JP4401521B2 - Duplex information processing device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a duplex information processing apparatus that can be applied to a so-called fail-safe application by mainly configuring a duplex control unit in order to process various information requiring high safety such as railway signals.
[0002]
[Prior art]
FIG. 6 is a block diagram of a configuration of a duplex information processing apparatus according to a conventional example.
In this conventional example, a duplex information processing apparatus 200 is shown in which one of two microcontroller units (hereinafter referred to as MCU) is an A system and the other is a B system, and these are duplicated. The duplex information processing apparatus 200 includes, in each MCU 210A and 210B, an analog-to-digital converter (hereinafter referred to as an AD converter) 240A and 240B for an external input signal S1, and logic units 220A and 220B that perform signal processing in order. The configuration is provided.
[0003]
The external input S1 is introduced into the MCUs 210A and 210B while being independent from each other, and is directly input to the AD converters 240A and 240B. In addition, each AD converter 240A, 240B introduces digital signals S2A, S2B into its own logic units 220A, 220B, and other system logic units 220B, 220A via respective signal sharing paths 230A, 230B. Also send out.
[0004]
According to the duplex information processing apparatus 200, each of the logic units 220A and 220B can collate the digital signals S2A and S2B for its own system with the digital signals S2A and S2B from other systems, so that one signal processing is the same. It can be performed while synchronizing with each other according to the processing procedure. At the same time, by checking the signal logic of these digital signals S2B and S2A, it is possible to test the fixed failure of the signal sharing paths 230A and 230B.
[0005]
The MCUs 210A and 210B of each system include the logic units 220A and 220B that perform the above-described collation processing of the digital signals S2A and S2B, the synchronization units 250A and 250B that perform the synchronization processing between the MCUs 210A and 210B, and the own system and other systems. Collation units 260A and 260B for collating the calculation outputs are provided. Also, the two output collation results S3A and S3B are obtained as a result of duplicating the signal processing on one external input, and so-called fail-safe signal processing can be realized.
[0006]
[Problems to be solved by the invention]
However, according to the duplex information processing apparatus of the above-described conventional example, an AD converter that requires a large number of output bits with respect to an external input having a large number of input points also has a serious technical problem as described below. The problem remains.
[0007]
As the number of external input points increases and the number of output bits of the AD converter increases, the number of signal lines on the signal sharing path increases with respect to the converted digital signal. For this reason, a large-scale MCU having a large number of input / output terminals and a high processing capacity is required, resulting in an increase in member costs, and a radical solution to these technical problems. Was necessary.
[0008]
Therefore, an object of the present invention is to provide an inexpensive and highly reliable duplex information processing apparatus without increasing the information amount of a signal to be shared between a plurality of MCUs even for a large amount of external input. It is to provide.
[0009]
[Means for Solving the Problems]
In order to solve the above-described problem, the duplex information processing apparatus of the present invention includes two signal processing means that synchronize signal processing, introduces one external input to each of the two signal processing means , In a duplex information processing apparatus that organizes and collates two digital data by the same processing procedure from the same external input by means of signal processing means ,
Each of the two signal processing means has logic operation means including an operation logic circuit, and in the operation logic circuit, first, predetermined operation logic processing performed using only its own external input is performed. Performs a temporary logic operation to compress the amount of input information, sends the operation result to the other signal processing means , then receives the operation result based on the temporary logic operation sent from the other signal processing means, Using this result, this logic operation is performed by an arithmetic logic circuit. In this logic operation, the operation result based on the provisional logic operation in the other signal processing means is compared with the operation result based on its own provisional logic operation. It is used to organize digital data only when it is within the approximate range,
Between each of the two signal processing means, there is an operation result sharing means for sharing an operation result based on the provisional logic operation by the logic operation means between the two logic operation means.
According to this duplex information processing apparatus, after the amount of information input from the outside is compressed in advance by the logic operation means, it is shared between the logic operation means by the operation result sharing means, and the logic of the two signal processing means Each of the arithmetic logic circuits of the arithmetic means is configured to perform the temporary logical operation and the main logical operation . Therefore, the calculation result sharing means has a simple configuration suitable for a small amount of information , and more reliable duplex information processing can be performed.
The duplex information processing apparatus according to claim 2 of the present invention is characterized in that the logical operation means collates each operation result by positive logic and negative logic, and detects a fixed fault in the operation result sharing means. To do.
According to this, a fixed failure in the logic signal shared path is detected.
The duplex information processing apparatus according to claim 3 of the present invention is characterized in that signal processing is performed such that the external output becomes fail-safe depending on the result of collation in each of the two signal processing means .
According to this, an important fail-safe operation is performed on the railway signal.
[0010]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below with reference to the accompanying drawings.
FIG. 1 is a block diagram of a duplex information processing apparatus according to an embodiment of the present invention.
The duplex information processing apparatus 10 includes two signal processing units 10A and 10B composed of MCUs whose processing cycles are synchronized, and a signal verification unit for verifying two signal outputs S3A and S3B by the signal processing units 10A and 10B. 110. The signal verification unit 110 is provided with a normal relay device R having an amplifier, and the normality of the railway signal is reported to other devices by both signal outputs S3A and S3B.
[0011]
One of the two signal processing means 10A, 10B is an A system and the other is a B system, and the A system MCU and the B system MCU are arranged in parallel. A detection signal S1 is introduced as an external input from the sensor device S composed of a plurality of signal sensors to the signal input terminals 11A and 11B of the respective signal processing means 10A and 10B. Further, the shared output terminals 31A and 31B are connected to the shared input terminals 32B and 32A via the logic signal shared paths 30A and 30B. These logic signal sharing paths 30A and 30B constitute the calculation result sharing means according to the present invention.
[0012]
Each signal processing means 10A, 10B includes AD converters 40A, 40B for digitizing the analog detection signal S1, logic operation units 20A, 20B for the digital signals S2A, S2B, and synchronization processing between the A system and B system MCUs. Synchronization units 50A and 50B, and logical collation units 60A and 60B for collating the results of logical operations. For example, if a one-chip microcontroller incorporating an AD converter is used, the logic operation units 20A and 20B and the logic collation units 60A and 60B are used as control programs, and the synchronization units 50A and 50B cooperate with each other via an internal bus. Can be realized.
[0013]
In this case, for example, the synchronization units 50A and 50B are connected to each other via control signal lines 51A and 51B for interrupt processing. Further, the logic collating units 60A and 60B are connected to each other through the signal sharing lines 61A and 61B of the calculation results by the MCUs. The signal sharing lines 61A and 61B are connected to the data sharing lines 61A and 61B together with the logic signal sharing paths 30A and 30B. It may be shared on the bus. The logic operation units 20A and 20B constitute two logic operation means according to the present invention, and the logic signal sharing paths 30A and 30B constitute two operation result sharing means according to the present invention.
[0014]
Hereinafter, an example in which an analog sensor is used as a signal sensor will be described. However, when a digital sensor is used for a part or all of the signal sensor, each analog / digital converter (hereinafter abbreviated as AD conversion) described later 40A and 40B) can be reduced or omitted, and can be directly introduced into the logical operation units 20A and 20B for logical operation. That is, the digital signals S2A and S2B can include numerical data from the signal sensor and logic data associated with the detection result.
[0015]
Each of the logical operation units 20A and 20B has temporary logical operation units 70A and 70B that perform temporary logical operations on the introduced digital signals S2A and S2B, and main logical operation units 80A and 80B that perform the main logical operation of signal processing. ing. Temporary logic operation sections 70A and 70B send their own temporary logic operation results S4A and S4B, and are introduced into other system logic operation sections 80A and 80B via logic signal sharing paths 30A and 30B. The provisional logic operation and the main logic operation are operations that constitute a single signal processing in the logic operation units 20A and 20B by combining both of them. Note that 51A and 51B are signal sharing paths between the two synchronization units 50A and 50B, and 61A and 61B are signal sharing paths between the two logic verification units 60A and 60B.
[0016]
FIG. 2 is a block diagram of a configuration example of the logical operation unit of the A-system MCU shown in FIG. 1, and the configuration is also applied to the logical operation unit of the B-system MCU.
This logic operation unit 20A has an input port group 71A for introducing the digital signal S2A, and an output port group 72A for holding the temporary logic operation result S4A of the A-system MCU and sending it to the logic signal sharing paths 30A and 30B. ing.
[0017]
In addition, another input port group 81A that introduces and holds the operation result S4B by the logic operation unit 20B of the B-system MCU, and operation logic that performs signal processing to be described later using these input and output port groups 71A, 81A, and 72A. Circuit 21. If a part of the input and output port groups 71A, 81A, 72A is left, it may be filled with a predetermined value of a predetermined algorithm. S21A and S21B are calculation results provided to the logic collating units 60A and 60B as a result of this logical calculation.
[0018]
The number of signals ni corresponding to the transmission unit of the digital signal S2A is input to the input port group 71A of the digital signal S2A. In general, since the number of analog signals and switching contacts of the sensor device S described above is large, the capacity of the input port group 71A increases accordingly. However, since signal processing including information compression is performed by the logical operation circuit 21, the capacity of the output port group 72A and the input port group 81A can be set smaller than that of the input port group 71A. Therefore, the number of signals nt of each of the logic signal sharing paths 30A and 30B to be input / output to these can be reduced.
[0019]
In this case, even when the number of signals ni of the digital signal S2A changes, the logic operation unit 20A that can be flexibly dealt with can be realized by correcting or switching the contents of the above-described provisional logic operation. Further, it is possible to cope with the remainder of the input and output port groups 71A, 81A, 72A by setting a predetermined value.
[0020]
FIG. 3 is a transition diagram of an example of signal processing by the logic operation circuit shown in FIG.
In the A-system signal processing, a detection signal introduction mode M1A for introducing the detection signal S1 of the sensor device S to the A-system MCU, an input signal collation mode M2 for collating each of the introduced detection signals S1, and fixing of each MCU, etc. The fixed failure test mode M3 for testing a failure is repeatedly performed while synchronizing both the signal processing means 10A and 10B. In the B-system signal processing, the detection signal introduction mode M1B by the B-system MCU is performed and is synchronized with the detection signal introduction mode M1A.
[0021]
In the input signal collation mode M2, synchronization processing is performed while initializing signal processing between both signal processing means 10A and 10B when starting one cycle of signal processing, and the sensor device S reaches each signal processing means 10A and 10B. It is possible to determine the correctness of the preprocessing such as AD conversion including the route. Further, in the fixed failure test mode M3, it is possible to detect a fixed failure in the logic operation units 20A and 20B including both logical signal sharing paths 30A and 30B.
[0022]
FIG. 4 is a flowchart of an example of processing of input signal verification in the A-system input signal verification mode shown in FIG.
First, the logical operation circuit 21 acquires the digital signal S2A from the input port group 71A (step ST1). Then, a provisional logic operation is performed with the acquired digital signal S2A (step ST2), and the result of the provisional logic operation is held in the output port 72A (step ST3).
[0023]
In step ST2 held in the output port, if the number of signals ni of the digital signal S2A is larger than the number of signals nt of the logical signal sharing paths 30A and 30B, the number of bits is reduced by, for example, compressing the amount of information. If the number of signals ni is small or equal, the remaining part of the output port group 72A is filled with the predetermined value described above. As a result, in the collation of the result of the provisional logic operation described later, the remaining portions always match.
[0024]
Subsequently, the logical operation circuit 21 acquires the result of the B-system temporary logical operation held in the same manner via the input port group 81A (step ST4). Then, the results of both temporary logical operations are collated to confirm that they are based on the same detection signal S1, and predetermined logical processing is performed to prepare information necessary for this logical operation (step ST5).
[0025]
Subsequently, the logical operation is performed based on this information (step ST6). Thus, a predetermined end process is performed to complete a series of input signal verifications. It should be noted that step ST6 may be omitted if it can be completed in step ST2 in which provisional logic operation is performed, including this logical operation.
[0026]
FIG. 5 is a diagram for explaining a processing example of a fixed fault test in the A-system fixed fault test mode shown in FIG.
In this fixed fault test, first, the process cycle synchronization process ST11 is executed, and the logic signals can be exchanged between the A-system and B-system signal processing means 10A, 10B.
[0027]
Subsequently, inversion output processing ST12 of the digital signals S2A and S2B is executed, the logic values thereof are inverted to form two test data, which are held in the output port group 72A described above. Then, the subsequent inverting input process ST13 is executed, and each test data is introduced through the logic signal sharing paths 30A and 30B.
[0028]
Subsequently, the inversion comparison process ST13 of the test data is executed, the logic value is further inverted and returned to the original, and compared with the held digital signals S2A and S2B. If they match, the test data normal certification process ST14 is executed, and if no fixed failure has occurred in the logical signal shared paths 30A and 30B, the processes are terminated normally. Further, when a mismatch condition occurs, a predetermined error process ER is executed. In this error processing ER, it is desirable to diagnose the content of the failure based on the symptoms of the fixed failure.
[0029]
For example, after reporting a fixed fault to each part, it is sufficient to diagnose the relevant bit and correct logical value, but at least the so-called safe side signal selection should be performed, which is theoretically safe in terms of signal management. is there. In addition, if there is a legitimate circumstance where none of the measures can be taken, it may be possible to store and save the current state of each part and suspend the system gently.
[0030]
Thus, when each process is completed and the correctness of the logic signal sharing paths 30A and 30B can be recognized, a predetermined application program is started with the digital signals S2A and S2B subjected to a series of arithmetic processes as arguments, and an application process ST15 is performed. Execute. As a result, various digital data based on a correct digital signal can be organized to perform signal processing.
[0031]
The digital data is comprehensively verified by the signal verification unit 110, and the verification result is provided to the relay device R. For example, a normal relay or the like in the railway signal receiving device is lifted (closed).
[0032]
A specific example will be described below.
A system for lighting the emergency lamp when the detection signal S1 of the sensor device S described above indicates a voltage value and the voltage value does not reach, for example, 2.5 V will be described as an example. When the detection signal S1 of the sensor device S is 5V, the digital signals S2A and S2B of the A / D converter described above should both show approximately 5V even if their characteristics vary somewhat.
[0033]
For this reason, in the temporary logic operation units 70A and 70B, since the digital signals S2A and S2B sufficiently exceed 2.5V, information indicating that the emergency light is turned off (off) is surely output. In addition, information indicating that the emergency light is turned off (off) is sent from the two logic operation units 20A and 20B to the other logic operation units 20B and 20A via the logic signal sharing paths 30A and 30B. Therefore, the logic operation units 80A and 80B output the information as it is to the signal verification unit 110, and the emergency light is turned off (off).
[0034]
On the other hand, when the detection signal S1 of the sensor device S is about 2.5 V, the A / D converter described above causes one of the conversion signals to be output in accordance with the error in the conversion output or the input timing shift of the detection signal S1. It is conceivable that the digital signal S2A shows 2.5V, while the other digital signal S2B shows 2.49V.
[0035]
In this case, since the digital signal S2A has reached 2.5V in the one temporary logic operation unit 70A described above, information indicating that the emergency light is turned off (off) is output as the temporary logic operation result S4A. However, since the other provisional logic operation unit 70B is 2.49V and does not reach 2.5V, this provisional logic operation result S4B outputs information indicating lighting (ON).
[0036]
For this reason, the two provisional logic operation results S4A and S4B are inconsistent. At this time, in the present logic operation units 80A and 80B, it is a safety-side measure to turn on the emergency light, so that it is determined to turn on. If this state continues for a short time, it is not a fixed failure. However, for example, when 2 seconds have elapsed, the above-described logical operation unit (this logical operation unit may be used) determines that an MCU system failure has occurred. Stop the device.
[0037]
As another example, there is a system in which the sensor device S includes a switch and captures ON / OFF information of the switch together. If the voltage value does not reach 2.5V or the switch is OFF, Turn on the emergency light. In this system, two temporary logic operation units 70A and 70B logically determine voltage value information and switch on / off information separately and exchange them separately via two shared lines.
[0038]
Further, in the logic operation units 80A and 80B, if any one of the four values of the voltage value and the switch has the content to turn on the emergency light, the result is turned on as a safe side. In the case of this system, since it can be said that the step ST2 of the provisional logic operation can be completed including the present logic operation, the step ST6 of the present logic operation is not omitted.
[0039]
【The invention's effect】
As described above, according to the duplex information processing apparatus according to the present invention, the provisional logic operation is performed in advance and then shared by both signal processing means via the logic signal sharing path. For this reason, it is possible to provide an inexpensive and highly reliable duplex information processing apparatus without increasing the information amount of a signal to be shared between two MCUs even for an external input of a large amount of information. .
Further, according to the apparatus of claim 2, since the signal processing is performed by combining the provisional logic operation and another logic operation, the contents of the provisional logic operation can be arbitrarily configured. Therefore, since the fixed failure of the logic signal shared path is detected, and the apparatus according to claim 4 can realize the fail-safe of the railway signal, the reliability of the entire signal processing is further increased.
[Brief description of the drawings]
FIG. 1 is a block diagram of a duplex information processing apparatus according to an embodiment of the present invention. FIG. 2 is a block diagram of a configuration example of a logical operation unit of an A-system MCU shown in FIG. FIG. 4 is a transition diagram of an example of signal processing by a logical operation circuit. FIG. 4 is a flowchart of an example of processing of input signal verification in the A-system input signal verification mode shown in FIG. FIG. 6 is a diagram for explaining a processing example of a fixed fault test in a test mode. FIG. 6 is a block diagram of a configuration of a dual information processing apparatus according to a conventional example.
DESCRIPTION OF SYMBOLS 10 ... Duplex information processing apparatus, 10A, 10B ... Signal processing means, 11A, 11B ... Input terminal, 20A, 20B ... Logic operation part, 30A, 30B ... Logic signal shared path , 31A, 31B ... shared output terminal, 32A, 32B ... shared input terminal, 40A, 40B ... analog-to-digital converter (AD converter), 50A, 50B ... synchronization unit, 51A, 51B, 61A, 61B ... Signal sharing path, 60A, 60B ... Logic verification unit, 70A, 70B ... Temporary logic operation unit, 80A, 80B ... This logic operation unit, 110 ... Signal verification device, R ... relay device, S ... sensor device, S1 ... detection signal, S2A, S2B ... digital signal, S21A, S21B ... calculation result, S3A, S3B ... signal output (verification result) ) 、 S4A 、 S4B ・ ・ ・ Provisional logic operation result Fruit.

Claims (3)

Provided with two signal processing means (10A, 10B) synchronized signal processing, one external input (S) is introduced into each of the two signal processing means (10A, 10B), the two signal processing means (10A, 10B) by, from the same of the external input, the same process duplexed information processing apparatus for collating and organizing the two digital data by the procedure (10),
Each of the two signal processing means (10A, 10B) has logic operation means (20A or 20B) including an operation logic circuit (21), and the operation logic circuit (21) first introduces the self wherein performs temporary logic operation to compress the information amount of the external input to a predetermined arithmetic logic processing performed by using only an external input, and sends the calculation result to the other of said signal processing means (10B or 10A) of Next, the operation result based on the provisional logic operation sent from the other signal processing means (10B or 10A) is received, the logic operation is performed in the operation logic circuit using the operation result, and the logic operation is performed. In the other signal processing means, the operation result based on the provisional logic operation and the operation result based on its own provisional logic operation are collated, and only when it is within a predetermined approximate range, it is used for organization of digital data.
Between each of the two signal processing means (10A, 10B) , an operation result based on a provisional logic operation by the logic operation means (20A, 20B) is obtained between the two logic operation means (20A, 20B) . to have the operation result sharing means (30) in order to share,
A duplex information processing apparatus. Said logical operation means (20A, 20B) is, collates the respective operation results with each other by the positive logic and negative logic, No placement claim 1 Symbol and detects a fixed fault in the operation result sharing means (30) Duplex information processing device. Wherein the result of the collation in each of the two signal processing means (10A or 10B), 2 duplex information processing apparatus according to claim 1, wherein performing signal processing by the external output is fail-safe.

Images