Apparatus having fault diagnosis and localization functions, and design method, medium and device

By designing a device with fault diagnosis and location functions in the rail transit signaling system, the problem of fault diagnosis and location in the 24-hour uninterrupted operation of the equipment was solved, realizing rapid and accurate fault location and improving the safety and reliability of the equipment.

WO2026129850A1PCT designated stage Publication Date: 2026-06-25CASCO SIGNAL LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
CASCO SIGNAL LTD
Filing Date
2025-10-22
Publication Date
2026-06-25

AI Technical Summary

Technical Problem

In rail transit signaling systems, existing technologies struggle to achieve 24/7 uninterrupted fault diagnosis and location, resulting in insufficient equipment maintainability, fault detectability, and status monitoring, which in turn affects the safety and reliability of the equipment.

Method used

A device design method with fault diagnosis and location functions is adopted, including functional module division, fault diagnosis and location mechanism design, and safety assurance module. Through DFMEA and PFMEA analysis, combined with white-box, functional, accelerated and type testing, the design process is optimized to ensure the comprehensiveness and accuracy of fault diagnosis.

Benefits of technology

It enables rapid and accurate fault location, improves equipment operating efficiency and reliability, ensures equipment safety and maintainability, and enhances production efficiency and product quality.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025129306_25062026_PF_FP_ABST
    Figure CN2025129306_25062026_PF_FP_ABST
Patent Text Reader

Abstract

An apparatus having fault diagnosis and localization functions and a design method therefor, and a computer-readable storage medium and an electronic device. The design method comprises: determining functions that an apparatus is required to implement, and designing functional modules; determining fault diagnosis and localization schemes for the functional modules of the apparatus and selected components, and designing fault diagnosis and localization mechanisms; designing a safety assurance module; packaging the apparatus into a finished product; and performing white-box testing, functional testing, acceleration testing and type testing on the finished apparatus product; and when the finished apparatus product fails to pass all tests, separately feeding back test results of the tests, and performing optimization and the next round of iteration until the finished apparatus product passes all the tests. By means of introducing PFMEA into a production process, conventional fault diagnosis methods simply based on DFMEA at a design stage are overcome, thereby ensuring the safety of devices.
Need to check novelty before this filing date? Find Prior Art

Description

Devices, design methods, media, and equipment with fault diagnosis and location functions Technical Field

[0001] This invention relates to the field of fault handling technology for rail transit systems, and specifically to a device, design method, medium, and equipment with fault diagnosis and location functions. Background Technology

[0002] The internal structure of a rail transit signaling system is highly complex, primarily consisting of onboard signaling equipment and trackside signaling equipment. Onboard signaling equipment is installed on the vehicles to control their daily safe operation, while trackside signaling equipment is installed in signal towers or machine rooms located relatively far from the tracks, or in locations closer to the tracks (e.g., within 1 to 3 meters). The onboard and trackside equipment communicate in real time to jointly ensure the safety, reliability, punctuality, and comfort of the trains.

[0003] Nowadays, an increasing number of signaling devices in rail transit systems require 24-hour uninterrupted operation. This places high demands on the uninterrupted operation, maintainability, fault detectability, and status monitoring of these devices. Therefore, designing a device with fault diagnosis and location functions is an urgent problem to be solved.

[0004] It is understood that the above statements only provide background information related to the present invention and do not necessarily constitute prior art. Summary of the Invention

[0005] The purpose of this invention is to provide a device, design method, medium, and equipment with fault diagnosis and location functions, ensuring the maintainability, fault detectability, status monitoring, safety, and reliability of the equipment during operation.

[0006] To achieve the above objectives, the present invention provides a design method for a device with fault diagnosis and location functions, comprising the following steps: S1, determining the functions to be implemented by the device and designing functional modules; S2, determining fault diagnosis and location schemes for the functional modules and selected components of the device, and designing fault diagnosis and location mechanisms; S3, designing a safety assurance module; S4, packaging the device into a finished product; S5, conducting white-box testing, functional testing, accelerated testing, and type testing on the finished product of the device. If not all tests pass, the test results of each test are fed back to S1 and S2 respectively to optimize the next iteration, until all white-box testing, functional testing, accelerated testing, and type testing pass.

[0007] Preferably, in step S2, a fault diagnosis and location scheme is planned according to the specific function of the device, including: hierarchical division of the object being diagnosed, independence of the diagnostic method, and ensuring that the failure of the diagnostic design should not affect the function of the device.

[0008] Preferably, the hierarchical division of the object being diagnosed includes: functional module level and component level; wherein, the functional module level refers to the functional module in S1, and the component level refers to the component that needs to be selected when implementing the functional module.

[0009] Preferably, the design of the fault diagnosis and location mechanism specifically includes the following steps: S21, using methods in the fault diagnosis experience base to realize the fault diagnosis and location requirements of some functional modules and selected components in the device; S22, performing DFMEA analysis on the device; S23, performing PFMEA analysis on the device; S24, designing a corresponding fault diagnosis and location mechanism based on the analysis results of S22 and S23.

[0010] Preferably, in S22, the specific aspects of performing DFMEA analysis on the device include: failure mode, device failure rate, failure occurrence rate, failure severity, and failure detectability.

[0011] Preferably, a corresponding risk matrix is ​​established based on the degree of failure occurrence and the severity of failure to obtain the failure tolerance, including: unacceptable failure, undesirable failure, acceptable failure and negligible failure; wherein, for failures with a failure tolerance of unacceptable failure, undesirable failure and acceptable failure, a failure diagnosis and location mechanism is designed; for negligible failure, no failure diagnosis and location mechanism is adopted.

[0012] Preferably, the fault tolerance also needs to take safety factors into account. For faults that are negligible in affecting safety functions, fault diagnosis and location mechanisms should be adopted to deal with the faults in a timely manner.

[0013] Preferably, in S23, the specific aspects of performing PFMEA analysis on the device include: failure mode, potential impact of failure, failure occurrence rate, failure severity, and failure detectability.

[0014] Preferably, the Risk Priority Number (RPN) is calculated as: Fault Severity × Fault Occurrence × Fault Detectability. If the current RPN value is greater than the set RPN threshold, a fault diagnosis and location mechanism must be implemented to address the fault promptly until the current RPN value is reduced to below the set RPN threshold.

[0015] Preferably, the RPN also needs to consider safety factors. For RPN values ​​below the RPN threshold that affect safety functions, a fault diagnosis and location mechanism should be adopted to handle the fault in a timely manner.

[0016] Preferably, in S5, the white-box testing will test the functional module level and device level of the device, including: fault injection, hardware consistency, signal integrity, and power integrity, and issue a test report after the test is completed.

[0017] Preferably, in S5, the functional test is a black-box test, which involves applying an excitation or fault to the input of the device and testing whether the output result meets the expected value, thereby determining at the functional module level whether the device can correctly diagnose the fault.

[0018] Preferably, in S5, the accelerated test includes: High Accelerated Life Test (HALT) and Mean Time Between Failures (MTBF) test.

[0019] Preferably, the HALT test accelerates the aging process under extreme environmental conditions to obtain the product's operating limit and destructive limit, generates a factor λf1 that affects the device failure rate, and outputs a factor λs1 that affects the severity of the failure.

[0020] Preferably, the MTBF test evaluates the average operating time of the product between two adjacent failures and outputs a factor λf2 that affects the device failure rate and a factor λs2 that affects the failure severity; the calculation formula for λf2 is: MTBF=1 / λf2, where MTBF is the MTBF test result.

[0021] Preferably, the factors λf that ultimately affect the device failure rate and λs that ultimately affect the fault severity in the accelerated test are λf=max{λf1,λf2} and λs=max{λs1,λs2}, respectively.

[0022] The present invention also provides a device with fault diagnosis and location functions, designed using the above-mentioned design method for a device with fault diagnosis and location functions, comprising: a functional module that implements the required functions of the device; a fault diagnosis and location module that is connected to the functional module and the components constituting the functional module, respectively, for detecting whether the functional module has malfunctioned and determining the specific location when the functional module malfunctions; and a safety assurance module that is connected to the functional module and the fault diagnosis and location module, respectively, for ensuring the safety of the device.

[0023] The present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, it implements the above-described design method for a device with fault diagnosis and location functions.

[0024] The present invention also provides an electronic device, including a processor and a memory, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, it implements the above-described design method of the device with fault diagnosis and location functions.

[0025] In summary, compared with the prior art, the present invention provides a device, design method, medium, and equipment with fault diagnosis and location functions, which has at least the following beneficial effects:

[0026] (1) This invention innovatively introduces PFMEA analysis of the production process, breaking the traditional method of fault diagnosis based only on DFMEA analysis in the design stage, making the fault diagnosis more comprehensive, thereby discovering and solving potential problems that may lead to production interruption or product quality issues in advance, and greatly improving production efficiency and product quality.

[0027] (2) At the system level, the present invention comprehensively plans the design process of fault diagnosis, ensuring that the design verification process is fully implemented, and also focuses on the continuous optimization of fault diagnosis design, striving to continuously improve the accuracy and efficiency of diagnosis in practical applications.

[0028] (3) The present invention can quickly and accurately locate the fault point, thereby shortening the maintenance time and improving the operating efficiency and reliability of the equipment;

[0029] (4) Priority was given to the safety function attributes of the equipment, and respect for the safety red line of rail transit products was practiced to ensure the safety of the equipment. Attached Figure Description

[0030] Figure 1 is a flowchart of a design method for a device with fault diagnosis and location functions according to the present invention;

[0031] Figure 2 is a schematic diagram of the risk matrix in this invention;

[0032] Figure 3 is a schematic diagram of an embodiment of the two-zone two-security computing device of the present invention. Detailed Implementation

[0033] The present invention will be further described below with reference to Figures 1 to 3, by providing a detailed description of a preferred embodiment.

[0034] It should be noted that the accompanying drawings are in a very simplified form and use non-precise proportions. They are only used to facilitate and clarify the purpose of illustrating the embodiments of the present invention, and are not intended to limit the implementation conditions of the present invention. Therefore, they have no substantial technical significance. Any modifications to the structure, changes in the proportional relationship, or adjustments to the size should still fall within the scope of the technical content disclosed in the present invention, provided that they do not affect the effects and objectives that the present invention can produce.

[0035] It should be noted that, in this invention, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only the expressly listed elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus.

[0036] As shown in Figure 1, the present invention provides a design method for a device with fault diagnosis and location functions, comprising the following steps:

[0037] S1. Determine the functions that the device needs to perform and design the functional modules;

[0038] S2. Determine fault diagnosis and location schemes for the functional modules and selected components of the device, and design fault diagnosis and location mechanisms.

[0039] S3. Design a security assurance module;

[0040] S4. Package the device into a finished product;

[0041] S5. Perform white-box testing, functional testing, accelerated testing, and type testing on the finished product of the device. If not all tests pass, the test results of each test are fed back to S1 and S2 respectively to optimize the next iteration until all white-box testing, functional testing, accelerated testing, and type testing are passed.

[0042] Furthermore, in S2, a fault diagnosis and location scheme needs to be planned according to the specific function of the device. The points to be considered include: the hierarchical division of the object being diagnosed (functional module level, device level), the independence of the diagnostic method, and ensuring that the diagnosis of design failures should not affect the function of the device. It can be understood that the hierarchical level of the object being diagnosed includes the functional module level and the device level. The functional module level refers to the functional module described in S1, while the device level refers to the electronic components that need to be selected to implement the functional module.

[0043] More specifically, in planning fault diagnosis and location schemes, determining the fault diagnosis points at the functional module level and the device level is crucial. Diagnosing and locating faults at the functional module level requires starting from the module's function, fully understanding the impact of functional failure at that level, and what the expected signal value is at different functional points. If the actual output signal value at a certain functional point does not match the expected output signal value, it indicates a fault at that functional point. Diagnosing and locating faults at the device level requires prioritizing functional chips with built-in fault alarms, fault feedback, fault status displays, and communication interfaces during component selection. Furthermore, fault discrimination design must be combined with circuit functionality to embed fault diagnosis points. Each diagnosis point should have a linear or fixed expected output value. If the actual output value at a diagnosis point does not match the expected output value, it indicates a fault at that diagnosis point. This achieves device-level fault diagnosis, making the device's fault diagnosis and location capabilities more accurate.

[0044] Furthermore, in S2, the design of the fault diagnosis and location mechanism specifically includes the following steps:

[0045] S21. Based on existing experience, directly utilize the methods in the fault diagnosis experience database to realize the fault diagnosis and location requirements of some functional modules and selected components in the device.

[0046] S22. Perform Design Failure Mode and Effects Analysis (DFMEA) on the device.

[0047] S23. Perform Process Failure Mode and Effects Analysis (PFMEA) on the device.

[0048] S24. Based on the analysis results of S22 and S23, design a corresponding fault diagnosis and location mechanism.

[0049] It is understandable that in S21, directly referencing the fault diagnosis and location methods in the fault diagnosis experience library can effectively improve design efficiency and reduce the workload of subsequent testing and safety verification. However, since the methods in the fault diagnosis experience library cannot fully cover all functional modules of the newly designed device and the fault diagnosis and location requirements of the selected devices, they can only achieve fault diagnosis and location of some functional modules and some selected devices.

[0050] Furthermore, in S22, the device needs to undergo DFMEA analysis at the functional module level and device level, considering aspects such as failure mode, device failure rate, failure occurrence rate, failure severity, and failure detectability, and corresponding fault diagnosis and location mechanisms need to be designed.

[0051] Specifically, as shown in Figure 2, which is a schematic diagram of the risk matrix in this invention, a corresponding risk matrix is ​​established based on the degree of failure occurrence and the severity of failure, and the failure tolerance is obtained. Then, corresponding measures are taken according to the degree of acceptance of the failure tolerance. For failures with a failure tolerance of unacceptable (D), undesirable (C), or acceptable (B), the design of a failure diagnosis and location mechanism needs to be considered; while for negligible failures (A), no failure diagnosis and location mechanism is required.

[0052] However, it's important to note that for negligible faults—those that don't affect normal functionality, such as indicator lights on the panel or functions required during the device's development and debugging—forcibly adding fault diagnosis would increase manpower and material costs. However, in the rail transit field, fault severity must also consider safety factors (Severity, S). Therefore, even if the fault occurrence rate is low, if functional failure affects safety, the final result is unacceptable. Measures need to be taken to eliminate such impacts, namely, implementing effective fault diagnosis and location mechanisms to accurately pinpoint fault points at the functional module or device level. Then, when functional failure occurs, the fault point should be detected and addressed promptly to ensure that such faults lead to safety and do not create safety hazards.

[0053] Furthermore, in S23, a PFMEA analysis of the device is performed at the functional module and device levels, considering aspects such as failure mode, potential impact, occurrence rate, severity, and detectability, and a corresponding fault diagnosis and localization mechanism is designed. Specifically, in the PFMEA analysis, generally, the Risk Priority Number (RPN) = Fault Severity × Fault Occurrence Rate × Fault Detectability. The current RPN value is then compared with a set RPN threshold Rth to determine which fault diagnosis and localization mechanism should be used. In this embodiment, the RPN threshold Rth can be set to 125. If the calculated current RPN value is greater than 125, corresponding measures must be taken to reduce the current RPN value below 125; a larger RPN value indicates a greater failure risk. However, in the field of rail transit, we should not only look at the size of the RPN value, but also consider the safety factor S. Even if the RPN value is very low, if the failure affects the safety function, it is ultimately unacceptable. We need to take measures to eliminate this impact, that is, to adopt a practical and effective fault diagnosis and location mechanism to accurately locate the fault point at the functional module level or device level. Then, when the function fails, the fault point should be detected and dealt with in a timely manner so that such faults can lead to safety and do not create safety hazards.

[0054] It should be noted that PFMEA analysis is performed because components may be damaged or fail during the production process, especially those related to safety functions. Specifically, this could be due to incorrect component placement, excessively high soldering temperatures, or pin damage during component pretreatment. Therefore, a comprehensive PFMEA analysis is necessary, along with the design of corresponding fault diagnosis and location mechanisms to eliminate potential hazards.

[0055] Furthermore, in S3, the safety assurance module is used to ensure that the device can operate safely and continuously while performing its functions and fault diagnosis.

[0056] Furthermore, in S5, during white-box testing, tests are performed at the functional module and device levels, specifically including fault injection, hardware consistency, signal integrity, and power integrity tests. A test report is generated upon completion, containing information on missed diagnoses, inaccurate fault location, and erroneous diagnoses found in the fault diagnosis and localization mechanism design. This test report is then fed back to S1 and S2 to optimize the next iteration.

[0057] Furthermore, in S5, the functional test is a black-box test. By applying an excitation or fault to the input of the device, and then testing whether the output result meets the expected value, the device can be correctly diagnosed at the functional module level. The test results are then fed back to S1 and S2 to optimize the next iteration.

[0058] Specifically, white-box testing, also known as structural testing or transparent box testing, allows the tester to examine the internal structure and logic of the device under test. Black-box testing, also known as functional testing, treats the device as a black box that cannot be opened, disregarding its internal structure and characteristics, focusing only on the device's functionality, and verifying the device's correctness by inputting data and checking the output results.

[0059] Furthermore, in S5, the accelerated testing includes: Highly Accelerated Life Testing (HALT) testing and Mean Time Between Failure (MTBF) testing.

[0060] Furthermore, the HALT test accelerates the aging process under extreme environmental conditions to obtain the product's operating limits and destructive limits, thereby identifying the product's weaknesses and design flaws. Through the HALT test, defects not detected by the white-box and black-box tests can be identified, generating a factor λf1 that affects the device failure rate, and outputting a factor λs1 that affects the fault severity.

[0061] The value of the factor λf1, which affects the device failure rate, is related to the number of samples tested in the HALT test and the frequency of failures at the same fault point. In the HALT test of this embodiment, when the number of samples tested is ≥4 and the device function does not fail, then λf1≤1, meaning the device failure rate is acceptable or considered for reduction; when the number of samples tested is <4 and a certain function of the device fails more than twice, then λf1>1, meaning the failure rate of the faulty device is questionable and can be considered for increase.

[0062] The value of factor λs1, which affects the severity of the fault, can be adjusted based on the results of the HALT test. When the consequences of a device fault are less than expected, λs1 ≤ 1, meaning the consequences are less severe than anticipated, and the severity level can be reduced or left unchanged. When the consequences of a device fault are greater than expected, λs1 > 1, meaning the consequences are more severe than expected, and the severity level should be increased. Therefore, in the next iteration of optimization, the risk matrix is ​​adjusted based on factors λf1 and λs1, thereby adjusting the design of the fault diagnosis and localization mechanism. In other words, in this embodiment, when performing HALT test analysis, if the severity of a certain fault in the device is acceptable (fault B), but the test reveals that the actual consequences of this fault are undesirable (fault C), then λs1 > 1. Conversely, if the test reveals that the actual consequences of this fault are negligible (fault A), then λs1 ≤ 1.

[0063] Furthermore, the MTBF test is an important indicator for evaluating product reliability, assessing the average operating time of the product between two consecutive failures, and outputting the factor λf2 that affects the device failure rate and the factor λs2 that affects the failure severity.

[0064] Among them, the value of MTBF is strongly correlated with the device failure rate, and the specific formula is MTBF=1 / λf2 (where λf2 is the failure rate). Therefore, the factor λf2 can be determined based on the MTBF value; and the factor λs2 that affects the severity of the fault is determined in the same way as λs1.

[0065] Furthermore, after completing the HALT and MTBF tests, the values ​​of the factors λf and λs that ultimately affect the device failure rate and the fault severity, respectively, can be determined based on the HALT and MTBF test results, where λf = max{λf1, λf2} and λs = max{λs1, λs2}. However, it should be noted that since the MTBF value is strongly correlated with the device failure rate, if λf1 > λf2, the value of λf needs to be determined based on the actual situation. Finally, the obtained factors λf and λs are fed back into S1 and S2 to optimize the next iteration.

[0066] Furthermore, in S5, the type test is an industry standard test, that is, through third-party certification, to test whether the product meets the functional requirements to be achieved, and whether it has the function of fault diagnosis and location, and the test report is fed back to S1 and S2 to optimize the next iteration.

[0067] It is understandable that after completing the white-box testing, functional testing, acceleration testing, and type testing, if the device passes all of the above tests, the device design is complete and can be put into production; if the device fails any of the above tests, the test results are fed back to S1 and S2 to optimize the next iteration and carry out a new round of design.

[0068] The present invention also provides a device with fault diagnosis and location functions, designed using the above-described design method for a device with fault diagnosis and location functions, comprising: a functional module that implements the required functions of the device; a fault diagnosis and location module connected to the functional module and the components constituting the functional module, respectively, to detect whether the functional module has malfunctioned and to determine the specific location when the functional module malfunctions; and a safety assurance module connected to the functional module and the fault diagnosis and location module, respectively, to ensure the safety of the device.

[0069] In a preferred embodiment of the present invention, as shown in FIG3, taking the design of a two-out-of-two secure computing device with fault diagnosis and location functions, and the fault diagnosis of chip temperature and voltage as an example, the specific steps include:

[0070] First, the device is identified as a 2-out-of-2 secure computing device, performing 2-out-of-2 secure computation. The device's functional modules include two FPGA modules and two CPU modules, respectively located in channel A and channel B systems. Each channel system contains one FPGA module and one CPU module. Channel A includes FPGA1 and CPU1, while channel B includes FPGA2 and CPU2. CPU1 and CPU2 are communicatively connected, as are FPGA1 and FPGA2. Furthermore, FPGA1 and CPU1, and FPGA2 and CPU2, are also communicatively connected. In this embodiment, this can be achieved via a Localbus bus, PCIe bus, or other methods, but is not limited to these two.

[0071] Secondly, based on existing experience, methods from the fault diagnosis experience base are used to match the circuit design, and after matching, the independence of fault diagnosis and location mechanisms is considered.

[0072] Furthermore, in the voltage diagnostic design, due to the possibility of sudden voltage changes, if the voltage of each CPU is abnormal, the CPU's ability to process voltage detection values ​​will be unreliable. Therefore, the voltage detection values ​​of each CPU cannot be directly sent back to the CPU for processing; they need to be detected by an independent detection device. Taking the A-channel system as an example, voltage diagnostic unit A1 and voltage diagnostic unit A2 are designed accordingly. Voltage diagnostic unit A1 is connected to both CPU1 and FPGA1, diagnosing the voltage of CPU1 and feeding back the diagnostic information to FPGA1. Voltage diagnostic unit A2 is connected to both CPU1 and FPGA1, diagnosing the voltage of FPGA1 and feeding back the diagnostic information to CPU1. FPGA1 obtains the value fed back by voltage diagnostic unit A1 to confirm whether the power supply voltage of CPU1 is normal. If the voltage is normal, FPGA1 does not perform any abnormality processing and only transmits the status to the upper layer. If the voltage is abnormal, FPGA1 will promptly alarm the upper layer, and the upper layer will handle the abnormality to avoid safety issues caused by the unreliable operation of CPU1 itself. Similarly, the voltage detection of each FPGA is also handled in the same way.

[0073] Furthermore, in the temperature diagnostic design, since temperature change is a process and there will be no sudden voltage change, and the CPU temperature is higher than the FPGA temperature, only the temperature of each CPU needs to be detected. Therefore, temperature diagnostic unit 1 and temperature diagnostic unit 2 are designed in channel A and channel B respectively. Temperature diagnostic unit 1 diagnoses the temperature of CPU 1 and feeds back the diagnostic information to CPU 2, and temperature diagnostic unit 2 diagnoses the temperature of CPU 2 and feeds back the diagnostic information to CPU 1.

[0074] Next, after completing the diagnostic design, DFMEA and PFMEA analyses are performed on the two-out-of-two secure computing device. Taking channel A as an example, the fault diagnosis priority is as follows: 1. Voltage diagnosis, 2. Temperature diagnosis, 3. Fault diagnosis of voltage diagnosis unit A1 itself, 4. Fault diagnosis of voltage diagnosis unit A2 itself, 5. Fault diagnosis of temperature diagnosis unit 1 itself. CPU1 and FPGA1 have internal self-testing mechanisms that can diagnose their respective internal faults. Voltage diagnosis units A1 and A2 have self-testing interfaces, which can be used to diagnose whether voltage diagnosis units A1 and A2 have faults. Temperature diagnosis unit 1 also has a self-testing interface function, which can diagnose whether temperature diagnosis unit 1 itself has a fault. It can be understood that through this type of fault diagnosis design, when any chip malfunctions, it can be directly detected, thereby achieving accurate fault location.

[0075] Then, the design of channel B was completed using the same design as described above. After verifying that the design met the safety standards, a prototype of the two-out-of-two safe computing device was produced.

[0076] Finally, the product is subjected to white-box testing, functional testing, accelerated testing, and type testing. The test results of each type are fed back to the next iteration to optimize the functional design of the two-out-of-two safety computing device, the fault diagnosis experience base data, the failure rate, fault severity, and fault detectability data in the fault diagnosis design, thereby re-evaluating the risk matrix and RPN value until all white-box testing, functional testing, accelerated testing, and type testing are passed.

[0077] The present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, a design method for the device having fault diagnosis and location functions is provided.

[0078] The present invention also provides an electronic device, including a processor and a memory, wherein the memory stores a computer program, and when the computer program is executed by the processor, it implements the design method of the device having fault diagnosis and location functions.

[0079] In summary, this invention, comprising a device, design method, medium, and equipment with fault diagnosis and location functions, innovatively introduces PFMEA analysis during the production process, breaking away from the traditional method of fault diagnosis based solely on DFMEA analysis during the design phase. It considers fault diagnosis and location design schemes from the production level, avoiding missed or incorrect diagnoses and achieving a fault diagnosis solution throughout the equipment's entire lifecycle. It not only learns from relevant experience in fault diagnosis experience databases but also accelerates the implementation of fault diagnosis functions through various testing methods, improving R&D efficiency and enhancing the reliability, detectability, and maintainability of the equipment. It comprehensively plans the design, verification, optimization, and precise fault location methods for fault diagnosis at the system level, demonstrating significant practicality. It prioritizes the safety attributes of the equipment, upholding the safety red lines of rail transit products and ensuring equipment safety.

[0080] Although the present invention has been described in detail through the preferred embodiments above, it should be understood that the above description should not be considered as a limitation of the present invention. Various modifications and substitutions to the present invention will be apparent to those skilled in the art after reading the above description. Therefore, the scope of protection of the present invention should be defined by the appended claims.

Claims

1. A design method for a device with fault diagnosis and location functions, characterized in that, Includes the following steps: S1. Determine the functions that the device needs to perform and design the functional modules; S2. Determine fault diagnosis and location schemes for the functional modules and selected components of the device, and design fault diagnosis and location mechanisms. S3. Design a security assurance module; S4. Package the device into a finished product; S5. Perform white-box testing, functional testing, accelerated testing, and type testing on the finished product of the device. If not all tests pass, feed the test results of each test back to S1 and S2 respectively to optimize the next iteration until all white-box testing, functional testing, accelerated testing, and type testing pass.

2. The design method of the device with fault diagnosis and location functions as described in claim 1, characterized in that, In S2, a fault diagnosis and location scheme is planned according to the specific function of the device, including: hierarchical division of the object being diagnosed, independence of the diagnostic method, and ensuring that the failure of the diagnostic design should not affect the function of the device.

3. The design method of the device with fault diagnosis and location functions as described in claim 2, characterized in that, The hierarchical division of the diagnosed object includes: functional module level and component level; Wherein, the functional module level refers to the functional module in S1, and the device level refers to the device that needs to be selected when implementing the functional module.

4. The design method of the device with fault diagnosis and location functions as described in claim 3, characterized in that, The design of a fault diagnosis and localization mechanism includes the following steps: S21. Using methods from the fault diagnosis experience database, the fault diagnosis and location requirements of some functional modules and selected components in the device are realized. S22. Perform DFMEA analysis on the device; S23. Perform PFMEA analysis on the device; S24. Based on the analysis results of S22 and S23, design a corresponding fault diagnosis and location mechanism.

5. The design method of the device with fault diagnosis and location functions as described in claim 4, characterized in that, In S22, the specific aspects of performing DFMEA analysis on the device include: failure mode, device failure rate, failure occurrence rate, failure severity, and failure detectability.

6. The design method of the device with fault diagnosis and location functions as described in claim 5, characterized in that, Based on the occurrence and severity of failures, a corresponding risk matrix is ​​established to obtain the failure tolerance, including: unacceptable failures, undesirable failures, acceptable failures, and negligible failures. Among them, fault diagnosis and location mechanisms are designed for faults with unacceptable fault tolerance, undesirable faults, and acceptable faults; for negligible faults, fault diagnosis and location mechanisms are not adopted.

7. The design method of the device with fault diagnosis and location function as described in claim 6, characterized in that, The fault tolerance also needs to take safety factors into account. For faults that are negligible in affecting safety functions, fault diagnosis and location mechanisms should be adopted to deal with the faults in a timely manner.

8. The design method of the device with fault diagnosis and location function as described in claim 5, characterized in that, In S23, the specific aspects of performing PFMEA analysis on the device include: failure mode, potential impact of failure, failure occurrence rate, failure severity, and failure detectability.

9. The design method of the device with fault diagnosis and location function as described in claim 8, characterized in that, Risk Priority Number (RPN) = Fault Severity × Fault Occurrence × Fault Detectability; where, if the current RPN value is greater than the set RPN threshold, a fault diagnosis and location mechanism must be adopted to handle the fault in a timely manner until the current RPN value is reduced to below the set RPN threshold.

10. The design method of the device with fault diagnosis and location function as described in claim 9, characterized in that, The RPN also needs to consider safety factors. For RPN values ​​below the RPN threshold that affect safety functions, a fault diagnosis and location mechanism should be adopted to handle the fault in a timely manner.

11. The design method of the device with fault diagnosis and location function as described in claim 3, characterized in that, In S5, the white-box testing will test the functional modules and devices of the device, including fault injection, hardware consistency, signal integrity, and power integrity, and will issue a test report after the test is completed.

12. The design method of the device with fault diagnosis and location functions as described in claim 1, characterized in that, In S5, the functional test is a black-box test, which involves applying an excitation or fault to the input of the device and testing whether the output result meets the expected value, thereby determining at the functional module level whether the device can correctly diagnose the fault.

13. The design method of the device with fault diagnosis and location functions as described in claim 1, characterized in that, In S5, the accelerated testing includes: High Accelerated Life Test (HALT) and Mean Time Between Failures (MTBF) test.

14. The design method of the device with fault diagnosis and location function as described in claim 13, characterized in that, The HALT test accelerates the aging process under extreme environmental conditions to obtain the product's operating limits and destructive limits, generating a factor λf1 that affects the device failure rate, and outputting a factor λs1 that affects the severity of the failure.

15. The design method of the device with fault diagnosis and location functions as described in claim 14, characterized in that, The MTBF test evaluates the average operating time of the product between two consecutive failures and outputs a factor λf2 that affects the device failure rate and a factor λs2 that affects the failure severity. The formula for calculating λf2 is: MTBF = 1 / λf2, where MTBF is the MTBF test result.

16. The design method of the device with fault diagnosis and location functions as described in claim 15, characterized in that, In the accelerated testing, the factors λf that ultimately affect the device failure rate and λs that ultimately affect the fault severity are respectively: λf=max{λf1,λf2}, λs=max{λs1,λs2}.

17. A device with fault diagnosis and location functions, designed using the design method of a device with fault diagnosis and location functions as described in any one of claims 1 to 16, comprising: Functional modules enable the device to perform its required functions; The fault diagnosis and location module is connected to the functional module and the devices constituting the functional module, respectively, to detect whether the functional module has failed and to determine the specific location when the functional module fails. The safety assurance module is connected to both the functional module and the fault diagnosis and location module to ensure the safety of the device.

18. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the design method of the device with fault diagnosis and location functions as described in any one of claims 1 to 16.

19. An electronic device, characterized in that, The device includes a processor and a memory, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, it implements the design method of the device with fault diagnosis and location functions as described in any one of claims 1 to 16.