CN1945546A - Redundant method for micro aircraft GNC system - Google Patents
Redundant method for micro aircraft GNC system Download PDFInfo
- Publication number
- CN1945546A CN1945546A CN 200610113986 CN200610113986A CN1945546A CN 1945546 A CN1945546 A CN 1945546A CN 200610113986 CN200610113986 CN 200610113986 CN 200610113986 A CN200610113986 A CN 200610113986A CN 1945546 A CN1945546 A CN 1945546A
- Authority
- CN
- China
- Prior art keywords
- processor
- task
- redundant
- redundancy
- normal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 10
- 238000004891 communication Methods 0.000 claims abstract description 15
- 238000013459 approach Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 abstract 3
- 230000009977 dual effect Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000003068 static effect Effects 0.000 description 6
- 238000010276 construction Methods 0.000 description 5
- 238000011084 recovery Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000005265 energy consumption Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Landscapes
- Hardware Redundancy (AREA)
Abstract
A redundant method of Micro Air Vehicle GNC system is: numbering the multi-processor, according to the cascade rule, configuring and linking each processor pulse initiating terminal, pulse receiving terminal, serial data initiating terminal, serial data receiving terminal, reset signal initiating terminal, reset signal receiving terminal, to make each processor mutually redundant to constitute chain. If the processor of system has communication with the external hardware device, the external hardware connects the processor through analog switches to communicate with multi processors respectively. Two modes of normal and emergency are designed, in which, the normal mode procedure framework makes the processor execute its own task, and the emergency one is used for judging the number of fault treatment device to try to repair the fault by the method of reducing task of unit time, at that time, the system will show the redundant feature.
Description
Technical field
The present invention relates to a kind of redundancy approach of microminiature electronic system, particularly a kind of redundancy approach that is applicable to micro air vehicle Navigation, Guidance and Control (GNC) system.Can be applicable to both require the system reliability height, again cube occasion little, low in energy consumption.
Background technology
For realize micro air vehicle independently, flight safely, need its Navigation, Guidance and Control (GNC) system to have high reliability.Redundancy Design is to improve the valid approach of system reliability.The multi-computer system that redundant system generally is based on the hardware realization and cooperatively interacts with software.Existing redundant fashion has three kinds of static redundancy, dynamic redundancy and hybrid redundancies.In the static redundancy system, the permanent part of redundant module construction system, they come fault in the covering system by self existence, make the function of system finally unaffected.The static redundancy mode is generally by N (N 〉=1) platform main equipment, and K (K 〉=1) platform alternate device and at least one 's supervisory control comuter is formed.By the state of supervisory control comuter supervisory system, and main equipment or alternate device are used in decision-making.Adopt the system of static redundancy mode can increase K+1 platform equipment at least, this can make the volume of system, power consumption be multiplied.Dynamic redundancy is to replace malfunctioning module with the non-fault module, and system is realized upgrading combination, after the fault restoration, also can put in the system again and go.The dynamic redundancy mode is generally by N (N 〉=1) platform main equipment, and at least one alternate device and at least one supervisory control comuter are formed.By the state of supervisory control comuter supervisory system, when finding certain master-failure, replace main equipment work with alternate device.After treating that master-failure is repaired, put in the system again and go, alternate device logs off.Adopt the system of dynamic redundancy can increase at least two equipment, the volume of system, power consumption are increased greatly.Static redundancy and dynamic redundancy mix use and just are called hybrid redundancy in a system.Adopt the system of hybrid redundancy mode, its volume, power consumption are between static redundancy mode and dynamic redundancy mode.
Because micro air vehicle load is very limited, therefore need its GNC system to have characteristics such as volume is little, in light weight, low in energy consumption simultaneously.And existing redundant fashion all needs multiple devices to back up, monitor and make a strategic decision to some extent, and this can make the volume of system, power consumption increase greatly, can't adapt to the requirement of above-mentioned occasion at all.
Summary of the invention
Technology of the present invention is dealt with problems and is: overcome the deficiency of existing redundancy, provide a kind of under the situation of volume that does not increase the GNC system and power consumption, be applicable to the redundancy approach of micro air vehicle Navigation, Guidance and Control system.
Technical solution of the present invention is: a kind of redundancy approach that is used for micro aircraft GNC system, its characteristics are: utilize existing multiprocessor resource in the system, by the intersection on the multiplexing and hardware corridor between processor, adopt and become the infrastructure software system, produce redundant effect where necessary, the specific implementation method is as follows: at first system hardware is designed:
(1) distributes according to system task, each processor is numbered;
(2) according to the tandem type rule, dispose and connect pulse transmission end, reception of impulse end, serial data transmitting terminal, serial data receiving end, reset signal transmitting terminal, the reset signal receiving end of each processor respectively, make each processor redundant mutually, constitute redundant chain;
(3) if processor and external hardware device in the system have communication contact, external hardware device needs to be connected with processor by analog switch, makes it carry out communication with a plurality of processors respectively.Processor makes external hardware device can carry out communication with suitable processor under a certain condition according to certain logical relation control analog switch in the system.Then according to the hardware configuration of system, system software is designed: the software systems of each processor all are designed to become the infrastructure software system in the system, the software systems that are each processor comprise two kinds of program frames: the switching between normal mode program frame and emergency mode program frame, two kinds of program frames is by soft switch control.The normal mode program frame makes processor carry out the task of self, and monitors the state of other associative processor, and this moment, system did not show redundancy feature; Emergency mode program frame failure judgement processor numbering, attempt repairing fault, and, make normal processor in execution self task by reducing the method for unit interval task amount, also carry out the task that failure processor should be carried out, this moment, system showed redundancy feature.
Principle of the present invention: as shown in Figure 2, under the normal condition, multiprocessor operation normal mode program frame is carried out different separately tasks respectively in the system.Each processor detects the state of other processor respectively mutually by particular port, and information such as the result of task separately and intermediate variable are sent to relevant processor, and this moment, system did not show any redundancy feature.When a certain processor broke down, its pulse stopped to send.Another associated normal processor detects less than this pulse, triggers soft switch, makes its program switch to the emergency mode program frame.The emergency mode program frame is carried out following task: send reset pulse to failure processor, attempt it is restarted; The task of taking over fault processor.Because before fault takes place, this normal processor is receiving information such as the operation result of failure processor and intermediate variable always, so the task that normal processor can seamless taking over fault processor.At this moment, this normal processor also needs the task of execute script failure processor in the task of carrying out self.Because its processing power is limited, so adopt the method that original system unit time task amount is reduced by half, realize the normal operation of system, this moment, system showed redundancy feature.After failure processor resets success, continue to send pulse signal, this normal processor detects pulse signal, and information such as the operation result of the task of adapter and intermediate variable are sent to failure processor, trigger soft switch simultaneously, make program switch back the normal mode operation.Can't restart as if failure processor generation critical failure, then this normal processor still continues to carry out whole tasks, until task termination.Dark redundancy approach on the basis that does not increase system bulk, power consumption, the system that guaranteed when a certain or several processors break down simultaneously reliable, run without interruption.
The present invention's advantage compared with prior art is: the present invention has utilized existing, is used for the multiprocessor resource of different task, on the basis that does not increase system bulk, power consumption, has strengthened the reliability of system greatly.Compare with existing redundancy approach, do not need the backup of additional hardware system, also do not need extra monitoring and decision system, so system architecture is simple, volume, power consumption significantly reduce.
Description of drawings
Fig. 1 is the process flow diagram of the inventive method;
Fig. 2 is a system works principle flow chart of the present invention;
System construction drawing when Fig. 3 is the system operate as normal of example with the dual processor for the present invention;
System construction drawing when Fig. 4 is system processor 1 fault of example with the dual processor for the present invention;
System construction drawing when Fig. 5 is system processor 2 faults of example with the dual processor for the present invention;
Change infrastructure software system state when Fig. 6 is the system normal operating conditions of example with the dual processor for the present invention;
Fig. 7 is the system of the example change infrastructure software system state when breaking down with the dual processor for the present invention;
System construction drawing when Fig. 8 is a system operate as normal under multiprocessor of the present invention (more than the three) situation.
Embodiment
As shown in Figure 1, 2, 3, be that example is illustrated with the dual processor.For situation shown in Figure 3, system comprises two processors, processor 1 and 2, and processor 1 need carry out communication with external hardware device 1, and processor 2 need carry out communication with external hardware device 2.Need in the case system is carried out following processing: 1. at first hardware is provided with: No. 2 output terminals of processor 1, it is the interrupt response end IRQ end that the O-2 end is connected to processor 2, the O-2 end of processor 2 is connected to the IRQ end of processor 1, the serial port transmitting terminal TX end of processor 1 is connected to the serial port receiving end RX end of processor 2, the TX end of processor 2 is connected to the RX end of processor 1, No. 3 output terminals of processor 1, be the reset terminal Reset end that the O-3 end is connected to processor 2, the O-3 end of processor 2 is connected to the Reset end of processor 1; 2. external hardware device 1 is provided with analog switch K1 with the communication interface place of processor 1, No. 1 end of K1 is connected to No. 1 input end of processor 1, and promptly I-1 holds, and No. 2 ends of K1 are connected to No. 2 input ends of processor 2, be the I-2 end, the switch control end of K1 is connected to the O-1 end of processor 2; External hardware device 2 is provided with analog switch K2 with the communication interface place of processor 2, and No. 1 end of K2 is connected to the I-1 end of processor 2, and No. 2 ends of K2 are connected to the I-2 end of processor 1, and the switch control end of K2 is connected to No. 1 output terminal of processor 1, i.e. the O-1 end; 3. the software systems of processor 1 and processor 2 all are designed to become the infrastructure software system as shown in Figure 6, promptly the software systems of two processors comprise two kinds of program frames: normal mode program frame and emergency mode program frame, the switching of two kinds of program frames is controlled by soft switch S K.
During normal condition, dual processor is carried out different separately tasks respectively in the system, and processor 1 executes the task 1, and processor 2 executes the task 2.The O-1 end of processor 1 and processor 2 all is made as high level, makes analog switch K1, and K2 all is in No. 1 position of acquiescence.The O-2 end of processor 1 and processor 2 sends pulse signal with specific frequency (as 1000Hz), and the IRQ end of processor 1 and processor 2 detects the pulse signal of the other side's processor mutually in real time to obtain the other side's duty (normal or fault).Processor 1 and processor 2 are held the result of task separately and intermediate variable etc. and are sent to the other side's processor by serial port TX end and RX.During the system operate as normal, the soft switch S K of each processor software systems all is arranged on No. 1 position (as shown in Figure 6), and processor is carried out the normal mode program frame, and system does not show any redundancy feature.
When processor 1 broke down, its pulse signal stopped to send.This moment, processor 2 can not receive this pulse signal, above (as 5ms) behind the certain hour, triggered soft switch S K and transformed to the position No. 2, and processor 2 is carried out the emergency mode program frames, and this moment, its software system structure transformed to Fig. 7 state by Fig. 6.Under the emergency mode state: 1. processor 2 is held to processor 1 by its O-3 and is sent reset signal, attempts processor 1 is restarted; 2. the O-1 of processor 2 end is set to low level, thereby makes analog switch K1 transform to the position No. 2, and system hardware structure transforms to Fig. 4 state by Fig. 3; 3. processor 2 simultaneously and external unit 1 and external unit 2 communications and executes the task 1 and task 2.Because fault front processor 2 therefore can seamless adapter task 1 always in information such as the operation result of receiving processor 1 and intermediate variables.Processor 1 attempt restarting during this period of time in, system has only processor 2 in work, processing power has only half of original system, is kept to originally 1/2 so the task amount of system unit time of this moment is also corresponding, and promptly processor 2 is carried out 1/2 task 1 and 1/2 task 2 in the unit interval.
If processor 1 is restarted successfully, its O-2 end continues to send pulse signal with original frequency; Processor 2 detects this pulse signal, triggers soft switch S K and transforms to the position No. 1, makes processor 2 carry out the normal mode program frame, its O-1 end is set simultaneously for high level, makes analog switch K1 transform to the position No. 1; Processor 2 sends to processor 1 to information such as the result of task 1, intermediate variables by serial port TX end, makes the seamless again adapter task 1 of processor 1.System recovery is to normal condition.If processor 1 critical failure takes place and can't restart, processor 2 still can continue to carry out 1/2 task 1 and 1/2 task 2, until task termination.
In like manner, when processor 2 broke down, its pulse signal stopped to send.This moment, processor 1 can not receive this pulse signal, above (as 5ms) behind the certain hour, triggered soft switch S K and transformed to the position No. 2, and processor 1 is carried out the emergency mode program frame, and this moment, its software system structure transformed to Fig. 7 state by Fig. 6.Under the emergency mode state: 1. processor 1 is held to processor 2 by its O-3 and is sent reset signal, attempts processor 2 is restarted; 2. the O-1 of processor 1 end is set to low level, thereby makes analog switch K2 transform to the position No. 2, and system hardware structure transforms to Fig. 5 state by Fig. 3; 3. processor 1 simultaneously and external unit 1 and external unit 2 communications and executes the task 1 and task 2.Because fault front processor 1 therefore can seamless adapter task 2 always in information such as the operation result of receiving processor 2 and intermediate variables.Processor 2 attempt restarting during this period of time in, system has only processor 1 in work, processing power has only half of original system, is kept to originally 1/2 so the task amount of system unit time of this moment is also corresponding, and promptly processor 1 is carried out 1/2 task 1 and 1/2 task 2 in the unit interval.
If processor 2 is restarted successfully, its O-2 end continues to send pulse signal with original frequency; Processor 1 detects this pulse signal, triggers soft switch S K and transforms to the position No. 1, makes processor 1 carry out the normal mode program frame, its O-1 end is set simultaneously for high level, makes analog switch K2 transform to the position No. 1; Processor 1 sends to processor 2 to information such as the result of task 2, intermediate variables by serial port TX end, makes the seamless again adapter task 2 of processor 2.System recovery is to normal condition.If processor 2 critical failures takes place and can't restart, processor 1 still can continue to carry out 1/2 task 1 and 1/2 task 2, until task termination.
For multiprocessor (more than three s') situation, system as shown in Figure 8.System comprises the individual processor of n (n 〉=3), and wherein (m≤n) individual processor need carry out communication with m external hardware device to m.(illustrate: followingly represent processor numbering with x, 1≤x≤n, when x=n, processor x+1 represents processor 1; Y represents the external hardware device numbering, K (y) expression analog switch numbering, 1≤y≤m is when y=m, external unit y+1 represents external unit 1) need in the case system is carried out following processing: 1. at first distribute, each processor is numbered according to system task; 2. then according to the tandem type rule, hardware is provided with, make each processor redundant mutually, constitute redundant chain: the O-2 end of processor x is connected to the IRQ end of processor x+1, the TX end of processor x is connected to the RX end of processor x+1, the O-3 end of processor x is connected to the Reset end of processor x+1,3. the communication interface place of external hardware device y and processor x is provided with analog switch K (y), No. 1 end of K (y) is connected to the I-1 end of processor x, No. 2 ends of K (y) are connected to the I-2 end of processor x+1, and the switch control end of K (y) is connected to the O-1 end of processor x+1; 4. the software systems of processor x all are designed to become the infrastructure software system as shown in Figure 6, the software systems that are each processor comprise two kinds of program frames: normal mode program frame and emergency mode program frame, the switching of two kinds of program frames is controlled by soft switch S K.
During normal condition, each processor is carried out different separately tasks respectively in the system, i.e. the processor x x that executes the task.The O-1 end of processor x all is made as high level, makes analog switch K (y) all be in No. 1 position of acquiescence.The O-2 end of processor x sends pulse signal with specific frequency (as 1000Hz), and the IRQ of processor x+1 holds the pulse signal of real-time measurement processor x to obtain the other side's duty (normal or fault).Processor x sends to processor x+1 to the result of task and intermediate variable etc. by serial port TX end and RX end.During the system operate as normal, the soft switch S K of each processor software systems all is arranged on No. 1 position (as shown in Figure 6), and processor is carried out the normal mode program frame.System does not show any redundancy feature.
When processor x broke down, its pulse signal stopped to send.This moment, processor x+1 can not receive this pulse signal, above (as 5ms) behind the certain hour, triggered its soft switch S K and transformed to the position No. 2, and processor x+1 carries out the emergency mode program frame, and this moment, its software system structure transformed to Fig. 7 state by Fig. 6.Under the emergency mode state: 1. processor x+1 is held to processor x by its O-3 and sends reset signal, attempts processor x is restarted; 2. the O-1 of processor x+1 end is set to low level, thereby makes analog switch K (y) transform to the position No. 2; 3. processor x+1 while and external unit y and external unit y+1 communication, and execute the task x and task x+1.Because fault front processor x+1 therefore can seamless adapter task x always in information such as the operation result of receiving processor x and intermediate variables.Processor x attempt restarting during this period of time in, processor x+1 execute the task simultaneously x and task x+1, and its processing power is constant, so the task amount of system unit time of this moment is also corresponding to be kept to originally 1/2, promptly processor x+1 carries out 1/2 task x and 1/2 task x+1 in the unit interval.
If processor x is restarted successfully, its O-2 end continues to send pulse signal with original frequency; Processor x+1 detects this pulse signal, triggers soft switch S K and transforms to the position No. 1, makes processor x+1 carry out the normal mode program frame, its O-1 end is set simultaneously for high level, makes analog switch K (y) transform to the position No. 1; Processor x+1 sends to processor x to information such as the result of task x, intermediate variables by serial port TX end, makes the seamless again adapter task of processor x x.System recovery is to normal condition.If processor x critical failure takes place and can't restart, processor x+1 still can continue to carry out 1/2 task x and 1/2 task x+1, until task termination.
It is known that the content that is not described in detail in the instructions of the present invention belongs to this area professional and technical personnel
Prior art.
Claims (3)
1, a kind of redundancy approach that is used for micro aircraft GNC system is characterized in that: may further comprise the steps:
(1) distributes according to system task, utilize multiprocessor resource in the existing system, and multiprocessor is numbered;
(2) according to the tandem type rule, to the hardware port of multiprocessor, promptly input/output port connects, and makes each processor redundant mutually, constitutes redundant chain;
(3) if processor and external hardware device in the system have communication contact, external hardware device is connected with processor by analog switch, makes it carry out communication with a plurality of processors respectively;
(4) according to the hardware configuration of system, system software is designed: the software systems of each processor all are designed to become the infrastructure software system in the system, the software systems that are each processor comprise two kinds of program frames-normal mode program frame and emergency mode program frame, and the switching between two kinds of program frames is by soft switch control; The normal mode program frame makes processor carry out the task of self, and monitors the state of other associative processor, and this moment, system did not show redundancy feature; The emergency mode program frame is numbered in order to the failure judgement processor, attempt repairing fault, and, make normal processor in execution self task by reducing the method for unit interval task amount, also carry out the task that failure processor should be carried out, this moment, system showed redundancy feature.
2, the redundancy approach that is used for micro aircraft GNC system according to claim 1 is characterized in that: described multiprocessing system is more than 2 or 2.
3, the redundancy approach that is used for micro aircraft GNC system according to claim 1 and 2, it is characterized in that: described input/output port is connected is pulse transmission end, reception of impulse end, serial data transmitting terminal, serial data receiving end, reset signal transmitting terminal, the reset signal receiving end that connects each processor, make each processor redundant mutually, constitute redundant chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101139869A CN100382040C (en) | 2006-10-24 | 2006-10-24 | Redundant method for micro aircraft GNC system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101139869A CN100382040C (en) | 2006-10-24 | 2006-10-24 | Redundant method for micro aircraft GNC system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1945546A true CN1945546A (en) | 2007-04-11 |
| CN100382040C CN100382040C (en) | 2008-04-16 |
Family
ID=38044957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101139869A Expired - Fee Related CN100382040C (en) | 2006-10-24 | 2006-10-24 | Redundant method for micro aircraft GNC system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100382040C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102176202A (en) * | 2010-12-29 | 2011-09-07 | 哈尔滨工业大学 | Redundant network design circuit of satellite commercial devices |
| CN103654855A (en) * | 2013-12-19 | 2014-03-26 | 海信集团有限公司 | Ultrasonic device and method for abnormality detection and recovery of ultrasonic device |
| CN104199440A (en) * | 2014-08-20 | 2014-12-10 | 中国运载火箭技术研究院 | Four-unit three-bus redundancy heterogeneous GNC (guidance navigation control) system |
| CN104698833A (en) * | 2015-01-28 | 2015-06-10 | 北京华清燃气轮机与煤气化联合循环工程技术有限公司 | Redundancy control method and redundancy control system |
| CN106774367A (en) * | 2016-12-27 | 2017-05-31 | 歌尔股份有限公司 | A kind of redundancy control method of aircraft |
| CN113110124A (en) * | 2021-03-11 | 2021-07-13 | 上海新时达电气股份有限公司 | double-MCU control method and control system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001058756A2 (en) * | 2000-02-14 | 2001-08-16 | Aerovironment Inc. | Aircraft |
| US6710739B1 (en) * | 2003-01-03 | 2004-03-23 | Northrop Grumman Corporation | Dual redundant GPS anti-jam air vehicle navigation system architecture and method |
-
2006
- 2006-10-24 CN CNB2006101139869A patent/CN100382040C/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102176202A (en) * | 2010-12-29 | 2011-09-07 | 哈尔滨工业大学 | Redundant network design circuit of satellite commercial devices |
| CN102176202B (en) * | 2010-12-29 | 2013-12-25 | 哈尔滨工业大学 | Redundant network design circuit of satellite commercial devices |
| CN103654855A (en) * | 2013-12-19 | 2014-03-26 | 海信集团有限公司 | Ultrasonic device and method for abnormality detection and recovery of ultrasonic device |
| CN103654855B (en) * | 2013-12-19 | 2015-06-03 | 海信集团有限公司 | Ultrasonic device and method for abnormality detection and recovery of ultrasonic device |
| CN104199440A (en) * | 2014-08-20 | 2014-12-10 | 中国运载火箭技术研究院 | Four-unit three-bus redundancy heterogeneous GNC (guidance navigation control) system |
| CN104199440B (en) * | 2014-08-20 | 2017-05-03 | 中国运载火箭技术研究院 | Four-unit three-bus redundancy heterogeneous GNC (guidance navigation control) system |
| CN104698833A (en) * | 2015-01-28 | 2015-06-10 | 北京华清燃气轮机与煤气化联合循环工程技术有限公司 | Redundancy control method and redundancy control system |
| CN104698833B (en) * | 2015-01-28 | 2020-01-03 | 北京华清燃气轮机与煤气化联合循环工程技术有限公司 | Redundancy control method and system |
| CN106774367A (en) * | 2016-12-27 | 2017-05-31 | 歌尔股份有限公司 | A kind of redundancy control method of aircraft |
| CN113110124A (en) * | 2021-03-11 | 2021-07-13 | 上海新时达电气股份有限公司 | double-MCU control method and control system |
| CN113110124B (en) * | 2021-03-11 | 2022-08-19 | 上海新时达电气股份有限公司 | double-MCU control method and control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100382040C (en) | 2008-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100382040C (en) | Redundant method for micro aircraft GNC system | |
| CN103149907B (en) | Hot-redundancy CAN (Controller Area Network)-bus high-fault-tolerance control terminal and method based on dual DSPs (Digital Signal Processors) | |
| CN102866690B (en) | Redundancy switching method between Redundant process control station in scattered control system | |
| CN101694588B (en) | Double 2 vote 2 active/standby control switching system and method | |
| EP3699764B1 (en) | Redundant ethernet-based secure computer system | |
| US20020120884A1 (en) | Multi-computer fault detection system | |
| CN109634171B (en) | Dual-core dual-lock-step two-out-of-two framework and safety platform thereof | |
| CN110427283B (en) | Dual-redundancy fuel management computer system | |
| CN117785614A (en) | Fault monitoring and switching method for dual-redundancy computer | |
| CN110687893A (en) | Redundant radiation monitoring upper-layer system | |
| CN109144824A (en) | The operating status display device of two-way server node | |
| CN114509981B (en) | Controller hardware redundancy control method and system | |
| CN116089176A (en) | Hot standby dual-redundancy computer control system for AUV | |
| CN111045863A (en) | Fault tolerance architecture and method for sensor data distribution network | |
| CN109814519A (en) | The method of remaining switching dual-redundancy avionics apparatus output signal | |
| CN1682194A (en) | Method for event synchronisation, especially for processors of fault-tolerant systems | |
| CN102332853A (en) | Safe shutdown apparatus and system | |
| CN115743522B (en) | Method and system for activating backup flight control system of large-sized conveyor | |
| CN114114894B (en) | Fly-by-wire backup control system and fly-by-wire backup control method | |
| CN114690617B (en) | Automatic driving automobile control system and method | |
| CN118625945A (en) | Distributed touch screen redundancy control architecture and method | |
| CN1808991A (en) | Network connectivity backup system | |
| CN114355807A (en) | High-safety 28V/open discrete magnitude output circuit | |
| US20200183385A1 (en) | Network control device and method thereof and electronic control unit for vehicle | |
| CN115877754A (en) | High-safety and high-computing-power intelligent flight control framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080416 |