CN113885306B - Signal output circuit supporting interchangeability under security architecture - Google Patents
Signal output circuit supporting interchangeability under security architecture Download PDFInfo
- Publication number
- CN113885306B CN113885306B CN202111052066.1A CN202111052066A CN113885306B CN 113885306 B CN113885306 B CN 113885306B CN 202111052066 A CN202111052066 A CN 202111052066A CN 113885306 B CN113885306 B CN 113885306B
- Authority
- CN
- China
- Prior art keywords
- circuit
- sub
- control
- control channel
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 claims description 27
- 238000006243 chemical reaction Methods 0.000 claims description 11
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 7
- 230000009977 dual effect Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000000034 method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a signal output circuit supporting interchangeability under a safety architecture, which comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein the signal output end of the control channel B is connected with the input end of the signal output sub-circuit of the control channel A. The signal output circuit supporting interchangeability under the safety framework reduces the number of signal sources, adopts the design of the channel equalization of the double control functions, and outputs signals are connected in series at a switch end; the output signal is directly and hard involved in interlocking control, so that the safety of control is ensured.
Description
Technical Field
The invention belongs to the field of airborne computers, and particularly relates to a signal output circuit supporting interchangeability under a safety architecture.
Background
The dual redundancy fault-tolerant control computer used in the application field of the embedded safety system is usually composed of 2 redundancy control channels, wherein the control channel A and the control channel B have a reliability model of a serial structure as shown in figure 2 when the dual redundancy computer works under a safety monitoring architecture, namely, when any redundancy control channel finds or fails, the signal output is cut off, so that the timely and effective isolation of the failure is realized. The signal output design of the control channel A and the control channel B under the architecture is one of key points for ensuring the safety characteristics.
In the prior art, 2 methods are generally adopted to realize the signal output function, as shown in fig. 3 and 4. FIG. 3 is a functional unequal design of dual redundancy control channels, wherein the signal output circuit is designed on control channel A, and control channel B is only used as a monitoring channel to generate instructions without designing a substantial signal output circuit. The dual redundancy control channel shown in fig. 4 adopts a functional peer-to-peer design, only the output signal of the control channel a is connected with the control target, the output signal of the control channel B is not connected with the control target, the design ensures the interchangeability of the control channel a and the control channel B, but the output signal circuit on the control channel B belongs to a useless circuit, does not only make any contribution to the safety and reliability of the system where the dual redundancy control channel is located, but also increases the failure rate.
Therefore, it is necessary to construct a new design method, which has the interchangeability of control channels while ensuring the safe operation characteristics.
Disclosure of Invention
In order to solve the above problems, the present invention provides a signal output circuit supporting interchangeability under a security architecture.
The invention aims to provide a signal output circuit supporting interchangeability under a safety architecture, which comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein the signal output end of the control channel B is connected with the input end of the signal output sub-circuit of the control channel A.
The signal output circuit supporting interchangeability under the safety framework provided by the invention also has the characteristic that the control channel A and the control channel B have the same structure.
The signal output circuit supporting interchangeability under the security architecture provided by the invention is also characterized in that the control channel A comprises a processor sub-circuit, a fault logic sub-circuit, an interlocking control sub-circuit, a comparison monitoring sub-circuit, a T second monitoring sub-circuit, a driving sub-circuit, a digital conversion sub-circuit and a control switch K.
The signal output circuit supporting interchangeability under the security framework provided by the invention also has the characteristics that the processor sub-circuit and the fault logic sub-circuit are respectively connected with the interlocking control sub-circuit; the output end of the control switch is connected with the digital conversion sub-circuit; the digital conversion sub-circuit is connected with the processor sub-circuit and the comparison monitoring sub-circuit at the same time; the interlocking control sub-circuit is connected with the comparison monitoring sub-circuit; the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit; and the T second monitoring sub-circuit is connected with the driving sub-circuit, and then generates a control signal for controlling the control switch K, and is connected with the control switch K.
The signal output circuit supporting interchangeability under the security architecture provided by the invention also has the characteristic that the fault logic sub-circuits in the control channel A and the control channel B are connected in an interactive way and are used for acquiring the state of the other party.
The signal output circuit supporting interchangeability under the safety framework provided by the invention is also characterized in that the signal source sub-circuit is connected with the normally closed end of the control switch K in the control channel B, and the output end of the control switch K in the control channel A is used for outputting an output signal of the signal output circuit.
Compared with the prior art, the invention has the beneficial effects that:
The signal output circuit supporting interchangeability under the safety framework reduces the number of signal sources, adopts the design of the channel equalization of the double control functions, and outputs signals are connected in series at a switch end; the output signal is directly and hard involved in interlocking control, so that the safety of control is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a block diagram of a signal output circuit supporting interchangeability under a security architecture provided by the present invention;
FIG. 2 is a schematic block diagram of a serial reliability architecture in the prior art;
FIG. 3 is a block diagram of a dual redundancy control channel non-peer circuit in the prior art;
FIG. 4 is a block diagram of a dual redundancy control channel peer-to-peer circuit in the prior art.
Detailed Description
In order to make the technical means, the creation features, the achievement of the purposes and the effects of the implementation of the present invention easy to understand, the following embodiments are specifically described with reference to the accompanying drawings for a signal output circuit supporting interchangeability under a security architecture provided by the present invention.
In the description of the embodiments of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on the drawings, are merely for convenience in describing the present invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the invention.
Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first", "a second", etc. may explicitly or implicitly include one or more such feature. In the description of the invention, unless otherwise indicated, the meaning of "a plurality" is two or more.
The terms "mounted," "connected," "coupled," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art in a specific case.
As shown in fig. 1, the present invention provides a signal output circuit supporting interchangeability under a security architecture, where the signal output circuit includes a control channel a, a control channel B, and a signal source sub-circuit connected to the control channel B, where a signal output end of the control channel B is connected to an input end of the signal output sub-circuit of the control channel a. The control channel A and the control channel B have the same structure.
In some embodiments, the control channel A includes a processor sub-circuit, a fault logic sub-circuit, an interlock control sub-circuit, a comparison monitor sub-circuit, a T second monitor sub-circuit, a drive sub-circuit, a digital conversion sub-circuit, and a control switch K.
In some embodiments, the processor subcircuit and the fault logic subcircuit are separately connected to the interlock control subcircuit, allowing the interlock control subcircuit to output control signals derived from the processor subcircuit when the status is valid; the output end of the control switch is connected with the digital conversion sub-circuit; the digital conversion sub-circuit is connected with the processor sub-circuit and the comparison monitoring sub-circuit at the same time; when the signal state output by the digital conversion sub-circuit is consistent with the signal state output by the interlocking control sub-circuit, the control signal generated by the comparison monitoring sub-circuit allows the switch K to be internally connected with a normally open end (namely a pin 2), and when the signal state is inconsistent, the control signal generated by the comparison monitoring sub-circuit controls the switch K to be internally connected with a normally closed end (namely a pin 1). The interlocking control sub-circuit is connected with the comparison monitoring sub-circuit; the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit; and the T second monitoring sub-circuit is connected with the driving sub-circuit, and then generates a control signal for controlling the control switch K, and is connected with the control switch K.
In some embodiments, the fault logic sub-circuits in the control channel a and the control channel B are connected in an interactive manner, so as to obtain the state of the other party.
In some embodiments, the signal source sub-circuit is connected to a normally closed end of the control switch K in the control channel B, and an output end of the control switch K in the control channel a is used for outputting an output signal of the signal output circuit.
The signal output circuit provided by the embodiment reduces the number of signal sources, and adopts a single signal source outside a functional channel for signal output; the dual control function channel is designed in a peer-to-peer mode, so that output signals are connected in series at a switch end; the output signal is directly and hard involved in interlocking control, so that the safety of control is ensured; the three-level heterogeneous hard interlock is used for generating a control signal; the fault logic circuit generates an interlock to output a command signal to the processing circuit; the wrapping signal participates in further interlocking of the output signal of the interlocking control circuit; the T second monitoring circuit is used for eliminating short-time jitter of the output signal of the comparison monitoring circuit; the output state interconnection of the fault logic circuits in the dual control channels participate in the fault logic operation of the opposite channel.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention. The foregoing is merely a preferred embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and variations can be made without departing from the technical principles of the present invention, and these modifications and variations should also be regarded as the scope of the invention.
Claims (1)
1. A signal output circuit supporting interchangeability under a safety architecture is characterized in that the output circuit comprises a control channel A, a control channel B and a signal source sub-circuit connected with the control channel B, wherein the signal output end of the control channel B is connected with the input end of the signal output sub-circuit of the control channel A,
The control channel A and the control channel B have the same structure,
The control channel A comprises a processor sub-circuit, a fault logic sub-circuit, an interlocking control sub-circuit, a comparison monitoring sub-circuit, a T second monitoring sub-circuit, a driving sub-circuit, a digital conversion sub-circuit and a control switch K,
The processor sub-circuit and the fault logic sub-circuit are respectively connected with the interlocking control sub-circuit, and when the state is valid, the interlocking control sub-circuit is allowed to output control signals from the processor sub-circuit;
The output end of the control switch is connected with the digital conversion sub-circuit;
The digital conversion sub-circuit is connected with the processor sub-circuit and the comparison monitoring sub-circuit at the same time, when the signal state output by the digital conversion sub-circuit is consistent with the signal state output by the interlocking control sub-circuit, the comparison monitoring sub-circuit generates an output control signal to allow the inside of the switch K to be connected with the normally open end, and when the signal state is inconsistent, the comparison monitoring sub-circuit generates an output control signal to control the inside of the switch K to be connected with the normally closed end;
the interlocking control sub-circuit is connected with the comparison monitoring sub-circuit;
the comparison monitoring sub-circuit is connected with the T second monitoring sub-circuit;
the T second monitoring sub-circuit is connected with the driving sub-circuit to generate a control signal for controlling the control switch K, and is connected with the control switch K,
The fault logic sub-circuits in the control channel A and the control channel B are connected in an interactive way and are used for acquiring the state of the other party,
The signal source sub-circuit is connected with a normally closed end of a control switch K in the control channel B, and an output end of the control switch K in the control channel A is used for outputting an output signal of the signal output circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052066.1A CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052066.1A CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113885306A CN113885306A (en) | 2022-01-04 |
| CN113885306B true CN113885306B (en) | 2024-06-04 |
Family
ID=79008759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111052066.1A Active CN113885306B (en) | 2021-09-08 | 2021-09-08 | Signal output circuit supporting interchangeability under security architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113885306B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001058769A (en) * | 1999-08-19 | 2001-03-06 | Toshiba Corp | Elevator control device |
| JP2004274953A (en) * | 2003-03-11 | 2004-09-30 | Omron Corp | Interconnection protection device and system thereof |
| CN101174135A (en) * | 2005-06-10 | 2008-05-07 | 株式会社日立制作所 | Input/output control device and method, information control device and method |
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| CN102394493A (en) * | 2011-09-16 | 2012-03-28 | 福建俊豪电子有限公司 | Electrical signal collection monitoring device |
| CN102768531A (en) * | 2012-06-11 | 2012-11-07 | 中国航空工业集团公司第六三一研究所 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
| CN102855167A (en) * | 2012-07-26 | 2013-01-02 | 中国航空工业集团公司第六三一研究所 | Double-channel computer advanced intelligent network (AIN) functional circuit capable of implementing 100 percent BIT (built in test) coverage |
| JP2014089540A (en) * | 2012-10-30 | 2014-05-15 | Hitachi Ltd | Plant control system, plant analysis device, plant analysis method and plant analysis program |
| CN104749949A (en) * | 2015-03-19 | 2015-07-01 | 南京航空航天大学 | PowerPC and x86 based hybrid tri-redundancy UAV flying control computer and core design method |
| CN107272399A (en) * | 2017-05-24 | 2017-10-20 | 北京城建智控科技有限公司 | Computer interlocks core control equipment |
| CN108693805A (en) * | 2016-06-14 | 2018-10-23 | 浙江众合科技股份有限公司 | A kind of fail-safe computer output control system |
| CN109840169A (en) * | 2017-11-27 | 2019-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of control signal remaining outgoing management circuit |
| CN112307696A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | 100% does not have output conflict's reliability parallel structure |
| CN112526979A (en) * | 2020-12-16 | 2021-03-19 | 中国兵器装备集团自动化研究所 | Serial communication interface diagnosis system and method of multiple redundancy architecture |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011043957A (en) * | 2009-08-20 | 2011-03-03 | Renesas Electronics Corp | Fault monitoring circuit, semiconductor integrated circuit, and faulty part locating method |
| CN207503021U (en) * | 2017-12-05 | 2018-06-15 | 北京和利时系统工程有限公司 | A kind of all-electronin signal control module |
-
2021
- 2021-09-08 CN CN202111052066.1A patent/CN113885306B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001058769A (en) * | 1999-08-19 | 2001-03-06 | Toshiba Corp | Elevator control device |
| JP2004274953A (en) * | 2003-03-11 | 2004-09-30 | Omron Corp | Interconnection protection device and system thereof |
| CN101174135A (en) * | 2005-06-10 | 2008-05-07 | 株式会社日立制作所 | Input/output control device and method, information control device and method |
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| CN102394493A (en) * | 2011-09-16 | 2012-03-28 | 福建俊豪电子有限公司 | Electrical signal collection monitoring device |
| CN102768531A (en) * | 2012-06-11 | 2012-11-07 | 中国航空工业集团公司第六三一研究所 | Method for improving safety of automatic pilot system (APS) with uniprocessor structure |
| CN102855167A (en) * | 2012-07-26 | 2013-01-02 | 中国航空工业集团公司第六三一研究所 | Double-channel computer advanced intelligent network (AIN) functional circuit capable of implementing 100 percent BIT (built in test) coverage |
| JP2014089540A (en) * | 2012-10-30 | 2014-05-15 | Hitachi Ltd | Plant control system, plant analysis device, plant analysis method and plant analysis program |
| CN104749949A (en) * | 2015-03-19 | 2015-07-01 | 南京航空航天大学 | PowerPC and x86 based hybrid tri-redundancy UAV flying control computer and core design method |
| CN108693805A (en) * | 2016-06-14 | 2018-10-23 | 浙江众合科技股份有限公司 | A kind of fail-safe computer output control system |
| CN107272399A (en) * | 2017-05-24 | 2017-10-20 | 北京城建智控科技有限公司 | Computer interlocks core control equipment |
| CN109840169A (en) * | 2017-11-27 | 2019-06-04 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of control signal remaining outgoing management circuit |
| CN112307696A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | 100% does not have output conflict's reliability parallel structure |
| CN112526979A (en) * | 2020-12-16 | 2021-03-19 | 中国兵器装备集团自动化研究所 | Serial communication interface diagnosis system and method of multiple redundancy architecture |
Non-Patent Citations (1)
| Title |
|---|
| 先进民机飞控系统安全性设计考虑;石鹏飞;张航;陈洁;;航空科学技术;第30卷(第12期);52-58 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113885306A (en) | 2022-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2573636B1 (en) | Multi-channel control switchover logic | |
| CN113885306B (en) | Signal output circuit supporting interchangeability under security architecture | |
| CN101901176B (en) | Redundant clock system | |
| CN103618293B (en) | Three-level circuit short-circuit protection method and device and three-level circuit | |
| CN106890397A (en) | A kind of control system of medical computerized linear accelerator treatment head | |
| CN105681131A (en) | Main-backup system and parallel outputting method thereof | |
| CN100382040C (en) | A Redundancy Method for Navigation, Guidance and Control System of Micro-aircraft | |
| CN105224339B (en) | A kind of multi-threaded mode alarm window generation method for serving power grid regulation operation | |
| CN116048192A (en) | Clock backup circuit, control method, system, device, medium and server | |
| JP3657000B1 (en) | Slot machine | |
| CN115201645A (en) | Insulation monitoring method and device, storage medium and electronic device for power supply system | |
| CN104901938A (en) | Method for switching control of physical link of network | |
| JP2000250770A (en) | Multiplexed instrumentation system | |
| KR0141292B1 (en) | Redundancy Control Circuit in Electronic Switching System | |
| JP2000194402A (en) | Method and device for monitoring cpu abnormality | |
| JP5190032B2 (en) | Actuator for circuit breaker | |
| CN104580149A (en) | Emergency intelligent switching system of host/backup mode network physical link | |
| CN107992018A (en) | Control system | |
| JPS6235902A (en) | Control apparatus | |
| CN104735046A (en) | Normal/route mode network physical link emergency intelligent switching system | |
| JPS60193053A (en) | Command checking system | |
| CN109229143A (en) | The control method and control system of train switch control system | |
| CN115509181A (en) | Safety control method, system and device of multiple voting fault-tolerant structure | |
| JPH01142809A (en) | Diagnostic device for digital input circuit | |
| JPS5812062A (en) | Output device for parallel electronic computer system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |