CN103257611A - Accelerator vacuum interlocking system based on dual modular redundancy comparative structure - Google Patents

Accelerator vacuum interlocking system based on dual modular redundancy comparative structure Download PDF

Info

Publication number
CN103257611A
CN103257611A CN 201210039816 CN201210039816A CN103257611A CN 103257611 A CN103257611 A CN 103257611A CN 201210039816 CN201210039816 CN 201210039816 CN 201210039816 A CN201210039816 A CN 201210039816A CN 103257611 A CN103257611 A CN 103257611A
Authority
CN
China
Prior art keywords
plc
comparative
vacuum
accelerator
accelerator vacuum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201210039816
Other languages
Chinese (zh)
Inventor
祁斌川
熊云
Original Assignee
祁斌川
熊云
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 祁斌川, 熊云 filed Critical 祁斌川
Priority to CN 201210039816 priority Critical patent/CN103257611A/en
Publication of CN103257611A publication Critical patent/CN103257611A/en
Pending legal-status Critical Current

Links

Abstract

The invention provides an accelerator vacuum interlocking control system. A dual modular redundancy comparative technology is introduced in the design of the accelerator vacuum interlocking control system to improve safety and reliability of the system. The accelerator vacuum interlocking control system has the advantages that hardware cost of the system is not increased, and meanwhile high stability and reliability of the system are greatly improved.

Description

A kind of accelerator vacuum interlocking system based on the duplication redundancy comparative structure
Technical field
The present invention relates to design and its implementation to accelerator vacuum interlock control system.
Background technology
Electric breakdown in the accelerator in the radio-frequency field and residual gas are to the excessive scattering of electron beam, and Wave guide system and line accelerating tube vacuum chamber all must operate at high vacuum state.The vacuum interlocking system is kept the ultravacuum state that the existing environment of line reaches or keeps, and when vacuum leak takes place, takes suitable action and quarantine measures vacuum, sends the signal that stops line, avoids damaging machinery and equipment.
The part that participates in the vacuum interlock protection in the accelerator comprises injector, linear accelerator and undulator.In accelerator installation when operation start, the vacuum interlocking protective system provides the remote opening valve operation, and provides timing signal for the triggering of each electron gun; When finding fault, interlocking protective system can be protected by order driving execution unit in accordance with regulations automatically.
The big science device of the big system complex of the such scale of similar accelerator; its vacuum interlocking protective system need design enforcement as independent subsystem in the interlocking protective system; implement with effective design of guaranteeing machine interlock protection function, and reduce the design enforcement difficulty of The whole control system.In the third generation synchrotron radiation light source, experimental physics and industrial control system EPICS (Experimental Physics and IndustrialControl System) and PLC (programmable logic controller) are widely used in control system in the world.As domestic, Europe and some accelerator interlocking protective systems of Japan adopt various series of PLC, connect EPICS and PLC system by the ICP/IP protocol on the Ethernet.The PLC that selects for use simultaneously mainly is that EPICS supports, adopts the product of open system fieldbus.
For security and the reliability that improves system, technology commonly used has dynamic redundancy, static redundancy technology and hybrid redundancy technology.The hybrid redundancy technology is a kind of new redundancy structure that static redundancy and dynamic redundancy are combined and constitute.The module that N operate as normal arranged in this system has S spare module.N operate as normal module is through the output of voting back as system, and the output of each module and the output of system is simultaneously made comparisons, and to monitor arbitrary module whether fault is arranged.If detect wherein 1 module failure, then by commutation circuit disengagement failure module, connect spare module.
For the vacuum interlocking system of accelerator, security and reliability are unusual important index.Mostly existing technology is to adopt hardware redundancy and software redundancy.Such as the higher hardware device of reliability, as PLC and adopt with several different software data processings, result is compared, produce and export.Simple software or hardware redundancy technology, all limited to reliability and the security of Hoisting System.
Summary of the invention
The present invention adopts the duplication redundancy comparison techniques in the vacuum interlock control system, in the hardware cost that does not increase system, improve security and the reliability of system.Checking by experiment, advantage of the present invention is when hardware cost does not increase, significantly improves high stability and the reliability of system.
The duplication redundancy comparison system is made up of two subsystems and a comparer.
Subsystem: have the logic synthesis module and a logic selector switch is formed by two.The signal of sending into two logic synthesis modules adopts and to be obtained by different approaches (different vacuum gauge), with the logic synthesis structure logic selector switch of making a gift to someone, by predefined fault detection logic, judges whether to occur the system failure.For the ease of maintenance and maintenance, any module of subsystem all needs to provide warning message when breaking down.
Comparer: the output to two subsystems under the control of outlet selector compares, and goes to control controlled device according to result relatively.If the output of two subsystems is identical, then the output of subsystem is gone to control controlled device as the output of system, if different, then illustrative system breaks down, and sends warning and takes corresponding counter-measure.
Every vacuum meter is sent early warning signal and alerting signal back to, and the vacuum tightness threshold value that early warning signal is set is lower than alerting signal.Because these two signals are that two different vacuum gauges obtain respectively, so be separate on the obtain manner.So propose a kind of redundant system model of soft or hard combination---duplication redundancy comparison system, and be applied in the design.
Use warning and early warning signal to carry out the comprehensive of valve control signal and outer chain signal in the PLC system respectively, then comprehensive result is carried out logic and select.Can suppose according to the fact: can not occur that two or more break down simultaneously among vacuum gauge (detecting devices of vacuum tightness), PLC, the IOC (I/O controller).After the logic selector switch of valve control and external trigger detects fault, take corresponding fault handling and report to OPI.Effective like this having evaded because the risk that single vacuum gauge breaks down and causes equipment to suffer damage.
System reads one " standby host " of IOC as PLC chain signal and carries out logic synthesis from the PLC internal memory.Comprehensive logical and PLC is identical.At last the synthesis result of IOC and the comparer that passes through of PLC are compared, judge whether PLC and IOC move normally, and the result is reported to OPI.
Description of drawings
Fig. 1 is the EPICS structural scheme of mechanism;
Fig. 2 is the system hardware structure synoptic diagram;
Fig. 3 is system's duplication redundancy comparative structure synoptic diagram;
Consult Fig. 1, according to the dcs master pattern, system is divided into three level: OPI (OperatorInterface) based on the EPICS framework, IOC (I/O Controller) and device controller layer.
Consult Fig. 2, OPI is industrial computer or the PC of the Central Control Room of operation Linux, and the man-machine interface of vacuum interlocking protective system is provided.IOC is the embedded computer of operation based on the RISC framework.Device controller adopts PLC to realize.OPI, IOC and PLC communicate by Ethernet.
Consult Fig. 3, the duplication redundancy comparison system is made up of two subsystems and a comparer.
Embodiment
OPI realizes the operation interface of man-machine interaction, and main boundary is divided into three parts: the vacuum meter signal condition monitors that valve state monitors and gate inhibition's status surveillance.Can enter the sub-interface of operation of vacuum signal and valve control respectively by the entrance button on the main interface.Operation interface is by a main interface and press the function interface of dividing elements.In order to prevent artificial maloperation, main interface only provides signal monitoring and enters the entrance at subfunction interface, does not carry out remote-operated function.
PLC is adopted in equipment control, and the interlocked control flow process is all realized by PLC.Therefore PLC software also is an important component part of system.Early warning and alerting signal that vacuum meter is sent into, and other interlocking signals carry out comprehensively, determine whether system allows normally when breaking down, to take appropriate measures.
IOC mainly realizes communicating by letter of OPI and PLC, and the System self-test function.
Every vacuum meter is sent early warning signal and alerting signal back to, and the vacuum tightness threshold value that early warning signal is set is lower than alerting signal.Because these two signals are that two different vacuum gauges obtain respectively, so be separate on the obtain manner.In the PLC system, use warning and early warning signal to carry out the comprehensive of valve control signal and outer chain signal respectively, then comprehensive result is carried out logic and select.Can suppose according to the fact: can not occur that two or more break down simultaneously among vacuum gauge, PLC, the IOC.
After the logic selector switch of valve control and external trigger detects fault, take corresponding fault handling and report to OPI.Effective like this having evaded because the risk that single vacuum gauge breaks down and causes equipment to suffer damage.System reads one " standby host " of IOC as PLC chain signal and carries out logic synthesis from the PLC internal memory.Comprehensive logical and PLC is identical, also adopts the early warning and alarming double-unit system.At last the synthesis result of IOC and the comparer that passes through of PLC are compared, judge whether PLC and IOC move normally, and the result is reported to OPI.
Influence the vacuum gauge that mainly contains of vacuum interlocking protective system reliability, PLC, these three parts of IOC (DA662-LX).
For reliability and the security of using the markov process analytic system, make following hypothesis.
1) three parts, and stream time and fault correction time are obeyed negative exponent and are distributed;
3) at any one time, not having two or more parts breaks down simultaneously;
When 4) beginning, three parts are all normal.
By hypothesis 1) as can be known, in moment t operate as normal, then the probability that breaks down at t+ Δ t is p=1-e^ (λ Δ t)=λ Δ t as if certain module, wherein λ is failure rate, i.e. the number of faults that occurs in unit interval such as the 1h.Consider failure checking cover ratio c, then module breaks down and the probability that is detected is c λ Δ t, and the probability that can not be detected is (1-c) λ Δ t.
System is in t moment operate as normal, and the probability that breaks down at t+ Δ t is:
p=p 1(1-p 2)(1-p 3)+p 2(1-p 1)(1-p 3)+p 3(1-p 1)(1-p 2)
In fact p 1p 2p 3All very little, their quadratic term is economized slightly:.
p=p 1+p 2+p 3
Whether in the duplication redundancy comparison system, the integrated logic of IOC and PLC constantly carries out many-valued comparison, consistent with the running status of judging both, so in case can be similar to and think that either party breaks down, just can detect.
For a pair of early warning and the alerting signal on the vacuum meter, as shown in table 1, after breaking down, four kinds of outputs are arranged, wherein have only a kind of fault to survey.So the probability of undetectable fault appears in vacuum gauge: 0.75p 1
Untestable fault occurs after adopting the duplication redundancy comparison system, cause dangerous probability to be reduced to original:
R = 0.75 p 1 p 1 + p 2 + p 3 = 0.75 λ 1 λ 1 + λ 2 + λ 3
λ = 1 MTBF
The reliability of the system that the MTBF data substitution of PLC, embedded system, vacuum tightness detecting devices (vacuum meter, vacuum gauge) is asked has improved 4~30 times.

Claims (4)

1. the accelerator vacuum interlocking system based on the duplication redundancy comparative structure is the accelerator vacuum interlock control system of introducing the duplication redundancy comparison techniques.Its feature is lived in having introduced " duplication redundancy relatively " technology that soft or hard combines, and when not increasing the system hardware cost, increases substantially reliability and the security of vacuum interlocking system.
2. as claims 1 described a kind of accelerator vacuum interlocking system based on the duplication redundancy comparative structure, it is characterized in that according to the dcs master pattern system is based on EPICS (Experimental physics and industry control system) framework.
3. according to claims 1 described a kind of accelerator vacuum interlocking system based on the duplication redundancy comparative structure, it is characterized in that PLC (programmable logic controller) is adopted in the equipment control in the system, the interlocked control flow process is all realized by PLC.
4. according to claims 1 described a kind of accelerator vacuum interlocking system based on the duplication redundancy comparative structure, it is characterized in that embedded computer moves dynamic data base in order to adopt independently for IOC (I/O Controller) in the system.
CN 201210039816 2012-02-21 2012-02-21 Accelerator vacuum interlocking system based on dual modular redundancy comparative structure Pending CN103257611A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201210039816 CN103257611A (en) 2012-02-21 2012-02-21 Accelerator vacuum interlocking system based on dual modular redundancy comparative structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201210039816 CN103257611A (en) 2012-02-21 2012-02-21 Accelerator vacuum interlocking system based on dual modular redundancy comparative structure

Publications (1)

Publication Number Publication Date
CN103257611A true CN103257611A (en) 2013-08-21

Family

ID=48961587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201210039816 Pending CN103257611A (en) 2012-02-21 2012-02-21 Accelerator vacuum interlocking system based on dual modular redundancy comparative structure

Country Status (1)

Country Link
CN (1) CN103257611A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103528772A (en) * 2013-10-21 2014-01-22 重庆耐德工业股份有限公司 Micro-leakage detector, system with same and detection method of detector
CN109847200A (en) * 2019-01-31 2019-06-07 中国科学院近代物理研究所 A kind of vacuum monitoring system for medical heavy ion avcceleration
CN113049899A (en) * 2021-03-22 2021-06-29 中国科学院高能物理研究所 Automatic aging and data analysis system for coupler

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103528772A (en) * 2013-10-21 2014-01-22 重庆耐德工业股份有限公司 Micro-leakage detector, system with same and detection method of detector
CN103528772B (en) * 2013-10-21 2015-09-30 重庆耐德工业股份有限公司 A kind of micro-device for detecting leakage, the system with this device and detection method thereof
CN109847200A (en) * 2019-01-31 2019-06-07 中国科学院近代物理研究所 A kind of vacuum monitoring system for medical heavy ion avcceleration
CN113049899A (en) * 2021-03-22 2021-06-29 中国科学院高能物理研究所 Automatic aging and data analysis system for coupler

Similar Documents

Publication Publication Date Title
US20110202163A1 (en) Plant protection system and method using field programmable gate array
CN105765812B (en) Method for the electric fault in detection circuit
US6532550B1 (en) Process protection system
JPH10320003A (en) Method and device for monitoring plant accompanying plural function units
CN206515675U (en) A kind of LED display intellectual monitoring management system
CN105022382B (en) A kind of fault handling method, device, system and fire-fighting equipment
CN103823401B (en) For the method and apparatus reported to the police in start-stop control system in unit level
CN103257611A (en) Accelerator vacuum interlocking system based on dual modular redundancy comparative structure
CN104392756B (en) Reactor dynamic interlock system and method based on digital instrumentation and control system
KR101992299B1 (en) Nuclear power plant digital protection system
CN103794255A (en) T3 test loop of reactor protection system in nuclear power station and optimization method thereof
CN106877291A (en) A kind of safe torque breaking circuit and system
CN103809429B (en) Hardware mediation hybrid redundancy intelligent controller and redundancy backup method
CN104007757A (en) Self-diagnosis method and system for gateway communication abnormity in distributed control system of nuclear power plant
CN109209651B (en) Aircraft comprising a device for monitoring a turbine engine of the aircraft
KR20080013153A (en) Digital security system for nuclear power plant
CN101840740B (en) Automatic failure detection system and method for two channels
CN105137474B (en) A kind of routine test method for source range neutron detector power supply control function
CN201717594U (en) Safety protection device of controlled system and system thereof
CN101539288A (en) Controller for electric heating steam generator
CN202150056U (en) Pressure monitoring device
RU2661759C1 (en) Ship device for fire detection
CN205160045U (en) Landfill gas body engine safety arrangement
JP5798736B2 (en) Nuclear power plant operation monitoring device
CN108829091A (en) A kind of redundant configuration controller failure detection alarm method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130821