双冗余控制器的失效状态分析及面向高可靠度的设计

删除或更新信息，请邮件至freekaoyan#163.com(#换成@)

清华大学辅仁网/2017-07-07

周树桥, 李铎

清华大学核能与新能源技术研究院, 先进核能技术协同创新中心, 先进反应堆工程与安全教育部重点实验室, 北京 100084

Failure analysis of dual redundant controllers and designs for high reliability

ZHOU Shuqiao, LI Duo

Key Laboratory of Advanced Reactor Engineering and Safety of Ministry of Education, Collaborative Innovation Center of Advanced Nuclear Energy Technology, Institute of Nuclear and New Energy Technology, Tsinghua University, Beijing 100084, China

摘要:

输出: BibTeX | EndNote (RIS)

摘要冗余控制器广泛应用于核动力设施控制等对可靠度有特殊要求的场合。为有效提高双冗余控制器的可靠度，该文首先通过状态分析获得其全面的状态转移图，明确了影响可靠度的2种典型情况：“双主”冲突造成的整机失效和备机失效造成的冗余功能丧失。其次，针对上述2种情况提出了基于双通信链路的冗余切换方案和从机状态报告机制，以有效避免失效状况的发生。最后，基于Markov链建立了描述双冗余控制器可靠度的理论模型，并依据该模型对冗余控制器在改进前后的可靠度进行了分析评估。评估结果表明：所提方案可将冗余控制器的失效率降低近3个数量级。

关键词 ：冗余控制器,双主冲突,失效率,可靠度

Abstract：Redundant controllers are widely used in control systems of nuclear-powered facilities requiring high reliability. The reliability of dual-redundant controllers is improved by analyzing the controllers' possible working states in a state transition diagram. The two critical circumstances where the reliability is impaired are failures caused by dual-master collisions and the loss of redundancy resulting from the failure of a stand-by unit. To avoid these critical circumstances, this paper presents a redundant controller scheme with dual dedicated communication paths using heartbeat double checking and slave reporting. A Markov-chain model was developed to evaluate the reliability of redundant controllers and the effectiveness of this scheme. The results show that this redundant controller design significantly improves the reliability with a three orders of magnitude reduction of the failure rate.

Key words：redundant controllers dual-master collision failure rate reliability

收稿日期: 2015-09-11 出版日期: 2017-04-19

ZTFLH:

TP23

引用本文:

周树桥, 李铎. 双冗余控制器的失效状态分析及面向高可靠度的设计[J]. 清华大学学报（自然科学版）, 2017, 57(4): 399-404.
ZHOU Shuqiao, LI Duo. Failure analysis of dual redundant controllers and designs for high reliability. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 399-404.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.25.011或 http://jst.tsinghuajournals.com/CN/Y2017/V57/I4/399

图表:

图1 冗余控制器的运行状态转移图

图2 采用双心跳信号的冗余控制器硬件结构图

图3 双心跳信号下的运行状态机

图4 双冗余控制器运行状态的Markov模型

图5 心跳信号链路相关硬件模块的可靠性框图

图6 改进后冗余控制器的运行状态转移图

表1 相关失效率和修复率

图7 改进前后控制器失效率的对比

参考文献:

[1]	王鼎, 李铎. 浮动式核电站专用控制器中CPU冗余技术研究[J]. 原子能科学技术, 2010, 44(1)： 44-47.WANG Ding, LI Duo. Dual CPU redundant technique for special controller in floating nuclear power plant[J]. Atomic Energy Science and Technology, 2010, 44(1)： 44-47. (in Chinese)
[2]	方涛. 核电站数字化控制系统可靠性评价方法的研究[D]. 保定：华北电力大学, 2013.FANG Tao. Research on Nuclear Plant Digital Control System Reliability Evaluation Methodology[D]. Baoding： North China Electric Power University, 2013. (in Chinese)
[3]	刘志勇. 工业控制器可靠性若干问题的研究与开发[D]. 杭州：浙江大学, 2012.LIU Zhiyong. Research and Development of Some Issues on the Reliability of Industrial Controller[D]. Hangzhou： Zhejiang University, 2012. (in Chinese)
[4]	向婉成, 周以琳, 刘宝坤, 等. 双机冗余的多功能控制器开发研究[J]. 仪器仪表学报, 1992, 13(3)： 282-287.XIANG Wancheng, ZHOU Yilin, LIU Baokun, et al. Research on multi-function controller with redundancy microcomputer[J]. Chinese Journal of Scientific Instrument, 1992, 13(3)： 282-287. (in Chinese)
[5]	SUN Lihui, JIANG Jianwei. Design method of multi-micro-computer redundancy system based on CAN bus[C]//The 8th International Conference on Electronic Measurement and Instruments. Piscataway, NJ, USA： IEEE Press, 2007： 785-788.
[6]	王志强, 顾幸生. 飞行控制器的冗余设计[J]. 华东理工大学学报(自然科学版), 2009, 35(1)： 158-162.WANG Zhiqiang, GU Xingsheng. Redundancy design on flight controller[J]. Journal of East China University of Science and Technology (Natural Science Edition), 2009, 35(1)： 158-162. (in Chinese)
[7]	胡运德, 于伦正, 金慧军. 高危场所安全监控系统双冗余控制器的设计与实现[J]. 船海工程, 2013, 42(4)： 105-108.HU Yunde, YU Lunzheng, JIN Huijun. The design and implementation of dual redundant controllers monitoring system in risk places[J]. Ship & Ocean Engineering, 2013, 42(4)： 105-108. (in Chinese)
[8]	王鼎, 王晓伟, 徐晓冬. 一种核安全级数字化仪控系统现场控制站的冗余设计[J]. 原子能科学技术, 2013, 47(1)： 104-108. WANG Ding, WANG Xiaowei, XU Xiaodong. Redundant design of control station in digital safety I&C system for nuclear power plant[J]. Atomic Energy Science and Technology, 2013, 47(1)： 104-108. (in Chinese)
[9]	吴胜华. 分散控制系统中冗余过程控制站之间冗余切换方法：中国, 201210344828.X[P]. 2013-01-09. WU Shenghua. A Redundant Switching Scheme for the Redundant Process Control Stations of a Distributed Control System： China, 201210344828.X[P]. 2013-01-09. (in Chinese)
[10]	黄祥瑞. 可靠性工程[M]. 北京：清华大学出版社, 1990. HUANG Xiangrui. Reliability Engineering[M]. Beijing： Tsinghua University Press, 1990. (in Chinese)
[11]	郭海涛, 阳宪惠. 安全系统定量可靠性评估的Markov模型[J]. 清华大学学报(自然科学版), 2008, 48(1)： 149-152.GUO Haitao, YANG Xianhui. Quantitative reliability assessment for safety related systems using Markov models[J]. J Tsinghua Univ (Sci & Tech), 2008, 48(1)： 149-152. (in Chinese)
[12]	王伟, 赵军, 童节娟, 等. 反应堆保护系统可靠性指标的评价方法研究[J]. 原子能科学技术, 2015, 49(6)： 1101-1108.WANG Wei, ZHAO Jun, TONG Jiejuan, et al. Evaluation method of reliability indicator of reactor protection system[J]. Atomic Energy Science and Technology, 2015, 49(6)： 1101-1108. (in Chinese)

[1]	张明, 王菲, 李庆斌, 汤东升. 双曲线冷却塔施工期设计风荷载的确定[J]. 清华大学学报（自然科学版）, 2015, 55(12): 1281-1288.