CN116880153B - Two-in-two system, control method thereof and railway vehicle - Google Patents
Two-in-two system, control method thereof and railway vehicle Download PDFInfo
- Publication number
- CN116880153B CN116880153B CN202311148946.8A CN202311148946A CN116880153B CN 116880153 B CN116880153 B CN 116880153B CN 202311148946 A CN202311148946 A CN 202311148946A CN 116880153 B CN116880153 B CN 116880153B
- Authority
- CN
- China
- Prior art keywords
- reset
- signal
- unit
- trigger
- control subsystem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000008569 process Effects 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims description 5
- 230000001052 transient effect Effects 0.000 description 5
- 239000003990 capacitor Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012840 feeding operation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004148 unit process Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61C—LOCOMOTIVES; MOTOR RAILCARS
- B61C17/00—Arrangement or disposition of parts; Details or accessories not otherwise provided for; Use of control gear and control systems
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
- B61L15/0063—Multiple on-board control systems, e.g. "2 out of 3"-systems
Abstract
The present disclosure relates to a two-in-two system, a control method thereof, and a railway vehicle, which belongs to the technical field of vehicle control, wherein the system comprises: the watchdog unit is configured to generate a reset pulse signal when the watchdog unit does not receive the watchdog feeding signal sent by the main control unit; the reset holding unit is configured to process the reset pulse signal into a reset holding signal when receiving the reset pulse signal sent by the watchdog unit in the target control subsystem to which the reset holding unit belongs, and respectively send the reset holding signal to the main control units of the two control subsystems; and a main control unit configured to maintain a reset state when receiving a reset maintaining signal. The method and the device can avoid the problems of unstable system and unsafe system caused by frequent system switching.
Description
Technical Field
The disclosure relates to the technical field of vehicle control, in particular to a two-in-two system, a control method thereof and a railway vehicle.
Background
The control system of the track traffic system is of a two-by-two-out-of-two structure, and adopts a mode that two sets of two-out-of-two systems are mutually backed up. When the rail transit vehicle runs, two sets of systems work simultaneously, if one set of system fails, the fault system needs to be cut off from the external output as soon as possible in order to ensure the safety of personnel and vehicles, and the other set of system takes over the work immediately at the same time so as to solve the problem of the fault in time. In the two-in-two system, a watchdog circuit is generally adopted to detect faults, and when the faults occur, the two-in-two system can execute reset operation according to a reset pulse signal sent by the watchdog circuit.
In the related art, the reset pulse signal output by the watchdog of the two-in-two system is shorter, and the stable maintenance of the system in the reset state cannot be ensured, so that the system is possibly unstable and safe.
Disclosure of Invention
In order to solve the problems in the related art, the present disclosure provides a two-in-two system, a control method thereof, and a railway vehicle.
A first aspect of the present disclosure provides a two-in-two system comprising two control subsystems, each of the control subsystems comprising a watchdog unit, a reset holding unit and a master control unit, wherein:
the watchdog unit is configured to generate a reset pulse signal when the watchdog unit does not receive the watchdog feeding signal sent by the main control unit;
the reset holding unit is connected with the watchdog unit and is configured to process the reset pulse signal into a reset holding signal when receiving the reset pulse signal sent by the watchdog unit in a target control subsystem to which the reset holding unit belongs, and send the reset holding signal to the main control units of the two control subsystems respectively;
the main control unit is connected with the reset maintaining unit and is configured to maintain a reset state when receiving the reset maintaining signal.
Optionally, the reset holding units in the two control subsystems are connected;
the reset maintaining unit is further configured to receive a reset maintaining signal sent by another control subsystem, and send the reset maintaining signal sent by the other control subsystem to a main control unit in the target control subsystem, where the other control subsystem is a control subsystem except the target control subsystem in the two control subsystems.
Optionally, the reset holding unit includes:
the input end of the trigger in the target control subsystem is connected with the output end of the watchdog unit in the target control subsystem, and the output ends of the trigger in the target control subsystem are respectively connected with the main control units in the two control subsystems;
the watchdog unit is configured to set the output reset pulse signal to be low level when the watchdog unit does not receive the watchdog feeding signal of the main control unit in the target control subsystem;
and the trigger is configured to set the output end signal of the trigger to be low level and keep unchanged when the input reset pulse signal is set to be low level, so as to obtain a reset keeping signal.
Optionally, the flip-flop is a D flip-flop.
Optionally, the reset holding unit further includes:
the first input end of the AND gate circuit is connected with the output end of the trigger in the target control subsystem, the second input end of the AND gate circuit is connected with the output end of the trigger in another control subsystem, the output end of the AND gate circuit is connected with the main control unit in the target control subsystem, and the other control subsystem is a control subsystem except the target control subsystem in the two control subsystems;
the output end of the trigger in the target control subsystem is also connected with the second input end of the AND gate circuit in the other control subsystem;
the AND gate circuit is configured to output the reset hold signal to the master control unit in the target control subsystem when the first input terminal and/or the second input terminal receives the reset hold signal.
Optionally, the reset holding unit further includes:
one end of the first resistor is connected with the output end of the power supply, and the other end of the first resistor is connected with a preset bit pin of the trigger;
one end of the second resistor is connected with a preset bit pin of the trigger, and the other end of the second resistor is grounded;
the resistance value of the second resistor is larger than that of the first resistor.
A second aspect of the present disclosure provides a method for controlling a two-in-two system, applied to the two-in-two system provided in the first aspect of the present disclosure, including:
receiving a reset pulse signal sent by a watchdog unit under the condition that the watchdog unit does not receive a feeding signal sent by a main control unit;
and processing the reset pulse signal into a reset maintaining signal, and respectively sending the reset maintaining signal to the main control units of the two control subsystems so that the main control units maintain a reset state when receiving the reset maintaining signal.
Optionally, the two-in-two system includes a flip-flop that processes the reset pulse signal into a reset hold signal, including:
and when the reset pulse signal received by the input end of the trigger is set to be at a low level, setting the signal of the output end of the trigger to be at a low level and keeping the signal unchanged, so as to obtain a reset keeping signal.
Optionally, before receiving the reset pulse signal sent by the watchdog unit, the method further includes:
and after the two-out-of-two system is electrified, controlling the reset holding unit to perform preset bit operation so as to enable the output end signal of the trigger to be in a high level.
A third aspect of the present disclosure provides a rail vehicle comprising a two-out-of-two system as provided in the first aspect of the present disclosure.
In the two-in-two system disclosed by the disclosure, the reset holding unit is arranged to receive the reset pulse signal sent by the watchdog unit, the reset holding unit can process the shorter reset pulse signal into the continuous reset holding signal and send the continuous reset holding signal to the main control units in the two control subsystems respectively, and the two main control units receive the reset holding signal to keep the reset state all the time, so that the two main control units of the two-in-two system with faults keep the reset state all the time, even if the faults of the two-in-two system are transient faults, the work of controlling the vehicle is not taken over again after the faults are repaired due to the reset operation, and the problems of unstable and unsafe systems caused by frequent switching of the systems can be avoided.
Additional features and advantages of the present disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification, illustrate the disclosure and together with the description serve to explain, but do not limit the disclosure. In the drawings:
fig. 1 is a schematic diagram illustrating a two-in-two system architecture according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a method of controlling a two-in-two system according to an exemplary embodiment.
Fig. 3 is a circuit configuration diagram showing a reset holding unit in a two-out-of-two system according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The rail transit system is a highly intelligent urban traffic system, and since it can run at high speed between cities or within cities and passengers are relatively stationary within a car, the fail-safe measures therefor must be very strict.
The control system of the current control system rail transit system adopts a two-by-two-out structure, two sets of two-out systems are mutually backed up, and each set of system consists of an independent power supply, a signal processor, a controller and the like. When the rail transit vehicle runs, two sets of systems work simultaneously, one set of systems is used as a main system to control the vehicle to run, when the main system fails, the main system and the standby system are required to be switched, namely the external output of the failure system is cut off, and meanwhile, the other set of systems is switched from the standby system to the main system to take over the work of the failure system.
Specifically, the two-in-two system comprises two groups of control subsystems, each group of control subsystem comprises a watchdog unit and a main control unit, the two groups of control subsystems adopt two identical main control units to process data, simultaneously generate a group of data aiming at the same work respectively, and periodically compare the calculated results with each other through the two main control units to ensure the correctness of logic calculation, and command information is extracted from the identical calculation results to be finally executed.
When the system works normally, the main control unit which runs stably sends a dog feeding signal to the watchdog unit after executing a specific instruction or at intervals, if the watchdog unit does not receive the dog feeding signal within a certain period, the watchdog unit considers that the system is faulty, immediately interrupts an execution program, and sends a reset pulse signal to the main control unit so that the main control unit controls the two-out-of-two system to carry out reset operation. However, the reset pulse signal output from the watchdog unit is a very short pulse signal, typically several milliseconds or several tens of milliseconds, and cannot ensure that the system is stably maintained in a reset state when the system fails, possibly causing instability and safety problems of the system. For example, the first set of system is the main system, and the second set of system is the backup system, under the condition that the first set of system controls the vehicle to work, if the first set of system has a transient fault, the second set of system takes over the work of the first set of system as the main system, and simultaneously the first set of system is restored to the normal state immediately after the reset operation is executed according to the reset signal of the watchdog unit, at this time, the first set of system may take over the work of the second set of system again after the normal operation is restored, which causes unstable system and unsafe problem that may occur when the system is switched.
In order to solve the technical problems, an embodiment of the disclosure provides a two-in-two system, a control method thereof and a railway vehicle, and the specific scheme is as follows.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating a two-in-two system including two control subsystems, each of which includes a watchdog unit, a reset holding unit, and a main control unit, according to an exemplary embodiment, wherein:
the watchdog unit is configured to generate a reset pulse signal when the watchdog unit does not receive the watchdog feeding signal sent by the main control unit;
the reset holding unit is connected with the watchdog unit and is configured to process the reset pulse signal into a reset holding signal when receiving the reset pulse signal sent by the watchdog unit in the target control subsystem to which the reset holding unit belongs, and respectively send the reset holding signal to the main control units of the two control subsystems;
the main control unit is connected with the reset maintaining unit and is configured to maintain a reset state when receiving a reset maintaining signal.
Illustratively, the watchdog unit is a timer circuit for monitoring the state of the target control subsystem to which the watchdog unit belongs. When the state of the target control subsystem is normal, the main control unit outputs a dog feeding signal to the watchdog unit at intervals; when the state of the target control subsystem is abnormal, the main control unit does not output a dog feeding signal, and the watchdog unit cannot receive the dog feeding signal, and at the moment, the watchdog unit outputs a reset pulse signal to the main control unit.
The master control unit may be a CPU (Central Processing Unit ) or an MCU (Micro Controller Unit, micro control unit) as an example.
In the target control subsystem, when receiving the reset pulse signal output by the watchdog unit, the reset holding unit processes the reset pulse signal into a reset holding signal and sends the reset holding signal to the main control units of the two control subsystems, and the two main control units execute a reset operation according to the received reset holding signal. Because the reset maintaining signal is a continuous signal, the two main control units of the two-in-two system are always maintained in a reset state according to the received reset maintaining signal, and the other two-in-two system can not be taken over again after the normal operation is recovered.
It can be understood that the two control subsystems are isolated from each other, and the signal transmitted by the target control subsystem is not intercepted by the other control subsystem, that is, the reset pulse signal sent by the watchdog unit of the target control subsystem is not directly intercepted by the main control unit of the other control subsystem.
In the two-in-two system disclosed by the disclosure, the reset holding unit is arranged to receive the reset pulse signal sent by the watchdog unit, the reset holding unit can process the shorter reset pulse signal into the continuous reset holding signal and send the continuous reset holding signal to the main control units in the two control subsystems respectively, and the two main control units receive the reset holding signal to keep the reset state all the time, so that the two main control units of the two-in-two system with faults keep the reset state all the time, even if the faults of the two-in-two system are transient faults, the work of controlling the vehicle is not taken over again after the faults are repaired due to the reset operation, and the problems of unstable and unsafe systems caused by frequent switching of the systems can be avoided.
As an alternative embodiment, the reset holding units in the two control subsystems are connected;
the reset maintaining unit is further configured to receive a reset maintaining signal sent by another control subsystem, and send the reset maintaining signal sent by the other control subsystem to the main control unit in the target control subsystem, where the other control subsystem is a control subsystem except the target control subsystem in the two control subsystems.
For example, due to the mutual isolation between the two control subsystems, signals between the two control subsystems cannot be directly transferred, in one case the reset holding units in the two control subsystems may be connected to each other, and in another case the reset holding unit of the target control subsystem may be connected to the master control unit of the other control subsystem. In this embodiment, the reset holding units in the two control subsystems are connected to each other, and in this case, the reset holding signal processed by the reset holding unit in the other control subsystem is sent to the master control unit in the target control subsystem through the reset holding unit in the target control subsystem.
As an alternative embodiment, the reset holding unit includes:
the input end of the trigger in the target control subsystem is connected with the output end of the watchdog unit in the target control subsystem, and the output end of the trigger in the target control subsystem is respectively connected with the main control units in the two control subsystems;
a watchdog unit configured to set an output reset pulse signal to a low level when a dog feeding signal of a main control unit in the target control subsystem is not received;
and the trigger is configured to set the output end signal of the trigger to be low level and keep unchanged when the input reset pulse signal is set to be low level, so as to obtain a reset keeping signal.
For example, the flip-flop is a logic unit circuit with a memory function, and can store a binary code with one bit. The trigger has two stable working states, and can be switched from one stable working state to the other stable working state under the triggering of an external signal.
As an alternative embodiment, the flip-flop is a D flip-flop.
The trigger mode of the trigger includes level triggering and edge triggering, in this embodiment of the present disclosure, the trigger mode of the trigger is edge triggering, and the trigger is triggered when a falling edge signal of a clock signal end of the trigger is detected, and an input low level of a D end of the trigger is output to an output end, where the falling edge signal indicates that a high level output by the clock signal end of the trigger is converted into a low level. For an edge D flip-flop, since the circuit has a hold-up effect during the high level of the clock signal, the data state change at the D terminal does not affect the output state of the flip-flop.
As an alternative embodiment, the reset holding unit further includes:
the first input end of the AND gate circuit is connected with the output end of the trigger in the target control subsystem, the second input end of the AND gate circuit is connected with the output end of the trigger in the other control subsystem, the output end of the AND gate circuit is connected with the main control unit in the target control subsystem, and the other control subsystem is a control subsystem except the target control subsystem in the two control subsystems;
the output end of the trigger in the target control subsystem is also connected with the second input end of the AND gate circuit in the other control subsystem;
and the AND gate circuit is configured to output a reset maintaining signal to a main control unit in the target control subsystem when the first input end and/or the second input end receives the reset maintaining signal.
When the main control units in the two control subsystems normally output the feeding dog signals to the watchdog units of the corresponding control subsystems, the watchdog units of the two control subsystems output high-level reset signals, the trigger receives the high-level reset signals and outputs the high-level reset signals, the reset signals of the target control subsystem are input to the first input end of the AND gate circuit in the target control subsystem, the reset signals of the other control subsystem are input to the second input end of the AND gate circuit in the target control subsystem, and at the moment, the output signals of the AND gate circuit are normal signals to the main control unit in the target control subsystem.
For example, when the watchdog unit of the target control subsystem does not receive the feeding signal, the watchdog unit sets the reset signal from the high level to the low level, at this time, the level of the input end of the trigger is also set to the low level, that is, the signal of the input end of the trigger is a falling edge signal, the trigger stabilizes the reset signal in a low level state, outputs a low level reset holding signal, and simultaneously outputs the reset holding signal to the first input end of the and circuit in the target control subsystem and the second input end of the and circuit in the other control subsystem, and in this state, the and circuits of the two control subsystems both output the low level reset holding signal to the master control unit in the corresponding control subsystem.
As an alternative embodiment, the reset holding unit further includes:
one end of the first resistor is connected with the output end of the power supply, and the other end of the first resistor is connected with a preset bit pin of the trigger;
one end of the second resistor is connected with a preset bit pin of the trigger, and the other end of the second resistor is grounded;
the resistance value of the second resistor is larger than that of the first resistor.
In this case, when the power supply is turned on to supply power to the flip-flop, the voltage divided by the second resistor approximates to the voltage output by the power supply, and the signal of the preset bit pin is set to a high level from an initial low level.
Referring to fig. 2, fig. 2 is a flowchart illustrating a control method of a two-in-two system according to an exemplary embodiment, which is applied to the two-in-two system described above, and includes the following steps.
S101, receiving a reset pulse signal sent by the watchdog unit under the condition that the watchdog unit does not receive the watchdog feeding signal sent by the main control unit.
S102, processing the reset pulse signals into reset maintaining signals, and respectively sending the reset maintaining signals to the main control units of the two control subsystems so that the main control units maintain a reset state when receiving the reset maintaining signals.
In the target control subsystem, when the watchdog unit does not receive the watchdog feeding signal sent by the main control unit, the watchdog unit sends a reset pulse signal, and when the reset pulse signal output by the watchdog unit is received by the reset holding unit, the reset pulse signal is processed into a continuous reset holding signal and sent to the main control units of the two control subsystems, and the two main control units execute reset operation according to the received reset holding signal. Because the reset maintaining signal is a continuous signal, the main control unit continuously executes the reset operation according to the received continuous reset maintaining signal, and the operation of another set of system is not taken over again after the normal state is restored.
In the two-in-two system disclosed by the disclosure, the reset holding unit is arranged to receive the reset pulse signal sent by the watchdog unit, the reset holding unit can process the shorter reset pulse signal into the continuous reset holding signal and send the continuous reset holding signal to the main control units in the two control subsystems respectively, the two main control units receive the reset holding signal and keep the reset state all the time, so that the two main control units of the two-in-two system with faults keep the reset state all the time, and the work of controlling the vehicle can not be taken over again after the fault is repaired due to the reset operation under the state that the two-in-two system with faults are transient faults, and the problems of unstable and unsafe system caused by frequent switching of the systems can be avoided.
As an alternative embodiment, the two-in-two system includes a flip-flop that processes a reset pulse signal into a reset hold signal, including:
when the reset pulse signal received by the input end of the trigger is set to be low level, the signal of the output end of the trigger is set to be low level and kept unchanged, and a reset keeping signal is obtained.
When the trigger receives the falling edge signal, the trigger output end signal is set to be in a low level state and is stabilized in a low level state, a reset maintaining signal is obtained, and the trigger outputs the low level reset maintaining signal to the main control unit of the target control subunit, so that the main control unit maintains the reset state according to the received low level reset maintaining signal.
As an alternative embodiment, before receiving the reset pulse signal sent by the watchdog unit, the method further comprises:
after the two-out-of-two system is powered on, the reset holding unit is controlled to perform preset bit operation so that the output end signal of the trigger is high level.
For example, after the two-out-of-two system is powered on each time, the reset holding unit is controlled to perform preset bit operation, so that the level signal of each pin of the trigger is in an initial state, and at this time, the output end signal of the trigger is in a high level. When the watchdog unit outputs a reset pulse signal with low level, the falling edge of the input end of the trigger arrives, and the trigger sets the signal of the output end to be low level and keeps unchanged.
Referring to fig. 3, fig. 3 is a circuit configuration diagram illustrating a reset holding unit in a two-out-of-two system according to an exemplary embodiment, and as shown in fig. 3, the reset holding unit includes:
the trigger U1, the voltage input terminal pin VCC and the ground pin GND are connected with the output terminal of the power supply 1 and then grounded;
one end of the capacitor C1 is connected with a common contact point of the output end of the power supply 1 and the voltage input end pin VCC of the trigger U1, and the other end of the capacitor C is grounded after being commonly connected with the grounding pin GND of the trigger U1;
one end of the resistor R1 is connected with the output end of the power supply 1, and the other end of the resistor R1 is connected with the zero setting pin CLR of the trigger U1;
one end of the resistor R2 is connected with the input end of the D end of the trigger U1, and the other end of the resistor R is grounded;
one end of the resistor R3 is connected with the output end of the power supply 2, and the other end of the resistor R3 is connected with a preset bit pin PRE of the trigger U1;
one end of the resistor R4 is connected with a preset bit pin PRE of the trigger U1, and the other end of the resistor R is grounded;
one end of the resistor R5 is connected with the output end of the watchdog unit, and the other end of the resistor R5 is connected with the clock signal input end CLK of the trigger U1;
the first input end B of the AND circuit U2 is connected with the output end Q of the trigger U1 of the target control subunit, the second input end A is connected with the output end Q of the trigger U1 of the other control subunit, the grounding pin GND is grounded, the voltage input end pin VCC is connected with the output end of the power supply 1, and the output end pin Y is connected with the main control unit of the target control subunit;
the output end Q of the trigger U1 is also connected with the second output end of the AND gate circuit U2 in the other control subunit;
one end of the capacitor C2 is connected with the output end of the power supply 1, and the other end of the capacitor C is grounded.
Specifically, the "watchdog reset signal" shown in fig. 3 is a reset signal output by the watchdog unit, "the reset signal given to the other channel" is a reset signal processed by the trigger U1 in the target control subsystem, "the reset signal from the other channel" is a reset signal processed by the trigger U1 in the other control subsystem, "the reset signal output to the CPU of the present channel" is a reset signal output after being judged by the and circuit, and the CPU is the main control unit. It will be appreciated that in the case where the watchdog unit outputs a reset pulse signal, the "watchdog reset signal" is set to a low level, and the flip-flop U1 will process the reset pulse signal to a reset hold signal of a low level.
Illustratively, the logic truth table for flip-flop U1 in the present disclosure is shown in Table 1 below. Wherein, PRE represents the preset bit pin PRE, which is active low, and when the input signal of the preset bit pin PRE is low, the output signal of the output terminal Q is set to high. CLR represents zero pin CLR, active low. When the input signal of the zero setting pin CLR is low, the output signal of the output terminal Q is low. CLK represents the clock signal input CLK, and the falling edge triggers, when the clock signal input CLK comes, the input signal of the D terminal input is output to the output terminal Q. D represents the input signal at the input of the D terminal. Q represents the output Q. L represents a low level. H represents a high level. The signal of the pin X may be in any state. The downward arrow symbol "∈" indicates a falling edge. Q (Q) 0 The output signal of the output terminal Q is in the original signal state, for example, the output signal of the output terminal Q is at a high level, and when both of PRE, CLR, CLK and D are at a high level, the output signal of the output terminal Q is still at a high level.
For example, after the two-out-of-two system is powered up, the reset holding unit first performs a preset bit operation. When the power supply 1 is switched on and the trigger U1 starts to work under the action of the power supply 1, the states of all pins of the trigger U1 are as follows: the zero setting pin CLR is at high level, the input signal of the input end of the D end is at low level, and the preset bit pin PRE is at low level. As can be seen from Table 1, this state is the first state of Table 1, and the output terminal Q of the flip-flop U1 outputs a high level. And the AND gate circuit U2 outputs a high-level reset signal to the main control unit of the target control subsystem after receiving the high-level reset pulse signal of the target control subsystem and the high-level reset pulse signal of the other control subsystem, and the main control unit enters a normal starting-up flow.
For example, the power supply 2 is turned on when the main control unit performs a power-on flow. The power supply 2 is divided by the resistor R3 and the resistor R4 and then is supplied to the preset bit pin PRE. Since the resistance of the resistor R4 is far greater than that of the resistor R3, the voltage of the preset bit pin PRE approaches the voltage of the power supply 2, and at this time, the signal of the preset bit pin PRE changes from low level to high level, and the watchdog unit pulls the reset signal high to high level. As can be seen from Table 1, this state is the fourth state of Table 1. At this time, the output terminal Q of the flip-flop U1 is kept in the previous output state Q 0 。
After the main control unit is started and self-checked, the two-out-of-two system enters a normal working mode, at the moment, the main control unit performs normal dog feeding operation, and the watchdog unit enters a monitoring mode. When the watchdog unit monitors that the main control unit of the target control subsystem is abnormal, the watchdog unit outputs a reset pulse signal, and the reset pulse signal enables the reset signal to be converted into a low level from a high level, and the reset signal is restored to the high level after being maintained for a few milliseconds or tens of milliseconds. The flip-flop U1 is an edge-triggered D flip-flop, and when the flip-flop U1 detects a falling edge of the clock signal input terminal CLK, the flip-flop U1 transmits a signal of the D terminal input terminal to the output terminal Q. Since the D-terminal input is always kept in the low state, the output Q is set to the low level at this time. And the D trigger triggered by the falling edge has the input end of the D end and the output end Q kept in a low level state all the time, and even if the clock signal input end CLK receives the falling edge pulse again later, the state of the output end Q of the trigger U1 is not changed any more and is kept in a reset state all the time.
As described above, when the flip-flop U1 detects the falling edge of the CLK pin for the first time, it outputs a low level at the output terminal Q and remains in a low level state. The low level of the output end Q is input to the AND gate circuit U2, and at this time, the Y pin of the AND gate circuit U2 outputs a low level reset signal to the main control unit in the target control subsystem, and the main control unit always keeps in a reset state under the action of the low level reset holding signal.
Embodiments of the present disclosure also provide a rail vehicle comprising a two-to-two system as described above.
For example, a railway vehicle generally adopts a two-by-two system, the two-by-two system comprises two groups of two-by-two systems, the two groups of two-by-two systems can be divided into a main system and a standby system, the main system is used for executing control operation of the railway vehicle, the standby system is used as an alternative, when the main system fails, the standby system takes over the work of the main system, and simultaneously, the output of the failed main system to the outside is cut off so as to solve the failure problem of the main system in time.
In the embodiment of the disclosure, in order to avoid the unsafe problems that when the fault of the main system is a transient fault, the standby system takes over the work of the main system, and the main system returns to normal after being reset and takes over the work of the standby system again, the system is unstable and the system is frequently switched. According to the two-in-two system, the reset pulse signals are processed into the continuous reset maintaining signals through the reset maintaining unit, after the main system fails, the failure main system is always maintained in a reset state according to the reset maintaining signals, namely the main system cannot take over the work of the backup system again at the moment, the stability of the system is ensured, and unsafe problems possibly occurring in the process of frequently switching the system are avoided.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (8)
1. The two-in-two system is characterized by comprising two control subsystems, wherein each control subsystem comprises a watchdog unit, a reset holding unit and a main control unit, and the two control subsystems comprise:
the watchdog unit is configured to generate a reset pulse signal when the watchdog unit does not receive the watchdog feeding signal sent by the main control unit;
the reset holding unit is connected with the watchdog unit and is configured to process the reset pulse signal into a reset holding signal when receiving the reset pulse signal sent by the watchdog unit in a target control subsystem to which the reset holding unit belongs, and send the reset holding signal to the main control units of the two control subsystems respectively;
the main control unit is connected with the reset maintaining unit and is configured to maintain a reset state when receiving the reset maintaining signal;
the reset maintaining unit is further configured to receive a reset maintaining signal sent by another control subsystem, and send the reset maintaining signal sent by the other control subsystem to a main control unit in the target control subsystem, where the other control subsystem is a control subsystem except the target control subsystem in the two control subsystems;
the reset holding unit further includes:
the input end of the trigger in the target control subsystem is connected with the output end of the watchdog unit in the target control subsystem, and the trigger is configured to process the reset pulse signal into a reset holding signal;
the first input end of the AND gate circuit is connected with the output end of the trigger in the target control subsystem, the second input end of the AND gate circuit is connected with the output end of the trigger in the other control subsystem, and the output end of the AND gate circuit is connected with the main control unit in the target control subsystem;
the output end of the trigger in the target control subsystem is also connected with the second input end of the AND gate circuit in the other control subsystem;
the AND gate circuit is configured to output the reset hold signal to the master control unit in the target control subsystem when the first input terminal and/or the second input terminal receives the reset hold signal.
2. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the watchdog unit is further configured to set the output reset pulse signal to a low level when the watchdog feeding signal of the main control unit in the target control subsystem is not received;
the trigger is further configured to set the output end signal of the trigger to be low level and keep unchanged when the input reset pulse signal is set to be low level, so as to obtain a reset keeping signal.
3. The system of claim 2, wherein the flip-flop is a D flip-flop.
4. A system according to any one of claims 1-3, wherein the reset holding unit further comprises:
one end of the first resistor is connected with the output end of the power supply, and the other end of the first resistor is connected with a preset bit pin of the trigger;
one end of the second resistor is connected with a preset bit pin of the trigger, and the other end of the second resistor is grounded;
the resistance value of the second resistor is larger than that of the first resistor.
5. A method for controlling a two-in-two system according to any one of claims 1 to 4, comprising:
receiving a reset pulse signal sent by a watchdog unit under the condition that the watchdog unit does not receive a feeding signal sent by a main control unit;
and processing the reset pulse signal into a reset maintaining signal, and respectively sending the reset maintaining signal to the main control units of the two control subsystems so that the main control units maintain a reset state when receiving the reset maintaining signal.
6. The control method according to claim 5, characterized in that processing the reset pulse signal into a reset hold signal includes:
and when the reset pulse signal received by the input end of the trigger is set to be at a low level, setting the signal of the output end of the trigger to be at a low level and keeping the signal unchanged, so as to obtain a reset keeping signal.
7. The control method according to claim 6, characterized in that before receiving the reset pulse signal transmitted by the watchdog unit, the method further comprises:
and after the two-out-of-two system is electrified, controlling the reset holding unit to perform preset bit operation so as to enable the output end signal of the trigger to be in a high level.
8. A rail vehicle comprising a two-out system according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311148946.8A CN116880153B (en) | 2023-09-07 | 2023-09-07 | Two-in-two system, control method thereof and railway vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311148946.8A CN116880153B (en) | 2023-09-07 | 2023-09-07 | Two-in-two system, control method thereof and railway vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116880153A CN116880153A (en) | 2023-10-13 |
| CN116880153B true CN116880153B (en) | 2024-01-09 |
Family
ID=88255482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311148946.8A Active CN116880153B (en) | 2023-09-07 | 2023-09-07 | Two-in-two system, control method thereof and railway vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116880153B (en) |
Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4371871A (en) * | 1981-01-30 | 1983-02-01 | Reuters Limited | Alert message communication system |
| JPH01298446A (en) * | 1988-05-27 | 1989-12-01 | Sumitomo Electric Ind Ltd | Double microcomputer system runaway preventing circuit |
| JPH0380303A (en) * | 1989-08-23 | 1991-04-05 | Shimadzu Corp | Duplexing device |
| JPH0823338A (en) * | 1994-07-07 | 1996-01-23 | Hitachi Ltd | Duplicate line communication equipment |
| JPH0884101A (en) * | 1994-09-12 | 1996-03-26 | Fujitsu Ltd | Radio line switching control system |
| JPH09212201A (en) * | 1996-01-31 | 1997-08-15 | Matsushita Electric Ind Co Ltd | Control circuit for production facility |
| JPH09282024A (en) * | 1996-04-09 | 1997-10-31 | Nissan Motor Co Ltd | Monitoring device for electronic control unit |
| JP2000209458A (en) * | 1999-01-19 | 2000-07-28 | Fujitsu Ltd | Video interface circuit |
| JP2003300438A (en) * | 2002-04-10 | 2003-10-21 | Nissan Shatai Co Ltd | Watchdog-monitoring apparatus |
| JP2003345676A (en) * | 2003-05-01 | 2003-12-05 | Mitsubishi Electric Corp | Dual-memory system |
| CN101876928A (en) * | 2009-11-13 | 2010-11-03 | 北京全路通信信号研究设计院 | Synchronization method and device of double 2-vote-2 system |
| CN102229345A (en) * | 2011-05-16 | 2011-11-02 | 铁道部运输局 | Novel CTCS (Chine train control system)-level-3 train control system vehicle-mounted device based on wireless communication |
| CN102237837A (en) * | 2010-04-28 | 2011-11-09 | 瑞萨电子株式会社 | Power drive control device and power device |
| CN102830647A (en) * | 2012-08-31 | 2012-12-19 | 北京和利时系统工程有限公司 | Double 2-vote-2 device for fail safety |
| CN103095502A (en) * | 2013-01-23 | 2013-05-08 | 深圳市磊科实业有限公司 | One-way inter-integrated circuit (IIC) unit frame management system of dynamic double unit switch mechanism |
| CN106201971A (en) * | 2016-07-01 | 2016-12-07 | 中国铁道科学研究院 | A kind of railway signal safety computer platform based on bus synchronous verification |
| CN207115391U (en) * | 2017-06-23 | 2018-03-16 | 北京安控科技股份有限公司 | A kind of automatic reset circuit |
| CN111858456A (en) * | 2020-08-13 | 2020-10-30 | 北京星际荣耀空间科技有限公司 | Arrow-mounted full-triple-modular redundancy computer system architecture |
| CN112486062A (en) * | 2020-11-23 | 2021-03-12 | 西安航天动力试验技术研究所 | Rocket engine test dual-machine real-time control system and switching method |
| JP2021052560A (en) * | 2019-09-26 | 2021-04-01 | 株式会社ジェイテクト | Power supply device |
| CN217606356U (en) * | 2021-12-31 | 2022-10-18 | 龙芯中科(成都)技术有限公司 | Switching control circuit, mainboard and electronic equipment |
| CN115687230A (en) * | 2022-11-10 | 2023-02-03 | 航天科工火箭技术有限公司 | Arrow-mounted triple-modular redundancy computer system |
-
2023
- 2023-09-07 CN CN202311148946.8A patent/CN116880153B/en active Active
Patent Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4371871A (en) * | 1981-01-30 | 1983-02-01 | Reuters Limited | Alert message communication system |
| JPH01298446A (en) * | 1988-05-27 | 1989-12-01 | Sumitomo Electric Ind Ltd | Double microcomputer system runaway preventing circuit |
| JPH0380303A (en) * | 1989-08-23 | 1991-04-05 | Shimadzu Corp | Duplexing device |
| JPH0823338A (en) * | 1994-07-07 | 1996-01-23 | Hitachi Ltd | Duplicate line communication equipment |
| JPH0884101A (en) * | 1994-09-12 | 1996-03-26 | Fujitsu Ltd | Radio line switching control system |
| JPH09212201A (en) * | 1996-01-31 | 1997-08-15 | Matsushita Electric Ind Co Ltd | Control circuit for production facility |
| JPH09282024A (en) * | 1996-04-09 | 1997-10-31 | Nissan Motor Co Ltd | Monitoring device for electronic control unit |
| JP2000209458A (en) * | 1999-01-19 | 2000-07-28 | Fujitsu Ltd | Video interface circuit |
| JP2003300438A (en) * | 2002-04-10 | 2003-10-21 | Nissan Shatai Co Ltd | Watchdog-monitoring apparatus |
| JP2003345676A (en) * | 2003-05-01 | 2003-12-05 | Mitsubishi Electric Corp | Dual-memory system |
| CN101876928A (en) * | 2009-11-13 | 2010-11-03 | 北京全路通信信号研究设计院 | Synchronization method and device of double 2-vote-2 system |
| CN102237837A (en) * | 2010-04-28 | 2011-11-09 | 瑞萨电子株式会社 | Power drive control device and power device |
| CN102229345A (en) * | 2011-05-16 | 2011-11-02 | 铁道部运输局 | Novel CTCS (Chine train control system)-level-3 train control system vehicle-mounted device based on wireless communication |
| CN102830647A (en) * | 2012-08-31 | 2012-12-19 | 北京和利时系统工程有限公司 | Double 2-vote-2 device for fail safety |
| CN103095502A (en) * | 2013-01-23 | 2013-05-08 | 深圳市磊科实业有限公司 | One-way inter-integrated circuit (IIC) unit frame management system of dynamic double unit switch mechanism |
| CN106201971A (en) * | 2016-07-01 | 2016-12-07 | 中国铁道科学研究院 | A kind of railway signal safety computer platform based on bus synchronous verification |
| CN207115391U (en) * | 2017-06-23 | 2018-03-16 | 北京安控科技股份有限公司 | A kind of automatic reset circuit |
| JP2021052560A (en) * | 2019-09-26 | 2021-04-01 | 株式会社ジェイテクト | Power supply device |
| CN111858456A (en) * | 2020-08-13 | 2020-10-30 | 北京星际荣耀空间科技有限公司 | Arrow-mounted full-triple-modular redundancy computer system architecture |
| CN112486062A (en) * | 2020-11-23 | 2021-03-12 | 西安航天动力试验技术研究所 | Rocket engine test dual-machine real-time control system and switching method |
| CN217606356U (en) * | 2021-12-31 | 2022-10-18 | 龙芯中科(成都)技术有限公司 | Switching control circuit, mainboard and electronic equipment |
| CN115687230A (en) * | 2022-11-10 | 2023-02-03 | 航天科工火箭技术有限公司 | Arrow-mounted triple-modular redundancy computer system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116880153A (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| SE454730B (en) | PROCEDURE AND COMPUTER EQUIPMENT FOR SHORT-FREE REPLACEMENT OF THE ACTIVITY FROM ACTIVE DEVICES TO EMERGENCY UNITS IN A CENTRAL UNIT | |
| CN114003173B (en) | Power-down protection system of storage device and storage device | |
| US20150370296A1 (en) | Power Sequencing by Slave Power Sequencers Sharing a Command Bus | |
| WO2018229930A1 (en) | Controller | |
| CN109558278B (en) | Dual-redundancy CPU control board based on DSP and CPLD | |
| CN103970640A (en) | Method and system for processing system temperature sensor fault of server | |
| CN115809164A (en) | Embedded equipment, embedded system and hierarchical reset control method | |
| CN116880153B (en) | Two-in-two system, control method thereof and railway vehicle | |
| JPS6128142B2 (en) | ||
| CN110422343B (en) | On-orbit maintenance method of attitude and orbit control computer on satellite | |
| WO2001016678A1 (en) | Programmable controller system and method for resetting programmable controller system | |
| CN108092752B (en) | Main control unit hot backup method and device based on train operation control system | |
| US20140214181A1 (en) | Control system for software termination protection | |
| CN112131055B (en) | Multi-mode three-motor dynamic fault-tolerant system | |
| RU2684348C1 (en) | Method, system and apparatus for treating two control unit trains | |
| JPH04268643A (en) | Information processing system | |
| CN107942647B (en) | Control circuit and control method for signal system safety power supply | |
| JP2015038688A (en) | Memory unit | |
| CN218974796U (en) | Multiple redundancy control system | |
| JPS59148968A (en) | Automatic operation device | |
| CN212009370U (en) | Distributed control equipment of power plant | |
| CN113650498B (en) | Power-on method and device of electric vehicle, electric vehicle and storage medium | |
| JP2782784B2 (en) | Microcomputer control device | |
| US20220048393A1 (en) | Power system controller failsafe cycling protection | |
| JP3080882B2 (en) | Data backup and restoration system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |