CN-116430827-B - Fault-tolerant verification system and method supporting software and hardware fault injection and voting

Abstract

A fault-tolerant verification system supporting software and hardware fault injection and voting comprises fault injection management software, a power management module, fault injection equipment, simulation equipment and entity equipment. The fault-tolerant verification method supporting the injection and voting of the software and hardware faults carries out the fault-tolerant verification of the injection and voting of the faults by the aid of the system. And establishing a proper fault model, and simultaneously ensuring that the fault of the verification system cannot damage real equipment.

Inventors

• WANG HONGXIA
• LIU HONGJIN
• ZHANG SHAOLIN
• LI BIN
• FU BAOLING
• MOU NING
• WANG XIAOBO
• MA YUANHANG
• CAO JING

Assignees

• 北京轩宇空间科技有限公司

Dates

Publication Date

20260508

Application Date

20230407

Claims (6)

1. 1. A fault-tolerant verification method supporting software and hardware fault injection and voting is characterized in that a verification system comprises fault injection management software, a power management module, fault injection equipment, simulation equipment and entity equipment; the fault injection management software controls the power supply on the fault injection equipment, the simulation equipment and the entity equipment through the power supply management module; the fault injection management software sends a fault instruction to the fault injection equipment; The fault injection management software receives and processes the output result of the entity equipment or the simulation equipment acquired by the fault injection equipment after fault injection, compares and analyzes the prejudgment result of the fault injection equipment, and stores the comparison result into the database; The fault injection device injects hardware faults into the simulation device or the entity device through the IO data cable, and injects software faults into the simulation device or the entity device through the bus data cable; The power supply management module is used for power supply and power supply control of the fault injection equipment, the anti-true equipment and the entity equipment; the simulation equipment can partially/completely realize the functions of the entity equipment so as to replace the entity equipment by the simulation equipment for fault injection test; The entity equipment is main equipment for fault injection and test; Wherein, the The fault injection device comprises a fault injection and voting plate and an interface plate which are inserted into the industrial control cabinet, and the fault injection and voting plate and the interface plate are inserted into the industrial control cabinet in the form of PCIe (peripheral component interconnect express) board cards; Hardware simulation injection of single machine faults, communication faults and circuit faults in the entity equipment or simulation equipment and bus state grabbing are realized, and fault injection control of a physical layer and a protocol layer is supported; The hardware part of the fault injection equipment is responsible for OC instruction signal output and state acquisition of the entity equipment; hardware simulation injection of single machine hardware faults, bus load abnormal faults and circuit faults can be realized; the software part of the fault injection equipment controls the configuration and generation of the fault ordered output and the fault mode; software simulation injection of single machine software faults and communication data faults can be realized; The fault injection and voting board generates three-machine exchange and voting logic through the SRAM type FPGA, and injects faults through the on-board SoC processor; the fault injection and voting plate includes: the fault injection main control module runs in the on-board SoC processor and controls fault injection and comparison of test results according to test requirements; The switching logic module comprises switching fault injection and three-machine switching logic, wherein specific faults are injected into the three-machine switching logic according to the three-machine switching protocol to realize fault injection of a protocol and a physical layer and simulate the faults of three-machine switching; the voting logic module comprises voting fault injection and three-machine voting logic, wherein the three-machine voting circuit is used for implementing fault injection of a physical layer, simulating the fault of the voting interface circuit and the voting logic fault, generating corresponding fault modes and injecting the corresponding fault modes into the FPGA; the voting execution module comprises an injection software generation module, an injection result comparison module and a voting execution equivalent device; The injection software generating module generates a fault injection vector according to the verification requirement so as to trigger the kernel to simulate the single machine fault; The voting execution module receives information required by three-machine judgment, and outputs a voting control right and a clock source switching control signal by a remote control terminal OC instruction module of the interface board so as to realize the output of a simulation voting right and the acquisition and calculation of the decision data; Comparing and preprocessing the injection result comparison module to the pre-judging result of the fault injection equipment; The method comprises the following steps: The fault injection management software sends a fault instruction to a fault injection main control module in the fault injection equipment; The switching logic module and the voting logic module in the fault injection equipment receive a fault instruction sent by the fault injection main control module; The exchange logic module injects the faults of the protocol and the physical layer into the three-machine exchange logic according to the three-machine exchange protocol specification, and simulates the faults of the three-machine exchange; The voting logic module performs fault injection of a physical layer in the three-machine voting circuit, simulates the fault of the voting interface circuit and the voting logic fault, and generates a corresponding fault mode; The voting execution module obtains the fault of the three-machine exchange simulated by the exchange logic module, the interface circuit fault simulated and voted by the voting logic module, the voting logic fault and the corresponding fault mode; The injection software generating module in the voting executing module generates a fault injection vector according to the verification requirement to trigger the kernel to simulate a single machine fault and generate fault software of three independent CPUs, and the three independent CPUs are injected with the software through the monitoring port to realize the control of the three CPUs, so that any one of the three CPUs is subjected to fault injection; The voting executing equivalent device in the voting executing module receives the information required by the three-machine judgment, and the remote control terminal module of the interface board outputs the voting control right and the clock source switching control signal so as to realize the output of the simulation voting right and the acquisition and calculation of the data of the decision.
2. 2. The fault-tolerant verification method supporting software and hardware fault injection and voting according to claim 1, wherein the fault injection management software adopts a relational database, and the data of the fault injection process to the fault injection equipment is saved through the relational database, and the data comprise fault definition, fault implementation execution, fault comparison and fault result analysis.
3. 3. The fault-tolerant verification method supporting software and hardware fault injection and voting according to claim 1, wherein the hardware fault injection in the fault injection device comprises power supply short circuit, ground short circuit, open circuit, short circuit between two signals, connection loosening and leakage fault simulated by fault injection and voting board and interface board injection.
4. 4. The fault-tolerant verification method supporting software and hardware fault injection and voting according to claim 1, wherein the software fault injection in the fault injection device comprises simulating and injecting faults of a physical layer, a protocol layer and a software layer of a bus to the entity device or the simulation device, including but not limited to checking class, word length and word interval faults in the process of simulating bus transmission.
5. 5. The fault-tolerant verification method supporting software and hardware fault injection and voting according to claim 1, wherein the entity device is a standard three-machine thermal fault-tolerant structure; The entity equipment comprises three identical single machines, three power boards and a second interface board, wherein the power boards are respectively connected with the single machines, the single machines are connected to the second interface board, and the second interface board is connected to the fault injection equipment.
6. 6. The fault-tolerant verification method supporting software and hardware fault injection and voting according to claim 1, wherein the simulation device simulates an input/output interface of the entity device, and the simulation device comprises an industrial personal computer power supply, an industrial personal computer board, a 1553B bus interface, an RS422 interface, an LVDS interface and an OC interface.

Description

Fault-tolerant verification system and method supporting software and hardware fault injection and voting Technical Field The invention relates to the field of fault-tolerant system design, in particular to a fault-tolerant verification system and method supporting software and hardware fault injection and voting. Background The fault injection verification system is an important functional module of the simulation platform, and can artificially introduce faults into a target system by adopting a certain strategy according to a pre-selected fault model, and provide required qualitative and quantitative evaluation results by observing and analyzing the behaviors of the system under the injected fault condition. The implementation process of fault injection relates to a plurality of links of a control system, is tightly coupled with the design, has more cross-professional fields, is a very complex process, and needs to adopt a plurality of technical means to realize fault simulation of different types from different angles. In the development of control systems, it is critical to test the design and execution of all system functions. The design needs to consider not only the normal state of the system but also various abnormal states. Under the conditions of model acquisition, control law design and control parameter diagnosis, how to ensure that the performance of the controller is kept stable under the conditions of changing the external environment or the using working condition, the controller works normally when sudden general faults occur, the acceptable performance degradation of a user can be kept when sudden serious faults occur, and fault injection is needed to be simulated and solved in a simulation verification link in the development process, so that the reliability is improved. Namely, the research on the control timing and control performance robustness of the control loop is promoted. The current fault injection verification system mainly simulates hardware fault injection by software, comprises verification of electric signal faults and bus faults, simulates partial fault conditions by changing controller software, has insufficient fault condition simulation, is not systematic, seriously depends on experience level of development personnel, and cannot simulate real hardware fault injection. Disclosure of Invention The invention provides a fault-tolerant verification system and a fault-tolerant verification method supporting software and hardware fault injection and voting, which are used for solving the defects of the prior art, establishing a proper fault model and ensuring that the fault of the verification system cannot damage real equipment. In order to achieve the object of the present invention, the following techniques are proposed: the invention provides a fault-tolerant verification system supporting software and hardware fault injection and voting, which comprises fault injection management software, a power management module, fault injection equipment, simulation equipment and entity equipment; the fault injection management software controls the power supply on the fault injection equipment, the simulation equipment and the entity equipment through the power supply management module; the fault injection management software sends a fault instruction to the fault injection equipment; The fault injection management software receives and processes the output result of the entity equipment or the simulation equipment acquired by the fault injection equipment after fault injection, compares and analyzes the prejudgment result of the fault injection equipment, and stores the comparison result into the database; The fault injection device injects hardware faults into the simulation device or the entity device through the IO data cable, and injects software faults into the simulation device or the entity device through the bus data cable; The power supply management module is used for power supply and power supply control of the fault injection equipment, the anti-true equipment and the entity equipment; the simulation equipment can partially/completely realize the functions of the entity equipment so as to replace the entity equipment by the simulation equipment for fault injection test; The entity equipment is the main equipment for fault injection and testing. Further, the fault injection management software adopts a relational database, and data of the fault injection process of the fault injection equipment is saved through the relational database, wherein the data comprise fault definition, fault implementation execution, fault comparison and fault result analysis. Further, the fault injection equipment comprises a fault injection and voting plate and an interface plate which are inserted into the industrial control cabinet, and the fault injection and voting plate and the interface plate are inserted into the industrial control cabinet in a PCIe board card mode; Hardware simulation