CN116483631A - Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof - Google Patents

Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof Download PDF

Info

Publication number
CN116483631A
CN116483631A CN202310270243.6A CN202310270243A CN116483631A CN 116483631 A CN116483631 A CN 116483631A CN 202310270243 A CN202310270243 A CN 202310270243A CN 116483631 A CN116483631 A CN 116483631A
Authority
CN
China
Prior art keywords
cpu
controller
information
comprehensive
integrated controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310270243.6A
Other languages
Chinese (zh)
Inventor
曹娟娟
肖振
王少华
潘明健
张晋
杨志涛
崔同锴
王琳
孙建
兰敬辉
荣利霞
赵佳媚
孙石杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Near Space Vehicles System Engineering
Original Assignee
Beijing Institute of Near Space Vehicles System Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Near Space Vehicles System Engineering filed Critical Beijing Institute of Near Space Vehicles System Engineering
Priority to CN202310270243.6A priority Critical patent/CN116483631A/en
Publication of CN116483631A publication Critical patent/CN116483631A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1438Restarting or rejuvenating
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)

Abstract

The application discloses an electrical system, which comprises a multi-core central control computer, wherein the multi-core central control computer comprises a CPU1 and a CPU2, and the CPU2 is a hot backup module of the CPU 1; in the case where the result of the solution of CPU1 and CPU2 matches abnormality, CPU1 pauses outputting the result of the solution, CPU2 acts as a master module and outputs the result of the solution. The application also discloses an electrical system, which comprises a comprehensive controller 1 and a comprehensive controller 2, wherein the comprehensive controller 2 is a hot backup device of the comprehensive controller 1; the integrated controller 2 monitors heartbeat and status information of the integrated controller 1, and when there is an abnormality, the integrated controller 2 takes over management tasks of the integrated controller 1 and restarts the integrated controller 1. Therefore, the real-time performance of the comprehensive electrical system software system fault processing is improved, and the application and popularization of the electronic comprehensive technology in the aerospace field are promoted.

Description

Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof
Technical Field
The application relates to the technical field of aerospace, in particular to a comprehensive electrical system based on a cold-hot dual-backup mechanism and an operation method thereof.
Background
In the comprehensive development process of the electronic system, the independent calculation tasks of all the subsystems are gradually concentrated into the comprehensive control system, the comprehensive control system uniformly provides calculation resources for the electronic equipment, and control instructions are output to all the electronic equipment. And each application program in the comprehensive control system independently and parallelly operates, and under the condition that a certain functional device fails, the fault processing in the system is realized mainly by virtue of a migration reconstruction technology. Because the control period of the aerospace vehicle is much faster than the aircraft control period, the migration reconstruction technique is not suitable for fault handling of the aerospace vehicle. In case of failure of the critical functional module, the reliability will be greatly reduced.
Disclosure of Invention
Due to the defect of instantaneity of an avionics comprehensive migration reconstruction fault processing mechanism in aerospace application, the application provides a comprehensive electrical system based on a cold and hot dual-backup mechanism and an operation method thereof based on a traditional avionics comprehensive technical scheme. The method and the device can improve the instantaneity of the fault processing of the integrated electrical system software system, and further promote the application and popularization of the electronic integrated technology in the aerospace field.
In a first aspect, an electrical system is provided, including a central control computer having a multi-core processor, where the central control computer includes a first CPU and a second CPU, the second CPU is a hot standby module of the first CPU, and the first CPU and the second CPU are configured with a first application program and are used for executing a resolving task of the first application program, a settlement result calculated by the first CPU is a first resolving result, and a settlement result calculated by the second CPU is a second resolving result;
the first calculation result is output as the calculation result of the first application program under the condition that the first calculation result and the second calculation result are successfully matched, and the second CPU synchronizes the first calculation result;
in the case where the first and second solution results match abnormally, the first CPU pauses outputting the solution result, and the second solution result is output as the solution result of the first application program.
With reference to the first aspect, in certain implementation manners of the first aspect, the electrical system further includes a first integrated controller, where the first integrated controller is an upper level controller of the first CPU and the second CPU;
the second CPU is used for sending abnormal information to the first CPU when the first resolving result and the second resolving result are matched with each other to be abnormal, and the first CPU is used for suspending outputting the resolving result according to the abnormal information;
the second CPU is used for sending indication information to the first comprehensive controller when the first resolving result and the second resolving result are matched abnormally, and the indication information is used for indicating the second CPU to be switched to the main module, and the first CPU fails.
With reference to the first aspect, in certain implementation manners of the first aspect, the electrical system further includes a first integrated controller, where the first integrated controller is an upper level controller of the first CPU and the second CPU;
the second CPU is used for sending abnormal information to the first comprehensive controller under the condition that the first resolving result and the second resolving result are matched with each other abnormally;
the first integrated controller is used for sending working mode conversion indicating information according to the abnormal information, and the working mode conversion indicating information is used for indicating the main module to be switched from the first CPU to the second CPU;
the first CPU is used for suspending outputting a resolving result according to the working mode conversion indicating information;
and the second CPU is used for outputting the second resolving result as the resolving result of the first application program according to the working mode conversion indicating information.
With reference to the first aspect, in certain implementation manners of the first aspect, the central control computer further includes a third CPU, where the third CPU is configured with the first application program;
in the case that the second CPU is a hot backup module of the first CPU, the third CPU is a cold backup module of the second CPU, and the third CPU does not execute a resolving task of the first application program;
the first comprehensive controller is used for sending hot backup configuration information to the third CPU under the condition that the first resolving result and the second resolving result are matched abnormally;
and the third CPU is used for executing the resolving task of the first application program according to the hot backup configuration information and serving as a hot backup module of the second CPU.
With reference to the first aspect, in certain implementation manners of the first aspect, the electrical system further includes a second integrated controller, where the second integrated controller is a hot standby device of the first integrated controller;
the second integrated controller is used for acquiring heartbeat information and state information of the first integrated controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller and restarts the first integrated controller, wherein the first integrated controller is a hot backup device of the second integrated controller.
In a second aspect, an electrical system is provided, where the electrical system includes a first integrated controller and a second integrated controller, where the second integrated controller is a hot standby device of the first integrated controller, and the second integrated controller is configured to obtain heartbeat information and status information of the first integrated controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller and restarts the first integrated controller, wherein the first integrated controller is a hot backup device of the second integrated controller.
In a third aspect, there is provided a method of operating an electrical system comprising a central control computer having a multi-core processor, the central control computer comprising a first CPU and a second CPU, the method comprising:
the first CPU executes a resolving task of the first application program to obtain a first resolving result;
the second CPU executes the resolving task of the first application program to obtain a second resolving result;
the first CPU outputs the first resolving result as the resolving result of the first application program under the condition that the first resolving result and the second resolving result are successfully matched, and the second CPU synchronizes the first resolving result;
in the case where the first and second solution results match abnormally, the first CPU pauses outputting the solution result, and the second CPU outputs the second solution result as the solution result of the first application program.
With reference to the third aspect, in certain implementations of the third aspect, the electrical system further includes a first integrated controller, and in a case where the first and second solutions match an anomaly, the method further includes:
the second CPU sends abnormal information to the first CPU;
the first CPU pauses outputting a resolving result according to the abnormal information;
and the second CPU sends indication information to the first comprehensive controller, wherein the indication information is used for indicating the second CPU to be switched into the main module, and the first CPU fails.
With reference to the third aspect, in certain implementations of the third aspect, the electrical system further includes a first integrated controller, and in a case where the first and second solutions match an anomaly, the method further includes:
the second CPU sends abnormal information to the first comprehensive controller;
the first comprehensive controller sends working mode conversion indicating information according to the abnormal information, wherein the working mode conversion indicating information is used for indicating a main module to be switched from the first CPU to the second CPU;
the first CPU pauses outputting a resolving result according to the working mode conversion indicating information;
and the second CPU outputs the second resolving result as the resolving result of the first application program according to the working mode conversion indicating information.
With reference to the third aspect, in certain implementations of the third aspect, the central control computer further includes a third CPU; in the case where the first and second solution results match anomalies, the method further includes:
the first comprehensive controller sends hot backup configuration information to the third CPU;
and the third CPU executes the resolving task of the first application program according to the hot backup configuration information and serves as a hot backup module of the second CPU.
With reference to the third aspect, in certain implementations of the third aspect, the electrical system further includes a second integrated controller; the method further comprises the steps of:
the second comprehensive controller acquires heartbeat information and state information of the first comprehensive controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller, and restarts the first integrated controller.
In a fourth aspect, there is provided a method of operating an electrical system comprising a first integrated controller and a second integrated controller, the method comprising:
the second comprehensive controller acquires heartbeat information and state information of the first comprehensive controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller, and restarts the first integrated controller.
Compared with the prior art, the scheme provided by the application at least comprises the following beneficial technical effects:
the method provides an operation method of the integrated electrical system based on a cold and hot dual backup mechanism on the basis of the traditional avionics integrated technology, can provide a high-real-time fault handling mechanism for the aerospace integrated electrical system, and improves the reliability of the integrated electrical system. The test proves that the reliability can be improved by 50%.
Drawings
Fig. 1 is a schematic structural diagram of a comprehensive electrical system with a cold-hot dual backup mechanism.
Fig. 2 is a schematic structural diagram of a comprehensive electrical system with a cold-hot dual backup mechanism.
Detailed Description
The present application is described in further detail below with reference to the drawings and specific examples.
Fig. 1 and 2 show schematic block diagrams of a comprehensive electrical system according to an embodiment of the present application. Fig. 1 and 2 also show a dual hot and cold backup mechanism for the integrated electrical system.
The integrated electrical system may comprise an integrated controller 1 and a central control computer with multi-core processors such as CPU1, CPU2, CPU3, CPU4, CPU5 shown in fig. 1.
Redundant application programs can be deployed on a central control computer CPU of the multi-core processor, and the normal working state of the comprehensive electrical system in the figure 1 is referred. In the aspect of executing the application functions of the electrical system, the same application program is deployed on two central control computer CPUs with the same configuration. For example, the central control computer CPU1 and the central control computer CPU2 may deploy the application program a, the application program B, and the configuration of the central control computer CPU1 and the central control computer CPU2 may be the same; the central control computer CPU3 and the central control computer CPU4 may deploy the application program C, the application program D, and the configuration of the central control computer CPU3 and the central control computer CPU4 may be the same.
The central control computer CPU5 is a standby module, and may deploy an application a, an application B, an application C, and an application D. When the integrated electrical system is in a normal operation state, the central control computer CPU5 does not run any application program, and is in a cold standby state, as shown in fig. 1.
After the equipment initialization and application deployment are completed, the central control computer CPU1 and the central control computer CPU2 run the same application program, and synchronously receive the input data on the bus. Assuming that the central control computer CPU1 is the primary module, the central control computer CPU2 is the hot standby module. The central control computer CPU1 may output the result of the calculation 1 every cycle. The central control computer CPU2 may output the result of the calculation 2 every cycle. The central control computer CPU2 or the integrated controller 1 may compare the solution result 1 with the solution result 2 to determine whether the central control computer CPU1 has a failure.
If the result 1 matches or differs little from the result 2, the central control computer CPU2 synchronizes the state data of the central control computer CPU2 to the result 1. The reason for this phenomenon mainly includes that the central control computer CPU1 and the central control computer CPU2 acquire data at different times within an extremely short period of time, which in turn causes the central control computer CPU1 and the central control computer CPU2 to acquire data slightly different, and thus may slightly differ.
If the result 1 differs too much from the result 2, for example, exceeds a preset threshold, or exceeds a reasonably normal distribution range of settlement errors, the result 1 may be abnormal. The calculation result 1 and the calculation result 2 exceed the reasonable normal distribution range of the settlement error, and can be specifically judged in the following manner. Based on the hypothesis test of normal distribution, the original hypothesis is that the main module of the CPU1 operates correctly, and the backup hypothesis is that the backup module of the CPU2 operates correctly. According to the normal distribution, if the probability that both the original assumption and the backup assumption are established is relatively high, it can be considered that the original assumption is met; if the probability that both the original and backup assumptions are true is relatively low, then the original assumption may be deemed to be disagreeable.
In one possible scenario, it may be determined whether the result 1 of the calculation is abnormal in conjunction with the data output state of the central control computer CPU 1. For example, if the central control computer CPU1 makes a jump in outputting the result of the calculation 1, or the central control computer CPU1 does not output the result of the calculation for a long time, or the integrated controller 1 receives the application management information from the central control computer CPU1 as abnormal, or the integrated controller 1 receives the application management feedback information from the central control computer CPU1 as overtime, or the like, it may be considered that the result of the calculation 1 as abnormal.
In some embodiments, in the case where the result of the calculation 1 is considered to be abnormal, the central control computer CPU2 may directly feed back the abnormality information to the central control computer CPU1, and continue to output the result of the calculation from the input data on the bus in the next cycle. The central control computer CPU1 may suspend functioning as a master on the basis of the abnormality information, that is, suspend outputting the result of the resolution on the bus. The central control computer CPU2 may report the master module switching process to the integrated controller 1, informing the integrated controller 1 that the current master module is switched from the central control computer CPU2 to the central control computer CPU1, and that the central control computer CPU1 is currently malfunctioning.
In other embodiments, in the case where the result 1 of the calculation is considered to be abnormal, the central control computer CPU2 may feed back the abnormality information to the integrated controller 1. The integrated controller 1 may send out the operation mode conversion instruction information, so that the central control computer CPU2 is more a master module, and the central control computer CPU1 is currently malfunctioning and is suspended to act as a master module. The central control computer CPU2 becomes the master module and outputs the calculation result of the central control computer CPU 2. During the master module switching process, there may be a case where the output of the calculation result is not timely in an individual period. Because the integrated electrical system has certain fault tolerance, the normal use of the integrated electrical system is not affected by the switching process of the main module.
The integrated controller 1 may reconstruct the task of the faulty CPU1 to the central control computer CPU5, and use the central control computer CPU5 as a hot standby module of the central control computer CPU5, see fig. 1. Specifically, the integrated controller 1 may issue a configuration instruction to the central control computer CPU5, perform an initialization procedure, instruct the central control computer CPU5 to enable the application program a, the application program B deployed on the central control computer CPU5. Then the central control computer CPU5 runs the application program a, the application program B, and calculates the result of the calculation from the data on the bus.
The central control computer CPU5 may also be a central control computer CPU3 or a central control computer CPU 4. The specific embodiment refers to an example in which the central control computer CPU5 is a cooling device of the central control computer CPU1 and the central control computer CPU 2.
In order to ensure that the system functions correctly and reliably during the operation of the system, the integrated electrical system may further comprise an integrated controller 2. The integrated controllers 1, 2 operate the same functional configuration. In terms of electrical system management, the integrated controller 1 may be a system management master, and the integrated controller 2 may be a hot standby device of the integrated controller 1.
During operation of the device, the integrated controller 2 monitors the operation state of the integrated controller 1 through heartbeat information and synchronizes system state information with the integrated controller 1 through a high-speed data bus (e.g., ethernet). The state information may include parameters such as voltage, current, command timing, etc. Under the normal condition of the heartbeat information of the integrated controller 1, if the difference value between the state information of the integrated controller 2 and the state information of the integrated controller 1 is larger than the allowable accuracy error of the system, the integrated controller 2 records the abnormal detailed information of the state information and synchronously updates the state information of the integrated controller 1 into the state information of the integrated controller 1.
Under the condition that the heartbeat information of the comprehensive controller 1 is abnormal, the receiving time-out condition is over, the recording times of abnormal detailed information are too many and the like, the hot backup comprehensive controller 2 takes over the management function of the comprehensive controller 1, simultaneously sends an instruction, restarts the comprehensive controller 1, and then the comprehensive controller 2 is switched to a main module, and the comprehensive controller 2 realizes the taking over of the central control computers CPU1, CPU2, CPU3, CPU4 and CPU 5; the integrated controller 1 switches to the hot standby module, see fig. 2.
The application provides an operation method of a comprehensive electrical system based on a cold and hot dual-backup mechanism on the basis of the traditional avionics comprehensive technology. The comprehensive electrical system can adopt a main fault processing strategy in the aspect of ensuring the reliability of equipment, namely a dual backup mechanism of hot backup and cold backup of application functions. Therefore, a fault processing mechanism with high real-time performance can be provided for the aerospace comprehensive electrical system, the reliability of the electrical system is improved, and the application of the electronic comprehensive technology in the aerospace field is promoted.
While the preferred embodiment has been described, it is not intended to limit the invention thereto, and any person skilled in the art may make variations and modifications without departing from the spirit and scope of the present invention, so that the scope of the present invention shall be defined by the claims.

Claims (12)

1. The electric system is characterized by comprising a central control computer with a multi-core processor, wherein the central control computer comprises a first CPU and a second CPU, the second CPU is a hot standby module of the first CPU, a first application program is configured on the first CPU and the second CPU and is used for executing a resolving task of the first application program, a settlement result obtained by calculation of the first CPU is a first resolving result, and a settlement result obtained by calculation of the second CPU is a second resolving result;
the first calculation result is output as the calculation result of the first application program under the condition that the first calculation result and the second calculation result are successfully matched, and the second CPU synchronizes the first calculation result;
in the case where the first and second solution results match abnormally, the first CPU pauses outputting the solution result, and the second solution result is output as the solution result of the first application program.
2. The electrical system of claim 1, further comprising a first integrated controller, the first integrated controller being a host controller for the first CPU and the second CPU;
the second CPU is used for sending abnormal information to the first CPU when the first resolving result and the second resolving result are matched with each other to be abnormal, and the first CPU is used for suspending outputting the resolving result according to the abnormal information;
the second CPU is used for sending indication information to the first comprehensive controller when the first resolving result and the second resolving result are matched abnormally, and the indication information is used for indicating the second CPU to be switched to the main module, and the first CPU fails.
3. The electrical system of claim 1, further comprising a first integrated controller, the first integrated controller being a host controller for the first CPU and the second CPU;
the second CPU is used for sending abnormal information to the first comprehensive controller under the condition that the first resolving result and the second resolving result are matched with each other abnormally;
the first integrated controller is used for sending working mode conversion indicating information according to the abnormal information, and the working mode conversion indicating information is used for indicating the main module to be switched from the first CPU to the second CPU;
the first CPU is used for suspending outputting a resolving result according to the working mode conversion indicating information;
and the second CPU is used for outputting the second resolving result as the resolving result of the first application program according to the working mode conversion indicating information.
4. The electrical system of claim 2 or 3, wherein the central control computer further comprises a third CPU configured with the first application;
in the case that the second CPU is a hot backup module of the first CPU, the third CPU is a cold backup module of the second CPU, and the third CPU does not execute a resolving task of the first application program;
the first comprehensive controller is used for sending hot backup configuration information to the third CPU under the condition that the first resolving result and the second resolving result are matched abnormally;
and the third CPU is used for executing the resolving task of the first application program according to the hot backup configuration information and serving as a hot backup module of the second CPU.
5. An electrical system according to claim 2 or 3, further comprising a second integrated controller that is a hot standby device of the first integrated controller;
the second integrated controller is used for acquiring heartbeat information and state information of the first integrated controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller and restarts the first integrated controller, wherein the first integrated controller is a hot backup device of the second integrated controller.
6. The electric system is characterized by comprising a first comprehensive controller and a second comprehensive controller, wherein the second comprehensive controller is hot backup equipment of the first comprehensive controller, and the second comprehensive controller is used for acquiring heartbeat information and state information of the first comprehensive controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller and restarts the first integrated controller, wherein the first integrated controller is a hot backup device of the second integrated controller.
7. A method of operating an electrical system comprising a central control computer having a multi-core processor, the central control computer comprising a first CPU and a second CPU, the method comprising:
the first CPU executes a resolving task of the first application program to obtain a first resolving result;
the second CPU executes the resolving task of the first application program to obtain a second resolving result;
the first CPU outputs the first resolving result as the resolving result of the first application program under the condition that the first resolving result and the second resolving result are successfully matched, and the second CPU synchronizes the first resolving result;
in the case where the first and second solution results match abnormally, the first CPU pauses outputting the solution result, and the second CPU outputs the second solution result as the solution result of the first application program.
8. The method of claim 7, wherein the electrical system further comprises a first integrated controller, the method further comprising, in the event that the first and second solutions match abnormally:
the second CPU sends abnormal information to the first CPU;
the first CPU pauses outputting a resolving result according to the abnormal information;
and the second CPU sends indication information to the first comprehensive controller, wherein the indication information is used for indicating the second CPU to be switched into the main module, and the first CPU fails.
9. The method of claim 7, wherein the electrical system further comprises a first integrated controller, the method further comprising, in the event that the first and second solutions match abnormally:
the second CPU sends abnormal information to the first comprehensive controller;
the first comprehensive controller sends working mode conversion indicating information according to the abnormal information, wherein the working mode conversion indicating information is used for indicating a main module to be switched from the first CPU to the second CPU;
the first CPU pauses outputting a resolving result according to the working mode conversion indicating information;
and the second CPU outputs the second resolving result as the resolving result of the first application program according to the working mode conversion indicating information.
10. The method of claim 8 or 9, wherein the central control computer further comprises a third CPU; in the case where the first and second solution results match anomalies, the method further includes:
the first comprehensive controller sends hot backup configuration information to the third CPU;
and the third CPU executes the resolving task of the first application program according to the hot backup configuration information and serves as a hot backup module of the second CPU.
11. The method of claim 8 or 9, wherein the electrical system further comprises a second integrated controller; the method further comprises the steps of:
the second comprehensive controller acquires heartbeat information and state information of the first comprehensive controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller, and restarts the first integrated controller.
12. A method of operating an electrical system comprising a first integrated controller and a second integrated controller, the method comprising:
the second comprehensive controller acquires heartbeat information and state information of the first comprehensive controller;
under the condition that the heartbeat information of the first comprehensive controller is normal, if the state information of the second comprehensive controller is abnormal in match with the state information of the first comprehensive controller, the second comprehensive controller is used for recording the state abnormal information and synchronously updating the state information of the second comprehensive controller into the state information of the first comprehensive controller;
and under the condition that the heartbeat information of the first integrated controller is abnormal, or under the condition that the state information of the first integrated controller is received overtime, or under the condition that the abnormal information record exceeds a preset quantity, the second integrated controller takes over the management task of the first integrated controller, and restarts the first integrated controller.
CN202310270243.6A 2023-03-15 2023-03-15 Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof Pending CN116483631A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310270243.6A CN116483631A (en) 2023-03-15 2023-03-15 Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310270243.6A CN116483631A (en) 2023-03-15 2023-03-15 Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof

Publications (1)

Publication Number Publication Date
CN116483631A true CN116483631A (en) 2023-07-25

Family

ID=87216824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310270243.6A Pending CN116483631A (en) 2023-03-15 2023-03-15 Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof

Country Status (1)

Country Link
CN (1) CN116483631A (en)

Similar Documents

Publication Publication Date Title
US5491787A (en) Fault tolerant digital computer system having two processors which periodically alternate as master and slave
US7802138B2 (en) Control method for information processing apparatus, information processing apparatus, control program for information processing system and redundant comprisal control apparatus
JP3982353B2 (en) Fault tolerant computer apparatus, resynchronization method and resynchronization program
JP3737695B2 (en) System and method for transparent time-based selective software rejuvenation
EP0433979A2 (en) Fault-tolerant computer system with/config filesystem
US20060259815A1 (en) Systems and methods for ensuring high availability
US20070128895A1 (en) Redundant automation system for controlling a techinical device, and method for operating such an automation system
CN102724083A (en) Degradable triple-modular redundancy computer system based on software synchronization
CN111831488B (en) TCMS-MPU control unit with safety level design
CN103853622A (en) Control method of dual redundancies capable of being backed up mutually
US7373542B2 (en) Automatic startup of a cluster system after occurrence of a recoverable error
US20040193735A1 (en) Method and circuit arrangement for synchronization of synchronously or asynchronously clocked processor units
US20050229035A1 (en) Method for event synchronisation, especially for processors of fault-tolerant systems
EP2937785B1 (en) A method of recovering application data
CN111930573A (en) Task-level dual-computer hot standby system and method based on management platform
JPH07306794A (en) Distributed system and enhancing method for reliability
CN116483631A (en) Comprehensive electrical system based on cold and hot dual-backup mechanism and operation method thereof
CN111221683A (en) Double-flash hot backup method, system, terminal and storage medium for data center switch
CN116991637B (en) Operation control method and device of embedded system, electronic equipment and storage medium
JPH10116261A (en) Check point restarting method for parallel computer system
CN114750774B (en) Safety monitoring method and automobile
KR19990050460A (en) Disaster Recovery Method and Device of High Availability System
CN114509981B (en) Controller hardware redundancy control method and system
JP2001175545A (en) Server system, fault diagnosing method, and recording medium
CN114817908A (en) Self-isolation method, system, terminal and medium for dual-computer hot standby software

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination