CN105278516A - Double-redundancy switch value PLC control system reliable fault-tolerant controller realization method - Google Patents
Double-redundancy switch value PLC control system reliable fault-tolerant controller realization method Download PDFInfo
- Publication number
- CN105278516A CN105278516A CN201410287669.3A CN201410287669A CN105278516A CN 105278516 A CN105278516 A CN 105278516A CN 201410287669 A CN201410287669 A CN 201410287669A CN 105278516 A CN105278516 A CN 105278516A
- Authority
- CN
- China
- Prior art keywords
- controller
- plc
- fault
- master controller
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a low-cost double-redundancy switch value PLC control system reliable fault-tolerant controller realization method which ensures continuous and reliable operation of the whole system when a main PLC controller fails, and adopts two conventional PLC controllers and a diagnosis decision logic module to form a double-redundancy reliable fault-tolerant controller. The first PLC controller serves as the main controller, and the second PLC controller serves as a standby controller; during normal operation, the main controller controls actual operation action of a controlled object, and the standby controller serves as a hot-standby redundant controller and outputs actual operation action not actually controlling the controlled object and is only used for monitoring the operation of the main controller; when the first PLC controller and an I/O pathway have severe faults, the second PLC controller is switched to be the main controller to maintain the normal operation of the controlled object; and after the PLC controllers having the severe fault recovers, a control flow is switched to serve as the hot-standby redundant controller of the current main controller to monitor the operation of the current main controller.
Description
Technical field
The present invention relates to industrial control unit (ICU) reliability design field, in particular to the implementation method of a kind of pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system.
Background technology
Existing hot backup redundancy safety PLC controller is generally special redundant PLC design proposal, complicated technology realization, and cost is higher, usually needs the Costco Wholesale spending more than irredundant system several times, is suitable for the high reliability demand of large-scale complex control system; Or by increasing special synchronizing redundant module, safe and reliable control can be realized to the CPU module fault of PLC, being difficult to accomplish reliable faults-tolerant control to other outside connected switches amount I/O module and control port fault.
But actual industrial exists a large amount of based on the middle-size and small-size switching value PLC control system of logic control and sequential control, as the control system etc. of engineering machinery, special equipment, packages printing equipment, medium-small hydraulic press equipment.These systems are based on the logic control of switching value, and function is simple, only needs the small PLC of low cost just can obtain desirable controlling functions, but requires that the safe reliability of logical action is higher.If adopt special Safety Redundancy PLC just to seem high cost to them, user is difficult to accept, thus in the urgent need to one, both there is comparatively high safety reliability, and ensured simple normal controlling run, do not need again the reliable fault-tolerant controller of redundancy dropping into high cost.
Summary of the invention
The object of the invention is the implementation method providing a kind of pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system, adopts conventional PLC system and hardwired mixed logic technology, realizes a kind of reliable fault-tolerant controller of hot backup redundancy of low cost.
For reaching above-mentioned purpose, the technical solution adopted in the present invention is as follows:
The implementation method of a kind of pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system, two PLC and a diagnosis decision logic module is adopted to form the reliable fault-tolerant controller of two redundancy, wherein the first PLC is as master controller, second PLC as backup controller, wherein:
1) when normally running, the actual motion action of described main controller controls controlled device, described backup controller is as hot backup redundancy controller, and it exports the actual motion action of not working control controlled device, only for monitoring the operation of master controller; And
2) when the first PLC and I/O path generation catastrophic failure thereof, second PLC switches to master controller, thus maintain the normal operation of controlled device, cut off all output signals of the first PLC that catastrophic failure occurs simultaneously, first PLC and I/O path thereof are logged off, and wherein aforementioned catastrophic failure refers to and can make controller I/O signal generation ANOMALOUS VARIATIONS and cause controlling to continue normal running and needing the fault that processes immediately; And
3) recover in the first PLC of aforementioned generation catastrophic failure or after displacement, cut control flow as the hot backup redundancy controller of current master controller second PLC, monitor the operation of current master controller; And
Described reliable fault-tolerant controller is in conjunction with the scan period of PLC, reliable fault-tolerant controller is defined three kinds of operational modes, be respectively: the normal reliable control model of two redundancies when running, system initially power on run or certain PLC breaks down time synchronous no-harass switch control model and the faults-tolerant control pattern of single PLC, its realization comprises:
1) when normally running, reliable fault-tolerant controller with the scan period of aforementioned master controller and backup controller for synchronous base, a subsynchronous check and correction was carried out before the output refresh operation of each scan period, ensure the consistance of control signal output action beat, described diagnosis decision logic module exports by reality access topworks and controlled device for controlling to only have when non-fault the control of master controller, and this i.e. two reliable control models of redundancy;
2) in the system initial electrification reset operation phase, based on each scan period of PLC, described backup controller is compared computing by the state of fault diagnostic program module to master controller, backup controller of himself and is exported comparative result: when backup controller diagnoses out master controller non-fault and active and standby part controller output signal is inconsistent, it is effectively actual that described diagnosis decision logic module controls to make the control of main controller to export, and put on controlled device, then enter next scan period continuation and run; When backup controller diagnose out master controller, backup controller non-fault and output signal completely the same time, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported and obtains synchronous operation in the next scan period, proceed to the normal reliable control model of two redundancies run; Aforementioned control procedure is synchronous no-harass switch control model;
3) when backup controller and diagnosis decision logic module diagnose out master controller generation catastrophic failure, backup controller is by Real-time Logic change-over switch, with the identity of master controller incision working control, and cut off output channel and the I/O path of the master controller of current generation catastrophic failure, master controller, backup controller is made to realize no-harass switch within the scan period of a PLC, proceed to the faults-tolerant control pattern of single PLC, ensure that whole control system is run continuously.
Further, in preceding method, after described master controller departs from control system, backup controller automatically switches and becomes master controller, performs and controls the output of controlled device, run the faults-tolerant control pattern of single PLC; And
In the starting stage of each PLC scan period, all detect and whether have new backup controller access: if had, then the current PLC as master controller proceeds to synchronous no-harass switch control model; Otherwise the current PLC as master controller ensures by described diagnosis decision logic module the validity that its output channel connects, continue to perform the control action to controlled device, maintain the continuous operation of system.
Further, in preceding method, the internal module fault diagnosis of described master controller is realized at scan period initial time period by the self-diagnostic function of master controller self, diagnostic result by I/O port real-time Transmission to backup controller, the self diagnosis result of master controller and the control of a upper scan period output signal by the fault diagnostic program module in backup controller, carry out integrated logic judgement according to the diagnosis logic of following table 1, whether diagnosis master controller and control thereof output signal abnormal:
Table 1---diagnosis logic
As without exception, then think master controller non-fault; Otherwise, think master controller generation catastrophic failure;
Preceding diagnosis result inputs diagnosis decision logic module again, again carries out fusion judge according to the fault decision logic shown in following table 2:
Table 2---fault decision logic
As without exception, then think that master controller non-fault, its control output signal actual topworks or the controlled device of driving and run; Otherwise, think master controller generation catastrophic failure, by the control output channel of the master controller of the real-time disengagement failure of change-over switch of diagnosis decision logic module, and connect the output channel of backup controller, make it as master controller with faults-tolerant control pattern incision working control, take over the master controller of fault, thus maintenance system is normally run continuously.
Further, in preceding method, adopt hardwired fashion to realize interface between described first PLC, the second PLC with diagnosis decision logic module and be connected.
From the above technical solution of the present invention shows that, the implementation method of the reliable fault-tolerant controller of two Redundanter schalter amount PLC control system proposed by the invention, its remarkable advantage is:
1, conventional PLC module is adopted to form the reliable fault-tolerant controller of PLC with low cost and high reliability, hot backup redundancy and voting formula fault diagnosis mixed logic redundancy are organically combined, the availability of raising system continuous working and safe reliability, do not need special redundant safety module, System's composition is relatively simple, and reliability is high.
2, the intermittent scanning control thought of PLC is utilized, based on scan period Strategy For Synchronization Control, the steady switching of faults-tolerant control restructuring procedure when achieving synchro control computing and the fault of active and standby controller, meet the reliable synchronous coordination demand of small low-cost redundant system, overcome traditional redundancy Reliable Design and must meet the synchronous difficult problem of high precision cpu clock.
3, the hardwired technology of high reliability in industry is combined with the mixed logic monitoring technique of soft and hardware, achieve the PLC fault controller of low cost and high reliability, exceeding under the prerequisite increasing system cost input, improve the high reliability of common middle-size and small-size irredundant PLC control system.
4, in the flow scheme design of PLC faults-tolerant control, propose the strategy of the operational modes such as two reliable control model of redundant PLC, single PLC faults-tolerant control pattern and synchronous no-harass switch pattern, ensure that the no-harass switch of backup controller when the reliable synchronous operation of redundancy fault-tolerant controller and fault, make the fault of whole control system to master controller have complete fault tolerance, realize continuous reliability service.
Accompanying drawing explanation
Fig. 1 is the overall construction drawing of the two reliable fault-tolerant controller of redundant PLC control system of the present invention.
Fig. 2 a be embodiment illustrated in fig. 1 in the first PLC (i.e. PLC1) as the reliable control model flow process of two redundancies of master controller.
Fig. 2 b be embodiment illustrated in fig. 1 in the second PLC (i.e. PLC2) as the reliable control model flow process of two redundancies of backup controller.
Fig. 2 c is single PLC faults-tolerant control model process in Fig. 1 embodiment.
Fig. 2 d be in Fig. 1 embodiment the first PLC (i.e. PLC1) as the synchronous carefree switching control model flow process of master controller.
Fig. 2 e be in Fig. 1 embodiment the second PLC (i.e. PLC2) as the synchronous carefree switching control model flow process of backup controller.
Fig. 3 a is the hardwired schematic diagram in Fig. 1 embodiment between master controller, backup controller and logical circuit.
Fig. 3 b is the hardwired schematic diagram diagnosing decision logic module and master controller, backup controller in Fig. 1 embodiment.
Fig. 3 c is the hardwired schematic diagram diagnosed in Fig. 1 embodiment between decision logic module and load change-over switch SW0.
Embodiment
In order to more understand technology contents of the present invention, institute's accompanying drawings is coordinated to be described as follows especially exemplified by specific embodiment.
In the present embodiment, according to the feature of actual industrial process digital output modul, the contingent fault of PLC be made up of CPU module, power module and switching value I/O module is divided into warning fault and catastrophic failure, warning fault can not interrupt system continuation run, it is eliminated by the self diagnosis error correction of PLC self, can be considered to belong to normal conditions; Catastrophic failure can make controller I/O signal that obvious ANOMALOUS VARIATIONS occurs, and control cannot continue normal running, needs to process in time.PLC self diagnosis module normally stops scanning to the process of catastrophic failure, and Real-time Alarm, disconnects all output, but cannot maintain the continuous operation of system; And cause the catastrophic failure of the external I/O control module output signal ANOMALOUS VARIATIONS of PLC, then need to design corresponding diagnosis fault tolerance and processed.
The implementation method of the reliable fault-tolerant controller of two Redundanter schalter amount PLC control system that the present embodiment proposes, it is the catastrophic failure for PLC, especially switch amount controls the reliable fault-tolerant processing problem of output module abnormal signal fault, provides a kind of method for designing of the reliable fault-tolerant controller of hot backup redundancy PLC of low cost.
The implementation method of a kind of pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system disclosed in the present embodiment, comprising: the general structure design of two redundant PLC fault-tolerant controller, two redundancies of PLC fault-tolerant controller reliably control with the design of synchronous no-harass switch flow process, the fault diagnosis of redundant PLC controller and decision logic designs and the hard-wired interface of reliable fault-tolerant controller designs four parts.
Shown in Fig. 1, Fig. 2 a-2e, describe the enforcement of said method in detail.
One, the general structure design of two redundant PLC fault-tolerant controller
The general structure of the reliable fault-tolerant controller of two redundant PLC control system shown in composition graphs 1, wherein, a kind of two reliable fault-tolerant controller of redundant PLC control system, two PLC and a diagnosis decision logic module is adopted to form the reliable fault-tolerant controller of two redundancy, wherein the first PLC is as master controller, and the second PLC is as backup controller.
As Fig. 1, the middle-size and small-size PLC of two covers that first PLC, the second PLC are specification, model parameter is all identical, it is utilized to build the fault-tolerant controller of hot-standby redundancy each other, as previously mentioned, wherein any one PLC can be specified in advance to be master controller (being designated as PLC1), another is backup controller (being designated as PLC2), thus they structurally have symmetry (as shown in Figure 1).
1) when normally running, the actual motion action of described main controller controls controlled device, described backup controller is as hot backup redundancy controller, and it exports the actual motion action of not working control controlled device, only for monitoring the operation of master controller;
2) when the first PLC and I/O path generation catastrophic failure thereof, second PLC switches to master controller, thus maintain the normal operation of controlled device, cut off all output signals of the first PLC that catastrophic failure occurs simultaneously, first PLC and I/O path thereof are logged off, and wherein aforementioned catastrophic failure refers to and can make controller I/O signal generation ANOMALOUS VARIATIONS and cause controlling to continue normal running and needing the fault that processes immediately; And
3) recover in the first PLC of aforementioned generation catastrophic failure or after displacement, cut control flow as the hot backup redundancy controller of current master controller second PLC, monitor the operation of current master controller; And
Two, two redundancies of PLC fault-tolerant controller reliably control the design with synchronous no-harass switch flow process
Composition graphs 1, and shown in Fig. 2 a-2e, in the implementation method of the present embodiment, the thought of reference standard Redundant Control design, the reliable fault-tolerant controller of the present embodiment is in conjunction with the scan period of PLC, reliable fault-tolerant controller is defined three kinds of operational modes, is respectively: the normal reliable control model of two redundancies when running, system initially power on run or certain PLC breaks down time synchronous no-harass switch control model and the faults-tolerant control pattern of single PLC, its realization comprises:
1) when normally running, reliable fault-tolerant controller with the scan period of aforementioned master controller and backup controller for synchronous base, a subsynchronous check and correction was carried out before the output refresh operation of each scan period, ensure the consistance of control signal output action beat, described diagnosis decision logic module exports by reality access topworks and controlled device for controlling to only have when non-fault the control of master controller, this i.e. two reliable control model of redundancy, thus realize the reliable controlling run of two redundant PLC controller, avoid in traditional Redundancy Design and require to accomplish the difficult problem that cpu clock is synchronous, reduce design complexities,
2) in the system initial electrification reset operation phase, based on each scan period of PLC, described backup controller is compared computing by the state of fault diagnostic program module to master controller, backup controller of himself and is exported comparative result: when backup controller diagnoses out master controller non-fault and active and standby part controller output signal is inconsistent, it is effectively actual that described diagnosis decision logic module controls to make the control of main controller to export, and put on controlled device, then enter next scan period continuation and run; When backup controller diagnose out master controller, backup controller non-fault and output signal completely the same time, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported and obtains synchronous operation in the next scan period, proceed to the normal reliable control model of two redundancies run; Aforementioned control procedure is synchronous no-harass switch control model;
3) when backup controller and diagnosis decision logic module diagnose out master controller generation catastrophic failure, backup controller is by Real-time Logic change-over switch, with the identity of master controller incision working control, and cut off output channel and the I/O path of the master controller of current generation catastrophic failure, master controller, backup controller is made to realize no-harass switch within the scan period of a PLC, proceed to the faults-tolerant control pattern of single PLC, ensure that whole control system is run continuously.
In the present embodiment, after described master controller departs from control system, backup controller automatically switches and becomes master controller, performs and controls the output of controlled device, run the faults-tolerant control pattern of single PLC; And
In the starting stage of each PLC scan period, all detect and whether have new backup controller access: if had, then the current PLC as master controller proceeds to synchronous no-harass switch control model; Otherwise the current PLC as master controller ensures by described diagnosis decision logic module the validity that its output channel connects, continue to perform the control action to controlled device, maintain the continuous operation of system.
Three, the fault diagnosis of redundant PLC controller and decision logic design
In the present embodiment, based on mixed logic strategy, the monitoring of Different periods and disparate modules, diagnostic result are carried out overall treatment, obtain reliable diagnostic result, send into decision logic module and implement diagnosis decision-making, reduce design difficulty and the risk of single diagnosis decision-making module, thus ensure the high reliability of whole controlling run.
In the present embodiment, internal module (as the CPU etc.) fault diagnosis of described master controller is realized at scan period initial time period by the self-diagnostic function of master controller self, diagnostic result by I/O port real-time Transmission to backup controller, the self diagnosis result of master controller and the control of a upper scan period output signal by the fault diagnostic program module in backup controller, carry out integrated logic judgement according to the diagnosis logic of following table 1, whether diagnosis master controller and control thereof output signal abnormal:
Table 1---diagnosis logic
As without exception, then think master controller non-fault; Otherwise, think master controller generation catastrophic failure;
Preceding diagnosis result inputs diagnosis decision logic module again, again carries out fusion judge according to the fault decision logic shown in following table 2:
Table 2---fault decision logic
As without exception, then think that master controller non-fault, its control output signal actual topworks or the controlled device of driving and run; Otherwise, think master controller generation catastrophic failure, by the control output channel of the master controller of the real-time disengagement failure of change-over switch of diagnosis decision logic module, and connect the output channel of backup controller, make it as master controller with faults-tolerant control pattern incision working control, take over the master controller of fault, thus maintenance system is normally run continuously.
Shown in Fig. 1, Fig. 2 a-2e, Fig. 3 a-3c, illustrate the realization of the reliable fault-tolerant controller of two redundant PLC control system of above-described embodiment, wherein the general structure design of the two redundant PLC fault-tolerant controller of switch amount and software program flow chart are respectively as shown in accompanying drawing 1 and accompanying drawing 2a-2e.
By reference to the accompanying drawings 1, as previously mentioned, the middle-size and small-size PLC of two covers that first PLC, the second PLC are specification, model parameter is all identical, it is utilized to build the fault-tolerant controller of hot-standby redundancy each other, as previously mentioned, wherein any one PLC can be specified in advance to be master controller (being designated as PLC1), and another is backup controller (being designated as PLC2), thus they structurally have symmetry (as shown in Figure 1).
Master controller PLC1, backup controller PLC2 can receive feedback signal from controlled device and other input signals from respective input port I2 respectively simultaneously.
The control output signal of master controller PLC1, through port D0, accesses the input end I0 of PLC2 and the input port FI4 of diagnosis decision logic module FDD1 by hardwired technology simultaneously.Like this, under the monitoring of backup controller PLC2 with diagnosis decision logic module FDD1, only have when master controller PLC1 normal non-fault, it controls output signal and could actual driven object run.
The self diagnosis object information of master controller PLC1 is sent in real time through its real-time output port D2, is sent into the real-time input port I1 of backup controller PLC2, for the fault diagnostic program module operation of backup controller PLC2 by hardwired technology.Meanwhile, this signal is also admitted to the input port FI1 of diagnosis decision logic module FDD1, for the control output channel of the actual connection of decision-making.
The fault diagnostic program module of backup controller PLC2 is according to the self diagnosis result from PLC1 sent into from input port I0 and I1 and control output information, diagnostic logic is as shown in appendix 1 adopted to carry out fault diagnosis to master controller PLC1, diagnostic result gives the input port FI3 of diagnosis decision logic module FDD1 through real-time delivery outlet D3, and then drive change-over switch SW0 action, make it connect the control output channel of master controller PLC1 or backup controller PLC2 according to the result of decision, control topworks and object action.
Table 1 backs up the real-time fault diagnosis logical table of PLC2 to main PLC1
Before the output refreshing stage of each scan period, the delivery outlet D4 of backup PLC PLC2 sends real-time synchronization signal to master controller PLC1, the input port I3 of master controller PLC1 receives this synchronizing signal, after PLC1 confirms, namely send real-time synchronization response signal from delivery outlet D1; Equally, after the real-time input port I4 of backup controller PLC2 receives the sync response signal of PLC1, synchronism output is refreshed respective control output signal by active and standby part controller, thus guarantee whole control system with the scan period of PLC for benchmark, the coordinate synchronization realizing active and standby controller is run.
Input port FI1, FI2, FI3 of diagnosis decision logic module FDD1 connect real-time delivery outlet D2, PLC2 of active and standby part PLC self diagnosis result respectively to the real-time delivery outlet D3 of PLC1 fault diagnosis result, input port FI4 with FI5 of diagnosis decision logic module FDD1 is connected the control output signal of active and standby part PLC respectively, change-over switch SW0 according to the result of decision for connecting the path of FI4 or FI5 and delivery outlet FO.
First according to the such as logic shown in subordinate list 2, real time comprehensive judgement is carried out to these three input signals of FI1 ~ FI3 diagnosis decision logic module FDD1 is inner, judged result drives change-over switch SW0 action again, determine that this scan period planted agent connects the output channel of which PLC, run to control practical object.
For the decision logic table of change-over switch SW0 in table 2 Fault Tree Diagnosis Decision logic module (FDD1)
Control flow as shown in figs. 2 a-e, wherein the self diagnosis result of backup controller PLC2 can give PLC1 in real time through its D2 mouth, thus when PLC2 self diagnosis result is catastrophic failure, the faults-tolerant control (see accompanying drawing 2a) to PLC2 can be realized in PLC1.Fault diagnostic program module in the reliable control model of two redundancies of backup controller PLC2 carries out real-time fault diagnosis operation according to logic as shown in appendix 1 to main PLC1, and when also ensure that normal, active and standby part PLC controls the consistance of output signal.The self-diagnostic function that the self diagnosis module of active and standby part PLC is carried by PLC realizes, and its result is used for self fault alarm and fault handling operation, and by corresponding flag data through real-time delivery outlet D2, gives other resume module.Whether simultaneously the signal of two PLC on-line operation is produced by the power-on reset signal of each PLC, can give square controller, and be stored in the zone bit data field of controller CPU module through input port I2.This Status Flag can change according to program service condition and operation operating mode.Running control program module is normally for the program segment of control object action.Finally, the operational mode that active and standby part PLC is different all has corresponding Status Flag data to indicate in flag data memory block, runs so that program circuit calls corresponding control model program segment for different operating mode.
In the present invention, three diagnostic results of diagnosis decision logic module FDD1 to input FI1, FI2, FI3 carry out decision making package, and its decision logic is as shown in subordinate list 2.Decision-making exports connection principle that OUT operates change-over switch SW0 as shown in accompanying drawing 3c.When all there is catastrophic failure in two PLC, triple gate decision-making output can make interrupteur SW 0 be placed in high-impedance state, and while alarm, the output channel of active and standby part controller all disconnects, then the emergent safety of topworks and control object is from/interlocked operation, ensures the security of whole system.
In the implementation method of the reliable fault-tolerant controller of two Redundanter schalter amount PLC control system of the present embodiment, preferred employing hardwired technology realizes interface and connects, namely the first PLC, the second PLC and diagnosis decision logic module between adopt hardwired fashion to realize being connected, hardware isolated technology is adopted to eliminate the different signal disturbing controlled between decision logic module on the one hand, the bumpless transfer between Different Logic level signal can be realized on the other hand, ensure the high reliability of Signal transmissions.
The present embodiment adopt hardwired technology (as shown in Fig. 3 a, 3b, 3c) realize active and standby PLC, diagnosis decision logic module between Signal transmissions and Interface design, while not increasing design complexities, improve the reliability of system.With the transistor types I/O module of PLC and TTL logical circuit for embodiment, accompanying drawing 3a-3c sets forth the illustrative diagram that relevant art realizes.When wherein in accompanying drawing 3c, the output of triple gate logic is 0, driving switch SW0 connects the control path of main PLC1 and load; SW0 is made to connect the control path of backup PLC2 and load when being 1; For representing during high-impedance state that active and standby part PLC catastrophic failure occurs, interrupteur SW 0 disconnects any PLC control loop, and meanwhile, this result sends alerting signal through driver output circuit, performs emergent safe operation to make object.Built in diagnostics TTL logical circuit adopts reliable standard TTL logic device layout, and carry out calculation process according to logical expression shown in subordinate list 2, the result of decision is given triple gate logic and exported.
Although the present invention with preferred embodiment disclose as above, so itself and be not used to limit the present invention.Persond having ordinary knowledge in the technical field of the present invention, without departing from the spirit and scope of the present invention, when being used for a variety of modifications and variations.Therefore, protection scope of the present invention is when being as the criterion depending on those as defined in claim.
Claims (4)
1. the implementation method of two reliable fault-tolerant controller of Redundanter schalter amount PLC control system, it is characterized in that, two PLC and a diagnosis decision logic module is adopted to form the reliable fault-tolerant controller of two redundancy, wherein the first PLC is as master controller, second PLC as backup controller, wherein:
1) when normally running, the actual motion action of described main controller controls controlled device, described backup controller is as hot backup redundancy controller, and it exports the actual motion action of not working control controlled device, only for monitoring the operation of master controller; And
2) when the first PLC and I/O path generation catastrophic failure thereof, second PLC switches to master controller, thus maintain the normal operation of controlled device, cut off all output signals of the first PLC that catastrophic failure occurs simultaneously, first PLC and I/O path thereof are logged off, and wherein aforementioned catastrophic failure refers to and can make controller I/O signal generation ANOMALOUS VARIATIONS and cause controlling to continue normal running and needing the fault that processes immediately; And
3) recover in the first PLC of aforementioned generation catastrophic failure or after displacement, cut control flow as the hot backup redundancy controller of current master controller second PLC, monitor the operation of current master controller; And
Described reliable fault-tolerant controller is in conjunction with the scan period of PLC, reliable fault-tolerant controller is defined three kinds of operational modes, be respectively: the normal reliable control model of two redundancies when running, system initially power on run or certain PLC breaks down time synchronous no-harass switch control model and the faults-tolerant control pattern of single PLC, its realization comprises:
1) when normally running, reliable fault-tolerant controller with the scan period of aforementioned master controller and backup controller for synchronous base, a subsynchronous check and correction was carried out before the output refresh operation of each scan period, ensure the consistance of control signal output action beat, described diagnosis decision logic module exports by reality access topworks and controlled device for controlling to only have when non-fault the control of master controller, and this i.e. two reliable control models of redundancy;
2) in the system initial electrification reset operation phase, based on each scan period of PLC, described backup controller is compared computing by the state of fault diagnostic program module to master controller, backup controller of himself and is exported comparative result: when backup controller diagnoses out master controller non-fault and active and standby part controller output signal is inconsistent, it is effectively actual that described diagnosis decision logic module controls to make the control of main controller to export, and put on controlled device, then enter next scan period continuation and run; When backup controller diagnose out master controller, backup controller non-fault and output signal completely the same time, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported and obtains synchronous operation in the next scan period, proceed to the normal reliable control model of two redundancies run; Aforementioned control procedure is synchronous no-harass switch control model;
3) when backup controller and diagnosis decision logic module diagnose out master controller generation catastrophic failure, backup controller is by Real-time Logic change-over switch, with the identity of master controller incision working control, and cut off output channel and the I/O path of the master controller of current generation catastrophic failure, master controller, backup controller is made to realize no-harass switch within the scan period of a PLC, proceed to the faults-tolerant control pattern of single PLC, ensure that whole control system is run continuously.
2. the implementation method of the according to claim 1 pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system, it is characterized in that, in preceding method, after described master controller departs from control system, backup controller automatically switches and becomes master controller, perform and the output of controlled device is controlled, run the faults-tolerant control pattern of single PLC; And
In the starting stage of each PLC scan period, all detect and whether have new backup controller access: if had, then the current PLC as master controller proceeds to synchronous no-harass switch control model; Otherwise the current PLC as master controller ensures by described diagnosis decision logic module the validity that its output channel connects, continue to perform the control action to controlled device, maintain the continuous operation of system.
3. the implementation method of the according to claim 1 pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system, it is characterized in that, in preceding method, the internal module fault diagnosis of described master controller is realized at scan period initial time period by the self-diagnostic function of master controller self, diagnostic result by I/O port real-time Transmission to backup controller, the self diagnosis result of master controller and the control of a upper scan period output signal by the fault diagnostic program module in backup controller, integrated logic judgement is carried out according to the diagnosis logic of following table 1, whether diagnosis master controller and control thereof output signal abnormal:
Table 1---diagnosis logic
As without exception, then think master controller non-fault; Otherwise, think master controller generation catastrophic failure;
Preceding diagnosis result inputs diagnosis decision logic module again, again carries out fusion judge according to the fault decision logic shown in following table 2:
Table 2---fault decision logic
As without exception, then think that master controller non-fault, its control output signal actual topworks or the controlled device of driving and run; Otherwise, think master controller generation catastrophic failure, by the control output channel of the master controller of the real-time disengagement failure of change-over switch of diagnosis decision logic module, and connect the output channel of backup controller, make it as master controller with faults-tolerant control pattern incision working control, take over the master controller of fault, thus maintenance system is normally run continuously.
4. the implementation method of the according to claim 1 pair of reliable fault-tolerant controller of Redundanter schalter amount PLC control system, it is characterized in that, in preceding method, adopt hardwired fashion to realize interface between described first PLC, the second PLC with diagnosis decision logic module and be connected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410287669.3A CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410287669.3A CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105278516A true CN105278516A (en) | 2016-01-27 |
| CN105278516B CN105278516B (en) | 2017-12-12 |
Family
ID=55147698
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410287669.3A Expired - Fee Related CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105278516B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681131A (en) * | 2016-02-26 | 2016-06-15 | 上海富欣智能交通控制有限公司 | Main-backup system and parallel outputting method thereof |
| CN106125544A (en) * | 2016-07-12 | 2016-11-16 | 浙江众合科技股份有限公司 | A kind of temperature of track switch controller that is applicable to is for redundant system |
| CN106161111A (en) * | 2016-08-31 | 2016-11-23 | 福建省鸿山热电有限责任公司 | A kind of network topological method of two set plasma igniter PLC control system |
| CN106557054A (en) * | 2017-01-05 | 2017-04-05 | 上海泽鑫电力科技股份有限公司 | The system and method that the failure of transformer cooler intelligent controlling device is repaired automatically |
| CN107037732A (en) * | 2017-05-26 | 2017-08-11 | 北京航天新风机械设备有限责任公司 | A kind of aircraft electrical control tolerant system and failure decision-making technique |
| CN107908186A (en) * | 2017-11-07 | 2018-04-13 | 驭势科技(北京)有限公司 | For the method and system for controlling automatic driving vehicle to run |
| CN107942894A (en) * | 2016-10-13 | 2018-04-20 | 中国石油天然气集团公司 | Primary input output sub-module and its diagnostic method, programmable logic controller |
| CN108153195A (en) * | 2017-12-25 | 2018-06-12 | 杭州和利时自动化有限公司 | A kind of controller switching method, device, equipment and computer readable storage medium |
| CN108227603A (en) * | 2016-12-14 | 2018-06-29 | 欧姆龙株式会社 | Control system, control method and computer readable storage medium |
| CN108333928A (en) * | 2018-01-23 | 2018-07-27 | 南京理工大学 | One kind being based on the more Brushless DC Motor Position control method for coordinating of dynamic surface |
| CN108549358A (en) * | 2018-03-28 | 2018-09-18 | 安徽航瑞航空动力装备有限公司 | A kind of redundant manipulator diagnostic system and method based on CAN bus |
| CN108803420A (en) * | 2018-06-02 | 2018-11-13 | 新乡市光明电器有限公司 | Military mobile unit collection control circuit |
| CN109542085A (en) * | 2018-11-26 | 2019-03-29 | 东北大学 | Automation experiment platform flexibility switching device and method with time lag configuration feature |
| WO2019100227A1 (en) * | 2017-11-22 | 2019-05-31 | 贵州智慧能源科技有限公司 | Control system and protection device |
| CN110320799A (en) * | 2019-06-13 | 2019-10-11 | 大连理工大学 | A kind of unperturbed incision fault tolerant control method of Aviation engine actuators failure |
| CN110515295A (en) * | 2019-07-25 | 2019-11-29 | 南京南瑞继保电气有限公司 | A kind of method of the redundancy I/O module of dynamic and configurable |
| CN111580454A (en) * | 2020-06-28 | 2020-08-25 | 山东省计算中心(国家超级计算济南中心) | Safety control method of industrial safety PLC (programmable logic controller) |
| CN112947393A (en) * | 2021-04-12 | 2021-06-11 | 杭州秋瑞自动化科技有限公司 | Diagnosis method of PLC system |
| CN114203483A (en) * | 2021-11-27 | 2022-03-18 | 陕西航空电气有限责任公司 | Method for realizing backup control of aviation contactor |
| CN114428452A (en) * | 2022-04-06 | 2022-05-03 | 成都凯天电子股份有限公司 | Dual-redundancy control device of position detection and retraction control equipment and control method thereof |
| CN115098306A (en) * | 2022-08-03 | 2022-09-23 | 南方电网数字电网研究院有限公司 | Embedded fault-tolerant self-healing structure, method and system applied to power industrial control terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1834929A (en) * | 2005-03-17 | 2006-09-20 | 富士通株式会社 | Information processing apparatus and control method therefor |
| KR20080020807A (en) * | 2006-09-01 | 2008-03-06 | 주식회사 포스콘 | Apparatus and method for plc redundancy |
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN201383095Y (en) * | 2009-04-13 | 2010-01-13 | 西安江河电站技术开发有限责任公司 | PLC redundancy rotation-speed monitoring device |
| KR20120102240A (en) * | 2011-03-08 | 2012-09-18 | 엘에스산전 주식회사 | Redundancy plc system and data synchronization method thereof |
| WO2012128994A1 (en) * | 2011-03-23 | 2012-09-27 | Siemens Corporation | System and method for verification and validation of redundancy software in plc systems |
-
2014
- 2014-06-24 CN CN201410287669.3A patent/CN105278516B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1834929A (en) * | 2005-03-17 | 2006-09-20 | 富士通株式会社 | Information processing apparatus and control method therefor |
| KR20080020807A (en) * | 2006-09-01 | 2008-03-06 | 주식회사 포스콘 | Apparatus and method for plc redundancy |
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN201383095Y (en) * | 2009-04-13 | 2010-01-13 | 西安江河电站技术开发有限责任公司 | PLC redundancy rotation-speed monitoring device |
| KR20120102240A (en) * | 2011-03-08 | 2012-09-18 | 엘에스산전 주식회사 | Redundancy plc system and data synchronization method thereof |
| WO2012128994A1 (en) * | 2011-03-23 | 2012-09-27 | Siemens Corporation | System and method for verification and validation of redundancy software in plc systems |
Non-Patent Citations (3)
| Title |
|---|
| 张登峰: "动态系统的故障检测与诊断研究", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 * |
| 李高杰: "轨道列车智慧门控制系统设计与开发", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 陈加杰: "中型PLC冗余架构研究与同步技术实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681131A (en) * | 2016-02-26 | 2016-06-15 | 上海富欣智能交通控制有限公司 | Main-backup system and parallel outputting method thereof |
| CN105681131B (en) * | 2016-02-26 | 2019-03-05 | 上海富欣智能交通控制有限公司 | Main preparation system and its parallel output method |
| CN106125544A (en) * | 2016-07-12 | 2016-11-16 | 浙江众合科技股份有限公司 | A kind of temperature of track switch controller that is applicable to is for redundant system |
| CN106161111A (en) * | 2016-08-31 | 2016-11-23 | 福建省鸿山热电有限责任公司 | A kind of network topological method of two set plasma igniter PLC control system |
| CN106161111B (en) * | 2016-08-31 | 2019-07-09 | 福建省鸿山热电有限责任公司 | A kind of network topological method of two sets of plasma igniter PLC control systems |
| CN107942894A (en) * | 2016-10-13 | 2018-04-20 | 中国石油天然气集团公司 | Primary input output sub-module and its diagnostic method, programmable logic controller |
| CN107942894B (en) * | 2016-10-13 | 2019-12-10 | 中国石油天然气集团公司 | Main input/output submodule, diagnosis method thereof and editable logic controller |
| CN108227603A (en) * | 2016-12-14 | 2018-06-29 | 欧姆龙株式会社 | Control system, control method and computer readable storage medium |
| CN106557054B (en) * | 2017-01-05 | 2019-01-25 | 上海泽鑫电力科技股份有限公司 | The system and method that the failure of transformer cooler intelligent controlling device is automatically repaired |
| CN106557054A (en) * | 2017-01-05 | 2017-04-05 | 上海泽鑫电力科技股份有限公司 | The system and method that the failure of transformer cooler intelligent controlling device is repaired automatically |
| CN107037732A (en) * | 2017-05-26 | 2017-08-11 | 北京航天新风机械设备有限责任公司 | A kind of aircraft electrical control tolerant system and failure decision-making technique |
| CN107908186A (en) * | 2017-11-07 | 2018-04-13 | 驭势科技(北京)有限公司 | For the method and system for controlling automatic driving vehicle to run |
| WO2019100227A1 (en) * | 2017-11-22 | 2019-05-31 | 贵州智慧能源科技有限公司 | Control system and protection device |
| CN108153195A (en) * | 2017-12-25 | 2018-06-12 | 杭州和利时自动化有限公司 | A kind of controller switching method, device, equipment and computer readable storage medium |
| CN108333928B (en) * | 2018-01-23 | 2020-10-20 | 南京理工大学 | Multi-DC brushless motor position coordination control method based on dynamic surface |
| CN108333928A (en) * | 2018-01-23 | 2018-07-27 | 南京理工大学 | One kind being based on the more Brushless DC Motor Position control method for coordinating of dynamic surface |
| CN108549358A (en) * | 2018-03-28 | 2018-09-18 | 安徽航瑞航空动力装备有限公司 | A kind of redundant manipulator diagnostic system and method based on CAN bus |
| CN108803420A (en) * | 2018-06-02 | 2018-11-13 | 新乡市光明电器有限公司 | Military mobile unit collection control circuit |
| CN108803420B (en) * | 2018-06-02 | 2024-05-10 | 新乡市光明电器有限公司 | Centralized control circuit for military vehicle-mounted equipment |
| CN109542085A (en) * | 2018-11-26 | 2019-03-29 | 东北大学 | Automation experiment platform flexibility switching device and method with time lag configuration feature |
| CN110320799B (en) * | 2019-06-13 | 2021-05-07 | 大连理工大学 | Undisturbed cut-in fault-tolerant control method for faults of aircraft engine actuator |
| CN110320799A (en) * | 2019-06-13 | 2019-10-11 | 大连理工大学 | A kind of unperturbed incision fault tolerant control method of Aviation engine actuators failure |
| CN110515295A (en) * | 2019-07-25 | 2019-11-29 | 南京南瑞继保电气有限公司 | A kind of method of the redundancy I/O module of dynamic and configurable |
| CN111580454B (en) * | 2020-06-28 | 2021-08-20 | 山东省计算中心(国家超级计算济南中心) | Safety control method of industrial safety PLC (programmable logic controller) |
| WO2022000716A1 (en) * | 2020-06-28 | 2022-01-06 | 山东省计算中心(国家超级计算济南中心) | Safety control method for industrial safety plc controller |
| CN111580454A (en) * | 2020-06-28 | 2020-08-25 | 山东省计算中心(国家超级计算济南中心) | Safety control method of industrial safety PLC (programmable logic controller) |
| CN112947393A (en) * | 2021-04-12 | 2021-06-11 | 杭州秋瑞自动化科技有限公司 | Diagnosis method of PLC system |
| CN114203483A (en) * | 2021-11-27 | 2022-03-18 | 陕西航空电气有限责任公司 | Method for realizing backup control of aviation contactor |
| CN114428452A (en) * | 2022-04-06 | 2022-05-03 | 成都凯天电子股份有限公司 | Dual-redundancy control device of position detection and retraction control equipment and control method thereof |
| CN115098306A (en) * | 2022-08-03 | 2022-09-23 | 南方电网数字电网研究院有限公司 | Embedded fault-tolerant self-healing structure, method and system applied to power industrial control terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105278516B (en) | 2017-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105278516A (en) | Double-redundancy switch value PLC control system reliable fault-tolerant controller realization method | |
| CN103647781B (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| US7120820B2 (en) | Redundant control system and control computer and peripheral unit for a control system of this type | |
| US7269465B2 (en) | Control system for controlling safety-critical processes | |
| CN204856062U (en) | Symmetry formula two -node cluster hot backup redundant system | |
| CN102866690B (en) | Redundancy switching method between Redundant process control station in scattered control system | |
| CN108551397A (en) | The communication control method of network bridge device and application and more PLC master stations and more PLC slave stations | |
| CN103901772A (en) | Double-DSP redundancy inertial-platform controller | |
| CN111007790B (en) | Ship damage management monitoring reliability improvement design system and method | |
| CN106627668A (en) | Train monitoring server system based on double-two-out-of-two framework and control method | |
| CN106125544A (en) | A kind of temperature of track switch controller that is applicable to is for redundant system | |
| CN105938356B (en) | The hardware redundancy of control module and operation cadence synchronization system in DCS system | |
| CN110095975A (en) | A kind of redundancy control system | |
| US10386832B2 (en) | Redundant control system for an actuator and method for redundant control thereof | |
| CN202421854U (en) | Triplex level redundancy switching value output module for DCS (data communication system) | |
| JP2009522116A (en) | Device for controlling at least one machine | |
| CN106451404A (en) | Power supply system and power supply configuration method thereof | |
| US20120089749A1 (en) | Network and Method for Operating the Network | |
| CN107479484A (en) | A kind of gas holder control system and method | |
| CN103246266A (en) | Industrial online maintenance-free control system | |
| RU72515U1 (en) | AUTOMATIC CONTROL SYSTEM OF THE GAS-PUMPING UNIT | |
| CN207232735U (en) | A kind of gas holder control system | |
| US10991235B2 (en) | Fire-prevention control unit | |
| CN107463148B (en) | A kind of method of PLC redundancy switching | |
| CN104077205B (en) | A kind of complete Hot Spare alarm equipment based on multiple peripheral hardware and dispatching method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171212 Termination date: 20190624 |