CN116881920B - Safety voting system and method based on code simulator - Google Patents
Safety voting system and method based on code simulator Download PDFInfo
- Publication number
- CN116881920B CN116881920B CN202310763029.4A CN202310763029A CN116881920B CN 116881920 B CN116881920 B CN 116881920B CN 202310763029 A CN202310763029 A CN 202310763029A CN 116881920 B CN116881920 B CN 116881920B
- Authority
- CN
- China
- Prior art keywords
- code
- voting
- safety
- simulator
- simulators
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012545 processing Methods 0.000 claims abstract description 29
- 230000015654 memory Effects 0.000 claims abstract description 13
- 238000004088 simulation Methods 0.000 claims 5
- 230000006870 function Effects 0.000 abstract description 3
- 230000001360 synchronised effect Effects 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/52—Program synchronisation; Mutual exclusion, e.g. by means of semaphores
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Hardware Redundancy (AREA)
Abstract
The invention relates to a safety voting system and method based on a code simulator. Comprising the following steps: a multi-core processing device; the code simulator comprises a plurality of code simulators which are respectively bound with one processing core in the multi-core processing device, and the operation of the code simulators is independently carried out by the processing cores bound with the code simulators; a clock synchronization device for coordinating the synchronous operation of the code simulators on each core; and the safety voting device receives and compares the operation results of the safety application program and outputs the operation results to the outside based on the comparison results. Therefore, the architecture of the safe computer platform is completely independent of the selection of hardware components, a general server meeting the CPU and memory standards in the market can be selected, the architecture of the platform is simple, and the function of the safe platform can be born by only one server.
Description
Technical Field
The invention relates to a safety voting system and a safety voting method, belongs to the field of safety control, and particularly relates to a safety voting system and a safety voting method based on a code simulator.
Background
The safe computer platform technology has wide application in rail transit, aerospace and nuclear power at present, and the technology is generally designed in a multimode redundancy mode according to the principle of fault-safety. In the field of rail transit, the current domestic and foreign security computer platform system architecture adopts a three-by-two or two-by-two architecture mode, and the correctness of the result is judged mainly by means of multi-channel mutual monitoring and a plurality of results.
As shown in fig. 1, a prior art secure computer platform architecture design is shown. The system adopts two independent CPU calculation modules to solve the independence problem, adopts a periodic self-checking mode to independently detect the CPU, the internal memory and the basic failure rate of a single board card to solve single-point faults, solves common-cause faults through failure analysis of components, adopts safety protection measures to process when the faults occur, and does not harm and output the outside. The two CPUs in each period vote each other on the result to be output by the two CPUs and the result to be output by the other CPU, only the voting coincidence is achieved, and any one CPU voting non-coincidence does not produce external output. As shown in fig. 2, the system includes a CPU computing module, a storage module, a communication module, a voting module, a back plate module, a power supply module, and the like, and is of various kinds.
However, the following disadvantages are caused by the above-mentioned method: the scheme depends on the selection of hardware components, can not select a general server which can be purchased in the market, can only be produced in a customized mode, and can cause spare parts to be influenced on an opened project and new selection change if the components are stopped in the follow-up process, and the authentication of a hardware architecture can be carried out again, so that economic loss and time cost loss are caused; the architecture is complex, and there are a CPU computing module, a storage module, a communication module, a voting module, a back plate module, a power supply module, etc., and the failure of each module affects the usability of the whole system.
Therefore, the improvement of the secure computing platform in the prior art to meet the requirements of the existing application is a technical problem which needs to be solved currently.
Disclosure of Invention
The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.
The invention mainly aims to solve the technical problems in the prior art and provides a security voting system and method based on a code simulator. The system and the method have simple architecture, and can bear the function of the safety platform only by one server.
In order to solve the problems, the scheme of the invention is as follows:
a code simulator based security voting system comprising:
a multi-core processing device (hardware) comprising a plurality of independently operating processing cores;
the code simulator comprises a plurality of code simulators which are respectively bound with one processing core in the multi-core processing device, wherein each code simulator can run an independent safety application program, and the operation of the code simulator is independently carried out by the processing core bound with the code simulator;
clock synchronization means (hardware + software), including hardware and software capable of periodically generating a clock synchronization signal.
The security voting device (hardware+software) includes software capable of securely receiving and comparing the output of the security application and hardware on which the software operates. The safety comparison device receives and compares the operation result of the safety application program and outputs the operation result to the outside based on the comparison result.
Preferably, in the above-mentioned security voting system based on a code simulator, the memory address in the multi-core processing device to which each code module is bound is discontinuous.
Preferably, in the above safety voting system based on a code simulator, the multi-core processing device is an IA32 architecture.
A method of code simulator based security voting, comprising:
and binding a plurality of code simulators with processing cores in a plurality of independently operated multi-core processing devices one by one, wherein the operation of the code simulators is independently carried out by the processing cores bound with the code simulators. Independently running multiple instances of the same security application program in the code simulator respectively, and periodically running; the clock synchronization device generates a clock signal at a fixed period and simultaneously transmits the clock signal to the security application program in the code simulator. After the secure application receives the clock signal, the secure application initiates operation of the cycle. The above examples of security applications are thus run synchronously; and the safety voting device receives and compares the operation results of the safety application program, and if the consistency of the operation results meets the requirement, safety output is generated externally, otherwise, the output is stopped.
Preferably, in the above-mentioned security voting method based on a code simulator, the memory address in the multi-core processing device bound by each code module is discontinuous.
Preferably, in the above-mentioned security voting method based on a code simulator, the multi-core processing device is an IA32 architecture.
Therefore, compared with the prior art, the invention has the advantages that: the architecture of the safe computer platform is completely independent of the type selection of hardware components, a general server meeting the CPU and memory standards in the market can be selected, the architecture of the platform is simple, and the function of the safe platform can be born by only one server.
Drawings
The accompanying drawings, which are incorporated herein and form a part of the specification, illustrate embodiments of the present invention and, together with the description, further serve to explain the principles of the invention and to enable a person skilled in the pertinent art to make and use the disclosure.
FIGS. 1-2 illustrate a security voting system frame diagram as referred to in the background of the invention;
FIG. 3 illustrates a schematic diagram of a security voting system in an embodiment of the invention;
FIG. 4 illustrates a flow chart of a security voting method in an embodiment of the invention;
embodiments of the present invention will be described with reference to the accompanying drawings.
Detailed Description
Examples
In this embodiment, a security voting system based on a code simulator is provided first. As shown in fig. 3, the system is preferably based on the IA32 architecture. The IA32 architecture is an intel 32-bit architecture.
As shown in FIG. 3, the system adopts at least 4 cores of CPU universal servers and adopts commercial operating systems (such as Linux, windows, vxworks and the like).
In this embodiment, a security system with SIL (security integrity level) is operated with 4 identical applications. Each secure application runs in its own IA32 architecture based core code simulator, which binds the CPU independent cores.
As a preferred mode, 4 code simulators are respectively bound with discontinuous memories so as to reduce the probability of common-cause faults among different code simulators. After the 4 programs are started, waiting for the synchronizing signal of the clock synchronizing module.
Upon receipt of the clock synchronization signal, the 4 secure applications simultaneously initiate a processing cycle. In the period, the application program 1 is taken as a source, and the application programs 2 to 4 are synchronized with the application program 1 according to the instruction of the security voting module, and the synchronization content comprises synchronization input data and an intermediate state.
After the synchronization is successful, the 4 programs reach the same state, then the operation task of the period is executed, and the result is sent to the safety voting equipment for comparison. If at least 3 programs in the 4 compared results are consistent in the specified period time, the safety comparison program outputs a consistent result to the outside, and simultaneously, the code simulator with inconsistent output results or no output is closed, so that the code simulator is prevented from generating a hazard result due to faults; if at least 3 consistent output results are not received within the specified period time, the comparison program does not output the results.
The safety voting device automatically acquires the application programs with the consistent output results and the front serial numbers, and sends the serial numbers to all the application programs in a synchronous mode, and the application programs are used as sources to complete the period synchronization in the next running period.
Each code simulator should also carry out self-checking on the CPU core and the memory area which are bound respectively every cycle, and if the self-checking finds out faults, the code simulator can be closed by itself so as to prevent the application programs or the safety comparison programs on the code simulator from generating harmful output.
In this embodiment, a CPU having at least 4 cores, a 4G memory, and commercial operating systems such as Windows or Linux are preferably selected; the 4 IA32 code simulators are respectively bound with 4 cores of the CPU, so that each core of the CPU is calculated by the independent IA32 code simulators; the memory bound by each IA32 code simulator is discontinuous; application 1 through application 4 each run in the IA32 code simulator described above.
As shown in fig. 4, a code simulator-based security voting method is provided in this embodiment, and the method is based on the code simulator-based security voting system shown in fig. 2.
After the general computer is powered on and waits for clock synchronization, after receiving a clock synchronization signal, the application programs 2-4 synchronize with the application program 1 according to the instruction of the security voting device, and after the application program synchronization is successful, the calculation is started.
When the safety voting equipment receives at least 3 identical results in the same period, outputting the results; the security voting device automatically acquires the application program with the front sequence number (the application program with the output result the same as that of other application programs), sends the sequence number to the other application programs, and indicates the next period of each application program to synchronize data from the application program.
Each cycle of the code simulator automatically carries out self-checking on the bound CPU core and the divided memory. If the self-check is not passed, the safety application program on the self-check is closed to prevent the safety application program from generating harmful output.
As can be seen from the above description, the architecture of the secure computer platform of the present embodiment is completely independent of the selection of hardware components, and a general server meeting the CPU and memory standards in the market can be selected.
While, for purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated that the methodologies are not limited by the order of acts, as some acts may, in accordance with one or more embodiments, occur in different orders and/or concurrently with other acts from that shown and described herein or not shown and described herein, as would be understood and appreciated by those skilled in the art.
Note that references in the specification to "one embodiment," "an embodiment," "example embodiments," "some embodiments," etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Furthermore, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (6)
1. A code simulator based security voting system comprising:
the multi-core processing device comprises a plurality of processing cores which independently run;
the code simulation device comprises a plurality of code simulators which are respectively bound with one processing core in the multi-core processing device, wherein independent safety application programs can be operated in each code simulator, and the operation of the code simulators is independently carried out by the processing core bound with the code simulators;
a clock synchronization device which generates a clock signal in a fixed period, and all the code simulation devices work cooperatively according to the clock signal periodically;
the safety voting device receives the operation result of the code simulation device, compares the operation result of the code simulation device and outputs the operation result to the outside based on the comparison result;
if at least 3 programs in the 4 results compared by the safety voting device are consistent in the specified period time, outputting a consistent result, and closing a code simulator with inconsistent output results or without output; if the safety voting device does not receive at least 3 consistent output results within the specified period time, the safety voting device does not output the output; the safety voting device automatically acquires the application programs with the output results consistent with the front sequence numbers, and sends the sequence numbers to all the application programs synchronously, so that the application programs are used as the source to complete the period synchronization in the next running period.
2. The code simulator based security voting system according to claim 1, wherein the memory addresses in the multi-core processing device to which at least one code module is bound are discontinuous.
3. The code simulator based security voting system of claim 1, wherein the multi-core processing device is an IA32 architecture.
4. A method of code simulator based security voting comprising:
binding a plurality of code simulators with processing cores in a plurality of independently operated multi-core processing devices respectively, wherein the operation of the code simulators is independently carried out by the processing cores bound with the code simulators; each code simulator can run a separate security application;
all the code simulation devices work cooperatively according to the clock signal periodicity; receiving and comparing the operation result of the security application program in the code simulator;
the clock synchronization device generates a clock signal in a fixed period, sends the clock signal to a security application program in the code simulator, the security application program operates periodically, and starts the operation of the period after receiving the clock signal, and outputs the clock signal based on a comparison result;
when the safety voting equipment receives at least 3 identical results in the same period, outputting the results; the security voting device automatically acquires the application program with the output result of the front sequence number identical with the output result of other application programs, and sends the sequence number to the other application programs to instruct the next period of each application program to synchronize data from the application program.
5. The method of claim 4, wherein the memory addresses in the multi-core processing device to which each code module is bound are discontinuous.
6. The method of claim 4, wherein the multi-core processing device is an IA32 architecture.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310763029.4A CN116881920B (en) | 2023-06-27 | 2023-06-27 | Safety voting system and method based on code simulator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310763029.4A CN116881920B (en) | 2023-06-27 | 2023-06-27 | Safety voting system and method based on code simulator |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116881920A CN116881920A (en) | 2023-10-13 |
| CN116881920B true CN116881920B (en) | 2024-03-26 |
Family
ID=88256005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310763029.4A Active CN116881920B (en) | 2023-06-27 | 2023-06-27 | Safety voting system and method based on code simulator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116881920B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1979422A (en) * | 2005-12-02 | 2007-06-13 | 凌阳科技股份有限公司 | Simulation device for obtaining applied programe code execution-ratio and method therefor |
| US7877627B1 (en) * | 2008-12-18 | 2011-01-25 | Supercon, L.L.C. | Multiple redundant computer system combining fault diagnostics and majority voting with dissimilar redundancy technology |
| CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | Document safety access control method and device based on Linux kernel |
| CN109634171A (en) * | 2018-12-06 | 2019-04-16 | 通号万全信号设备有限公司 | Double-core twin-lock step two takes two frameworks and its security platform |
| CN113127270A (en) * | 2021-04-01 | 2021-07-16 | 北京交通大学 | Cloud computing-based 2-out-of-3 safety computer platform |
| CN116257389A (en) * | 2023-05-16 | 2023-06-13 | 北京城建智控科技股份有限公司 | Synchronization method of two-by-two-out-of-two platform based on full electronic interlocking system |
-
2023
- 2023-06-27 CN CN202310763029.4A patent/CN116881920B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1979422A (en) * | 2005-12-02 | 2007-06-13 | 凌阳科技股份有限公司 | Simulation device for obtaining applied programe code execution-ratio and method therefor |
| US7877627B1 (en) * | 2008-12-18 | 2011-01-25 | Supercon, L.L.C. | Multiple redundant computer system combining fault diagnostics and majority voting with dissimilar redundancy technology |
| CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | Document safety access control method and device based on Linux kernel |
| CN109634171A (en) * | 2018-12-06 | 2019-04-16 | 通号万全信号设备有限公司 | Double-core twin-lock step two takes two frameworks and its security platform |
| CN113127270A (en) * | 2021-04-01 | 2021-07-16 | 北京交通大学 | Cloud computing-based 2-out-of-3 safety computer platform |
| CN116257389A (en) * | 2023-05-16 | 2023-06-13 | 北京城建智控科技股份有限公司 | Synchronization method of two-by-two-out-of-two platform based on full electronic interlocking system |
Non-Patent Citations (2)
| Title |
|---|
| 8 - Optimum staggered testing strategy for 1- and 2-out-of-3 redundant safety instrumented systems;Sun-Keun Seo等;《 Safety and Reliability Modeling and its Applications》;227-244 * |
| 三取二安全计算机平台的同步表决体系;杜鑫;夏宏斌;张率;苗文俊;雒新宇;;承德石油高等专科学校学报(04);52-55 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116881920A (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0306209B1 (en) | Dual rail processors with error checking at single rail interfaces | |
| EP0306252B1 (en) | Fault tolerant computer system input/output interface | |
| EP0306244B1 (en) | Fault tolerant computer system with fault isolation | |
| US4358823A (en) | Double redundant processor | |
| CA1320276C (en) | Dual rail processors with error checking on i/o reads | |
| CA1306546C (en) | Dual zone, fault tolerant computer system with error checking on i/o writes | |
| US5068851A (en) | Apparatus and method for documenting faults in computing modules | |
| US3932847A (en) | Time-of-day clock synchronization among multiple processing units | |
| RU2577465C2 (en) | System, method and device for error correction in multiprocessor systems | |
| EP2367133B1 (en) | Method for checking data consistency in a system on chip | |
| CN101313281A (en) | Apparatus and method for eliminating errors in a system having at least two execution units with registers | |
| CN109634171B (en) | Dual-core dual-lock-step two-out-of-two framework and safety platform thereof | |
| Goldberg | Development and analysis of the software implemented fault-tolerance (SIFT) computer | |
| CN101861569B (en) | High integrity and high availability computer processing module | |
| US10949203B2 (en) | Technologies for ensuring functional safety of an electronic device | |
| CN113791937B (en) | Data synchronous redundancy system and control method thereof | |
| CN116881920B (en) | Safety voting system and method based on code simulator | |
| CN104484626A (en) | Method and system for realizing train control safety computer based on general COTS (Commercial-Off-The-Shelf) software and hardware | |
| Pop et al. | Methods and tools for reducing certification costs of mixed-criticality applications on multi-core platforms: the RECOMP approach | |
| CN103144657B (en) | Main processing subsystem provided with check plate and used for general trackside safety platform | |
| EP3367242B1 (en) | Method of error detection in a microcontroller unit | |
| CA2411788C (en) | Device and method for synchronising a system of coupled data processing facilities | |
| US20190026198A1 (en) | Method and device for configuring an execution means and for detecting a state of operation thereof | |
| CN109739568A (en) | It is a kind of to multiply the 2 security platform starting methods for taking 2 frameworks based on 2 | |
| Zhou et al. | Design of a Reliable Three-mode Redundancy Computer System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |