CN118034016A - Dual-redundancy input signal twice monitoring voting method - Google Patents
Dual-redundancy input signal twice monitoring voting method Download PDFInfo
- Publication number
- CN118034016A CN118034016A CN202311846045.6A CN202311846045A CN118034016A CN 118034016 A CN118034016 A CN 118034016A CN 202311846045 A CN202311846045 A CN 202311846045A CN 118034016 A CN118034016 A CN 118034016A
- Authority
- CN
- China
- Prior art keywords
- signal
- voting
- redundancy
- monitoring
- illegal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000001052 transient effect Effects 0.000 claims description 28
- 230000009977 dual effect Effects 0.000 claims description 13
- 235000008694 Humulus lupulus Nutrition 0.000 claims description 3
- 230000007704 transition Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
The application belongs to the technical field of redundancy management, and particularly relates to a double-redundancy input signal twice monitoring voting method. The method comprises the steps of S1, periodically monitoring signal valid bits, and judging whether the signal valid bits are valid or not; step S2, periodically monitoring whether the floating point number is illegal or not when the signal valid bit is valid; step S3, when the floating point number is legal, periodically monitoring signal hopping, and determining whether the signal hopping occurs; and S4, performing primary and backup selection of the dual-redundancy signal, determining a first voting value, performing secondary voting on the first voting values of the four voting modules, and determining a second voting value. The method improves the reliability of four-redundancy monitoring voting and ensures the flight safety of the aircraft.
Description
Technical Field
The application belongs to the technical field of redundancy management, and particularly relates to a double-redundancy input signal twice monitoring voting method.
Background
Redundancy management for a four redundancy system is an important part of the design of aircraft management systems. In the aircraft management system with high comprehensive degree, the signal monitoring logic is complex, and the signal monitoring logic for simplifying redundancy management has very important significance by designing the signal comprehensive effectiveness monitoring method.
In order to simplify equipment and management, only two equipment sources are usually arranged, and the two equipment sources are not in one-to-one correspondence with the four redundancy systems, so that the problem of voting confusion exists in the existing four redundancy systems, namely, data of the two equipment sources are required to be respectively sent to the four redundancy systems, and the four redundancy systems vote.
Disclosure of Invention
In order to solve the problems, the application provides a double-redundancy input signal twice monitoring voting method to solve the problem of monitoring voting of signals generated by two redundancy equipment sources in a4 redundancy system.
The application provides a double redundancy input signal twice monitoring voting method, which mainly comprises the following steps:
Step S1, periodically monitoring signal valid bits, judging whether the signal valid bits are valid, and marking the redundancy signal as invalid when the signal valid bits are invalid;
Step S2, periodically monitoring whether the floating point number is illegal or not when the signal valid bit is valid, performing illegal counting of the floating point number when the floating point number is illegal, suspending signal jump monitoring, marking the redundancy signal as invalid when the illegal counting of the floating point number exceeds a set value, and stopping all monitoring;
Step S3, when the floating point number is legal, periodically monitoring signal hopping, regarding two signals which are continuously collected, if the difference value exceeds a set value, determining that the signals are hopped, performing signal hopping counting when two signal hops appear continuously, and when the signal hopping counting exceeds the set value, marking the redundant signal as invalid and stopping all monitoring;
And S4, respectively inputting the dual-redundancy signals into each voting module in the four-redundancy system, and in each voting module, performing primary and backup selection of the dual-redundancy signals according to the marks of the redundancy signals, determining a first voting value, performing secondary voting on the first voting values of the four voting modules, and determining a second voting value.
Preferably, in step S1 to step S3, the monitoring period is 20ms.
Preferably, in step S1, the signal valid bit state is set to have a recoverable attribute, and when the signal valid bit is changed from invalid to valid, the floating point number illegal count and the signal jump count are cleared.
Preferably, in step S2, after the illegal count of the floating point number starts, an illegal count transient fault is marked, if the floating point number is legal before the illegal count of the floating point number does not exceed the set value, the illegal count of the floating point number is cleared, and in the illegal count transient fault state, the previous beat signal value at the beginning of the illegal count of the floating point number is used to participate in the subsequent voting.
Preferably, in step S3, the set value is 50% of the maximum range for the continuous quantity signal, and is 0 for the discrete quantity and the enumerated quantity.
Preferably, in step S3, after the signal jump count starts, a signal jump transient fault is marked, when the data is recovered to be normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the last beat value at the start of the signal jump count is used to participate in subsequent voting.
Preferably, in step S4, in each voting module, when the dual redundancy signal is marked as invalid, the corresponding voting module channel fails, secondary voting is performed based on the remaining voting modules, and when three or four voting module channel fails, the preset safety value is used as the second voting value.
Preferably, in step S4, when the secondary voting is performed, when both the dual redundancy signals of a certain voting module have illegal number transient faults or signal jump transient faults, the secondary voting is performed by using the current beat signal for continuous quantity signals, and the secondary voting is performed by using the last beat signal for enumeration quantity and discrete quantity signals.
The method improves the reliability of four-redundancy monitoring voting and ensures the flight safety of the aircraft.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of the dual redundancy input signal twice monitor voting method of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application become more apparent, the technical solutions in the embodiments of the present application will be described in more detail with reference to the accompanying drawings in the embodiments of the present application. In the drawings, the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The described embodiments are some, but not all, embodiments of the application. The embodiments described below by referring to the drawings are exemplary and intended to illustrate the present application and should not be construed as limiting the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to fall within the scope of the present application. Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
The application provides a double redundancy input signal twice monitoring voting method, as shown in figure 1, mainly comprising the following steps:
Step S1, periodically monitoring signal valid bits, judging whether the signal valid bits are valid, and marking the redundancy signal as invalid when the signal valid bits are invalid;
Step S2, periodically monitoring whether the floating point number is illegal or not when the signal valid bit is valid, performing illegal counting of the floating point number when the floating point number is illegal, suspending signal jump monitoring, marking the redundancy signal as invalid when the illegal counting of the floating point number exceeds a set value, and stopping all monitoring;
Step S3, when the floating point number is legal, periodically monitoring signal hopping, regarding two signals which are continuously collected, if the difference value exceeds a set value, determining that the signals are hopped, performing signal hopping counting when two signal hops appear continuously, and when the signal hopping counting exceeds the set value, marking the redundant signal as invalid and stopping all monitoring;
And S4, respectively inputting the dual-redundancy signals into each voting module in the four-redundancy system, and in each voting module, performing primary and backup selection of the dual-redundancy signals according to the marks of the redundancy signals, determining a first voting value, performing secondary voting on the first voting values of the four voting modules, and determining a second voting value.
According to the method, for monitoring voting problems of signals generated by two redundancy equipment sources in a four redundancy system, firstly, each voting module in the four redundancy system respectively receives the signals generated by the two redundancy equipment sources, in the data transmission process, each voting module can judge whether each redundancy signal is effective or not according to steps S1-S3, for example, the voting module B1 judges whether the redundancy signal A1 is effective, the redundancy signal A2 is ineffective, the value of the redundancy signal A1 is used as a first voting value of the voting module B1, when the voting module B2 judges that the redundancy signal A1 is effective, the redundancy signal A2 is effective, one is determined to be a main signal according to a preset main and standby selection algorithm, and the other is determined to be a secondary signal, for example, the redundancy signal A1 is used as the main signal, and the value of the other is used as the first voting value of the voting module B2.
And then the four voting modules process the first voting values respectively recognized based on secondary voting, for example, the two remaining values are averaged except the maximum value and the minimum value, so as to obtain a second voting value, and the second voting value participates in subsequent operation. In this embodiment, the secondary voting algorithm may employ an existing redundancy voting algorithm.
In some alternative embodiments, in steps S1-S3, the monitoring period is 20ms.
In some alternative embodiments, in step S1, the signal valid bit state is set to have a recoverable attribute, and when the signal valid bit is changed from invalid to valid, the floating point number illegal count and the signal transition count are cleared.
In the above two embodiments, the signal valid bit is monitored without delay and can be recovered, the monitoring period is 20ms, and the monitoring method is to determine whether the signal valid bit is valid. When the signal valid bit is invalid, the signal is invalid. The signal valid bit state is not latched (recoverable). And recording the fault of the valid bit of the signal and continuously monitoring the valid bit of the signal, and monitoring the illegal number and jump of the input signal. And after the signal valid bit is restored to be valid, the signal is restored to be normal, and the counter for illegal number and jump monitoring is cleared.
In some optional embodiments, in step S2, after the illegal count of the floating point number starts, an illegal count transient fault is marked, and before the illegal count of the floating point number does not exceed a set value, the illegal count of the floating point number is cleared, and in the illegal count transient fault state, a previous beat signal value at the beginning of the illegal count of the floating point number is used to participate in subsequent voting.
In this embodiment, when the signal valid bit is valid, it is monitored whether the floating point number is illegal (the software judges the source code), and the monitoring period is 20ms. The signal has illegal number and the signal fault continuously reaches N times (determined according to specific conditions), the signal permanent fault is considered, and the signal illegal number permanent fault is latched. Software records transient faults and permanent faults. When the data is normal during transient faults, the fault counter is cleared, and the fault counter cannot be recovered after permanent faults. When the illegal number monitoring is completed, the normal floating point number needs to be immediately converted into integer data. When an illegal number transient fault occurs, the jump monitoring of the signal is not carried out, and the illegal number can not be used in any subsequent flow, and the last beat of signal value is directly used.
In some alternative embodiments, in step S3, the set point is 50% of the maximum range for the continuous quantity signal and 0 for the discrete and enumerated quantities.
In this embodiment, for the continuous quantity, the difference between the current beat value and the last beat value is monitored, and if the difference exceeds 50% of the maximum measurement range (the maximum value of the absolute value of the signal range), the jump occurs, and for the discrete quantity and the enumeration quantity, whether the current beat value and the last beat value are consistent or not is monitored, and if the difference is inconsistent, the jump occurs.
In some optional embodiments, in step S3, after the signal jump count starts, a signal jump transient fault is marked, when data is recovered to be normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the last beat value at the start of the signal jump count is used to participate in subsequent voting.
In this embodiment, two consecutive beats are satisfied, with the transition fault counter going from 0 to 1, followed by a one beat transition fault counter incremented by 1. And when the transient fault occurs, taking up the beat value to participate in voting. The signal jump monitoring period is 20ms, the signal transient faults continuously reach N times (determined according to specific conditions), and the signal permanent faults are considered to be latched. When the data is recovered to be normal in the transient fault period, resetting the jump fault counter; when the signal valid bit and illegal number transient faults are recovered, the jump faults are counted from new.
In some alternative embodiments, in step S4, in each voting module, when the dual redundancy signal is marked as invalid, the corresponding voting module channel fails, secondary voting is performed based on the remaining voting modules, and when three or four voting module channel fails, the preset safety value is taken as a second voting value.
In this embodiment, if only the signal channel of one voting module remains valid, or if all the four redundancy fails, comparison monitoring cannot be performed, the signal is directly judged as a failure, and the safety value is selected as a second voting value to be output. If the signal channels of the four voting modules have singular faults, and after a certain time delay, the monitoring algorithm judges all the faults of the signals, and the safety value is taken as a second voting value to be output.
In some alternative embodiments, in step S4, when the secondary voting is performed, when the dual redundancy signal of a voting module has an illegal number transient fault or a signal jump transient fault, the secondary voting is performed by using the current beat signal for the continuous quantity signal, and the secondary voting is performed by using the last beat signal for the enumerated quantity and discrete quantity signals.
The method improves the reliability of four-redundancy monitoring voting and ensures the flight safety of the aircraft.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present application should be included in the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A method for twice monitoring voting of dual-redundancy input signals, comprising:
Step S1, periodically monitoring signal valid bits, judging whether the signal valid bits are valid, and marking the redundancy signal as invalid when the signal valid bits are invalid;
Step S2, periodically monitoring whether the floating point number is illegal or not when the signal valid bit is valid, performing illegal counting of the floating point number when the floating point number is illegal, suspending signal jump monitoring, marking the redundancy signal as invalid when the illegal counting of the floating point number exceeds a set value, and stopping all monitoring;
Step S3, when the floating point number is legal, periodically monitoring signal hopping, regarding two signals which are continuously collected, if the difference value exceeds a set value, determining that the signals are hopped, performing signal hopping counting when two signal hops appear continuously, and when the signal hopping counting exceeds the set value, marking the redundant signal as invalid and stopping all monitoring;
And S4, respectively inputting the dual-redundancy signals into each voting module in the four-redundancy system, and in each voting module, performing primary and backup selection of the dual-redundancy signals according to the marks of the redundancy signals, determining a first voting value, performing secondary voting on the first voting values of the four voting modules, and determining a second voting value.
2. The dual redundancy input signal two-time monitoring voting method of claim 1, wherein in step S1-step S3, the monitoring period is 20ms.
3. The dual redundancy input signal two-time monitoring voting method of claim 1, wherein in step S1, the signal valid bit state is set to have a recoverable property, and when the signal valid bit is changed from invalid to valid, the floating point number illegal count and the signal jump count are cleared.
4. The method for monitoring and voting twice by using dual redundancy input signals according to claim 1, wherein in step S2, after the illegal counting of the floating point is started, an illegal number transient fault is marked, and before the illegal counting of the floating point does not exceed a set value, the illegal counting of the floating point is cleared if the floating point is legal, and in the illegal number transient fault state, the previous beat signal value at the beginning of the illegal counting of the floating point is used to participate in subsequent voting.
5. The dual redundancy input signal two-monitor voting method of claim 1, wherein in step S3, the set value is 50% of the maximum range for the continuous quantity signal and is 0 for the discrete quantity and the enumerated quantity.
6. The method for monitoring and voting twice for dual redundancy input signals according to claim 1, wherein in step S3, after the signal jump counting starts, a signal jump transient fault is marked, when data is recovered to normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the last beat value at the beginning of the signal jump counting is used to participate in subsequent voting.
7. The method for double-redundancy input signal twice monitoring voting according to claim 1, wherein in step S4, in each voting module, when the double-redundancy signal is marked as invalid, the corresponding voting module channel fails, the secondary voting is performed based on the remaining voting modules, and when three or four voting module channel fails, a preset safety value is taken as a second voting value.
8. The method for twice monitoring and voting of dual redundancy input signals according to claim 1, wherein in the step S4, when the dual redundancy signals of a certain voting module have illegal number transient faults or signal jump transient faults, the dual redundancy signals are subjected to secondary voting by using the current beat signal for continuous quantity signals, and the enumeration quantity and discrete quantity signals are subjected to secondary voting by using the previous beat signal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311846045.6A CN118034016A (en) | 2023-12-28 | 2023-12-28 | Dual-redundancy input signal twice monitoring voting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311846045.6A CN118034016A (en) | 2023-12-28 | 2023-12-28 | Dual-redundancy input signal twice monitoring voting method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118034016A true CN118034016A (en) | 2024-05-14 |
Family
ID=90983073
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311846045.6A Pending CN118034016A (en) | 2023-12-28 | 2023-12-28 | Dual-redundancy input signal twice monitoring voting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118034016A (en) |
-
2023
- 2023-12-28 CN CN202311846045.6A patent/CN118034016A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4774709A (en) | Symmetrization for redundant channels | |
| JP2002503371A (en) | Majority hardware design and majority testing and maintenance | |
| CN104935481A (en) | Data recovery method based on redundancy mechanism in distributed storage | |
| JP4413358B2 (en) | Fault monitoring system and fault notification method | |
| Serafini et al. | On-line diagnosis and recovery: On the choice and impact of tuning parameters | |
| CN118034016A (en) | Dual-redundancy input signal twice monitoring voting method | |
| CN1893339B (en) | Continuous median failure control system and method | |
| CN101790722A (en) | Method and device for monitoring avionics systems connected to a shared medium | |
| JP2007028118A (en) | Failure judging method of node device | |
| CN110380934B (en) | Distributed redundancy system heartbeat detection method | |
| US6343096B1 (en) | Clock pulse degradation detector | |
| CN108183835B (en) | Military 1394 bus data integrity monitoring method for distributed system | |
| Syrotkina et al. | Mathematical Methods for Detecting and Localizing Failures in Complex Hardware/Software Systems | |
| CN110147140B (en) | Clock signal cross comparison monitoring method and circuit | |
| CN117909168A (en) | Comprehensive validity monitoring method for redundant system signals | |
| JP3095407B2 (en) | Demultiplexer | |
| JPS61151480A (en) | System for monitoring transmission circuit | |
| JP3496357B2 (en) | Performance monitor calculation method | |
| Ugljesa et al. | Evaluation of sophisticated hardware architectures for safety applications | |
| CN117908355A (en) | Redundancy system signal monitoring method and device | |
| JP2001308753A (en) | Method for monitoring communication system | |
| JPS61115141A (en) | Self-inspection type sequence circuit | |
| CN117672576A (en) | Nuclear power triggering shutdown control system of nuclear power plant | |
| Yang et al. | Safety assessment of redundant LCU systems based on Markov model | |
| CN117851169A (en) | Health management method for distributed comprehensive task processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |