精品自动控制毕业论文中英文资料外文翻译文献.docx
《精品自动控制毕业论文中英文资料外文翻译文献.docx》由会员分享,可在线阅读,更多相关《精品自动控制毕业论文中英文资料外文翻译文献.docx(9页珍藏版)》请在冰豆网上搜索。
精品自动控制毕业论文中英文资料外文翻译文献
毕业论文外文译文
学院自动化与电气工程学院
专业自动控制
Component-basedSafetyComputerofRailwaySignalInterlockingSystem
1Introduction
SignalInterlockingSystemisthecriticalequipmentwhichcanguaranteetrafficsafetyandenhanceoperationalefficiencyinrailwaytransportation.Foralongtime,thecorecontrolcomputeradoptsininterlockingsystemisthespecialcustomizedSignal,andsoon.Alongwiththerapiddevelopmentofelectronictechnology,thecustomizedsafetycomputerisfacingseverechallenges,forinstance,thethemeantime,thereareseveralexplorationsandpracticesaboutadoptingopensystemarchitectureinavionics.TheUnitedStatedandEuropeaerospaceandothersafety-criticalfields.Inrecentyears,itisgraduallybecominganewtrendthattheutilizationofstandardizedcomponentsinaerospace,industry,transportationandothersafety-criticalfields.
2Railwayssignalinterlockingsystem
2.1Functionsofsignalinterlockingsystem
Thebasicfunctionofsignalinterlockingsystemistoprotecttrainsafetybycontrollingsignalequipments,suchasswitchpoints,signalsandtrackunitsinastation,anditinterlockingregulation.
Sincethebirthoftherailwaytransportation,signalinterlockingsystemcomputer-basedInterlockingSystem.
2.2Architectureofsignalinterlockingsystem
Generally,theInterlockingSystemofequipments,thesystemcanbedividedtothefunctionofequipments;thesystemcanbedividedintothreelayersasshowninfigure1.
Figure1ArchitectureofSignalInterlockingSystem
3Component-basedsafetycomputerdesign
3.1Designstrategy
Thedesignconceptofcomponent-basedsafetycriticalcomputerisdifferentfromthatofspecialcustomizedcomputer.OurdesignstrategyofSICisonabaseoffault-toleranceandsystemintegration.WeseparatetheSICintothreelayers,thestandardizedcomponentunitlayer,safetysoftwarelayerandthesystemlayer.Differentsafetyfunctionsareallocatedforeachlayer,andthefinalintegrationofthethreelayersensuresthepredefinedsafetyintegritylevelofthewholeSIC.Thethreelayerscanbedescribedasfollows:
(1)ComponentunitlayerincludesfourindependentstandardizedCPUmodules.Athisyear.
(2)Safetysoftwarelayermainlyutilizesfail-safestrategyandfault-tolerantmanagement.TheinterlockingsafetycomputingofthewholesystemadoptstwooutputsfromdifferentCPU,itcanmostlyensurethediversityofsoftwaretoerrorsofsignalversionandremoverisks.
(3)Systemlayeraimstoimprovereliability,availabilityandmaintainabilitybymeansofredundancy.
3.2Designofinfigure2,theSICoffourindependentcomponentunits(C11,C12,C21,C22).Thefault-tolerantarchitectureadoptsdual2vote2(2v2×2)structure,andakindofselectedascomputingunitwhichadoptsIntelXScalekernel,533MHZ.
TheoperationofSICisbasedonadualtwo-layerdatabuses.Theprotocol,andthelowbusisControllerAreaNetwork(CAN).C11、C12andC21、C22respectivelymakeupoftwosafetycomputingcomponentsIC1andIC2,whichareof2v2structure.Andeachcomponentexternaldynamiccircuitwatchdogthatissetforcomputingsupervisionandswitching.
Figure2HardwarestructureofSIC
3.3Standardizedcomponentunit
Aftercomponentmoduleismadecertain,accordingtothesafety-criticalrequirementsofrailwaysignalinterlockingsystem,wethemodule.Thedesignincludespowersupply,interfacesandotherembeddedcircuits.
Thefault-tolerantprocessing,synchronizedcomputing,andfaultdiagnosisofSICmostlydependonthesafetysoftware.Herethesafetysoftwaredesignmethodisdifferingfromthatofthespecialcomputertoo.Fordedicatedcomputer,thesoftwareisoftenspeciallydesignedbasedonthebareobject,aspecialschedulingprogramiscommonlydesignedassafetysoftwareforthecomputer,andnotauniversaloperatingsystem.Thefault-tolerantprocessingandfaultdiagnosisofthededicatedcomputeraretightlyastandardLinuxOS.
Thesafetysoftwareisvitalelementofsecondarydevelopment.ItincludesLinuxOSadjustment,fail-safeprocess,fault-tolerancemanagement,andsafetyinterlockinglogic.ThethemareshowninFigure4.
Figure4Safetysoftware
3.4.1Fault-tolerantmodel
TheFault-tolerantcomputationofSICisofamultilevelmodel:
SIC=F1002D(F2002(Sc11,Sc12),F2002(Sc21,Sc22))
Firstly,basiccomputingunitCi1adoptsonealgorithmtocompletetheSCi1,andCi2finishestheSCi2viaadifferentalgorithm,secondly2outof2(2oo2)safetycomputingcomponentofSICexecutes2oo2calculationandgetsFSICifromthecalculationresultsofSCi1SCi2,andthirdly,accordingthestatesofwatchdogandswitchunitblock,theresultofSICisgottenviaa1outof2withdiagnostics(1oo2D)calculation,whichisbasedonFSIC1andFSIC2.
Theflowofcalculationsisasfollows:
(1)Sci1=Fci1(Dnet1,Dnet2,Ddi,Dfss)
(2)Sci2=Fci2(Dnet1,Dnet2,Ddi,Dfss)
(3)FSICi=F2oo2(Sci1,Sci2),(i=1,2)
(4)SIC_OutPut=F1oo2D(FSIC1,FSIC2)
3.4.2Safetycomputation
Asinterlockingsystemconsistsofafixedsetoftask,thecomputationalmodelofSICistask-based.Ingeneral,applicationsmayconformtoatime-triggered,event-triggeredormixedcomputationalmodel.Herethetime-triggeredmodeisselected,tasksareexecutedcyclically.TheconsistencyofcomputingstatesbetweenthetwounitsisthefoundationofSICforensuringsafetyandcredibility.AsSICworksunderalooselycoupledmode,itisdifferentfromthatofdedicatedalgorithmisnecessaryforSIC.
SICcanbeconsideredasamultiprocessordistributedsystem,anditscomputationalmodelisessentiallybasedondatacomparingvia.First,ananalyticalapproachisusedtoconfirmtheworst-caseresponsetimeofeachtask.Toguaranteethedeadlineoftasksthatcommunicateacrossthenetwork,theaccesstimeanddelayofcommunicationmediumissettoafixedpossiblevalue.Moreover,thecomputationalmodelmustmeetstherealtimerequirementsofrailwayinterlockingsystem,withinthesystemcomputingcycle,wesetmanycheckpointsPi(i=1,2,...n),whicharesmallenoughforsynchronization,andcomputationresultvotingisexecutedateachpoint.ThesafetycomputationflowofSICisshowninFigure5.
Figure5SafetycomputationalmodelofSIC
4.Hardwaresafetyintegritylevelevaluation
4.1SafetyIntegrity
Asanauthoritativeinternationalstandardforsafety-relatedsystem,IEC61508presentsadefinitionofsafetyintegrity:
probabilityofasafety-relatedsystemsatisfactorilyperformingtherequiredsafetyfunctionsunderallthestatedconditionswithinastatedperiodoftime.InIEC61508,therearefourlevelsofsafetyintegrityareprescribe,SIL1~SIL4.TheSIL1isthelowest,andSIL4.TheSILofSICcanbeevaluatedviatheprobabilityofdangerousperofSILaboutsuchsysteminIEC61508,seetable1.
Table1-SafetyIntegritylevels:
targetfailuremeasuresforasafetyfunctionoperatingin
SafetyIntegritylevel
HighdemandorcontinuousmodeofOperation
(ProbabilityofadangerousFailureperhour)
4≥10-9to<10-8
3≥10-8to<10-7
2≥10-7to<10-6
1≥10-6to<10-5
4.2ReliabilityblockdiagramofSIC
AfteranalyzingthestructureandworkingprincipleoftheSIC,wegetthebockdiagramofreliability,asfigure6.
Figure6BlockdiagramofSICreliability
5.Conclusions
Inthispaper,weproposedanavailablestandardizedcomponent-basedcomputerSIC.Railwaysignalinterlockingisafail-safesystemwitharequiredprobabilityoflessthan10-9safetycriticalfailuresperordertomeetthecriticalconstraints,fault-tolerantarchitectureandsafetytacticsareusedinSIC.Althoughthecomputationalmodelandimplementationtechniquesarerathercomplex,thephilosophyofSICprovidesacheerfulprospecttosafetycriticalapplications,itrendersinasimplerstyleofshortendevelopmentcycleandreducecost.SICputintopracticalapplication,andproven.
………………………………………………………………………………………………………
From:
),取值很小,能实现同步,并且在每个检查点得出计算结果。
SIC的安全计算流如图3.4所示。
图3.5SIC的安全计算模型
4硬件的安全完整性水平评价
4.1安全完整性
作为国际权威的安全体系方面的标准,国际电工委员会61508提出关于安全完整性方面的定义:
在规定的条件下、规定的时间内,安全系统成功实现所要求的安全功能的概率。
IEC61508定义了4个层次的安全完整性,SIL1~SIL4。
SIL1是最低的,SIL4最高。
根据IEC61508,安全联锁计算机属于高需求或连续运行模式系统。
安全联锁计算机的安全完整性级别可以通过系统每小时的潜在危险估算出来,在IEC61508中,安全完整性级别是这样定义的,如表4.1:
表4.1高需求或连续运行模式系统在安全功能启动情况下的失效点
安全完整性水平高需求或连续模式行动(故障概率每小时)
4≥10-9to<10-8
3≥10-8to<10-7
2≥10-7to<10-6
1≥10-6to<10-5
4.2安全联锁计算机的可靠性框图
在分析了安全完整性级别的的结构和工作原理的基础上,我们得到其可靠性的结构图,如图4.1所示。
图4.1SIC的可靠性结构图
5结论
在本文中,我们提出了一种有效的标准模块化计算机的的安全完整性,铁路信号联锁系统是故障-安全系统,每小时的失效故障率必须要低于10-9,尽管计算模型和实施技术相当复杂,但是为了达到系统规定的参数值,安全完整性系统中必须使用容错系统结构和安全性策略。
安全完整性的思想和理论给安全关键性应用展现了一个美好的应用前景。
它提供一种简单的硬件组成,而且还可以缩短开发周期,降低成本。
现在,安全联锁计算机已投入实际应用,其高性能、可靠性和安全性已经被证实。
…………………………………………………………………
升级会员 