CN109448880B - Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station - Google Patents

Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station Download PDF

Info

Publication number
CN109448880B
CN109448880B CN201811114280.3A CN201811114280A CN109448880B CN 109448880 B CN109448880 B CN 109448880B CN 201811114280 A CN201811114280 A CN 201811114280A CN 109448880 B CN109448880 B CN 109448880B
Authority
CN
China
Prior art keywords
slave
control station
hot standby
redundancy control
standby redundancy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811114280.3A
Other languages
Chinese (zh)
Other versions
CN109448880A (en
Inventor
江国进
刘大鹏
石桂连
张智慧
彭立
任保华
高超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China General Nuclear Power Corp
China Techenergy Co Ltd
Original Assignee
China General Nuclear Power Corp
China Techenergy Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China General Nuclear Power Corp, China Techenergy Co Ltd filed Critical China General Nuclear Power Corp
Priority to CN201811114280.3A priority Critical patent/CN109448880B/en
Publication of CN109448880A publication Critical patent/CN109448880A/en
Application granted granted Critical
Publication of CN109448880B publication Critical patent/CN109448880B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/008Man-machine interface, e.g. control room layout
    • GPHYSICS
    • G21NUCLEAR PHYSICS; NUCLEAR ENGINEERING
    • G21DNUCLEAR POWER PLANT
    • G21D3/00Control of nuclear power plant
    • G21D3/001Computer implemented control
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Plasma & Fusion (AREA)
  • High Energy & Nuclear Physics (AREA)
  • Hardware Redundancy (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

The invention belongs to the technical field of instrument control systems of nuclear power stations, and provides a method and a system for undisturbed uninstalling of a nuclear safety level hot standby redundancy control station, aiming at solving the technical problems that in the prior art, the standby redundancy control station stops running and possibly master and slave enter fault states in the upgrading process; the method comprises the following steps: s1, connecting the hot standby redundancy control station to an engineer station downloading and checking tool; s2, receiving the download of the new version configuration, and enabling the slave to enter a downloading mode; s3, after the slave host automatically synchronizes the application data and the variable forcing state, the slave host is triggered to switch between the master and the slave; s4, receiving the download of the new version configuration from the engineer station downloading and checking tool, and controlling the slave to enter a downloading mode after switching; and S5, after the slave computer is switched and the master computer automatically synchronizes the application data and the variable forcing state, the master-slave switching is triggered. Therefore, undisturbed output of the nuclear safety level hot standby redundancy control station can be realized.

Description

Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station
Technical Field
The invention relates to the technical field of instrument control systems of nuclear power stations, in particular to the technical field of nuclear safety level hot standby redundancy control, and specifically relates to a method and a system for undisturbed downloading of a nuclear safety level hot standby redundancy control station.
Background
Compared with thermal power, nuclear power is well developed by virtue of the advantages of environmental protection, large generated energy and the like, but the safety problem of the nuclear power station becomes a very concerned problem due to the accident of the Japanese Fudao nuclear power station in 2011, so that various consideration is added to safety factors in the design process of an instrument control system of the nuclear power station. In instrument control systems such as FirmSys (harmony system) platforms, controllers are usually configured as redundancy of hot standby, and corresponding control stations are correspondingly configured as redundancy of hot standby control stations.
But the inventor finds out in the process of implementing the invention that: the controller of the hot standby redundancy control station cannot realize fault-free switching, so that when a certain hot standby redundancy control station is upgraded, the controller must be stopped to operate, and the problem that one hot standby redundancy control station in the nuclear power station protection system completely fails is caused; in addition, when the hot standby redundancy control station updates the master-slave configuration, in order to ensure that the slave is reset and restarted to a stage that the master-slave synchronization finishes the redundancy data after the slave finishes the version configuration, if the master fails, the slave also enters a failure state. Therefore, those skilled in the art are eagerly developing a technical scheme that the hot standby redundant control station can better achieve undisturbed downloading.
Disclosure of Invention
In order to solve the technical problems that in the prior art, the standby redundancy control station stops running and possibly master and slave stations enter fault states in the upgrading process, the invention provides a method and a system for undisturbed downloading of a nuclear safety level hot standby redundancy control station, which can realize undisturbed output of the nuclear safety level hot standby redundancy control station.
In order to achieve the above object, the technical solution provided by the present invention comprises:
the invention provides a method for undisturbed downloading of a nuclear safety level hot standby redundancy control station, which is characterized by comprising the following steps:
s1, setting the hot standby redundancy control station to be in a normal working state, and connecting the hot standby redundancy control station to an engineer station downloading and checking tool;
s2, receiving the download of the new version configuration from the engineer station downloading and checking tool, and controlling the slave in the hot standby redundancy control station to enter a downloading mode;
s3, placing the slave machines in the hot standby redundancy control station in a test mode to run, and triggering master-slave switching after the slave machines in the hot standby redundancy control station automatically synchronize application data and variable forcing states, so that the slave machines are switched to be switched master machines, and the master machines are switched to be switched slave machines;
s4, after the master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, receiving downloading of a new version configuration from the engineer station downloading and checking tool, and controlling a slave in the hot standby redundancy control station to enter a downloading mode after switching;
and S5, the switched slave computer in the hot standby redundancy control station is placed in a test mode to operate, and after the switched slave computer in the hot standby redundancy control station automatically synchronizes application data and variable forcing states with the switched master computer, master-slave switching is triggered, so that the switched slave computer is switched to be the master computer, and the switched master computer is switched to be the slave computer.
In a preferred implementation manner of the embodiment of the present invention, the triggering master-slave switching includes:
s11, sending a master-slave switching instruction to a host in the hot standby redundancy control station;
s12, the host machine feedback state in the hot standby redundancy control station;
s13, the master machine in the hot standby redundancy control station sends a switching request signal to the slave machine;
s14, after receiving the signal, the slave in the hot standby redundancy control station performs master rising operation and sends a switching confirmation signal to the master;
and S15, after receiving the switching confirmation signal, the host in the hot standby redundancy control station is dropped to the slave and sends state feedback.
In a preferred implementation manner of the embodiment of the present invention, when the slave in the hot standby redundancy control station is installed without disturbance, the slave is powered on or started to operate normally, and whether the current configuration versions of the slave and the master in the hot standby redundancy control station are the same is determined; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in a fault manner, and displaying error information.
In a preferred implementation manner of the embodiment of the present invention, application data between a master and a slave in the hot standby redundancy control station is output in a sorted manner according to a type and a variable name, and after adding, deleting or modifying a certain variable, other variables may also be changed accordingly; in a slave and host data synchronization stage in the hot standby redundancy control station, after the slave in the hot standby redundancy control station finishes updating the configuration and enters normal operation, data and variable forcing states are automatically synchronized from the host in the hot standby redundancy control station, when master and slave machine configuration versions in the hot standby redundancy control station are inconsistent, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data quantity, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that the slave MPU board card can remap the synchronization data according to the synchronization data mapping table, and correct synchronization of the data is realized.
In a preferred implementation manner of the embodiment of the present invention, the configuration software in the downloaded configuration software includes the offset of the network variable, which needs to be set by the user during configuration, the offset attribute of the unchanged variable cannot be changed, and the offset attribute of the newly added or modified network variable needs to be reset and cannot conflict with the offset value of the existing network variable, so that the network data of inter-station communication needs to be consistent in the master-slave switching stage and the operation stage after switching during the undisturbed downloading process.
The invention also provides a undisturbed downloading system of the nuclear safety level hot standby redundancy control station, which is characterized by comprising the following components:
the hot standby redundancy control station, the engineer station downloading and checking tool, the MPU board card and the FCU board card are subjected to configuration downloading;
the MPU board card and the FCU board card are arranged to enable the hot standby redundancy control station to be in a normal working state, and the engineer station downloading and verifying tool can be connected to the hot standby redundancy control station;
the hot standby redundancy control station is arranged to receive a download of a new version configuration from the engineer station download and verification tool, and a slave in the hot standby redundancy control station is arranged to enter a download mode;
the MPU board card is also set to be capable of placing the slave in the hot standby redundancy control station in a test mode to operate, and after the slave in the hot standby redundancy control station is set to be capable of automatically synchronizing application data and variable forcing states from the host, master-slave switching is triggered, so that the slave is switched to be the switched host, and the host is switched to be the switched slave;
after the master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, so that the hot standby redundancy control station can receive downloading of a new version configuration received from the engineer station downloading and checking tool, and a switched slave in the hot standby redundancy control station is set to enter a downloading mode;
the MPU board card is also set to be capable of placing the switched slave machines in the hot standby redundancy control station in a test mode to operate, and after the switched slave machines in the hot standby redundancy control station are in a state of automatically synchronizing application data and variables with the switched master machine, master-slave switching is triggered, so that the switched slave machines are switched into the master machine, and the switched master machine is switched into the slave machine.
In a preferred implementation manner of the embodiment of the present invention, the hot standby redundancy control station includes a processor and a memory, and the processor can load a trigger master-slave switching program in the memory and execute the following steps: the method comprises the steps that a master-slave switching instruction is sent to a master in the hot standby redundancy control station, the master in the hot standby redundancy control station feeds back the state, the master in the hot standby redundancy control station sends a switching request signal to a slave, the slave in the hot standby redundancy control station performs master-raising operation after receiving the signal and sends a switching confirmation signal to the master, and the master in the hot standby redundancy control station descends to the slave after receiving the switching confirmation signal and sends state feedback.
In a preferred implementation manner of the embodiment of the present invention, when the slave in the hot standby redundancy control station is installed without disturbance, the slave is powered on or started to operate normally, and whether the current configuration versions of the slave and the master in the hot standby redundancy control station are the same is determined; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in a fault manner, and displaying error information.
In a preferred implementation manner of the embodiment of the present invention, application data between a master and a slave in the hot standby redundancy control station is output in a sorted manner according to a type and a variable name, and after adding, deleting or modifying a certain variable, other variables may also be changed accordingly; in a slave and host data synchronization stage in the hot standby redundancy control station, after the slave in the hot standby redundancy control station finishes updating the configuration and enters normal operation, data and variable forcing states are automatically synchronized from the host in the hot standby redundancy control station, when master and slave machine configuration versions in the hot standby redundancy control station are inconsistent, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data quantity, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that the slave MPU board card can remap the synchronization data according to the synchronization data mapping table, and correct synchronization of the data is realized.
In a preferred implementation manner of the embodiment of the present invention, the configuration software in the downloaded configuration software includes the offset of the network variable, which needs to be set by the user during configuration, the offset attribute of the unchanged variable cannot be changed, and the offset attribute of the newly added or modified network variable needs to be reset and cannot conflict with the offset value of the existing network variable, so that the network data of inter-station communication needs to be consistent in the master-slave switching stage and the operation stage after switching during the undisturbed downloading process.
By adopting the technical scheme provided by the invention, at least one of the following beneficial effects can be obtained:
1. the problem that the nuclear power station needs to be upgraded during operation and simultaneously ensures undisturbed output of the system is solved, and the requirement on the overall safety performance of a nuclear power station protection system is fundamentally met.
2. In the undisturbed downloading process, the problem that a series of controllers cannot be used for a short time in the master-slave switching process can be solved through the fault-free master-slave switching process, and the hidden trouble that a control station fails in the switching failure process is eliminated.
3. The problems generated when master-slave unit configuration versions are inconsistent include: the problems of starting the slave machine, correctly synchronizing the application data and the variable forcing state between the master machine and the slave machine, communicating network data, identifying the corresponding relation of the algorithm of the new version and the old version and the data related to the time sequence and the like are further respectively provided, so that the solution can be further provided, the information can be reported in time, and a worker operator can check and process the information; therefore, when the slave is dismounted, the safety is not influenced.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure and/or process particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
Fig. 1 is a flowchart of an undisturbed download method for a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Fig. 2 is a flowchart of device operations corresponding to an undisturbed download method for a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Fig. 3 is a flowchart of an undisturbed download selection in an undisturbed download process of a nuclear safety hot standby redundancy control station according to an embodiment of the present invention.
Fig. 4 is a flow chart of a fault-free master-slave switching process in an undisturbed unmount process of a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Fig. 5 is a flowchart illustrating a slave device starting operation in an undisturbed download process of a nuclear safety hot standby redundancy control station according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of a master-slave data synchronization mapping table in an undisturbed download process of a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Fig. 7 is a schematic diagram of network data transmission between a new configuration and an old configuration in a non-interference downloading process of a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Fig. 8 is a schematic structural diagram of an undisturbed download system of a nuclear safety level hot standby redundancy control station according to an embodiment of the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided with reference to the drawings and examples, so that how to apply the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented. It should be noted that the detailed description is only for the purpose of making the invention easier and clearer for those skilled in the art, and is not intended to be a limiting explanation of the invention; moreover, as long as there is no conflict, the embodiments and the features of the embodiments of the present invention may be combined with each other, and the technical solutions formed are all within the scope of the present invention.
Additionally, the steps illustrated in the flow charts of the drawings may be performed in a control system such as a set of controller-executable instructions and, although a logical ordering is illustrated in the flow charts, in some cases, the steps illustrated or described may be performed in an order different than that illustrated herein.
The technical scheme of the invention is described in detail by the figures and the specific embodiments as follows:
examples
The embodiment provides a method for undisturbed downloading of a nuclear safety level hot standby redundancy control station, and takes a harmonic system platform as an example for explanation, and if other nuclear power station instrument control system platforms have the same or similar platform, the implementation manner provided by the embodiment may also be implemented. The definition and abbreviation of the related modules or units mentioned in this embodiment are as follows:
FirmSys is a basic platform consisting of a group of functional modules (including software, hardware and structural components) capable of realizing specific functions, and can realize a security level protection system through certain configuration, wherein the FirmSys is named as a harmony system in Chinese.
MPU: the Main Processing Unit, the Main Processing Unit and the harmony system sub-product.
HNU: High-Speed Net Communication Unit, High-Speed network Communication Unit.
LNU Low-Speed Net Communication Unit, Low-Speed network Communication Unit.
FCU: a firmware Communication Unit, a ring network Communication processing Unit.
EAST: engineer Software general control tool.
DANCE: the engineer station downloads And verifies tools.
LAOD: a download mode, an operational mode of the MPU.
NML: periodic run mode, a run mode of the MPU.
And (6) TEST: test mode, an operational mode of the MPU.
Namely MPU/HNULNU/FCU/DANCE system harmony system son products, and LOAD/NML/TEST is MPU three operation modes.
As shown in fig. 1, this embodiment provides an undisturbed download method for a nuclear safety level hot standby redundancy control station, where the undisturbed download method includes 7 stages: the method comprises the following steps of normally operating a control station, downloading a slave machine for configuration, starting the slave machine for operation, synchronizing data between the slave machine and a host machine, triggering master-slave switching, downloading the configuration of an original host machine, and completing the on-line undisturbed downloading of the control station; specifically, the method comprises the following steps:
s110, setting the hot standby redundancy control station to be in a normal working state, and connecting the hot standby redundancy control station to an engineer station downloading and checking tool;
s120, receiving the download of the new version configuration from the engineer station downloading and checking tool, and controlling the slave in the hot standby redundancy control station to enter a downloading mode;
s130, the slave machines in the hot standby redundancy control station are placed in a test mode to operate, and master-slave switching is triggered after the slave machines in the hot standby redundancy control station automatically synchronize application data and variable forcing states, so that the slave machines are switched to switched master machines, and the master machines are switched to switched slave machines;
s140, after the master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, receiving the downloading of the new version configuration from the engineer station downloading and checking tool, and controlling the slave to enter a downloading mode after the switching in the hot standby redundancy control station;
s150, the switched slave machines in the hot standby redundancy control station are placed in a test mode to operate, and after the switched slave machines in the hot standby redundancy control station automatically synchronize application data and variable forcing states with the switched master machines, master-slave switching is triggered, so that the switched slave machines are switched to be the master machines, and the switched master machines are switched to be the slave machines.
In the following, a hardware environment in the FirmSys platform is exemplified with reference to fig. 2, specifically, the method for operating the corresponding device in the undisturbed download method of the nuclear safety level hot standby redundancy control station provided in this embodiment includes:
s210, MPU integrated circuit board and FCU integrated circuit board key switch arrange the LOAD in and keep off, reset the MPU integrated circuit board: key switches of the MPU board card and the FCU board card are respectively arranged on a LOAD gear, so that the MPU board card is reset;
s220, connecting a DANCE software tool: after ensuring that the host machine and the slave machine operate normally, connecting a DANCE software tool;
s230, downloading the new version configuration, and disconnecting the DANCE: downloading the new version configuration, and disconnecting the tool connection state with the DANCE software to enable the slave to enter a downloading mode;
s240, setting the key switch position of the MPU board card in a TEST gear position, and setting the key switch of the FCU board card in an NML gear position;
s250, resetting the MPU board card: resetting the MPU board card to enable the slave to run in a TEST mode;
s260, an MPU board card and an FCU board card key switch are arranged in the LOAD to be blocked: after the slave host automatically synchronizes the application data and the variable forcing state, triggering master-slave switching, repeating the operation of S210, so that the original host (the current slave) enters a downloading mode, and upgrading the original slave to the host to enable the new version configuration to take effect;
s270, connecting a DANCE tool, downloading a new version configuration: connecting the DANCE tool, downloading the new version configuration, and updating the original host (the current slave) to the new version configuration;
s280, an MPU and an FCU board card key switch are placed in an NML gear;
s290, resetting the MPU board card: the operation of 250 is repeated, the original master (now the slave) is operating normally, and the application data and variable forcing states are synchronized.
Before the hot standby redundant control station updates the configuration, firstly, the isolation protection is carried out on downstream equipment according to the configuration modification content, in the normal operation stage of the control station, the host and the slave are normally operated, in the slave downloading configuration stage, the state of the host is normal, the slave enters a downloading mode, operation steps S210, S220 and S230 are carried out, in the starting operation stage of the slave, the host is still normally operated, after operation steps S240 and S250, the slave enters a TEST mode for operation, in the slave and host synchronous data stage, the slave automatically synchronizes the application data and the variable forcing state from the host, in the triggering master-slave switching stage, step S260 is carried out, the host enters the downloading mode, the slave is upgraded to the host, the new version configuration of the slave takes effect, in the downloading configuration of the original host, the main steps S270-S290, the original host is updated to the new version configuration, and the slave state is normally operated, and the data synchronization is carried out with the original slave (the existing host), and the original host enters the slave state and the original slave enters the host state and both the new version configuration and the slave normally operate when the online undisturbed downloading stage of the control station is completed.
As shown in fig. 3, the undisturbed download process of the nuclear safety level hot standby redundancy control station further includes determining whether undisturbed download or incremental download is required, and specifically includes:
s310, clicking and downloading by a user;
s320, the engineer station downloading and checking tool (DANCE) intelligently determines whether the downloading is complete or incremental? If the downloading is complete, S330 is executed; if the downloading is undisturbed, executing S340;
s330, executing software configuration downloading operation;
s340, continuously judging whether the basic version number is consistent with the basic version number, if so, executing a step S330, and if not, executing a step S350;
s350, prompt the user whether to continue downloading? If so, step S330 is performed, otherwise, S360 is performed.
And S360, exiting the downloading.
As shown in fig. 4, this embodiment further provides a failure-free master-slave CPU switching flowchart, and specifically, the following method for performing failure-free master-slave switching for a FirmSys hot standby redundant station in fig. 1 includes:
s401, sending a master-slave switching instruction to a host in a hot standby redundancy control station;
s402, feeding back the state of a host in the hot standby redundancy control station;
s403, the host in the hot standby redundancy control station sends a switching request signal to the slave;
s404, performing master-up operation after the slave in the hot standby redundancy control station receives the signal;
s405, sending a switching confirmation signal to a host;
s406, after receiving the switching confirmation signal, the host in the hot standby redundancy control station is reduced to a slave;
and S407, sending state feedback.
The FirmSys hot standby redundant control station fault-free switching needs a man-machine interface for manually triggering master-slave switching, and because only one RESET key is arranged on an MPU board card of the current FirmSys, the input and identification of a fault-free switching instruction are realized through the control of key time, and the fault-free switching control station fault-free switching method is specifically set as follows: pressing the RESET button for 4 seconds triggers master-slave switching, resetting an MPU board card for more than 4 seconds, and canceling the operation for more than 10 seconds, wherein the setting can be realized by modifying the processing Logic of a Complex Programmable Logic Device (CPLD) (Complex Programmable Logic device) of the RESET button; secondly, the redundancy switching Logic between the master machine and the slave machine can support the fault-free switching, so that the master machine can actively send a redundancy switching signal to the slave machine by modifying a Complex Programmable Logic Device (CPLD) (complex Programmable Logic device) and a software code, and the fault-free master-slave switching function is realized by matching with a signal line between the master machine and the slave machine.
In a preferred embodiment of this embodiment, when the slave in the hot standby redundancy control station is installed without disturbance, the slave is powered on or started to operate normally, and it is determined whether current configuration versions of the slave and the master in the hot standby redundancy control station are the same; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in case of failure and displaying error information.
More specifically, in the slave starting process provided by this embodiment: when the master-slave unit mode versions are inconsistent, the following basic condition settings are given on the starting problem processing of the slave units: firstly, the version information of the configuration included in the downloading file is positioned, and the basic version (the version before the configuration modification) is recorded as: VB, the current version of the configuration is noted as: VC; then, the slave startup condition and version correspondence information are set inside the system, specifically, as shown in fig. 5, the slave startup working method provided in this embodiment includes:
s510, electrifying/starting the slave computer: when the slave is installed without interference, the slave is electrified or started to operate normally;
s520, VC2 equal to VC1 (i.e. configuration version is the same)? The inside of the instrument control system intelligently judges whether the current configuration versions of the slave machine and the host machine are the same or not, and if the current configuration versions are the same, the judgment is the same; if so, executing S540, otherwise, executing S530;
s530, VB2 equal to VC1 (i.e. is slave master upgrade? The system internally intelligently judges whether the slave configuration version is the upgrading of the host configuration version; if so, executing S550, otherwise, executing S560;
s540, the slave machine runs normally, and the slave machine keeps a normal starting running mode;
s550, the slave runs, displays the configuration inconsistency and gives an alarm; the slave machine can normally operate, but displays that the master version and the slave version are inconsistent, and gives alarm information;
s560, suspending slave machine fault: and (5) suspending the slave machine fault and displaying error information.
The operation is only used as a preferable judgment and operation criterion when the slave computer is started, and the working state of the master computer is not influenced in the master-slave switching process, so that at least one of the master computer and the slave computer can be used when the slave computer is installed without interference, and the safety of engineering is ensured.
In a preferred embodiment of this embodiment, application data between a master and a slave in a hot standby redundancy control station is output in a sorted manner according to a type and a variable name, and after adding, deleting or modifying a certain variable, other variables are also changed accordingly; in the slave machine and host machine data synchronization stage in the hot standby redundancy control station, after the slave machine in the hot standby redundancy control station finishes updating the configuration and enters normal operation, the host machine in the hot standby redundancy control station needs to synchronize application data and a variable forcing state automatically, when the master machine and the slave machine in the hot standby redundancy control station are inconsistent in configuration version, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data amount, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that a slave machine MPU board card can remap the synchronization data according to the synchronization data mapping table, and the correct synchronization of the data is realized.
Specifically, as shown in fig. 6, a schematic diagram of a master-slave data synchronization mapping table provided in this embodiment is shown: at present, application data between a master machine and a slave machine of a FirmSys platform are arranged and transmitted in a mode of type + variable name, adding, deleting or modifying a certain variable may cause the change of the sequencing of other variables, and if the master machine and the slave machine are inconsistent in configuration version, the slave machine may analyze the application data incorrectly. When EAST compiles the configuration, a 'synchronous data mapping table' is generated according to the difference between the basic version and the current version redundancy synchronous data variable, the table comprises the address mapping relation of the unchanged variable between the two version configurations, and the slave MPU remaps the synchronous data according to the table to realize the correct synchronization of the data.
In a preferred embodiment of this embodiment, the configuration software in the downloaded configuration software includes an offset of a network variable, which needs to be set by a user during configuration, the offset attribute of the unchanged variable cannot be changed, and the offset attribute of the newly added or modified network variable needs to be reset and cannot conflict with the offset value of the existing network variable, so that network data of inter-station communication needs to be consistent in a master-slave switching stage and a running stage after switching in an undisturbed downloading process.
Specifically, as shown in fig. 7, a schematic diagram of network data transmission between new and old configurations provided in this embodiment is shown: at present, network variables of a FirmSys platform are arranged and transmitted in a mode of 'type + variable name', adding, deleting or modifying a certain variable may cause changes of other variable sequences, and the problem that the network variable sequences are affected by the added and deleted variables needs to be eliminated, so that the network variables determine the positions of the network variables in a variable list according to offset addresses instead of sequencing according to the variable names, and the positions of the variables cannot be changed by the added, deleted and modified values, and decoupling between the variables is realized.
In a further preferred embodiment of this embodiment, in the undisturbed downloading process, network data of inter-station communication needs to be kept consistent in a master-slave switching stage and a running stage after switching is triggered, so that a communication address of a network variable cannot be changed in a design principle; for this reason, the offset of the network variable is introduced into the configuration software, the configuration software needs to be set by a user, the offset attribute of the unchanged variable cannot be changed, the offset attribute of the newly added or modified network variable needs to be reset and cannot conflict with the offset value of the existing network variable, and therefore the consistency of data communication between stations is ensured; from the perspective of the whole system, the undisturbed function of network data receiving and sending is realized.
In a further preferred embodiment of this embodiment, in the undisturbed downloading process, variables related to the time sequence in the algorithm are automatically generated by algorithm software, and after the configuration is upgraded, names of the variables related to the time sequence need to be subjected to regularization processing, so that a corresponding relationship between new and old versions is found, and it is ensured that the names of the time sequence variables in the unmodified algorithm blocks do not change, and after a synchronous mapping table is generated, the time sequence variables in each instance of each algorithm block are recorded and identified by name uniqueness. For example, the undisturbed download configuration modification objects are IO variables, network variables, parameter variables and algorithms, the modification of the objects supports no disturbance, the modification of other configurations or devices does not support no disturbance, and when the device change condition is detected, compiling is prohibited. Wherein the IO variables include: AIO variable, DIO variable and CIM variable, and the network variable comprises: point-to-point network variables and ring network variables, wherein the parameter variables are all parameter variables. The modification to the algorithm mainly includes: the method comprises two aspects of algorithm variables and algorithm logic, wherein in the algorithm variables, if the same-name type variables are changed back after deletion, the algorithm variables are considered not to be changed, and no interference is supported; if only the type is changed, the variable is considered as a newly added variable, and the change is considered to be generated, so that the support is undisturbed. In the algorithm logic, the algorithm blocks are deleted and restored as they are, and the change is considered to occur, so that the undisturbed support is realized.
In a further preferred embodiment of the present invention, a configuration checking method for modifying the network variable includes: single station inspection and inter-station inspection; wherein the single-station inspection comprises: the network variable deviation boundary check and the network variable deviation repeated check are carried out, and the following defined conditions are mainly set in the network variable deviation boundary check: firstly, LNU board card network variable deviation cannot be larger than 3000; HNU board network variable skew cannot be greater than 1000. The main settings in the network variable offset duplicate check are the following constraints: firstly, the network point offsets in the same direction on the same network card are not repeated (or conflict); second, the ring network variables are offset by 4 byte alignment.
As shown in fig. 8, this embodiment further provides an undisturbed installation system for a nuclear safety level hot standby redundancy control station, where the installation system 1000 includes:
a hot standby redundancy control station 1200 to be configured and downloaded, an engineer station downloading and verifying tool 1100, an MPU board card 1210 and an FCU board card 1220; the first controller 1230 in the hot standby redundant control station 1200 to be configured and downloaded is a master controller, and the second controller 1240 in the hot standby redundant control station 1200 to be configured and downloaded is a slave controller; of course, the hot standby redundancy control station 1200 to be configured and downloaded provided in this embodiment is not limited thereto, and the MPU board 1210 and the FCU board 1220 may also be configured to exist separately from the hot standby redundancy control station 1200 to be configured and downloaded, and these different embodiments all belong to the protection scope of this embodiment;
the MPU board card 1210 and the FCU board card 1220 are arranged to enable the hot standby redundancy control station to be in a normal working state, and an engineer station downloading and checking tool can be connected to the hot standby redundancy control station;
the hot standby redundancy control station is arranged to receive a download of a new version configuration received from the engineer station downloading and verification tool, and the slave in the hot standby redundancy control station is arranged to enter a downloading mode;
the MPU board card is also set to be capable of placing the slave in the hot standby redundancy control station in a test mode to run, and after the slave in the hot standby redundancy control station is set to be capable of automatically synchronizing application data and variable forcing states from the host, master-slave switching is triggered, so that the slave is switched to the switched host, and the host is switched to the switched slave;
after master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, so that the hot standby redundancy control station can receive downloading of a new version configuration received by the engineer station downloading and checking tool, and a slave machine in the hot standby redundancy control station after switching is set to enter a downloading mode;
the MPU board card is also set to be capable of placing the switched slave machines in the hot standby redundancy control station to operate in a test mode, and after the switched slave machines in the hot standby redundancy control station automatically synchronize application data and variable forcing states from the switched master machine, master-slave switching is triggered, so that the switched slave machines are switched into the master machine, and the switched master machine is switched into the slave machine.
In a preferred embodiment of this embodiment, the hot standby redundancy control station includes a processor and a memory, and the processor can load a program for triggering master-slave switching in the memory and execute the following steps: the method comprises the steps that a master-slave switching instruction is sent to a master in a hot standby redundancy control station, the master in the hot standby redundancy control station feeds back the state, the master in the hot standby redundancy control station sends a switching request signal to a slave, the slave in the hot standby redundancy control station performs master-up operation after receiving the signal and sends a switching confirmation signal to the master, and the master in the hot standby redundancy control station descends to the slave after receiving the switching confirmation signal and sends state feedback.
In a preferred embodiment of this embodiment, when the slave in the hot standby redundancy control station is installed without disturbance, the slave is powered on or started to operate normally, and it is determined whether current configuration versions of the slave and the master in the hot standby redundancy control station are the same; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in case of failure and displaying error information.
In a preferred embodiment of this embodiment, application data between a master and a slave in a hot standby redundancy control station is output in a sorted manner according to a type and a variable name, and after adding, deleting or modifying a certain variable, other variables are also changed accordingly; in the slave machine and host machine data synchronization stage in the hot standby redundancy control station, after the slave machine in the hot standby redundancy control station finishes updating the configuration and enters normal operation, the host machine in the hot standby redundancy control station needs to synchronize application data and a variable forcing state automatically, when the master machine and the slave machine in the hot standby redundancy control station are inconsistent in configuration version, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data amount, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that a slave machine MPU board card can remap the synchronization data according to the synchronization data mapping table, and the correct synchronization of the data is realized.
In a preferred embodiment of this embodiment, the configuration software in the downloaded configuration software includes an offset of a network variable, which needs to be set by a user during configuration, the offset attribute of the unchanged variable cannot be changed, and the offset attribute of the newly added or modified network variable needs to be reset and cannot conflict with the offset value of the existing network variable, so that network data of inter-station communication needs to be consistent in a master-slave switching stage and a running stage after switching in an undisturbed downloading process.
In order to realize the downloading process, the related FirmSys main control board card is modified as follows: firstly, a downloading tool of a security level is realized, so that a control station can be connected with a maintenance tool when executing a security function; secondly, changing an embedded software architecture, monitoring and maintaining the interface state while periodically executing normal functions by the slave, receiving, analyzing, checking and storing configuration data in a plurality of periods according to an instruction of downloading data, and simultaneously ensuring that the CPU load meets requirements; thirdly, changing the synchronous content between the master and the slave, automatically synchronizing the new configuration data to the slave, and analyzing, checking and storing the configuration data by the slave; fourthly, modifying the organization mode of the network data to realize the correct synchronization of the network data when the configuration versions of the control stations are inconsistent; fifthly, modifying the storage and debugging mode of the application program (logic algorithm), distributing A, B areas in a Flash chip of the main control board card for respectively storing the basic version configuration and the current version configuration, distributing A, B areas in a memory of the main control board card for respectively storing the new version application program and the old version application program, and switching the application program between A, B areas when downloading; sixthly, modifying the data synchronization design of the master machine and the slave machine to enable the master machine to synchronize the configuration data to the slave machine in multiple cycles; and seventhly, modifying EAST Suit software, organizing and arranging application data by adopting a new rule, and realizing undisturbed switching of new and old version configurations.
In a preferred embodiment of this embodiment, during the downloading process, the forced variable point of the master needs to be synchronized to the slave. According to the redundant synchronization scheme, the mandatory value and the mandatory state of the invariant mandatory variable need to be synchronized to the slave together. Generally, one mandatory variable needs to be searched from all variables of the configuration, in the worst case, the mandatory variable needs to be searched from hundreds of thousands of data (configuration with the most variables), and the search of N mandatory variables needs N × hundreds of thousands of search times, so that the CPU load rate is greatly increased, and the CPU load rate is easily caused to exceed the standard (the CPU operation load rate required by the nuclear power plant protection system is less than 70%). Based on the problem, the embodiment designs an optimization scheme: sorting all the variables, arranging a unique ID number to each variable, assigning a numbering rule of 0, 1, 2, … … and N to each variable, and operating the ID numbers when the variables are forced, thereby saving the traversal process and solving the problem of overproof CPU load caused by forced variable synchronization under large data volume.
By adopting the technical scheme provided by the invention, at least one of the following beneficial effects can be obtained:
1. the problem that the nuclear power station needs to be upgraded during operation and simultaneously ensures undisturbed output of the system is solved, and the requirement on the overall safety performance of a nuclear power station protection system is fundamentally met.
2. In the undisturbed downloading process, the problem that a series of controllers cannot be used for a short time in the master-slave switching process can be solved through the fault-free master-slave switching process, and the hidden trouble that a control station fails in the switching failure process is eliminated.
3. The problems generated when master-slave unit configuration versions are inconsistent include: the problems of starting the slave machine, correctly synchronizing the application data and the variable forcing state between the master machine and the slave machine, communicating network data, identifying the corresponding relation of the algorithm of the new version and the old version and the data related to the time sequence and the like are further respectively provided, so that the solution can be further provided, the information can be reported in time, and a worker operator can check and process the information; therefore, when the slave is dismounted, the safety is not influenced.
4. The specific technical scheme of the fault-free master-slave switching comprises two modes of setting an external man-machine interface to trigger master-slave switching and modifying master-slave redundancy judgment and switching logic, so that the problem that a series of controllers cannot be used for a short time in master-slave switching can be solved, and the hidden trouble that a control station fails in switching failure is eliminated.
5. The technical scheme provided in the undisturbed downloading process mainly aims at the problem generated when master-slave unit configuration versions are inconsistent and comprises the following steps: the problems of starting the slave machine, correctly synchronizing the application data and the variable forcing state between the master machine and the slave machine, communicating network data, identifying the corresponding relation of the algorithm of the new version and the old version and the data related to the time sequence and the like can be well solved by the technical means involved in the invention, and timely report information is provided for operators to check and process.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be understood that the above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way. Those skilled in the art can make many changes and simple substitutions to the technical solution of the present invention without departing from the technical solution of the present invention, and the technical solution of the present invention is protected by the following claims.

Claims (8)

1. A undisturbed downloading method for a nuclear safety level hot standby redundancy control station is characterized by comprising the following steps:
s1, the hot standby redundancy control station is set in a normal working state and is connected to an engineer station downloading and checking tool;
s2, receiving the download of the new version configuration from the engineer station downloading and checking tool, and controlling the slave in the hot standby redundancy control station to enter a downloading mode;
s3, placing the slave machines in the hot standby redundancy control station in a test mode to run, and triggering master-slave switching after the slave machines in the hot standby redundancy control station automatically synchronize application data and variable forcing states, so that the slave machines are switched to be switched master machines, and the master machines are switched to be switched slave machines;
s4, after the master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, receiving downloading of a new version configuration from the engineer station downloading and checking tool, and controlling a slave in the hot standby redundancy control station to enter a downloading mode after switching;
s5, the switched slave computer in the hot standby redundancy control station is placed in a test mode to operate, and after the switched slave computer in the hot standby redundancy control station automatically synchronizes application data and variable forcing states with the switched master computer, master-slave switching is triggered, so that the switched slave computer is switched to be the master computer, and the switched master computer is switched to be the slave computer;
when the slave in the hot standby redundancy control station is installed without interference, the slave is powered on or started to operate normally, and whether the current configuration versions of the slave and the host in the hot standby redundancy control station are the same or not is judged; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in a fault manner, and displaying error information.
2. The method of claim 1, wherein the triggering the master-slave handover comprises:
s11, sending a master-slave switching instruction to a host in the hot standby redundancy control station;
s12, the host machine feedback state in the hot standby redundancy control station;
s13, the master machine in the hot standby redundancy control station sends a switching request signal to the slave machine;
s14, after receiving the signal, the slave in the hot standby redundancy control station performs master rising operation and sends a switching confirmation signal to the master;
and S15, after receiving the switching confirmation signal, the host in the hot standby redundancy control station is dropped to the slave and sends state feedback.
3. The method according to claim 1, characterized in that application data between the master and the slave in the hot standby redundancy control station are output in a sorted manner according to types and variable names, and after adding, deleting or modifying a certain variable, other variables are changed; in a slave and host data synchronization stage in the hot standby redundancy control station, after the slave in the hot standby redundancy control station finishes updating the configuration and enters normal operation, data and variable forcing states are automatically synchronized from the host in the hot standby redundancy control station, when master and slave machine configuration versions in the hot standby redundancy control station are inconsistent, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data quantity, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that the slave MPU board card can remap the synchronization data according to the synchronization data mapping table, and correct synchronization of the data is realized.
4. The method of claim 1, wherein the configuration software of the downloaded configuration software includes offsets of network variables, the configuration requires user configuration, the offset attributes of the unchanged variables cannot be changed, the offset attributes of the newly added or modified network variables need to be reset and cannot conflict with the offset attributes of the existing network variables, so that the network data of inter-station communication are consistent in the stages of triggering master-slave switching and the operation stages after switching during the undisturbed downloading process.
5. A nuclear safety level hot standby redundancy control station undisturbed downloading system is characterized by comprising:
the hot standby redundancy control station, the engineer station downloading and checking tool, the MPU board card and the FCU board card are subjected to configuration downloading;
the MPU board card and the FCU board card are arranged to be capable of placing the hot standby redundancy control station in a normal working state, and the engineer station downloading and verifying tool can be connected to the hot standby redundancy control station;
the hot standby redundancy control station is arranged to receive a download of a new version configuration from the engineer station download and verification tool, and a slave in the hot standby redundancy control station is arranged to enter a download mode;
the MPU board card is also set to be capable of placing the slave in the hot standby redundancy control station in a test mode to operate, and after the slave in the hot standby redundancy control station is set to be capable of automatically synchronizing application data and variable forcing states from the host, master-slave switching is triggered, so that the slave is switched to be the switched host, and the host is switched to be the switched slave;
after the master-slave switching of the hot standby redundancy control station, connecting the hot standby redundancy control station to an engineer station downloading and checking tool, so that the hot standby redundancy control station can receive downloading of a new version configuration received from the engineer station downloading and checking tool, and a switched slave in the hot standby redundancy control station is set to enter a downloading mode;
the MPU board card is also set to be capable of placing the switched slave machines in the hot standby redundancy control station in a test mode to operate, and after the switched slave machines in the hot standby redundancy control station are in a state of automatically synchronizing application data and variables with the switched master machine, master-slave switching is triggered, so that the switched slave machines are switched into the master machine, and the switched master machine is switched into the slave machine;
when the slave in the hot standby redundancy control station is installed without interference, the slave is powered on or started to operate normally, and whether the current configuration versions of the slave and the host in the hot standby redundancy control station are the same or not is judged; when the judgment results are the same, the slave machine keeps a normal starting operation mode; and when the judgment results are different, continuously judging whether the slave configuration version in the hot standby redundancy control station is the upgrading version of the host configuration version, if so, enabling the slave in the hot standby redundancy control station to normally operate, displaying inconsistency of master and slave versions, prompting alarm information, and if not, hanging up the slave in the hot standby redundancy control station in a fault manner, and displaying error information.
6. The system of claim 5, wherein the hot-standby redundancy control station comprises a processor and a memory, wherein the processor is capable of loading a trigger master-slave switching program in the memory and performing the following steps: the method comprises the steps that a master-slave switching instruction is sent to a master in the hot standby redundancy control station, the master in the hot standby redundancy control station feeds back the state, the master in the hot standby redundancy control station sends a switching request signal to a slave, the slave in the hot standby redundancy control station performs master-raising operation after receiving the signal and sends a switching confirmation signal to the master, and the master in the hot standby redundancy control station descends to the slave after receiving the switching confirmation signal and sends state feedback.
7. The system according to claim 5, wherein the application data between the master and the slave in the hot standby redundancy control station is output in a sorted manner according to the type and the variable name, and after adding, deleting or modifying a certain variable, other variables are changed; in a slave and host data synchronization stage in the hot standby redundancy control station, after the slave in the hot standby redundancy control station finishes updating the configuration and enters normal operation, data and variable forcing states are automatically synchronized from the host in the hot standby redundancy control station, when master and slave machine configuration versions in the hot standby redundancy control station are inconsistent, a synchronization data mapping table is generated according to the difference between the basic version and the current version redundancy synchronization data quantity, and the synchronization data mapping table comprises the address mapping relation of the variable between the two version configurations, so that the slave MPU board card can remap the synchronization data according to the synchronization data mapping table, and correct synchronization of the data is realized.
8. The system of claim 5, wherein the configuration software of the downloaded configuration software includes offsets of network variables, the configuration requires user configuration, the offset attributes of the unchanged variables cannot be changed, the offset attributes of the newly added or modified network variables need to be reset and cannot conflict with the offset attributes of the existing network variables, so that the network data of inter-station communication are consistent in the stages of triggering master-slave switching and the operation stages after switching during the undisturbed downloading process.
CN201811114280.3A 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station Active CN109448880B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811114280.3A CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811114280.3A CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Publications (2)

Publication Number Publication Date
CN109448880A CN109448880A (en) 2019-03-08
CN109448880B true CN109448880B (en) 2021-02-23

Family

ID=65533024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811114280.3A Active CN109448880B (en) 2018-09-25 2018-09-25 Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station

Country Status (1)

Country Link
CN (1) CN109448880B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109933345B (en) * 2019-03-28 2022-05-31 杭州和利时自动化有限公司 Undisturbed downloading method and related device for controller
CN109918235B (en) * 2019-05-16 2019-07-30 上海电气泰雷兹交通自动化***有限公司 A kind of method of calibration for Safety-Critical System software upgrading
CN112530615B (en) * 2019-09-18 2024-05-14 北京广利核***工程有限公司 Variable forcing method and system suitable for nuclear power station equipment
CN115202299A (en) * 2022-07-11 2022-10-18 中国核动力研究设计院 DCS system forced data-based automatic setting method, device and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004145510A (en) * 2002-10-23 2004-05-20 Oki Electric Ind Co Ltd Duplex control system
CN1710864A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Upgradable communication system and method for upgrading communication system
CN104571041A (en) * 2014-12-31 2015-04-29 重庆川仪自动化股份有限公司 Data synchronization method based on 1:1 controller redundancies
CN104898620A (en) * 2015-05-19 2015-09-09 西安晨宇环境工程有限公司 Ethernet-based redundancy control system and control method
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN108153144A (en) * 2017-11-29 2018-06-12 中核控制***工程有限公司 A kind of DCS redundant manipulators no-harass switch method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799793B2 (en) * 2005-10-05 2014-08-05 Invensys Systems, Inc. Tool for creating customized user interface definitions for a generic utility supporting on-demand creation of field device editor graphical user interfaces

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004145510A (en) * 2002-10-23 2004-05-20 Oki Electric Ind Co Ltd Duplex control system
CN1710864A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Upgradable communication system and method for upgrading communication system
CN104571041A (en) * 2014-12-31 2015-04-29 重庆川仪自动化股份有限公司 Data synchronization method based on 1:1 controller redundancies
CN104898620A (en) * 2015-05-19 2015-09-09 西安晨宇环境工程有限公司 Ethernet-based redundancy control system and control method
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN108153144A (en) * 2017-11-29 2018-06-12 中核控制***工程有限公司 A kind of DCS redundant manipulators no-harass switch method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
核电站DCS主从控制器切换后信号跳变的分析与解决;程保华 等;《现代电子技术》;20151031;第38卷(第19期);第140-142页 *
核电站安全级MELTAC软件下装方法分析应用;韩艳红 等;《仪器仪表用户》;20171031;第24卷(第10期);第72-77页 *

Also Published As

Publication number Publication date
CN109448880A (en) 2019-03-08

Similar Documents

Publication Publication Date Title
CN109448880B (en) Undisturbed downloading method and system for nuclear safety level hot standby redundancy control station
CN104571041B (en) Based on 1:The method of data synchronization of 1 controller redundancy
CN105930236A (en) Application program version returning method based on BMS Bootloaderupgrade
CN100492305C (en) Fast restoration method of computer system and apparatus
CN112477919B (en) Dynamic redundancy backup method and system suitable for train control system platform
CN109144789B (en) Method, device and system for restarting OSD
CN108153263B (en) DCS controller redundancy method and device
CN108255717B (en) Interface automation test optimization method, system, electronic device and storage medium
CN104765652B (en) A kind of data backup and data reconstruction method and device
CN111478796B (en) Cluster capacity expansion exception handling method for AI platform
CN109654666A (en) A kind of method, device and equipment for debugging unit
CN108920171A (en) Firmware update and device, electronic equipment
CN109766207A (en) Restoration methods, device, monitoring device and the storage medium of firmware remote upgrade
US11301236B2 (en) Updating components of a modular system
CN107341074B (en) A kind of abnormal restorative procedure of upgrading upgrades abnormal prosthetic device and intelligent terminal
CN103581262A (en) Master-and-backup data synchronizing method, device and system
CN109165181A (en) A kind of more boards are from configuration and task from compartment system and method
CN111984287A (en) Equipment upgrading method and system
CN113472891B (en) SDN controller cluster data processing method, equipment and medium
CN114860494A (en) SAS expander configuration self-adaptive system
CN115454832A (en) Vehicle function test case development method and related equipment
CN106896792A (en) Method of data synchronization and device
CN103106089B (en) A kind of upgrade method of intelligent platform management controller and system
CN108282366B (en) Unit data synchronization method, system and computer readable storage medium
CN106168784B (en) A kind of protective relaying device operation change processing method and control device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant