CN105278516B - A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system - Google Patents
A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system Download PDFInfo
- Publication number
- CN105278516B CN105278516B CN201410287669.3A CN201410287669A CN105278516B CN 105278516 B CN105278516 B CN 105278516B CN 201410287669 A CN201410287669 A CN 201410287669A CN 105278516 B CN105278516 B CN 105278516B
- Authority
- CN
- China
- Prior art keywords
- controller
- plc
- control
- master controller
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Safety Devices In Control Systems (AREA)
Abstract
The present invention provides a kind of implementation method of the inexpensive reliable fault-tolerant controller of dual redundant switching value PLC control system, ensure continuous reliability service of the whole system in main PLC failure, it uses two conventional PLCs and one to diagnose decision logic module, form the reliable fault-tolerant controller of dual redundant, first PLC is as master controller, second PLC is as backup controller, in normal operation, the actual motion action of main controller controls controlled device, the backup controller is as hot backup redundancy controller, it exports the actual motion action of unactual control controlled device, it is only used for monitoring the operation of master controller;When catastrophe failure occurs for the first PLC and its I/O paths, the second PLC switches to master controller, maintains the normal operation of controlled device;After the PLC of foregoing generation catastrophe failure is recovered, hot backup redundancy controller of the incision control flow as current master controller, the operation of current master controller is monitored.
Description
Technical field
The present invention relates to industrial control unit (ICU) reliability design field, is controlled in particular to a kind of dual redundant switching value PLC
The implementation method of the reliable fault-tolerant controller of system processed.
Background technology
Existing hot backup redundancy safety PLC controller is generally special redundant PLC design, complicated technology realization, into
This is higher, it usually needs spends Costco Wholesales more than irredundant system several times, the height suitable for large-scale complex control system can
By property demand;Either by increasing special synchronizing redundant module, safety can be realized to the CPU module failure of PLC
Reliable control, it is difficult to which reliable faults-tolerant control is accomplished to other outside connected switch amount I/O modules and control port failure.
But there is the largely middle-size and small-size switching value PLC controls based on logic control and sequential control in actual industrial
System, such as engineering machinery, special equipment, packages printing equipment, the control system of medium-small hydraulic press equipment.These systems with
Based on the logic control of switching value, function is simple, it is only necessary to and inexpensive small PLC is achieved with preferable control function, but
It is required that the security reliability of logical action is higher.Seem cost if using special Safety Redundancy PLC to them
Too high, user is difficult to receive, hence it is imperative that a kind of both had compared with high safety reliability, ensures simple normal control fortune
OK, it is not required to put into the reliable fault-tolerant controller of redundancy of high cost again.
The content of the invention
Present invention aims at provide a kind of realization side of the reliable fault-tolerant controller of dual redundant switching value PLC control system
Method, using conventional PLC system and hardwired mixed logic technology, realize a kind of reliable faults-tolerant control of inexpensive hot backup redundancy
Device.
To reach above-mentioned purpose, the technical solution adopted in the present invention is as follows:
A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system, using two PLCs
The reliable fault-tolerant controller of dual redundant is formed with a diagnosis decision logic module, wherein the first PLC is as master controller,
Second PLC as backup controller, wherein:
1) in normal operation, the actual motion action of the main controller controls controlled device, the backup controller
As hot backup redundancy controller, it exports the actual motion action of unactual control controlled device, is only used for monitoring master controller
Operation;And
2) when catastrophe failure occurs for the first PLC and its I/O paths, the second PLC switches to main control
Device, so as to maintain the normal operation of controlled device, while cut off all outputs letter for the first PLC that catastrophe failure occurs
Number so that the first PLC and its I/O paths log off, wherein foregoing catastrophe failure refers to that controller I/O signals can be made
Anomalous variation occurs and causes the failure that control can not continue normal operating and needs immediately treat;
3) after the first PLC of foregoing generation catastrophe failure is recovered or replaced, incision control flow is as current
The hot backup redundancy controller of the PLC of master controller second, monitors the operation of current master controller;
The scan period of the reliable fault-tolerant controller combination PLC, reliable fault-tolerant controller is defined into three kinds of fortune
Row mode, it is respectively:The reliable control model of dual redundant, the operation of system initial power-on or some PLC during normal operation
The faults-tolerant control pattern of synchronous no-harass switch control model and single PLC when breaking down, its realization include:
1) in normal operation, reliable fault-tolerant controller is same using the scan period of foregoing master controller and backup controller
Benchmark is walked, a subsynchronous check and correction is carried out before the output refresh operation of each scan period, ensures control signal output action
The uniformity of beat, the diagnosis decision logic module are used to control the control for there was only master controller in fault-free to export by reality
Executing agency and controlled device are accessed in border, and this is the reliable control model of dual redundant;
2) operation phase, each scan period based on PLC, the Standby control are resetted in system initial power-on
Device is compared computing to the state of master controller, backup controller by the fault diagnostic program module of its own and exports ratio
Relatively result:It is described to examine when backup controller is diagnosed to be master controller fault-free and active and standby part controller output signal is inconsistent
It is actually active that disconnected decision logic module control exports the control of main controller, and puts on controlled device, subsequently under
One scan period continues to run with;When backup controller, to be diagnosed to be master controller, backup controller fault-free and output signal complete
When complete consistent, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported in next scanning
Cycle obtains simultaneously operating, is transferred to the reliable control model of dual redundant of normal operation;Foregoing control process is that synchronous unperturbed is cut
Change control model;
3) when backup controller and diagnosis decision logic module are diagnosed to be master controller, and catastrophe failure occurs, Standby control
Device is switched by Real-time Logic to be switched, and actual control is cut with the identity of master controller, and cuts off current generation catastrophe failure
The output channel and I/O paths of master controller, make master controller, backup controller within the scan period of a PLC
No-harass switch is realized, is transferred to the faults-tolerant control pattern of single PLC, ensures that whole control system is continuously run.
Further, in preceding method, after the master controller departs from control system, backup controller automatically switches and turned into
Master controller, the output control to controlled device is performed, run the faults-tolerant control pattern of single PLC;
In the starting stage of each PLC scan period, new backup controller access is detected whether:If
Have, then the current PLC as master controller is transferred to synchronous no-harass switch control model;Otherwise, currently as main control
The PLC of device ensures the validity of its output channel connection by the diagnosis decision logic module, continues executing with to quilt
The control action of object is controlled, maintains the continuous operation of system.
Further, in preceding method, the internal module fault diagnosis of the master controller by master controller itself from
Diagnostic function realizes that diagnostic result is by I/O ports real-time Transmission to backup controller, Standby control in scan period initial time period
Fault diagnostic program module in device pressed the self diagnosis result of master controller and the control output signal of a upper scan period
Integrated logic judgement is carried out according to the diagnosis logic of table 1 below, master controller is diagnosed and its whether control output signal is different
Often:
Table 1 --- diagnosis logic
It is such as without exception, then it is assumed that master controller fault-free;Otherwise it is assumed that catastrophe failure occurs for master controller;
Preceding diagnosis result inputs diagnosis decision logic module again, according to the failure decision logic shown in table 2 below again
Carry out fusion judgement:
Table 2 --- failure decision logic
It is such as without exception, then it is assumed that master controller fault-free, it controls the actual driving executing agency of output signal or controlled pair
As operation;Otherwise it is assumed that catastrophe failure occurs for master controller, real-time disengagement failure is switched by the switching of diagnosis decision logic module
Master controller control output channel, and connect the output channel of backup controller, make it as master controller with fault-tolerant control
The actual control of molding formula incision, the master controller of failure is taken over, so as to maintain system normally continuously to run.
Further, in preceding method, first PLC, the second PLC and diagnosis decision logic module
Between using hardwired fashion realize interface connect.
From the above technical solution of the present invention shows that, dual redundant switching value PLC control system proposed by the invention is reliable
The implementation method of fault-tolerant controller, its remarkable advantage are:
1st, the reliable fault-tolerant controllers of PLC with low cost and high reliability are formed using conventional PLC module, by hot backup redundancy
Organically combined with voting formula fault diagnosis mixed logic redundancy, the availability and security reliability that raising system continuously works, no
Special redundant safety module is needed, system forms relatively easy, reliability height.
2nd, using PLC intermittent scanning control thought, based on scan period Strategy For Synchronization Control, active and standby control is realized
The steady switching of faults-tolerant control restructuring procedure when the Synchronization Control computing of device and failure, meeting small low-cost redundant system can
The synchronous coordination demand leaned on, overcome traditional redundancy Reliable Design and must be fulfilled for the synchronous problem of high-precision cpu clock.
3rd, the hardwired technology of high reliability in industry is combined with the mixed logic monitoring technology of soft and hardware, realized
The PLC fault controllers of low cost and high reliability, on the premise of system cost input is not increased excessively, improve general
Lead to the high reliability of middle-size and small-size irredundant PLC control system.
4th, in the flow scheme design of PLC faults-tolerant controls, it is proposed that the reliable control models of dual redundant PLC, single PLC faults-tolerant controls
The strategy of the operational mode such as pattern and synchronous no-harass switch pattern, it ensure that redundancy fault-tolerant controller reliably synchronous operation and event
The no-harass switch of backup controller during barrier, make whole control system that there is complete fault tolerance to the failure of master controller, it is real
Now continuous reliability service.
Brief description of the drawings
Fig. 1 is the overall construction drawing of the reliable fault-tolerant controller of dual redundant PLC control system of the present invention.
Fig. 2 a are that the first PLC (i.e. PLC1) is reliably controlled as the dual redundant of master controller in embodiment illustrated in fig. 1
Model process processed.
Fig. 2 b are that the second PLC (i.e. PLC2) is reliable as the dual redundant of backup controller in embodiment illustrated in fig. 1
Control model flow.
Fig. 2 c are single PLC faults-tolerant controls model process in Fig. 1 embodiments.
Fig. 2 d are synchronization carefree switching control of the first PLC (i.e. PLC1) as master controller in Fig. 1 embodiments
Model process.
Fig. 2 e are synchronization carefree switching control of the second PLC (i.e. PLC2) as backup controller in Fig. 1 embodiments
Model process processed.
Fig. 3 a are the hardwired schematic diagram between master controller, backup controller and logic circuit in Fig. 1 embodiments.
Fig. 3 b are that decision logic module and master controller, the hardwired schematic diagram of backup controller are diagnosed in Fig. 1 embodiments.
Fig. 3 c are that the hardwired schematic diagram between decision logic module and load switching switch SW0 is diagnosed in Fig. 1 embodiments.
Embodiment
In order to know more about the technology contents of the present invention, especially exemplified by specific embodiment and institute's accompanying drawings are coordinated to be described as follows.
In the present embodiment, according to the characteristics of actual industrial process digital output modul, will by CPU module, power module and
The failure that the PLC of switching value I/O modules composition may occur is divided into warning failure and catastrophe failure, and warning failure will not
Interruption system is continued to run with, and it can be eliminated by PLC itself self diagnosis error correction, can be considered to belong to positive reason
Shape;Catastrophe failure can make controller I/O signals that obvious anomalous variation occur, and control can not continue normal operating, it is necessary in time
Processing.Processing of the PLC self diagnosis module to catastrophe failure is generally off scanning, Real-time Alarm, disconnects all outputs, but
It is unable to maintain that the continuous operation of system;And cause the catastrophe failure of PLC external I/O control modules output signal anomalous variation,
Then need to design diagnosis fault tolerance accordingly to be acted upon.
The implementation method for the reliable fault-tolerant controller of dual redundant switching value PLC control system that the present embodiment proposes, is to be directed to
The reliable fault-tolerant processing of the catastrophe failure of PLC controllers, especially switch amount control output module abnormal signal failure is asked
A kind of topic, there is provided design method of the inexpensive reliable fault-tolerant controllers of hot backup redundancy PLC.
A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system disclosed in the present embodiment, bag
Include:The general structure design of dual redundant PLC fault-tolerant controllers, the dual redundant of PLC fault-tolerant controllers reliably control and synchronous unperturbed
The design of switching flow, the fault diagnosis of redundant PLC controller design with decision logic and the hard of reliable fault-tolerant controller connects
Line interface designs four parts.
With reference to Fig. 1, shown in Fig. 2 a-2e, the implementation of the above method is described in detail.
First, the general structure design of dual redundant PLC fault-tolerant controllers
The general structure of the reliable fault-tolerant controller of dual redundant PLC control system with reference to shown in Fig. 1, wherein, it is a kind of double superfluous
The remaining reliable fault-tolerant controller of PLC control systems, dual redundant is formed using two PLCs and a diagnosis decision logic module
Reliable fault-tolerant controller, wherein the first PLC, as master controller, the second PLC is as backup controller.
Such as Fig. 1, the first PLC, the second PLC are specification, two sets of middle-size and small-size PLC of model parameter all same
Controller, using the fault-tolerant controller of its structure hot-standby redundancy each other, as it was previously stated, can specify in advance wherein any one
PLC is master controller (being designated as PLC1), and another is backup controller (being designated as PLC2), so as to they in structure have pair
Title property (as shown in Figure 1).
1) in normal operation, the actual motion action of the main controller controls controlled device, the backup controller
As hot backup redundancy controller, it exports the actual motion action of unactual control controlled device, is only used for monitoring master controller
Operation;
2) when catastrophe failure occurs for the first PLC and its I/O paths, the second PLC switches to main control
Device, so as to maintain the normal operation of controlled device, while cut off all outputs letter for the first PLC that catastrophe failure occurs
Number so that the first PLC and its I/O paths log off, wherein foregoing catastrophe failure refers to that controller I/O signals can be made
Anomalous variation occurs and causes the failure that control can not continue normal operating and needs immediately treat;
3) after the first PLC of foregoing generation catastrophe failure is recovered or replaced, incision control flow is as current
The hot backup redundancy controller of the PLC of master controller second, monitors the operation of current master controller.
2nd, the dual redundant of PLC fault-tolerant controllers reliably controls the design with synchronous no-harass switch flow
With reference to Fig. 1, and shown in Fig. 2 a-2e, in the implementation method of the present embodiment, the think of of standard Redundant Control design is used for reference
Think, the scan period of the reliable fault-tolerant controller combination PLC of the present embodiment, reliable fault-tolerant controller is defined into three kinds of fortune
Row mode, it is respectively:The reliable control model of dual redundant, the operation of system initial power-on or some PLC during normal operation
The faults-tolerant control pattern of synchronous no-harass switch control model and single PLC when breaking down, its realization include:
1) in normal operation, reliable fault-tolerant controller is same using the scan period of foregoing master controller and backup controller
Benchmark is walked, a subsynchronous check and correction is carried out before the output refresh operation of each scan period, ensures control signal output action
The uniformity of beat, the diagnosis decision logic module are used to control the control for there was only master controller in fault-free to export by reality
Executing agency and controlled device are accessed in border, and this is the reliable control model of dual redundant, so as to realize the reliable of dual redundant PLC
Control operation, avoid and require to accomplish the problem that cpu clock is synchronous in traditional Redundancy Design, reduce design complexities;
2) operation phase, each scan period based on PLC, the Standby control are resetted in system initial power-on
Device is compared computing to the state of master controller, backup controller by the fault diagnostic program module of its own and exports ratio
Relatively result:It is described to examine when backup controller is diagnosed to be master controller fault-free and active and standby part controller output signal is inconsistent
It is actually active that disconnected decision logic module control exports the control of main controller, and puts on controlled device, subsequently under
One scan period continues to run with;When backup controller, to be diagnosed to be master controller, backup controller fault-free and output signal complete
When complete consistent, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported in next scanning
Cycle obtains simultaneously operating, is transferred to the reliable control model of dual redundant of normal operation;Foregoing control process is that synchronous unperturbed is cut
Change control model;
3) when backup controller and diagnosis decision logic module are diagnosed to be master controller, and catastrophe failure occurs, Standby control
Device is switched by Real-time Logic to be switched, and actual control is cut with the identity of master controller, and cuts off current generation catastrophe failure
The output channel and I/O paths of master controller, make master controller, backup controller within the scan period of a PLC
No-harass switch is realized, is transferred to the faults-tolerant control pattern of single PLC, ensures that whole control system is continuously run.
In the present embodiment, after the master controller departs from control system, backup controller is automatically switched into as master controller,
The output control to controlled device is performed, runs the faults-tolerant control pattern of single PLC;
In the starting stage of each PLC scan period, new backup controller access is detected whether:If
Have, then the current PLC as master controller is transferred to synchronous no-harass switch control model;Otherwise, currently as main control
The PLC of device ensures the validity of its output channel connection by the diagnosis decision logic module, continues executing with to quilt
The control action of object is controlled, maintains the continuous operation of system.
3rd, the fault diagnosis of redundant PLC controller and decision logic design
In the present embodiment, based on mixed logic strategy, the monitoring of different periods and disparate modules, diagnostic result are carried out comprehensive
Conjunction is handled, and obtains reliable diagnostic result, is sent into decision logic module and is implemented diagnosis decision-making, reduces single diagnosis decision-making module
Design difficulty and risk, so as to ensure the high reliability of whole control operation.
In the present embodiment, internal module (such as CPU) fault diagnosis of the master controller by master controller itself from
Diagnostic function realizes that diagnostic result is by I/O ports real-time Transmission to backup controller, Standby control in scan period initial time period
Fault diagnostic program module in device pressed the self diagnosis result of master controller and the control output signal of a upper scan period
Integrated logic judgement is carried out according to the diagnosis logic of table 1 below, master controller is diagnosed and its whether control output signal is abnormal:
Table 1 --- diagnosis logic
It is such as without exception, then it is assumed that master controller fault-free;Otherwise it is assumed that catastrophe failure occurs for master controller;
Preceding diagnosis result inputs diagnosis decision logic module again, according to the failure decision logic shown in table 2 below again
Carry out fusion judgement:
Table 2 --- failure decision logic
It is such as without exception, then it is assumed that master controller fault-free, it controls the actual driving executing agency of output signal or controlled pair
As operation;Otherwise it is assumed that catastrophe failure occurs for master controller, real-time disengagement failure is switched by the switching of diagnosis decision logic module
Master controller control output channel, and connect the output channel of backup controller, make it as master controller with fault-tolerant control
The actual control of molding formula incision, the master controller of failure is taken over, so as to maintain system normally continuously to run.
With reference to shown in Fig. 1, Fig. 2 a-2e, Fig. 3 a-3c, the dual redundant PLC control system of above-described embodiment is illustrated
The general structure design and software program of the realization, wherein switch amount dual redundant PLC fault-tolerant controllers of reliable fault-tolerant controller
Flow chart is respectively as shown in accompanying drawing 1 and accompanying drawing 2a-2e.
With reference to accompanying drawing 1, as it was previously stated, the first PLC, the second PLC are specification, model parameter all same
Two sets of middle-size and small-size PLCs, the fault-tolerant controller of hot-standby redundancy each other is built using it, as it was previously stated, can specify in advance
Wherein any one PLC is master controller (being designated as PLC1), and another is backup controller (being designated as PLC2), so as to which they are being tied
There is symmetry (as shown in Figure 1) on structure.
Master controller PLC1, backup controller PLC2 can receive from controlled pair simultaneously from respective input port I2 respectively
The feedback signal of elephant and other input signals.
Master controller PLC1 control output signal accesses PLC2 input by hardwired technology through port D0 simultaneously
I0 and diagnosis decision logic module FDD1 input port FI4.So, in backup controller PLC2 and diagnosis decision logic mould
Under block FDD1 monitoring, only when master controller PLC1 normal non-faults, it controls output signal could actual driven object
Operation.
Master controller PLC1 self diagnosis object information is sent out in real time through its real-time output port D2, is sent by hardwired technology
Enter backup controller PLC2 real-time input port I1, the fault diagnostic program module for backup controller PLC2 operates.Together
When, the signal is also fed to diagnosis decision logic module FDD1 input port FI1, leads to for the actual control output connected of decision-making
Road.
Backup controller PLC2 fault diagnostic program module according to from input port I0 and I1 be sent into from PLC1 from
Diagnostic result and its control output information, fault diagnosis is carried out to master controller PLC1 using diagnostic logic as shown in appendix 1,
Diagnostic result gives diagnosis decision logic module FDD1 input port FI3 through real-time delivery outlet D3, and then drives switching switch SW0
Action, makes it connect master controller PLC1 or backup controller PLC2 control output channel according to the result of decision, and control performs
Mechanism and object action.
Real-time fault diagnosis logical tables of the backup PLC2 of table 1 to main PLC1
Before the output refreshing stage of each scan period, backup PLC PLC2 delivery outlet D4 is to main control
Device PLC1 sends real-time synchronization signal, and master controller PLC1 input port I3 receives the synchronizing signal, after PLC1 confirms i.e. from
Delivery outlet D1 sends real-time synchronization response signal;Equally, backup controller PLC2 real-time input port I4 receives the same of PLC1
After walking response signal, synchronism output is refreshed respective control output signal by active and standby part controller, so that it is guaranteed that whole control system
System realizes the coordinate synchronization operation of active and standby controller on the basis of PLC scan period.
Diagnosis decision logic module FDD1 input port FI1, FI2, FI3 connects active and standby part PLC self diagnosis respectively
As a result real-time delivery outlet D2, PLC2 is to the real-time delivery outlet D3 of PLC1 fault diagnosis results, diagnosis decision logic module FDD1
Input port FI4 and FI5 connect active and standby part PLC control output signal respectively, switching switch SW0 is used for according to the result of decision
Connect FI4 or FI5 and delivery outlet FO path.
First to FI1~FI3 these three input signals according to as shown in subordinate list 2 inside diagnosis decision logic module FDD1
Logic carry out real time comprehensive judgement, judged result drive again switching switch SW0 action, determine scan period planted agent connect which
The output channel of individual PLC, to control practical object to run.
It is used for the decision logic table for switching switch SW0 in the Fault Tree Diagnosis Decision logic module (FDD1) of table 2
The self diagnosis result of control flow as shown in figs. 2 a-e, wherein backup controller PLC2 can be real-time through its D2 mouth
Give PLC1, so as to when PLC2 self diagnosis result be catastrophe failure, in PLC1 it is achievable to PLC2 faults-tolerant control (see
Accompanying drawing 2a).Fault diagnostic program module in the backup controller PLC2 reliable control model of dual redundant is according to as shown in appendix 1
Logic real-time fault diagnosis operation is carried out to main PLC1, active and standby part PLC control output signal is consistent when also ensure that normal
Property.The self-diagnostic function that the self diagnosis module of active and standby part PLC is carried by PLC realizes that its result is used for the failure of itself
Alarm and fault handling operation, and give other resume modules through real-time delivery outlet D2 by corresponding flag data.Two
PLC whether simultaneously on-line operation signal by each PLC power-on reset signal produce, other side's control can be given through input port I2
Device, and be stored in the flag bit data field of controller CPU module.The Status Flag can be according to program service condition and operative employee
Condition changes.Operation control program module is the normal program segment for control object action.Finally, active and standby part PLC is different
Operational mode there are corresponding Status Flag data to indicate in flag data memory block, so that program circuit is directed to different operating modes
Corresponding control model program segment is called to run.
In the present invention, diagnosis decision logic module FDD1 integrates to three diagnostic results for inputting FI1, FI2, FI3
Decision-making, its decision logic is as shown in subordinate list 2.Decision-making exports connection principle such as accompanying drawing 3c institutes of the OUT to switching switch SW0 operations
Show.When all catastrophe failure occurs for two PLCs, triple gate decision-making output can make switch SW0 be placed in high-impedance state, accuse
While alert, the output channel of active and standby part controller disconnects, then the emergent safety of executing agency and control object is from/interlocking
Operation, ensure the security of whole system.
In the implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system of the present embodiment, it is preferred to use
Hardwired technology realizes that interface connects, i.e. is adopted between the first PLC, the second PLC and diagnosis decision logic module
Realized and connected with hardwired fashion, the letter between different controls and decision logic module is on the one hand eliminated using hardware isolated technology
Number interference, on the other hand can be achieved the bumpless transfer between Different Logic level signal, ensures the high reliability of signal transmission.
The present embodiment realizes that active and standby PLC, diagnosis decision-making are patrolled using hardwired technology (as shown in Fig. 3 a, 3b, 3c)
Signal transmission and the Interface design between module are collected, while design complexities are not increased, improves the reliability of system.With
PLC transistor types I/O modules and TTL logic circuits is embodiment, and accompanying drawing 3a-3c sets forth relevant art realization
Illustrative diagram.When the output of tri-state gate logic is 0 in wherein accompanying drawing 3c, the main PLC1 of driving switch SW0 connections and the control of load
Path processed;For 1 when make SW0 connection backup PLC2 with load control access;To represent that active and standby part PLC occurs during high-impedance state
Catastrophe failure, switch SW0 disconnect any PLC control loops, meanwhile, the result sends alarm signal through driving output circuit,
So that object performs emergent safety operation.Built in diagnostics TTL logic circuits use reliable standard TTL logic device designs, press
Calculation process is carried out according to logical expression shown in subordinate list 2, the result of decision gives the output of tri-state gate logic.
Although the present invention is disclosed above with preferred embodiment, so it is not limited to the present invention.Skill belonging to the present invention
Has usually intellectual in art field, without departing from the spirit and scope of the present invention, when can be used for a variety of modifications and variations.Cause
This, the scope of protection of the present invention is defined by those of the claims.
Claims (4)
1. a kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system, using two PLCs and
One diagnosis decision logic module forms the reliable fault-tolerant controller of dual redundant, wherein the first PLC is as master controller, the
Two PLCs are as backup controller, it is characterised in that wherein:
1) in normal operation, the actual motion action of the main controller controls controlled device, the backup controller conduct
Hot backup redundancy controller, it exports the actual motion action of unactual control controlled device, is only used for monitoring the fortune of master controller
OK;And
2) when catastrophe failure occurs for the first PLC and its I/O paths, the second PLC switches to master controller, from
And the normal operation of controlled device is maintained, while all output signals for the first PLC that catastrophe failure occurs are cut off, make
Obtain the first PLC and its I/O paths log off, wherein foregoing catastrophe failure refers to controller I/O signals can occur
Anomalous variation and cause control can not continue normal operating and failure that needs immediately treat;And
3) after the first PLC of foregoing generation catastrophe failure is recovered or replaced, incision control flow is as current master control
The hot backup redundancy controller of the PLC of device second processed, monitors the operation of current master controller;And
The scan period of the reliable fault-tolerant controller combination PLC, reliable fault-tolerant controller is defined into three kinds of operation moulds
Formula, it is respectively:The reliable control model of dual redundant, the operation of system initial power-on or some PLC during normal operation occur
The faults-tolerant control pattern of synchronous no-harass switch control model and single PLC during failure, its realization include:
1) in normal operation, reliable fault-tolerant controller is using the scan period of foregoing master controller and backup controller as synchronous base
Standard, a subsynchronous check and correction is carried out before the output refresh operation of each scan period, ensure control signal output action beat
Uniformity, it is described diagnosis decision logic module be used for control only have in fault-free master controller control output actually connect
Enter executing agency and controlled device, this is the reliable control model of dual redundant;
2) operation phase is resetted in system initial power-on, each scan period based on PLC, the backup controller leads to
Cross the fault diagnostic program module of its own and computing is compared to the state of master controller, backup controller and is exported and compare knot
Fruit:When backup controller is diagnosed to be master controller fault-free and active and standby part controller output signal is inconsistent, the diagnosis is determined
It is actually active that the control of plan logic module exports the control of main controller, and puts on controlled device, subsequently into next
Scan period continues to run with;When backup controller is diagnosed to be master controller, backup controller fault-free and output signal complete one
During cause, then backup controller sends synchronizing signal, the control of master controller, backup controller is exported in next scan period
Simultaneously operating is obtained, is transferred to the reliable control model of dual redundant of normal operation;Foregoing control process is synchronous no-harass switch control
Molding formula;
3) when backup controller and diagnosis decision logic module are diagnosed to be master controller, and catastrophe failure occurs, backup controller leads to
Real-time Logic switching switch is crossed, with the actual control of identity incision of master controller, and cuts off the current master control that catastrophe failure occurs
The output channel and I/O paths of device processed, make master controller, backup controller be realized within the scan period of a PLC
No-harass switch, the faults-tolerant control pattern of single PLC is transferred to, ensures that whole control system is continuously run.
2. the implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system according to claim 1, it is special
Sign is, in preceding method, after the master controller departs from control system, backup controller is automatically switched into as master controller,
The output control to controlled device is performed, runs the faults-tolerant control pattern of single PLC;And
In the starting stage of each PLC scan period, new backup controller access is detected whether:If so,
Then the current PLC as master controller is transferred to synchronous no-harass switch control model;Otherwise, it is current as master controller
PLC ensures the validity of its output channel connection by the diagnosis decision logic module, continues executing with to controlled pair
The control action of elephant, maintain the continuous operation of system.
3. the implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system according to claim 1, it is special
Sign is, in preceding method, the internal module fault diagnosis of the master controller is existed by the self-diagnostic function of master controller itself
Scan period initial time period realizes, diagnostic result by I/O ports real-time Transmission to backup controller, the failure in backup controller
Diagnostic program module is by the control output signal of the self diagnosis result of master controller and a upper scan period, according to table 1 below
Diagnosis logic carry out integrated logic judgement, diagnose master controller and its whether control output signal abnormal:
Table 1 --- diagnosis logic
It is such as without exception, then it is assumed that master controller fault-free;Otherwise it is assumed that catastrophe failure occurs for master controller;
Preceding diagnosis result inputs diagnosis decision logic module again, is carried out again according to the failure decision logic shown in table 2 below
Fusion judges:
Table 2 --- failure decision logic
It is such as without exception, then it is assumed that master controller fault-free, it controls the actual driving executing agency of output signal or controlled device fortune
OK;Otherwise it is assumed that catastrophe failure occurs for master controller, the master of real-time disengagement failure is switched by the switching of diagnosis decision logic module
The control output channel of controller, and the output channel of backup controller is connected, make it as master controller with faults-tolerant control mould
The actual control of formula incision, the master controller of failure is taken over, so as to maintain system normally continuously to run.
4. the implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system according to claim 1, it is special
Sign is, in preceding method, using hard between first PLC, the second PLC and diagnosis decision logic module
Connection mode realizes that interface connects.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410287669.3A CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410287669.3A CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105278516A CN105278516A (en) | 2016-01-27 |
| CN105278516B true CN105278516B (en) | 2017-12-12 |
Family
ID=55147698
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410287669.3A Expired - Fee Related CN105278516B (en) | 2014-06-24 | 2014-06-24 | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105278516B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681131B (en) * | 2016-02-26 | 2019-03-05 | 上海富欣智能交通控制有限公司 | Main preparation system and its parallel output method |
| CN106125544A (en) * | 2016-07-12 | 2016-11-16 | 浙江众合科技股份有限公司 | A kind of temperature of track switch controller that is applicable to is for redundant system |
| CN106161111B (en) * | 2016-08-31 | 2019-07-09 | 福建省鸿山热电有限责任公司 | A kind of network topological method of two sets of plasma igniter PLC control systems |
| CN107942894B (en) * | 2016-10-13 | 2019-12-10 | 中国石油天然气集团公司 | Main input/output submodule, diagnosis method thereof and editable logic controller |
| JP6834446B2 (en) * | 2016-12-14 | 2021-02-24 | オムロン株式会社 | Control system, control program and control method |
| CN106557054B (en) * | 2017-01-05 | 2019-01-25 | 上海泽鑫电力科技股份有限公司 | The system and method that the failure of transformer cooler intelligent controlling device is automatically repaired |
| CN107037732A (en) * | 2017-05-26 | 2017-08-11 | 北京航天新风机械设备有限责任公司 | A kind of aircraft electrical control tolerant system and failure decision-making technique |
| CN107908186B (en) * | 2017-11-07 | 2021-07-02 | 驭势科技(北京)有限公司 | Method and system for controlling operation of unmanned vehicle |
| WO2019100227A1 (en) * | 2017-11-22 | 2019-05-31 | 贵州智慧能源科技有限公司 | Control system and protection device |
| CN108153195B (en) * | 2017-12-25 | 2020-11-27 | 杭州和利时自动化有限公司 | Controller switching method, device, equipment and computer readable storage medium |
| CN108333928B (en) * | 2018-01-23 | 2020-10-20 | 南京理工大学 | Multi-DC brushless motor position coordination control method based on dynamic surface |
| CN108549358A (en) * | 2018-03-28 | 2018-09-18 | 安徽航瑞航空动力装备有限公司 | A kind of redundant manipulator diagnostic system and method based on CAN bus |
| CN108803420B (en) * | 2018-06-02 | 2024-05-10 | 新乡市光明电器有限公司 | Centralized control circuit for military vehicle-mounted equipment |
| CN109542085B (en) * | 2018-11-26 | 2020-10-23 | 东北大学 | Automatic experiment platform flexible switching device with time-lag configuration function and method |
| CN110320799B (en) * | 2019-06-13 | 2021-05-07 | 大连理工大学 | Undisturbed cut-in fault-tolerant control method for faults of aircraft engine actuator |
| CN110515295A (en) * | 2019-07-25 | 2019-11-29 | 南京南瑞继保电气有限公司 | A kind of method of the redundancy I/O module of dynamic and configurable |
| CN111580454B (en) * | 2020-06-28 | 2021-08-20 | 山东省计算中心(国家超级计算济南中心) | Safety control method of industrial safety PLC (programmable logic controller) |
| CN112947393B (en) * | 2021-04-12 | 2023-05-05 | 杭州秋瑞自动化科技有限公司 | Diagnostic method of PLC system |
| CN114203483A (en) * | 2021-11-27 | 2022-03-18 | 陕西航空电气有限责任公司 | Method for realizing backup control of aviation contactor |
| CN114428452B (en) * | 2022-04-06 | 2022-07-15 | 成都凯天电子股份有限公司 | Dual-redundancy control device of position detection and retraction control equipment and control method thereof |
| CN115098306A (en) * | 2022-08-03 | 2022-09-23 | 南方电网数字电网研究院有限公司 | Embedded fault-tolerant self-healing structure, method and system applied to power industrial control terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1834929A (en) * | 2005-03-17 | 2006-09-20 | 富士通株式会社 | Information processing apparatus and control method therefor |
| KR20080020807A (en) * | 2006-09-01 | 2008-03-06 | 주식회사 포스콘 | Apparatus and method for plc redundancy |
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN201383095Y (en) * | 2009-04-13 | 2010-01-13 | 西安江河电站技术开发有限责任公司 | PLC redundancy rotation-speed monitoring device |
| KR20120102240A (en) * | 2011-03-08 | 2012-09-18 | 엘에스산전 주식회사 | Redundancy plc system and data synchronization method thereof |
| WO2012128994A1 (en) * | 2011-03-23 | 2012-09-27 | Siemens Corporation | System and method for verification and validation of redundancy software in plc systems |
-
2014
- 2014-06-24 CN CN201410287669.3A patent/CN105278516B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1834929A (en) * | 2005-03-17 | 2006-09-20 | 富士通株式会社 | Information processing apparatus and control method therefor |
| KR20080020807A (en) * | 2006-09-01 | 2008-03-06 | 주식회사 포스콘 | Apparatus and method for plc redundancy |
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN201383095Y (en) * | 2009-04-13 | 2010-01-13 | 西安江河电站技术开发有限责任公司 | PLC redundancy rotation-speed monitoring device |
| KR20120102240A (en) * | 2011-03-08 | 2012-09-18 | 엘에스산전 주식회사 | Redundancy plc system and data synchronization method thereof |
| WO2012128994A1 (en) * | 2011-03-23 | 2012-09-27 | Siemens Corporation | System and method for verification and validation of redundancy software in plc systems |
Non-Patent Citations (3)
| Title |
|---|
| 中型PLC冗余架构研究与同步技术实现;陈加杰;《中国优秀硕士学位论文全文数据库 信息科技辑》;20111215(第S2期);I140-692:P72 * |
| 动态系统的故障检测与诊断研究;张登峰;《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》;20040315(第01期);I140-55:P147 * |
| 轨道列车智慧门控制系统设计与开发;李高杰;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130615(第06期);I140-426:P72 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105278516A (en) | 2016-01-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105278516B (en) | A kind of implementation method of the reliable fault-tolerant controller of dual redundant switching value PLC control system | |
| CN102096401B (en) | Redundant and fault-tolerant safety instrument control system based on fieldbus and ARM (advanced RISC machines) | |
| US7120820B2 (en) | Redundant control system and control computer and peripheral unit for a control system of this type | |
| US8132042B2 (en) | Method and device for exchanging data on the basis of the OPC communications protocol between redundant process automation components | |
| CN102866690B (en) | Redundancy switching method between Redundant process control station in scattered control system | |
| CN104268037A (en) | Hot redundancy interlocking subsystem and main and standby switching method thereof | |
| CN112666870A (en) | Platform door control system and control method | |
| CN103647781A (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| CN104360916B (en) | Main standby synchronous method based on data syn-chronization | |
| CN101634855B (en) | Redundancy backup control system of ground equipment for opening ceremony and closing ceremony of large-scale games | |
| CN105045164A (en) | Degradable triple-redundant synchronous voting computer control system and method | |
| CN106125544A (en) | A kind of temperature of track switch controller that is applicable to is for redundant system | |
| CN106627668A (en) | Train monitoring server system based on double-two-out-of-two framework and control method | |
| CN105938356B (en) | The hardware redundancy of control module and operation cadence synchronization system in DCS system | |
| CN105005232A (en) | Degradable triple redundancy synchronous voting computer control system and method | |
| CN115913906A (en) | Redundancy control system and method for ship | |
| CN205068032U (en) | Computer control system is decided by vote to synchronization that can demote | |
| CN202421854U (en) | Triplex level redundancy switching value output module for DCS (data communication system) | |
| CN106451404A (en) | Power supply system and power supply configuration method thereof | |
| CN107479484A (en) | A kind of gas holder control system and method | |
| CN206133294U (en) | Controller fault protection system | |
| CN106385063A (en) | Power supply system and power supply awakening method | |
| CN106656437A (en) | Redundant hot standby platform | |
| CN207232735U (en) | A kind of gas holder control system | |
| CN201499020U (en) | Self-adapting field bus reconstruction system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171212 Termination date: 20190624 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |