阅读说明：本技术 一种采用通用i/o模块实现的安全计算机平台 (Safety computer platform realized by universal I/O module ) 是由 祝君冬 潘阅 胡明杰 于 2019-08-30 设计创作，主要内容包括：本发明的安全计算机平台,采用二乘二取二的安全冗余架构,分为主控层和执行层；针对执行层,设计两种通用I/O的执行模块以供安全计算机平台集成选用；该两种通用I/O的执行模块分别为通用安全I/O模块和通用非安全I/O模块,二者基本功能一致,仅从架构设计上区分为安全模块和非安全模块,以供不同应用环境选择；该两种通用I/O模块的功能集中了数字量的输入输出、模拟量的输出输出、频率量的输入采集等常用I/O功能；只需在集成平台系统时,配置合适数量的通用模块个数,便可满足系统需求。本发明的技术优势：设计了一种功能完整、通用性极好的IO模块,供安全计算机平台集成使用,极大的降低了平台的维护性和配置难度。(The safety computer platform adopts a safety redundancy architecture of two-by-two and two-out, and is divided into a main control layer and an execution layer; aiming at an execution layer, two execution modules of general I/O are designed for being selected and used by a safety computer platform in an integrated mode; the two general I/O execution modules are respectively a general safe I/O module and a general non-safe I/O module, the basic functions of the two modules are consistent, and the two modules are only distinguished into a safe module and a non-safe module from the aspect of architectural design so as to be selected by different application environments; the functions of the two general I/O modules integrate common I/O functions such as input and output of digital quantity, output and output of analog quantity, input and acquisition of frequency quantity and the like; the system requirements can be met only by configuring the number of the universal modules with proper quantity when the platform system is integrated. The invention has the technical advantages that: an IO module with complete function and excellent universality is designed for integrated use of a safety computer platform, and the maintainability and the configuration difficulty of the platform are greatly reduced.)

1. A safe computer platform realized by adopting a general I/O module adopts a safe redundant architecture of two times two or two, and is divided into a main control layer and an execution layer; the main control layer consists of a main control module A and a main control module B; the execution layer consists of two groups of execution modules A and B, provides a state input interface, provides a control output interface, and provides a communication interface with external equipment and an external submodule; the main control layer and the execution layer are communicated through a redundant full-duplex serial bus; it is characterized in that the preparation method is characterized in that,

Aiming at an execution layer, two execution modules of general I/O are designed for being selected and used by a safety computer platform in an integrated mode;

The two general I/O execution modules are respectively a general safe I/O module and a general non-safe I/O module, the basic functions of the two modules are consistent, and the two modules are only distinguished into a safe module and a non-safe module from the aspect of architectural design so as to be selected by different application environments;

The functions of the two general I/O modules integrate common I/O functions such as input and output of digital quantity, output and output of analog quantity, input and acquisition of frequency quantity and the like; for the expansion of the general I/O, the system requirements can be met only by configuring the number of the general modules with proper number when the platform system is integrated.

2. The secure computer platform of claim 1, wherein the general purpose secure I/O module and the general purpose non-secure I/O module are connected on the same internal serial bus to communicate with the master control module; the non-safety module is connected to the serial bus after being isolated by the isolating device, and power supply to the safety module and the non-safety module is separated, so that the safety module is not affected by the abnormality of the general non-safety I/O module.

3. the secure computer platform of claim 1, wherein the secure module is designed using a two-out-of-two secure architecture and the non-secure module is designed using a single-CPU architecture.

4. The secure computer platform of claim 1, wherein the two general purpose I/O modules functionally satisfy at least the following design requirements: the number of channels of each function can be adjusted in actual design.

5. the secure computer platform of claim 1, wherein for a single general purpose I/O module, the main control module is both a data input source and a data output destination module, that is, the main control module outputs data related to digital quantity and analog quantity or outputs control information to the general purpose I/O module, and at the same time, the main control module receives information of digital quantity, analog quantity and frequency quantity collected by the general purpose I/O module.

6. the secure computer platform of claim 1, wherein preferably, for a single family of the secure computer platform, except for the master control module, 4 general secure I/O modules and 2 general non-secure I/O modules are selected by the execution layer; the configuration and identification of each module are completed by the main control module reading the configuration file and then carrying out system integrity check.

7. The secure computer platform of claim 6, wherein the secure computer platform is maximally supported: 16 paths of safe digital quantity input, 8 paths of safe digital quantity output, 8 paths of safe analog quantity input, 4 paths of safe analog quantity output and 8 paths of safe frequency quantity input; and 8 paths of non-safety digital quantity input, 4 paths of non-safety digital quantity output, 4 paths of non-safety analog quantity input, 2 paths of non-safety analog quantity output and 4 paths of non-safety frequency quantity input.

Technical Field

The invention relates to the field of railway safety computer platform implementation, in particular to a safety computer platform for realizing system integration by adopting a general I/O module.

Background

With the development of railway transportation industry, the diversity of the development of train signal control related equipment. Higher requirements are put on the safety and maintainability of the train control equipment. The safety computer platform is used as a basic general platform, can flexibly develop application services and integrate various input/output (I/O) modules, and supports various different application environments. The system is characterized by a layered and bus architecture, each layer comprises relatively independent and integratable modules, each module comprises a software program, and the modules can communicate with each other through the bus. The safety computer platform system is suitable for a railway train control system, a main control module is required to control the running time sequence, the running period, the working state and the like of the whole system, and a large amount of data acquisition or input and output modules are also required, so that the field installation, maintenance, application and configuration work become very complicated, and the safety problem caused by human errors is easily caused.

In summary, in order to improve the maintainability of the railway safety computer platform, when the safety computer platform system is integrated, the general I/O module is adopted for integration, so that the installation and maintenance cost can be effectively reduced, the configurability of the system can be improved, and the method has important significance for improving the universality, the applicability and the safety of the safety computer platform system.

Disclosure of Invention

The invention aims at solving the problems that: the application scene of the safety computer platform is complex, the number of configuration modules is too many, the maintenance cost is high, the difficulty is high, and the safety is ensured and the system performance is improved.

The invention provides a safety computer platform realized by adopting a general I/O module, which adopts a safety redundancy architecture of two-by-two-out-of-two, and is divided into a main control layer and an execution layer; the main control layer consists of a main control module A and a main control module B; the execution layer consists of two groups of execution modules A and B, provides a state input interface, provides a control output interface, and provides a communication interface with external equipment and an external submodule; the main control layer and the execution layer are communicated through a redundant full-duplex serial bus; it is characterized in that the preparation method is characterized in that,

Aiming at an execution layer, two execution modules of general I/O are designed for being selected and used by a safety computer platform in an integrated mode;

The two general I/O execution modules are respectively a general safe I/O module and a general non-safe I/O module, the basic functions of the two modules are consistent, and the two modules are only distinguished into a safe module and a non-safe module from the aspect of architectural design so as to be selected by different application environments;

the functions of the two general I/O modules integrate common I/O functions such as input and output of digital quantity, output and output of analog quantity, input and acquisition of frequency quantity and the like; for the expansion of the general I/O, the system requirements can be met only by configuring the number of the general modules with proper number when the platform system is integrated.

The invention has the technical advantages that: an IO module with complete functions and excellent universality is designed for the integrated use of a safety computer platform, so that the maintainability and the configuration difficulty of the platform are greatly reduced; the general IO module is divided into a safe architecture and a non-safe architecture by design so as to meet the requirements of different application configurations, and meanwhile, the whole safe computer platform is isolated aiming at the safe module and the non-safe module, so that the safety and the system performance of the safe computer platform are ensured.

Drawings

[1] FIG. 1 is a general architecture diagram of the secure computer platform of the present invention

[2] FIG. 4 is a diagram of the connection configuration of the secure computer platform using the general I/O module according to the present invention

[3] FIG. 2 is a diagram of the main functional architecture of a general security I/O module

[4] FIG. 3 is a diagram of the main functional architecture of a general non-secure I/O module

Detailed Description

the following detailed description of the present invention, taken in conjunction with the accompanying drawings, will assist those skilled in the art in further understanding the present invention. The safety platform suitable for the invention is a network structure based on a serial bus and a safety computer platform formed by the network structure, and the platform does not limit the invention in any way.

fig. 1 shows a structure of a secure computer platform, which is applicable to the present invention, the secure computer platform adopts a two-by-two-out-of-two secure redundancy structure, and the secure computer platform is divided into a main control layer and an execution layer. The main control layer and the execution layer communicate through a redundant full-duplex serial bus, such as a CANFD bus, an ethernet bus, and the like.

The main control layer consists of a main control module A and a main control module B, is a control core of the safety computer and controls the running time sequence, the running period and the working state of the whole system; the main control layer provides an operating environment and system function support for application software; the main control layer provides an application software interface and a configuration file interface.

The execution layer is composed of two groups of execution modules A and B, provides a state input interface, provides a control output interface, and provides a communication interface with external equipment and external sub-modules.

Aiming at an execution layer, the invention designs 2 types of execution modules of general I/O (input/output) for the integration and selection of a safety computer platform, wherein the execution modules are respectively called a general safety I/O module and a general non-safety I/O module. The basic functions of the 2 general I/O modules are consistent, and the modules are only distinguished into a safe module and a non-safe module from the aspect of architectural design so as to be selected by different application environments. Generally, the secure module adopts a two-out-of-two secure architecture design, and the non-secure module adopts a single-CPU architecture design.

the 2 types of general I/O modules at least meet the following design requirements in terms of functions and should have: digital input channel, digital output channel, analog input channel, analog output channel, frequency input channel. The number of channels of each function can be adjusted during actual design, and the following listed channel numbers do not limit the invention, and the specific implementation mode is as follows:

Digital input channel: 4-path switching value acquisition is realized;

Digital output channel: 2 paths of relay outputs are realized, and each path of relay outputs two groups of normally-open and normally-closed dry contact supply options;

An analog input channel: 2-path analog signal acquisition is realized, such as pressure signal acquisition, primary voltage acquisition and primary current acquisition;

An analog output channel: the output of 1-path analog signals, such as the output of signals of speed per hour, speed limit, mileage and the like, is realized;

Frequency input channel: 2-path frequency signals are acquired, for example, speed sensor signals, and 2-path frequency information can be 1 group of pairwise orthogonal frequency signals or 2 paths of independent frequency signals;

The general safety I/O module adopts a two-out-of-two safety architecture design, as shown in FIG. 2, the numbers in the figure represent data type numbers, for all inputs of the module, double sets of CPUs are required to be adopted for real-time comparison, and only if the two inputs are consistent, the two sets of CPUs are output;

The general non-safety I/O module adopts a single-CPU architecture design, as shown in FIG. 3, the numbers in the figure represent data type numbers, and for all inputs of the module, only the single CPU is needed to be used for processing, and the inputs can be output to the outside after the processing is correct.

For a single general I/O module, the main control module is both a data input source and a data output target module, that is, the main control module outputs data or control information related to digital quantity and analog quantity to the general I/O module, and simultaneously the main control module receives information of digital quantity, analog quantity and frequency quantity acquired by the I/O module.

Fig. 4 shows a safety computer platform for implementing system integration by using general I/O modules, which is suitable for railway train control systems, and the selection of the modules and the connection positions in the figure do not limit the present invention in any way.

In the single system of the secure computer platform shown in fig. 4, 4 general secure I/O modules and 2 general non-secure I/O modules and other modules (such as serial communication modules) are selected in addition to the main control module. In fig. 4, the modules a1, a2, A3, and a4 are in an extended relationship and expand the number of channels of each secure I/O, and the modules a5 and a6 are also in an extended relationship and expand the number of channels of non-secure I/O. Meanwhile, the security computer platform adopts a dual-computer hot standby structure of 2X2, i.e., the system a and the system B in fig. 4, so that the module a1 and the module B1, and the module a5 and the module B5 are in a redundant relationship. The configuration and identification of each module are completed by the main control module reading the configuration file and then carrying out system integrity check.

therefore, according to the number of channels designed by the general I/O module exemplified herein, the secure computer platform shown in fig. 4 can support at most: 16 safe digital quantity inputs, 8 safe digital quantity outputs, 8 safe analog quantity inputs, 4 safe analog quantity outputs and 8 safe frequency quantity inputs, and 8 non-safe digital quantity inputs, 4 non-safe digital quantity outputs, 4 non-safe analog quantity inputs, 2 non-safe analog quantity outputs and 4 non-safe frequency quantity inputs.

On a safety computer platform, the general safety I/O module and the general non-safety I/O module are connected on the same serial bus to communicate with the main control module. In order to ensure the physical independence of the non-safety module and the safety module, the non-safety I/O module is isolated by an isolation device and then connected to the serial bus, and an independent power supply is adopted.

The key difference of the invention from the prior art is that:

Aiming at a railway train control system safety computer platform, a general I/O module with centralized functions is designed for integration and selection of a platform system. The function of the general I/O module integrates common I/O functions such as digital quantity input and output, analog quantity output and frequency quantity input and acquisition, and for the expansion of the general I/O, the system requirement can be met only by configuring a proper number of modules when a platform system is integrated. The maintainability of the safety computer platform system is greatly improved, and the installation, maintenance and configuration costs are reduced.

on the premise of ensuring the consistent functions, two general I/O modules with different architectures are designed, namely a general I/O module with a safe architecture and a general I/O module with a non-safe architecture. The general I/O module for distinguishing safety from non-safety is used for adapting to different application environments of a safety computer platform system, and has important significance for function division, system availability improvement and the like during the integration of the safety computer platform system.

A method of isolating a secure module from a non-secure module is devised. The general safety I/O module and the general non-safety I/O module are connected to the same internal serial bus to communicate with the main control module, in order to ensure that the abnormity of the non-safety I/O module does not affect the safety module, the non-safety module is isolated by an isolation device and then connected to the serial bus, and the power supply of the safety module and the non-safety module is separated, so that the integration of the functions of the safety computer platform system is ensured, the safety of the system is also ensured, and the universality and the safety of the safety computer platform system are improved.

the above description is only a preferred embodiment of the present novel scheme, and is not intended to limit the scope of the present novel scheme. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the new scheme shall be included in the protection scope of the new scheme.