CN109448880A - Method and system is filled under nuclear safe level hot backup redundancy control station unperturbed - Google Patents

Method and system is filled under nuclear safe level hot backup redundancy control station unperturbed Download PDF

Info

Publication number
CN109448880A
CN109448880A CN201811114280.3A CN201811114280A CN109448880A CN 109448880 A CN109448880 A CN 109448880A CN 201811114280 A CN201811114280 A CN 201811114280A CN 109448880 A CN109448880 A CN 109448880A
Authority
CN
China
Prior art keywords
slave
control station
hot backup
redundancy control
backup redundancy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811114280.3A
Other languages
Chinese (zh)
Other versions
CN109448880B (en
Inventor
江国进
刘大鹏
石桂连
张智慧
彭立
任保华
高超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China General Nuclear Power Corp
China Techenergy Co Ltd
Original Assignee
China General Nuclear Power Corp
China Techenergy Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China General Nuclear Power Corp, China Techenergy Co Ltd filed Critical China General Nuclear Power Corp
Priority to CN201811114280.3A priority Critical patent/CN109448880B/en
Publication of CN109448880A publication Critical patent/CN109448880A/en
Application granted granted Critical
Publication of CN109448880B publication Critical patent/CN109448880B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/008Man-machine interface, e.g. control room layout
    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/001Computer implemented control
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Abstract

The invention belongs to the technical fields of nuclear power plant instrument control system, out of service and be likely to occur the technical issues of principal and subordinate enters malfunction present in escalation process in order to solve to carry out in the prior art for Redundant Control station, the present invention provides and fills method and system under a kind of nuclear safe level hot backup redundancy control station unperturbed;The described method includes: S1, hot backup redundancy control station is connected under engineer station dress and calibration tool;S2, the downloading for receiving new version configuration, die-filling formula under slave enters;S3, slave trigger master-slave swap after host automatic synchronization application data and variable forced regime;S4, under engineer station dress and calibration tool receive new version configuration downloading, and control switching after slave enter under die-filling formula;S5, after handover slave trigger master-slave swap after switching aft engine automatic synchronization application data and variable forced regime.Therefore, it can be realized the unperturbed output of nuclear safe level hot backup redundancy control station.

Description

Method and system is filled under nuclear safe level hot backup redundancy control station unperturbed
Technical field
It is controlled the present invention relates to the technical field of nuclear power plant instrument control system more particularly to a kind of nuclear safe level hot backup redundancy Technical field, and in particular, to fill method and system under a kind of nuclear safe level hot backup redundancy control station unperturbed.
Background technique
Nuclear power is relative to thermoelectricity, by feat of to the advantages such as environmental protection, generated energy be big, having obtained good development, but 2011 Year Fukushima, Japan nuclear power plant accident, allow nuclear plant safety problem to become pay special attention to the problem of, so to nuclear power plant instrument A variety of consider is increased to safety factor in the design process of control system.Instrument by taking FirmSys (harmonious system) platform as an example In control system, controller is usually arranged to hot backup redundancy, and corresponding control station is also accordingly designed to hot backup redundancy control station.
But inventor has found during realizing the present invention: the controller of above-mentioned hot backup redundancy control station can not achieve Fault-free switching, so when some hot backup redundancy control station is upgraded, it is necessary to allow stop control to run, thus can Lead to the problem that a hot backup redundancy control station is entirely ineffective in this nuclear power station protection system;But also can exist when hot standby superfluous When remaining control station carries out the update of principal and subordinate's configuration, after guaranteeing slave with new complete version configuration, it is same that principal and subordinate is restarted in slave reset When having walked this stage of redundant data, if hostdown, slave also enters malfunction.Therefore, those skilled in the art Member, which urgently develops one kind, can allow hot backup redundancy control station more preferably to realize the technical solution filled under unperturbed.
Summary of the invention
In order to solve to carry out out of service present in escalation process for Redundant Control station in the prior art and be likely to occur Principal and subordinate enters the technical issues of malfunction, and the present invention provides and fills method under a kind of nuclear safe level hot backup redundancy control station unperturbed And system, it can be realized the unperturbed output of nuclear safe level hot backup redundancy control station.
To achieve the goals above, technical solution provided by the invention includes:
One aspect of the present invention provides and fills method under a kind of nuclear safe level hot backup redundancy control station unperturbed, which is characterized in that packet It includes:
S1, the hot backup redundancy control station is connected to as normal operating conditions, and by the hot backup redundancy control station Dress and calibration tool under engineer station;
S2, dress and calibration tool receive the downloading of new version configuration under the engineer station, and control described hot standby superfluous Die-filling formula under slave in remaining control station enters;
S3, it the slave in the hot backup redundancy control station is placed under test pattern runs, controlled in the hot backup redundancy The slave stood triggers master-slave swap, so that the slave after host automatic synchronization application data and variable forced regime It is switched to switching aft engine, the mian engine changeover is slave after switching;
S4, after the hot backup redundancy control station master-slave swap, the hot backup redundancy control station is connected to engineer Stand down dress and calibration tool, under the engineer station fill and calibration tool receive new version configuration downloading, and control described in Die-filling formula under slave enters after switching in hot backup redundancy control station;
S5, it slave after the switching in the hot backup redundancy control station is placed under test pattern runs, described hot standby superfluous Slave triggers principal and subordinate after switching aft engine automatic synchronization application data and variable forced regime after switching in remaining control station Switching, so that slave is switched to host after the switching, the switching aft engine is switched to slave.
In preferred embodiment of the embodiment of the present invention, the triggering master-slave swap includes:
Host in S11, Xiang Suoshu hot backup redundancy control station sends master-slave swap instruction;
Host feedback states in S12, the hot backup redundancy control station;
Host in S13, the hot backup redundancy control station sends switching request signal to slave;
Slave in S14, the hot backup redundancy control station carries out a liter main operation after receiving signal, and sends and switch to host Confirmation signal;
After host in S15, the hot backup redundancy control station receives switching confirmation signal, it is reduced to slave, and send state Feedback.
In preferred embodiment of the embodiment of the present invention, when being filled under the slave unperturbed in the hot backup redundancy control station, Give slave to be powered on or start-up operation, make its normal operation, and judge the slave in the hot backup redundancy control station and Whether the current configuration version of host is identical;When it is identical for determining result, slave keeps normal starting operational mode;Work as judgement When being as a result not identical, continue to judge whether the slave configuration version in the hot backup redundancy control station is host groups state version Upgraded version, if it is upgraded version, then the slave in the hot backup redundancy control station can operate normally, and show principal and subordinate's version This is inconsistent, prompts warning message, and if not upgraded version, then the slave failure in the hot backup redundancy control station is hung up, Show error message.
In preferred embodiment of the embodiment of the present invention, applied between the host and slave in the hot backup redundancy control station Data are ranked up output in the way of type and variable name, and some variable is increased, deleted or is modified operation after, Its dependent variable can also change therewith;Slave and host data synchronous phase in the hot backup redundancy control station, it is described Slave in hot backup redundancy control station has updated after configuration enters normal operation, and Yao Zidong is from the hot backup redundancy control station Host synchronization application data and variable forced regime, when the slave configuration version in the hot backup redundancy control station is inconsistent When, synchrodata mapping table is generated according to the difference of its basic version and current version redundant synchronization data volume, and described same Step data mapping table includes the address mapping relation of the variation variable between two version configurations, so that the slave MPU board Can remap synchrodata according to the synchrodata mapping table, realize the accurate synchronization of data.
It in configuration software include network variable in the configuration software of lower dress in preferred embodiment of the embodiment of the present invention Offset, when configuration needs user setting, and the shifting property of constant variable cannot change, and increase newly or the network of modification becomes The shifting property of amount need to reset and cannot with the deviant conflict of existing network variable so that under unperturbed fill during, Operation phase after triggering master-slave swap stage and switching, the network data communicated between standing will be consistent.
Another aspect of the present invention also provides and fills system under a kind of nuclear safe level hot backup redundancy control station unperturbed, and feature exists In, comprising:
It is filled under the hot backup redundancy control station that is filled under pending configuration, engineer station and calibration tool, MPU board and FCU plate Card;
The MPU board and FCU board are arranged to, can by the hot backup redundancy control station as normal operating conditions, Dress and calibration tool can be connected to the hot backup redundancy control station under the engineer station;
The hot backup redundancy control station is arranged to receive dress and calibration tool under the engineer station and receives new edition The downloading of this configuration, and the slave in the hot backup redundancy control station is configured to die-filling formula under entering;
The MPU board is also arranged to be able to for the slave in the hot backup redundancy control station being placed under test pattern and transport Row, the slave in the hot backup redundancy control station are arranged to from host automatic synchronization application data and variable forced regime Later, master-slave swap is triggered, so that the slave is switched to switching aft engine, the mian engine changeover is slave after switching;
After the hot backup redundancy control station master-slave swap, the hot backup redundancy control station is connected under engineer station Dress and calibration tool, so that the hot backup redundancy control station is arranged to receive dress and calibration tool under the engineer station The downloading of new version configuration is received, and slave is configured to die-filling formula under entering after the switching in the hot backup redundancy control station;
The MPU board is also arranged to be able to slave after the switching in the hot backup redundancy control station being placed in test pattern Lower operation, slave is strong from switching aft engine automatic synchronization application data and variable after the switching in the hot backup redundancy control station After state processed, trigger master-slave swap so that slave is switched to host after the switching, the switching aft engine be switched to from Machine.
In preferred embodiment of the embodiment of the present invention, the hot backup redundancy control station includes processor and memory, institute Triggering master-slave swap program in the memory can be loaded by stating processor, and execute following steps: first to described hot standby superfluous Host in remaining control station sends master-slave swap instruction, and the host feedback states in the hot backup redundancy control station are described hot standby Host in Redundant Control station sends switching request signal to slave, after the slave in the hot backup redundancy control station receives signal A liter main operation is carried out, and sends switching confirmation signal to host, the host in the hot backup redundancy control station receives switching confirmation After signal, it is reduced to slave, and sends state feedback.
In preferred embodiment of the embodiment of the present invention, when being filled under the slave unperturbed in the hot backup redundancy control station, Give slave to be powered on or start-up operation, make its normal operation, and judge the slave in the hot backup redundancy control station and Whether the current configuration version of host is identical;When it is identical for determining result, slave keeps normal starting operational mode;Work as judgement When being as a result not identical, continue to judge whether the slave configuration version in the hot backup redundancy control station is host groups state version Upgraded version, if it is upgraded version, then the slave in the hot backup redundancy control station can operate normally, and show principal and subordinate's version This is inconsistent, prompts warning message, and if not upgraded version, then the slave failure in the hot backup redundancy control station is hung up, Show error message.
In preferred embodiment of the embodiment of the present invention, applied between the host and slave in the hot backup redundancy control station Data are ranked up output in the way of type and variable name, and some variable is increased, deleted or is modified operation after, Its dependent variable can also change therewith;Slave and host data synchronous phase in the hot backup redundancy control station, it is described Slave in hot backup redundancy control station has updated after configuration enters normal operation, and Yao Zidong is from the hot backup redundancy control station Host synchronization application data and variable forced regime, when the slave configuration version in the hot backup redundancy control station is inconsistent When, synchrodata mapping table is generated according to the difference of its basic version and current version redundant synchronization data volume, and described same Step data mapping table includes the address mapping relation of the variation variable between two version configurations, so that the slave MPU board Can remap synchrodata according to the synchrodata mapping table, realize the accurate synchronization of data.
It in configuration software include network variable in the configuration software of lower dress in preferred embodiment of the embodiment of the present invention Offset, when configuration needs user setting, and the shifting property of constant variable cannot change, and increase newly or the network of modification becomes The shifting property of amount need to reset and cannot with the deviant conflict of existing network variable so that under unperturbed fill during, Operation phase after triggering master-slave swap stage and switching, the network data communicated between standing will be consistent.
Using above-mentioned technical proposal provided by the invention, one of following beneficial effect can be at least obtained:
1, the problem of upgrading and guarantee simultaneously the output of system unperturbed is needed during providing a kind of operation of nuclear power station, from basic On meet nuclear power station protection system general safety performance requirement.
2, during dress under unperturbed, by fault-free master-slave swap, so that can be eliminated in fault-free handoff procedure One is controller not available problem in short-term when master-slave swap, and when eliminating handover failure control station failure hidden danger.
3, it is led to the problem of when slave configuration version is inconsistent, comprising: between slave starting problem, slave Using data and variable forced regime accurate synchronization problem, Data Communication in Computer Networks problem and identify in the algorithm of new and old edition and when The problems such as corresponding relationship of the relevant data of sequence, solution is further provided respectively, can timely report information, work grasp Author checks and handles;In this way when downloading to slave, safety is not influenced.
The other feature and advantage of invention will illustrate in the following description, also, partly become aobvious from specification And it is clear to, or understood by implementing technical solution of the present invention.The objectives and other advantages of the invention can be by illustrating Specifically noted structure and/or process are achieved and obtained in book, claims and attached drawing.
Detailed description of the invention
Fig. 1 is the process that method is filled under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention Figure.
Fig. 2 is that dress method corresponds to equipment under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention The flow chart of operation.
Fig. 3 is during filling under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention under unperturbed Fill the flow chart of selection.
Fig. 4 is fault-free during filling under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention Master-slave swap flow chart.
Fig. 5 is that slave opens during filling under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention Dynamic work flow diagram.
Fig. 6 is principal and subordinate's number during filling under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention According to the schematic diagram of synchronization map table.
Fig. 7 is new and old group during filling under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention Network data transmission schematic diagram between state.
Fig. 8 is that the structure of dress system under a kind of nuclear safe level hot backup redundancy control station unperturbed provided in an embodiment of the present invention is shown It is intended to.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate , these specific descriptions only allow those of ordinary skill in the art to be more easier, clearly understand the present invention, rather than to this hair Bright limited explanation;And if conflict is not constituted, each spy in each embodiment and each embodiment in the present invention Sign can be combined with each other, and it is within the scope of the present invention to be formed by technical solution.
In addition, step shown in the flowchart of the accompanying drawings can be in the control system of a such as group controller executable instruction Middle execution, although also, logical order is shown in flow charts, and it in some cases, can be to be different from herein Sequence executes shown or described step.
Below by the drawings and specific embodiments, technical solution of the present invention is described in detail:
Embodiment
The present embodiment provides filling method under a kind of nuclear safe level hot backup redundancy control station unperturbed, and it is with harmonious system platform Example is illustrated, if having same or similar platform for other nuclear power plant instrument control system platforms, this reality also can be implemented The embodiment of example offer is provided.Wherein, the definition of the correlation module or unit that refer in the present embodiment and abbreviation are as follows:
FirmSys: it is able to achieve the base that one group of functional module (including software, hardware and structural member) of specific function is constituted Plinth platform may be implemented safety level by certain configuration and protect system, Chinese entitled " harmonious system ".
MPU:Main Processing Unit, Main Processor Unit are the sub- product of harmonious system.
HNU:High-Speed Net Communication Unit, high- speed network communication unit.
LNU:Low-Speed Net Communication Unit, low speed communication unit.
FCU:Firmnet Communication Unit, looped network communications processor element.
EAST:Engineer Application Software Toolkit, Engineer software's master control tool.
DANCE:Downlaod And Check Enviroment, fills under engineer station and calibration tool.
LAOD: under die-filling formula, a kind of operational mode of MPU.
NML: cycle operation mode, a kind of operational mode of MPU.
TEST: test pattern, a kind of operational mode of MPU.
That is the sub- product of the harmonious system of MPU/HNULNU/FCU/DANCE system, LOAD/NML/TEST is tri- kinds of operation moulds of MPU Formula.
As shown in Figure 1, the present embodiment provides method is filled under a kind of nuclear safe level hot backup redundancy control station unperturbed, under the unperturbed Dress method include 7 stages: control station normal operating phase, under slave fill the configuration stage, make slave initial operation phase, from Machine and host synchronization data phase, triggering master-slave swap stage fill to original host that the stage, to complete control station online under configuration The stage is filled under unperturbed;Specifically, comprising:
S110, hot backup redundancy control station is connected to engineer as normal operating conditions, and by hot backup redundancy control station Stand down dress and calibration tool;
S120, dress and calibration tool receive the downloading of new version configuration under engineer station, and control hot backup redundancy control Die-filling formula under the slave stood enters;
S130, it the slave in hot backup redundancy control station is placed under test pattern runs, in hot backup redundancy control station Slave triggers master-slave swap, so that slave is switched to switching after host automatic synchronization application data and variable forced regime Aft engine, mian engine changeover are slave after switching;
S140, after hot backup redundancy control station master-slave swap, hot backup redundancy control station is connected under engineer station and is filled And calibration tool, it is filled under engineer station and calibration tool receives the downloading of new version configuration, and control hot backup redundancy control station In switching after slave enter under die-filling formula;
S150, it slave after the switching in hot backup redundancy control station is placed under test pattern runs, controlled in hot backup redundancy Slave triggers master-slave swap after switching aft engine automatic synchronization application data and variable forced regime after the switching stood, So that slave is switched to host after switching, switching aft engine is switched to slave.
Come below with reference to Fig. 2 with the hardware environment in FirmSys platform for example, specifically, it is provided in this embodiment Method is filled under nuclear safe level hot backup redundancy control station unperturbed to correspond to apparatus operation method and include:
S210, MPU board and FCU board key switch are placed in LOAD gear, reset MPU board: by MPU board and FCU plate The key switch of card is respectively placed on LOAD gear, so that MPU board carries out reset operation;
S220, connection DANCE software tool: after ensuring that host and slave devices operate normally, DANCE software is connected Tool;
S230, downloading new version configuration, disconnect the connection with DANCE: carrying out the lower dress of new version configuration, will be with DANCE The tool connection status of software disconnects, so that die-filling formula under slave entrance;
S240, the key switch position of MPU board is placed in TEST gear, and the key switch of FCU board is placed in NML Gear;
S250, it resets MPU board: MPU board being subjected to reset operation, is run so that slave enters under TEST mode;
S260, MPU board and FCU board key switch are placed in LOAD gear: in slave from host automatic synchronization application data After variable forced regime, master-slave swap is triggered, repeats the operation of S210, so that original host (existing slave) is die-filling under entering Formula, former slave upgrade to host, so that new version configuration comes into force;
S270, connection DANCE tool, lower dress new version configuration: DANCE tool is attached, and carries out new version configuration Lower dress, so that original host (existing slave) is updated to new edition configuration;
S280, MPU and FCU board key switch is placed in NML gear;
S290, it resets MPU board: repeating 250 operation, original host (existing slave) operates normally, and synchronous applications data With variable forced regime.
And before hot backup redundancy control station updates configuration, modifies content according to configuration first and upstream device is carried out to be isolated and prevent Shield, in control station normal operating phase, host and slave are operated normally, and to the configuration stage is filled under slave, Host Status is just Often, die-filling formula under slave enters carries out operating procedure S210, S220, S230, makes slave initial operation phase, host is still just Often operation, after carrying out operating procedure S240, S250, slave enters TEST mode operation, in slave and host synchronization data phase, Slave carries out step S260 in the triggering master-slave swap stage from host automatic synchronization application data and variable forced regime, so that Die-filling formula under host enters, slave are upgraded to host, and the new version configuration of slave comes into force, and fill under configuration to original host, main Wanting step is S270-S290, and original host is updated to new version configuration, is operated normally into slave status, and (is now led with former slave Machine) data synchronization is carried out, the stage is filled in the case where completing the online unperturbed of control station, original host enters slave status, and former slave enters master Machine state, new version configuration operates normally.
As shown in figure 3, filling process under nuclear safe level hot backup redundancy control station unperturbed provided in this embodiment further includes judgement Whether need to carry out to fill under dress or increment under unperturbed, specifically, comprising:
S310, user click lower dress;
Dress and calibration tool (DANCE) intelligent decision are filled under complete lower dress or increment under S320, engineer station? if it is Complete lower dress, executes S330;If it is filling under unperturbed, S340 is executed;
S330, dress operation under software configuration is executed;
S340, whether unanimously to continue judgement and basic version number, if so, S330 is thened follow the steps, if it is not, then holding Row S350;
S350, prompt the user whether to continue lower dress? if so, thening follow the steps S330, S360 is otherwise executed.
S360, lower dress is exited.
As shown in figure 4, the present embodiment also provides a kind of fault-free master-slave cpu switching flow figure, specifically, in Fig. 1 For FirmSys hot backup redundancy station fault-free master-slave swap implement following manner include:
S401, the host into hot backup redundancy control station send master-slave swap instruction;
Host feedback states in S402, hot backup redundancy control station;
Host in S403, hot backup redundancy control station sends switching request signal to slave;
Slave in S404, hot backup redundancy control station carries out a liter main operation after receiving signal;
S405, switching confirmation signal is sent to host;
After host in S406, hot backup redundancy control station receives switching confirmation signal, it is reduced to slave;
S407, state feedback is sent.
Wherein, the switching of FirmSys hot backup redundancy control station station fault-free need to have the human-machine interface of artificial triggering master-slave swap Mouthful, due to only having a RESET key on the MPU board of current FirmSys, by the control of key press time, realize fault-free The input and identification of switching command, are specifically configured to: pressing 4 seconds triggering master-slave swaps of RESET key, the MPU of the reset more than 4 seconds Board, the operation of the cancellation more than 10 seconds, arrangement above can pass through the CPLD (Complex of modification RESET button Programmable Logic Device) Complex Programmable Logic Devices processing logic realize;Secondly, between slave Redundancy switch logic can support fault-free to switch, therefore, can be by modifying CPLD (Complex Programmable Logic Device) Complex Programmable Logic Devices and software code, so that host is actively sent redundancy switching signal to slave, matches The signal wire closed between slave realizes fault-free master-slave swap function.
In the present embodiment preferred embodiment, when filling under the slave unperturbed in hot backup redundancy control station, slave is given It is powered on or start-up operation, makes its normal operation, and judge current group of the slave in hot backup redundancy control station and host Whether state version is identical;When it is identical for determining result, slave keeps normal starting operational mode;When judgement result is not identical When, continue to judge the slave configuration version in hot backup redundancy control station whether be host groups state version upgraded version, if it is Upgraded version, then the slave in hot backup redundancy control station can operate normally, and show that principal and subordinate's version is inconsistent, prompt alarm signal Breath, if not upgraded version, then the slave failure in hot backup redundancy control station is hung up, and shows error message.
More specifically, in a kind of slave starting course of work provided in this embodiment: when slave configuration version is inconsistent When, the starting problem of slave is handled, and provides following basic condition setting: firstly, the version of configuration included to download file Information is positioned, and basic version (version before configuration modification) is denoted as: VB, configuration current version are denoted as: VC;Then, it is being System is internal to be configured slave entry condition and version corresponding informance, specifically, as shown in figure 5, it is provided in this embodiment from Machine starts working method
S510, slave power on/start: when filling under unperturbed, giving slave and powered on or start-up operation, transport it normally Row;
S520, VC2 are equal to VC1, and (i.e. is configuration version identical?)? intelligent decision inside I&C system, slave and host are worked as Whether preceding configuration version is identical, identical when determining;If so, executing S540, otherwise, S530 is executed;
Does is S530, VB2 are equal to VC1, and (i.e. slave host upgrading?)? internal system intelligent decision slave configuration version whether be The upgrading of host configuration version;If so, executing S550, otherwise, S560 is executed;
S540, slave operate normally, and slave keeps normal starting operational mode;
S550, slave operation, display configuration is inconsistent, alarms;I.e. slave can operate normally, but show principal and subordinate's version not Unanimously, and warning message is provided;
S560, slave failure are hung up: slave failure is hung up, and shows error message.
Aforesaid operations only slave as one preferred start when judgement and operational norm, during master-slave swap not The working condition of host is influenced, at least one is available to guarantee when filling under unperturbed host and slave, guarantees the safety of engineering.
In the present embodiment preferred embodiment, between the host and slave in hot backup redundancy control station using data according to Type and the mode of variable name are ranked up output, and some variable is increased, deleted or is modified operation after, dependent variable Also it can change therewith;Slave in hot backup redundancy control station and host data synchronous phase, in hot backup redundancy control station Slave updated after configuration enters normal operation, Yao Zidong is from the host synchronization application data and change in hot backup redundancy control station Forced regime is measured, when the slave configuration version in hot backup redundancy control station is inconsistent, according to its basic version and current version The difference of this redundant synchronization data volume generates synchrodata mapping table, and synchrodata mapping table include two version configurations it Between variation variable address mapping relation, slave MPU board is remapped synchronization according to synchrodata mapping table Data realize the accurate synchronization of data.
Specifically, as shown in fig. 6, for a kind of principal and subordinate's data synchronization map expression intention provided in this embodiment: at present Transmission is arranged in the way of " type+variable name " using data between FirmSys platform slave, increased, deleted or modify some Variable may cause the variation of other variables reorderings, if slave configuration version is inconsistent, will lead to slave to using number According to parsing mistake.When EAST compiles configuration, generated according to the difference of its basic version and current version redundant synchronization data variable " synchrodata mapping table ", comprising not changing the address mapping relation of variable between two version configurations in table, slave MPU according to The table remaps synchrodata, realizes the accurate synchronization of data.
It in configuration software include the inclined of network variable in the configuration software of lower dress in the present embodiment preferred embodiment It moves, when configuration needs user setting, and the shifting property of constant variable cannot change, and increases newly or the network variable of modification Shifting property needs to reset and cannot be with the deviant conflict of existing network variable, so that touching during filling under unperturbed Operation phase after sending out master-slave swap stage and switching, the network data communicated between standing will be consistent.
Specifically, as shown in fig. 7, being network data transmission schematic diagram between a kind of new and old configuration provided in this embodiment: mesh The network variable of preceding FirmSys platform arranges transmission in the way of " type+variable name ", and increasing, delete or modify some variable can The variation that can cause other variables reorderings needs to eliminate the problem of network variable sequence is influenced by additions and deletions variable, becomes network Amount determines its position in variable list according to offset address, rather than is ranked up according to variable name, increases in this way, deletes and changes Variable will not all change the position of variable, realize the decoupling between variable.
In the present embodiment further preferred embodiment, under unperturbed fill during, triggering the master-slave swap stage and Operation phase after switching, the network data communicated between standing will be consistent, so network variable is communicatively in design principle Location cannot change;Based on this reason, the offset of network variable is introduced in configuration software, when configuration, needs user setting, The shifting property of constant variable cannot change, the shifting property of newly-increased or modification network variable need to reset and The consistency of data communication between station cannot be ensured that in this way with the deviant conflict of existing network variable;From whole system angle From the point of view of degree, the unperturbed function of network data transmitting-receiving is realized.
In the present embodiment further preferred embodiment, during being filled under unperturbed, variable relevant with timing in algorithm It is automatically generated by algorithm software, after configuration upgrading, needs to handle the relevant name variable regularization of timing, to look for To the corresponding relationship between new and old edition, guarantee that timing name variable does not change inside unmodified algorithmic block, it is same when generating After walking mapping table, the timing variable in each example of each algorithmic block is recorded, is marked by uniqueness of name Know.For example, filling configuration modification object under unperturbed is IO variable, network variable, parametric variable and algorithm, the above object is repaired Change support unperturbed, modify to other configurations or equipment and do not support unperturbed, and when having detected equipment change situation, Forbid compiling.Wherein, IO variable includes: AIO variable, DIO variable, CIM variable, network variable include: point to point network variable, Looped network network variable, parametric variable are all parametric variables.Algorithmic variable and algorithm, which are patrolled, to be specifically included that for the modification of algorithm Collect two aspects, wherein in algorithmic variable, if changeing back categorical variable of the same name after deleting, then it is assumed that do not change, support nothing It disturbs;If only type changes, it is believed that the variable is newly-increased variable, it is believed that changes, supports unperturbed.In algorithm logic, Algorithmic block restores as former state again after deleting, it is believed that changes, supports unperturbed.
In the embodiment of the present embodiment still more preferably, for the modification of above-mentioned network variable, configuration inspection is proposed The method looked into includes: to check between single station inspection and station;Wherein, single station checks to include: the inspection of network variable offset boundary and network Variable offset rechecking, the main setting condition as defined below in the inspection of network variable offset boundary: firstly, LNU board Network variable offset cannot be greater than 3000;The offset of HNU board network variable cannot be greater than 1000.It is deviated in network variable and repeats to examine Main setting condition as defined below in looking into: first, (or conflict) is not repeated with nexus equidirectional on network interface card offset;The Two, looped network network variable deviates 4 byte-aligneds.
As shown in figure 8, the present embodiment, which also provides, fills system under a kind of nuclear safe level hot backup redundancy control station unperturbed, the lower dress System 1000 includes:
It is filled under the hot backup redundancy control station 1200 that is filled under pending configuration, engineer station and calibration tool 1100, MPU board 1210 and FCU board 1220;The first controller 1230 in the hot backup redundancy control station 1200 filled under pending configuration is host Controller, the second controller 1240 in hot backup redundancy control station 1200 filled under pending configuration are from machine controller;Certainly The hot backup redundancy control station 1200 filled under pending configuration provided in this embodiment is without being limited thereto, can also be arranged to, by MPU plate Card 1210 and FCU board 1220 individualism independently of the hot backup redundancy control station 1200 filled under pending configuration, these are not Same embodiment belongs to the protection scope of the present embodiment;
MPU board 1210 and FCU board 1220 are arranged to, can by hot backup redundancy control station as normal operating conditions, Dress and calibration tool can be connected to hot backup redundancy control station under engineer station;
Hot backup redundancy control station, which is arranged to receive to fill under engineer station, receives new version configuration with calibration tool Downloading, and the slave in hot backup redundancy control station is configured to die-filling formula under entering;
MPU board is also arranged to be able to for the slave in hot backup redundancy control station being placed under test pattern and run, hot standby Slave in Redundant Control station is arranged to after host automatic synchronization application data and variable forced regime, triggers principal and subordinate Switching, so that slave is switched to switching aft engine, mian engine changeover is slave after switching;
After hot backup redundancy control station master-slave swap, hot backup redundancy control station is connected under engineer station and fills and verifies Tool, so that hot backup redundancy control station, which is arranged to receive to fill under engineer station, receives new version configuration with calibration tool Downloading, and slave is configured to die-filling formula under entering after the switching in hot backup redundancy control station;
MPU board is also arranged to be able to for slave after the switching in hot backup redundancy control station being placed under test pattern and run, After the switching in hot backup redundancy control station slave from switching aft engine automatic synchronization application data and variable forced regime after, Master-slave swap is triggered, so that slave is switched to host after switching, switching aft engine is switched to slave.
In the present embodiment preferred embodiment, hot backup redundancy control station includes processor and memory, and processor can Triggering master-slave swap program in load store device, and execute following steps: first the host into hot backup redundancy control station is sent Master-slave swap instructs, the host feedback states in hot backup redundancy control station, and the host in hot backup redundancy control station is sent to slave Switching request signal, the slave in hot backup redundancy control station carry out a liter main operation after receiving signal, and it is true to host to send switching Recognize signal and be reduced to slave after the host in hot backup redundancy control station receives switching confirmation signal, and sends state feedback.
In the present embodiment preferred embodiment, when filling under the slave unperturbed in hot backup redundancy control station, slave is given It is powered on or start-up operation, makes its normal operation, and judge current group of the slave in hot backup redundancy control station and host Whether state version is identical;When it is identical for determining result, slave keeps normal starting operational mode;When judgement result is not identical When, continue to judge the slave configuration version in hot backup redundancy control station whether be host groups state version upgraded version, if it is Upgraded version, then the slave in hot backup redundancy control station can operate normally, and show that principal and subordinate's version is inconsistent, prompt alarm signal Breath, if not upgraded version, then the slave failure in hot backup redundancy control station is hung up, and shows error message.
In the present embodiment preferred embodiment, between the host and slave in hot backup redundancy control station using data according to Type and the mode of variable name are ranked up output, and some variable is increased, deleted or is modified operation after, dependent variable Also it can change therewith;Slave in hot backup redundancy control station and host data synchronous phase, in hot backup redundancy control station Slave updated after configuration enters normal operation, Yao Zidong is from the host synchronization application data and change in hot backup redundancy control station Forced regime is measured, when the slave configuration version in hot backup redundancy control station is inconsistent, according to its basic version and current version The difference of this redundant synchronization data volume generates synchrodata mapping table, and synchrodata mapping table include two version configurations it Between variation variable address mapping relation, slave MPU board is remapped synchronization according to synchrodata mapping table Data realize the accurate synchronization of data.
It in configuration software include the inclined of network variable in the configuration software of lower dress in the present embodiment preferred embodiment It moves, when configuration needs user setting, and the shifting property of constant variable cannot change, and increases newly or the network variable of modification Shifting property needs to reset and cannot be with the deviant conflict of existing network variable, so that touching during filling under unperturbed Operation phase after sending out master-slave swap stage and switching, the network data communicated between standing will be consistent.
During realizing above-mentioned lower dress, the FirmSys master control board card being related to makes following modification: firstly, realizing peace The download tool of full grade, enables control station to connect maintenance tool when executing security function;Second, change embedded software frame Structure monitors maintenance interface state while Zhou Congji executes normal function to phase property, according to instruction point multiple weeks of lower dress evidence Phase receives, parsing, verifies and store configuration data, while ensuring that cpu load is met the requirements;Third changes same between slave Step content makes new configuration data automatic synchronization to slave slave parsed, verified to configuration data and is stored;4th, The organizational form of network data is modified, when realizing that control station configuration version is inconsistent, the accurate synchronization of network data;5th, it repairs Storage and the debud mode for changing application program (logical algorithm) distribute the area A, B in master control board card Flash chip and store base respectively Plinth version configuration and current version configuration distribute the area A, B in master control board card memory and store new and old edition application program respectively, under Switch application program between the area A, B when dress;6th, slave data Synchronization Design is modified, a configuration data is enabled the host to Divide multi-period Synchronous to slave;7th, EAST Suit software is modified, data is applied using new regular weaves and arrangement, realizes New and old edition configuration no-harass switch, the above operation can realize hot backup redundancy control in the case where not changing FirmSys hardware board It makes and fills function under the unperturbed at station, to fill method under perfect nuclear safe level hot backup redundancy station unperturbed.
In the present embodiment preferred embodiment, during above-mentioned lower dress, the constrained variable point of host is needed to be synchronized to Slave.According to redundant synchronization scheme, the force values and forced regime of constant constrained variable need to be synchronized to slave together.Generally In the case of, a constrained variable is searched, needs to search from all variables of configuration, the worst situation is from hundreds of thousands data Middle lookup (the most configuration of variable), the lookup of N number of constrained variable need the lookup number of N* hundreds of thousands, such situation, and CPU is born Lotus rate will greatly improve, it is easy to cause cpu load rate it is exceeded (nuclear power station protection system requirements CPU operating load rate be less than 70%).Based on the problem, the present embodiment designs a prioritization scheme: it sorts after all variables are arranged, each variable distribution One unique ID number, coding rule is 0,1,2 ..., N, the subscript of similar array when forcing to variable, carries out for ID number Operation, thus eliminates the process of traversal, solves constrained variable under big data quantity and synchronize the difficulty for causing cpu load exceeded Topic.
Using above-mentioned technical proposal provided by the invention, one of following beneficial effect can be at least obtained:
1, the problem of upgrading and guarantee simultaneously the output of system unperturbed is needed during providing a kind of operation of nuclear power station, from basic On meet nuclear power station protection system general safety performance requirement.
2, during dress under unperturbed, by fault-free master-slave swap, so that can be eliminated in fault-free handoff procedure One is controller not available problem in short-term when master-slave swap, and when eliminating handover failure control station failure hidden danger.
3, it is led to the problem of when slave configuration version is inconsistent, comprising: between slave starting problem, slave Using data and variable forced regime accurate synchronization problem, Data Communication in Computer Networks problem and identify in the algorithm of new and old edition and when The problems such as corresponding relationship of the relevant data of sequence, solution is further provided respectively, can timely report information, work grasp Author checks and handles;In this way when downloading to slave, safety is not influenced.
4, the specific technical solution of the fault-free master-slave swap proposed, including external man-machine interface is set and carries out master-slave swap Triggering, and modification slave redundancy determination and switch logic two ways, so that can be eliminated in fault-free handoff procedure One is controller not available problem in short-term when master-slave swap, and when eliminating handover failure control station failure hidden danger.
5, the technical solution provided during dress under unperturbed, generates mainly for when slave configuration version is inconsistent The problem of, comprising: data and variable forced regime accurate synchronization problem, network number are applied between slave starting problem, slave According to Communication with identification new and old edition algorithm in data relevant with timing corresponding relationship the problems such as, through the invention in The technological means being related to can be good at solving problem above, and timely report information, work operator check He Chu for offer Reason.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or The various media that can store program code such as person's CD.
Finally, it should be noted that above description is only highly preferred embodiment of the present invention, not the present invention is appointed What formal limitation.Anyone skilled in the art, it is without departing from the scope of the present invention, all available The way and technology contents of the disclosure above make many possible variations and simple replacement etc. to technical solution of the present invention, these Belong to the range of technical solution of the present invention protection.

Claims (10)

1. filling method under a kind of nuclear safe level hot backup redundancy control station unperturbed characterized by comprising
S1, the hot backup redundancy control station is connected to engineering as normal operating conditions, and by the hot backup redundancy control station The lower dress in teacher station and calibration tool;
S2, dress and calibration tool receive the downloading of new version configuration under the engineer station, and control the hot backup redundancy control Die-filling formula under slave in system station enters;
S3, it the slave in the hot backup redundancy control station is placed under test pattern runs, in the hot backup redundancy control station Slave after host automatic synchronization application data and variable forced regime, trigger master-slave swap so that the slave switch To switch aft engine, the mian engine changeover is slave after switching;
S4, after the hot backup redundancy control station master-slave swap, the hot backup redundancy control station is connected under engineer station Dress and calibration tool, fill under the engineer station and calibration tool receives the downloading of new version configuration, and control described hot standby Die-filling formula under slave enters after switching in Redundant Control station;
S5, it slave after the switching in the hot backup redundancy control station is placed under test pattern runs, in the hot backup redundancy control After switching aft engine automatic synchronization application data and variable forced regime, triggering principal and subordinate cuts slave after switching in system station It changes, so that slave is switched to host after the switching, the switching aft engine is switched to slave.
2. the method according to claim 1, wherein the triggering master-slave swap includes:
Host in S11, Xiang Suoshu hot backup redundancy control station sends master-slave swap instruction;
Host feedback states in S12, the hot backup redundancy control station;
Host in S13, the hot backup redundancy control station sends switching request signal to slave;
Slave in S14, the hot backup redundancy control station carries out a liter main operation after receiving signal, and sends switching confirmation to host Signal;
After host in S15, the hot backup redundancy control station receives switching confirmation signal, it is reduced to slave, and sends state feedback.
3. the method according to claim 1, wherein being filled under the slave unperturbed in the hot backup redundancy control station When, it gives slave and is powered on or start-up operation, make its normal operation, and judge the slave in the hot backup redundancy control station It is whether identical with the current configuration version of host;When it is identical for determining result, slave keeps normal starting operational mode;When sentencing Determine result be it is not identical when, continue to judge whether the slave configuration version in the hot backup redundancy control station is host groups state version Upgraded version, if it is upgraded version, then the slave in the hot backup redundancy control station can operate normally, and show principal and subordinate Version is inconsistent, prompts warning message, and if not upgraded version, then the slave failure in the hot backup redundancy control station is hung It rises, shows error message.
4. the method according to claim 1, wherein between host and slave in the hot backup redundancy control station It is ranked up output in the way of type and variable name using data, and some variable is increased, deleted or modified operation Later, dependent variable can also change therewith;Slave and host data synchronous phase in the hot backup redundancy control station, Slave in the hot backup redundancy control station has updated after configuration enters normal operation, and Yao Zidong is from the hot backup redundancy control station In host synchronization application data and variable forced regime, when the slave configuration version in the hot backup redundancy control station is different When cause, synchrodata mapping table is generated according to the difference of its basic version and current version redundant synchronization data volume, and described Synchrodata mapping table includes the address mapping relation of the variation variable between two version configurations, so that the slave MPU plate Block the synchrodata that can remap according to the synchrodata mapping table, realizes the accurate synchronization of data.
5. the method according to claim 1, wherein in configuration software including network in the configuration software of lower dress The offset of variable, when configuration, need user setting, and the shifting property of constant variable cannot change, and increase newly or the net of modification The shifting property of network variable need to reset and cannot with the deviant conflict of existing network variable so that filling process under unperturbed In, the operation phase after triggering master-slave swap stage and switching, the network data communicated between standing will be consistent.
6. filling system under a kind of nuclear safe level hot backup redundancy control station unperturbed characterized by comprising
It is filled under the hot backup redundancy control station that is filled under pending configuration, engineer station and calibration tool, MPU board and FCU board;
The MPU board and FCU board are arranged to, can be described by the hot backup redundancy control station as normal operating conditions Dress and calibration tool can be connected to the hot backup redundancy control station under engineer station;
The hot backup redundancy control station is arranged to receive dress and calibration tool under the engineer station and receives new version group The downloading of state, and the slave in the hot backup redundancy control station is configured to die-filling formula under entering;
The MPU board is also arranged to be able to for the slave in the hot backup redundancy control station being placed under test pattern and run, Slave in the hot backup redundancy control station is arranged to after host automatic synchronization application data and variable forced regime, Master-slave swap is triggered, so that the slave is switched to switching aft engine, the mian engine changeover is slave after switching;
After the hot backup redundancy control station master-slave swap, by the hot backup redundancy control station be connected under engineer station dress and Calibration tool, so that the hot backup redundancy control station is arranged to receive dress and calibration tool under the engineer station and receives The downloading of new version configuration, and slave is configured to die-filling formula under entering after the switching in the hot backup redundancy control station;
The MPU board is also arranged to be able to for slave after the switching in the hot backup redundancy control station being placed under test pattern and transport Row, slave forces shape from switching aft engine automatic synchronization application data and variable after the switching in the hot backup redundancy control station After state, master-slave swap is triggered, so that slave is switched to host after the switching, the switching aft engine is switched to slave.
7. system according to claim 6, which is characterized in that the hot backup redundancy control station includes processor and storage Device, the processor can load the triggering master-slave swap program in the memory, and execute following steps: first to the heat Host in standby Redundant Control station sends master-slave swap instruction, and the host feedback states in the hot backup redundancy control station are described Host in hot backup redundancy control station sends switching request signal to slave, and the slave in the hot backup redundancy control station receives letter A liter main operation is carried out after number, and sends switching confirmation signal to host, and the host in the hot backup redundancy control station receives switching After confirmation signal, it is reduced to slave, and sends state feedback.
8. system according to claim 6, which is characterized in that filled under the slave unperturbed in the hot backup redundancy control station When, it gives slave and is powered on or start-up operation, make its normal operation, and judge the slave in the hot backup redundancy control station It is whether identical with the current configuration version of host;When it is identical for determining result, slave keeps normal starting operational mode;When sentencing Determine result be it is not identical when, continue to judge whether the slave configuration version in the hot backup redundancy control station is host groups state version Upgraded version, if it is upgraded version, then the slave in the hot backup redundancy control station can operate normally, and show principal and subordinate Version is inconsistent, prompts warning message, and if not upgraded version, then the slave failure in the hot backup redundancy control station is hung It rises, shows error message.
9. system according to claim 6, which is characterized in that between the host and slave in the hot backup redundancy control station It is ranked up output in the way of type and variable name using data, and some variable is increased, deleted or modified operation Later, dependent variable can also change therewith;Slave and host data synchronous phase in the hot backup redundancy control station, Slave in the hot backup redundancy control station has updated after configuration enters normal operation, and Yao Zidong is from the hot backup redundancy control station In host synchronization application data and variable forced regime, when the slave configuration version in the hot backup redundancy control station is different When cause, synchrodata mapping table is generated according to the difference of its basic version and current version redundant synchronization data volume, and described Synchrodata mapping table includes the address mapping relation of the variation variable between two version configurations, so that the slave MPU plate Block the synchrodata that can remap according to the synchrodata mapping table, realizes the accurate synchronization of data.
10. system according to claim 6, which is characterized in that include down net in configuration software in the configuration software of dress The offset of network variable, when configuration, need user setting, and the shifting property of constant variable cannot change, and increase newly or modification The shifting property of network variable need to reset and cannot with the deviant conflict of existing network variable so that being filled under unperturbed Cheng Zhong, the operation phase after triggering master-slave swap stage and switching, the network data communicated between standing will be consistent.
CN201811114280.3A 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station Active CN109448880B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811114280.3A CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811114280.3A CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Publications (2)

Publication Number Publication Date
CN109448880A true CN109448880A (en) 2019-03-08
CN109448880B CN109448880B (en) 2021-02-23

Family

ID=65533024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811114280.3A Active CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Country Status (1)

Country Link
CN (1) CN109448880B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918235A (en) * 2019-05-16 2019-06-21 上海电气泰雷兹交通自动化系统有限公司 A kind of method of calibration for Safety-Critical System software upgrading
CN109933345A (en) * 2019-03-28 2019-06-25 杭州和利时自动化有限公司 Method and relevant apparatus are filled under a kind of unperturbed of controller
CN112530615A (en) * 2019-09-18 2021-03-19 北京广利核系统工程有限公司 Variable forcing method and system suitable for nuclear power station equipment
CN114384879A (en) * 2021-12-31 2022-04-22 江苏核电有限公司 DCS (distributed control system) -based one-key switching method for operation conditions of process equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004145510A (en) * 2002-10-23 2004-05-20 Oki Electric Ind Co Ltd Duplex control system
CN1710864A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Upgradable communication system and method for upgrading communication system
US20140310622A1 (en) * 2005-10-05 2014-10-16 Invensys Systems, Inc. Tool for creating customized user interface definitions for a generic utility supporting on-demand creation of field device editor graphical user interfaces
CN104571041A (en) * 2014-12-31 2015-04-29 重庆川仪自动化股份有限公司 Data synchronization method based on 1:1 controller redundancies
CN104898620A (en) * 2015-05-19 2015-09-09 西安晨宇环境工程有限公司 Ethernet-based redundancy control system and control method
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN108153144A (en) * 2017-11-29 2018-06-12 中核控制系统工程有限公司 A kind of DCS redundant manipulators no-harass switch method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004145510A (en) * 2002-10-23 2004-05-20 Oki Electric Ind Co Ltd Duplex control system
CN1710864A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Upgradable communication system and method for upgrading communication system
US20140310622A1 (en) * 2005-10-05 2014-10-16 Invensys Systems, Inc. Tool for creating customized user interface definitions for a generic utility supporting on-demand creation of field device editor graphical user interfaces
CN104571041A (en) * 2014-12-31 2015-04-29 重庆川仪自动化股份有限公司 Data synchronization method based on 1:1 controller redundancies
CN104898620A (en) * 2015-05-19 2015-09-09 西安晨宇环境工程有限公司 Ethernet-based redundancy control system and control method
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN108153144A (en) * 2017-11-29 2018-06-12 中核控制系统工程有限公司 A kind of DCS redundant manipulators no-harass switch method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
程保华 等: "核电站DCS主从控制器切换后信号跳变的分析与解决", 《现代电子技术》 *
韩艳红 等: "核电站安全级MELTAC软件下装方法分析应用", 《仪器仪表用户》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109933345A (en) * 2019-03-28 2019-06-25 杭州和利时自动化有限公司 Method and relevant apparatus are filled under a kind of unperturbed of controller
CN109918235A (en) * 2019-05-16 2019-06-21 上海电气泰雷兹交通自动化系统有限公司 A kind of method of calibration for Safety-Critical System software upgrading
CN112530615A (en) * 2019-09-18 2021-03-19 北京广利核系统工程有限公司 Variable forcing method and system suitable for nuclear power station equipment
CN114384879A (en) * 2021-12-31 2022-04-22 江苏核电有限公司 DCS (distributed control system) -based one-key switching method for operation conditions of process equipment

Also Published As

Publication number Publication date
CN109448880B (en) 2021-02-23

Similar Documents

Publication Publication Date Title
CN109448880A (en) Method and system is filled under nuclear safe level hot backup redundancy control station unperturbed
EP1570388B1 (en) Device and method for checking railway logical software engines for commanding plants, particularly station plants
CN105974879B (en) Redundant control device, system and control method in digital I&C system
CN102750301B (en) Blueprint generating method for integrated avionic system model aiming at architecture analysis and design language (AADL) description
CN104601366B (en) It is a kind of control, service node configuration service method and device
US7546362B2 (en) Automatic planning of network configurations
CN108153263B (en) DCS controller redundancy method and device
CN112765020A (en) Automatic testing method of computer interlocking system
CN104076806A (en) Method of carrying out automatic test on automobile electric control device and equipment
CN110879543B (en) Real-time hybrid simulation platform of electric power system
CN108959678A (en) Method and apparatus for testing the design of satellite harness and signal processing unit
CN104461765A (en) Interlocking system data accuracy detection method based on version verification
CN110058920A (en) Virtual machine performance detection method and device, electronic equipment, storage medium
CN102262402B (en) Method and apparatus for providing industrial plant information
CN109766207A (en) Restoration methods, device, monitoring device and the storage medium of firmware remote upgrade
CN209514596U (en) A kind of programming system of circuit board
CN108388108A (en) The method and device of synchrodata in a kind of multiple redundancy control system
CN112114897A (en) Parameter configuration method and device based on industrial control screen and computer equipment
US11665165B2 (en) Whitelist generator, whitelist evaluator, whitelist generator/evaluator, whitelist generation method, whitelist evaluation method, and whitelist generation/evaluation method
CN106354930B (en) A kind of self-adapting reconstruction method and system of spacecraft
CN106896792A (en) Method of data synchronization and device
CN103970653A (en) Sensor network software accessibility verification method
KR101759893B1 (en) Virtual device management apparatus based on scenario for distributed energy resources
CN112559012A (en) System upgrading and testing method and device, computer equipment and readable storage medium
Cvijić et al. Reliable adaptive optimization demonstration using big data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant