers 3, 4, and 5 constitute channel 2; LRMs with module numbers 6, 7, and 8 constitute channel 3; LRMs with module numbers 9, 10, and 11 make up channel 4. The nodes with module numbers 0, 3, 6 and 9 are CPU modules. And the rest node numbers are IOM modules and IOC modules.
The serial communication of the nodes on the redundancy reconstructed fault-tolerant computer bus is driven by a bus command table. The bus time is divided into a series of windows, and the command table defines the length of each window and the sending and receiving LRMs for each window. The information of the bus is transmitted in a periodic loop of constant length consisting of a series of windows. The window period ring of the command table of the redundancy-reconstructed fault-tolerant computer is schematically shown in fig. 2. The related windows of the channel 1 are windows 1-3. The data flow of the hardware nodes of channel 1 is defined in the window related to channel 1, wherein window 1 defines that the CPU1 is a sending node, the IOM1 and the IOC1 are receiving nodes, window 2 defines that the IOM1 is a sending node, the CPU1 and the IOC1 are receiving nodes, window 3 defines that the IOC1 is a sending node, and the CPU1 and the IOM1 are receiving nodes. The correlation window for channel 1 defines the hardware nodes within channel 1, specifying the data flow within the channel. And simultaneously, the data flow isolation of the nodes between the channels is completed together with the windows of other channels, so that the purpose of channel isolation is achieved.
The redundancy of the fault-tolerant computer with redundancy reconstruction is static reconstruction, and channel division and isolation of the fault-tolerant computer are realized through a bus command table. The flexible configuration of the nodes forming the channel can be realized through the command table, for example, a processing module with the module number 0 and interface modules with the module numbers 1 and 2 can form a channel, and a processing module with the module number 3 and interface modules with the module numbers 1 and 2 can form a channel by changing the command table.
Taking the window related to channel 1 in the four-redundancy reconfigurable fault-tolerant computer command table as an example, how the bus command table defines hardware nodes in the channel and data flow among the nodes is explained. The command table frame description language associated with channel 1 in the bus command table is as follows:
it can be seen from the above frame description language that the number of the channel 1 associated windows is 3, and the size of the data transmitted in each window is 256 words. The CPU1, IOM1 and IOC1 represent the module numbers 0,1 and 2 of the CPU, IOM and IOC module in channel 1 on the bus. The BOW 255 identifies a window that defines 256 words of transmission. The first window CPU1 is the sending node, the data sent is the first 256 words of ARINC659 interface dual port address 0x0, IOC1 and IOM1 are the receiving nodes, and the data received is placed in the address field of the first 256 words of ARINC659 interface dual port address 0x 0. The second window IOM1 is a sending node, the address of the double port for sending data is 0x400, the CPU1 and the IOC1 are receiving nodes, and the received data is placed at the address of the double port of 0x 400; the third window IOC1 is the sending node, the address of the dual port to send data is 0x800, the CPU1 and IOM1 are the receiving nodes, and the received data is placed at the address of the dual port, 0x 800. Add 10 beats of idle and short sync operations after each window is sent. Command table channel 1 associated window determines that channel 1 contains 3 nodes with module numbers 0,1 and 2, and 3 windows define data flows of CPU1, IOC1 and IOM1 nodes, so that communication of nodes in the channel is realized. The other channel-related window contents in the command table are similar to channel 1. Isolation of data streams of inter-channel nodes in the command table window ring constitutes isolation between channels of the fault-tolerant computer. A window cycle ring of a command table of a four-redundancy reconfigurable fault-tolerant computer is shown in fig. 2, a window related to a channel 1 only includes a CPU1, an IOM1 and an IOC1, and windows related to other channels only include nodes in the channel, so that isolation of data streams of the nodes CPU1, IOM1 and IOC1 in the channel 1 and nodes in other channels is completed, and isolation between channels is realized.
According to different application requirements, when a four-redundancy reconfigurable fault-tolerant computer needs to be changed into three-redundancy, a related window of one channel is deleted in a bus command table, and the fault-tolerant computer is changed into three-redundancy. If the window related to the channel 1 in the command table is deleted, the CPU module with the module number of 0 and the interface modules with the module numbers of 1 and 2 on the bus are moved out of the redundancy architecture of the fault-tolerant computer. Due to the characteristics of the ARINC659 bus, the LRM node on the channel 1 deleted in the command list can be removed from the chassis without influencing the communication of the bus, thereby achieving the purposes of saving cost, reducing weight of products and reducing power consumption.
When the fault-tolerant computer needs to be changed into dual redundancy, the related windows of the two channels need to be deleted in the command list, and the LRM nodes of the deleted channels can be removed from the chassis.
Claims (6)
1. A redundancy reconstruction fault-tolerant computer is characterized in that a backplane bus is ARINC659, and LRM nodes on the bus are divided into two types of processing modules and interface modules; the backplane bus is connected with a plurality of channels, and each channel comprises a processing module and at least one interface module;
the processing module is used for completing the functions of system task scheduling, control calculation and execution redundancy management; the interface module is used for completing external cross-linking signal acquisition and transmitting to the processing module, receiving the output of the processing module after calculation, and providing the functions of interchannel data cross transmission (CCDL) and channel fault logic;
the multi-node serial communication on the bus is driven by a bus command table, the bus time is divided into a series of windows, the data transmission of the bus is in a cycle ring with constant length consisting of the series of windows, and the channel division and isolation of the fault-tolerant computer are realized through the bus command table; distributing a plurality of corresponding windows for each channel in the bus command table, and defining a sending node, a receiving node, a data transmission address and a size of data transmission in each window; the isolation of the data stream of the LRM nodes between the channels in the window cycle ring of the bus command table forms the isolation between the channels of the fault-tolerant computer.
2. The redundancy-restructured fault tolerant computer of claim 1 wherein said bus command table is stored on an external non-volatile memory, supporting on-line multiple-time programming; when the system is powered on, the ARINC659 interface controller of each LRM node loads the bus command table by accessing the external nonvolatile memory, decodes the commands, and executes the specific commands according to the bus command table.
3. The redundancy-restructured fault-tolerant computer according to claim 1, wherein said processing module is a CPU module, and said interface module is divided into an IOC module and an IOM module; the IOM module completes interface input and output functions, and the IOC module completes CCDL between channels and channel fault logic functions.
4. The redundancy-restructured fault-tolerant computer of claim 1 wherein said bus command table assigns a uniquely identified module number to each LRM node on the bus.
5. The redundancy-restructured fault-tolerant computer according to claim 1, characterized in that the nodes in the channel are flexibly configured and/or new channels are built by modifying the definition of the bus command table.
6. The redundancy-restructured fault-tolerant computer according to claim 1, wherein the number of channels of the fault-tolerant computer is changed by deleting or adding a window of one or more channels in a window cycle ring of a bus command table, thereby realizing the change of the redundancy architecture of the fault-tolerant computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010475060.4A CN111679927A (en) | 2020-05-29 | 2020-05-29 | Fault-tolerant computer of redundancy reconsitution |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010475060.4A CN111679927A (en) | 2020-05-29 | 2020-05-29 | Fault-tolerant computer of redundancy reconsitution |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111679927A true CN111679927A (en) | 2020-09-18 |
Family
ID=72452744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010475060.4A Pending CN111679927A (en) | 2020-05-29 | 2020-05-29 | Fault-tolerant computer of redundancy reconsitution |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111679927A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112346330A (en) * | 2020-11-03 | 2021-02-09 | 中国航空工业集团公司西安航空计算技术研究所 | Servo control computer with complex fault-tolerant structure |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002297531A (en) * | 2001-03-29 | 2002-10-11 | Mitsubishi Heavy Ind Ltd | Connection system of avionics apparatus for use in aircraft |
| CN101482753A (en) * | 2009-02-11 | 2009-07-15 | 北京华力创通科技股份有限公司 | Real-time simulation apparatus and system of redundancy flight control computer |
| CN102129416A (en) * | 2010-12-07 | 2011-07-20 | 中国航空工业集团公司第六三一研究所 | Configuration storage system and method thereof for data communication command table |
| CN104539503A (en) * | 2014-12-11 | 2015-04-22 | 中国航空工业集团公司第六三一研究所 | Method for achieving redundancy channel data cross transmission based on 1394 bus autonomous forwarding |
| CN105354381A (en) * | 2015-11-05 | 2016-02-24 | 天津津航计算技术研究所 | Reconstruction-based FPGA multi-redundancy implementation method |
| CN105550053A (en) * | 2015-12-09 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Redundancy management method for improving availability of monitoring pair based fault tolerant system |
-
2020
- 2020-05-29 CN CN202010475060.4A patent/CN111679927A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002297531A (en) * | 2001-03-29 | 2002-10-11 | Mitsubishi Heavy Ind Ltd | Connection system of avionics apparatus for use in aircraft |
| CN101482753A (en) * | 2009-02-11 | 2009-07-15 | 北京华力创通科技股份有限公司 | Real-time simulation apparatus and system of redundancy flight control computer |
| CN102129416A (en) * | 2010-12-07 | 2011-07-20 | 中国航空工业集团公司第六三一研究所 | Configuration storage system and method thereof for data communication command table |
| CN104539503A (en) * | 2014-12-11 | 2015-04-22 | 中国航空工业集团公司第六三一研究所 | Method for achieving redundancy channel data cross transmission based on 1394 bus autonomous forwarding |
| CN105354381A (en) * | 2015-11-05 | 2016-02-24 | 天津津航计算技术研究所 | Reconstruction-based FPGA multi-redundancy implementation method |
| CN105550053A (en) * | 2015-12-09 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Redundancy management method for improving availability of monitoring pair based fault tolerant system |
Non-Patent Citations (6)
| Title |
|---|
| G AN.ET .AL: "Architeture design of aviation falut-tolerant computer based on arinc659 bus technology" * |
| 周勇; 俞大磊; 王昭: "基于ARINC659总线的容错计算机设计与实现", vol. 05, no. 05 * |
| 孙晓哲;陈宗基;顾永亮;: "基于动态重构的余度容错飞控计算机系统研究", no. 10 * |
| 徐文辉: "ARINC659总线简介", no. 02 * |
| 曹朋朋等: "ARINC 659命令表配置工具设计与实现", vol. 22, no. 7, pages 1 * |
| 李栋;张伟;闫鑫;任敏华;: "ARINC659总线接口的命令表加速器研究与设计", no. 08 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112346330A (en) * | 2020-11-03 | 2021-02-09 | 中国航空工业集团公司西安航空计算技术研究所 | Servo control computer with complex fault-tolerant structure |
| CN112346330B (en) * | 2020-11-03 | 2022-07-12 | 中国航空工业集团公司西安航空计算技术研究所 | Servo control computer with complex fault-tolerant structure |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4683564A (en) | Matrix switch system | |
| US8255095B2 (en) | Modular avionics system of an aircraft | |
| Hoyme et al. | SAFEbus | |
| CN1552028B (en) | Method and apparatus for distributed direct memory access for systems on chip | |
| CN111082949B (en) | Method for efficiently transmitting pulse data packets in brain-like computer | |
| US5778203A (en) | Aircraft display and control system with virtual backplane architecture | |
| US20180089117A1 (en) | Reconfigurable fabric accessing external memory | |
| JPH065527B2 (en) | Communication network adapter | |
| KR910017798A (en) | Comprehensive data link controller with synchronous link interface and asynchronous host processor interface | |
| CN110865958B (en) | LRM-based integrated switching management module design method | |
| CN116841932B (en) | Flexibly-connectable portable high-speed data access equipment and working method thereof | |
| EP1977566B1 (en) | Time-controlled secure communication | |
| CN101052938B (en) | Low latency data packet reception and processing | |
| CN111679927A (en) | Fault-tolerant computer of redundancy reconsitution | |
| JPS59208628A (en) | Total data processing/text processing system | |
| US6275503B1 (en) | Method for transmitting large information packets over networks | |
| Sánchez-Puebla et al. | A new approach for distributed computing in avionics systems | |
| US4868814A (en) | Multilevel concurrent communications architecture for multiprocessor computer systems | |
| US20080181242A1 (en) | Communications gateway between two entities | |
| CN110659242A (en) | MIL-STD-1553B bus protocol controller | |
| US3792439A (en) | Storage arrangement for program controlled telecommunication exchange installations | |
| CN112260915A (en) | Bus control method based on LINK networking mode of 10M 1553B avionics bus | |
| CN112232523A (en) | Domestic artificial intelligence computing equipment | |
| CN108011751A (en) | A kind of airborne FlexRay communication interfaces and method | |
| Zhao et al. | FlexRay Bus-Based Integrated Technology on Airborne Utility Management Computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |