[go: up one dir, main page]

CN102420020A - A digital safety interlock system for a magnetic confinement nuclear fusion experimental device - Google Patents

A digital safety interlock system for a magnetic confinement nuclear fusion experimental device Download PDF

Info

Publication number
CN102420020A
CN102420020A CN2011103500250A CN201110350025A CN102420020A CN 102420020 A CN102420020 A CN 102420020A CN 2011103500250 A CN2011103500250 A CN 2011103500250A CN 201110350025 A CN201110350025 A CN 201110350025A CN 102420020 A CN102420020 A CN 102420020A
Authority
CN
China
Prior art keywords
module
safety interlocking
nuclear fusion
redundant
experimental device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011103500250A
Other languages
Chinese (zh)
Inventor
吴一纯
郑剑香
缪惠芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen University
Original Assignee
Xiamen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen University filed Critical Xiamen University
Priority to CN2011103500250A priority Critical patent/CN102420020A/en
Publication of CN102420020A publication Critical patent/CN102420020A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E30/00Energy generation of nuclear origin
    • Y02E30/10Nuclear fusion reactors

Landscapes

  • Safety Devices In Control Systems (AREA)

Abstract

The invention relates to a magnetic confinement nuclear fusion experimental device, in particular to a digital safety interlocking system of the magnetic confinement nuclear fusion experimental device. The invention relates to a digital safety interlocking system of a magnetic confinement nuclear fusion experimental device, which comprises a circuit: the microcontroller module at least comprises a Flash memory and an Ethernet interface circuit and is responsible for detecting the real-time state of each safety interlocking subsystem of the nuclear fusion experimental device, storing fault log information of the safety interlocking subsystems and carrying out network communication; the programmable logic circuit module is electrically connected with the microcontroller module and each subsystem of the nuclear fusion experimental device, at least comprises an input logic and register, a control logic circuit, an output register and a buffer register read-write control circuit, is realized by adopting a Programmable Logic Device (PLD), and is responsible for acquiring the running state and fault signals of each safety interlocking subsystem of the nuclear fusion experimental device and processing the signals; and the power supply module is used for supplying power to the system. The invention is applied to the safety interlocking protection and on-line monitoring of the magnetic confinement nuclear fusion experimental device.

Description

一种磁约束核聚变实验装置的数字化安全联锁系统A digital safety interlock system for a magnetic confinement nuclear fusion experimental device

技术领域 technical field

本发明涉及磁约束核聚变实验装置,尤其涉及磁约束核聚变实验装置的数字化安全联锁系统。 The invention relates to a magnetic confinement nuclear fusion experimental device, in particular to a digital safety interlock system of the magnetic confinement nuclear fusion experimental device.

背景技术 Background technique

安全联锁系统是大型磁约束核聚变实验装置(如:托卡马克装置、仿星器等)控制系统的重要组成部分。磁约束核聚变实验装置的安全联锁系统包括安全系统和联锁系统,在各个子系统间建立起保护系统和故障处理的联动机制,最大程度地预防和回避风险,保障磁约束核聚变实验装置的安全运行以及实验的顺利进行。安全联锁系统的主要任务是协调核聚变实验装置各安全联锁子系统(如水冷系统、真空系统、低温系统等)的保护逻辑关系,确定安全联锁系统应对故障风险的保护逻辑,统一提供人身、装置和环境的安全保护。 The safety interlock system is an important part of the control system of large-scale magnetic confinement nuclear fusion experimental devices (such as: tokamak device, stellarator, etc.). The safety interlocking system of the magnetic confinement nuclear fusion experimental device includes a safety system and an interlocking system. A linkage mechanism for protection systems and fault handling is established between various subsystems to prevent and avoid risks to the greatest extent, and to ensure the safety of the magnetic confinement nuclear fusion experimental device. The safe operation and the smooth progress of the experiment. The main task of the safety interlock system is to coordinate the protection logic relationship of each safety interlock subsystem (such as water cooling system, vacuum system, cryogenic system, etc.) Safety protection of person, device and environment.

现有的磁约束核聚变实验装置的安全联锁系统一般以可编程逻辑控制器(PLC)或工业控制计算机加接口板卡的方式构建。例如孙晓阳、罗家融、季振山、吴一纯等人在《核技术》第31卷第4期于2008年4月发表的文章“EAST 安全巡检与联锁保护系统设计与实现”,吴一纯、季振山、孙晓阳等人在《原子能科学技术》第45卷第2期于2011年2月发表的“EAST安全联锁监管系统设计”,均公开了以可编程逻辑控制器(PLC)实现的安全联锁系统;以工业控制计算机加接口板卡的方式本领域的人可以查阅相关资料获知,这里不再赘述。以上两种方式均基于微型控制器或微型计算机,以软件处理的方法来实现安全联锁功能,具体是通过软件程序获取、分析各子系统的状态信号,并根据该状态信号判断子系统是否故障,进而判断是否对子系统采取相应的保护措施。该安全联锁系统主要优点是:1.可选择的可编程逻辑控制器、工业控制计算机的输入输出接口板卡门类齐全,且有丰富的软件API函数可供调用;2. 网络通信功能强大,有利于远程监控;3. 可靠性高,工业级可编程逻辑控制器和工业控制计算机适合在磁约束核聚变装置的工业环境中使用,功能强、设备故障率低。 The safety interlock system of the existing magnetic confinement nuclear fusion experimental device is generally constructed by means of a programmable logic controller (PLC) or an industrial control computer plus an interface board. For example, Sun Xiaoyang, Luo Jiarong, Ji Zhenshan, Wu Yichun and others published the article "Design and Implementation of EAST Safety Inspection and Interlock Protection System" in the fourth issue of Volume 31 of "Nuclear Technology" in April 2008. Wu Yichun, Ji Zhenshan, Sun Xiaoyang, etc. "EAST Safety Interlock Supervision System Design" published in "Atomic Energy Science and Technology" Volume 45 No. 2 in February 2011, all disclosed the safety interlock system realized by programmable logic controller (PLC); Those skilled in the art can refer to related materials to know the way of adding an interface board to an industrial control computer, so it will not be repeated here. Both of the above two methods are based on microcontrollers or microcomputers, and use software processing methods to realize the safety interlock function. Specifically, the software program is used to obtain and analyze the status signals of each subsystem, and judge whether the subsystem is faulty or not according to the status signals. , and then determine whether to take corresponding protection measures for the subsystem. The main advantages of the safety interlock system are: 1. The optional programmable logic controller and the input and output interface boards of the industrial control computer are complete, and there are rich software API functions for calling; 2. The network communication function is powerful, It is conducive to remote monitoring; 3. High reliability, industrial-grade programmable logic controllers and industrial control computers are suitable for use in the industrial environment of magnetic confinement nuclear fusion devices, with strong functions and low equipment failure rate.

但上述安全联锁系统具有以下缺点:1. 该安全联锁系统是使用软件处理的方法来实现,以顺序执行的方式运行控制算法,系统响应时间不确定(PLC方式中尤为明显),系统响应时间较长;2. 因软件存在共因故障的问题,故而该安全联锁系统不易满足核聚变实验装置特殊的冗余和多样性的设计要求,不利于纵深防御策略的实施。 However, the above-mentioned safety interlock system has the following disadvantages: 1. The safety interlock system is realized by using software processing, and the control algorithm is run in a sequential execution mode, and the system response time is uncertain (especially in the PLC mode), and the system response It takes a long time; 2. Due to the problem of common cause failure in the software, the safety interlock system is not easy to meet the special redundancy and diversity design requirements of the nuclear fusion experimental device, which is not conducive to the implementation of the defense-in-depth strategy.

发明内容 Contents of the invention

本发明所要解决的技术方案是,提供一种基于可编程逻辑器件(PLD)和微控制器(MCU)的针对磁约束核聚变实验装置的数字化安全联锁系统,采用纯硬件控制逻辑来实现安全联锁功能的并行处理,克服现有安全联锁系统的响应时间不确定的问题,并采用纵深防御技术满足核聚变实验装置特殊的冗余和多样性的需要。 The technical solution to be solved by the present invention is to provide a digital safety interlock system for magnetic confinement nuclear fusion experimental devices based on programmable logic devices (PLD) and microcontrollers (MCU), using pure hardware control logic to achieve safety The parallel processing of the interlocking function overcomes the problem of uncertain response time of the existing safety interlocking system, and adopts the defense-in-depth technology to meet the special redundancy and diversity needs of the nuclear fusion experimental device.

为解决上述技术问题,本发明所采用的技术方案是:一种磁约束核聚变实验装置的数字化安全联锁系统,其电路包括: In order to solve the above-mentioned technical problems, the technical solution adopted in the present invention is: a digital safety interlock system of a magnetic confinement nuclear fusion experimental device, the circuit of which includes:

一微控制器模块,至少包括Flash存储器、以太网接口电路,负责对核聚变实验装置各安全联锁子系统的实时状态进行检测,对安全联锁子系统的故障日志信息进行保存,以及网络通信; A microcontroller module, including at least Flash memory and Ethernet interface circuit, responsible for detecting the real-time status of each safety interlock subsystem of the nuclear fusion experimental device, saving the fault log information of the safety interlock subsystem, and network communication ;

一可编程逻辑电路模块,与微控制器模块和核聚变实验装置各安全联锁子系统电连接,其至少包括输入逻辑与寄存器、控制逻辑电路、输出寄存器、缓冲寄存器读写控制电路,采用可编程逻辑器件PLD实现,负责获取核聚变实验装置各安全联锁子系统的运行状态和故障信号并对该信号进行处理; A programmable logic circuit module is electrically connected to the microcontroller module and the safety interlock subsystems of the nuclear fusion experimental device, which at least includes input logic and registers, control logic circuits, output registers, and buffer registers. Realization of programming logic device PLD, which is responsible for obtaining the operating status and fault signals of each safety interlock subsystem of the nuclear fusion experimental device and processing the signals;

一电源模块,为系统供电。 A power supply module for supplying power to the system.

进一步的,为了适应核聚变实验室的恶劣的电磁和辐射环境,所述可编程逻辑器件PLD是现场可编程门阵列FPGA或复杂可编程逻辑器件CPLD。 Further, in order to adapt to the harsh electromagnetic and radiation environment of the nuclear fusion laboratory, the programmable logic device PLD is a field programmable gate array FPGA or a complex programmable logic device CPLD.

进一步的,为了满足核聚变实验装置特殊的冗余和多样性的设计要求,所述微控制器模块采用双冗余微控制器模块,所述可编程逻辑电路模块采用四冗余可编程逻辑电路模块。 Further, in order to meet the special redundancy and diversity design requirements of the nuclear fusion experimental device, the microcontroller module adopts a dual-redundant microcontroller module, and the programmable logic circuit module adopts a quad-redundant programmable logic circuit module.

进一步的,为实现系统的多样性,所述双冗余微控制器模块是采用不同厂家、不同型号、不同设计方法、相同功能的两个微控制器模块;所述四冗余可编程逻辑电路模块是采用不同厂家、不同型号、不同设计方法、相同功能的四个可编程逻辑电路模块。 Further, in order to realize the diversity of the system, the said dual-redundancy micro-controller module is two micro-controller modules with different manufacturers, different models, different design methods, and the same function; the four-redundancy programmable logic circuit The modules are four programmable logic circuit modules with different manufacturers, different models, different design methods and the same function.

进一步的,为确保系统与核聚变实验装置各安全联锁子系统的时间同步,所述双冗余微控制器模块均内置IEEE 1588精确网络时钟同步协议。 Further, in order to ensure the time synchronization between the system and the safety interlock subsystems of the nuclear fusion experimental device, the dual redundant micro-controller modules have built-in IEEE 1588 precise network clock synchronization protocol.

进一步的,经过四冗余可编程逻辑电路模块并行运算后的中间输出信号还经过一表决电路模块,所述表决电路模块电连接于所述四冗余可编程逻辑电路模块、所述双冗余微控制器模块和核聚变实验装置各安全联锁子系统,所述表决电路模块至少包括表决逻辑、输出寄存器、缓冲存储器读写控制电路,所述表决电路模块将经过四冗余可编程逻辑电路模块并行运算后的中间输出信号通过表决判断后传输给双冗余微控制器模块和核聚变实验装置的安全联锁子系统。 Further, the intermediate output signal after the parallel operation of the four redundant programmable logic circuit modules also passes through a voting circuit module, and the voting circuit module is electrically connected to the four redundant programmable logic circuit modules, the dual redundant Each safety interlock subsystem of the microcontroller module and the nuclear fusion experimental device, the voting circuit module at least includes a voting logic, an output register, and a buffer memory read and write control circuit, and the voting circuit module will pass through four redundant programmable logic circuits The intermediate output signal after the parallel operation of the module is judged by voting and then transmitted to the dual redundant microcontroller module and the safety interlock subsystem of the nuclear fusion experimental device.

进一步的,为了适应核聚变实验室的恶劣的电磁和辐射环境,所述表决电路模块采用现场可编程门阵列FPGA或复杂可编程逻辑器件CPLD实现。 Further, in order to adapt to the harsh electromagnetic and radiation environment of the nuclear fusion laboratory, the voting circuit module is realized by a field programmable gate array FPGA or a complex programmable logic device CPLD.

进一步的,为了便于系统检修维护,表决电路模块采用2/4表决逻辑。 Further, in order to facilitate system maintenance, the voting circuit module adopts 2/4 voting logic.

进一步的,为了满足安全联锁系统硬件设备电源的安全稳定,所述电源模块采用双冗余结构,由充电电池及充电管理电路模块、直流电源电路模块组成。 Further, in order to satisfy the safety and stability of the power supply of the hardware equipment of the safety interlock system, the power supply module adopts a dual redundant structure, and is composed of a rechargeable battery, a charging management circuit module, and a DC power supply circuit module.

本发明采用上述结构,与现有技术相比,具有以下优势: The present invention adopts the above structure, and compared with the prior art, it has the following advantages:

1 本发明的可编程逻辑电路模块和表决电路模块采用可编程逻辑器件PLD实现,系统响应速度快,响应时间确定; 1 The programmable logic circuit module and the voting circuit module of the present invention are realized by the programmable logic device PLD, the system responds quickly and the response time is determined;

2 本发明采用纯硬件控制逻辑来实现,无需软件程序的参与,避免了由于软件错误导致的共因故障,并简化了系统结构、开发和验证的过程; 2. The present invention is realized by using pure hardware control logic without the participation of software programs, avoiding common cause failures caused by software errors, and simplifying the process of system structure, development and verification;

3 本发明采用双冗余微控制器模块和四冗余可编程逻辑电路模块,且双冗余微控制器模块和四冗余可编程逻辑电路模块均采用不同厂家、不同型号设计的方式,遵守了冗余和多样性的原则,提高了系统的纵深防御能力,有利于系统检修; 3 The present invention adopts dual-redundant micro-controller modules and four-redundant programmable logic circuit modules, and the dual-redundant microcontroller modules and four-redundant programmable logic circuit modules are all designed by different manufacturers and different models. The principle of redundancy and diversity is improved, the defense-in-depth capability of the system is improved, and it is conducive to system maintenance;

4 本发明的硬件电路描述分别采用硬件描述语言(VHDL和Verilog HDL)和原理图进行描述,基于硬件描述语言的PLD设计可以很方便的移植到其它PLD中,从而有效地克服了由于器件淘汰过时而无法维护的问题; 4. The hardware circuit description of the present invention is described by using hardware description language (VHDL and Verilog HDL) and schematic diagram respectively, and the PLD design based on the hardware description language can be easily transplanted to other PLDs, thus effectively overcoming the obsolescence due to the elimination of components. problems that cannot be maintained;

5 本发明的微控制器模块具有以太网接口电路,通过网络与安装于中央控制室的工作站通讯,向工作站提供核聚变实验装置各安全联锁子系统的实时在线状态和故障日志信息,便于操作员监控和查询分析; 5 The microcontroller module of the present invention has an Ethernet interface circuit, communicates with the workstation installed in the central control room through the network, and provides the workstation with real-time online status and fault log information of each safety interlock subsystem of the nuclear fusion experimental device, which is convenient for operation personnel monitoring and query analysis;

6 本发明的双冗余微控制器模块,均内置IEEE 1588精确网络时钟同步协议,可以与核聚变实验装置的中央时间同步,确保与装置的所有安全联锁子系统保持时刻同步,带有精确时间戳的故障日志信息对操作员准确判断装置安全联锁子系统故障是非常必要的; 6 The dual-redundant microcontroller modules of the present invention have built-in IEEE 1588 precise network clock synchronization protocol, which can be synchronized with the central time of the nuclear fusion experimental device to ensure time synchronization with all safety interlock subsystems of the device, with precise The time-stamped fault log information is very necessary for the operator to accurately judge the fault of the safety interlock subsystem of the device;

7 本发明采用双冗余的电源电路模块和双冗余的MCU电路模块,有效提高了系统电源和网络通信的可靠性。 7 The present invention adopts dual redundant power supply circuit modules and dual redundant MCU circuit modules, which effectively improves the reliability of system power supply and network communication.

附图说明 Description of drawings

图1是本发明的磁约束核聚变实验装置的数字化安全联锁系统原理框图。 Fig. 1 is a schematic block diagram of the digital safety interlock system of the magnetic confinement nuclear fusion experimental device of the present invention.

具体实施方式 Detailed ways

现结合附图和具体实施方式对本发明进一步说明。 The present invention will be further described in conjunction with the accompanying drawings and specific embodiments.

如图1所示,本发明的最佳实施例,一种磁约束核聚变实验装置的数字化安全联锁系统,其电路包括:双冗余微控制器模块1、四冗余可编程逻辑电路模块2、表决电路模块3、双冗余电源模块4。 As shown in Figure 1, the best embodiment of the present invention is a digital safety interlock system of a magnetic confinement nuclear fusion experimental device, and its circuit includes: dual redundant microcontroller modules 1, four redundant programmable logic circuit modules 2. Voting circuit module 3. Dual redundant power supply module 4.

其中,所述双冗余微控制器模块1,由主微控制器模块11和从微控制器模块12组成,主微控制器模块11和从微控制器模块12具有相同结构,至少包括Flash存储器、以太网接口电路,所述主微控制器模块11和从微控制器模块12均内置IEEE 1588精确网络时钟同步协议,所述主微控制器模块11负责对核聚变实验装置各安全联锁子系统的实时状态进行检测,对安全联锁子系统的故障日志信息进行保存,以及网络通信,从微控制器模块12负责监控主微控制器模块11的运行状态,当主微控制器模块11出现故障,从微控制器模块12自动切换到控制状态,并发出报警信号,所述从微控制器模块12替代微控制器模块11对核聚变实验装置各安全联锁子系统的实时状态进行检测,对安全联锁子系统的故障日志信息进行保存,以及网络通信;  Wherein, the dual redundant microcontroller module 1 is made up of a master microcontroller module 11 and a slave microcontroller module 12, the master microcontroller module 11 and the slave microcontroller module 12 have the same structure, at least including a Flash memory 1. Ethernet interface circuit, the master microcontroller module 11 and the slave microcontroller module 12 have built-in IEEE 1588 precise network clock synchronization protocol, and the master microcontroller module 11 is responsible for each safety interlocking sub-unit of the nuclear fusion experimental device The real-time status of the system is detected, the fault log information of the safety interlock subsystem is preserved, and network communication is carried out. The slave microcontroller module 12 is responsible for monitoring the operating status of the main microcontroller module 11. When the main microcontroller module 11 fails , the slave microcontroller module 12 automatically switches to the control state, and sends an alarm signal, and the slave microcontroller module 12 replaces the microcontroller module 11 to detect the real-time status of each safety interlock subsystem of the nuclear fusion experimental device, and to Save the fault log information of the safety interlock subsystem and communicate with the network;

所述四冗余可编程逻辑电路模块2,由第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24组成,所述第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24分别与微控制器模块1、表决电路3和核聚变实验装置各安全联锁子系统电连接,至少包括输入逻辑与寄存器、控制逻辑电路、输出寄存器、缓冲寄存器读写控制电路,采用可编程逻辑器件PLD实现,负责获取核聚变实验装置各安全联锁子系统的运行状态和故障信号并对该信号进行处理;  The four redundant programmable logic circuit modules 2 are composed of a first programmable logic circuit module 21, a second programmable logic circuit module 22, a third programmable logic circuit module 23, and a fourth programmable logic circuit module 24, The first programmable logic circuit module 21, the second programmable logic circuit module 22, the third programmable logic circuit module 23, and the fourth programmable logic circuit module 24 are respectively connected with the microcontroller module 1, the voting circuit 3 and the core Each safety interlock subsystem of the fusion experiment device is electrically connected, at least including input logic and registers, control logic circuits, output registers, and buffer register read and write control circuits. The operating status and fault signal of the lock subsystem and process the signal;

所述表决电路模块3电连接于所述四冗余可编程逻辑电路模块2、所述双冗余微控制器模块1和核聚变实验装置各安全联锁子系统,所述表决电路模块3至少包括表决逻辑、输出寄存器、缓冲存储器读写控制电路,所述表决电路模块3将经过四冗余可编程逻辑电路模块2并行运算后的中间输出信号通过表决判断后传输给双冗余微控制器模块1和核聚变实验装置的安全联锁子系统,所述表决电路模块3采用2/4表决逻辑; The voting circuit module 3 is electrically connected to the four redundant programmable logic circuit module 2, the dual redundant microcontroller module 1 and each safety interlock subsystem of the nuclear fusion experimental device, and the voting circuit module 3 is at least Including voting logic, output register, buffer memory read and write control circuit, said voting circuit module 3 transmits the intermediate output signal after the parallel operation of four redundant programmable logic circuit modules 2 to the dual redundant microcontroller after voting judgment Module 1 and the safety interlock subsystem of the nuclear fusion experimental device, the voting circuit module 3 adopts 2/4 voting logic;

所述双冗余电源模块4,包括充电电池及充电管理电路模块41、直流电源电路模块42,为系统供电。 The dual redundant power supply module 4 includes a rechargeable battery, a charging management circuit module 41, and a DC power supply circuit module 42 to provide power for the system.

为了便于维护检修和定期试验,上述单元电路模块采用标准机箱尺寸设计,并支持热插拔功能。 In order to facilitate maintenance, overhaul and regular tests, the above-mentioned unit circuit modules are designed with standard chassis sizes and support hot-swappable functions.

为了适应核聚变实验室恶劣的电磁和辐射环境,为了提高可编程逻辑器件PLD抵御高能粒子轰击时可能发生的损坏或瞬时效应(即单粒子反转SEU),四冗余可编程逻辑电路模块2和表决电路模块3采用基于Flash/Antifuse的现场可编程门阵列FPGA或基于Flash/EEPROM的复杂可编程逻辑器件CPLD。 In order to adapt to the harsh electromagnetic and radiation environment of the nuclear fusion laboratory, in order to improve the protection of the programmable logic device PLD from damage or transient effects that may occur when the bombardment of high-energy particles (that is, single-event inversion SEU), four redundant programmable logic circuit modules 2 And voting circuit module 3 adopts Field Programmable Gate Array FPGA based on Flash/Antifuse or complex programmable logic device CPLD based on Flash/EEPROM.

下面具体说明本发明的数字化安全联锁系统在实际实验中的应用: The application of digital safety interlocking system of the present invention in actual experiment is specified below:

该数字化安全联锁系统的软件程序安装于中央监控室的工作站上,并通过双冗余微控制器模块1的以太网接口电路与工作站网络连接,运行于工作站上的软件程序提供友好的可视化界面,可以方便的监控数字化安全联锁系统各信号的输入输出状态,并可查询数字化安全联锁系统提交的故障日志信息,便于操作员分析。 The software program of the digital safety interlocking system is installed on the workstation in the central monitoring room, and is connected to the workstation network through the Ethernet interface circuit of the dual redundant microcontroller module 1, and the software program running on the workstation provides a friendly visual interface , can conveniently monitor the input and output status of each signal of the digital safety interlock system, and can query the fault log information submitted by the digital safety interlock system, which is convenient for the operator to analyze.

四冗余可编程逻辑电路模块2接收来自核聚变实验装置各安全联锁子系统的运行状态和故障信号,该运行状态和故障信号是逻辑电平信号或时钟脉冲信号,各信号根据具体的含义以及所造成的危害程度被划分为多个故障级别,例如:安全联锁子系统的软硬件不能正常执行系统的控制或检测功能为普通故障、对系统安全和人身安全产生中等危险的故障为二级故障、对系统安全和人身安全产生非常危险的故障为一级故障等。根据核聚变实验装置各安全联锁子系统现场的实际情况,若现场的每个安全联锁子系统可提供四冗余的运行状态和故障信号,则四冗余的安全联锁子系统运行状态和故障信号经电气隔离后分别接入四冗余可编程逻辑电路模块2的第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24,若现场无法提供四冗余的运行状态和故障信号,则将单一的运行状态和故障信号经电气隔离后并联分别接入四冗余可编程逻辑电路模块2的第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24。前一种方式可靠性高,但需要四冗余的彼此相互独立的安全联锁子系统运行状态和故障信号以及四路独立的信号传输线路,系统成本高;后一种方式成本低,但可靠性不如前一种方式。本实施例以四冗余的安全联锁子系统运行状态和故障信号为例,所述四冗余的安全联锁子系统运行状态和故障信号接入四冗余可编程逻辑电路模块2的四个可编程逻辑电路模块后,首先通过输入逻辑与寄存器,进入控制逻辑电路,控制逻辑电路根据状态信所述的故障级别以及各信号之间特定的逻辑关系对这些信号进行并行处理。 The four-redundant programmable logic circuit module 2 receives the operating status and fault signals from each safety interlock subsystem of the nuclear fusion experimental device. The operating status and fault signals are logic level signals or clock pulse signals, and each signal depends on the specific meaning And the degree of harm caused is divided into multiple fault levels, for example: the software and hardware of the safety interlock subsystem cannot normally perform the control or detection function of the system is a common fault, and the fault that causes moderate danger to system safety and personal safety is a second fault. Class-1 faults, faults that are very dangerous to system safety and personal safety are class-1 faults, etc. According to the actual situation of each safety interlock subsystem of the nuclear fusion experimental device, if each safety interlock subsystem on site can provide four redundant operation status and fault signals, then the operation status of the four redundant safety interlock subsystem and the fault signal are respectively connected to the first programmable logic circuit module 21, the second programmable logic circuit module 22, the third programmable logic circuit module 23, and the fourth programmable logic circuit module 2 of the four redundant programmable logic circuit module 2 after being electrically isolated. If the programming logic circuit module 24 cannot provide four redundant operation statuses and fault signals on the spot, then the single operation status and fault signals are electrically isolated and then connected in parallel to the first programmable logic circuit module 2 of the four redundancy modules 2 respectively. A programmable logic circuit module 21 , a second programmable logic circuit module 22 , a third programmable logic circuit module 23 , and a fourth programmable logic circuit module 24 . The former method has high reliability, but requires four redundant mutually independent safety interlock subsystems running status and fault signals and four independent signal transmission lines, and the system cost is high; the latter method is low in cost but reliable Sex is not as good as the former way. In this embodiment, the operating state and fault signal of the four-redundant safety interlock subsystem are taken as an example. The operating state and fault signal of the four-redundant safety interlock subsystem are connected to four After a programmable logic circuit module, first enter the control logic circuit through the input logic and register, and the control logic circuit processes these signals in parallel according to the fault level described in the status signal and the specific logic relationship between each signal.

经过四冗余可编程逻辑电路模块2处理后的安全联锁子系统的运行状态和故障信号,作为中间输出信号,经过输出寄存器、接入表决电路模块3。表决电路模块3的表决逻辑对中间输出信号进行2/4表决判断,并将经过表决判断后的中间输出信号经过输出寄存器,生成输出信号,输出信号经过电气隔离和驱动后通过光纤或电缆送往核聚变实验装置各安全联锁子系统,起到联锁保护的功能。上述2/4表决是在正常情况下进行的,如果四冗余可编程逻辑模块2的第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24的其中任一模块由于检修等原因被拔出,则表决电路模块3的2/4表决逻辑自动切换成2/3表决。如果四冗余可编程逻辑模块2的其中两个模块被拔出,则表决电路模块3自动切换成1/2表决。此时,如果四冗余可编程逻辑模块2再有模块被拔出,则表决电路模块3发出保护和报警信号。在表决电路模块3的表决逻辑输出发生变化时,系统将自动记录经过四冗余可编程逻辑电路模块2后的中间输出信号,以便分析四冗余可编程逻辑模块2的第一可编程逻辑电路模块21、第二可编程逻辑电路模块22、第三可编程逻辑电路模块23、第四可编程逻辑电路模块24的状态。 The operating status and fault signals of the safety interlock subsystem processed by the four-redundant programmable logic circuit module 2 are used as intermediate output signals, and are connected to the voting circuit module 3 through the output register. The voting logic of the voting circuit module 3 performs 2/4 voting judgment on the intermediate output signal, and passes the intermediate output signal after the voting judgment through the output register to generate an output signal, and the output signal is electrically isolated and driven and then sent to the Each safety interlock subsystem of the nuclear fusion experimental device plays the function of interlock protection. The above-mentioned 2/4 voting is carried out under normal circumstances, if the first programmable logic circuit module 21, the second programmable logic circuit module 22, the third programmable logic circuit module 23, If any module of the fourth programmable logic circuit module 24 is pulled out due to reasons such as maintenance, the 2/4 voting logic of the voting circuit module 3 is automatically switched to 2/3 voting. If two of the four redundant programmable logic modules 2 are pulled out, the voting circuit module 3 is automatically switched to 1/2 voting. At this time, if any module of the quad-redundant programmable logic module 2 is pulled out, the voting circuit module 3 sends out protection and alarm signals. When the voting logic output of the voting circuit module 3 changes, the system will automatically record the intermediate output signal after passing through the quad-redundant programmable logic circuit module 2, so as to analyze the first programmable logic circuit of the quad-redundant programmable logic module 2 The state of the module 21 , the second programmable logic circuit module 22 , the third programmable logic circuit module 23 , and the fourth programmable logic circuit module 24 .

正常情况下,双冗余微控制器模块1的主微控制器模块11处于值班状态,负责对核聚变实验装置各安全联锁子系统的实时状态进行检测,对安全联锁子系统的故障日志信息进行保存,以及网络通信,从微控制器模块12负责监控主微控制器模块11的运行状态,当主微控制器模块11出现故障,从微控制器模块12自动切换到控制状态,并发出报警信号,所述从微控制器模块12替代微控制器模块11对核聚变实验装置各安全联锁子系统的实时状态进行检测,对安全联锁子系统的故障日志信息进行保存,以及网络通信。双冗余微控制器模块1的主微控制器模块11或从微控制器模块12通过表决电路模块3的缓冲存储器读写控制电路,读取其输出寄存器的输出信号,也可以通过四冗余可编程逻辑模块2的第一可编程逻辑电路模块21或第二可编程逻辑电路模块22或第三可编程逻辑电路模块23或第四可编程逻辑电路模块24的缓冲存储器读写控制电路,读取其输入逻辑与寄存器的状态信号或输出寄存器的中间输出信号,并通过主微控制器模块11或从微控制器12的以太网接口电路将上述信号以及记录的日志信息发送给工作站,从而达到实时监控的目的。同时主微控制器模块11或从微控制器12的Flash存储器用于本地存储数字化安全联锁系统检测到的核聚变实验装置各安全联锁子系统的故障日志信息,确保在网络通信中断的情况下,仍然可以准确及时记录故障日志。另外,由于不同的核聚变实验使用的安全联锁子系统不同,那些暂时不参加核聚变实验的安全联锁子系统往往处于停机状态,可通过主微控制器模块11或从微控制器12将这些不参加核聚变实验的安全联锁子系统的安全联锁信号旁路掉,具体是主微控制器模块11或从微控制器12通过四冗余可编程逻辑电路模块2的缓冲存储器读写控制电路,对输入逻辑与寄存器进行读操作来获取各安全联锁子系统的运行状态和故障信号,对输入逻辑与寄存器进行写操作来旁路某个安全联锁子系统的状态信号。另外,主微控制器模块11和从微控制器12均内置IEEE 1588精确网络时钟同步协议,可以与核聚变实验装置的中央时间同步,确保与装置的所有安全联锁子系统保持时刻同步。带有精确时间戳的故障日志信息对操作员准确判断装置安全联锁子系统故障是非常必要的。 Under normal circumstances, the main microcontroller module 11 of the dual redundant microcontroller module 1 is on duty, responsible for detecting the real-time status of each safety interlock subsystem of the nuclear fusion experimental device, and checking the fault log of the safety interlock subsystem Information is preserved, and network communication, is responsible for monitoring the running status of master microcontroller module 11 from microcontroller module 12, when master microcontroller module 11 fails, automatically switches to control state from microcontroller module 12, and sends an alarm signal, the slave microcontroller module 12 replaces the microcontroller module 11 to detect the real-time status of each safety interlock subsystem of the nuclear fusion experimental device, save the fault log information of the safety interlock subsystem, and communicate through the network. The main microcontroller module 11 of the dual redundant microcontroller module 1 or the slave microcontroller module 12 can read and write the control circuit through the buffer memory of the voting circuit module 3, and read the output signal of its output register, and can also pass through four redundant The first programmable logic circuit module 21 of the programmable logic module 2 or the second programmable logic circuit module 22 or the third programmable logic circuit module 23 or the buffer memory read and write control circuit of the fourth programmable logic circuit module 24, read Get the state signal of its input logic and register or the intermediate output signal of the output register, and send the above-mentioned signal and recorded log information to the workstation through the main microcontroller module 11 or from the Ethernet interface circuit of the microcontroller 12, so as to achieve for real-time monitoring purposes. Simultaneously main micro-controller module 11 or from the Flash memory of micro-controller 12 are used for the failure log information of each safety interlock subsystem of the nuclear fusion experiment device that the digital safety interlock system detects locally, guarantee in the situation that network communication is interrupted Under this condition, the fault log can still be recorded accurately and timely. In addition, due to the different safety interlock subsystems used in different nuclear fusion experiments, those safety interlock subsystems that do not participate in nuclear fusion experiments for the time being are often in a shutdown state, which can be controlled by the main microcontroller module 11 or from the microcontroller 12 The safety interlock signal of the safety interlock subsystem that does not participate in the nuclear fusion experiment is bypassed, specifically the main microcontroller module 11 or the slave microcontroller 12 through the buffer memory read and write control circuit of the four redundant programmable logic circuit module 2 , read the input logic and registers to obtain the operating status and fault signals of each safety interlock subsystem, and write the input logic and registers to bypass the status signal of a certain safety interlock subsystem. In addition, both the master microcontroller module 11 and the slave microcontroller module 12 have a built-in IEEE 1588 precise network clock synchronization protocol, which can be synchronized with the central time of the nuclear fusion experimental device to ensure that it is always synchronized with all safety interlock subsystems of the device. The fault log information with accurate time stamp is very necessary for the operator to accurately judge the fault of the safety interlock subsystem of the device.

双冗余电源模块4为本发明的设备提供了安全稳定的供电,在直流电源正常供电的情况下,设备电源自动选择直流电源电路模块42来供电,同时对充电电池及充电管理电路模块41的充电电池进行充电管理;在失去直流电源后,由电源多路选择器自动无缝转换到充电电池及充电管理电路模块41的充电电池供电,充电电池的供电时间应超过核聚变实验装置各安全联锁子系统的安全停机所需的最长时间要求;在重新获得直流电源之后,再由电源多路选择器自动无缝转换到直流电源电路模块42来供电,并对充电电池进行充电管理。优选的,充电电池选用锂电池。 The dual redundant power supply module 4 provides safe and stable power supply for the equipment of the present invention. When the DC power supply is normally powered, the equipment power supply automatically selects the DC power supply circuit module 42 to supply power, and at the same time, the rechargeable battery and the charging management circuit module 41 are powered. The rechargeable battery is used for charging management; after the DC power supply is lost, the power multiplexer automatically and seamlessly switches to the rechargeable battery and the rechargeable battery of the charging management circuit module 41 for power supply. The maximum time required for the safe shutdown of the lock subsystem; after the DC power is regained, the power multiplexer automatically and seamlessly switches to the DC power circuit module 42 for power supply, and the rechargeable battery is charged and managed. Preferably, the rechargeable battery is a lithium battery.

本发明除了使用硬件有效的克服系统内部的共因故障问题,采用双冗余的微控制器模块、四冗余的可编程逻辑电路模块和双冗余的电源模块实现了冗余原则,同时还具备了多样性原则:对四冗余的可编程逻辑电路模块,分别采用不同厂家的可编程逻辑器件、不同的硬件电路描述方法、不同的开发工具等措施设计;双冗余的微控制器模块分别采用不同厂家的微控制器和网络接口电路;双冗余的电源模块分别采用直流电源电路和充电电池电路。 In addition to using hardware to effectively overcome the common cause failure problem inside the system, the present invention adopts dual-redundant micro-controller modules, four-redundant programmable logic circuit modules and double-redundant power supply modules to realize the principle of redundancy. Possesses the principle of diversity: for the four-redundant programmable logic circuit modules, the programmable logic devices of different manufacturers, different hardware circuit description methods, different development tools and other measures are used to design; the dual-redundant microcontroller module Microcontrollers and network interface circuits from different manufacturers are used respectively; the dual redundant power supply modules use DC power supply circuits and rechargeable battery circuits respectively.

尽管结合优选实施方案具体展示和介绍了本发明,但所属领域的技术人员应该明白,在不脱离所附权利要求书所限定的本发明的精神和范围内,在形式上和细节上可以对本发明做出各种变化,均为本发明的保护范围。   Although the present invention has been particularly shown and described in conjunction with preferred embodiments, it will be understood by those skilled in the art that changes in form and details may be made to the present invention without departing from the spirit and scope of the invention as defined by the appended claims. Making various changes is within the protection scope of the present invention. the

Claims (9)

1. the digital safety interlocking system of a magnetic confinement nuclear fusion experimental provision is characterized in that, its circuit comprises:
One micro controller module comprises Flash storer, ethernet interface circuit at least, is responsible for the real-time status of each safety interlocking subsystem of nuclear fusion experimental device is detected, the fault log information of safety interlocking subsystem is preserved and network service,
One PLD module; Be electrically connected with micro controller module and each safety interlocking subsystem of nuclear fusion experimental device; It comprises input logic and register, control logic circuit, output register, buffer register read-write control circuit at least; Adopt PLD PLD to realize, be responsible for obtaining running status and the fault-signal of each safety interlocking subsystem of nuclear fusion experimental device and this signal is handled
One power module is system's power supply.
2. digital safety interlocking system according to claim 1 is characterized in that: said PLD PLD is on-site programmable gate array FPGA or complex programmable logic device (CPLD).
3. digital safety interlocking system according to claim 1 is characterized in that: said micro controller module adopts two redundant micro controller modules to form, and said PLD module adopts four redundant PLD modules to form.
4. digital safety interlocking system according to claim 3 is characterized in that: said two all built-in IEEE 1588 precision net clock synchronization protocol of redundant micro controller module.
5. digital safety interlocking system according to claim 3 is characterized in that: said two redundant micro controller modules are two micro controller modules that adopt different manufacturers, different model, different designs method, identical function; Said four redundant PLD modules are to adopt four PLD modules of different manufacturers, different model, different designs method, identical function.
6. according to claim 3 or 4 or 5 described digital safety interlocking systems; It is characterized in that: through the output signal after the four redundant PLD module concurrent operations also through a voting circuit module; Said voting circuit module is electrically connected on said four redundant PLD modules, said two redundant micro controller modules and each safety interlocking subsystem of nuclear fusion experimental device; Said voting circuit module comprises voting logic, output register, memory buffer read-write control circuit at least, is transferred to the safety interlocking subsystem of two redundant micro controller modules and nuclear fusion experimental device after said voting circuit module will be judged through voting through the output signal after the four redundant PLD module concurrent operations.
7. digital safety interlocking system according to claim 6 is characterized in that: said voting circuit module adopts on-site programmable gate array FPGA or complex programmable logic device (CPLD) to realize.
8. digital safety interlocking system according to claim 6 is characterized in that: said voting circuit module adopts 2/4 voting logic.
9. digital safety interlocking system according to claim 1 is characterized in that: said power module adopts two redundancy structures, is made up of rechargeable battery and charge management circuit module, DC power supply circuit module.
CN2011103500250A 2011-11-08 2011-11-08 A digital safety interlock system for a magnetic confinement nuclear fusion experimental device Pending CN102420020A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011103500250A CN102420020A (en) 2011-11-08 2011-11-08 A digital safety interlock system for a magnetic confinement nuclear fusion experimental device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011103500250A CN102420020A (en) 2011-11-08 2011-11-08 A digital safety interlock system for a magnetic confinement nuclear fusion experimental device

Publications (1)

Publication Number Publication Date
CN102420020A true CN102420020A (en) 2012-04-18

Family

ID=45944382

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011103500250A Pending CN102420020A (en) 2011-11-08 2011-11-08 A digital safety interlock system for a magnetic confinement nuclear fusion experimental device

Country Status (1)

Country Link
CN (1) CN102420020A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112230610A (en) * 2020-09-16 2021-01-15 中国科学院合肥物质科学研究院 Network system of helium low-temperature control system
CN112366007A (en) * 2020-11-11 2021-02-12 核工业西南物理研究院 Personal safety interlocking system for tokamak device
CN116066248A (en) * 2022-10-11 2023-05-05 中国核动力研究设计院 Nuclear power plant diesel generator set unloading instruction generation device and method
CN116430791A (en) * 2023-04-13 2023-07-14 西北核技术研究所 A safety interlocking method for a pulse power device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2139734Y (en) * 1992-10-24 1993-08-04 宁波市卫生防疫站 Ray safety interlocker
CN1289127A (en) * 2000-11-10 2001-03-28 清华大学 Digital reactor protecting system based on parallel hardware and software treatment
JP2002014703A (en) * 2000-06-29 2002-01-18 Toshiba Corp Plant controller
US6463339B1 (en) * 1999-09-27 2002-10-08 Rockwell Automation Technologies, Inc. High reliability industrial controller using tandem independent programmable gate-arrays
CN201259624Y (en) * 2008-03-31 2009-06-17 德阳市同佳环保科技有限责任公司 PLC controlled ray chamber safety interlocking system
WO2011111620A1 (en) * 2010-03-10 2011-09-15 株式会社東芝 Control device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2139734Y (en) * 1992-10-24 1993-08-04 宁波市卫生防疫站 Ray safety interlocker
US6463339B1 (en) * 1999-09-27 2002-10-08 Rockwell Automation Technologies, Inc. High reliability industrial controller using tandem independent programmable gate-arrays
JP2002014703A (en) * 2000-06-29 2002-01-18 Toshiba Corp Plant controller
CN1289127A (en) * 2000-11-10 2001-03-28 清华大学 Digital reactor protecting system based on parallel hardware and software treatment
CN201259624Y (en) * 2008-03-31 2009-06-17 德阳市同佳环保科技有限责任公司 PLC controlled ray chamber safety interlocking system
WO2011111620A1 (en) * 2010-03-10 2011-09-15 株式会社東芝 Control device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
吴一纯等: "EAST安全联锁监管系统设计", 《原子能科学技术》, vol. 45, no. 2, 28 February 2011 (2011-02-28), pages 250 - 256 *
孙晓阳等: "EAST安全巡检与联锁保护系统设计与实现", 《核技术》, vol. 31, no. 4, 30 April 2008 (2008-04-30), pages 293 - 297 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112230610A (en) * 2020-09-16 2021-01-15 中国科学院合肥物质科学研究院 Network system of helium low-temperature control system
CN112366007A (en) * 2020-11-11 2021-02-12 核工业西南物理研究院 Personal safety interlocking system for tokamak device
CN112366007B (en) * 2020-11-11 2023-01-24 核工业西南物理研究院 A personal safety interlock system for a tokamak device
CN116066248A (en) * 2022-10-11 2023-05-05 中国核动力研究设计院 Nuclear power plant diesel generator set unloading instruction generation device and method
CN116430791A (en) * 2023-04-13 2023-07-14 西北核技术研究所 A safety interlocking method for a pulse power device

Similar Documents

Publication Publication Date Title
CN103217974B (en) Spacecraft autonomous health management architecture based on comprehensive electronic platform
CN103235591B (en) A kind of online fault filling method combined based on hardware and software direct fault location
CN103149907B (en) Hot-redundancy CAN (Controller Area Network)-bus high-fault-tolerance control terminal and method based on dual DSPs (Digital Signal Processors)
CN103390936B (en) Substation secondary device remote reboot system
CN201909961U (en) Redundancy control system
CN106444553B (en) A scattered acquisition drive system based on two-by-two architecture
CN103425553B (en) Duplicated hot-standby system and method for detecting faults of duplicated hot-standby system
CN103529820A (en) Fault injection testing system and testing method applied to embedded equipment
CN102073284B (en) Dual-computer redundant embedded control system suitable for nuclear industrial robot
CN103955188A (en) Control system and method supporting redundancy switching function
CN102331786A (en) A dual computer cold backup system for attitude and orbit control
CN201936169U (en) Central redundancy control system for shielding door of rail transportation station
CN106740991A (en) It is a kind of to be based on two and multiply two four/six line turnout drive systems for taking two frameworks
CN102420020A (en) A digital safety interlock system for a magnetic confinement nuclear fusion experimental device
CN105760241A (en) Exporting method and system for memory data
CN109031131B (en) The real-time host system of the heterogeneous polynuclear of battery testing and analog meter and method
CN103744743A (en) Heartbeat signal redundant configuration method based on RAC model of database
CN103116285A (en) Double central processing unit (CPU) unibus computer system for deep space probe
CN106740992A (en) It is a kind of to be based on two and multiply the two five-wire system turnout drive systems for taking two frameworks
CN104461811B (en) A kind of classification, with different levels spacecraft single-particle soft error protection system system
CN204990103U (en) Novel two take advantage of two to get two trusted computer system
CN100498733C (en) Method for implementing control of computer fault alarm
CN101794241A (en) Circuit of power-on reset of triple redundancecy fault-tolerance computer based on programmable logic device
CN202230386U (en) Circuit system automatic control oriented fault injection system
CN107565520A (en) A kind of dc circuit breaker principal and subordinate cooperative control method and control system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120418