CN112147928A - Dual-CAN-bus multi-redundancy hot backup flight control computer system and method - Google Patents
Dual-CAN-bus multi-redundancy hot backup flight control computer system and method Download PDFInfo
- Publication number
- CN112147928A CN112147928A CN202010966324.6A CN202010966324A CN112147928A CN 112147928 A CN112147928 A CN 112147928A CN 202010966324 A CN202010966324 A CN 202010966324A CN 112147928 A CN112147928 A CN 112147928A
- Authority
- CN
- China
- Prior art keywords
- control module
- module
- control
- packet sending
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0421—Multiprocessor system
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24182—Redundancy
Abstract
The invention discloses a dual-CAN bus multi-redundancy hot backup flight control computer system and a method, wherein the dual-CAN bus multi-redundancy hot backup flight control computer system comprises the following steps: the interface modules are used for completing state acquisition and control instruction issuing of various sensors and execution mechanisms in the flight control system, and the plurality of interface modules are bridged on the two CAN buses; the control module finishes the processing of the data acquired by the interface module and returns a control instruction to the interface module, and the plurality of control modules are bridged on the two CAN buses and are mutually in hot backup; only one of the plurality of control modules is in operation; three parallel heartbeat packet sending units are designed in each control module; and the monitoring module is bridged on the two CAN buses, completes the real-time monitoring of the operation states of the plurality of control modules and completes the function replacement of the fault control module by the normal control module. The invention CAN realize multi-redundancy hot backup of the control modules and improve the reliability of the flight control computer by accurately monitoring the operation states of the control modules on the basis of the double CAN buses.
Description
Technical Field
The invention belongs to the field of electronic engineering and computer science, and particularly relates to a dual-CAN-bus multi-redundancy hot backup flight control computer system and a method.
Background
The flight control computer is used as a core part of the flight control system, and the reliability of the flight control computer is directly related to whether the flight control system can work normally or not. The master-slave hot backup computer is the technology upgrade of the existing single CPU computer, has the same size with the single CPU computer, adopts the same aviation socket, is completely compatible with the existing standardized computer structure, and can realize seamless upgrade. When the application program is only downloaded to any one of the CPUs, the master-slave hot-standby computer is degraded to a standard single-CPU computer. The master-slave hot backup computer adopts a master/slave CPU symmetrical design technology, and the identification marks, control words and state words of the master/slave CPU are completely the same, so that the master/slave CPU can realize completely the same application program, and the characteristic greatly simplifies the development and maintenance of the application program. However, how to accurately monitor the operating states of multiple control modules/CPUs based on multiple parallel buses is a current research focus.
Disclosure of Invention
In order to solve the technical problem, the invention provides a dual-CAN-bus multi-redundancy hot-backup flight control computer system and a method thereof.
The technical problem to be solved by the invention is realized by adopting the following technical scheme: a dual-CAN bus multi-redundancy hot backup flight control computer system comprises:
(1) the interface modules are used for completing state acquisition and control instruction issuing of various sensors and execution mechanisms in the flight control system, and the plurality of interface modules are bridged on the two CAN buses;
(2) the control module finishes the processing of the data acquired by the interface module and returns a control instruction to the interface module, and the plurality of control modules are bridged on the two CAN buses; only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
(3) the monitoring module is bridged on the two CAN buses, completes the real-time monitoring of the operation states of the plurality of control modules and completes the function replacement of the fault control module by the normal control module; the concrete implementation is as follows:
firstly, three heartbeat packet sending units in each control module send heartbeat packets to a monitoring module at a certain frequency f;
secondly, the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a range of [0.8f,1.2f ], and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '3 to 2' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when two frequencies of the three heartbeat packet sending units in each control module are in a [0.8f,1.2f ] interval, whether a frequency difference value d is less than or equal to 0.2f is judged, and if the conditions are met, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of the three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ], the monitoring module directly starts the normal control module to replace the fault control module.
According to another aspect of the present invention, a method for monitoring a dual-CAN-bus multi-redundancy hot-backup flight control computer is provided, which includes the following steps:
step 1, bridging a plurality of interface modules on two CAN buses, and acquiring the states of various sensors and actuating mechanisms in a flight control system and issuing control instructions in real time;
step 2, a plurality of control modules are bridged on the two CAN buses and are mutually hot-backed up; the control module processes the data acquired by the interface module and returns a control instruction to the interface module, wherein only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
step 3, bridging the monitoring module on two CAN buses, monitoring the operation states of a plurality of control modules in real time, and completing the function replacement of the fault control module by a normal control module; the concrete implementation is as follows:
(3.1) three heartbeat packet sending units in each control module send heartbeat packets to the monitoring module at a certain frequency f;
(3.2) the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a [0.8f,1.2f ] interval, and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '3 to 2' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when two frequencies of the three heartbeat packet sending units in each control module are in a [0.8f,1.2f ] interval, whether a frequency difference value d is less than or equal to 0.2f is judged, and if the conditions are met, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of the three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ], the monitoring module directly starts the normal control module to replace the fault control module.
Has the advantages that:
compared with the prior art, the invention has the advantages that: the invention CAN realize the accurate monitoring of the multi-control module/CPU running state of the flight control computer based on the real-time judgment of the multi-parallel CAN bus and the three heartbeat packages of the control module, thereby further improving the reliability of the flight control computer.
Drawings
FIG. 1 is a block diagram of the system architecture of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, rather than all embodiments, and all other embodiments obtained by a person skilled in the art based on the embodiments of the present invention belong to the protection scope of the present invention without creative efforts.
The invention relates to a design method of a dual-CAN bus multi-redundancy hot backup flight control computer, which CAN realize multi-redundancy hot backup of control modules by accurately monitoring the operation states of a plurality of control modules on the basis of dual CAN buses.
The system structure block diagram of the invention is shown in fig. 1, and comprises an interface module, a control module and a monitoring module. The specific implementation mode is as follows:
(1) the interface modules are used for acquiring the states of various sensors and actuating mechanisms in the flight control system and issuing control instructions, and the plurality of interface modules are bridged on the two CAN buses;
(2) the control module finishes the processing of the data acquired by the interface module and returns a control instruction to the interface module, and the plurality of control modules are bridged on the two CAN buses and are mutually in hot backup; only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
(3) and the monitoring module is bridged on the two CAN buses, completes the real-time monitoring of the operation states of the plurality of control modules and completes the function replacement of the fault control module by the normal control module. The concrete implementation is as follows:
firstly, three heartbeat packet sending units in each control module send heartbeat packets to a monitoring module at a certain frequency f, and if the frequency is 20, the heartbeat packets are sent every 50 ms;
secondly, the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a [0.8f,1.2f ] (namely [16,24]) interval or not, and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '2 from 3' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when the frequencies of the three heartbeat packet sending units in each control module have two intervals of [0.8f,1.2f ] (namely [16,24]), then whether a difference value d is less than or equal to 0.2f is judged, and if the difference value d meets the condition, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ] (namely [16,24]), the monitoring module directly enables the normal control module to replace the fault control module.
When the control module has hardware faults (such as power failure and crash), all the 3 heartbeat packet sending units cannot work normally (the frequency is 0), the conditions of [0.8f and 1.2f ] are not met, and the monitoring module directly starts the normal control module to replace the fault control module;
fourthly, when the control module is subjected to system power failure reset or watchdog reset, all the 3 heartbeat packet sending units cannot work normally (the frequencies are 0) and do not meet the conditions of [0.8f and 1.2f ], and the monitoring module directly starts the normal control module to replace the fault control module;
fifthly, when the control module causes occasional faults to occur to 3 heartbeat packet sending units due to the occasional faults, frequency values of the heartbeat packet sending units are all within 0.8f and 1.2f, but the difference value is larger than 0.2f, and at the moment, the monitoring module directly starts the normal control module to replace the fault control module.
The invention CAN complete the state monitoring of the control modules of a plurality of flight control computers through the monitoring module based on the double CAN buses, and realize the timely discovery and replacement of the fault control module, thereby further improving the reliability of the flight control computers.
According to another aspect of the present invention, a method for monitoring a dual-CAN-bus multi-redundancy hot-backup flight control computer is provided, which includes the following steps:
step 1, bridging a plurality of interface modules on two CAN buses, and acquiring the states of various sensors and actuating mechanisms in a flight control system and issuing control instructions in real time;
step 2, a plurality of control modules are bridged on the two CAN buses and are mutually hot-backed up; the control module processes the data acquired by the interface module and returns a control instruction to the interface module, wherein only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
and 3, bridging the monitoring modules on the two CAN buses, monitoring the operation states of the control modules in real time, and completing the function replacement of the fault control module by the normal control module. The concrete implementation is as follows:
(3.1) three heartbeat packet sending units in each control module send heartbeat packets to the monitoring module at a certain frequency f;
(3.2) the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a [0.8f,1.2f ] interval, and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '3 to 2' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when two frequencies of the three heartbeat packet sending units in each control module are in a [0.8f,1.2f ] interval, whether a frequency difference value d is less than or equal to 0.2f is judged, and if the conditions are met, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of the three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ], the monitoring module directly starts the normal control module to replace the fault control module.
In summary, the invention discloses a dual-CAN-bus multi-redundancy hot-backup flight control computer system and method, which comprises an interface module, a control module and a monitoring module, and CAN realize multi-redundancy hot backup of the control module by accurately monitoring the operation states of a plurality of control modules on the basis of dual CAN-buses, thereby further improving the reliability of the flight control computer.
Those skilled in the art will appreciate that the invention may be practiced without these specific details.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (2)
1. A dual-CAN bus multi-redundancy hot backup flight control computer system is characterized by comprising:
(1) the interface modules are used for completing state acquisition and control instruction issuing of various sensors and execution mechanisms in the flight control system, and the plurality of interface modules are bridged on the two CAN buses;
(2) the control module finishes the processing of the data acquired by the interface module and returns a control instruction to the interface module, and the plurality of control modules are bridged on the two CAN buses; only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
(3) the monitoring module is bridged on the two CAN buses, completes the real-time monitoring of the operation states of the plurality of control modules and completes the function replacement of the fault control module by the normal control module; the concrete implementation is as follows:
firstly, three heartbeat packet sending units in each control module send heartbeat packets to a monitoring module at a certain frequency f;
secondly, the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a range of [0.8f,1.2f ], and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '3 to 2' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when two frequencies of the three heartbeat packet sending units in each control module are in a [0.8f,1.2f ] interval, whether a frequency difference value d is less than or equal to 0.2f is judged, and if the conditions are met, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of the three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ], the monitoring module directly starts the normal control module to replace the fault control module.
2. A monitoring method for a dual-CAN bus multi-redundancy hot backup flight control computer is characterized by comprising the following steps:
step 1, bridging a plurality of interface modules on two CAN buses, and acquiring the states of various sensors and actuating mechanisms in a flight control system and issuing control instructions in real time;
step 2, a plurality of control modules are bridged on the two CAN buses and are mutually hot-backed up; the control module processes the data acquired by the interface module and returns a control instruction to the interface module, wherein only one control module in the plurality of control modules is in operation, and the others are hot backup; three parallel heartbeat packet sending units are designed in each control module;
step 3, bridging the monitoring module on two CAN buses, monitoring the operation states of a plurality of control modules in real time, and completing the function replacement of the fault control module by a normal control module; the concrete implementation is as follows:
(3.1) three heartbeat packet sending units in each control module send heartbeat packets to the monitoring module at a certain frequency f;
(3.2) the monitoring module counts the heartbeat packets sent by each heartbeat packet sending unit, calculates whether the frequency of the heartbeat packets is in a [0.8f,1.2f ] interval, and simultaneously calculates the difference d between the frequencies; firstly, a judgment strategy of '3 to 2' is adopted for the frequencies of three heartbeat packet sending units in each control module, namely when two frequencies of the three heartbeat packet sending units in each control module are in a [0.8f,1.2f ] interval, whether a frequency difference value d is less than or equal to 0.2f is judged, and if the conditions are met, the control module is judged to normally run; otherwise, the monitoring module starts a normal control module to replace the fault control module; if the frequency of the three heartbeat packet sending units in each control module does not satisfy two intervals of [0.8f,1.2f ], the monitoring module directly starts the normal control module to replace the fault control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010966324.6A CN112147928B (en) | 2020-09-15 | 2020-09-15 | Dual-CAN-bus multi-redundancy hot backup flight control computer system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010966324.6A CN112147928B (en) | 2020-09-15 | 2020-09-15 | Dual-CAN-bus multi-redundancy hot backup flight control computer system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112147928A true CN112147928A (en) | 2020-12-29 |
| CN112147928B CN112147928B (en) | 2022-02-25 |
Family
ID=73892778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010966324.6A Active CN112147928B (en) | 2020-09-15 | 2020-09-15 | Dual-CAN-bus multi-redundancy hot backup flight control computer system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112147928B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114355803A (en) * | 2021-12-15 | 2022-04-15 | 北京电子工程总体研究所 | Reinforcement machine multi-machine system based on task monitoring and redundancy design method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929157A (en) * | 2012-11-15 | 2013-02-13 | 哈尔滨工程大学 | Triple-redundancy dynamic positioning control computer system for vessel |
| CN104238435A (en) * | 2014-05-27 | 2014-12-24 | 北京航天自动控制研究所 | Triple-redundancy control computer and fault-tolerant control system |
| CN107728463A (en) * | 2017-08-31 | 2018-02-23 | 北京宇航系统工程研究所 | A kind of measuring and controlling equipment redundancy switch unit based on domestic Loongson processor |
| CN109104349A (en) * | 2017-06-21 | 2018-12-28 | 比亚迪股份有限公司 | Train network data transmission method, system and its apparatus based on CANopen agreement |
| US20190036732A1 (en) * | 2017-07-27 | 2019-01-31 | X Development Llc | Asymmetric CAN-based Communication for Aerial Vehicles |
| CN111308990A (en) * | 2020-03-15 | 2020-06-19 | 武汉天富海科技发展有限公司 | Dual-CPU hybrid fault detection system and method for power station control system for ship |
-
2020
- 2020-09-15 CN CN202010966324.6A patent/CN112147928B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929157A (en) * | 2012-11-15 | 2013-02-13 | 哈尔滨工程大学 | Triple-redundancy dynamic positioning control computer system for vessel |
| CN104238435A (en) * | 2014-05-27 | 2014-12-24 | 北京航天自动控制研究所 | Triple-redundancy control computer and fault-tolerant control system |
| CN109104349A (en) * | 2017-06-21 | 2018-12-28 | 比亚迪股份有限公司 | Train network data transmission method, system and its apparatus based on CANopen agreement |
| US20190036732A1 (en) * | 2017-07-27 | 2019-01-31 | X Development Llc | Asymmetric CAN-based Communication for Aerial Vehicles |
| CN107728463A (en) * | 2017-08-31 | 2018-02-23 | 北京宇航系统工程研究所 | A kind of measuring and controlling equipment redundancy switch unit based on domestic Loongson processor |
| CN111308990A (en) * | 2020-03-15 | 2020-06-19 | 武汉天富海科技发展有限公司 | Dual-CPU hybrid fault detection system and method for power station control system for ship |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114355803A (en) * | 2021-12-15 | 2022-04-15 | 北京电子工程总体研究所 | Reinforcement machine multi-machine system based on task monitoring and redundancy design method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112147928B (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103149907B (en) | Hot-redundancy CAN (Controller Area Network)-bus high-fault-tolerance control terminal and method based on dual DSPs (Digital Signal Processors) | |
| CN110376876B (en) | Double-system synchronous safety computer platform | |
| CN102724083A (en) | Degradable triple-modular redundancy computer system based on software synchronization | |
| CN106648997A (en) | Master-salve switching method based on non-real-time operating system | |
| JP2017507432A (en) | Measuring system having a plurality of sensors | |
| CN103853622A (en) | Control method of dual redundancies capable of being backed up mutually | |
| CN103544092A (en) | Health monitoring system of avionic electronic equipment based on ARINC653 standard | |
| CN110427283B (en) | Dual-redundancy fuel management computer system | |
| CN106814603A (en) | A kind of dual redundant fault-tolerant system based on non-real time operating system | |
| WO2023273404A1 (en) | Chip-level software/hardware co-operative relay protection apparatus | |
| RU2679706C2 (en) | Two-channel architecture | |
| CN108255123A (en) | Train LCU control devices based on the voting of two from three software and hardware | |
| CN112147928B (en) | Dual-CAN-bus multi-redundancy hot backup flight control computer system and method | |
| CN109194497A (en) | Double SRIO Network Backup Systems of software-oriented radio system | |
| CN210129215U (en) | Dual-redundancy electromechanical management computer architecture | |
| CN102708012B (en) | Parallel-processing dual fault-tolerant on-satellite processing system | |
| CN112882901A (en) | Intelligent health state monitor of distributed processing system | |
| RU2439674C1 (en) | Method to form fault-tolerant computing system and fault-tolerant computing system | |
| CN104808620A (en) | GJB289A serial bus-based distributed aircraft management system architecture | |
| CN109306875B (en) | Steam turbine DEH dual-controller synchronous hot standby redundancy switching device and method | |
| KR20100020253A (en) | Monitoring apparatus for message transmission in network for a vehicle | |
| CN112859711A (en) | Spacecraft CAN bus autonomous switching processing system and method | |
| KR20150104251A (en) | Airplane system and control method thereof | |
| CN114355803A (en) | Reinforcement machine multi-machine system based on task monitoring and redundancy design method | |
| CN110781055B (en) | Service component running state monitoring method of embedded partition real-time operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |