CN101430550A - Switch control method of engine redundancy electric-control system - Google Patents
Switch control method of engine redundancy electric-control system Download PDFInfo
- Publication number
- CN101430550A CN101430550A CNA2008101656173A CN200810165617A CN101430550A CN 101430550 A CN101430550 A CN 101430550A CN A2008101656173 A CNA2008101656173 A CN A2008101656173A CN 200810165617 A CN200810165617 A CN 200810165617A CN 101430550 A CN101430550 A CN 101430550A
- Authority
- CN
- China
- Prior art keywords
- control
- output
- active
- circuit
- command word
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Hardware Redundancy (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention discloses a method for controlling and switching a redundancy electronic control system of an engine. Digital signals are used between active-standby circuit wafers for monitoring active-standby state in real time; active-standby control commands are generated according to monitor information; wherein, the monitor on the active-standby state is realized mainly by comparing characteristic signals passed by an opposite site; continuous new characteristic signals are used for determining whether the state of the opposite site is normal or not; the control state of a logic circuit is determined and switched according to the information of the active-standby state so as to increase accuracy and reliability of switching. The method has the advantages of flexible setting, simple, reliable, and stable structure.
Description
(1) technical field
The present invention relates to a kind of with engine electric-controlled system, particularly a kind of switch circuit for engine redundant electrically-controlled system and control method.
(2) background technology
In order to improve the reliability of system, crux unit in the system or system adopt the redundancy of activestandby hot backup usually.So-called activestandby hot backup is meant that identical two unit or system work simultaneously, one is operate as normal usefulness, and another is standby, when unit that operate as normal is used or system break down, system should be able to enable stand-by unit automatically or switch to back-up system, guarantees the continuity of system works.
In the Motronic control maps opertaing device, the reliability of system is very important, especially in some crucial applications such as the control of power station engine set, the primary/secondary engine control in military naval vessel etc., for guaranteeing under the situation of electric-controlled system fault, to keep the continual emergency operating of diesel engine, all be necessary to adopt the Hot Spare electric-control system, this system comprises the master, be equipped with two relatively independent subsystems, under the main system control of engine just often, move at master control system, back-up system is in monitored state, in case main system breaks down or the peripheral Key Circuit of main system breaks down, then take over main system and finish emergency operating control engine by back-up system.
In the available engine electric-control system, generally be single system, when breaking down, must shut down replacing, the emergent operation continuously in the time of can not realizing fault.To Hot Spare Study on Technology and application, more relatively in domain of communication equipment, but because input, output signal quantity that engine control system relates to are many, the type complexity, the many input and output of existing switching value have various simulating signals again.Guaranteeing the harmony of active and standby system works, the stationarity of switching, avoiding the interference to work system of the control system that breaks down, its technical requirement and communication apparatus have very big difference.Some exploratory research to engine thermal backup electric-control system were also once arranged, but only limit to the automatic discriminating measure of main preparation system etc., and the circuit of taking all is simple logic gates and single control signal source generally, does not still possess practical value, does not therefore also have relevant practical application.
In the at present known redundancy switch-over control method, when two redundant each other object logics power on simultaneously, determine the logic state of object logic by the mode of setting a timer, relevant patent documentation please refer to the Chinese patent application that publication number is CN1275000A.The Chinese patent application file of publication number 1591348A " redundancy switch-over control method and circuit " adopts three input end and not circuits to realize that the differentiation of fault switches with redundant, has realized determining whether switching function with manual switchover according to fault degree.
But generally speaking, all there are some following shortcomings in existing redundancy switching circuit and method:
1. adopt simple gate circuit to realize that redundancy logic handles, issuable rub-out signal is differentiated in the time of can not be to the system failure, influences the reliability of this redundant circuit work;
2. adopt single logical signal as input signal, when being subjected to external interference, be easy to generate malfunction;
3. system power-on reset is handled imperfection, the logical signal of electrification reset process is not provided, to realize effective control to external interface;
4. do not have Data synchronization interface, can not guarantee the redundant system state synchronized, do not satisfy the requirement that smooth transition is switched in system;
5. do not possess failure system is resetted again to attempt the function of recovery system.
(3) summary of the invention
The object of the present invention is to provide a kind of in order to improve the switch control method of engine redundancy electric-control system of reliability, stationarity and real-time that main preparation system switches.
Of the present invention consisting of:
The technical scheme of product of the present invention is: it comprises the primary, spare system and device control circuit that is arranged at respectively on the identical circuit board of two functional structures, and each control circuit comprises the CPU processor, it is characterized in that each control circuit comprises at least:
Information exchange circuit, be used for primary, spare system and device by certain periodic refresh duty word, confirm the duty characteristic information of oneself to the other side, otherwise be judged as the system failure, the work system device passes to the back-up system device with current working state data and operational order when operate as normal;
Cpu interface circuit is used to receive the command word that the CPU processor sends, and carries out data latching and read-write control operation, and the command word that the CPU processor sends is exported to active and standby control logic circuit;
Active and standby control logic circuit, be used to handle the command word that CPU processor that cpu interface circuit receives sends, mate with default command word eigenwert according to the command word that cpu interface circuit provides, produce control corresponding output function signal, as not mating, then do not change current state with setting command word value;
The state processing logical circuit, be used to receive the control output function signal that the other side's control logic circuit produces, according to the control output function signal of the active and standby control logic circuit generation in this locality and the control output function signal of the active and standby control logic circuit generation of the other side, produce the local operation signal;
The cpu interface circuit input is connected with system processor data bus or IO port, and its output connects the input of active and standby control logic circuit; The output of active and standby control logic circuit divides two groups: one group connects local state processing logical circuit, and one group connects the other side's state processing logical circuit; The input of state processing logical circuit connects the output of local and the active and standby control logic circuit of the other side, and output resets and the IO control signal according to the input signal logical relation, connects local cpu reset circuit and IO output control circuit.Information exchange circuit connects processor PORT COM separately respectively, and receives and dispatches cross connection between main preparation system.
Control method of the present invention is: comprise the steps: at least
A. primary, spare system and device periodically provides state confirmation characteristic information and operational data by information exchange circuit to the other side, carries out mutual status surveillance and data sync;
B. the back-up system device receives the other side's operational data when the state confirmation characteristic information that provides according to the other side confirms that the other side is working properly, keeps the data sync between primary, spare system and device;
C. back-up system is when the state confirmation characteristic information that provides according to the other side is confirmed the other side's fault or do not received that in some cycles the other side's normal condition is confirmed characteristic information, output control command word makes the other side export invalid and the other side's processor that resets, and puts one's own side's output enable and starts working on the synchrodata basis;
D. failure system if fail to recover normal, then continues to keep the work at present state in the back that resets again, and work system can periodically send output control command word to attempt recovering failure system to active and standby control circuit simultaneously;
E. failure system, then provides the state confirmation characteristic information and receives the operational data that the other side provides to the other side by information exchange circuit if recover normal in the back that resets again, and forbids control by the output that active and standby control circuit transmission command word is provided with one's own side;
F. work system confirm failure system recover normal after, by send to active and standby control circuit the cancellation of output control command word to former fault system to control, recover the other side's Autonomous Control;
G. the state processing circuit is according to the logical value of input signal, mates with specific logical combination, produces control signal corresponding, otherwise do not signal.
Cpu interface circuit, active and standby control logic circuit and state processing logical circuit can adopt one group of independent logical device or a slice programmable logic device (PLD) to finish among the present invention.
By information exchange circuit, primary, spare system monitors mutually, state confirmation, finishes the transmission of data and operational order, realizes the switching controls and the data sync of active and standby system, the state consistency after the assurance system is switched.
Cpu interface circuit adopts logical circuit or programmable logic device (PLD) to constitute, and is used to receive the command word that CPU sends, and realizes the reception of cpu command word and latchs processing.
The command word that active and standby control logic circuit latchs according to cpu interface circuit produces steering logic output.Described command word comprises at least: local output prohibiting/enabling command word, long-range output prohibiting/enabling command word, teleprocessing unit reset command word etc.
The state processing logical circuit produces control output according to the active and standby control logic circuit input signal of active and standby electric-control system, and described control output comprises at least: output prohibiting/enabling signal, processor reset signals etc.
Information exchange circuit can adopt dual port RAM to constitute, and also can pass through the fieldbus mode, realizes the exchanges data between active and standby control system in the redundancy control system.
The command word of active and standby control circuit is constituted by the particular logic value of data bus or one group of I/O interface, and its output signal also adopts one group of logical signal to be combined as different control signals.
The input signal of state processing logical circuit comprises the steering logic output that the active and standby control circuit of active and standby system produces according to command word.
The active and standby control command word of redundant electric-control system commutation circuit and the active and standby switch-over control signal of output constitute by one group of specific logical value, this logical value determined by logical circuit combination or programming, and fault verification cycle and the fault control cycle value that resets is required to determine by the timing cycle of software set according to performance of handoffs requirement and cpu reset sequential by active and standby control system.
The present invention can improve reliability, stationarity and the real-time that main preparation system switches, and solves following problem emphatically:
1. the rub-out signal of avoiding the system failure and interference and producing influences the redundancy switching circuit duty;
2. avoid the uncertainty or the logic conflict of power up redundant system output logic;
3. avoid in the net system switching process discontinuous to engine control, influence the stationarity of engine;
4. realize automatically reseting to failure system.
The present invention monitors activestandby state in real time by adopt digital signal between the master and stand-by circuits plate, produces active and standby control command according to monitoring information.Wherein, realization mainly is by comparing the characteristic signal that the other side transmits to the monitoring of activestandby state, utilize the characteristic signal that refreshes continuously to determine whether the other side's state is normal, and determine the switching logic circuit state of a control, improve accuracy and the reliability switched according to activestandby state information.The present invention is set flexibly by the hardware and software realization that combines, and is simple on the structure, reliable, stable.
(4) description of drawings
Fig. 1 is the structural representation of existing system redundancy switching circuit;
Fig. 2 is the structural representation of switch circuit for engine redundant electrically-controlled system of the present invention;
Fig. 3 is a state logic synoptic diagram of the present invention.
(5) embodiment
The present invention is further detailed explanation below in conjunction with drawings and Examples.
In conjunction with Fig. 2, the present embodiment commutation circuit comprises at least: cpu interface circuit, active and standby control logic circuit, state processing logical circuit and information exchange circuit.
The CPU processor provides command word to active and standby control logic circuit by cpu interface circuit, and this command word comprises: local output prohibiting/enabling command word, long-range output prohibiting/enabling command word, teleprocessing unit reset command word.This command word write the logical sequence of writing that will meet bus, avoid in the reseting procedure or issuable rub-out signal during system exception.
Suppose that cpu interface circuit adopts 16 bus interface, active and standby steering logic command word is defined as: local output decretum inhibitorium word-0xaaa0; Local output enable command word-0xaa0a; Long-range output is forbidden/cpu reset command word-0x5550; Long-range output is forbidden/cpu reset mandatum cassatorium word-0x5505; Long-distance Control mandatum cassatorium word-0x5555.Other values are invalid data, forbid local output and cancellation Long-distance Control.
Active and standby control logic circuit mates with default command word eigenwert according to the data that cpu interface circuit provides, and produces control signal corresponding.This control signal comprises " local output prohibiting/enabling " control signal, " long-range output prohibiting/enabling " signal and " remote cpu resets " signal.Wherein " long-range output prohibiting/enabling " signal and " remote cpu resets " signal offer the other side's state processing logical circuit, adopt the eigenwert mode of many signal combination to export, to improve the reliability of system.The active and standby control signal of supposing active and standby control logic circuit output adopts 8 signal values, define long-range output to forbid/cpu reset output logic value is 0x55; Long-range output forbids/cpu reset mandatum cassatorium word is 0xaa; Other value cancellation Long-distance Control.
As input timing not to or can not with setting command word value coupling, then do not change current state, with the faulty operation of avoiding producing because of processor or bus failure.
The state processing logical circuit is according to the control signal of the active and standby control logic circuit generation in this locality and the control signal of the active and standby control logic circuit generation of the other side, produce " local output enable/forbid " signal and " local cpu reset signal ", with the output control or the trial restart failure system of isolating the inoperative system.
Information exchange circuit is realized the status monitoring of active and standby system and device on the one hand, and active and standby control system must be confirmed the duty characteristic information of oneself to the other side, otherwise be judged as the system failure by certain periodic refresh status word during work; On the other hand active and standby system just often work system to pass to back-up system to system's current working state data, operational order etc. by information exchange circuit in real time, make back-up system and work system synchronous, guarantee the consistance of both states when switching and the stationarity of handoff procedure engine control.
In conjunction with Fig. 3, the concrete course of work of present embodiment is:
1. after system powers on, any command word coupling because the cpu i/f data of active and standby system are got along well, active and standby control logic circuit output one " local output is forbidden " signal, cancellation " long-range output is forbidden " and " remote cpu resets " signal, make and forbid any output control signal and active and standby control signal in system is powering on system's normal course of operation, active and standby system carries out resetting of system and system initialization operation independently of one another.
2. after active and standby control system is independently finished system initialization separately, main system CPU exports local output enable command word 0xaa0a according to initialization result, be equipped with the local output of system CPU output and forbid control command word 0xaaa0, make active and standby system operate in work and stand-by state respectively.
3. active and standby system periodically refreshes respectively and provides the running status sign by information exchange circuit to the other side, receives, handles the running status sign that the other side provides.Work system (main system) regularly provides operating state data and operational order etc. to back-up system simultaneously.If back-up system is normal, then back-up system receives operating state data and the operational order that work system provides, and keeps system's state synchronization.
4. if the back-up system fault, work system CPU exports " long-range output is forbidden/cpu reset " command word 0x5550 and " long-range output is forbidden/the cpu reset cancellation " command word 0x5505 to active and standby control logic circuit, makes work system to back-up system output " output is forbidden " and " processor reset " logical signal; The state processing logical circuit of back-up system produces control signal according to this signal and ends output, and provides a reset timing signal to processor, attempts resetting back-up system.
5. if the main system fault, correct Flushing status tagged word and service data is provided, being equipped with system CPU exports long-range output and forbids/cpu reset " command word 0x5550 and " long-range output is forbidden/the cpu reset cancellation " command word 0x5505, make back-up system to work system output " output is forbidden " and " processor reset " logical signal; The state processing logical circuit of work system produces control signal according to this signal and ends to export and reset, and back-up system CPU by the local output enable command word 0xaa0a of output, makes back-up system change duty over to again.
6. main system resets the back again if recover normal, then change stand-by state over to, provide status information and Flushing status sign by information exchange circuit to work system simultaneously, receive running state data and operational order that work system provides, keep and work system synchronous.
6. if main system is after recovering normally to change stand-by state over to, output " local output is forbidden " command word 0xaaa0 forbids local output control, output " Long-distance Control cancellation " the command word 0x5555 of work at present system cancels control signal, recovers the other side's Autonomous Control power.
8. active and standby system is all just often by outside inputting switching command, the CPU of active and standby system is independent of separately finish the blocked operation that output is forbidden or enabled to active and standby control logic circuit output command word, realize output enable or the independent control of forbidding, carry out the exchange and the affirmation of running status sign simultaneously by information exchange circuit.
Claims (5)
1, switch control method of engine redundancy electric-control system is characterized in that this method comprises the steps: at least
A. primary, spare system and device periodically provides state confirmation characteristic information and operational data by information exchange circuit to the other side, carries out mutual status surveillance and data sync;
B. the back-up system device receives the other side's operational data when the state confirmation characteristic information that provides according to the other side confirms that the other side is working properly, keeps the data sync between primary, spare system and device;
C. back-up system is when the state confirmation characteristic information that provides according to the other side is confirmed the other side's fault or do not received that in some cycles the other side's normal condition is confirmed characteristic information, output control command word makes the other side export invalid and the other side's processor that resets, and puts one's own side's output enable and starts working on the synchrodata basis;
D. failure system if fail to recover normal, then continues to keep the work at present state in the back that resets again, and work system can periodically send output control command word to attempt recovering failure system to active and standby control circuit simultaneously;
E. failure system, then provides the state confirmation characteristic information and receives the operational data that the other side provides to the other side by information exchange circuit if recover normal in the back that resets again, and forbids control by the output that active and standby control circuit transmission command word is provided with one's own side;
F. work system confirm failure system recover normal after, by send to active and standby control circuit the cancellation of output control command word to former fault system to control, recover the other side's Autonomous Control;
G. the state processing circuit is according to the logical value of input signal, mates with specific logical combination, produces control signal corresponding, otherwise do not signal.
2, switch control method of engine redundancy electric-control system according to claim 1, it is characterized in that: described active and standby control logic circuit produces steering logic output according to the command word of CPU processor, and described command word comprises at least: local output prohibiting/enabling command word, long-range output prohibiting/enabling command word and teleprocessing unit reset command word.
3, switch control method of engine redundancy electric-control system according to claim 1 and 2, it is characterized in that: described state processing logical circuit produces control output function signal according to input signal, and described control output function signal comprises at least: output prohibiting/enabling signal and processor reset signals.
4, switch control method of engine redundancy electric-control system according to claim 1 and 2, it is characterized in that: the command word of described active and standby control circuit is constituted by the particular logic value of data bus or one group of I/O interface, and control output function signal also adopts one group of logical signal to be combined as different control signals.
5, switch control method of engine redundancy electric-control system according to claim 3, it is characterized in that: the active and standby switch-over control signal of described control command word and output constitutes by one group of specific logical value, this logical value determined by logical circuit combination or programming, and fault verification cycle and the fault control cycle value that resets is determined by the polling cycle of software according to the performance of handoffs requirement by active and standby logic control circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101656173A CN101430550B (en) | 2007-03-30 | 2007-03-30 | Switch control method of engine redundancy electric-control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101656173A CN101430550B (en) | 2007-03-30 | 2007-03-30 | Switch control method of engine redundancy electric-control system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100719679A Division CN100492223C (en) | 2007-03-30 | 2007-03-30 | Switch circuit for engine redundant electrically-controlled system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101430550A true CN101430550A (en) | 2009-05-13 |
| CN101430550B CN101430550B (en) | 2010-12-01 |
Family
ID=40645985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101656173A Expired - Fee Related CN101430550B (en) | 2007-03-30 | 2007-03-30 | Switch control method of engine redundancy electric-control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101430550B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107957692A (en) * | 2016-10-14 | 2018-04-24 | 中国石油天然气集团公司 | Controller redundancy approach, apparatus and system |
| CN113050407A (en) * | 2021-03-04 | 2021-06-29 | 中国航空工业集团公司西安航空计算技术研究所 | Method for determining and switching master controller and slave controller of distributed processing system |
| CN113300925A (en) * | 2020-06-24 | 2021-08-24 | 阿里巴巴集团控股有限公司 | CAN bus network access unit of linear type and transfer machine and related method thereof |
| CN114385254A (en) * | 2021-12-27 | 2022-04-22 | 四川华鲲振宇智能科技有限责任公司 | Dual-control master-slave switching implementation method based on VPX architecture |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0518630A3 (en) * | 1991-06-12 | 1993-10-20 | Aeci Ltd | Redundant control system |
| JP2000330815A (en) * | 1999-05-24 | 2000-11-30 | Matsushita Electric Ind Co Ltd | Duplexed switching control device and method |
| CN1249548C (en) * | 2001-06-22 | 2006-04-05 | 华为技术有限公司 | Switching equipment between master and stand-by circuits and its method |
| CN1303532C (en) * | 2003-07-10 | 2007-03-07 | 浙江中控技术有限公司 | Redundant switching controlling method and circuit |
| CN100382452C (en) * | 2005-11-15 | 2008-04-16 | 中兴通讯股份有限公司 | Device and method for realizing ASC |
-
2007
- 2007-03-30 CN CN2008101656173A patent/CN101430550B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107957692A (en) * | 2016-10-14 | 2018-04-24 | 中国石油天然气集团公司 | Controller redundancy approach, apparatus and system |
| CN113300925A (en) * | 2020-06-24 | 2021-08-24 | 阿里巴巴集团控股有限公司 | CAN bus network access unit of linear type and transfer machine and related method thereof |
| CN113300925B (en) * | 2020-06-24 | 2024-05-17 | 盒马(中国)有限公司 | CAN bus network access unit of linear type transfer machine and related method thereof |
| CN113050407A (en) * | 2021-03-04 | 2021-06-29 | 中国航空工业集团公司西安航空计算技术研究所 | Method for determining and switching master controller and slave controller of distributed processing system |
| CN114385254A (en) * | 2021-12-27 | 2022-04-22 | 四川华鲲振宇智能科技有限责任公司 | Dual-control master-slave switching implementation method based on VPX architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101430550B (en) | 2010-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100492223C (en) | Switch circuit for engine redundant electrically-controlled system | |
| CN101207408B (en) | Apparatus and method of synthesis fault detection for main-spare taking turns | |
| CN110351174B (en) | Module redundancy safety computer platform | |
| CN203786723U (en) | Dual redundant system based on X86 PC/104 embedded CPU modules | |
| CN201909961U (en) | Redundancy control system | |
| CN101625568B (en) | Synchronous data controller based hot standby system of main control unit and method thereof | |
| CN103647781A (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| CN107347018A (en) | A kind of triple redundance 1553B bus dynamic switching methods | |
| CN110427283B (en) | Dual-redundancy fuel management computer system | |
| CN102724083A (en) | Degradable triple-modular redundancy computer system based on software synchronization | |
| CN101378267A (en) | Primary and secondary switching device, and switching method using the same | |
| US6098143A (en) | Remote server management device | |
| CN101430550B (en) | Switch control method of engine redundancy electric-control system | |
| JPH0934809A (en) | Highly reliable computer system | |
| CN113791937B (en) | Data synchronous redundancy system and control method thereof | |
| CN101741532A (en) | Two-computer switching device for redundant server switching | |
| CN101232357A (en) | Apparatus and method for realizing main and spare plate card rearrange | |
| CN104299301A (en) | Nonporous electronic control security door fault-tolerant control system | |
| CN202794885U (en) | Safety control redundant system for fully-intelligent master control system | |
| JP2799104B2 (en) | Redundant switching device for programmable controller | |
| KR100333484B1 (en) | Fault tolerance control system with duplicated data channel by a method of concurrent writes | |
| JPH0462081B2 (en) | ||
| JPH04268643A (en) | Information processing system | |
| CN109782578A (en) | A kind of high reliability deep-sea autonomous underwater vehicle control method | |
| JP2941387B2 (en) | Multiplexing unit matching control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101201 Termination date: 20170330 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |