CN118034016A - Dual-redundancy input signal twice monitoring voting method - Google Patents

Dual-redundancy input signal twice monitoring voting method Download PDF

Info

Publication number
CN118034016A
CN118034016A CN202311846045.6A CN202311846045A CN118034016A CN 118034016 A CN118034016 A CN 118034016A CN 202311846045 A CN202311846045 A CN 202311846045A CN 118034016 A CN118034016 A CN 118034016A
Authority
CN
China
Prior art keywords
signal
voting
redundancy
monitoring
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311846045.6A
Other languages
Chinese (zh)
Inventor
王洋
杨俊�
杨蓓蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AVIC First Aircraft Institute
Original Assignee
AVIC First Aircraft Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AVIC First Aircraft Institute filed Critical AVIC First Aircraft Institute
Priority to CN202311846045.6A priority Critical patent/CN118034016A/en
Publication of CN118034016A publication Critical patent/CN118034016A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

本申请属于余度管理技术领域,特别涉及一种双余度输入信号两次监控表决方法。该方法包括步骤S1、周期性监控信号有效位,判断信号有效位是否为有效;步骤S2、当信号有效位为有效时,周期性监控浮点数是否非法;步骤S3、当浮点数合法时,周期性监控信号跳变,确定信号是否发生跳变;步骤S4、进行双余度信号的主备选择,确定第一表决值,对四个表决模块的第一表决值进行二次表决,确定第二表决值。本申请提高了四余度监控表决的可靠性,保障了飞机飞行安全。

The present application belongs to the field of redundancy management technology, and particularly relates to a method for twice monitoring and voting of dual-redundancy input signals. The method includes step S1, periodically monitoring the effective bit of the signal to determine whether the effective bit of the signal is effective; step S2, when the effective bit of the signal is effective, periodically monitoring whether the floating point number is illegal; step S3, when the floating point number is legal, periodically monitoring the signal jump to determine whether the signal jump occurs; step S4, performing the primary and standby selection of the dual-redundancy signal, determining the first voting value, and performing a second vote on the first voting values of the four voting modules to determine the second voting value. The present application improves the reliability of the four-redundancy monitoring voting and ensures the flight safety of the aircraft.

Description

一种双余度输入信号两次监控表决方法A double-redundancy input signal double monitoring voting method

技术领域Technical Field

本申请属于余度管理技术领域,特别涉及一种双余度输入信号两次监控表决方法。The present application belongs to the field of redundancy management technology, and in particular relates to a double-redundancy input signal double monitoring and voting method.

背景技术Background technique

四余度系统的余度管理是飞机管理系统设计中的重要部分。在综合程度高的飞机管理系统中,信号监控逻辑复杂,通过设计信号综合有效性监控方法,对简化余度管理的信号监控逻辑具有非常重要的意义。The redundancy management of the four-redundancy system is an important part of the aircraft management system design. In a highly integrated aircraft management system, the signal monitoring logic is complex. By designing a signal comprehensive effectiveness monitoring method, it is of great significance to simplify the signal monitoring logic of redundancy management.

为了简化设备及管理,通常只设置两个设备源,与四余度系统没有一一对应,对于目前的四余度系统存在表决混乱的问题,即需要将两个设备源的数据分别发送给四个余度系统,由四个余度系统进行表决。In order to simplify equipment and management, usually only two equipment sources are set up, which do not correspond one to one with the four redundant systems. The current four redundant systems have the problem of voting confusion, that is, the data of the two equipment sources need to be sent to the four redundant systems respectively, and the four redundant systems vote.

发明内容Summary of the invention

为了解决上述问题,本申请提供了一种双余度输入信号两次监控表决方法,以解决两余度设备源产生的信号在4余度系统中的监控表决问题。In order to solve the above problems, the present application provides a double-redundancy input signal twice monitoring and voting method to solve the monitoring and voting problem of the signal generated by the two-redundancy device source in the four-redundancy system.

本申请提供的双余度输入信号两次监控表决方法,主要包括:The double-redundancy input signal double monitoring voting method provided by the present application mainly includes:

步骤S1、周期性监控信号有效位,判断信号有效位是否为有效,当信号有效位为无效时,该余度信号标记为无效;Step S1, periodically monitoring the signal valid bit to determine whether the signal valid bit is valid. When the signal valid bit is invalid, the redundancy signal is marked as invalid.

步骤S2、当信号有效位为有效时,周期性监控浮点数是否非法,当浮点数非法时,进行浮点数非法计数,暂停信号跳变监控,当浮点数非法计数超过设定值时,该余度信号标记为无效,停止所有监控;Step S2, when the signal valid bit is valid, periodically monitor whether the floating point number is illegal, when the floating point number is illegal, perform illegal floating point number counting, suspend signal jump monitoring, when the illegal floating point number count exceeds the set value, the redundancy signal is marked as invalid, and all monitoring is stopped;

步骤S3、当浮点数合法时,周期性监控信号跳变,对于连续采集的两个信号,若差值超过设定值,则认定信号发生跳变,连续出现两次信号跳变时进行信号跳变计数,当信号跳变计数超过设定值时,该余度信号标记为无效,且停止所有监控;Step S3, when the floating point number is legal, periodically monitor the signal jump. For two continuously collected signals, if the difference exceeds the set value, it is determined that the signal jumps. When two consecutive signal jumps occur, the signal jump count is performed. When the signal jump count exceeds the set value, the redundancy signal is marked as invalid and all monitoring is stopped.

步骤S4、将双余度信号分别输入四余度系统中的每一个表决模块,在每一个表决模块中,根据余度信号标记进行双余度信号的主备选择,确定第一表决值,对四个表决模块的第一表决值进行二次表决,确定第二表决值。Step S4, input the dual redundancy signal into each voting module in the quad-redundancy system respectively, in each voting module, perform primary and standby selection of the dual redundancy signal according to the redundancy signal mark, determine the first voting value, perform secondary voting on the first voting values of the four voting modules, and determine the second voting value.

优选的是,步骤S1-步骤S3中,监控周期为20ms。Preferably, in step S1 to step S3, the monitoring period is 20 ms.

优选的是,步骤S1中,信号有效位状态设置为具有可恢复属性,当信号有效位由无效转为有效时,将浮点数非法计数及信号跳变计数清零。Preferably, in step S1, the state of the signal valid bit is set to have a recoverable property, and when the signal valid bit changes from invalid to valid, the floating point number illegal count and the signal jump count are cleared.

优选的是,步骤S2中,在浮点数非法计数开始后,标记非法数瞬态故障,在浮点数非法计数未超过设定值之前,浮点数合法,则清空浮点数非法计数,非法数瞬态故障状态下,使用浮点数非法计数开始时的前一拍信号值参与后续表决。Preferably, in step S2, after the illegal counting of floating-point numbers begins, an illegal number transient fault is marked, and before the illegal counting of floating-point numbers exceeds a set value, if the floating-point number is legal, the illegal counting of floating-point numbers is cleared, and in the illegal number transient fault state, the previous beat signal value at the start of the illegal counting of floating-point numbers is used to participate in subsequent voting.

优选的是,步骤S3中,对于连续量信号,设定值为最大量程的50%,对于离散量和枚举量,设定值为0。Preferably, in step S3, for continuous quantity signals, the set value is 50% of the maximum range, and for discrete quantity and enumerated quantity, the set value is 0.

优选的是,步骤S3中,在信号跳变计数开始后,标记信号跳变瞬态故障,跳变瞬态故障期间数据恢复正常时,跳变故障计数器清零,信号跳变瞬态故障状态下,使用信号跳变计数开始时的上上拍值参与后续表决。Preferably, in step S3, after the signal jump count starts, the signal jump transient fault is marked, and when the data returns to normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the upper beat value at the start of the signal jump count is used to participate in subsequent voting.

优选的是,步骤S4中,在每一个表决模块中,当双余度信号均被标记为无效时,对应的表决模块通道故障,基于剩余的表决模块进行二次表决,当存在三个或四个表决模块通道故障时,将预设的安全值作为第二表决值。Preferably, in step S4, in each voting module, when the dual-redundancy signals are marked as invalid, the corresponding voting module channel fails, and a secondary vote is performed based on the remaining voting modules. When there are three or four voting module channel failures, the preset safety value is used as the second voting value.

优选的是,步骤S4中,进行二次表决时,当某表决模块的双余度信号均存在非法数瞬态故障或信号跳变瞬态故障时,对于连续量信号,使用本拍信号进行二次表决,对于枚举量和离散量信号,使用上一拍信号进行二次表决。Preferably, in step S4, when performing secondary voting, when both the dual redundancy signals of a voting module have illegal number transient faults or signal jump transient faults, for continuous quantity signals, the current beat signal is used for secondary voting, and for enumerated quantity and discrete quantity signals, the previous beat signal is used for secondary voting.

本申请提高了四余度监控表决的可靠性,保障了飞机飞行安全。This application improves the reliability of quadruple-redundancy monitoring voting and ensures the flight safety of the aircraft.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请双余度输入信号两次监控表决方法的一优选实施例的流程图。FIG. 1 is a flow chart of a preferred embodiment of the double-redundancy input signal double-monitoring voting method of the present application.

具体实施方式Detailed ways

为使本申请实施的目的、技术方案和优点更加清楚,下面将结合本申请实施方式中的附图,对本申请实施方式中的技术方案进行更加详细的描述。在附图中,自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。所描述的实施方式是本申请一部分实施方式,而不是全部的实施方式。下面通过参考附图描述的实施方式是示例性的,旨在用于解释本申请,而不能理解为对本申请的限制。基于本申请中的实施方式,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施方式,都属于本申请保护的范围。下面结合附图对本申请的实施方式进行详细说明。In order to make the purpose, technical scheme and advantages of the implementation of this application clearer, the technical scheme in the implementation of this application will be described in more detail in combination with the drawings in the implementation of this application. In the drawings, the same or similar reference numerals throughout represent the same or similar elements or elements with the same or similar functions. The described implementation is a part of the implementation of this application, not all of the implementations. The implementation described below with reference to the drawings is exemplary and is intended to be used to explain this application, and cannot be understood as a limitation on this application. Based on the implementation in this application, all other implementations obtained by ordinary technicians in this field without making creative work are within the scope of protection of this application. The implementation of this application is described in detail below in combination with the drawings.

本申请提供了一种双余度输入信号两次监控表决方法,如图1所示,主要包括:The present application provides a double-redundancy input signal double monitoring voting method, as shown in FIG1 , mainly comprising:

步骤S1、周期性监控信号有效位,判断信号有效位是否为有效,当信号有效位为无效时,该余度信号标记为无效;Step S1, periodically monitoring the signal valid bit to determine whether the signal valid bit is valid. When the signal valid bit is invalid, the redundancy signal is marked as invalid.

步骤S2、当信号有效位为有效时,周期性监控浮点数是否非法,当浮点数非法时,进行浮点数非法计数,暂停信号跳变监控,当浮点数非法计数超过设定值时,该余度信号标记为无效,停止所有监控;Step S2, when the signal valid bit is valid, periodically monitor whether the floating point number is illegal, when the floating point number is illegal, perform illegal floating point number counting, suspend signal jump monitoring, when the illegal floating point number count exceeds the set value, the redundancy signal is marked as invalid, and all monitoring is stopped;

步骤S3、当浮点数合法时,周期性监控信号跳变,对于连续采集的两个信号,若差值超过设定值,则认定信号发生跳变,连续出现两次信号跳变时进行信号跳变计数,当信号跳变计数超过设定值时,该余度信号标记为无效,且停止所有监控;Step S3, when the floating point number is legal, periodically monitor the signal jump. For two continuously collected signals, if the difference exceeds the set value, it is determined that the signal jumps. When two consecutive signal jumps occur, the signal jump count is performed. When the signal jump count exceeds the set value, the redundancy signal is marked as invalid and all monitoring is stopped.

步骤S4、将双余度信号分别输入四余度系统中的每一个表决模块,在每一个表决模块中,根据余度信号标记进行双余度信号的主备选择,确定第一表决值,对四个表决模块的第一表决值进行二次表决,确定第二表决值。Step S4, input the dual redundancy signal into each voting module in the quad-redundancy system respectively, in each voting module, perform primary and standby selection of the dual redundancy signal according to the redundancy signal mark, determine the first voting value, perform secondary voting on the first voting values of the four voting modules, and determine the second voting value.

本申请对于两余度设备源产生的信号在四余度系统中的监控表决问题,首先四余度系统中的每一个表决模块分别接收两余度设备源产生的信号,在数据传输过程中,每个表决模块能够根据步骤S1-步骤S3判断各个余度信号是否有效,例如表决模块B1判断余度信号A1有效,余度信号A2无效,则余度信号A1的值作为表决模块B1的第一表决值,当表决模块B2判断余度信号A1有效,余度信号A2有效,则根据预设的主备选择算法,确定其中一个为主要信号,另一个为次要信号,例如将余度信号A1作为主要信号,其值作为表决模块B2的第一表决值。The present application addresses the problem of monitoring and voting on signals generated by two redundant device sources in a four-redundancy system. First, each voting module in the four-redundancy system receives the signals generated by two redundant device sources respectively. During data transmission, each voting module can determine whether each redundant signal is valid according to steps S1 to S3. For example, if the voting module B1 determines that the redundant signal A1 is valid and the redundant signal A2 is invalid, then the value of the redundant signal A1 is used as the first voting value of the voting module B1. When the voting module B2 determines that the redundant signal A1 is valid and the redundant signal A2 is valid, then according to a preset primary-backup selection algorithm, one of them is determined to be the primary signal and the other is the secondary signal. For example, the redundant signal A1 is used as the primary signal and its value is used as the first voting value of the voting module B2.

然后四个表决模块再基于二次表决对各自认定的第一表决值进行处理,例如抛除最大值最小值之外,将剩余的两个值进行平均处理了,以得到第二表决值,参与后续运算。该实施例中,二次表决算法可以采用现有的余度表决算法。Then the four voting modules process the first voting values recognized by them based on the secondary voting, for example, excluding the maximum and minimum values, and averaging the remaining two values to obtain the second voting value for subsequent operations. In this embodiment, the secondary voting algorithm can adopt the existing redundancy voting algorithm.

在一些可选实施方式中,步骤S1-步骤S3中,监控周期为20ms。In some optional implementations, in step S1 to step S3, the monitoring period is 20 ms.

在一些可选实施方式中,步骤S1中,信号有效位状态设置为具有可恢复属性,当信号有效位由无效转为有效时,将浮点数非法计数及信号跳变计数清零。In some optional implementations, in step S1, the signal valid bit state is set to have a recoverable attribute, and when the signal valid bit changes from invalid to valid, the floating point number illegal count and the signal jump count are cleared.

上述两个实施例中,信号有效位监控无时延且可恢复,监控周期为20ms,监控方法为判断信号有效位是否为有效。信号有效位无效时,该路信号无效。信号有效位状态不锁存(可恢复)。记录该信号有效位故障并继续对该信号的有效位监控,不再对输入信号的非法数和跳变进行监控。信号有效位恢复为有效后,信号恢复正常,并将非法数和跳变监控的计数器清零。In the above two embodiments, the signal valid bit monitoring is time-free and recoverable, the monitoring period is 20ms, and the monitoring method is to determine whether the signal valid bit is valid. When the signal valid bit is invalid, the signal is invalid. The signal valid bit state is not latched (recoverable). The signal valid bit failure is recorded and the valid bit monitoring of the signal continues, and the illegal number and jump of the input signal are no longer monitored. After the signal valid bit is restored to valid, the signal returns to normal, and the counters for illegal number and jump monitoring are cleared.

在一些可选实施方式中,步骤S2中,在浮点数非法计数开始后,标记非法数瞬态故障,在浮点数非法计数未超过设定值之前,浮点数合法,则清空浮点数非法计数,非法数瞬态故障状态下,使用浮点数非法计数开始时的前一拍信号值参与后续表决。In some optional embodiments, in step S2, after the illegal counting of the floating point number begins, an illegal number transient fault is marked. Before the illegal counting of the floating point number exceeds the set value, the floating point number is legal, and the illegal counting of the floating point number is cleared. In the illegal number transient fault state, the previous beat signal value when the illegal counting of the floating point number begins is used to participate in subsequent voting.

该实施例中,当信号有效位为有效时,监控浮点数是否为非法数(由软件判断源码),监控周期为20ms。信号出现非法数且信号故障连续达到N次(根据具体情况确定),认为信号永久故障,信号非法数永久故障锁存。软件记录瞬态故障和永久故障。瞬态故障期间数据正常时,故障计数器清零,永久故障后不可恢复。当非法数监控完成后,需要立即将正常的浮点数转为整型数据。当出现非法数瞬态故障时,不再进行该信号的跳变监控,该非法数也不可用于任何后续流程中,直接使用上一拍信号值。In this embodiment, when the signal valid bit is valid, the floating point number is monitored to see if it is an illegal number (the source code is determined by the software), and the monitoring period is 20ms. If an illegal number appears in the signal and the signal failure reaches N times in a row (determined according to the specific situation), the signal is considered to have a permanent failure, and the signal illegal number permanent failure is latched. The software records transient faults and permanent faults. When the data is normal during a transient fault, the fault counter is cleared, and it cannot be recovered after a permanent fault. After the illegal number monitoring is completed, the normal floating point number needs to be converted to integer data immediately. When an illegal number transient fault occurs, the signal jump monitoring is no longer performed, and the illegal number cannot be used in any subsequent process. The previous signal value is directly used.

在一些可选实施方式中,步骤S3中,对于连续量信号,设定值为最大量程的50%,对于离散量和枚举量,设定值为0。In some optional implementations, in step S3, for continuous quantity signals, the set value is 50% of the maximum range, and for discrete quantities and enumerated quantities, the set value is 0.

该实施例中,对于连续量监控本拍值和上一拍值的差值,超过最大量程(信号范围绝对值的最大值)的50%为发生跳变,对于离散量和枚举量,监控本拍值和上一拍值是否一致,不一致则发生跳变。In this embodiment, for continuous quantities, the difference between the current beat value and the previous beat value is monitored. If it exceeds 50% of the maximum range (the maximum value of the absolute value of the signal range), a jump occurs. For discrete quantities and enumerated quantities, the current beat value and the previous beat value are monitored for consistency. If they are inconsistent, a jump occurs.

在一些可选实施方式中,步骤S3中,在信号跳变计数开始后,标记信号跳变瞬态故障,跳变瞬态故障期间数据恢复正常时,跳变故障计数器清零,信号跳变瞬态故障状态下,使用信号跳变计数开始时的上上拍值参与后续表决。In some optional implementations, in step S3, after the signal jump count starts, the signal jump transient fault is marked, and when the data returns to normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the upper beat value at the start of the signal jump count is used to participate in subsequent voting.

该实施例中,满足连续两拍跳变,跳变故障计数器从0到1,之后则一拍跳变故障计数器加1。瞬态故障时,取上上拍值参与表决。信号跳变监控周期为20ms,信号瞬态故障连续达到N次(根据具体情况确定),认为信号永久故障,信号跳变永久故障锁存。跳变瞬态故障期间数据恢复正常时,跳变故障计数器清零;信号有效位和非法数瞬态故障恢复时,跳变故障从新计数。In this embodiment, if two consecutive transitions are satisfied, the transition fault counter increases from 0 to 1, and then the transition fault counter increases by 1. In case of transient fault, the previous value is taken to participate in the vote. The signal transition monitoring period is 20ms. If the signal transient fault reaches N times in a row (determined according to the specific situation), the signal is considered to be a permanent fault, and the signal transition permanent fault is latched. When the data returns to normal during the transition transient fault, the transition fault counter is cleared; when the signal valid bit and illegal number transient fault are restored, the transition fault is counted again.

在一些可选实施方式中,步骤S4中,在每一个表决模块中,当双余度信号均被标记为无效时,对应的表决模块通道故障,基于剩余的表决模块进行二次表决,当存在三个或四个表决模块通道故障时,将预设的安全值作为第二表决值。In some optional embodiments, in step S4, in each voting module, when the dual redundancy signals are all marked as invalid, the corresponding voting module channel fails, and a secondary vote is performed based on the remaining voting modules. When there are three or four voting module channel failures, the preset safety value is used as the second voting value.

该实施例中,如果只剩一个表决模块的信号通道有效,或当四余度全部故障后,则无法进行比较监控,则该信号直接判为故障,选择安全值作为第二表决值进行输出。若四个表决模块信号通道出现奇异故障,且经过一定的时延后,监控算法判定该信号全部故障,同样取安全值作为第二表决值进行输出。In this embodiment, if only one voting module's signal channel is valid, or when all four redundancies fail, comparative monitoring cannot be performed, and the signal is directly judged as a failure, and a safe value is selected as the second voting value for output. If a singular failure occurs in the four voting module signal channels, and after a certain delay, the monitoring algorithm determines that all the signals fail, and the safe value is also taken as the second voting value for output.

在一些可选实施方式中,步骤S4中,进行二次表决时,当某表决模块的双余度信号均存在非法数瞬态故障或信号跳变瞬态故障时,对于连续量信号,使用本拍信号进行二次表决,对于枚举量和离散量信号,使用上一拍信号进行二次表决。In some optional implementations, in step S4, when performing secondary voting, when both dual-redundancy signals of a voting module have illegal number transient faults or signal jump transient faults, for continuous quantity signals, the current beat signal is used for secondary voting, and for enumerated quantity and discrete quantity signals, the previous beat signal is used for secondary voting.

本申请提高了四余度监控表决的可靠性,保障了飞机飞行安全。This application improves the reliability of quadruple-redundancy monitoring voting and ensures the flight safety of the aircraft.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any changes or substitutions that can be easily thought of by a person skilled in the art within the technical scope disclosed in the present application should be included in the protection scope of the present application. Therefore, the protection scope of the present application shall be based on the protection scope of the claims.

Claims (8)

1.一种双余度输入信号两次监控表决方法,其特征在于,包括:1. A method for twice monitoring and voting of a dual-redundancy input signal, characterized by comprising: 步骤S1、周期性监控信号有效位,判断信号有效位是否为有效,当信号有效位为无效时,该余度信号标记为无效;Step S1, periodically monitoring the signal valid bit to determine whether the signal valid bit is valid. When the signal valid bit is invalid, the redundancy signal is marked as invalid. 步骤S2、当信号有效位为有效时,周期性监控浮点数是否非法,当浮点数非法时,进行浮点数非法计数,暂停信号跳变监控,当浮点数非法计数超过设定值时,该余度信号标记为无效,停止所有监控;Step S2, when the signal valid bit is valid, periodically monitor whether the floating point number is illegal, when the floating point number is illegal, perform illegal floating point number counting, suspend signal jump monitoring, when the illegal floating point number count exceeds the set value, the redundancy signal is marked as invalid, and all monitoring is stopped; 步骤S3、当浮点数合法时,周期性监控信号跳变,对于连续采集的两个信号,若差值超过设定值,则认定信号发生跳变,连续出现两次信号跳变时进行信号跳变计数,当信号跳变计数超过设定值时,该余度信号标记为无效,且停止所有监控;Step S3, when the floating point number is legal, periodically monitor the signal jump. For two continuously collected signals, if the difference exceeds the set value, it is determined that the signal jumps. When two consecutive signal jumps occur, the signal jump count is performed. When the signal jump count exceeds the set value, the redundancy signal is marked as invalid and all monitoring is stopped. 步骤S4、将双余度信号分别输入四余度系统中的每一个表决模块,在每一个表决模块中,根据余度信号标记进行双余度信号的主备选择,确定第一表决值,对四个表决模块的第一表决值进行二次表决,确定第二表决值。Step S4, input the dual redundancy signal into each voting module in the quad-redundancy system respectively, in each voting module, perform primary and standby selection of the dual redundancy signal according to the redundancy signal mark, determine the first voting value, perform secondary voting on the first voting values of the four voting modules, and determine the second voting value. 2.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S1-步骤S3中,监控周期为20ms。2. The method for twice monitoring and voting on a dual-redundancy input signal as claimed in claim 1, wherein in steps S1 to S3, the monitoring period is 20 ms. 3.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S1中,信号有效位状态设置为具有可恢复属性,当信号有效位由无效转为有效时,将浮点数非法计数及信号跳变计数清零。3. The double-redundancy input signal double-monitoring voting method as described in claim 1 is characterized in that in step S1, the signal valid bit state is set to have a recoverable attribute, and when the signal valid bit changes from invalid to valid, the floating point number illegal count and the signal jump count are cleared. 4.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S2中,在浮点数非法计数开始后,标记非法数瞬态故障,在浮点数非法计数未超过设定值之前,浮点数合法,则清空浮点数非法计数,非法数瞬态故障状态下,使用浮点数非法计数开始时的前一拍信号值参与后续表决。4. The double-redundancy input signal twice monitoring voting method as described in claim 1 is characterized in that in step S2, after the illegal counting of the floating point number begins, the illegal number transient fault is marked, and before the illegal counting of the floating point number does not exceed the set value, the floating point number is legal, then the illegal counting of the floating point number is cleared, and in the illegal number transient fault state, the previous beat signal value when the illegal counting of the floating point number begins is used to participate in subsequent voting. 5.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S3中,对于连续量信号,设定值为最大量程的50%,对于离散量和枚举量,设定值为0。5. The method for twice monitoring and voting of dual-redundancy input signals as claimed in claim 1, characterized in that in step S3, for continuous quantity signals, the set value is 50% of the maximum range, and for discrete quantities and enumerated quantities, the set value is 0. 6.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S3中,在信号跳变计数开始后,标记信号跳变瞬态故障,跳变瞬态故障期间数据恢复正常时,跳变故障计数器清零,信号跳变瞬态故障状态下,使用信号跳变计数开始时的上上拍值参与后续表决。6. The dual-redundancy input signal double monitoring voting method as described in claim 1 is characterized in that, in step S3, after the signal jump counting starts, the signal jump transient fault is marked, and when the data returns to normal during the jump transient fault, the jump fault counter is cleared, and in the signal jump transient fault state, the upper beat value at the start of the signal jump counting is used to participate in subsequent voting. 7.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S4中,在每一个表决模块中,当双余度信号均被标记为无效时,对应的表决模块通道故障,基于剩余的表决模块进行二次表决,当存在三个或四个表决模块通道故障时,将预设的安全值作为第二表决值。7. The dual-redundancy input signal twice monitoring voting method as described in claim 1 is characterized in that in step S4, in each voting module, when the dual-redundancy signals are all marked as invalid, the corresponding voting module channel fails, and a secondary vote is performed based on the remaining voting modules. When there are three or four voting module channel failures, a preset safety value is used as the second voting value. 8.如权利要求1所述的双余度输入信号两次监控表决方法,其特征在于,步骤S4中,进行二次表决时,当某表决模块的双余度信号均存在非法数瞬态故障或信号跳变瞬态故障时,对于连续量信号,使用本拍信号进行二次表决,对于枚举量和离散量信号,使用上一拍信号进行二次表决。8. The method for twice monitoring and voting on dual-redundancy input signals as described in claim 1 is characterized in that, in step S4, when performing secondary voting, when the dual-redundancy signals of a certain voting module all have illegal number transient faults or signal jump transient faults, for continuous quantity signals, the current beat signal is used for secondary voting, and for enumerated quantity and discrete quantity signals, the previous beat signal is used for secondary voting.
CN202311846045.6A 2023-12-28 2023-12-28 Dual-redundancy input signal twice monitoring voting method Pending CN118034016A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311846045.6A CN118034016A (en) 2023-12-28 2023-12-28 Dual-redundancy input signal twice monitoring voting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311846045.6A CN118034016A (en) 2023-12-28 2023-12-28 Dual-redundancy input signal twice monitoring voting method

Publications (1)

Publication Number Publication Date
CN118034016A true CN118034016A (en) 2024-05-14

Family

ID=90983073

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311846045.6A Pending CN118034016A (en) 2023-12-28 2023-12-28 Dual-redundancy input signal twice monitoring voting method

Country Status (1)

Country Link
CN (1) CN118034016A (en)

Similar Documents

Publication Publication Date Title
US10684903B2 (en) Apparatus and operating method for monitoring micro controller unit having multi-core
US4774709A (en) Symmetrization for redundant channels
CN105550053A (en) Redundancy management method for improving availability of monitoring pair based fault tolerant system
CN105204431B (en) Four remaining signal monitoring means of votings and equipment
CN105182961B (en) Four remaining signal monitoring means of votings and equipment
US9952579B2 (en) Control device
US6367031B1 (en) Critical control adaption of integrated modular architecture
JP2002503371A (en) Majority hardware design and majority testing and maintenance
CN111740578B (en) A dual-set redundant switching method for valve control system
CN118034016A (en) Dual-redundancy input signal twice monitoring voting method
US6505310B1 (en) Connection integrity monitor for digital selection circuits
JP5663981B2 (en) Storage device, storage device controller, and storage device control method
US5278843A (en) Multiple processor system and output administration method thereof
CN111309515A (en) Disaster recovery control method, device and system
WO2024222420A1 (en) Direct-current converter station protection system and control method therefor
US20040078653A1 (en) Dynamic sparing during normal computer system operation
CN117909168A (en) A method for monitoring the comprehensive effectiveness of redundant system signals
Volochiy et al. The reliability model of fault-tolerant system with the majority structure and considering the change in the failure rate of the core module during operation
US20230352200A1 (en) Control switching device
JP2560875B2 (en) Information processing system failure notification method
JPH0320774B2 (en)
CN119376228A (en) A redundancy management method for dual-redundancy discrete signals of airborne equipment
CN117909169A (en) A redundant system bus monitoring method and device
JP7370258B2 (en) Plant monitoring system and plant monitoring method
CN118938743A (en) Method and system for improving reliability of control signal of control device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination