CN104360916B - Main standby synchronous method based on data syn-chronization - Google Patents
Main standby synchronous method based on data syn-chronization Download PDFInfo
- Publication number
- CN104360916B CN104360916B CN201410668432.XA CN201410668432A CN104360916B CN 104360916 B CN104360916 B CN 104360916B CN 201410668432 A CN201410668432 A CN 201410668432A CN 104360916 B CN104360916 B CN 104360916B
- Authority
- CN
- China
- Prior art keywords
- standby
- mark
- synchronous
- principal series
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Hardware Redundancy (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention discloses a kind of main standby synchronous method based on data syn-chronization, including:It is interlocked relationship to set active and standby two system;Before each synchronizing cycle starts, standby system sends data to principal series;Whether the standby coefficient evidence that principal series judgement receives is synchronous, and it is that synchronous mark is exported if synchronously and exports result of calculation to standby that asynchronous mark is exported if asynchronous and sends synchrodata;Standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, and standby system exports result of calculation simultaneously;If standby system receives the synchrodata that asynchronous mark and principal series are sent, standby is to export asynchronous mark after synchronous principal series synchrodata, does not export result of calculation.The present invention can solve in real-time industrial automation control area due to redundancy switching synchrodata amount it is big, cycle time is short, caused by failure of data synchronization or timing error.
Description
Technical field
The present invention relates to computer realm, more particularly to being used for fail-safe computer in a kind of real-time industrial Automated condtrol
The main standby synchronous method based on data syn-chronization.
Background technology
Redundancy switching is common point of side for being used to improve system availability in the current relatively fail-safe computer structure of main flow
Method, its typical structure is as shown in Figure 1 (so that 2 multiply 2oo2 fail-safe computer frameworks as an example).Have two in the structure as seen from Figure 1
Set 2 takes 2 systems.Between main preparation system whole 2 hot-swaps for multiplying system are realized by the automatic/hand switching switch of switch boards.
Certainly also there is the strategy that some security systems use cold standby, but cold standby strategy has many lack in Industry Control real-time system
Point, it is impossible to improve the availability of whole system, not frequently with.
Hot-backup system generally has following two way of outputs:
First, when principal series is working properly, switch boards export the result of calculation of principal series;When principal series breaks down, switch boards are defeated
Go out the result of calculation of standby system;
2nd, it is working properly in only principal series, and standby system and the data of principal series, when state is inconsistent, only export principal series data.
When standby system and the data of principal series, state consistency, now standby system enters synchronous regime, and switch boards export principal series and standby system simultaneously
Output.
The first switching redundancy approach can improve the availability of system, maintainability.But system random fault can not be avoided
The safety problem brought, that is, need to ensure to input it is completely the same, cause to input in the event of random disturbances it is incorrect, can
Active and standby system's simultaneous faults can be had influence on.This just needs to consider these interference during system design, and increases tolerance.This mode is usual
It all be semaphore (be all 0 and 1 can represent) that input, which can be used in, without in the system of analog quantity, such as track traffic signal
In interlock system.
Second of switching redundant fashion has certain because the strategy of synchronization is that standby system follows principal series in software processing
Difference, reduce due to the system failure caused by random disturbances, therefore be widely used in field, such as track traffic signal
Onboard system.The existing method basic ideas of second of switching redundant fashion are (as shown in Figure 2):
Output driving principal series relay after double systems (main, standby two systems) start, because interlocked relationship be present in double systems, that is,
Say, in the same cycle, an only system can be principal series, and a system must be standby system in addition;The relay of double system's collection switch boards,
Obtain active and standby system's state that this is and other side is.Whether the data that the relatively more standby system of principal series comes are consistent with this coefficient evidence, if one
Cause, then export synchronous mark, otherwise export asynchronous mark, and send this data for being.Finally drive principal series relay;Standby system
The data that principal series comes are received, is run if asynchronous using the data of principal series as input, does not export result of calculation;Such as
Fruit synchronously then runs this coefficient evidence, and drives principal series relay, finally exports result of calculation.And switch boards then use or pass
It is to handle the result of calculation of active and standby system, that is, as long as there is system output then to export.It can be seen that from step shown in Fig. 2
Standby system needs each cycle to transmit synchronization data to principal series, and principal series needs each cycle to judge whether the data of standby system are synchronous, and output is same
Step state and synchrodata give standby system.In this process, it is crucial that selection and the synchronization policy of synchrodata.For double
Need synchronous data volume smaller between system, for cycle longer system, the redundancy switching mode can meet its needs.It is but right
Larger in data volume, for cycle shorter system, the redundancy switching mode can cause data to be sent out in a cycle
Completion is sent, causes data synchronization errors/failure of data synchronization.
The content of the invention
The technical problem to be solved in the present invention is to provide one kind can improve existing redundancy switching mode in a cycle together
Step data can not be sent completely the main standby synchronous method based on data syn-chronization for causing data synchronization errors/failure of data synchronization.
To improve that to switch synchrodata amount big due to redundancy the technical problem to be solved in the present invention is to provide one kind, during the cycle
Between it is short, cause the main standby synchronous method based on data syn-chronization of failure of data synchronization or timing error.
In order to solve the above technical problems, the main standby synchronous method provided by the invention based on data syn-chronization, including following step
Suddenly:
1) it is interlocked relationship to set active and standby two system;
2) before starting each synchronizing cycle, standby system sends data to principal series;
3) whether synchronously principal series judges the standby coefficient evidence received, and asynchronous mark is exported if asynchronous and sends synchronization
Data export synchronous mark if synchronous and export result of calculation to standby system;
4) standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, standby system's output result of calculation;
If 5), standby system receives the synchrodata that asynchronous mark and principal series are sent, and standby is defeated after synchronous principal series synchrodata
Go out asynchronous mark, do not export checkout result.
Main standby synchronous method of the another kind based on data syn-chronization provided by the invention, it would be desirable to which synchronous data are divided into peace
Total evidence and non-secure data.Secure data includes state value and had influence on safe to calculate by the input in this cycle
The value arrived, such as some quantity of states, time and count value;Non-secure data includes intermediate temporary variable, there is what is postponed and tolerate
Value, such as the value that can be calculated by quantity of state and input, comprise the following steps:
1) it is interlocked relationship to set active and standby two system;
2) data are divided into secure data and non-secure data according to predefined rule;
3) before starting each synchronizing cycle, standby system sends secure data and non-secure data to principal series;
4) principal series judge to receive it is standby be non-secure data whether in default tolerance, if exceeding tolerance
Then export asynchronous mark and send synchrodata to standby system, judgement symbol "Yes" is exported if in tolerance;
5) principal series judge to receive it is standby be whether secure data consistent with principal series secure data, exported not if inconsistent
Synchronous mark simultaneously sends synchrodata to standby system, and judgement symbol "Yes" is exported if consistent;
6) judgement symbol of step 4) and step 5) is subjected to "AND" relation judgement, synchronous mark is then exported if "true",
Asynchronous mark is then exported if "false" and sends synchrodata to standby system;
7) standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, and standby system exports calculating knot simultaneously
Fruit;
If 8), standby system receives the synchrodata that asynchronous mark and principal series are sent, and standby is defeated after synchronous principal series synchrodata
Go out asynchronous mark, do not export result of calculation.
The present invention is used to solve in real-time industrial automation control area because redundancy switching synchrodata amount is big, during the cycle
Between it is short, cause the redundancy switching problem of failure of data synchronization or timing error.The present invention proposes the active and standby synchronization based on data
Method, synchrodata need to only be chosen in the output of each cycle, reduce the size of data volume.The present invention multiplies 2 to adopt in structure
With identical input source, and decided by vote, therefore the input that two systems obtain all is correct.But two systems as a result of
The stringent synchronization of task level is not required between follow-up strategy, that is, two systems, therefore the input of two systems is to allow having time poor,
Avoid and disturbed caused by random fault.And for the data that principal series comes are employed when tying up to asynchronous, accelerate and principal series
It is synchronous, so as to substantially increase the efficiency of state synchronized.Under active and standby system's synchronous regime, because active and standby system is to export calculating knot simultaneously
Fruit, when principal series breaks down, principal series cut-out output, and standby system will rob main success in major state is robbed, and result of calculation is defeated
Go out, so as to reduce the response time of switching.
Brief description of the drawings
The present invention is further detailed explanation with embodiment below in conjunction with the accompanying drawings:
Fig. 1 is that one kind typical 2 multiplies 2oo2 system structure diagrams.
Fig. 2 is a kind of existing active and standby system's operation timing diagram.
Fig. 3 is the schematic diagram one of first embodiment of the invention.
Fig. 4 is the schematic diagram two of first embodiment of the invention.
Fig. 5 is the schematic diagram three of first embodiment of the invention.
Fig. 6 is the schematic diagram four of first embodiment of the invention.
Fig. 7 is the schematic diagram of second embodiment of the invention.
Embodiment
With reference to shown in figure 3, it is divided into two states from the operational mode of system;One is init state;One is operation
State.In init state, internal system does not run service logic but is initialized internal data, and will initialization
Data output.
With reference to shown in figure 4, the state under operation, the software module input of internal system has the input outside this cycle,
The output (including state value) in upper cycle, the output of other modules and the static data of inside.
With reference to shown in figure 5, from analysis above it can be seen that the system realization based on data is the outside according to this cycle
Input and the output (state value and calculated value that include software inhouse) in upper cycle, so as to calculate the result in this cycle.
Active and standby system switching based on data syn-chronization should be since software design stage, and Fig. 1-5 is based on the soft of data flow
Part development process, illustrate the classification of data.Data can be divided into three classes in fact as we can see from the figure:
Static data:The data carried in software, as long as this part ensures that active and standby system's software is identical versions of data, it is
Need not be synchronous;
Input data:The input data of each cycle in real-time system, this part are outside inputs, pass through the voting of outside
Mechanism can ensure that active and standby system obtains the uniformity of input data, therefore also without synchronization;
Output data:Each cycle obtains output data in real-time system, and this part is that software is calculated according to outside input
, because the opportunity handled in software has differences, and some states are continuous, therefore this part is the pass of synchrodata
Key.
Analyzed more than, the selection of synchrodata is output data, including internal state value, calculated value.This portion
Divided data passes through labor, can only need some to be excluded outside synchrodata with regard to that can obtain data according to input value, and
Continuous state value is then safe synchrodata, it is necessary to which accumulative calculated value is then the non-security same step number that can set tolerance
According to.
With reference to shown in figure 6, first embodiment of the invention, including step once:
1) it is interlocked relationship to set active and standby two system;
2) before starting each synchronizing cycle, standby system sends data to principal series;
3) whether synchronously principal series judges the standby coefficient evidence received, and asynchronous mark is exported if asynchronous and sends synchronization
Data export synchronous mark if synchronous and export result of calculation to standby system;
4) standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, and standby system exports calculating knot simultaneously
Fruit;
If 5), standby system receives the synchrodata that asynchronous mark and principal series are sent, and standby is defeated after synchronous principal series synchrodata
Go out asynchronous mark, do not export checkout result.
As shown in fig. 7, second embodiment provided by the invention, comprises the following steps:
1) it is interlocked relationship to set active and standby two system;
2) data are divided into secure data and non-secure data according to predefined rule;
Secure data includes state value and has influence on the safe value that can not be calculated by the input in this cycle, such as
Some quantity of states, time and count value;Non-secure data includes intermediate temporary variable, there is the value of delay and tolerance, such as can be with
The value being calculated by quantity of state and input;
3) before starting each synchronizing cycle, standby system sends secure data and non-secure data to principal series;
4) principal series judge to receive it is standby be non-secure data whether in default tolerance, if exceeding tolerance
Then export asynchronous mark and send synchrodata to standby system, judgement symbol "Yes" is exported if in tolerance;
5) principal series judge to receive it is standby be whether secure data consistent with principal series secure data, exported not if inconsistent
Synchronous mark simultaneously sends synchrodata to standby system, and judgement symbol "Yes" is exported if consistent;
6) judgement symbol of step 4) and step 5) is subjected to "AND" relation judgement, synchronous mark is then exported if "true",
Asynchronous mark is then exported if "false" and sends synchrodata to standby system;
7) standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, and standby system exports calculating knot simultaneously
Fruit;
If 8), standby system receives the synchrodata that asynchronous mark and principal series are sent, and standby is defeated after synchronous principal series synchrodata
Go out asynchronous mark, do not export result of calculation.
The present invention is described in detail above by embodiment and embodiment, but these are not composition pair
The limitation of the present invention.Without departing from the principles of the present invention, those skilled in the art can also make many deformations and change
Enter, these also should be regarded as protection scope of the present invention.
Claims (1)
1. a kind of main standby synchronous method based on data syn-chronization, it is characterized in that, comprise the following steps:
1)It is interlocked relationship to set active and standby two system;
2)Data are divided into secure data and non-secure data according to predefined rule;
3)Before each synchronizing cycle starts, standby system sends secure data and non-secure data to principal series;
4)Principal series judge to receive it is standby be non-secure data whether in default tolerance, if defeated more than if tolerance
Go out asynchronous mark and send synchrodata to standby system, judgement symbol "Yes" is exported if in tolerance;
5)Principal series judge to receive it is standby be whether secure data consistent with principal series secure data, exported if inconsistent asynchronous
Indicate and send synchrodata to standby system, judgement symbol "Yes" is exported if consistent;
6)By step 4)With step 5)Judgement symbol carry out "AND" relation judgement, then export synchronous mark if "true", if
"false" then exports asynchronous mark and sends synchrodata to standby system;
7)Standby system, which exports synchronous mark and exported if synchronous mark is received, robs main mark, and standby system exports result of calculation simultaneously;
8)If standby system receives the synchrodata that asynchronous mark and principal series are sent, standby is to export not after synchronous principal series synchrodata
Synchronous mark, do not export result of calculation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410668432.XA CN104360916B (en) | 2014-11-20 | 2014-11-20 | Main standby synchronous method based on data syn-chronization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410668432.XA CN104360916B (en) | 2014-11-20 | 2014-11-20 | Main standby synchronous method based on data syn-chronization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104360916A CN104360916A (en) | 2015-02-18 |
| CN104360916B true CN104360916B (en) | 2018-01-09 |
Family
ID=52528180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410668432.XA Active CN104360916B (en) | 2014-11-20 | 2014-11-20 | Main standby synchronous method based on data syn-chronization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104360916B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681131B (en) * | 2016-02-26 | 2019-03-05 | 上海富欣智能交通控制有限公司 | Main preparation system and its parallel output method |
| CN108011698B (en) * | 2017-11-13 | 2020-05-22 | 北京全路通信信号研究设计院集团有限公司 | RSSP-I secure communication method based on dual-system synchronization |
| CN109005246B (en) * | 2018-09-12 | 2021-10-01 | 北京国电通网络技术有限公司 | Data synchronization method, device and system |
| CN112445127B (en) * | 2019-08-27 | 2022-03-18 | 北京东土科技股份有限公司 | Redundancy control method of master controller |
| CN111400111B (en) * | 2020-03-12 | 2024-02-27 | 北京交大思诺科技股份有限公司 | Safe computer platform with standby machine out-of-step state |
| CN113050498A (en) * | 2021-03-23 | 2021-06-29 | 北京和利时系统工程有限公司 | Data synchronization method for zone controller in CBTC (communication based train control) system |
| CN113132496B (en) * | 2021-06-17 | 2021-09-07 | 北京全路通信信号研究设计院集团有限公司 | Double-system data synchronization method, device and system of RSSP-I protocol |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192971A (en) * | 2006-11-23 | 2008-06-04 | 中兴通讯股份有限公司 | Detection method for master/slave data consistency |
| CN101917283A (en) * | 2010-07-22 | 2010-12-15 | 北京交通大学 | Two-channel hot standby system and method for realizing two-channel hot standby |
| CN101945002A (en) * | 2009-07-03 | 2011-01-12 | 中兴通讯股份有限公司 | Method and equipment for quickly comparing data of main board with data of standby board |
| CN103841210A (en) * | 2014-03-21 | 2014-06-04 | 上海富欣智能交通控制有限公司 | Adjustable main system and spare system data synchronization method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8930605B2 (en) * | 2010-10-01 | 2015-01-06 | Z124 | Systems and methods for docking portable electronic devices |
-
2014
- 2014-11-20 CN CN201410668432.XA patent/CN104360916B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192971A (en) * | 2006-11-23 | 2008-06-04 | 中兴通讯股份有限公司 | Detection method for master/slave data consistency |
| CN101945002A (en) * | 2009-07-03 | 2011-01-12 | 中兴通讯股份有限公司 | Method and equipment for quickly comparing data of main board with data of standby board |
| CN101917283A (en) * | 2010-07-22 | 2010-12-15 | 北京交通大学 | Two-channel hot standby system and method for realizing two-channel hot standby |
| CN103841210A (en) * | 2014-03-21 | 2014-06-04 | 上海富欣智能交通控制有限公司 | Adjustable main system and spare system data synchronization method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104360916A (en) | 2015-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104360916B (en) | Main standby synchronous method based on data syn-chronization | |
| CN105278516B (en) | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system | |
| CN106627668B (en) | Multiply the two train supervision server systems and control method for taking two frameworks based on two | |
| CN107390511A (en) | For the method for the automated system for running redundancy | |
| CN104268037A (en) | Hot redundancy interlocking subsystem and main and standby switching method thereof | |
| CN102621938A (en) | Triple redundancy control system in process control and method thereof | |
| CN108073105B (en) | Safety P L C device based on heterogeneous dual-processor redundant structure and implementation method | |
| US5572620A (en) | Fault-tolerant voter system for output data from a plurality of non-synchronized redundant processors | |
| CN102955903B (en) | A kind of disposal route of safety critical information of rail transit computer control system | |
| CN109634171B (en) | Dual-core dual-lock-step two-out-of-two framework and safety platform thereof | |
| US20070176732A1 (en) | Redundant automation system comprising a master and a standby automation device | |
| CN105182961B (en) | Four remaining signal monitoring means of votings and equipment | |
| CN103929424B (en) | The treatment of two from three secure data and referee method and its device of software and hardware combining | |
| CN114355760A (en) | Main control station and hot standby redundancy control method thereof | |
| JP7206410B2 (en) | Safety systems and methods of operating safety systems | |
| CN101931519B (en) | Triple-modular redundancy implementation method based on synchronous communication exchange | |
| CN102508745B (en) | Triple-modular redundancy system based on two-stage loose synchronization and realization method thereof | |
| EP3477483B1 (en) | Methods for managing communications involving a lockstep processing system | |
| US20230236551A1 (en) | Method of controlling an automation system having control redundancy, and automation system | |
| CN105573869B (en) | System controller fault tolerant control method based on I2C bus | |
| CN106648998A (en) | Safety computer system based on CMC chip | |
| CN103137227A (en) | Software common mode failure detection system of nuclear power station security level DCS and control method thereof | |
| CN104216329A (en) | Safety control system | |
| JP4558111B2 (en) | Data change method for triple fault tolerant system | |
| JP2006178730A (en) | Safe signal i/f device and duplicated signal input processing method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |