中英文文献翻译

毕业设计(论文外文参考文献及译文中文题目模块化安全铁路信号计算机联锁系统学院自动化与电气工程学院专业自动控制姓名葛彦宁学号08746指导教师贺清5月30日Component-basedSafetyComputerofRailwaySignalInterlockingSystem1IntroductionSignalInterlockingSystemisthecriticalequipmentwhichcanguaranteetrafficsafetyandenhanceoperationalefficiencyinrailwaytransportation.Foralongtime,thecorecontrolcomputeradoptsininterlockingsystemisthespecialcustomizedhigh-gradesafetycomputer,forexample,theSIMISofSiemens,theEI32ofNipponSignal,andsoon.Alongwiththerapiddevelopmentofelectronictechnology,thecustomizedsafetycomputerisfacingseverechallenges,forinstance,thehighdevelopmentcosts,poorusability,weakexpansibilityandslowtechnologyupdate.Toovercometheflawsofthehigh-gradespecialcustomizedcomputer,theU.S.DepartmentofDefensehasputforwardtheconcept:weshouldadoptcommercialstandardstoreplacemilitarynormsandstandardsformeetingconsumers’demand[1].Inthemeantime,thereareseveralexplorationsandpracticesaboutadoptingopensystemarchitectureinavionics.TheUnitedStatedandEuropehavedomuchresearchaboututilizingcost-effectivefault-tolerantcomputertoreplacethededicatedcomputerinaerospaceandothersafety-criticalfields.Inrecentyears,itisgraduallybecominganewtrendthattheutilizationofstandardizedcomponentsinaerospace,industry,transportationandothersafety-criticalfields.2Railwayssignalinterlockingsystem2.1FunctionsofsignalinterlockingsystemThebasicfunctionofsignalinterlockingsystemistoprotecttrainsafetybycontrollingsignalequipments,suchasswitchpoints,signalsandtrackunitsinastation,andithandlesroutesviaacertaininterlockingregulation.Sincethebirthoftherailwaytransportation,signalinterlockingsystemhasgonethroughmanualsignal,mechanicalsignal,relay-basedinterlocking,andthemoderncomputer-basedInterlockingSystem.2.2ArchitectureofsignalinterlockingsystemGenerally,theInterlockingSystemhasahierarchicalstructure.Accordingtothefunctionofequipments,thesystemcanbedividedtothefunctionofequipments;thesystemcanbedividedintothreelayersasshowninfigure1.Figure1ArchitectureofSignalInterlockingSystem3Component-basedsafetycomputerdesign3.1DesignstrategyThedesignconceptofcomponent-basedsafetycriticalcomputerisdifferentfromthatofspecialcustomizedcomputer.OurdesignstrategyofSICisonabaseoffault-toleranceandsystemintegration.WeseparatetheSICintothreelayers,thestandardizedcomponentunitlayer,safetysoftwarelayerandthesystemlayer.Differentsafetyfunctionsareallocatedforeachlayer,andthefinalintegrationofthethreelayersensuresthepredefinedsafetyintegritylevelofthewholeSIC.Thethreelayerscanbedescribedasfollows:(1ComponentunitlayerincludesfourindependentstandardizedCPUmodules.Ahardware“SAFETYAND”logicisimplementedinthisyear.(2Safetysoftwarelayermainlyutilizesfail-safestrategyandfault-tolerantmanagement.TheinterlockingsafetycomputingofthewholesystemadoptstwooutputsfromdifferentCPU,itcanmostlyensurethediversityofsoftwaretoholdwithdesignerrorsofsignalversionandremovehiddenrisks.(3Systemlayeraimstoimprovereliability,availabilityandmaintainabilitybymeansofredundancy.3.2Designofhardwarefault-tolerantstructureAsshowninfigure2,theSICoffourindependentcomponentunits(C11,C12,C21,C22.Thefault-tolerantarchitectureadoptsdual2vote2(2v2×2structure,andakindofhigh-performancestandardizedmodulehasbeenselectedascomputingunitwhichadoptsIntelXScalekernel,533MHZ.TheoperationofSICisbasedonadualtwo-layerdatabuses.ThehighbusadoptsthestandardEthernetandTCP/IPcommunicationprotocol,andthelowbusisControllerAreaNetwork(CAN.C11、C12andC21、C22respectivelymakeupoftwosafetycomputingcomponentsIC1andIC2,whichareof2v2structure.Andeachcomponenthasanexternaldynamiccircuitwatchdogthatissetforcomputingsupervisionandswitching.Figure2HardwarestructureofSIC3.3StandardizedcomponentunitAftercomponentmoduleismadecertain,accordingtothesafety-criticalrequirementsofrailwaysignalinterlockingsystem,wehavetodoasecondarydevelopmentonthemodule.Thedesignincludespowersupply,interfacesandotherembeddedcircuits.Thefault-tolerantprocessing,synchronizedcomputing,andfaultdiagnosisofSICmostlydependonthesafetysoftware.Herethesafetysoftwaredesignmethodisdifferingfromthatofthespecialcomputertoo.Fordedicatedcomputer,thesoftwareisoftenspeciallydesignedbasedonthebarehardware.Asrestrictedbycomputingabilityandapplicationobject,aspecialschedulingprogramiscommonlydesignedassafetysoftwareforthecomputer,andnotauniversaloperatingsystem.Thefault-tolerantprocessingandfaultdiagnosisofthededicatedcomputeraretightlyhardware-coupled.However,thesafetysoftwareforSICisexotericandlooselyhardware-coupled,anditisbasedonastandardLinuxOS.Thesafetysoftwareisvitalelementofsecondarydevelopment.ItincludesLinuxOSadjustment,fail-safeprocess,fault-tolerancemanagement,andsafetyinterlockinglogic.ThehierarchyrelationsbetweenthemareshowninFigure4.SafetyInterlockLogicFail-safeprocessFault-tolerancemanagementLinuxOSadjustmentFigure4SafetysoftwarehierarchyofSIC3.4Fault-tolerantmodelandsafetycomputation3.4.1Fault-tolerantmodelTheFault-tolerantcomputationofSICisofamultilevelmodel:SIC=F1002D(F(Sc11,Sc12,F(Sc21,Sc22Firstly,basiccomputingunitCi1adoptsonealgorithmtocompletetheSCi1,andCi2finishestheSCi2viaadifferentalgorithm,secondly2outof2(2oo2safetycomputingcomponentofSICexecutes2oo2calculationandgetsFSICifromthecalculationresultsofSCi1SCi2,andthirdly,accordingthestatesofwatchdogandswitchunitblock,theresultofSICisgottenviaa1outof2withdiagnostics(1oo2Dcalculation,whichisbasedonFSIC1andFSIC2.Theflowofcalculationsisasfollows:(1Sci1=Fci1(Dnet1,Dnet2,Ddi,Dfss(2Sci2=Fci2(Dnet1,Dnet2,Ddi,Dfss(3FSICi=F2oo2(Sci1,Sci2,(i=1,2(4SIC_OutPut=F1oo2D(FSIC1,FSIC23.4.2SafetycomputationAsinterlockingsystemconsistsofafixedsetoftask,thecomputationalmodelofSICistask-based.Ingeneral,applicationsmayconformtoatime-triggered,event-triggeredormixedcomputationalmodel.Herethetime-triggeredmodeisselected,tasksareexecutedcyclically.TheconsistencyofcomputingstatesbetweenthetwounitsisthefoundationofSICforensuringsafetyandcredibility.AsSICworksunderalooselycoupledmode,itisdifferentfromthatofdedicatedhardware-coupledcomputer.SoaspecializedsynchronizationalgorithmisnecessaryforSIC.SICcanbeconsideredasamultiprocessordistributedsystem,anditscomputationalmodelisessentiallybasedondatacomparingviahighbuscommunication.First,ananalyticalapproachisusedtoconfirmtheworst-caseresponsetimeofeachtask.Toguaranteethedeadlineoftasksthatcommunicateacrossthenetwork,theaccesstimeanddelayofcommunicationmediumissettoafixedpossiblevalue.Moreover,thecomputationalmodelmustmeetstherealtimerequirementsofrailwayinterlockingsystem,withinthesystemcomputingcycle,wesetmanycheckpointsPi(i=1,2,...n,whicharesmallenoughforsynchronization,andcomputationresultvotingisexecutedateachpoint.ThesafetycomputationflowofSICisshowninFigure5.Start0clockclockSafetyfunctionsTasksofinterlockinglogici:p:checkpointInitializeSynchronizationGuaranteeSynchronousTimetriggerFigure5SafetycomputationalmodelofSIC4.Hardwaresafetyintegritylevelevaluation4.1SafetyIntegrityAsanauthoritativeinternationalstandardforsafety-relatedsystem,IEC61508presentsadefinitionofsafetyintegrity:probabilityofasafety-relatedsystemsatisfactorilyperformingtherequiredsafetyfunctionsunderallthestatedconditionswithinastatedperiodoftime.InIEC61508,therearefourlevelsofsafetyintegrityareprescribe,SIL1~SIL4.TheSIL1isthelowest,andSIL4highest.AccordingtoIEC61508,theSICbelongstosafety-relatedsystemsinhighdemandorcontinuousmodeofoperation.TheSILofSICcanbeevaluatedviatheprobabilityofdangerousperhour.TheprovisionofSILaboutsuchsysteminIEC61508,seetable1.Table1-SafetyIntegritylevels:targetfailuremeasuresforasafetyfunctionoperatinginhighdemandorcontinuousmodeofoperationSafetyIntegritylevelHighdemandorcontinuousmodeofOperation(ProbabilityofadangerousFailureperhour4≥10-9to<10-83≥10-8to<10-72≥10-7to<10-61≥10-6to<10-54.2ReliabilityblockdiagramofSICAfteranalyzingthestructureandworkingprincipleoftheSIC,wegetthebockdiagramofreliability,asfigure6.Figure6BlockdiagramofSICreliability5.ConclusionsInthispaper,weproposedanavailablestandardizedcomponent-basedcomputerSIC.Railwaysignalinterlockingisafail-safesystemwitharequiredprobabilityoflessthan10-9safetycriticalfailuresperhour.Inordertomeetthecriticalconstraints,fault-tolerantarchitectureandsafetytacticsareusedinSIC.Althoughthecomputationalmodelandimplementationtechniquesarerathercomplex,thephilosophyofSICprovidesacheerfulprospecttosafetycriticalapplications,itrendersinasimplerstyleofhardware,furthermore,itcanshortendevelopmentcycleandreducecost.SIChasbeenputintopracticalapplication,andhighperformanceofreliabilityandsafetyhasbeenproven.………………………From:模块化安全铁路信号计算机联锁系统1概述信号联锁系统是确保交通安全、提高铁路运输效率的核心设备。长久以来,在联锁系统中采用的核心控制计算机是特定的高档安全计算机,例如,西门子的SIMIS、日本信号的EI32等。随着电子技术的飞速发展,定制的安全计算机面临着严重的挑战,例如:高的开发成本、可用性差、弱可扩展性、和缓慢的技术更新。为了克服高档特定计算机的缺点,美国国防部提出:我们应当采用商业原则,来取代军事准则和满足客户需要的原则。与此同时,有许多有关在电子设备中采用开放式系统构造的探索与实践。美国和欧洲已经做了诸多有关运用运用划算的容错计算机来替代专用电脑在航天和其它安全核心领域。近年来,在航空航天、工业、交通和其它安全核心领域,运用原则化部件正逐步成为一种新的趋势。2铁路信号联锁系统2.1信号联锁系统的功效信号联锁系统的基本功效是通过控制信号设备,保护列车运行安全。如控制道岔的转换、信号的开放和控制列车通过车站,它通过一种联锁解决规则控制线路。自铁路运输诞生以来、信号联锁系统已经经历了手动信号、机械信号、继电器联锁和当代计算机联锁系统。2.2信号联锁系统的构架普通来说,联锁系统含有层次构造。根据设备的功效,系统可分为三层,如图2.1所示。图2.1信号联锁系统的构造3安全计算机的组件设计3.1设计方略模块化安全核心计算机组件的设计理念不同于那些特殊定制的计算机。我们对安全联锁计算机的设计理念是基于系统的容错性和系统的综合需求。将其分为三层:原则化构成单元层、软件安全层与系统层,并给每一层分派不同的安全功效,最后将三层集成,并确保系统达成预定的安全完整性水平。三层能够描述以下:(1原则化构成单元层涉及四个独立的原则化CPU模块。这一层实现硬件“安全”逻辑联锁。(2软件安全层重要用故障-安用方略和容错算法。由于一种完整的安全联锁系统采用两个不同的CPU输出的成果,因此最能确保软件设计某一版本,在设计时存在的多个错误,去除潜在的风险。(3系统层,旨在提高系统的可用性和冗余系统的可维护性。3.2容错构造的硬件设计如图3.1,安全联锁计算机由四个独立单元构成(C11,C12,C21,C22。采用双容错构造设计(2×2取2构造,计算单元选用高可靠性、高效率的模块,采用了英特尔XScale内核,533兆赫的解决器。安全联锁计算机的操作基于两层数据总线上。高速总线采用原则以太网构造和TCP/IP通信合同、低总线控制器局域网(CAN。C11、C12和C21、C22分别构成两个独立的安全计算部件IC1和IC2,并构成2乘2取2构造,并且每一部分都有计算机监控和外部开关电路动态监测。图3.1SIC硬件构造3.3原则化构成单元在研究清晰构成模块后,根据铁路信号联锁系统的临界安全性规定,我们必须做一个二次开发的模块。该设计重要涉及电源、接口和其它嵌入式电路。安全联锁计算机的容错计算、解决、故障的同时诊疗重要依靠安全软件。这个安全软件的设计办法不同于其它专用的特殊计算机。在专用特殊计算机中,软件普通基于单一裸露硬件而特别设计,限于计算解决能力和软件兼容性,在电脑上特殊的调度程序一般基于安全性软件设计,而不是一种普通的操作系统。专用计算机中容错解决系统和故障诊疗系统通过硬件耦合。然而,安全联锁计算机中的安全软件是开放、宽松的,它基于原则的Linux操作系统。安全软件的二次开发是至关重要的。它涉及Linux系统调节,故障-安全导向、容错性管理,安全联锁的逻辑。它们之间的层次关系如图3.3。兰州交通大学毕业设计（译文）图3.3SIC的安全软件层次关系3.4容错模型和安全预计算3.4.1容错模型安全联锁计算机的多层容错计算模型：SIC=F1oo2D(F2oo2(SC11,SC12,F2oo2(SC21,SC22首先,根据计算单元Ci1采用一种算法来完毕Sci1，计算单元通过不同的算法完Ci2成Sci2，另首先，安全联锁计算机实施二乘二取二算法计算得到的成果和Sci1、Sci2计算，输出到FSICi中的成果，再进行二乘二取二运算，第三，根据监视系统和开关单元块，安全联锁计算机运算的成果在基于FSIC1和FSIC2输出的成果上，通过与门的诊疗解决（2取1），就计算出Sci1。同样的，根据Ci2的计算成果通过不同的算法也完毕Sci2。计算流程以下：(1Sci1=Fci1(Dnet1，Dnet2，Ddi，Dfss；(2Sci2=Fci2(Dnet1，Dnet2，Ddi，Dfss；(3FSIC1=F2oo2(Sci1，Sci2，(i=1，2；(4SICOutPut=Floo2D(FSIC1，FSIC2。3.4.2安全性计算由于联锁系统由一组固定的任务构成，故SIC的计算模型是基于任务的。普通，应用