CN113885306A - Signal output circuit supporting interchangeability under safety framework - Google Patents
Signal output circuit supporting interchangeability under safety framework Download PDFInfo
- Publication number
- CN113885306A CN113885306A CN202111052066.1A CN202111052066A CN113885306A CN 113885306 A CN113885306 A CN 113885306A CN 202111052066 A CN202111052066 A CN 202111052066A CN 113885306 A CN113885306 A CN 113885306A
- Authority
- CN
- China
- Prior art keywords
- circuit
- sub
- control channel
- control
- signal output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a signal output circuit supporting interchangeability under a safety framework, which comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein the signal output end of the control channel B is connected with the input end of the signal output sub-circuit of the control channel A. The signal output circuit supporting interchangeability under the safety framework reduces the number of signal sources, the design of double control function channel pair equalization is used, and output signals are connected in series at the switch end; the output signal is directly and hard wrapped to participate in the interlocking control, so that the control safety is ensured.
Description
Technical Field
The invention belongs to the field of airborne computers, and particularly relates to a signal output circuit supporting interchangeability under a safety framework.
Background
The dual-redundancy fault-tolerant control computer used in the application field of the embedded safety system generally consists of 2 redundancy control channels, namely a control channel A and a control channel B, when the dual-redundancy computer works under a safety monitoring framework, a reliability model of the dual-redundancy fault-tolerant control computer is in a series structure as shown in figure 2, namely when any redundancy control channel finds or breaks down, signal output is cut off, and timely and effective isolation of the failure is realized. The signal output design of the control channel a and the control channel B under such an architecture is one of the key points for ensuring the safety characteristic.
In the prior art, 2 methods are generally adopted to realize the signal output function, as shown in fig. 3 and 4. Fig. 3 is a functional unequal design of dual-redundancy control channels, wherein a signal output circuit is designed in a control channel a, and a control channel B is only used as a monitor channel to generate an instruction without designing a substantial signal output circuit. The dual-redundancy control channel shown in fig. 4 adopts a functional peer-to-peer design, only the output signal of the control channel a is connected with the control target, and the output signal of the control channel B is not connected with the control target, which ensures the interchangeability of the control channel a and the control channel B, but the output signal circuit on the control channel B belongs to a useless circuit, which does not contribute to the safety and reliability of the system, but increases the failure rate additionally.
Therefore, it is necessary to construct a new design method, which ensures the interchangeability of the control channel while ensuring the realization of the safe operation characteristic.
Disclosure of Invention
In order to solve the above problems, the present invention provides a signal output circuit supporting interchangeability under a secure architecture.
The invention aims to provide a signal output circuit supporting interchangeability under a safety framework, which comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein a signal output end of the control channel B is connected with an input end of the signal output sub-circuit of the control channel A.
The signal output circuit supporting interchangeability under the safety framework provided by the invention also has the characteristic that the control channel A and the control channel B have the same structure.
The signal output circuit supporting interchangeability under the safety framework provided by the invention is also characterized in that the control channel A comprises a processor sub-circuit, a fault logic sub-circuit, an interlocking control sub-circuit, a comparison monitoring sub-circuit, a T second monitoring sub-circuit, a driving sub-circuit, a digital conversion sub-circuit and a control switch K.
The signal output circuit supporting interchangeability under the safety framework provided by the invention also has the characteristics that the processor sub-circuit and the fault logic sub-circuit are respectively connected with the interlocking control sub-circuit; the output end of the control switch is connected with the digital conversion sub-circuit; the digital conversion sub-circuit is simultaneously connected with the processor sub-circuit and the comparison monitoring sub-circuit; the interlock control sub-circuit is connected with the comparison monitoring sub-circuit; the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit; and after the T second monitoring sub-circuit is connected with the driving sub-circuit, a control signal for controlling the control switch K is generated and is connected with the control switch K.
The signal output circuit supporting interchangeability under the safety architecture provided by the invention also has the characteristic that the fault logic sub-circuits in the control channel A and the control channel B are in interactive connection and are used for acquiring the state of the other party.
The signal output circuit supporting interchangeability under the safety framework provided by the invention is also characterized in that the signal source sub-circuit is connected with the normally closed end of the control switch K in the control channel B, and the output end of the control switch K in the control channel A is used for outputting the output signal of the signal output circuit.
Compared with the prior art, the invention has the beneficial effects that:
the signal output circuit supporting interchangeability under the safety framework reduces the number of signal sources, the design of double control function channel pair equalization is used, and output signals are connected in series at the switch end; the output signal is directly and hard wrapped to participate in the interlocking control, so that the control safety is ensured.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block diagram of a signal output circuit supporting interchangeability under the security architecture provided by the present invention;
FIG. 2 is a schematic block diagram of a prior art series reliability architecture;
FIG. 3 is a block diagram of a dual redundancy control channel non-peer circuit in the prior art;
fig. 4 is a block diagram of a dual redundancy control channel peer-to-peer circuit in the prior art.
Detailed Description
In order to make the technical means, creation features, achievement objects and effects of the present invention easy to understand, the following embodiments describe the signal output circuit supporting interchangeability under the security architecture provided by the present invention in detail with reference to the accompanying drawings.
In the description of the embodiments of the present invention, it should be understood that the terms "central", "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on those shown in the drawings, and are only used for convenience in describing and simplifying the description of the present invention, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention.
Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicit to a number of indicated technical features. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
The terms "mounted," "connected," and "coupled" are to be construed broadly and may, for example, be fixedly coupled, detachably coupled, or integrally coupled; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.
As shown in fig. 1, the present invention provides a signal output circuit supporting interchangeability under a secure architecture, where the output circuit includes a control channel a, a control channel B, and a signal source sub-circuit connected to the control channel B, and a signal output terminal of the control channel B is connected to an input terminal of the signal output sub-circuit of the control channel a. The control channel A and the control channel B are identical in structure.
In some embodiments, the control channel A includes a processor sub-circuit, a fault logic sub-circuit, an interlock control sub-circuit, a comparison monitor sub-circuit, a T-second monitor sub-circuit, a drive sub-circuit, a digitizing conversion sub-circuit, and a control switch K.
In some embodiments, the processor sub-circuit and the fault logic sub-circuit are respectively connected with the interlocking control sub-circuit, and when the state is valid, the interlocking control sub-circuit is allowed to output a control signal from the processor sub-circuit; the output end of the control switch is connected with the digital conversion sub-circuit; the digital conversion sub-circuit is simultaneously connected with the processor sub-circuit and the comparison monitoring sub-circuit; when the signal state output by the digital conversion sub-circuit is consistent with the signal state output by the interlocking control sub-circuit, the control signal generated and output by the comparison monitoring sub-circuit allows the switch K to be internally connected with a normally open end (namely the pin 2), and when the signal state output by the digital conversion sub-circuit is inconsistent with the signal state output by the interlocking control sub-circuit, the control signal generated and output by the comparison monitoring sub-circuit controls the switch K to be internally connected with a normally closed end (namely the pin 1). The interlock control sub-circuit is connected with the comparison monitoring sub-circuit; the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit; and after the T second monitoring sub-circuit is connected with the driving sub-circuit, a control signal for controlling the control switch K is generated and is connected with the control switch K.
In some embodiments, the fault logic sub-circuits in the control channel a and the control channel B are interactively connected to obtain the state of each other.
In some embodiments, the signal source sub-circuit is connected to a normally-closed end of a control switch K in the control channel B, and an output end of the control switch K in the control channel a is used for outputting an output signal of the signal output circuit.
The signal output circuit provided by the embodiment reduces the number of signal sources, and adopts a single signal source outside a functional channel for signal output; the double control function channel is designed in an equivalent way, so that output signals are connected in series at the switch end; the output signal is directly and hard wrapped to participate in the interlocking control, so that the control safety is ensured; the three-level heterogeneous hard interlock is used for generating a control signal; the fault logic circuit generates an interlock for the processing circuit to output the command signal; the wrapping signal participates in further interlocking of the output signal of the interlocking control circuit; the T second monitoring circuit is used for eliminating short-time jitter of an output signal of the comparison monitoring circuit; the output state interconnect of the fault logic circuit within the dual control channel participates in the fault logic operation of the other channel.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention. The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (6)
1. A signal output circuit supporting interchangeability under a safety framework is characterized in that the output circuit comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein a signal output end of the control channel B is connected with an input end of the signal output sub-circuit of the control channel A.
2. The secure architecture of claim 1, wherein the control channel a and the control channel B are identical in structure.
3. The signal output circuit supporting interchangeability under safety architecture according to claim 2, where the control channel a includes a processor sub-circuit, a fault logic sub-circuit, an interlock control sub-circuit, a comparison monitor sub-circuit, a T-second monitor sub-circuit, a drive sub-circuit, a digitizer sub-circuit, and a control switch K.
4. A signal output circuit supporting interchangeability under the security architecture of claim 3,
the processor sub-circuit and the fault logic sub-circuit are respectively connected with the interlocking control sub-circuit;
the output end of the control switch is connected with the digital conversion sub-circuit;
the digital conversion sub-circuit is simultaneously connected with the processor sub-circuit and the comparison monitoring sub-circuit;
the interlock control sub-circuit is connected with the comparison monitoring sub-circuit;
the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit;
and after the T second monitoring sub-circuit is connected with the driving sub-circuit, a control signal for controlling the control switch K is generated and is connected with the control switch K.
5. The signal output circuit supporting interchangeability under the safety architecture of claim 4, where the fault logic sub-circuits in the control channel A and the control channel B are interconnected to obtain the status of each other.
6. The safety architecture of claim 4, wherein the signal source sub-circuit is connected to a normally-closed terminal of a control switch K in the control channel B, and an output terminal of the control switch K in the control channel A is used for outputting an output signal of the signal output circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052066.1A CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052066.1A CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113885306A true CN113885306A (en) | 2022-01-04 |
| CN113885306B CN113885306B (en) | 2024-06-04 |
Family
ID=79008759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111052066.1A Active CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113885306B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001058769A (en) * | 1999-08-19 | 2001-03-06 | Toshiba Corp | Elevator control device |
| JP2004274953A (en) * | 2003-03-11 | 2004-09-30 | Omron Corp | Interconnection protection device and system thereof |
| CN101174135A (en) * | 2005-06-10 | 2008-05-07 | 株式会社日立制作所 | Input/output control device and method, information control device and method |
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| US20110043323A1 (en) * | 2009-08-20 | 2011-02-24 | Nec Electronics Corporation | Fault monitoring circuit, semiconductor integrated circuit, and faulty part locating method |
| CN102394493A (en) * | 2011-09-16 | 2012-03-28 | 福建俊豪电子有限公司 | Electrical signal collection monitoring device |
| CN102768531A (en) * | 2012-06-11 | 2012-11-07 | 中国航空工业集团公司第六三一研究所 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
| CN102855167A (en) * | 2012-07-26 | 2013-01-02 | 中国航空工业集团公司第六三一研究所 | Double-channel computer advanced intelligent network (AIN) functional circuit capable of implementing 100 percent BIT (built in test) coverage |
| JP2014089540A (en) * | 2012-10-30 | 2014-05-15 | Hitachi Ltd | Plant control system, plant analysis device, plant analysis method and plant analysis program |
| CN104749949A (en) * | 2015-03-19 | 2015-07-01 | 南京航空航天大学 | PowerPC and x86 based hybrid tri-redundancy UAV flying control computer and core design method |
| CN107272399A (en) * | 2017-05-24 | 2017-10-20 | 北京城建智控科技有限公司 | Computer interlocks core control equipment |
| CN207503021U (en) * | 2017-12-05 | 2018-06-15 | 北京和利时系统工程有限公司 | A kind of all-electronin signal control module |
| CN108693805A (en) * | 2016-06-14 | 2018-10-23 | 浙江众合科技股份有限公司 | A kind of fail-safe computer output control system |
| CN109840169A (en) * | 2017-11-27 | 2019-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of control signal remaining outgoing management circuit |
| CN112307696A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | 100% does not have output conflict's reliability parallel structure |
| CN112526979A (en) * | 2020-12-16 | 2021-03-19 | 中国兵器装备集团自动化研究所 | Serial communication interface diagnosis system and method of multiple redundancy architecture |
-
2021
- 2021-09-08 CN CN202111052066.1A patent/CN113885306B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001058769A (en) * | 1999-08-19 | 2001-03-06 | Toshiba Corp | Elevator control device |
| JP2004274953A (en) * | 2003-03-11 | 2004-09-30 | Omron Corp | Interconnection protection device and system thereof |
| CN101174135A (en) * | 2005-06-10 | 2008-05-07 | 株式会社日立制作所 | Input/output control device and method, information control device and method |
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| US20110043323A1 (en) * | 2009-08-20 | 2011-02-24 | Nec Electronics Corporation | Fault monitoring circuit, semiconductor integrated circuit, and faulty part locating method |
| CN102394493A (en) * | 2011-09-16 | 2012-03-28 | 福建俊豪电子有限公司 | Electrical signal collection monitoring device |
| CN102768531A (en) * | 2012-06-11 | 2012-11-07 | 中国航空工业集团公司第六三一研究所 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
| CN102855167A (en) * | 2012-07-26 | 2013-01-02 | 中国航空工业集团公司第六三一研究所 | Double-channel computer advanced intelligent network (AIN) functional circuit capable of implementing 100 percent BIT (built in test) coverage |
| JP2014089540A (en) * | 2012-10-30 | 2014-05-15 | Hitachi Ltd | Plant control system, plant analysis device, plant analysis method and plant analysis program |
| CN104749949A (en) * | 2015-03-19 | 2015-07-01 | 南京航空航天大学 | PowerPC and x86 based hybrid tri-redundancy UAV flying control computer and core design method |
| CN108693805A (en) * | 2016-06-14 | 2018-10-23 | 浙江众合科技股份有限公司 | A kind of fail-safe computer output control system |
| CN107272399A (en) * | 2017-05-24 | 2017-10-20 | 北京城建智控科技有限公司 | Computer interlocks core control equipment |
| CN109840169A (en) * | 2017-11-27 | 2019-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of control signal remaining outgoing management circuit |
| CN207503021U (en) * | 2017-12-05 | 2018-06-15 | 北京和利时系统工程有限公司 | A kind of all-electronin signal control module |
| CN112307696A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | 100% does not have output conflict's reliability parallel structure |
| CN112526979A (en) * | 2020-12-16 | 2021-03-19 | 中国兵器装备集团自动化研究所 | Serial communication interface diagnosis system and method of multiple redundancy architecture |
Non-Patent Citations (1)
| Title |
|---|
| 石鹏飞;张航;陈洁;: "先进民机飞控系统安全性设计考虑", 航空科学技术, vol. 30, no. 12, pages 52 - 58 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113885306B (en) | 2024-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3699764B1 (en) | Redundant ethernet-based secure computer system | |
| CN106249632B (en) | A kind of preferred module for nuclear power plant's I&C system | |
| EP2573636B1 (en) | Multi-channel control switchover logic | |
| CN107992027B (en) | DCS redundant communication module switching method | |
| CN101739144B (en) | High-density extendible KVM monitoring system | |
| CN115314506A (en) | A software information collection and processing system | |
| CN113885306A (en) | Signal output circuit supporting interchangeability under safety framework | |
| CN111668802B (en) | A method and system for determining the redundant quantity of a relay protection device | |
| US20240288918A1 (en) | Highly adaptable power system | |
| CN106559269A (en) | Towards redundant data collection and the Transmission system of electric power enterprise secondary protection | |
| CN115237064A (en) | Safety control method, system and device | |
| CN213750731U (en) | Two-out-of-three voting control system considering signal time difference | |
| CN114229018B (en) | Aircraft engine compartment fire detection system | |
| CN114822884B (en) | Single-reactor double-shutdown circuit breaker system and method thereof | |
| WO2015096783A1 (en) | Security inspection device centralized management system, device and method | |
| CN114609944A (en) | Data monitoring system and method based on nuclear power station simulation platform | |
| CN106373341B (en) | A kind of the tandem type alarm device and method of communication equipment | |
| CN114115053A (en) | Active-standby mode confirmation and switching method between adjudication modules in an imitation industrial controller | |
| JP2000250770A (en) | Multiplexed instrumentation system | |
| CN2580699Y (en) | Web-linkage device for building office application network | |
| CN113568862B (en) | Dual-redundancy communication system based on FPGA processor platform | |
| CN212460362U (en) | Controller of safe PLC and PLC comprising same | |
| CN113868077B (en) | Double-double parallel architecture computer platform | |
| KR101540975B1 (en) | Apparatus and method for checking operation integrity on fpga based controller | |
| CN115509181A (en) | Safety control method, system and device of multiple voting fault-tolerant structure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |