中英文文獻(xiàn)翻譯

畢業(yè)設(shè)計(jì)(論文外文參考文獻(xiàn)及譯文中文題目模塊化安全鐵路信號(hào)計(jì)算機(jī)聯(lián)鎖系統(tǒng)學(xué)院自動(dòng)化與電氣工程學(xué)院專業(yè)自動(dòng)控制姓名葛彥寧學(xué)號(hào)08746指導(dǎo)教師賀清5月30日Component-basedSafetyComputerofRailwaySignalInterlockingSystem1IntroductionSignalInterlockingSystemisthecriticalequipmentwhichcanguaranteetrafficsafetyandenhanceoperationalefficiencyinrailwaytransportation.Foralongtime,thecorecontrolcomputeradoptsininterlockingsystemisthespecialcustomizedhigh-gradesafetycomputer,forexample,theSIMISofSiemens,theEI32ofNipponSignal,andsoon.Alongwiththerapiddevelopmentofelectronictechnology,thecustomizedsafetycomputerisfacingseverechallenges,forinstance,thehighdevelopmentcosts,poorusability,weakexpansibilityandslowtechnologyupdate.Toovercometheflawsofthehigh-gradespecialcustomizedcomputer,theU.S.DepartmentofDefensehasputforwardtheconcept:weshouldadoptcommercialstandardstoreplacemilitarynormsandstandardsformeetingconsumers’demand[1].Inthemeantime,thereareseveralexplorationsandpracticesaboutadoptingopensystemarchitectureinavionics.TheUnitedStatedandEuropehavedomuchresearchaboututilizingcost-effectivefault-tolerantcomputertoreplacethededicatedcomputerinaerospaceandothersafety-criticalfields.Inrecentyears,itisgraduallybecominganewtrendthattheutilizationofstandardizedcomponentsinaerospace,industry,transportationandothersafety-criticalfields.2Railwayssignalinterlockingsystem2.1FunctionsofsignalinterlockingsystemThebasicfunctionofsignalinterlockingsystemistoprotecttrainsafetybycontrollingsignalequipments,suchasswitchpoints,signalsandtrackunitsinastation,andithandlesroutesviaacertaininterlockingregulation.Sincethebirthoftherailwaytransportation,signalinterlockingsystemhasgonethroughmanualsignal,mechanicalsignal,relay-basedinterlocking,andthemoderncomputer-basedInterlockingSystem.2.2ArchitectureofsignalinterlockingsystemGenerally,theInterlockingSystemhasahierarchicalstructure.Accordingtothefunctionofequipments,thesystemcanbedividedtothefunctionofequipments;thesystemcanbedividedintothreelayersasshowninfigure1.Figure1ArchitectureofSignalInterlockingSystem3Component-basedsafetycomputerdesign3.1DesignstrategyThedesignconceptofcomponent-basedsafetycriticalcomputerisdifferentfromthatofspecialcustomizedcomputer.OurdesignstrategyofSICisonabaseoffault-toleranceandsystemintegration.WeseparatetheSICintothreelayers,thestandardizedcomponentunitlayer,safetysoftwarelayerandthesystemlayer.Differentsafetyfunctionsareallocatedforeachlayer,andthefinalintegrationofthethreelayersensuresthepredefinedsafetyintegritylevelofthewholeSIC.Thethreelayerscanbedescribedasfollows:(1ComponentunitlayerincludesfourindependentstandardizedCPUmodules.Ahardware“SAFETYAND”logicisimplementedinthisyear.(2Safetysoftwarelayermainlyutilizesfail-safestrategyandfault-tolerantmanagement.TheinterlockingsafetycomputingofthewholesystemadoptstwooutputsfromdifferentCPU,itcanmostlyensurethediversityofsoftwaretoholdwithdesignerrorsofsignalversionandremovehiddenrisks.(3Systemlayeraimstoimprovereliability,availabilityandmaintainabilitybymeansofredundancy.3.2Designofhardwarefault-tolerantstructureAsshowninfigure2,theSICoffourindependentcomponentunits(C11,C12,C21,C22.Thefault-tolerantarchitectureadoptsdual2vote2(2v2×2structure,andakindofhigh-performancestandardizedmodulehasbeenselectedascomputingunitwhichadoptsIntelXScalekernel,533MHZ.TheoperationofSICisbasedonadualtwo-layerdatabuses.ThehighbusadoptsthestandardEthernetandTCP/IPcommunicationprotocol,andthelowbusisControllerAreaNetwork(CAN.C11、C12andC21、C22respectivelymakeupoftwosafetycomputingcomponentsIC1andIC2,whichareof2v2structure.Andeachcomponenthasanexternaldynamiccircuitwatchdogthatissetforcomputingsupervisionandswitching.Figure2HardwarestructureofSIC3.3StandardizedcomponentunitAftercomponentmoduleismadecertain,accordingtothesafety-criticalrequirementsofrailwaysignalinterlockingsystem,wehavetodoasecondarydevelopmentonthemodule.Thedesignincludespowersupply,interfacesandotherembeddedcircuits.Thefault-tolerantprocessing,synchronizedcomputing,andfaultdiagnosisofSICmostlydependonthesafetysoftware.Herethesafetysoftwaredesignmethodisdifferingfromthatofthespecialcomputertoo.Fordedicatedcomputer,thesoftwareisoftenspeciallydesignedbasedonthebarehardware.Asrestrictedbycomputingabilityandapplicationobject,aspecialschedulingprogramiscommonlydesignedassafetysoftwareforthecomputer,andnotauniversaloperatingsystem.Thefault-tolerantprocessingandfaultdiagnosisofthededicatedcomputeraretightlyhardware-coupled.However,thesafetysoftwareforSICisexotericandlooselyhardware-coupled,anditisbasedonastandardLinuxOS.Thesafetysoftwareisvitalelementofsecondarydevelopment.ItincludesLinuxOSadjustment,fail-safeprocess,fault-tolerancemanagement,andsafetyinterlockinglogic.ThehierarchyrelationsbetweenthemareshowninFigure4.SafetyInterlockLogicFail-safeprocessFault-tolerancemanagementLinuxOSadjustmentFigure4SafetysoftwarehierarchyofSIC3.4Fault-tolerantmodelandsafetycomputation3.4.1Fault-tolerantmodelTheFault-tolerantcomputationofSICisofamultilevelmodel:SIC=F1002D(F(Sc11,Sc12,F(Sc21,Sc22Firstly,basiccomputingunitCi1adoptsonealgorithmtocompletetheSCi1,andCi2finishestheSCi2viaadifferentalgorithm,secondly2outof2(2oo2safetycomputingcomponentofSICexecutes2oo2calculationandgetsFSICifromthecalculationresultsofSCi1SCi2,andthirdly,accordingthestatesofwatchdogandswitchunitblock,theresultofSICisgottenviaa1outof2withdiagnostics(1oo2Dcalculation,whichisbasedonFSIC1andFSIC2.Theflowofcalculationsisasfollows:(1Sci1=Fci1(Dnet1,Dnet2,Ddi,Dfss(2Sci2=Fci2(Dnet1,Dnet2,Ddi,Dfss(3FSICi=F2oo2(Sci1,Sci2,(i=1,2(4SIC_OutPut=F1oo2D(FSIC1,FSIC23.4.2SafetycomputationAsinterlockingsystemconsistsofafixedsetoftask,thecomputationalmodelofSICistask-based.Ingeneral,applicationsmayconformtoatime-triggered,event-triggeredormixedcomputationalmodel.Herethetime-triggeredmodeisselected,tasksareexecutedcyclically.TheconsistencyofcomputingstatesbetweenthetwounitsisthefoundationofSICforensuringsafetyandcredibility.AsSICworksunderalooselycoupledmode,itisdifferentfromthatofdedicatedhardware-coupledcomputer.SoaspecializedsynchronizationalgorithmisnecessaryforSIC.SICcanbeconsideredasamultiprocessordistributedsystem,anditscomputationalmodelisessentiallybasedondatacomparingviahighbuscommunication.First,ananalyticalapproachisusedtoconfirmtheworst-caseresponsetimeofeachtask.Toguaranteethedeadlineoftasksthatcommunicateacrossthenetwork,theaccesstimeanddelayofcommunicationmediumissettoafixedpossiblevalue.Moreover,thecomputationalmodelmustmeetstherealtimerequirementsofrailwayinterlockingsystem,withinthesystemcomputingcycle,wesetmanycheckpointsPi(i=1,2,...n,whicharesmallenoughforsynchronization,andcomputationresultvotingisexecutedateachpoint.ThesafetycomputationflowofSICisshowninFigure5.Start0clockclockSafetyfunctionsTasksofinterlockinglogici:p:checkpointInitializeSynchronizationGuaranteeSynchronousTimetriggerFigure5SafetycomputationalmodelofSIC4.Hardwaresafetyintegritylevelevaluation4.1SafetyIntegrityAsanauthoritativeinternationalstandardforsafety-relatedsystem,IEC61508presentsadefinitionofsafetyintegrity:probabilityofasafety-relatedsystemsatisfactorilyperformingtherequiredsafetyfunctionsunderallthestatedconditionswithinastatedperiodoftime.InIEC61508,therearefourlevelsofsafetyintegrityareprescribe,SIL1~SIL4.TheSIL1isthelowest,andSIL4highest.AccordingtoIEC61508,theSICbelongstosafety-relatedsystemsinhighdemandorcontinuousmodeofoperation.TheSILofSICcanbeevaluatedviatheprobabilityofdangerousperhour.TheprovisionofSILaboutsuchsysteminIEC61508,seetable1.Table1-SafetyIntegritylevels:targetfailuremeasuresforasafetyfunctionoperatinginhighdemandorcontinuousmodeofoperationSafetyIntegritylevelHighdemandorcontinuousmodeofOperation(ProbabilityofadangerousFailureperhour4≥10-9to<10-83≥10-8to<10-72≥10-7to<10-61≥10-6to<10-54.2ReliabilityblockdiagramofSICAfteranalyzingthestructureandworkingprincipleoftheSIC,wegetthebockdiagramofreliability,asfigure6.Figure6BlockdiagramofSICreliability5.ConclusionsInthispaper,weproposedanavailablestandardizedcomponent-basedcomputerSIC.Railwaysignalinterlockingisafail-safesystemwitharequiredprobabilityoflessthan10-9safetycriticalfailuresperhour.Inordertomeetthecriticalconstraints,fault-tolerantarchitectureandsafetytacticsareusedinSIC.Althoughthecomputationalmodelandimplementationtechniquesarerathercomplex,thephilosophyofSICprovidesacheerfulprospecttosafetycriticalapplications,itrendersinasimplerstyleofhardware,furthermore,itcanshortendevelopmentcycleandreducecost.SIChasbeenputintopracticalapplication,andhighperformanceofreliabilityandsafetyhasbeenproven.………………………From:模塊化安全鐵路信號(hào)計(jì)算機(jī)聯(lián)鎖系統(tǒng)1概述信號(hào)聯(lián)鎖系統(tǒng)是確保交通安全、提高鐵路運(yùn)輸效率的核心設(shè)備。長(zhǎng)久以來,在聯(lián)鎖系統(tǒng)中采用的核心控制計(jì)算機(jī)是特定的高檔安全計(jì)算機(jī),例如,西門子的SIMIS、日本信號(hào)的EI32等。隨著電子技術(shù)的飛速發(fā)展,定制的安全計(jì)算機(jī)面臨著嚴(yán)重的挑戰(zhàn),例如:高的開發(fā)成本、可用性差、弱可擴(kuò)展性、和緩慢的技術(shù)更新。為了克服高檔特定計(jì)算機(jī)的缺點(diǎn),美國(guó)國(guó)防部提出:我們應(yīng)當(dāng)采用商業(yè)原則,來取代軍事準(zhǔn)則和滿足客戶需要的原則。與此同時(shí),有許多有關(guān)在電子設(shè)備中采用開放式系統(tǒng)構(gòu)造的探索與實(shí)踐。美國(guó)和歐洲已經(jīng)做了諸多有關(guān)運(yùn)用運(yùn)用劃算的容錯(cuò)計(jì)算機(jī)來替代專用電腦在航天和其它安全核心領(lǐng)域。近年來,在航空航天、工業(yè)、交通和其它安全核心領(lǐng)域,運(yùn)用原則化部件正逐步成為一種新的趨勢(shì)。2鐵路信號(hào)聯(lián)鎖系統(tǒng)2.1信號(hào)聯(lián)鎖系統(tǒng)的功效信號(hào)聯(lián)鎖系統(tǒng)的基本功效是通過控制信號(hào)設(shè)備,保護(hù)列車運(yùn)行安全。如控制道岔的轉(zhuǎn)換、信號(hào)的開放和控制列車通過車站,它通過一種聯(lián)鎖解決規(guī)則控制線路。自鐵路運(yùn)輸誕生以來、信號(hào)聯(lián)鎖系統(tǒng)已經(jīng)經(jīng)歷了手動(dòng)信號(hào)、機(jī)械信號(hào)、繼電器聯(lián)鎖和當(dāng)代計(jì)算機(jī)聯(lián)鎖系統(tǒng)。2.2信號(hào)聯(lián)鎖系統(tǒng)的構(gòu)架普通來說,聯(lián)鎖系統(tǒng)含有層次構(gòu)造。根據(jù)設(shè)備的功效,系統(tǒng)可分為三層,如圖2.1所示。圖2.1信號(hào)聯(lián)鎖系統(tǒng)的構(gòu)造3安全計(jì)算機(jī)的組件設(shè)計(jì)3.1設(shè)計(jì)方略模塊化安全核心計(jì)算機(jī)組件的設(shè)計(jì)理念不同于那些特殊定制的計(jì)算機(jī)。我們對(duì)安全聯(lián)鎖計(jì)算機(jī)的設(shè)計(jì)理念是基于系統(tǒng)的容錯(cuò)性和系統(tǒng)的綜合需求。將其分為三層:原則化構(gòu)成單元層、軟件安全層與系統(tǒng)層,并給每一層分派不同的安全功效,最后將三層集成,并確保系統(tǒng)達(dá)成預(yù)定的安全完整性水平。三層能夠描述以下:(1原則化構(gòu)成單元層涉及四個(gè)獨(dú)立的原則化CPU模塊。這一層實(shí)現(xiàn)硬件“安全”邏輯聯(lián)鎖。(2軟件安全層重要用故障-安用方略和容錯(cuò)算法。由于一種完整的安全聯(lián)鎖系統(tǒng)采用兩個(gè)不同的CPU輸出的成果,因此最能確保軟件設(shè)計(jì)某一版本,在設(shè)計(jì)時(shí)存在的多個(gè)錯(cuò)誤,去除潛在的風(fēng)險(xiǎn)。(3系統(tǒng)層,旨在提高系統(tǒng)的可用性和冗余系統(tǒng)的可維護(hù)性。3.2容錯(cuò)構(gòu)造的硬件設(shè)計(jì)如圖3.1,安全聯(lián)鎖計(jì)算機(jī)由四個(gè)獨(dú)立單元構(gòu)成(C11,C12,C21,C22。采用雙容錯(cuò)構(gòu)造設(shè)計(jì)(2×2取2構(gòu)造,計(jì)算單元選用高可靠性、高效率的模塊,采用了英特爾XScale內(nèi)核,533兆赫的解決器。安全聯(lián)鎖計(jì)算機(jī)的操作基于兩層數(shù)據(jù)總線上。高速總線采用原則以太網(wǎng)構(gòu)造和TCP/IP通信合同、低總線控制器局域網(wǎng)(CAN。C11、C12和C21、C22分別構(gòu)成兩個(gè)獨(dú)立的安全計(jì)算部件IC1和IC2,并構(gòu)成2乘2取2構(gòu)造,并且每一部分都有計(jì)算機(jī)監(jiān)控和外部開關(guān)電路動(dòng)態(tài)監(jiān)測(cè)。圖3.1SIC硬件構(gòu)造3.3原則化構(gòu)成單元在研究清晰構(gòu)成模塊后,根據(jù)鐵路信號(hào)聯(lián)鎖系統(tǒng)的臨界安全性規(guī)定,我們必須做一個(gè)二次開發(fā)的模塊。該設(shè)計(jì)重要涉及電源、接口和其它嵌入式電路。安全聯(lián)鎖計(jì)算機(jī)的容錯(cuò)計(jì)算、解決、故障的同時(shí)診療重要依靠安全軟件。這個(gè)安全軟件的設(shè)計(jì)辦法不同于其它專用的特殊計(jì)算機(jī)。在專用特殊計(jì)算機(jī)中,軟件普通基于單一裸露硬件而特別設(shè)計(jì),限于計(jì)算解決能力和軟件兼容性,在電腦上特殊的調(diào)度程序一般基于安全性軟件設(shè)計(jì),而不是一種普通的操作系統(tǒng)。專用計(jì)算機(jī)中容錯(cuò)解決系統(tǒng)和故障診療系統(tǒng)通過硬件耦合。然而,安全聯(lián)鎖計(jì)算機(jī)中的安全軟件是開放、寬松的,它基于原則的Linux操作系統(tǒng)。安全軟件的二次開發(fā)是至關(guān)重要的。它涉及Linux系統(tǒng)調(diào)節(jié),故障-安全導(dǎo)向、容錯(cuò)性管理,安全聯(lián)鎖的邏輯。它們之間的層次關(guān)系如圖3.3。蘭州交通大學(xué)畢業(yè)設(shè)計(jì)（譯文）圖3.3SIC的安全軟件層次關(guān)系3.4容錯(cuò)模型和安全預(yù)計(jì)算3.4.1容錯(cuò)模型安全聯(lián)鎖計(jì)算機(jī)的多層容錯(cuò)計(jì)算模型：SIC=F1oo2D(F2oo2(SC11,SC12,F2oo2(SC21,SC22首先,根據(jù)計(jì)算單元Ci1采用一種算法來完畢Sci1，計(jì)算單元通過不同的算法完Ci2成Sci2，另首先，安全聯(lián)鎖計(jì)算機(jī)實(shí)施二乘二取二算法計(jì)算得到的成果和Sci1、Sci2計(jì)算，輸出到FSICi中的成果，再進(jìn)行二乘二取二運(yùn)算，第三，根據(jù)監(jiān)視系統(tǒng)和開關(guān)單元塊，安全聯(lián)鎖計(jì)算機(jī)運(yùn)算的成果在基于FSIC1和FSIC2輸出的成果上，通過與門的診療解決（2取1），就計(jì)算出Sci1。同樣的，根據(jù)Ci2的計(jì)算成果通過不同的算法也完畢Sci2。計(jì)算流程以下：(1Sci1=Fci1(Dnet1，Dnet2，Ddi，Dfss；(2Sci2=Fci2(Dnet1，Dnet2，Ddi，Dfss；(3FSIC1=F2oo2(Sci1，Sci2，(i=1，2；(4SICOutPut=Floo2D(FSIC1，F(xiàn)SIC2。3.4.2安全性計(jì)算由于聯(lián)鎖系統(tǒng)由一組固定的任務(wù)構(gòu)成，故SIC的計(jì)算模型是基于任務(wù)的。普通，應(yīng)用