铁路信号联锁系统中英文对照外文翻译文献Word文档格式.docx
《铁路信号联锁系统中英文对照外文翻译文献Word文档格式.docx》由会员分享,可在线阅读,更多相关《铁路信号联锁系统中英文对照外文翻译文献Word文档格式.docx(14页珍藏版)》请在冰点文库上搜索。
2Railwayssignalinterlockingsystem
2.1Functionsofsignalinterlockingsystem
Thebasicfunctionofsignalinterlockingsystemistoprotecttrainsafetybycontrollingsignalequipments,suchasswitchpoints,signalsandtrackunitsinastation,andithandlesroutesviaacertaininterlockingregulation.
Sincethebirthoftherailwaytransportation,signalinterlockingsystemhasgonethroughmanualsignal,mechanicalsignal,relay-basedinterlocking,andthemoderncomputer-basedInterlockingSystem.
2.2Architectureofsignalinterlockingsystem
Generally,theInterlockingSystemhasahierarchicalstructure.Accordingtothefunctionofequipments,thesystemcanbedividedtothefunctionofequipments;
thesystemcanbedividedintothreelayersasshowninfigure1.
Figure1ArchitectureofSignalInterlockingSystem
3Component-basedsafetycomputerdesign
3.1Designstrategy
Thedesignconceptofcomponent-basedsafetycriticalcomputerisdifferentfromthatofspecialcustomizedcomputer.OurdesignstrategyofSICisonabaseoffault-toleranceandsystemintegration.WeseparatetheSICintothreelayers,thestandardizedcomponentunitlayer,safetysoftwarelayerandthesystemlayer.Differentsafetyfunctionsareallocatedforeachlayer,andthefinalintegrationofthethreelayersensuresthepredefinedsafetyintegritylevelofthewholeSIC.Thethreelayerscanbedescribedasfollows:
(1)ComponentunitlayerincludesfourindependentstandardizedCPUmodules.Ahardware“SAFETYAND”logicisimplementedinthisyear.
(2)Safetysoftwarelayermainlyutilizesfail-safestrategyandfault-tolerantmanagement.TheinterlockingsafetycomputingofthewholesystemadoptstwooutputsfromdifferentCPU,itcanmostlyensurethediversityofsoftwaretoholdwithdesignerrorsofsignalversionandremovehiddenrisks.
(3)Systemlayeraimstoimprovereliability,availabilityandmaintainabilitybymeansofredundancy.
3.2Designofhardwarefault-tolerantstructure
Asshowninfigure2,theSICoffourindependentcomponentunits(C11,C12,C21,C22).Thefault-tolerantarchitectureadoptsdual2vote2(2v2×
2)structure,andakindofhigh-performancestandardizedmodulehasbeenselectedascomputingunitwhichadoptsIntelXScalekernel,533MHZ.
TheoperationofSICisbasedonadualtwo-layerdatabuses.ThehighbusadoptsthestandardEthernetandTCP/IPcommunicationprotocol,andthelowbusisControllerAreaNetwork(CAN).C11、C12andC21、C22respectivelymakeupoftwosafetycomputingcomponentsIC1andIC2,whichareof2v2structure.Andeachcomponenthasanexternaldynamiccircuitwatchdogthatissetforcomputingsupervisionandswitching.
Figure2HardwarestructureofSIC
3.3Standardizedcomponentunit
Aftercomponentmoduleismadecertain,accordingtothesafety-criticalrequirementsofrailwaysignalinterlockingsystem,wehavetodoasecondarydevelopmentonthemodule.Thedesignincludespowersupply,interfacesandotherembeddedcircuits.
Thefault-tolerantprocessing,synchronizedcomputing,andfaultdiagnosisofSICmostlydependonthesafetysoftware.Herethesafetysoftwaredesignmethodisdifferingfromthatofthespecialcomputertoo.Fordedicatedcomputer,thesoftwareisoftenspeciallydesignedbasedonthebarehardware.Asrestrictedbycomputingabilityandapplicationobject,aspecialschedulingprogramiscommonlydesignedassafetysoftwareforthecomputer,andnotauniversaloperatingsystem.Thefault-tolerantprocessingandfaultdiagnosisofthededicatedcomputeraretightlyhardware-coupled.However,thesafetysoftwareforSICisexotericandlooselyhardware-coupled,anditisbasedonastandardLinuxOS.
Thesafetysoftwareisvitalelementofsecondarydevelopment.ItincludesLinuxOSadjustment,fail-safeprocess,fault-tolerancemanagement,andsafetyinterlockinglogic.ThehierarchyrelationsbetweenthemareshowninFigure4.
Figure4SafetysoftwarehierarchyofSIC
3.4Fault-tolerantmodelandsafetycomputation
3.4.1Fault-tolerantmodel
TheFault-tolerantcomputationofSICisofamultilevelmodel:
SIC=F1002D(F2002(Sc11,Sc12),F2002(Sc21,Sc22))
Firstly,basiccomputingunitCi1adoptsonealgorithmtocompletetheSCi1,andCi2finishestheSCi2viaadifferentalgorithm,secondly2outof2(2oo2)safetycomputingcomponentofSICexecutes2oo2calculationandgetsFSICifromthecalculationresultsofSCi1SCi2,andthirdly,accordingthestatesofwatchdogandswitchunitblock,theresultofSICisgottenviaa1outof2withdiagnostics(1oo2D)calculation,whichisbasedonFSIC1andFSIC2.
Theflowofcalculationsisasfollows:
(1)Sci1=Fci1(Dnet1,Dnet2,Ddi,Dfss)
(2)Sci2=Fci2(Dnet1,Dnet2,Ddi,Dfss)
(3)FSICi=F2oo2(Sci1,Sci2),(i=1,2)
(4)SIC_OutPut=F1oo2D(FSIC1,FSIC2)
3.4.2Safetycomputation
Asinterlockingsystemconsistsofafixedsetoftask,thecomputationalmodelofSICistask-based.Ingeneral,applicationsmayconformtoatime-triggered,event-triggeredormixedcomputationalmodel.Herethetime-triggeredmodeisselected,tasksareexecutedcyclically.TheconsistencyofcomputingstatesbetweenthetwounitsisthefoundationofSICforensuringsafetyandcredibility.AsSICworksunderalooselycoupledmode,itisdifferentfromthatofdedicatedhardware-coupledcomputer.SoaspecializedsynchronizationalgorithmisnecessaryforSIC.
SICcanbeconsideredasamultiprocessordistributedsystem,anditscomputationalmodelisessentiallybasedondatacomparingviahighbuscommunication.First,ananalyticalapproachisusedtoconfirmtheworst-caseresponsetimeofeachtask.Toguaranteethedeadlineoftasksthatcommunicateacrossthenetwork,theaccesstimeanddelayofcommunicationmediumissettoafixedpossiblevalue.Moreover,thecomputationalmodelmustmeetstherealtimerequirementsofrailwayinterlockingsystem,withinthesystemcomputingcycle,wesetmanycheckpointsPi(i=1,2,...n),whicharesmallenoughforsynchronization,andcomputationresultvotingisexecutedateachpoint.ThesafetycomputationflowofSICisshowninFigure5.
Figure5SafetycomputationalmodelofSIC
4.Hardwaresafetyintegritylevelevaluation
4.1SafetyIntegrity
Asanauthoritativeinternationalstandardforsafety-relatedsystem,IEC61508presentsadefinitionofsafetyintegrity:
probabilityofasafety-relatedsystemsatisfactorilyperformingtherequiredsafetyfunctionsunderallthestatedconditionswithinastatedperiodoftime.InIEC61508,therearefourlevelsofsafetyintegrityareprescribe,SIL1~SIL4.TheSIL1isthelowest,andSIL4highest.
AccordingtoIEC61508,theSICbelongstosafety-relatedsystemsinhighdemandorcontinuousmodeofoperation.TheSILofSICcanbeevaluatedviatheprobabilityofdangerousperhour.TheprovisionofSILaboutsuchsysteminIEC61508,seetable1.
Table1-SafetyIntegritylevels:
targetfailuremeasuresforasafetyfunctionoperatinginhighdemandorcontinuousmodeofoperation
SafetyIntegritylevel
HighdemandorcontinuousmodeofOperation
(ProbabilityofadangerousFailureperhour)
4≥10-9to<10-8
3≥10-8to<10-7
2≥10-7to<10-6
1≥10-6to<10-5
4.2ReliabilityblockdiagramofSIC
AfteranalyzingthestructureandworkingprincipleoftheSIC,wegetthebockdiagramofreliability,asfigure6.
Figure6BlockdiagramofSICreliability
5.Conclusions
Inthispaper,weproposedanavailablestandardizedcomponent-basedcomputerSIC.Railwaysignalinterlockingisafail-safesystemwitharequiredprobabilityoflessthan10-9safetycriticalfailuresperhour.Inordertomeetthecriticalconstraints,fault-tolerantarchitectureandsafetytacticsareusedinSIC.Althoughthecomputationalmodelandimplementationtechniquesarerathercomplex,thephilosophyofSICprovidesacheerfulprospecttosafetycriticalapplications,itrendersinasimplerstyleofhardware,furthermore,itcanshortendevelopmentcycleandreducecost.SIChasbeenputintopracticalapplication,andhighperformanceofreliabilityandsafetyhasbeenproven.
………………………………………………………………………………………………………
模块化安全铁路信号计算机联锁系统
1概述
信号联锁系统是保证交通安全、提高铁路运输效率的关键设备。
长期以来,在联锁系统中采用的核心控制计算机是特定的高档安全计算机,例如,西门子的SIMIS、日本信号的EI32等。
随着电子技术的飞速发展,定制的安全计算机面临着严重的挑战,例如:
高的开发成本、可用性差、弱可扩展性、和缓慢的技术更新。
为了克服高档特定计算机的缺点,美国国防部提出:
我们应该采用商业标准,来取代军事准则和满足客户需要的标准。
与
升级会员 