[go: up one dir, main page]

CN102073284B - Dual-computer redundant embedded control system suitable for nuclear industrial robot - Google Patents

Dual-computer redundant embedded control system suitable for nuclear industrial robot Download PDF

Info

Publication number
CN102073284B
CN102073284B CN201010598280A CN201010598280A CN102073284B CN 102073284 B CN102073284 B CN 102073284B CN 201010598280 A CN201010598280 A CN 201010598280A CN 201010598280 A CN201010598280 A CN 201010598280A CN 102073284 B CN102073284 B CN 102073284B
Authority
CN
China
Prior art keywords
module
host
machine
backup
robot
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010598280A
Other languages
Chinese (zh)
Other versions
CN102073284A (en
Inventor
丑武胜
刘源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201010598280A priority Critical patent/CN102073284B/en
Publication of CN102073284A publication Critical patent/CN102073284A/en
Application granted granted Critical
Publication of CN102073284B publication Critical patent/CN102073284B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Manipulator (AREA)

Abstract

本发明公开了一种适用于核工业机器人控制的双机冗余嵌入式控制系统,该双机冗余控制系统包括有以PC 104为主控制器的主机(100)和以ARM9E为控制器的备份机(200),主机(100)和备份机(200)安装在核工业机器人上,并通过485总线与机器人驱动控制模块(400)实现电信号联接;核工业机器人通过光纤与上位机(300)实现指令信息传输。本发明设计的双机冗余控制系统中每一个模块都设置状态检测命令,在程序运行过程中不断向上位机发送状态信息,这样可以通过每个模块返回的不同的状态信息判断各模块运行状态,一旦发生故障则可以准确判断故障位置。由于可以更加精确的定位故障位置,可以为故障后机器人决策提供更优方法,同时对于机器人之后的返回检修提供了重要参考信息,以避免以后发生同样的故障。

Figure 201010598280

The invention discloses a dual-machine redundant embedded control system suitable for nuclear industry robot control. The dual-machine redundant control system includes a host computer (100) with PC 104 as the main controller and a computer with ARM9E as the controller. The backup machine (200), the main machine (100) and the backup machine (200) are installed on the nuclear industrial robot, and realize electrical signal connection with the robot drive control module (400) through the 485 bus; the nuclear industrial robot is connected with the upper computer (300 ) to realize instruction information transmission. In the dual-machine redundant control system designed by the present invention, each module is provided with a state detection command, and the state information is continuously sent to the upper computer during the program operation process, so that the operating state of each module can be judged by the different state information returned by each module , once a fault occurs, the fault location can be accurately judged. Since the location of the fault can be located more accurately, it can provide a better method for the robot to make decisions after the fault, and at the same time provide important reference information for the robot to return to repair, so as to avoid the same fault in the future.

Figure 201010598280

Description

一种适用于核工业机器人的双机冗余嵌入式控制系统A dual-machine redundant embedded control system suitable for nuclear industry robots

技术领域 technical field

本发明涉及一种核工业机器人的启用控制系统,更特别地说,是指一种具有双机冗余嵌入式控制系统的、用于启用控制核工业机器人的控制系统。The present invention relates to an activation control system of a nuclear industrial robot, more particularly, a control system for activation and control of a nuclear industrial robot with a dual-machine redundant embedded control system.

背景技术 Background technique

我国核工业是国家的战略行业,由于核工业涉及的核辐射与放射性物质具有很大的危险性,因此又是一个非常特殊的行业。我国核工业和核事件应急处理中的大量操作需要对辐射现场进行定量测量和确定污染源范围,甚至需要直接和核放射物质进行接触作业。核设施污染现场往往辐射场较强,常规防护措施难以实施或者实施后的防护效果极其有限,人员难以靠近,给调查现场测量和放射性污染处理工作造成极大困难,迫切需要采用移动机器人系统携带有关装置替代工作人员在辐射场所近距离完成相关的辐射检测和操作,以保障工作人员的健康和安全。my country's nuclear industry is a national strategic industry. Because the nuclear radiation and radioactive substances involved in the nuclear industry are very dangerous, it is also a very special industry. A large number of operations in my country's nuclear industry and emergency response to nuclear incidents require quantitative measurement of radiation sites and determination of the scope of pollution sources, and even direct contact with nuclear radioactive materials. Nuclear facility pollution sites often have strong radiation fields, conventional protective measures are difficult to implement or the protective effect is extremely limited after implementation, and it is difficult for personnel to approach, which causes great difficulties for investigation site measurement and radioactive pollution treatment. It is urgent to use mobile robot systems to carry relevant The device replaces the staff to complete the relevant radiation detection and operation at close range in the radiation site to ensure the health and safety of the staff.

在这种情况下,针对核工业的特点,研制开发专用的核辐射检测和应急处理机器人实用系统就显得尤为必要和迫切。由于核工业场所的特殊性,对于核工业机器人的可靠性与稳定性也提出了更高的要求。一方面由于核工业场所涉及的核辐射与放射性物质具有很大的危险性,机器人一旦出现故障,工作人员难以取回机器人;另一方面,核工业机器人在核辐射环境下工作,属于苛刻的工业环境,核辐射对机器人控制系统及所带导航传感装置具有很强的干扰性与破坏性,易于出现难以预料的意外。In this case, according to the characteristics of the nuclear industry, it is particularly necessary and urgent to develop a practical system for nuclear radiation detection and emergency treatment robots. Due to the particularity of nuclear industrial sites, higher requirements are put forward for the reliability and stability of nuclear industrial robots. On the one hand, due to the great danger of nuclear radiation and radioactive substances involved in nuclear industrial sites, once a robot fails, it is difficult for staff to retrieve the robot; on the other hand, nuclear industrial robots work in a nuclear radiation environment, which is a harsh industry The environment and nuclear radiation are highly disturbing and destructive to the robot control system and its navigation sensor device, and are prone to unpredictable accidents.

发明内容 Contents of the invention

由于核工业涉及的核辐射与放射性物质具有很大的危险性,核工业机器人可以替代工作人员在辐射场所近距离完成相关的检测和操作。为了保证核工业机器人较高可靠性与稳定性,本发明设计出一种以PC 104为主控制器和以ARM9E为备份控制器的适用于核工业机器人的双机冗余嵌入式控制系统(下述简称双机冗余控制系统)。该双机冗余控制系统不但能够对主机和备份机出现故障时的控制权的移交,而且还能检测出出现故障的位置,保证了核工业机器人的正常工作,提高了核工业机器人的可靠性与稳定性。Because the nuclear radiation and radioactive substances involved in the nuclear industry are very dangerous, nuclear industry robots can replace workers to complete relevant inspections and operations at close range in radiation sites. In order to ensure the higher reliability and stability of nuclear industry robots, the present invention designs a dual-machine redundant embedded control system suitable for nuclear industry robots with PC 104 as the main controller and ARM9E as the backup controller (below The description is referred to as dual-machine redundant control system). The dual-machine redundant control system can not only transfer the control right when the main machine and the backup machine fail, but also detect the location of the failure, which ensures the normal operation of the nuclear industrial robot and improves the reliability of the nuclear industrial robot and stability.

本发明的一种适用于核工业机器人的双机冗余嵌入式控制系统,该双机冗余控制系统包括有以PC 104为主控制器的主机(100)和以ARM9E为控制器的备份机(200),主机(100)和备份机(200)安装在核工业机器人上,并通过485总线与机器人驱动控制模块(400)实现电信号联接;核工业机器人通过光纤与上位机(300)实现指令信息传输;备份机(200)是在主机(100)出现故障时,才启动进入工作状态的;A kind of dual-machine redundant embedded control system applicable to the nuclear industry robot of the present invention, this dual-machine redundant control system includes the main frame (100) with PC 104 as the main controller and the backup machine with ARM9E as the controller (200), the main machine (100) and the backup machine (200) are installed on the nuclear industrial robot, and realize the electrical signal connection with the robot drive control module (400) through the 485 bus; instruction information transmission; the backup machine (200) starts to enter the working state when the main machine (100) breaks down;

主机(100)按照实现的功能或以分为网络模块(11)、图像传输模块(12)、导航模块(13)、行动驱动模块(14)和探测传感模块(15);The host computer (100) is divided into a network module (11), an image transmission module (12), a navigation module (13), an action driving module (14) and a detection and sensing module (15) according to realized functions;

备份机(200)按照实现的功能或以分为网络模块(21)、图像传输模块(22)、导航模块(23)、行动驱动模块(24)和探测传感模块(25)。The backup machine (200) is divided into a network module (21), an image transmission module (22), a navigation module (23), an action drive module (24) and a detection sensor module (25) according to realized functions.

本发明设计的双机冗余控制系统的优点在于:The advantage of the dual-machine redundant control system designed by the present invention is:

一、以往设计都是通过系统自检测判断CPU状态。一旦CPU出现故障,自检测系统也可能失效,自身状态输出不准确,导致错误漏报。本发明双机冗余控制系统正常工作时,主机100(以PC104为主控制器)获得对外上位机300的控制权,完成相应的控制任务后,并且与备份机200(以ARM9E为控制器)和上位机300定时交换信息,以判断主机100的工作状态是否正常。1. In the past, the CPU status was judged through the system self-test. Once the CPU fails, the self-detection system may also fail, and the output of its own state is inaccurate, resulting in errors and missed reports. When the dual-machine redundant control system of the present invention was working normally, the host computer 100 (using PC104 as the main controller) obtained the control right of the external upper computer 300, and after completing the corresponding control tasks, it was connected with the backup machine 200 (using ARM9E as the controller) Exchanging information with the host computer 300 regularly to determine whether the working state of the host computer 100 is normal.

二、以往设计只能判断CPU是否正常工作,无法判断具体故障的位置。本发明双机冗余控制系统按功能细分为不同模块,每一个模块都设置状态检测命令,在系统运行过程中不断向上位机300发送状态信息,这样可以通过每个模块返回的不同的状态信息判断各模块运行状态,一旦发生故障则可以准确判断故障位置。2. The previous design can only judge whether the CPU is working normally, but cannot judge the location of the specific fault. The dual-machine redundant control system of the present invention is subdivided into different modules according to functions, and each module is provided with a state detection command, and continuously sends state information to the upper computer 300 during the operation of the system, so that different states can be returned by each module The information judges the operating status of each module, and once a fault occurs, the fault location can be accurately judged.

三、本发明双机冗余控制系统设计了一种模块化组合的思想完成故障处理,通过PC104主控制器和ARM9E备份控制器之间不同模块的有效组合来完成控制任务,以实现更好的资源分配以及更高的可靠性。Three, the dual-machine redundant control system of the present invention has designed a kind of idea of modular combination to complete fault handling, and completes the control task through the effective combination of different modules between the PC104 master controller and the ARM9E backup controller, to achieve better Resource allocation and higher reliability.

四、以往设计一旦检测出CPU故障,则放弃该控制器的所有模块功能且永久失效,导致资源浪费。本发明双机冗余控制系统对于故障的控制器设计了自我恢复的功能,并且在恢复状态的同时还具备了自我学习的能力,记忆上次故障位置,以避免控制器恢复时再犯同样的错误。使整个双机冗余控制系统更加完善和全面,有效了保障系统的可靠性与安全性。4. Once a CPU fault is detected in the previous design, all module functions of the controller are abandoned and permanently invalidated, resulting in waste of resources. The dual-machine redundant control system of the present invention is designed with a self-recovery function for the faulty controller, and also has the ability of self-learning while restoring the state, remembering the last fault location, so as to avoid making the same mistake again when the controller is restored . This makes the entire dual-machine redundant control system more perfect and comprehensive, and effectively guarantees the reliability and safety of the system.

附图说明 Description of drawings

图1是本发明机器人控制系统的结构框图。Fig. 1 is a structural block diagram of the robot control system of the present invention.

图2是本发明双机冗余控制系统内部模块的结构框图。Fig. 2 is a structural block diagram of the internal modules of the dual-machine redundant control system of the present invention.

图3是本发明主机模块化组合处理故障的结构框图。Fig. 3 is a structural block diagram of the modular combination of the mainframe of the present invention to handle faults.

图4是本发明备份机模块化组合处理故障的结构框图。Fig. 4 is a structural block diagram of the modular combination of the backup machine in the present invention to handle faults.

具体实施方式 Detailed ways

下面将结合附图对本发明做进一步的详细说明。The present invention will be further described in detail below in conjunction with the accompanying drawings.

参见图1所示,本发明的一种适用于核工业机器人控制的双机冗余嵌入式控制系统(下述简称双机冗余控制系统),该双机冗余控制系统包括有以PC 104为主控制器的主机100和以ARM9E为控制器的备份机200,主机100和备份机200安装在核工业机器人上,并通过485总线与机器人驱动控制模块400实现电信号联接;核工业机器人通过光纤与上位机300实现指令信息传输。Referring to shown in Fig. 1, a kind of dual-machine redundant embedded control system (hereinafter referred to as dual-machine redundant control system) applicable to nuclear industry robot control of the present invention, this dual-machine redundant control system includes with PC 104 The host 100 as the main controller and the backup machine 200 with ARM9E as the controller, the host 100 and the backup machine 200 are installed on the nuclear industrial robot, and realize the electrical signal connection with the robot drive control module 400 through the 485 bus; the nuclear industrial robot passes The optical fiber and the host computer 300 implement instruction information transmission.

参见图2所示,主机100按照实现的功能或以分为网络模块11、图像传输模块12、导航模块13、行动驱动模块14和探测传感模块15。Referring to FIG. 2 , the host 100 is divided into a network module 11 , an image transmission module 12 , a navigation module 13 , an action driving module 14 and a detection and sensing module 15 according to the realized functions.

备份机200按照实现的功能或以分为网络模块21、图像传输模块22、导航模块23、行动驱动模块24和探测传感模块25。The backup machine 200 is divided into a network module 21 , an image transmission module 22 , a navigation module 23 , an action driving module 24 and a detection and sensing module 25 according to the realized functions.

在本发明中,为了要保证双系统(主机100和备份机200)的可靠性和稳定性,在不同的主控芯片(PC 104控制器、ARM9E控制器)上设计相同的功能模块。In the present invention, in order to ensure the reliability and stability of the dual system (main frame 100 and backup machine 200), the same functional modules are designed on different main control chips (PC 104 controller, ARM9E controller).

参见图3所示,主机100中的网络模块11每次从远程终端(核工业机器人上的一部分)接收到一组命令数据时会向上位机300发送网络模块工作正常的回复指令DA主机,简称为网络正常指令DA主机Referring to Fig. 3, when the network module 11 in the host 100 receives a group of command data from the remote terminal (a part of the nuclear industry robot), it will send a reply instruction DA host to the host computer 300 that the network module is working normally, referred to as DA host for short. Commands the DA host for network normal.

主机100中的图像传输模块12每次接收到一帧视频数据时会向上位机300发送图像传输模块工作正常的回复指令DB主机,简称为图像正常指令DB主机Every time the image transmission module 12 in the host 100 receives a frame of video data, it will send to the host computer 300 a reply command DB host that the image transmission module is working normally, referred to as the normal image command DB host .

主机100中的导航模块13每次接收到一组导航状态数据时会向上位机300发送导航模块工作正常的回复指令DC主机,简称为导航正常指令DC主机Each time the navigation module 13 in the host 100 receives a set of navigation status data, it will send a reply command DC host to the host computer 300 that the navigation module is working normally, referred to as the navigation normal command DC host .

主机100中的行动驱动模块14每次向驱动板(即机器人驱动控制模块400)发送一组命令频数据时会向上位机300发送行动驱动模块工作正常的回复指令DD主机,简称为驱动正常指令DD主机The action drive module 14 in the host 100 sends a set of command frequency data to the drive board (that is, the robot drive control module 400) every time, it will send a response command DD host that the action drive module is working normally to the host computer 300, referred to as the drive normal command for short. DD host .

主机100中的探测传感模块15每次接收到一组从探测端传来的数据时会向上位机300发送探测传感模块工作正常的回复指令DE主机,简称为传感正常指令DE主机Each time the detection and sensing module 15 in the host 100 receives a set of data from the detection end, it will send to the host computer 300 a response command DE host that the detection and sensing module is working normally, referred to as the sensing normal command DE host .

在本发明中,主机100向上位机300上传的主机-数据信息MD100-300采用集合形式表达为MD100-300={DA主机,DB主机,DC主机,DD主机,DE主机}。当在接收时间T(一般设为1秒、5秒或10秒等上传一次数据)内,若上位机300没有收到主机-数据信息MD100-300中的任意一个或多个时,则下发相应的启动备份机200指令FF备份机={FDA主机,FDB主机,FDC主机,FDD主机,FDE主机}给备份机200。由于主机100和备份机200中设置的功能模块结构是相同,故可以根据上位机300未能在设定时间T内收到的如网络正常指令DA主机、图像正常指令DB主机、导航正常指令DC主机、驱动正常指令DD主机和/或者传感正常指令DE主机进行相应的启动备份机200中的各个模块。In the present invention, the host-data information MD 100-300 uploaded by the host 100 to the host computer 300 is expressed in a collective form as MD 100-300 = {DA host , DB host , DC host , DD host , DE host }. When within the receiving time T (generally set as 1 second, 5 seconds or 10 seconds, etc. to upload data once), if the host computer 300 does not receive any one or more of the host-data information MD 100-300 , then download Send the corresponding startup backup machine 200 instruction FF backup machine ={FDA host , FDB host , FDC host , FDD host , FDE host } to the backup machine 200. Since the functional module structures set in the main machine 100 and the backup machine 200 are the same, it can be based on the host computer 300 failing to receive within the set time T, such as network normal command DA host , image normal command DB host , navigation normal command DC The host , the drive normal command DD host and/or the sensing normal command DE host start each module in the backup machine 200 accordingly.

参见图4所示,备份机200中的网络模块21每次从远程终端(核工业机器人上的一部分)接收到一组命令数据时会向上位机300发送备份-网络模块工作正常的回复指令DA备机,简称为备份-网络正常指令DA备机Referring to shown in Fig. 4, when the network module 21 in the backup machine 200 receives a group of command data from the remote terminal (a part on the nuclear industry robot) every time, it will send the backup-network module to the normal reply command DA to the host computer 300 Standby , referred to as backup-network normal command DA backup .

备份机200中的图像传输模块22每次接收到一帧视频数据时会向上位机300发送备份-图像传输模块工作正常的回复指令DB备机,简称为备份-图像正常指令DB备机The image transmission module 22 in the backup machine 200 will send a backup-image transmission module normal work reply command DB backup to the host computer 300 each time it receives a frame of video data, referred to as backup-image normal command DB backup .

备份机200中的导航模块23每次接收到一组导航状态数据时会向上位机300发送备份-导航模块工作正常的回复指令DC备机,简称为备份-导航正常指令DC备机Each time the navigation module 23 in the backup machine 200 receives a set of navigation state data, it will send a backup-navigation module normal reply command DC standby to the host computer 300, referred to as backup-navigation normal command DC standby .

备份机200中的行动驱动模块24每次向驱动板(即机器人驱动控制模块400)发送一组命令频数据时会向上位机300发送备份-行动驱动模块工作正常的回复指令DD备机,简称为备份-驱动正常指令DD备机When the action drive module 24 in the backup machine 200 sends a set of command frequency data to the drive board (ie, the robot drive control module 400), it will send a backup command to the host computer 300 to reply that the action drive module is working normally, DD standby machine for short. Command DD standby for backup-drive normal.

备份机200中的探测传感模块25每次接收到一组从探测端传来的数据时会向上位机300发送备份-探测传感模块工作正常的回复指令DE备机,简称为备份-传感正常指令DE备机Each time the detection sensor module 25 in the backup machine 200 receives a set of data from the detection end, it will send a backup-detection sensor module to the host computer 300 to reply to the normal operation command DE standby machine , referred to as backup-transmission Feel normal command DE backup machine .

本发明设计的双机冗余控制系统的工作方式为:正常工作时,主机100(以PC104为主控制器)获得对核工业机器人外设的控制权,备份机200(以ARM9E为控制器)处于待命状态。此时主机100和备份机200都运行自检测程序。当主机100发生故障时,上位机300放弃主机100对核工业机器人外设的控制权,同时将控制权移交给备份机200,从而保证在单机失效的情况下,不会引起核工业机器人系统失效。The mode of operation of the dual-machine redundant control system designed by the present invention is: during normal operation, the host computer 100 (using PC104 as the main controller) obtains the control right to the peripherals of the nuclear industry robot, and the backup machine 200 (using ARM9E as the controller) is on standby. At this moment, both the master machine 100 and the backup machine 200 run the self-testing program. When the main machine 100 fails, the upper computer 300 gives up the control right of the main machine 100 to the peripherals of the nuclear industrial robot, and at the same time transfers the control right to the backup machine 200, so as to ensure that the failure of the single machine will not cause the failure of the nuclear industrial robot system .

在本发明中,上位机300是一工控机,该工控机选用研华公司生产的PCM-9380工控机。In the present invention, the upper computer 300 is an industrial computer, and the industrial computer is PCM-9380 industrial computer produced by Advantech.

在本发明中,网络模块11和网络模块21都是用于实现对核工业机器人采集到的数据信息进行上传,以及指令的下发。网络模块21是在主机100中任意一(图像传输模块12、导航模块13、行动驱动模块14和传感器模块15)模块出现故障时,并通过上位机300下发备份机网络启动指令FDA主机时才执行的。In the present invention, both the network module 11 and the network module 21 are used to realize uploading of data information collected by nuclear industry robots and issuing instructions. The network module 21 is when any one (image transmission module 12, navigation module 13, action drive module 14 and sensor module 15) module breaks down in the host computer 100, and sends the backup machine network start-up command FDA host computer through the host computer 300. implemented.

在本发明中,图像传输模块12和图像传输模块22都是用于实现对核工业机器人所在环境的景物进行实时采集,并将获取的图像信息上传给上位机300。图像传输模块22是在图像传输模块12出现故障时,并通过上位机300下发备份机图像启动指令FDB主机时才执行的。In the present invention, both the image transmission module 12 and the image transmission module 22 are used to realize real-time acquisition of the environment where the nuclear industry robot is located, and upload the acquired image information to the upper computer 300 . The image transmission module 22 is executed when the image transmission module 12 breaks down and the host computer 300 sends the backup machine image startup command to the FDB master .

在本发明中,导航模块13和导航模块23用于实现自身位置的定位,并将自身位置信息上传给上位机300。导航模块23是在导航模块13出现故障时,通过上位机300下发的备份机导航启动指令FDC主机时才执行。导航模块13和导航模块23可以选用GPS、陀螺仪等。In the present invention, the navigation module 13 and the navigation module 23 are used to realize the positioning of its own position, and upload the information of its own position to the upper computer 300 . The navigation module 23 is executed when the navigation module 13 breaks down and the backup machine navigation start command issued by the host computer 300 is executed to the FDC master . The navigation module 13 and the navigation module 23 can use GPS, gyroscope and so on.

在本发明中,行动驱动模块14和行动驱动模块24用于实现对核工业机器人的行动进行控制。行动驱动模块24是在行动驱动模块14出现故障时,通过上位机300下发的备份机行动启动指令FDD主机时才执行。In the present invention, the action driving module 14 and the action driving module 24 are used to control the action of the nuclear industrial robot. The action drive module 24 is executed only when the action drive module 14 fails and the backup machine action start instruction issued by the host computer 300 is executed to the FDD master .

在本发明中,传感器模块15和传感器模块25用于实现对核工业机器人所在环境中核泄漏的相关信息进行采集,并将采集的信息上传给上位机300。传感器模块25是在主机100中的图像传输模块12、导航模块13、行动驱动模块14、传感器模块15中任意一个出现故障时,通过上位机300下发的备份机传感启动指令FDE主机时才执行。In the present invention, the sensor module 15 and the sensor module 25 are used to collect information related to nuclear leakage in the environment where the nuclear industrial robot is located, and upload the collected information to the upper computer 300 . The sensor module 25 is when any one of the image transmission module 12, the navigation module 13, the action drive module 14, and the sensor module 15 in the host computer 100 breaks down, and the backup machine sensing and starting instruction FDE issued by the host computer 300 is activated. implement.

上位机300为了实时接收到主控制器100上传的多个信息MD100-300={DA主机,DB主机,DC主机,DD主机,DE主机}来判断主控制器处于正常的工作状态下,若在接收时间T内,上位机300未收到主控制器100中某一模块上传的信息,则认为主控制器中的该模块出现了故障,此时,上位机300需要向备份控制器200发出相应的启用信息来启用与主控制器相同结构的模块。In order to receive multiple information MD 100-300 ={DA mainframe , DB mainframe , DC mainframe , DD mainframe , DE mainframe } to receive the multiple information MD 100-300 that main controller 100 uploads in real time, upper computer 300 judges that main controller is under the normal working state, if Within the receiving time T, if the upper computer 300 does not receive the information uploaded by a certain module in the main controller 100, it is considered that the module in the main controller has failed. At this time, the upper computer 300 needs to send a message to the backup controller 200. The corresponding enabling information is used to enable the modules with the same structure as the main controller.

在本发明中,接收时间T可以定为1秒、5秒或10秒等。In the present invention, the receiving time T can be set to 1 second, 5 seconds or 10 seconds, etc.

在本发明中,主控制器采用PC104标准工业计算机。In the present invention, the main controller adopts PC104 standard industrial computer.

在本发明中,备份控制器采用ARM9E为内核的嵌入式控制器。In the present invention, the backup controller adopts the embedded controller with ARM9E as the core.

在本发明中,机器人驱动控制模块通过RS485总线分别与主控制器和备份控制器通讯,用于实现对核工业机器人的行为控制。In the present invention, the robot drive control module communicates with the main controller and the backup controller respectively through the RS485 bus, and is used to realize the behavior control of the nuclear industry robot.

本发明设计的双机冗余控制系统中每一个模块都设置状态检测命令,在程序运行过程中不断向上位机发送状态信息,这样可以通过每个模块返回的不同的状态信息判断各模块运行状态,一旦发生故障则可以准确判断故障位置。由于可以更加精确的定位故障位置,可以为故障后机器人决策提供更优方法,同时对于机器人之后的返回检修提供了重要参考信息,以避免以后发生同样的故障。In the dual-machine redundant control system designed by the present invention, each module is provided with a state detection command, and the state information is continuously sent to the upper computer during the program operation process, so that the operating state of each module can be judged by the different state information returned by each module , once a fault occurs, the fault location can be accurately judged. Since the location of the fault can be located more accurately, it can provide a better method for the robot to make decisions after the fault, and at the same time provide important reference information for the robot to return to repair, so as to avoid the same fault in the future.

以往的双机冗余故障检测只能单纯的判断CPU是否工作正常,并没有判断故障的具体位置。实际中虽然有些功能模块出现故障但并不影响CPU工作,因此容易出现两种问题:状态信息显示CPU工作正常而实际上某些功能模块已经失效,导致故障漏报;某功能模块出现故障但不影响正常工作,但由于该功能模块故障,状态信息报告CPU错误,以至于放弃整个控制器的其它所有功能模块,导致资源浪费。In the past, dual-machine redundancy fault detection can only simply judge whether the CPU is working normally, and does not judge the specific location of the fault. In practice, although some functional modules fail, they do not affect the work of the CPU. Therefore, two problems are prone to occur: the status information shows that the CPU is working normally, but in fact some functional modules have failed, resulting in missed fault reports; Normal work is affected, but due to the failure of this functional module, the status information reports a CPU error, so that all other functional modules of the entire controller are abandoned, resulting in waste of resources.

基于以上考虑本发明设计将整个控制器功能分为不同功能模块,包括有如图2所示的多个模块,根据功能模块的重要性采用不同的处理方法。Based on the above considerations, the design of the present invention divides the entire controller function into different functional modules, including multiple modules as shown in Figure 2, and adopts different processing methods according to the importance of the functional modules.

①关键模块为网络通讯模块。网络通讯模块是连接上位机与机器人的纽带,一旦网络断开,上位机将无法发送命令至机器人,整个机器人将失去控制。① The key module is the network communication module. The network communication module is the link between the host computer and the robot. Once the network is disconnected, the host computer will not be able to send commands to the robot, and the entire robot will lose control.

处理方法:在PC104主机控制软件中,PC104每接受到一组命令数据,一方面向上位机发送状态信息以报告网络连接状态,另一方面也向ARM备份机发送网络连接状态信息。一旦ARM备份控制器查询到PC104主控制器网络通讯功能模块出现故障,则ARM控制器直接切换为主机,连接上位机,并接管控制权。而PC 104则进入自我恢复状态,并切换为从机待命。Solution: In the PC104 host control software, every time PC104 receives a set of command data, it sends status information to the host computer to report the network connection status, and also sends network connection status information to the ARM backup machine on the other hand. Once the ARM backup controller inquires that the network communication function module of the PC104 main controller fails, the ARM controller will directly switch to the master, connect to the host computer, and take over the control. And PC 104 then enters self-recovery state, and switches to slave machine standby.

②非关键模块为控制底层驱动模块、图像传输模块、导航模块、探测传感器模块。以上模块失效时虽然也会影响机器人正常工作,但不会导致机器人彻底失控。② The non-key modules are control bottom drive module, image transmission module, navigation module and detection sensor module. Although the failure of the above modules will affect the normal operation of the robot, it will not cause the robot to completely lose control.

处理方法:当PC104主机中某非关键模块出现故障时,上位机接受到该模块的故障状态信息,并进行决策:一方面,向PC104发送中断执行条件,使故障模块停止工作。以避免故障模块继续执行以导致内存冲突、死机、程序跑飞而造成整个CPU崩溃。另一方面,向ARM发送启动执行条件,以启动PC104发生故障模块在ARM中相同的功能模块,将该功能切换到ARM中执行,上位机从ARM控制器中接受相关的数据、图像等信息。Processing method: When a non-critical module in the PC104 host fails, the host computer receives the fault status information of the module and makes a decision: On the one hand, it sends an interrupt execution condition to the PC104 to stop the faulty module from working. In order to avoid the continued execution of the faulty module to cause memory conflicts, crashes, and program runaways and cause the entire CPU to crash. On the other hand, send start-up execution conditions to ARM to start the same function module in ARM as the faulty module of PC104, switch this function to ARM for execution, and the upper computer receives relevant data, images and other information from the ARM controller.

一旦PC104与ARM两相同模块均失效,表明该功能模块设计上存在问题,则返回检修。Once the two same modules of PC104 and ARM fail, it indicates that there is a problem in the design of the functional module, and then return to overhaul.

优点:可以使机器人发生失效概率大大减小。Advantages: It can greatly reduce the probability of robot failure.

证明:假设网络通讯模块、控制底层模块、图像传输模块、导航模块、探测传感器模块这五个模块的故障概率均为20%,正常工作概率为80%。Proof: Assume that the five modules of the network communication module, the control bottom module, the image transmission module, the navigation module, and the detection sensor module have a failure probability of 20%, and a normal working probability of 80%.

以往双机冗余系统:如果单纯只判断CPU是否故障状态,五个模块均正常工作时CPU无故障,一个CPU正常工作概率为P1=(0.8)5=0.32768,则机器人失效概率为两个CPU均故障概率为P=(1-P1)2=0.45201In the past dual-machine redundant system: if we only judge whether the CPU is faulty or not, and the CPU is not faulty when all five modules are working normally, the probability of one CPU working normally is P 1 = (0.8) 5 = 0.32768, and the probability of robot failure is two The average CPU failure probability is P=(1-P 1 ) 2 =0.45201

本发明设计的双机冗余系统:如果采用模块化组合方法,假设网络通讯模块、控制底层模块、图像传输模块、导航模块、探测传感器模块这五个模块的故障概率均为20%,某模块失效概率为PC104与ARM该模块均失效概率P1=(0.2)2=0.04,机器人正常工作概率为五个模块均正常工作概率P2=(1-P1)5=0.81537,机器人失效概率P=1-P1=0.18463。The dual-machine redundant system designed by the present invention: if the modular combination method is adopted, assuming that the failure probability of the five modules of the network communication module, the control bottom module, the image transmission module, the navigation module, and the detection sensor module is 20%, a certain module The failure probability is the average failure probability of PC104 and ARM modules P 1 =(0.2) 2 =0.04, the normal operation probability of the robot is the normal operation probability of five modules P 2 =(1-P 1 ) 5 =0.81537, the robot failure probability P =1-P 1 =0.18463.

本发明设计将机器人故障分为功能模块故障与CPU故障,功能模块故障处理方法前文已经介绍,而CPU一旦出现故障属于重大错误,自我恢复与自我学习功能的设计主要是针对CPU故障。本发明设计定义机器人失效并返回检修条件:PC104与ARM两相同模块均失效或者PC104与ARM各发生过一次CPU故障。The design of the present invention divides robot faults into functional module faults and CPU faults. The processing method for functional module faults has been introduced above. Once a CPU fault occurs, it is a major error. The design of self-recovery and self-learning functions is mainly for CPU faults. The present invention designs and defines the condition that the robot fails and returns to maintenance: PC104 and ARM have two identical modules that fail or PC104 and ARM each have a CPU failure.

当PC104发生CPU故障时,一方面将控制权切换到ARM控制器,然后PC104重新上电,恢复网络通讯功能模块,保持与上位机连通状态,且切换为从机,处于待命状态。另一方面定位引起CPU故障的功能模块,储存记忆故障位置,并且当PC104再次恢复时该故障功能模块将强制永久失效,不再启用。When the PC104 has a CPU failure, on the one hand, the control right is switched to the ARM controller, and then the PC104 is powered on again, the network communication function module is restored, and the connection with the upper computer is maintained, and it is switched to a slave, in a standby state. On the other hand, locate the functional module causing the CPU failure, store and remember the fault location, and when the PC 104 recovers again, the faulty functional module will be forced to fail permanently and will no longer be enabled.

当ARM再出现故障时有三种情况:情况一、ARM出现CPU故障,切换到PC104控制权,且满足失效条件2,报告上位机,返回检修;情况二、ARM控制器出现与PC104相同的功能模块故障,由于PC104该模块已经强制永久失效,满足失效条件1,报告上位机,返回检修;情况三、ARM控制器出现与PC104不同的功能模块故障,由前文模块化组合方法所述,PC 104将接管过该模块功能,机器人依然正常运行。When ARM fails again, there are three situations: Situation 1, ARM has a CPU failure, switches to PC104 control, and meets the failure condition 2, reports to the host computer, and returns for maintenance; Situation 2, ARM controller has the same function module as PC104 Fault, because the PC104 module has been forced to permanently fail, meet the failure condition 1, report to the host computer, and return for maintenance; case three, the ARM controller has a functional module failure different from that of the PC104, as described in the modular combination method above, the PC 104 will After taking over the function of this module, the robot still runs normally.

这样设计方法的优点是:以往设计方法一旦两CPU均故障,机器人则彻底失效。而采用自我恢复与自我学习思想,储存记忆故障位置,并且当PC104再次恢复时强制该故障功能模块永久失效,不再启用的方法,一旦达到机器人失效条件,如上文情况一和二,虽然机器人某模块失效,但机器人CPU依然可以正常运转,不至于彻底失控,上位机可以控制机器人返回检修。The advantage of this design method is that once the two CPUs fail in the previous design method, the robot will fail completely. However, the self-recovery and self-learning idea is used to store and remember the fault location, and when the PC104 recovers again, the fault function module is forced to fail permanently and is no longer enabled. The module fails, but the CPU of the robot can still operate normally, and it will not completely lose control. The host computer can control the robot to return for maintenance.

网络通讯模块:由于网络通讯是连接上位机与机器人的纽带,一旦网络断开,上位机将无法发送命令至机器人,整个机器人将彻底失去控制,因此该功能至关重要。基于以上考虑在机器人设计中除了采用光纤通讯外,另外还备份了无线网络通讯模块,一旦光纤通讯失效,无线网络通讯模块将接管过连接上位机与机器人的任务,保障机器人的安全。Network communication module: Since network communication is the link between the host computer and the robot, once the network is disconnected, the host computer will not be able to send commands to the robot, and the entire robot will be completely out of control, so this function is very important. Based on the above considerations, in addition to using optical fiber communication in the design of the robot, a wireless network communication module is also backed up. Once the optical fiber communication fails, the wireless network communication module will take over the task of connecting the upper computer and the robot to ensure the safety of the robot.

控制底层模块:当机器人满足失效条件时,上位机将控制机器人返回检修。底层驱动模块是控制机器人前进、转弯等运动的模块,是机器人返回检修的基本保证,因此也属于十分重要的部分。基于以上考虑在机器人每个关节电机上装有编码器,编码器将反馈各执行电机的状态到控制器,再返回到上位机,一旦控制底层驱动模块出现故障,上位机可以更好的判断故障原因与位置,从而做出最优决策。Control the underlying module: When the robot meets the failure conditions, the upper computer will control the robot to return to maintenance. The underlying drive module is the module that controls the movement of the robot such as forward and turning, and is the basic guarantee for the robot to return for maintenance, so it is also a very important part. Based on the above considerations, an encoder is installed on each joint motor of the robot. The encoder will feed back the state of each execution motor to the controller, and then return to the host computer. Once the control bottom drive module fails, the host computer can better judge the cause of the failure. and location to make an optimal decision.

Claims (4)

1.一种适用于核工业机器人的双机冗余嵌入式控制系统,其特征在于:该双机冗余嵌入式控制系统包括有以PC104为主控制器的主机(100)和以ARM9E为控制器的备份机(200),主机(100)和备份机(200)安装在核工业机器人上,并通过485总线与机器人驱动控制模块(400)实现电信号联接;核工业机器人通过光纤与上位机(300)实现指令信息传输;备份机(200)是在主机(100)出现故障时,才启动进入工作状态的。1. A dual-machine redundant embedded control system applicable to nuclear industry robots is characterized in that: this dual-machine redundant embedded control system includes a mainframe (100) with PC104 as the main controller and ARM9E as the control The backup machine (200) of the device, the main machine (100) and the backup machine (200) are installed on the nuclear industrial robot, and realize the electrical signal connection with the robot drive control module (400) through the 485 bus; the nuclear industrial robot is connected with the upper computer through the optical fiber (300) realizes instruction information transmission; the backup machine (200) starts to enter the working state when the main machine (100) breaks down. 2.根据权利要求1所述的一种适用于核工业机器人的双机冗余嵌入式控制系统,其特征在于:主机(100)按照实现的功能分为网络模块(11)、图像传输模块(12)、导航模块(13)、行动驱动模块(14)和探测传感模块(15);2. a kind of double-machine redundant embedded control system that is applicable to nuclear industry robot according to claim 1 is characterized in that: main frame (100) is divided into network module (11), image transmission module ( 12), navigation module (13), action drive module (14) and detection sensing module (15); 网络模块(11)每次从核工业机器人上的远程终端接收到一组命令数据时会向上位机(300)发送网络正常指令DA主机When the network module (11) receives a group of command data from the remote terminal on the nuclear industry robot, it will send the network normal command DA host to the host computer (300); 图像传输模块(12)每次接收到一帧视频数据时会向上位机(300)发送图像正常指令DB主机The image transmission module (12) will send the image normal instruction DB host to the upper computer (300) each time it receives a frame of video data; 导航模块(13)每次接收到一组导航状态数据时会向上位机(300)发送导航正常指令DC主机The navigation module (13) will send a navigation normal instruction DC host to the host computer (300) each time it receives a set of navigation status data; 行动驱动模块(14)每次向机器人驱动控制模块(400)发送一组命令频数据时会向上位机(300)发送驱动正常指令DD主机When the action drive module (14) sends a group of command frequency data to the robot drive control module (400) each time, it will send the drive normal command DD host to the host computer (300); 探测传感模块(15)每次接收到一组从探测端传来的数据时会向上位机(300)发送传感正常指令DE主机The detection sensing module (15) will send a sensing normal command DE host to the host computer (300) each time it receives a set of data from the detection end. 3.根据权利要求1所述的一种适用于核工业机器人的双机冗余嵌入式控制系统,其特征在于:备份机(200)按照实现的功能分为网络模块(21)、图像传输模块(22)、导航模块(23)、行动驱动模块(24)和探测传感模块(25);3. a kind of dual-machine redundant embedded control system applicable to nuclear industry robots according to claim 1 is characterized in that: backup machine (200) is divided into network module (21), image transmission module according to the function realized (22), navigation module (23), action drive module (24) and detection sensing module (25); 网络模块(21)每次从核工业机器人上的远程终端接收到一组命令数据时会向上位机(300)发送备份-网络正常指令DA备机The network module (21) will send a backup-network normal command DA backup to the host computer (300) each time it receives a set of command data from the remote terminal on the nuclear industry robot; 图像传输模块(22)每次接收到一帧视频数据时会向上位机(300)发送备份-图像正常指令DB备机The image transmission module (22) will send a backup-image normal command DB backup to the upper computer (300) each time it receives a frame of video data; 导航模块(23)每次接收到一组导航状态数据时会向上位机(300)发送备份-导航正常指令DC备机The navigation module (23) will send a backup-navigation normal command DC backup to the upper computer (300) each time it receives a set of navigation status data; 行动驱动模块(24)每次向机器人驱动控制模块(400)发送一组命令频数据时会向上位机(300)发送备份-驱动正常指令DD备机When the action drive module (24) sends a group of command frequency data to the robot drive control module (400) each time, it will send a backup-drive normal command DD standby machine to the upper computer (300); 探测传感模块(25)每次接收到一组从探测端传来的数据时会向上位机(300)发送备份-传感正常指令DE备机The detection sensing module (25) will send a backup-sensing normal command DE backup to the host computer (300) each time it receives a set of data from the detection end. 4.根据权利要求1或2或3所述的一种适用于核工业机器人的双机冗余嵌入式控制系统,其特征在于:在接收时间T内,若上位机(300)没有收到主机(100)上传的主机-数据信息MD100-300={DA主机,DB主机,DC主机,DD主机,DE主机}中的任意一个或多个时,则下发相应的启动备份机指令FF备份机={FDA主机,FDB主机,FDC主机,FDD主机,FDE主机}给备份机(200)。4. A kind of dual-machine redundant embedded control system applicable to nuclear industry robots according to claim 1, 2 or 3, characterized in that: within the receiving time T, if the upper computer (300) does not receive the host (100) Uploaded host-data information MD 100-300 = {DA host , DB host , DC host , DD host , DE host } when any one or more, then issue the corresponding start backup machine command FF backup Machine ={FDA host , FDB host , FDC host , FDD host , FDE host } to the backup machine (200).
CN201010598280A 2010-12-21 2010-12-21 Dual-computer redundant embedded control system suitable for nuclear industrial robot Expired - Fee Related CN102073284B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010598280A CN102073284B (en) 2010-12-21 2010-12-21 Dual-computer redundant embedded control system suitable for nuclear industrial robot

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010598280A CN102073284B (en) 2010-12-21 2010-12-21 Dual-computer redundant embedded control system suitable for nuclear industrial robot

Publications (2)

Publication Number Publication Date
CN102073284A CN102073284A (en) 2011-05-25
CN102073284B true CN102073284B (en) 2012-10-10

Family

ID=44031858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010598280A Expired - Fee Related CN102073284B (en) 2010-12-21 2010-12-21 Dual-computer redundant embedded control system suitable for nuclear industrial robot

Country Status (1)

Country Link
CN (1) CN102073284B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102681548B (en) * 2012-05-16 2014-09-10 东南大学 Movement control way for wheeled robot for seeking nuclear radiation source
CN103199972B (en) * 2013-03-25 2016-04-20 成都瑞科电气有限公司 The two-node cluster hot backup changing method realized based on SOA, RS485 bus and hot backup system
CN105610625A (en) * 2016-01-04 2016-05-25 杭州亚美利嘉科技有限公司 Robot terminal network abnormity self-recovery method and device
CN106027281B (en) * 2016-04-26 2018-11-30 北京光年无限科技有限公司 Network detecting method and system towards intelligent robot operating system
JP7211948B2 (en) * 2016-08-31 2023-01-24 北京▲術▼▲鋭▼技▲術▼有限公司 Surgery support robot system and its failure detection method
CN106272554B (en) * 2016-08-31 2018-08-07 北京术锐技术有限公司 A kind of operating robot operating status fault detection method
CN106950992A (en) * 2017-04-27 2017-07-14 广东容祺智能科技有限公司 A kind of unmanned plane flies control redundant system and its method
CN107901036A (en) * 2017-10-25 2018-04-13 深圳市朗驰欣创科技股份有限公司 A kind of redundancy control system and control method for robot
CN108908402B (en) * 2018-07-06 2023-03-21 浙江国自机器人技术股份有限公司 Robot hardware detection method and system
CN110208675A (en) * 2019-05-15 2019-09-06 杭州电子科技大学 A kind of circuit board detection method based on dual systems
CN110193831A (en) * 2019-05-27 2019-09-03 深圳市杰思谷科技有限公司 A kind of control ensuring equipment and control method servicing humanoid robot
CN116728421B (en) * 2023-08-14 2023-10-27 深圳市倍联德实业有限公司 Remote control method, system, terminal and storage medium for manipulator

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101850550B (en) * 2010-05-24 2011-09-28 哈尔滨工业大学 Robot joint redundancy control system and control method thereof

Also Published As

Publication number Publication date
CN102073284A (en) 2011-05-25

Similar Documents

Publication Publication Date Title
CN102073284B (en) Dual-computer redundant embedded control system suitable for nuclear industrial robot
CN110351174B (en) Module redundancy safety computer platform
CN103955188B (en) Control system and method supporting redundancy switching function
CN106740992B (en) It is a kind of to multiply the two five-wire system turnout drive systems for taking two frameworks based on two
CN110376876B (en) Double-system synchronous safety computer platform
CN106740991A (en) It is a kind of to be based on two and multiply two four/six line turnout drive systems for taking two frameworks
CN103149907B (en) Hot-redundancy CAN (Controller Area Network)-bus high-fault-tolerance control terminal and method based on dual DSPs (Digital Signal Processors)
CN100465838C (en) An Open Numerical Control System Based on Multi-CPU Parallel Processing Technology
CN103217974B (en) Spacecraft autonomous health management architecture based on comprehensive electronic platform
CN106444553B (en) A scattered acquisition drive system based on two-by-two architecture
WO2019100916A1 (en) Non-national-standard-system type turnout drive system based on double 2-vote-2 framework
CN101807076B (en) Duplication redundancy fault-tolerant high-reliability control system having synergistic warm standby function based on PROFIBUS field bus
CN104681835B (en) Double-unit backup controller of proton exchange membrane fuel cell and control method of double-unit backup controller
CN107357671A (en) A kind of fault handling method, relevant apparatus and computer
CN112666870A (en) Platform door control system and control method
CN101504540B (en) Control method for safe and intelligent I/O combination system
CN105551226A (en) Low-power consumption intelligent data acquisition box
CN101397020B (en) Intelligent acquisition drive equipment
CN101377676A (en) Double-machine backup apparatus and backup method of remote measuring and controlling system of water borne navigation aid facility
CN204695092U (en) A kind of pcs system of boron heating system
CN109188894A (en) Crusing robot and its control system and control method
CN205427464U (en) But redundant redundant control system of automatic recovery
CN206367482U (en) Multiply the two five-wire system railroad switch actuating devices for taking two frameworks based on two
CN106873356B (en) Redundancy control system capable of automatically recovering redundancy and redundancy automatic recovery method thereof
Su et al. Development and implementation of software gateways of fire fighting subsystem running on ebi

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121010

Termination date: 20131221