[go: up one dir, main page]

WO2024208077A1 - Intensive car controller-based highly-redundant control method and control system - Google Patents

Intensive car controller-based highly-redundant control method and control system Download PDF

Info

Publication number
WO2024208077A1
WO2024208077A1 PCT/CN2024/084391 CN2024084391W WO2024208077A1 WO 2024208077 A1 WO2024208077 A1 WO 2024208077A1 CN 2024084391 W CN2024084391 W CN 2024084391W WO 2024208077 A1 WO2024208077 A1 WO 2024208077A1
Authority
WO
WIPO (PCT)
Prior art keywords
train
control
centralized
intensive
host
Prior art date
Application number
PCT/CN2024/084391
Other languages
French (fr)
Chinese (zh)
Inventor
高琦
夏益韬
漆林
檀骏
肖阳俊
张伟
雷宇
王冰洁
Original Assignee
中车南京浦镇车辆有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中车南京浦镇车辆有限公司 filed Critical 中车南京浦镇车辆有限公司
Publication of WO2024208077A1 publication Critical patent/WO2024208077A1/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the present invention relates to the technical field of train control systems, and in particular to a highly redundant control method and control system based on an intensive vehicle controller.
  • the technical problem to be solved by the present invention is to provide a highly redundant control method and control system based on an intensive vehicle controller.
  • the present invention provides a highly redundant control method based on an intensive vehicle controller, comprising the following steps:
  • the centralized host uses Hypervisor virtualization to divide the vehicle subsystems in the corresponding train into SIL4, SIL2 and SIL0 according to the control function, and SIL4, SIL2 and SIL0 are respectively located in the operating system of the centralized host;
  • the centralized host completes the functions of each vehicle subsystem in the train, and all control instructions and status data in the operating system are transmitted via Ethernet;
  • the intensive host allocates SIL4, SIL2 and SIL0 to different CPUs and memory addresses through Hypervisor virtualization to achieve physical isolation;
  • Each train uses an intensive host to complete the vehicle-level control, and realizes the train-level control through competition and majority voting.
  • SIL4 includes: train route planning, train resource application and management, train movement authorization and door release.
  • SIL2 includes: train direction instructions, train door opening and closing, traction control logic and brake valve control instructions.
  • SIL0 includes: vehicle monitoring, fault diagnosis, lighting control and air conditioning control.
  • All terminals in the train are terminal actuators with SIL4, SIL2 and/or SIL0 functions, and all control logic in the train is calculated and instructed by the centralized host.
  • a highly redundant control system based on a centralized vehicle controller realizes TSN communication through the centralized host and terminal actuator, and the Ethernet communication board of the centralized host.
  • the centralized host uses Hypervisor virtualization to achieve the integration of multiple functional hosts (that is, the functions of multiple systems are completed in one processor).
  • Each car uses a centralized host to complete car-level control, and train-level control is achieved through competition and majority voting;
  • the terminal actuators installed on each train have SIL4, SIL2 and/or SIL0 functions, and the terminal actuators are electrically connected to the centralized host;
  • a vehicle subsystem installed in the centralized host computer of each train.
  • the network architecture of the control system adopts a ladder network architecture and uses TSN for network management and scheduling, which can achieve a high degree of redundancy and improve reliability.
  • TSN to manage and schedule the network can realize a deterministic network and ensure the real-time and deterministic data transmission.
  • Important data has a time stamp and is transmitted in a limited number of levels.
  • the train vehicle subsystem contains multiple functions, there are multiple control units and control modules in the train; in the existing solution, each control unit and control module is deployed in a different subsystem; the train vehicle subsystem includes: signal system, traction system, braking system, network system, door system, driving control and passenger information, and the intensive host divides the various vehicle subsystems in the train into SIL4, SIL2 and SIL0 according to the control function by using Hypervisor virtualization, and SIL4, SIL2 and SIL0 are respectively located in different operating systems of a multi-core processor of the train; the intensive host completes the functions of each vehicle subsystem in the train, and all control instructions and status data in the operating system are transmitted through Ethernet.
  • Data transmission between any two train hosts and terminals is achieved through a network interface board that supports both RSSP-I and TRDP communication protocols.
  • the terminal interfaces on the terminal executor are all dual-home interfaces, and the network interface supports both TRDP protocol and RSSP protocol.
  • the setting of dual-home interfaces makes it easy to use the other interface when one interface fails.
  • the present invention can improve the reliability and real-time performance of the train, realize deterministic network data transmission, and the intensive host can replace most of the original on-board equipment, effectively reducing the installation space, weight and wiring, and reducing the cost of the vehicle and maintenance cost.
  • FIG. 1 is a system framework diagram of the present invention.
  • FIG. 2 is a system framework diagram of the ladder network architecture in the present invention.
  • FIG3 is a system framework diagram of Hypervisor virtualization in the present invention.
  • FIG. 4 is a system framework diagram of a dual-homing interface of a terminal executor in the present invention.
  • FIG5 is a system framework diagram showing an embodiment of the present invention in which each vehicle uses an intensive host to complete vehicle-level control.
  • Embodiment 1 As shown in FIG. 1 to FIG. 5 , the present invention provides a highly redundant control method based on an intensive vehicle controller, comprising the following steps:
  • the centralized host uses Hypervisor virtualization to divide the vehicle subsystems in the corresponding train into SIL4, SIL2 and SIL0 according to the control function, and SIL4, SIL2 and SIL0 are located in different operating systems of the train (the train has subsystems such as traction, braking, signaling, network, door and air conditioning.
  • the functions are divided into safety levels according to hazard analysis, and the functions of the same level are placed in the same operating system);
  • the centralized host completes the functions of each operating system in the train, and all control instructions and status data in the operating system are transmitted via Ethernet;
  • the intensive host allocates SIL4, SIL2 and SIL0 to different CPUs and memory addresses through Hypervisor virtualization to achieve physical isolation;
  • Each train uses an intensive host to complete the vehicle-level control, and realizes the train-level control through competition and majority voting.
  • Embodiment 2 On the basis of Embodiment 1, as shown in Figures 1-5, a highly redundant control system based on a centralized vehicle controller realizes TSN communication through switches, terminal actuators, and Ethernet communication boards of centralized hosts, including centralized hosts arranged on each train, and the centralized hosts use Hypervisor virtualization to realize the integration of multiple functional hosts by one centralized host; each vehicle uses a centralized host to complete vehicle-level control, and realizes train-level control through competition and majority voting; the terminal actuators arranged on each train have SIL4, SIL2 and/or SIL0 functions, and the terminal actuators are electrically connected to the centralized hosts; the vehicle subsystems are arranged in the centralized hosts of each train.
  • the ladder network architecture is used to achieve high redundancy, and the time-sensitive network (TSN) is used to achieve data
  • TSN time-sensitive network
  • the hypervisor-based virtualization method is used to realize the centralization of vehicle controllers and a decentralized method is used to complete the layout of centralized hosts and terminal actuators; the highly centralized host can realize the various subsystems in the train, namely: signal system, traction system, braking system, network system, door system, driving control and passenger information.
  • the network interface board supports both RSSP-I and TRDP communication protocols for data transmission between any two train hosts and control terminals.
  • the terminal interfaces on all terminal actuators use dual-home interfaces, that is, when one interface fails, another interface can be used, and each network port used supports both TRDP and RSSP protocols.
  • the network architecture adopts a ladder network architecture to achieve a high degree of redundancy and improve reliability. It also uses TSN to manage and schedule the network to achieve a deterministic network, ensuring the real-time and deterministic nature of data transmission. Important data has a timestamp and is transmitted in a limited number of levels.
  • the centralized host uses Hypervisor virtualization to virtualize the operating systems in the corresponding trains, and divides them into SIL4, SIL2 and SIL0 according to their functions.
  • SIL4, SIL2 and SIL0 are located in the operating system of the centralized host respectively, and the functions of different safety levels are allocated to different CPUs and memory addresses to achieve physical isolation (that is, the original vehicle subsystems of the vehicle are classified, and then divided into levels according to functions, and then a multi-core processor and corresponding memory and other resource spaces are divided to achieve isolation, and then the divided functions are placed in the isolation space, which includes the operating system (Linux or other) and application programs; all functions are classified, and SIL4 is placed in an isolation space.
  • the isolation space which includes the operating system (Linux or other) and application programs; all functions are classified, and SIL4 is placed in an isolation space.
  • SIL2 is placed in an isolated space; SIL0 is placed in an isolated space; and all spaces are in one processor); Hypervisor virtualization can effectively isolate the functions of SIL4, SIL2 and SIL0; SIL4 main functions include the related functions of the original on-board ATP, including train path planning, train resource application and management, vehicle movement authorization, door release, etc.; SIL2 mainly includes the functions of ATO and some TCMS, including: train direction instructions, train door opening and closing, traction control logic, brake valve control instructions; SIL0 mainly includes vehicle monitoring functions, fault diagnosis functions, lighting control, air conditioning control, etc.; (The current existing technology train contains multiple subsystems, namely: traction system, Braking system, network system, door system, air conditioning system, driving control and passenger information system; and all systems have control units and control modules with corresponding functions).
  • the train no longer provides the original on-board ATP, ATO, network, traction, braking, air conditioning, lighting, passenger information and other hosts, but all functions are completed by the intensive host; all control instructions and status data are transmitted through Ethernet, and all terminals of the train are replaced by terminal actuators with SIL4, SIL2 and/or SIL0 functions.
  • the traction system terminal is replaced by a motor driver
  • the braking system terminal is replaced by a valve controller
  • the air conditioning system terminal is replaced by remote IO. All control logic of the train is calculated and instructions are issued by the intensive host.
  • each train uses a centralized host to complete the control of the train level, and realizes the control of the train level through competition and majority voting, which improves the availability of the train. For example, if the centralized host of train 1 fails, the hosts of trains 2, 3, 4, 5, and 6 can vote to confirm the next host to take over as the control host of the whole vehicle function.
  • Each centralized host needs to obtain the heartbeat and master control information of the other five centralized hosts in real time.
  • the host of train 1 When powered on, the host of train 1 will be the master control first, and the other trains 2, 3, 4, 5, and 6 will be non-master controls. Then the master control will be replaced in turn at regular intervals.
  • train 6 When train 6 is completed, it will be handed over to train 1, and the cycle will continue. If the master control is not detected at a certain moment, after waiting for several cycles, the centralized host with the lowest heartbeat and the lowest train number, and the majority of the other centralized hosts with normal heartbeats, will vote that the centralized host can take over, and then it will automatically take over the master control.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
  • Safety Devices In Control Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to the technical field of train control systems. Disclosed are an intensive car controller-based highly-redundant control method and control system. The control method comprises: intensive hosts divide respectively corresponding car subsystems in a train into SIL4, SIL2 and SIL0 according to control functions in a Hypervisor virtualization mode, and implement the function of each car subsystem in the train; the intensive hosts allocate SIL4, SIL2 and SIL0 to different CPUs and memory addresses by means of Hypervisor virtualization so as to achieve physical isolation; and each car uses one intensive host to implement control at a level of the present car, and executes train-level control in a competition and majority voting mode. The present invention has the advantages of improving the reliability and the real-time performance of trains, implementing deterministic network data transmission, and replacing most of original onboard devices by the intensive hosts so as to effectively reduce installation space, weight and wiring, and to decrease car costs and maintenance costs.

Description

基于集约型车辆控制器的高度冗余的控制方法及控制系统Highly redundant control method and control system based on intensive vehicle controller 技术领域Technical Field

本发明涉及列车控制系统技术领域,具体涉及一种基于集约型车辆控制器的高度冗余的控制方法及控制系统。The present invention relates to the technical field of train control systems, and in particular to a highly redundant control method and control system based on an intensive vehicle controller.

背景技术Background Art

列车车辆在常规项目中所有子系统均具备自己的控制器,然后通过车辆控制单元进行统一管理,各个控制单元都具备自己的控制逻辑以及控制硬件实现自己功能。最终会导致接口协调效率低下,硬件资源浪费,以及列车空间占用大和车辆重量高的缺点。In conventional projects, all subsystems of train vehicles have their own controllers, which are then managed uniformly through the vehicle control unit. Each control unit has its own control logic and control hardware to realize its own functions. This will eventually lead to low interface coordination efficiency, waste of hardware resources, large space occupation of the train and high vehicle weight.

发明内容Summary of the invention

针对上述存在的技术不足,本发明要解决的技术问题是提供一种基于集约型车辆控制器的高度冗余的控制方法及控制系统。In view of the above-mentioned technical deficiencies, the technical problem to be solved by the present invention is to provide a highly redundant control method and control system based on an intensive vehicle controller.

为解决上述技术问题,本发明提供一种基于集约型车辆控制器的高度冗余的控制方法,包括如下步骤:In order to solve the above technical problems, the present invention provides a highly redundant control method based on an intensive vehicle controller, comprising the following steps:

S1、集约型主机将各自对应的列车中的各个车辆子系统采用Hypervisor虚拟化的方式按照控制功能分为SIL4、SIL2和SIL0,且SIL4、SIL2和SIL0分别位于集约型主机的操作系统中;S1. The centralized host uses Hypervisor virtualization to divide the vehicle subsystems in the corresponding train into SIL4, SIL2 and SIL0 according to the control function, and SIL4, SIL2 and SIL0 are respectively located in the operating system of the centralized host;

集约型主机完成列车中的各个车辆子系统的功能,操作系统中所有的控制指令以及状态数据均通过以太网传输;The centralized host completes the functions of each vehicle subsystem in the train, and all control instructions and status data in the operating system are transmitted via Ethernet;

S2、集约型主机通过Hypervisor虚拟化将SIL4、SIL2和SIL0分配到不同的CPU以及内存地址中,实现物理隔离;S2, the intensive host allocates SIL4, SIL2 and SIL0 to different CPUs and memory addresses through Hypervisor virtualization to achieve physical isolation;

S3、每辆列车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制。S3. Each train uses an intensive host to complete the vehicle-level control, and realizes the train-level control through competition and majority voting.

SIL4包括:列车路径规划、列车资源申请与管理、车移动授权和车门释放。 SIL4 includes: train route planning, train resource application and management, train movement authorization and door release.

SIL2包括:列车方向指令、列车开关门、牵引控制的逻辑和制动阀控制指令。SIL2 includes: train direction instructions, train door opening and closing, traction control logic and brake valve control instructions.

SIL0包括:车辆的监控,故障诊断,照明控制和空调控制。SIL0 includes: vehicle monitoring, fault diagnosis, lighting control and air conditioning control.

列车中所有的终端为具备SIL4、SIL2和/或SIL0功能的终端执行器,列车中所有的控制逻辑由集约型主机进行运算并下发指令。All terminals in the train are terminal actuators with SIL4, SIL2 and/or SIL0 functions, and all control logic in the train is calculated and instructed by the centralized host.

基于集约型车辆控制器的高度冗余的控制系统,通过集约型主机与终端执行器、集约型主机的以太网通信板实现TSN通信。A highly redundant control system based on a centralized vehicle controller realizes TSN communication through the centralized host and terminal actuator, and the Ethernet communication board of the centralized host.

包括设置在各个列车上的集约型主机,集约型主机采用Hypervisor虚拟化实现一个集约型主机对多个功能主机的融合(即在一个处理器中完成多个系统的功能);It includes a centralized host installed on each train. The centralized host uses Hypervisor virtualization to achieve the integration of multiple functional hosts (that is, the functions of multiple systems are completed in one processor).

每辆车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制;Each car uses a centralized host to complete car-level control, and train-level control is achieved through competition and majority voting;

设置在各个列车上的终端执行器,具备SIL4、SIL2和/或SIL0功能,且终端执行器与集约型主机之间电联接;The terminal actuators installed on each train have SIL4, SIL2 and/or SIL0 functions, and the terminal actuators are electrically connected to the centralized host;

设置在各个列车的集约型主机里的车辆子系统。A vehicle subsystem installed in the centralized host computer of each train.

控制系统的网络架构采用梯形网络架构,且采用TSN对网络管理调度,可实现高度的冗余,提升可靠性,采用TSN对网络进行管理调度,可实现确定性网络,确保数据传输的实时性以及确定性,重要的数据具备时间戳,并按照有限级进行传输。The network architecture of the control system adopts a ladder network architecture and uses TSN for network management and scheduling, which can achieve a high degree of redundancy and improve reliability. Using TSN to manage and schedule the network can realize a deterministic network and ensure the real-time and deterministic data transmission. Important data has a time stamp and is transmitted in a limited number of levels.

由于列车车辆子系统包含多种功能,因此列车中存在多个控制单元和控制模块;现有方案中,各个控制单元和控制模块部署于不同子系统;列车车辆子系统包括:信号系统、牵引系统、制动系统、网络系统、车门系统、驾驶控制和乘客信息,集约型主机将列车中的各个车辆子系统采用Hypervisor虚拟化的方式按照控制功能分为SIL4、SIL2和SIL0,且SIL4、SIL2和SIL0分别位于列车一个多核处理器的不同的操作系统中;集约型主机完成列车中的各个车辆子系统的功能,操作系统中所有的控制指令以及状态数据均通过以太网传输。 Since the train vehicle subsystem contains multiple functions, there are multiple control units and control modules in the train; in the existing solution, each control unit and control module is deployed in a different subsystem; the train vehicle subsystem includes: signal system, traction system, braking system, network system, door system, driving control and passenger information, and the intensive host divides the various vehicle subsystems in the train into SIL4, SIL2 and SIL0 according to the control function by using Hypervisor virtualization, and SIL4, SIL2 and SIL0 are respectively located in different operating systems of a multi-core processor of the train; the intensive host completes the functions of each vehicle subsystem in the train, and all control instructions and status data in the operating system are transmitted through Ethernet.

任意两个列车主机与终端之间的数据传输均是通过同时支持RSSP-I和TRDP通信协议的网络接口板卡实现的。Data transmission between any two train hosts and terminals is achieved through a network interface board that supports both RSSP-I and TRDP communication protocols.

终端执行器上的终端接口均为双归属接口,网络接口同时支持TRDP协议和RSSP协议,双归属接口的设置,便于当其中一个接口故障时可以使用另外一个接口。The terminal interfaces on the terminal executor are all dual-home interfaces, and the network interface supports both TRDP protocol and RSSP protocol. The setting of dual-home interfaces makes it easy to use the other interface when one interface fails.

本发明的有益效果在于:The beneficial effects of the present invention are:

1、本发明采用一个主机,通过Hypervisor虚拟化的方式将列车各系统的功能进行划分,且多辆列车的采用竞争的方式通过一个集约型主机实现对列车的管理,且其他集约型主机对列车的状态进行监视;当管理列车的集约型主机中任意功能失效或者故障,将自动的切换到下一个正常的集约型主机对列车进行控制。1. The present invention adopts a host to divide the functions of various train systems through Hypervisor virtualization, and multiple trains are managed by a centralized host in a competitive manner, and other centralized hosts monitor the status of the trains; when any function of the centralized host managing the train fails or malfunctions, it will automatically switch to the next normal centralized host to control the train.

2、本发明可以提升列车的可靠性,实时性,实现确定性网络数据传输,并且集约型主机能够替代原有车载的绝大部分设备,有效的降低了安装空间、重量以及布线,降低了车辆的成本,以及维护成本。2. The present invention can improve the reliability and real-time performance of the train, realize deterministic network data transmission, and the intensive host can replace most of the original on-board equipment, effectively reducing the installation space, weight and wiring, and reducing the cost of the vehicle and maintenance cost.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1为本发明的系统框架图。FIG. 1 is a system framework diagram of the present invention.

图2为本发明中的梯形网络架构的系统框架图。FIG. 2 is a system framework diagram of the ladder network architecture in the present invention.

图3为本发明中的Hypervisor虚拟化的系统框架图。FIG3 is a system framework diagram of Hypervisor virtualization in the present invention.

图4为本发明中的终端执行器的双归属接口的系统框架图。FIG. 4 is a system framework diagram of a dual-homing interface of a terminal executor in the present invention.

图5为本发明实施例中每辆车均采用一个集约型主机完成本车级别控制的系统框架图。FIG5 is a system framework diagram showing an embodiment of the present invention in which each vehicle uses an intensive host to complete vehicle-level control.

具体实施方式 DETAILED DESCRIPTION

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

实施例一:如图1-图5所示,本发明提供了一种基于集约型车辆控制器的高度冗余的控制方法,包括以下步骤:Embodiment 1: As shown in FIG. 1 to FIG. 5 , the present invention provides a highly redundant control method based on an intensive vehicle controller, comprising the following steps:

S1、集约型主机将各自对应的列车中的各个车辆子系统采用Hypervisor虚拟化的方式按照控制功能分为SIL4、SIL2和SIL0,且SIL4、SIL2和SIL0分别位于列车不同的操作系统中(列车具有牵引、制动、信号、网络、车门和空调等子系统,对功能按照危害分析进行安全等级划分,将相同等级的功能放到同一个操作系统里);S1. The centralized host uses Hypervisor virtualization to divide the vehicle subsystems in the corresponding train into SIL4, SIL2 and SIL0 according to the control function, and SIL4, SIL2 and SIL0 are located in different operating systems of the train (the train has subsystems such as traction, braking, signaling, network, door and air conditioning. The functions are divided into safety levels according to hazard analysis, and the functions of the same level are placed in the same operating system);

集约型主机完成列车中的各个操作系统的功能,操作系统中所有的控制指令以及状态数据均通过以太网传输;The centralized host completes the functions of each operating system in the train, and all control instructions and status data in the operating system are transmitted via Ethernet;

S2、集约型主机通过Hypervisor虚拟化将SIL4、SIL2和SIL0分配到不同的CPU以及内存地址中,实现物理隔离;S2, the intensive host allocates SIL4, SIL2 and SIL0 to different CPUs and memory addresses through Hypervisor virtualization to achieve physical isolation;

S3、每辆列车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制。S3. Each train uses an intensive host to complete the vehicle-level control, and realizes the train-level control through competition and majority voting.

实施例二:在实施例一的基础上,如图1-图5所示,基于集约型车辆控制器的高度冗余的控制系统,通过交换机与终端执行器、集约型主机的以太网通信板实现TSN通信,包括设置在各个列车上的集约型主机,集约型主机采用Hypervisor虚拟化实现一个集约型主机对多个功能主机的融合;每辆车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制;设置在各个列车上的终端执行器,具备SIL4、SIL2和/或SIL0功能,且终端执行器与集约型主机之间电联接;设置在各个列车的集约型主机里的车辆子系统。Embodiment 2: On the basis of Embodiment 1, as shown in Figures 1-5, a highly redundant control system based on a centralized vehicle controller realizes TSN communication through switches, terminal actuators, and Ethernet communication boards of centralized hosts, including centralized hosts arranged on each train, and the centralized hosts use Hypervisor virtualization to realize the integration of multiple functional hosts by one centralized host; each vehicle uses a centralized host to complete vehicle-level control, and realizes train-level control through competition and majority voting; the terminal actuators arranged on each train have SIL4, SIL2 and/or SIL0 functions, and the terminal actuators are electrically connected to the centralized hosts; the vehicle subsystems are arranged in the centralized hosts of each train.

采用梯形的网络架构实现高度的冗余,采用时间敏感网络(TSN)实现数 据确定性传输,采用基于Hypervisor虚拟化的方式实现车辆控制器的集约化并采用去中心化的方式完成集约型主机和终端执行器的布置;高度集约型主机能够实现列车中各个子系统分别是:信号系统、牵引系统、制动系统、网络系统、车门系统、驾驶控制和乘客信息。The ladder network architecture is used to achieve high redundancy, and the time-sensitive network (TSN) is used to achieve data According to deterministic transmission, the hypervisor-based virtualization method is used to realize the centralization of vehicle controllers and a decentralized method is used to complete the layout of centralized hosts and terminal actuators; the highly centralized host can realize the various subsystems in the train, namely: signal system, traction system, braking system, network system, door system, driving control and passenger information.

网络接口板卡同时支持RSSP-I和TRDP通信协议进行任意两个列车主机与控制终端之间的数据传输。The network interface board supports both RSSP-I and TRDP communication protocols for data transmission between any two train hosts and control terminals.

为提高车辆的可用性,所有终端执行器上的终端接口均采用双归属接口,即当一个接口故障时可以使用另外一个接口,并且采用的每一个网口同时支持TRDP协议以及RSSP协议。To improve the availability of the vehicle, the terminal interfaces on all terminal actuators use dual-home interfaces, that is, when one interface fails, another interface can be used, and each network port used supports both TRDP and RSSP protocols.

网络架构采用梯形网络架构,实现高度的冗余,提升可靠性,并采用TSN对网络进行管理调度,实现确定性网络,确保数据传输的实时性以及确定性,重要的数据具备时间戳,并按照有限级进行传输。The network architecture adopts a ladder network architecture to achieve a high degree of redundancy and improve reliability. It also uses TSN to manage and schedule the network to achieve a deterministic network, ensuring the real-time and deterministic nature of data transmission. Important data has a timestamp and is transmitted in a limited number of levels.

集约型主机将各自对应的列车中的各个操作系统采用Hypervisor虚拟化的方式,按功能划分为SIL4、SIL2和SIL0,且SIL4、SIL2和SIL0分别位于集约型主机的操作系统中,并将不同的安全等级功能分配到不同的CPU以及内存地址中,实现物理隔离(即将车辆原有的车辆子系统进行分级,然后按照功能划分等级,然后对一个多核的处理器以及对应的内存等资源空间进行划分,实现隔离,然后再将划分好的功能放入该隔离空间,该隔离空间包括操作系统(Linux或者其他的)以及应用程序;将所有的功能进行分级,SIL4的放在一个隔离空间里;SIL2放在一个隔离空间里;SIL0放在一个隔离空间;而所有的空间均是在一个处理器中);Hypervisor虚拟化能够有效隔离SIL4、SIL2以及SIL0的功能;SIL4主要功能包括原有车载ATP的相关功能,包括列车路径规划、列车资源申请与管理、车移动授权、车门释放等;SIL2主要包括ATO与部分TCMS的功能包括:列车方向指令、列车开关门、牵引控制的逻辑、制动阀控制指令;SIL0主要包括车辆的监控功能,故障诊断功能,照明控制,空调控制等;(而目前现有技术的列车中包含多个子系统,分别是:牵引系统、 制动系统、网络系统、车门系统、空调系统、驾驶控制以及乘客信息系统;且所有的系统都有对应功能的控制单元和控制模块)。The centralized host uses Hypervisor virtualization to virtualize the operating systems in the corresponding trains, and divides them into SIL4, SIL2 and SIL0 according to their functions. SIL4, SIL2 and SIL0 are located in the operating system of the centralized host respectively, and the functions of different safety levels are allocated to different CPUs and memory addresses to achieve physical isolation (that is, the original vehicle subsystems of the vehicle are classified, and then divided into levels according to functions, and then a multi-core processor and corresponding memory and other resource spaces are divided to achieve isolation, and then the divided functions are placed in the isolation space, which includes the operating system (Linux or other) and application programs; all functions are classified, and SIL4 is placed in an isolation space. SIL2 is placed in an isolated space; SIL0 is placed in an isolated space; and all spaces are in one processor); Hypervisor virtualization can effectively isolate the functions of SIL4, SIL2 and SIL0; SIL4 main functions include the related functions of the original on-board ATP, including train path planning, train resource application and management, vehicle movement authorization, door release, etc.; SIL2 mainly includes the functions of ATO and some TCMS, including: train direction instructions, train door opening and closing, traction control logic, brake valve control instructions; SIL0 mainly includes vehicle monitoring functions, fault diagnosis functions, lighting control, air conditioning control, etc.; (The current existing technology train contains multiple subsystems, namely: traction system, Braking system, network system, door system, air conditioning system, driving control and passenger information system; and all systems have control units and control modules with corresponding functions).

列车不再提供原有的车载ATP、ATO、网络、牵引、制动、空调、照明、乘客信息等主机,而是由集约型主机完成所有功能;所有的控制指令以及状态数据通过以太网传输,列车所有的终端由具备SIL4、SIL2和/或SIL0功能的终端执行器代替,例如牵引系统终端由电机驱动器代替,制动系统终端由阀控制器代替,空调系统终端远程IO代替,列车所有的控制逻辑由集约型主机进行运算并下发指令。The train no longer provides the original on-board ATP, ATO, network, traction, braking, air conditioning, lighting, passenger information and other hosts, but all functions are completed by the intensive host; all control instructions and status data are transmitted through Ethernet, and all terminals of the train are replaced by terminal actuators with SIL4, SIL2 and/or SIL0 functions. For example, the traction system terminal is replaced by a motor driver, the braking system terminal is replaced by a valve controller, and the air conditioning system terminal is replaced by remote IO. All control logic of the train is calculated and instructions are issued by the intensive host.

如图5所示,每辆列车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制,提升了列车的可用性。例如1列车的集约型主机故障,可以通过2、3、4、5、6列车的主机进行表决确认下一个接管主机,作为整车功能的控制主机。As shown in Figure 5, each train uses a centralized host to complete the control of the train level, and realizes the control of the train level through competition and majority voting, which improves the availability of the train. For example, if the centralized host of train 1 fails, the hosts of trains 2, 3, 4, 5, and 6 can vote to confirm the next host to take over as the control host of the whole vehicle function.

每一个集约型主机都需要实时获取其他5台集约型主机的心跳以及主控信息,上电时由1列车主机首先作为主控,其他2、3、4、5、6列车作为非主控,然后每间隔一段时间依次更换一次主控,当6列车完成后交接给1列车,循环下去;某一时刻未检测到主控,等待几个周期,由具有心跳且车号最低的集约型主机,且其他心跳正常的多数集约型主机表决该集约型主机可接管时,自动接管主控。Each centralized host needs to obtain the heartbeat and master control information of the other five centralized hosts in real time. When powered on, the host of train 1 will be the master control first, and the other trains 2, 3, 4, 5, and 6 will be non-master controls. Then the master control will be replaced in turn at regular intervals. When train 6 is completed, it will be handed over to train 1, and the cycle will continue. If the master control is not detected at a certain moment, after waiting for several cycles, the centralized host with the lowest heartbeat and the lowest train number, and the majority of the other centralized hosts with normal heartbeats, will vote that the centralized host can take over, and then it will automatically take over the master control.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Although the present invention is described in detail with reference to the aforementioned embodiments, those skilled in the art can still modify the technical solutions described in the aforementioned embodiments or replace some of the technical features therein by equivalents. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection scope of the present invention.

Claims (8)

基于集约型车辆控制器的高度冗余的控制方法,其特征在于,包括如下步骤:A highly redundant control method based on an intensive vehicle controller is characterized by comprising the following steps: S1、集约型主机将各自对应的列车中的各个车辆子系统均采用Hypervisor虚拟化的方式按照控制功能分为SIL4、SIL2和SIL0,且SIL4、SIL2和SIL0分别位于集约型主机的操作系统中;S1. The centralized host uses Hypervisor virtualization to divide each vehicle subsystem in the corresponding train into SIL4, SIL2 and SIL0 according to the control function, and SIL4, SIL2 and SIL0 are respectively located in the operating system of the centralized host; 集约型主机完成列车中的各个车辆子系统的功能,操作系统中所有的控制指令以及状态数据均通过以太网传输;The centralized host completes the functions of each vehicle subsystem in the train, and all control instructions and status data in the operating system are transmitted via Ethernet; S2、集约型主机通过Hypervisor虚拟化将SIL4、SIL2和SIL0分配到不同的CPU以及内存地址中,实现物理隔离;S2, the intensive host allocates SIL4, SIL2 and SIL0 to different CPUs and memory addresses through Hypervisor virtualization to achieve physical isolation; S3、每辆列车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制。S3. Each train uses an intensive host to complete the vehicle-level control, and realizes the train-level control through competition and majority voting. 如权利要求1所述的基于集约型车辆控制器的高度冗余的控制方法,其特征在于,S1中的SIL4包括:列车路径规划、列车资源申请与管理、车移动授权和车门释放;The highly redundant control method based on the intensive vehicle controller as claimed in claim 1 is characterized in that SIL4 in S1 includes: train path planning, train resource application and management, vehicle movement authorization and door release; SIL2包括:列车方向指令、列车开关门、牵引控制的逻辑和制动阀控制指令;SIL2 includes: train direction instructions, train door opening and closing, traction control logic and brake valve control instructions; SIL0包括:车辆的监控,故障诊断,照明控制和空调控制。SIL0 includes: vehicle monitoring, fault diagnosis, lighting control and air conditioning control. 如权利要求1所述的基于集约型车辆控制器的高度冗余的控制方法,其特征在于,列车中所有的终端为具备SIL4、SIL2和/或SIL0功能的终端执行器,列车中所有的控制逻辑由集约型主机进行运算并下发指令。The highly redundant control method based on the centralized vehicle controller as described in claim 1 is characterized in that all terminals in the train are terminal actuators with SIL4, SIL2 and/or SIL0 functions, and all control logics in the train are calculated and issued by the centralized host. 基于集约型车辆控制器的高度冗余的控制系统,其特征在于,包括A highly redundant control system based on a centralized vehicle controller is characterized by including 设置在各个列车上的集约型主机,集约型主机采用Hypervisor虚拟化实现一个集约型主机对多个功能主机的融合;The centralized host installed on each train uses Hypervisor virtualization to achieve the integration of multiple functional hosts into one centralized host. 每辆车均采用一个集约型主机完成本车级别的控制,并且通过竞争与多数表决的方式实现对列车级别的控制; Each car uses a centralized host to complete car-level control, and train-level control is achieved through competition and majority voting; 设置在各个列车上的终端执行器,具备SIL4、SIL2和/或SIL0,且终端执行器与集约型主机之间电联接;The terminal actuators installed on each train have SIL4, SIL2 and/or SIL0, and the terminal actuators are electrically connected to the centralized host; 设置在各个列车的集约型主机里的车辆子系统。A vehicle subsystem installed in the centralized host computer of each train. 如权利要求4所述的基于集约型车辆控制器的高度冗余的控制系统,其特征在于,控制系统的网络架构采用梯形网络架构,且采用TSN对网络管理调度。The highly redundant control system based on the intensive vehicle controller as described in claim 4 is characterized in that the network architecture of the control system adopts a ladder network architecture and uses TSN for network management and scheduling. 如权利要求4所述的基于集约型车辆控制器的高度冗余的控制系统,其特征在于,车辆子系统包括:信号系统、牵引系统、制动系统、网络系统、车门系统、驾驶控制和/或乘客信息。The highly redundant control system based on the centralized vehicle controller as described in claim 4 is characterized in that the vehicle subsystems include: a signal system, a traction system, a braking system, a network system, a door system, driving control and/or passenger information. 如权利要求4所述的基于集约型车辆控制器的高度冗余的控制系统,其特征在于,任意两个列车集约型主机与终端之间的数据传输均是通过同时支持RSSP-I和TRDP通信协议的网络接口板卡实现的。The highly redundant control system based on the centralized vehicle controller as described in claim 4 is characterized in that the data transmission between any two train centralized hosts and terminals is realized through a network interface board that supports both RSSP-I and TRDP communication protocols. 如权利要求7所述的基于集约型车辆控制器的高度冗余的控制系统,其特征在于,终端执行器上设置有终端接口,且终端接口为双归属接口,网络接口板上的网络接口同时支持TRDP协议和RSSP协议。 The highly redundant control system based on the intensive vehicle controller as described in claim 7 is characterized in that a terminal interface is provided on the terminal executor, and the terminal interface is a dual-home interface, and the network interface on the network interface board supports both the TRDP protocol and the RSSP protocol.
PCT/CN2024/084391 2023-04-03 2024-03-28 Intensive car controller-based highly-redundant control method and control system WO2024208077A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310347062.9 2023-04-03
CN202310347062.9A CN116360244A (en) 2023-04-03 2023-04-03 Control method and control system for high redundancy based on intensive vehicle controller

Publications (1)

Publication Number Publication Date
WO2024208077A1 true WO2024208077A1 (en) 2024-10-10

Family

ID=86931207

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/084391 WO2024208077A1 (en) 2023-04-03 2024-03-28 Intensive car controller-based highly-redundant control method and control system

Country Status (2)

Country Link
CN (1) CN116360244A (en)
WO (1) WO2024208077A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116360244A (en) * 2023-04-03 2023-06-30 中车南京浦镇车辆有限公司 Control method and control system for high redundancy based on intensive vehicle controller
CN118337820B (en) * 2024-04-26 2025-03-18 南京康尼机电股份有限公司 Rail transit door control system and control method

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090260006A1 (en) * 2008-04-09 2009-10-15 Jonathan Nicholas Hotra Virtualizing Embedded Systems
CN112327799A (en) * 2020-10-26 2021-02-05 中车唐山机车车辆有限公司 Train network controller and system
CN113568713A (en) * 2021-09-22 2021-10-29 国汽智控(北京)科技有限公司 Data processing method, device, equipment and product based on automatic driving system
CN113682347A (en) * 2021-08-31 2021-11-23 株洲中车时代电气股份有限公司 Train control and management system and train system
CN113771915A (en) * 2021-09-28 2021-12-10 中国铁道科学研究院集团有限公司 Train fusion control system and method
CN113992308A (en) * 2021-11-17 2022-01-28 中国铁道科学研究院集团有限公司 Motor train unit control system fusion framework
CN114872756A (en) * 2022-04-28 2022-08-09 交控科技股份有限公司 Fusion control system and method applied to rail vehicle
CN114968475A (en) * 2022-04-11 2022-08-30 奥特酷智能科技(南京)有限公司 Vehicle-mounted domain control system redundancy design architecture based on virtualization live migration
CN116360244A (en) * 2023-04-03 2023-06-30 中车南京浦镇车辆有限公司 Control method and control system for high redundancy based on intensive vehicle controller

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090260006A1 (en) * 2008-04-09 2009-10-15 Jonathan Nicholas Hotra Virtualizing Embedded Systems
CN112327799A (en) * 2020-10-26 2021-02-05 中车唐山机车车辆有限公司 Train network controller and system
CN113682347A (en) * 2021-08-31 2021-11-23 株洲中车时代电气股份有限公司 Train control and management system and train system
CN113568713A (en) * 2021-09-22 2021-10-29 国汽智控(北京)科技有限公司 Data processing method, device, equipment and product based on automatic driving system
CN113771915A (en) * 2021-09-28 2021-12-10 中国铁道科学研究院集团有限公司 Train fusion control system and method
CN113992308A (en) * 2021-11-17 2022-01-28 中国铁道科学研究院集团有限公司 Motor train unit control system fusion framework
CN114968475A (en) * 2022-04-11 2022-08-30 奥特酷智能科技(南京)有限公司 Vehicle-mounted domain control system redundancy design architecture based on virtualization live migration
CN114872756A (en) * 2022-04-28 2022-08-09 交控科技股份有限公司 Fusion control system and method applied to rail vehicle
CN116360244A (en) * 2023-04-03 2023-06-30 中车南京浦镇车辆有限公司 Control method and control system for high redundancy based on intensive vehicle controller

Also Published As

Publication number Publication date
CN116360244A (en) 2023-06-30

Similar Documents

Publication Publication Date Title
WO2024208077A1 (en) Intensive car controller-based highly-redundant control method and control system
CN110920696A (en) Rail transit train control system
CN112327799B (en) Train network controller and system
CN105365850B (en) Tramcar network control system
US11151076B2 (en) Vehicle control system verification device, vehicle control system, and vehicle control system verification method
CN111776013A (en) A train autonomous control system and method based on train-to-vehicle communication
CN110361979A (en) A kind of safety computer platform in railway signal field
EP2374714A2 (en) Distributed fly-by-wire system
CN211519529U (en) Rail transit train control system
CN111874048A (en) Centralized control urban rail CBTC signal system
CN102001348A (en) Realization method based on CPCI bus technology of dual module hot spare system switching
CN104363168A (en) Locomotive mounted general data communication gateway
CN114872756B (en) Fusion control system and control method applied to rail vehicles
CN113665630B (en) VOBC and TCMS integrated train control equipment
CN109947579A (en) Rail vehicle general network controller platform and control method
CN112327686A (en) Advanced airplane cabin door centralized management system
CN113168134A (en) Aircraft integrated multi-system electronic architecture
CN110758489A (en) Automatic protection system of train
CN113157499A (en) Safe computer platform based on cloud computing
CN120112872A (en) Dual control system and method for operating an autonomous vehicle
CN113992308A (en) Motor train unit control system fusion framework
Chang et al. Architecture Design and Reliability Evaluation of a Novel Software-Defined Train Control System
WO2019063351A1 (en) Integrated brake control system and method for rail vehicles
Chen et al. A newly developed safety-critical computer system for China metro
Ning et al. Fault-diagnosis in a new train overspeed protection system based on multi-microprocessors and distributed configuration

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24784162

Country of ref document: EP

Kind code of ref document: A1