JPH028938A - Duplex processor - Google Patents
Duplex processorInfo
- Publication number
- JPH028938A JPH028938A JP63159622A JP15962288A JPH028938A JP H028938 A JPH028938 A JP H028938A JP 63159622 A JP63159622 A JP 63159622A JP 15962288 A JP15962288 A JP 15962288A JP H028938 A JPH028938 A JP H028938A
- Authority
- JP
- Japan
- Prior art keywords
- signal
- output
- switching
- processing
- dual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012545 processing Methods 0.000 claims abstract description 75
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 230000009977 dual effect Effects 0.000 claims description 33
- 230000005856 abnormality Effects 0.000 abstract description 3
- 238000000034 method Methods 0.000 abstract description 3
- 238000012795 verification Methods 0.000 description 13
- 238000004092 self-diagnosis Methods 0.000 description 4
- 238000007796 conventional method Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
Landscapes
- Hardware Redundancy (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
Description
【発明の詳細な説明】
[産業上の利用分野]
この発明は、処理結果を安全性がとくに要求される制御
装置に出力するための待機式二重系処理装置に関するも
のである。DETAILED DESCRIPTION OF THE INVENTION [Industrial Application Field] The present invention relates to a standby dual system processing device for outputting processing results to a control device where safety is particularly required.
[従来の技術]
従来の待機式二重系処理装置は、第3図に示すように、
入力インタフェース2At、i算処理部2A2.出力イ
ンタフェース2 A 3からなる第一系2Aと、入力イ
ンタフェース2B1.演算処理部2B2.出力インタフ
ェース2B3からなる第二系2Bとに共通の入力情報D
iを与え、二重系管理装置2Cにより各県の演算処理部
2Az、2Bzの自己診断機能による診断結果を監視し
て、第一系から故障信号を入力しない場合は切換回路2
Dに第一系の出力インタフェース2A3を制御対象装置
2Eに接続させる(すなわち、第一系を主系とする)た
めの切換指令Caを与えて第一系2Aの処理結果DOを
制御対象装置2Eへ出力させ、また、二重系管理装置2
Cが第一系から故障信号を入力したときは、切換回路2
Dに第二系2Bの出力インタフェース2B3を制御装置
2Eに接続させるための切換指令cbを与えて、すなわ
ち、従系であった第二系を主系とする系切換を行なって
、第二系2Bの処理結果DOを制御対象装置2Eに出力
させている。[Prior Art] A conventional standby dual system processing device, as shown in Fig. 3,
Input interface 2At, i calculation processing unit 2A2. A first system 2A consisting of an output interface 2A3, and an input interface 2B1. Arithmetic processing unit 2B2. Input information D common to the second system 2B consisting of the output interface 2B3
i, the dual system management device 2C monitors the diagnosis results by the self-diagnosis function of the arithmetic processing units 2Az and 2Bz of each prefecture, and if no fault signal is input from the first system, the switching circuit 2
A switching command Ca is given to D to connect the output interface 2A3 of the first system to the controlled device 2E (that is, to make the first system the main system), and the processing result DO of the first system 2A is transferred to the controlled device 2E. output to the dual system management device 2.
When C inputs a failure signal from the first system, switching circuit 2
A switching command cb is given to D to connect the output interface 2B3 of the second system 2B to the control device 2E, that is, the system is switched from the second system which was a slave system to the main system, and the second system The processing result DO of 2B is output to the controlled device 2E.
そして、二重系管理装置2Cにより主系の記憶状態を入
力・[n報の変化時ごとに、周期的に、又はダウン時な
どに従系の演算処理部に転送し、主系になり代った従系
においてその転送された情報を用いて以後の入力情報の
処理を続行することにより、系切換時の処理の連続性を
確保している。Then, the dual system management device 2C inputs the storage status of the main system and transfers it to the processing unit of the slave system periodically or when the n-report changes, and becomes the main system. The transferred information is used in the secondary system to continue processing subsequent input information, thereby ensuring continuity of processing at the time of system switching.
[従来技術の欠点]
ところで、例えば、鉄道信号制御、踏切制御など高安全
性を要求される制御装置に二重系処理装置を適用する場
合は、系切換時に処理の連続性とともに、故障時は安全
側に保持されるフェールセーフ性が要求されるので、系
切換時に単に主系の記憶状態を従系に転送するだけの従
来方法を採用することはできない。[Disadvantages of the prior art] By the way, when a dual system processing device is applied to a control device that requires high safety, such as railway signal control or railroad crossing control, it is necessary to ensure continuity of processing when switching systems, as well as to maintain continuity in the event of a failure. Since fail-safe performance that is maintained on the safe side is required, it is not possible to adopt the conventional method of simply transferring the storage state of the main system to the slave system at the time of system switching.
つまり、各県がそれ自体でフェールセーフ性を具備して
、その出力が安全側にあっても、その記憶状態を主系か
ら従系に単に複写(転送)する過程には論理が存在しな
いので、フェールセーフ性は保証されないからである。In other words, even if each prefecture has its own fail-safe properties and its output is on the safe side, there is no logic in the process of simply copying (transferring) the memory state from the master to the slave. , fail-safety is not guaranteed.
従って、従来の二重系処理装置を安全性が要求される制
御装置に適用する場合は、系切換時の主系の記憶状態の
従系への転送自体が、フェールセーフに行なわれたか否
かをチエツクする必要があるから、二重系管理装置にそ
のための論理演算部を付加しなければならない、従って
、ハードウェアの付加及びチエツクのためのソフトウェ
ア開発が必要となるので、コストアップとなり、実際上
、実現は困雑である。Therefore, when applying a conventional dual-system processing device to a control device that requires safety, it is important to check whether the transfer of the storage state of the main system to the slave system at the time of system switching was performed in a fail-safe manner. Since it is necessary to check this, it is necessary to add a logical operation section to the dual system management device. Therefore, it is necessary to add hardware and develop software for checking, which increases costs and makes it difficult to actually Moreover, it is difficult to implement.
そのため、従来の二重系処理装置を安全性が要求される
制御装置に用いる場合は、系切換時に主系を初期化する
ことによって、処理の連続性よりも優先度の高い安全性
を確保して、処理の連続性を諦めている。Therefore, when using a conventional dual-system processing device as a control device that requires safety, safety is given a higher priority than processing continuity by initializing the main system when switching systems. Therefore, the continuity of processing is given up.
しかし、系切換時には常に主系を初期化するから、その
瞬間にシステム全体の機能が停止するので、例えば、鉄
道信号が一時的に停止現示となったり、踏切の警報器か
瞬間的に鳴動したり、遮1uIF機が瞬間的に閉鎖して
、また開放するなどの異常動作をするので、列車運行、
踏切制御に支障を与えるおそれがあった。However, since the main system is always initialized when switching systems, the entire system stops functioning at that moment. Train operations may be disrupted due to abnormal operations such as the shut-off 1uIF device momentarily closing and then opening again.
There was a risk of interfering with level crossing control.
[解決しようとする技術課題]
本発明は上記の点に鷲み、各県に簡単な構成を11加す
るだけで、系切換時に連続処理が可能か否かをチエツク
し、可能であることを確認した場合は切換後の主系の処
理結果をそのまま出力させ、連続処理が不可能であるこ
とが確認された場合は切換後の主系を初期化させること
により、系切換時に各県の有しているフェールセーフ性
を維持し、しかも、可及的に処理の連続性を確保できる
ようにすることを目自勺とする。[Technical problem to be solved] Taking the above points into account, the present invention checks whether continuous processing is possible at the time of system switching by simply adding 11 simple configurations to each prefecture, and confirms that it is possible. If confirmed, the processing results of the main system after switching are output as they are, and if it is confirmed that continuous processing is not possible, the main system after switching is initialized. The aim is to maintain the fail-safe nature of the system and ensure as much continuity of processing as possible.
[課題を解決するための手段]
この発明による待機式二重系処理装置は、各県にそれぞ
れ、(イ)他系の出力内容と自系の出力内容を照合する
照合手段と、(ロ)自系の照合手段から不一致信号を入
力し、かつ主系の故障発生時において二重系管理装置が
出力する監視信号を入力した時、自系を初期化する初期
化手段とを備えたことを特徴とする。[Means for Solving the Problems] The standby dual system processing device according to the present invention is provided in each prefecture with (a) collation means for comparing the output contents of the other system and the output contents of the own system; and (b) and initialization means for initializing the own system when a discrepancy signal is input from the own system's verification means and a monitoring signal output by the dual system management device is input when a failure occurs in the main system. Features.
[作用]
二重系管理装置は、第一系が正常である限りこれを主系
とし、かつ、第一系を制御対象装置に接続してその処理
結果を制御対象装置に出力する。[Operation] The dual system management device uses the first system as the main system as long as it is normal, connects the first system to the controlled device, and outputs the processing results to the controlled device.
第一系の自己診断機能が故障を検出して故障信号を二重
系管理装置に出力すると、二重系管理装置は第二系の初
期化手段に監視信号を与えて、そのときに第二系の照合
手段が不一致信号を出力しているか否かを調べさせると
ともに、切換回路に切換指令を与えて第二系を制御対象
装置に接続させる。When the self-diagnosis function of the first system detects a failure and outputs a failure signal to the dual system management device, the dual system management device gives a supervisory signal to the initialization means of the second system, and at that time the second system It is checked whether the verification means of the system is outputting a mismatch signal, and a switching command is given to the switching circuit to connect the second system to the device to be controlled.
第二系の照合手段は、自系の出力内容を第一系の演算処
理部より与えられている故障発生直前の出力内容と照合
する。照合結果が一致の場合は照合手段は不一致信号を
第一系の初期化手段に入力しないから、初期化手段は初
期化条件が溝たされないので、第二系はそれまでの処理
結果を用いて、以後入力する情報に対する処理を続行し
、その処理結果を出力する。The second-system collation means collates the output content of its own system with the output content immediately before the failure occurs, which is given from the first-system arithmetic processing unit. If the matching result is a match, the matching means does not input the mismatch signal to the initializing means of the first system, so the initialization conditions of the initializing means are not satisfied, so the second system uses the processing results up to that point. , continue processing the information that will be input from then on, and output the processing results.
これに対して、照合結果が不一致の場合は第二系の照合
手段は不一致信号を白糸の初期化手段に入力する。これ
により、初期化手段は初期化条件を満たされて、初期化
信号を自系の演算処理部に与えるなめ、第二系は初期化
される。従って、主系とされた第二系は以後入力する情
報に対して処理を開始し、その結果を制御対象装置に出
力する。On the other hand, if the matching results do not match, the second system matching means inputs a mismatch signal to the white thread initialization means. As a result, the initializing means satisfies the initializing conditions and supplies the initializing signal to the arithmetic processing section of its own system, so that the second system is initialized. Therefore, the second system, which has been designated as the main system, starts processing the information that will be input from now on, and outputs the results to the controlled device.
主系として稼動していた第二系に故障か発生した場合は
、二重系管理装置は第−系の初期化手段に監視信号を与
え、また切換回路に切換信号を与えて第−系を制御対象
装置に接続させる。第−系の照合手段及び初期化手段は
、上述と同様に作用する。If a failure occurs in the second system that was operating as the main system, the dual system management device gives a supervisory signal to the initialization means of the second system, and also gives a switching signal to the switching circuit to switch the second system on. Connect to the controlled device. The collation means and initialization means of the second system operate in the same manner as described above.
「この発明の実施例]
次に、この発明の実施例を第1図の図面に基いて説明す
る。Embodiments of the Invention Next, embodiments of the invention will be described based on the drawing of FIG.
この発明に係る待機式二重系処理装置が、入力インタフ
ェースIA1.演ユ処理部IA2.出力インタフェース
IA3からなる第−系IAと、入力インタフェースIB
z演算処理部IB2.出力インタフェースIB3からな
る第二系IBとに共通の入力情報Diを与え、二重系管
理装置ICにより各県の演算処理部I Az 、 I
Bzの自己診断機能による診断結果を監視して、第−系
から故障信号を入力しない場合は切換回路IDに第−系
の出力インタフェースIA3を制御対象装置IEに接続
させるための切換指令Caを与えて第−系の処理結果D
oを制御対象装置IEへ出力させ、また、二重系管理装
置ICが第−系から故障信号を入力したときは切換回路
IDに、第二系Bの出力インタフェースB3を制御対象
装置IEに接続させるための切換指令cbを与えて系切
換を行ない、第二系Bの処理結果を制御対象装置IEに
出力させる点においては、従来と異ならない。The standby dual system processing device according to the present invention has input interfaces IA1. Performance processing unit IA2. A first system IA consisting of an output interface IA3 and an input interface IB
z calculation processing unit IB2. Common input information Di is given to the second system IB consisting of the output interface IB3, and the dual system management device IC is used to control the calculation processing units IAz, I of each prefecture.
Monitor the diagnosis result by the self-diagnosis function of Bz, and if no failure signal is input from the -system, give the switching command Ca to the switching circuit ID to connect the output interface IA3 of the -system to the controlled device IE. Processing result of system D
o to the controlled device IE, and when the dual system management device IC receives a failure signal from the second system, connect the output interface B3 of the second system B to the switching circuit ID and the second system B to the controlled device IE. There is no difference from the conventional method in that system switching is performed by giving a switching command cb for switching, and the processing results of the second system B are output to the controlled device IE.
この発明による二重系処理装置においては、各県IA、
1Bの演算処理部IA2.IB2に、それぞれ他系の演
算処理部の出力内容と自系の演算処理部の出力内容を照
合する照合手段IAa、IBaと、自系の照合手段I
Aa 、 I Baか不一致信号を出力した時に他系
の故障発生時において二重系管理装置ICが出力する監
視信号At、Biを入力したとき、自系を初期化する初
期化手段IAsIB、を備えている。In the dual system processing device according to this invention, each prefecture IA,
1B arithmetic processing unit IA2. IB2 includes collation means IAa and IBa for collating the output content of the arithmetic processing unit of the other system and the output content of the arithmetic processing unit of the own system, and the collation means I of the own system.
Initialization means IAsIB is provided, which initializes the own system when inputting the monitoring signals At and Bi output by the dual system management device IC when a failure occurs in the other system when Aa, IBa or a mismatch signal is output. ing.
照合手段I Aa 、 I B4の照合対象データは単
一信号、例えばON、OFFである場合、複数のビット
で構成されたデータである場合など、処理装置の適用対
象により異なり、照合手段の構成も、これらに応じたも
のとなるが、照合結果が不一致のときのみ“1″で出力
される。The data to be verified by the verification means IAa and IB4 varies depending on the application of the processing device, such as a single signal such as ON and OFF, or data composed of multiple bits, and the configuration of the verification means also varies. , depending on these, and is output as "1" only when the verification result is a mismatch.
初期化手段IA5.IBSは、アンドゲートで構成され
、照合手段が不一致信号を出力している状態のときに二
重系管理装置より他系が故障したことを意味する監視信
号を入力すると、初期化条件が満たされて初期化信号を
自系の演算処理部に与える。Initialization means IA5. The IBS consists of an AND gate, and when a monitoring signal indicating that another system has failed is input from the dual system management device while the verification means is outputting a mismatch signal, the initialization condition is satisfied. and gives an initialization signal to the arithmetic processing section of its own system.
上記構成による作用を第2図のタイムチャートに基いて
説明する。The effect of the above configuration will be explained based on the time chart of FIG. 2.
ともに正常な第−系IAと第二系IBにこの順序で時間
差toをもって電源を投入して始動したとすると、両系
には同一の情報D1が入力されても、立上りから一定時
間t1は処理結果は一致しないから、Taの時点までは
、各県の出力内容は不一致の状態にある。Assuming that the first system IA and the second system IB, both of which are normal, are powered on and started in this order with a time difference to, even if the same information D1 is input to both systems, processing will not be completed for a certain period of time t1 after startup. Since the results do not match, the output contents of each prefecture are in a state of mismatch until the time point Ta.
しかし、各県とも故障していない場合は、二重系管理装
置ICはいずれの系の初期化手段にも監視信号Ai、B
iを出力していないので、各県の演算処理部I A2
、 I B2は初期化されずに、入力する情報D1に対
する処理を続行する。そして、情報は比較的、離散的、
閑散的に入力するので、Ta時点になると、立上りが遅
れた第二系も一致した処理結果を出力するので、両系が
正常である限りは、出力内容が一致することとなり、以
後入力する=+W報D2.D3・・・に対する処理結果
も、通常は一致するから、照合手段IAa、IBaは出
力しない。However, if there is no failure in each prefecture, the dual system management device IC sends supervisory signals Ai and B to the initialization means of either system.
Since i is not output, each prefecture's arithmetic processing unit I A2
, IB2 continues processing the input information D1 without being initialized. And information is relatively discrete,
Since input is performed sparsely, at time Ta, the second system whose rise is delayed also outputs the same processing result, so as long as both systems are normal, the output content will match, and from now on input = +W report D2. Since the processing results for D3... usually match, the collation means IAa and IBa do not output them.
また、各々の系の入力インタフェース
IA1.1B1の受信処理速度や演算処理部IA2.I
B2の処理速度の相違に基いて、新たに入力する情報に
対応する処理結果の出力タイミングにずれが生じるため
、例えば第2図の情報Da 、Dy 、Dsの入力に基
いてTb、Tcに示す時点で瞬間的に2系の出力内容が
不一致となる場合が生じ、やがて一致する。しかし、こ
の場合も、各県が正常であるから、初期化手段tAs、
IBsは出力しない。Also, the reception processing speed of the input interface IA1.1B1 of each system and the arithmetic processing unit IA2. I
Based on the difference in the processing speed of B2, there will be a shift in the output timing of the processing result corresponding to the newly input information. At this point in time, the output contents of the two systems may momentarily become inconsistent, but eventually match. However, in this case as well, since each prefecture is normal, the initialization means tAs,
IBs are not output.
そして、今、主系とされている第−系にTd時点に異常
が発生した時点で、出力内容が第二系の出力内容と一致
していない場合は、照合手段IAa、IB4か不一致信
号を初期化手段IAS、IB5に出力する。各県の演算
処理部I Az、 、 I B2はそれぞれ自己診断を
しているから演算処理部IA2は自系の異常発生時に故
障検出信号を二重系管理装置ICに与える。従って、二
重系管理装置ICは第二系の初期化手段IB、に監視信
号Biを出力するので、すでに不一致信号を入力してい
る初期化手段IB、は初期化条件を満たされて、自系の
演算処理部IB2に初期化信号Brを与える。また、二
重系管理装置ICは第−系からの故障検出信号に基いて
切換回路IDに切換信号cbを与え、それまで第−系の
出力回路IA3を制御対象装置IEに接続していたのを
、第二系の出力回路IB3を制御対象装置IEと接続さ
せて、第二系を主系とする。従って、第二系は以後入力
する情報に基いて処理を開始し、その処理結果を出力回
路IB3及び切換回路IDを経て、制御対象装置IEに
出力する。If an abnormality occurs in the second system, which is currently the main system, at time Td, and the output content does not match the output content of the second system, the matching means IAa and IB4 send a discrepancy signal. It is output to the initialization means IAS and IB5. Since the arithmetic processing units IAz, , and IB2 in each prefecture perform self-diagnosis, the arithmetic processing unit IA2 provides a failure detection signal to the dual system management device IC when an abnormality occurs in its own system. Therefore, the dual system management device IC outputs the monitoring signal Bi to the initialization means IB of the second system, so that the initialization means IB, which has already input the mismatch signal, is satisfied with the initialization condition and starts automatically. An initialization signal Br is given to the arithmetic processing unit IB2 of the system. In addition, the dual system management device IC gives a switching signal cb to the switching circuit ID based on the failure detection signal from the second system, and connects the output circuit IA3 of the second system to the controlled device IE until then. The output circuit IB3 of the second system is connected to the controlled device IE, and the second system is made the main system. Therefore, the second system starts processing based on the information to be inputted from now on, and outputs the processing result to the controlled device IE via the output circuit IB3 and the switching circuit ID.
第−系の故障に基いて監視信号Biを第二系の初期化手
段IBsに入力した時に、二つの系の出力内容か一致し
ている場合は、照合手段IB4が出力しないので、初期
化手段tB、は初期化信号を演算処理部IB2に与えな
いから、その演算処理部はそれまでの処理結果と以後入
力する情報を用いて処理を継続し、その処理結果を制御
対象装置IEに出力する。When the monitoring signal Bi is input to the initialization means IBs of the second system based on a failure of the second system, if the output contents of the two systems match, the verification means IB4 does not output, so the initialization means Since tB does not give an initialization signal to the arithmetic processing unit IB2, the arithmetic processing unit continues processing using the processing results up to that point and the information to be input thereafter, and outputs the processing results to the controlled device IE. .
第二系が、主系として稼動している間に故障を生じた場
合も、上述と同様に、照合手段IA4、初期化手段IA
5が作用し、二重系管理装置ICから監視信号Atが初
期化手段IA5に入力した時に、二重の出力内容が一致
している場合は、第−系の処理が継続されたまま主系と
され、二重の出力内容が不一致の場合は第−系の演算処
理部IA2が初期化されて主系とされる。Even if a failure occurs in the second system while it is operating as the main system, the verification means IA4 and the initialization means IA
5 is activated and the supervisory signal At is input from the dual system management device IC to the initialization means IA5, if the dual output contents match, the main system continues processing while the second system continues. If the double output contents do not match, the -th system arithmetic processing unit IA2 is initialized and becomes the main system.
[この発明の効果]
上述のように、この発明に係る二重系処理装置は、各県
にそれぞれ他系の記憶状態と自系の出力内容を照合する
照合手段と、自系の照合手段が不一致信号を出力し、か
つ他系の故障発生時において二重系管理装置が出力する
監視信号を入力した時は自系を初期化する初期化手段を
備えたものであるから、簡単な構成の付加により系切換
時の連続処理が可能か否かの判断が可能であり、照合結
果が一致の場合は切換後の主系の処理を続行し、不一致
の場合は主系を初期化するので、常に出力のフェールセ
ーフ性が確保され、かつ、処理の連続性の最大限確保が
実現さる。[Effects of the Invention] As described above, in the dual system processing device according to the present invention, each prefecture has a verification means for verifying the storage state of the other system and the output content of the own system, and a verification means for the own system. It has a simple configuration because it is equipped with an initialization means that outputs a mismatch signal and initializes its own system when the monitoring signal output by the dual system management device is input when a failure occurs in another system. By adding it, it is possible to judge whether continuous processing is possible when switching systems, and if the verification result is a match, the main system processing after switching is continued, and if there is a mismatch, the main system is initialized. Fail-safe output is always ensured, and processing continuity is ensured to the maximum extent possible.
このような二重系処理装置は鉄道信号保安設備の制御な
どに使用される。Such a dual system processing device is used for controlling railway signal safety equipment, etc.
第1図はこの発明に係る二重系処理装置の構成を概略的
に示すブロック図、第2図は作用を説明するタイムチャ
ートである。
第3図は従来の二重系処理装置の構成を概略的に示すブ
ロック図である。
1A・・・第一系、
iAl・・・人力インタフェース、
IA2・・・演算処理部、
IA3・・・出力インタフェース、
I A 4・・・照合手段、
IAS・・・初期化手段、
1B・・・第二系、
1B1・・・入力インタフェース、
IE2・・・演算処理部、
1B3・・・出力インタフェース、
IBa・・・照合手段、
1B!I・・・初期化手段、
IC・・・二重系管理装置、
Ai、Bi・・・監視信号、
Ar、Br・・・初期化信号、
ID・・・切換回路、
IE・・・制御対象装置。
J”’−一−FIG. 1 is a block diagram schematically showing the configuration of a dual system processing device according to the present invention, and FIG. 2 is a time chart explaining the operation. FIG. 3 is a block diagram schematically showing the configuration of a conventional dual system processing device. 1A...First system, iAl...Human interface, IA2...Arithmetic processing unit, IA3...Output interface, IA4...Verification means, IAS...Initialization means, 1B... -Second system, 1B1...Input interface, IE2...Arithmetic processing unit, 1B3...Output interface, IBa...Verification means, 1B! I...Initialization means, IC...Dual system management device, Ai, Bi...Monitoring signal, Ar, Br...Initialization signal, ID...Switching circuit, IE...Controlled object Device. J"'-1-
Claims (1)
手段と、 (ロ)自系の照合手段から不一致信号を入力し、かつ、
他系の故障発生時において二重系管理装置から入力する
監視信号を入力した時、自系を初期化する初期化手段と
、 を備えたことを特徴とする二重系処理装置。[Scope of Claims] Each system has: (a) a collation means for collating the output content of the other system with the output content of the own system; (b) a discrepancy signal is input from the collation means of the own system, and
A dual system processing device comprising: initialization means for initializing its own system when a monitoring signal input from a dual system management device is input when a failure occurs in the other system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP63159622A JP2885800B2 (en) | 1988-06-28 | 1988-06-28 | Dual processing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP63159622A JP2885800B2 (en) | 1988-06-28 | 1988-06-28 | Dual processing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPH028938A true JPH028938A (en) | 1990-01-12 |
| JP2885800B2 JP2885800B2 (en) | 1999-04-26 |
Family
ID=15697743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP63159622A Expired - Lifetime JP2885800B2 (en) | 1988-06-28 | 1988-06-28 | Dual processing equipment |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2885800B2 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH02171801A (en) * | 1988-12-23 | 1990-07-03 | Kyosan Electric Mfg Co Ltd | Parallel multiplex electronic interlocking device and switching method |
| WO1999065754A1 (en) * | 1998-06-19 | 1999-12-23 | Hitachi, Ltd. | Multiple system processor, controller connected to multiple system processor, and multiple system processing system |
| WO2012105089A1 (en) * | 2011-01-31 | 2012-08-09 | 三菱重工業株式会社 | Safety device, and safety device computation method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS59208652A (en) * | 1983-05-11 | 1984-11-27 | Mitsubishi Electric Corp | Digital control device |
-
1988
- 1988-06-28 JP JP63159622A patent/JP2885800B2/en not_active Expired - Lifetime
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS59208652A (en) * | 1983-05-11 | 1984-11-27 | Mitsubishi Electric Corp | Digital control device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH02171801A (en) * | 1988-12-23 | 1990-07-03 | Kyosan Electric Mfg Co Ltd | Parallel multiplex electronic interlocking device and switching method |
| WO1999065754A1 (en) * | 1998-06-19 | 1999-12-23 | Hitachi, Ltd. | Multiple system processor, controller connected to multiple system processor, and multiple system processing system |
| WO2012105089A1 (en) * | 2011-01-31 | 2012-08-09 | 三菱重工業株式会社 | Safety device, and safety device computation method |
| JP2012159956A (en) * | 2011-01-31 | 2012-08-23 | Mitsubishi Heavy Ind Ltd | Safety device and operation method for safety device |
| CN103238122A (en) * | 2011-01-31 | 2013-08-07 | 三菱重工业株式会社 | Safety device, and safety device computation method |
| US9753437B2 (en) | 2011-01-31 | 2017-09-05 | Mitsubishi Heavy Industries, Ltd. | Safety device and computation method for safety device |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2885800B2 (en) | 1999-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2017107665A1 (en) | Safety computer system for use in train control | |
| US5515282A (en) | Method and apparatus for implementing a databus voter to select flight command signals from one of several redundant asynchronous digital primary flight computers | |
| US4503496A (en) | Multi-microcomputer system with direct store access | |
| US3444528A (en) | Redundant computer systems | |
| CN107229221A (en) | Fault-tolerant mode and handoff protocol for multiple hot and cold standby redundancies | |
| JPH052571A (en) | Method of executing both-end mutual inspection of primary database and secondary database in process control system | |
| JP7179999B2 (en) | vehicle control system | |
| CN110710164A (en) | Flight control system | |
| US9002480B2 (en) | Method for operation of a control network, and a control network | |
| JPH028938A (en) | Duplex processor | |
| JP2001249701A (en) | Duplex information processor | |
| JPH07146802A (en) | Railroad safety system | |
| JPS5931738B2 (en) | Parallel triple system configuration method for computer system | |
| US10621031B2 (en) | Daisy-chain of safety systems | |
| JP2000209236A (en) | Interface unit | |
| DK157634B (en) | TWO CHANNEL MICRODATA COMPUTER UNIT, NAME FOR RAILWAY SAFETY PLANT | |
| JPH09179836A (en) | Multiplied computer and its fault detection processing method | |
| JP4550299B2 (en) | Multiplex transmission system | |
| JPH06175868A (en) | Duplex computer fault monitoring method | |
| JPH02231603A (en) | Duplex switch system | |
| JPS5812062A (en) | Output device for parallel electronic computer system | |
| JPS5941066A (en) | Method for collating data of controller | |
| JPH0898303A (en) | Information transmitting device for vehicle | |
| JPS5890201A (en) | Triple process input and output device | |
| JPS6224301A (en) | Process input and output device |