FPGA-based non-disruptive incremental downloading method and system for a nuclear safety class control station

By adopting an FPGA-based non-intrusive incremental download method for control stations, the problem of output failure during the upgrade of nuclear industry control stations was solved, and stable operation of online upgrades and incremental downloads was achieved, improving the reliability and security of the system.

CN119717621BActive Publication Date: 2026-06-12CHINA NUCLEAR CONTROL SYST ENG

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA NUCLEAR CONTROL SYST ENG
Filing Date
2024-12-18
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

In the field of nuclear power control, when upgrading or adding new equipment to a control station, existing technologies require stopping the entire control station from operating, resulting in output failure, and it is impossible to upgrade without disturbing the safety of the nuclear power plant.

Method used

The control station adopts an FPGA-based non-intrusive incremental download method. The incremental download package is generated by the engineer station, the maintenance interface module of the control station parses and forwards the data, the target module updates the configuration information, and automatically performs master-slave card switching when the new version of the controller is correctly configured, ensuring stable system operation.

Benefits of technology

It enables nuclear industry control stations to be upgraded or incrementally installed without affecting output, ensuring stable operation of the system under the new configuration and improving the system's reliability and safety.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN119717621B_ABST
    Figure CN119717621B_ABST
Patent Text Reader

Abstract

The application discloses a non-interference incremental downloading method and system of a nuclear safety level control station based on FPGA, relates to the field of non-interference incremental downloading design of a control station, and comprises the following steps: receiving a new version configuration on an engineer station, generating an incremental downloading package through the engineer station, executing incremental downloading, receiving the incremental downloading package by a maintenance interface module and analyzing the incremental downloading package to obtain a destination address; updating the configuration information of the maintenance interface module, a controller, an input module and an output module according to the destination address; performing incremental downloading on a target module, sending a secondary confirmation through the engineer station when the new version configuration of the controller is correctly executed, executing master-slave switching after the secondary confirmation is sent by the engineer station, executing according to the new version configuration, and outputting a bus, so that the nuclear industrial control station can be upgraded or subjected to incremental downloading, online incremental downloading can be performed without interference, and the control station can be operated according to the new configuration after the incremental downloading is completed.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of uninterrupted incremental download design for control stations, and in particular to an FPGA-based method and system for uninterrupted incremental download of nuclear safety-grade control stations. Background Technology

[0002] In the field of nuclear industry control, the requirements for system safety and reliability are very high. Instrumentation and control systems (for example...) Both the Harmony System and the Dragon Scale System have redundant controllers. The difference lies in the fact that the Dragon Core system is based on Field Programmable Gate Array (FPGA) technology, while the other two systems are based on CPU technology.

[0003] When the control station needs to be upgraded or incrementally downloaded, the entire control station must be shut down, which would cause the output to completely fail, an unacceptable situation for a nuclear power plant. Simultaneously, ensuring the output remains undisturbed and that the nuclear power plant operates safely during this process is a problem that must be addressed and solved. The Harmony system controls the slave unit in download mode, then uses an engineer station to download the data to the slave unit first, synchronously completing the application data and variable forced state of the master unit, triggering a master-slave switch. Then, the original master unit is put into download mode, and the engineer station downloads the data to the original master unit, synchronizing the new configuration application data and variable forced state of the original slave unit, before switching back to master, completing the entire controller upgrade process. The Dragonscale system currently lacks a solution and can only perform upgrades after bypassing during major nuclear power plant overhauls.

[0004] The redundant controller leverages the parallel processing capabilities of FPGA technology. Data acquisition and processing, redundant synchronization of computation, data output, and time-slotted reception and transmission on the bus are all executed in parallel within the same processing cycle. Short processing cycles and fast response times are significant advantages of FPGA-based technology. The redundant controller can automatically synchronize the configuration of the already powered controller when powered on, and can automatically synchronize the application data and variable forced state in each processing cycle. Summary of the Invention

[0005] The purpose of this application is to provide a non-disruptive incremental download method and system for nuclear safety-grade control stations based on FPGA. By using FPGA technology, it is possible to upgrade or incrementally download nuclear industrial control stations, enabling non-disruptive online incremental download and operation according to the new configuration after the incremental download is completed.

[0006] To achieve the above objectives, this application provides the following solution.

[0007] In one aspect, this application provides a non-intrusive incremental download method for a nuclear safety-grade control station based on FPGA, comprising the following steps.

[0008] In response to an upgrade request or incremental download request from the control station, the system receives a new version configuration from the engineer station; the control station includes a maintenance interface module, a controller, input modules, and output modules.

[0009] Generate incremental download packages using the engineer workstation and execute the incremental download.

[0010] The incremental download packet is received by the maintenance interface module of the control station, and the incremental download packet is parsed to obtain the destination address.

[0011] Based on the destination address, the maintenance interface module determines whether the data belongs to the maintenance interface module and obtains a first determination result. If the first determination result is yes, the incremental download package is stored in the maintenance interface module, and the configuration information of the maintenance interface module is updated. If the first determination result is no, the incremental download package is forwarded to the target module through the maintenance interface module. The target module is a controller, an input module, or an output module. After obtaining the incremental data of the incremental download package, the target module updates its configuration information.

[0012] Incremental download of the target module is performed. When the new version of the controller configuration is correctly executed, a secondary confirmation is sent through the engineering station. After the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, switching the master card to the updated slave card, and the slave card to the updated master card. The updated slave card automatically synchronizes the new version configuration, application data, and variable status information of the updated master card. After the updated slave card is initialized, the controller automatically performs a master-slave switch, switching the updated slave card to the master card and the updated master card to the slave card, executing according to the new version configuration, and outputting the bus.

[0013] Optionally, when the target module is a controller, after obtaining incremental data, the target module updates the configuration information, specifically including:

[0014] The 1st slot controller of the control station is put into maintenance mode. After receiving the incremental download package, the 1st slot controller enters the download state and completes the download of the incremental download package. The 1st slot controller is the slave card of the control station.

[0015] After the incremental download is completed, the 1-slot controller automatically synchronizes the application data and variable forced states configured in the old version of the 0-slot controller; the 0-slot controller is the master card of the control station;

[0016] After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration and the bus does not output.

[0017] The engineer can switch to the Slot 1 controller online via station monitoring to monitor the operation of the new version configuration of the Slot 1 controller;

[0018] Determine if the new version configuration is executed correctly; if the new version configuration is executed correctly, the engineer station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration is not executed correctly, control the engineer station to modify the configuration, obtain the modified new version configuration, generate a new incremental download package based on the modified new version configuration, replace the incremental download package with the new incremental download package, and return to the step of "putting the 1 slot controller of the control station into maintenance mode, and after receiving the incremental download package, the 1 slot controller enters the download state and completes the download of the incremental download package";

[0019] After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting.

[0020] When the Slot 1 controller detects that Slot 0 has been reset, it automatically performs a master-slave switch. The Slot 1 controller automatically switches to the updated master card and runs according to the new version configuration. Through the synchronization bus between the Slot 0 controller and the Slot 1 controller, the Slot 0 controller automatically synchronizes the new version configuration, as well as the application data and variable forced states under the new version.

[0021] After the 0-slot controller automatically synchronizes with the new version configuration, a master-slave switch is performed. The 0-slot controller switches from the updated slave card to the master card and operates the bus output normally according to the new version configuration. The 1-slot controller switches from the updated master card to the slave card and operates the bus output normally according to the new version configuration.

[0022] Optionally, when the target module is an input module, after obtaining incremental data, the target module updates its configuration information, specifically including:

[0023] In maintenance mode, the input module receives data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains a second determination result.

[0024] If the second judgment result is yes, the input module stores the new version configuration in the external memory and updates the channel configuration information;

[0025] If the second judgment result is negative, determine whether the data packet is an incremental completion packet to obtain the third judgment result;

[0026] If the third judgment result is yes, the input module will collect data normally according to the new version of the configured channel;

[0027] If the third judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0028] Optionally, when the target module is an output module, after obtaining the incremental data, the target module updates the configuration information, specifically including:

[0029] In maintenance mode, the output class module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains the fourth determination result;

[0030] If the fourth judgment result is yes, the output module stores the new version configuration in the external memory and updates the channel configuration information;

[0031] If the fourth judgment result is negative, determine whether the data is an incremental completion package to obtain the fifth judgment result;

[0032] If the fifth judgment result is yes, the output module is configured according to the new version, normally receives the data sent by the controller on the bus, and outputs according to the bus data update channel;

[0033] If the fifth judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0034] Optionally, forwarding the incremental download package to the target module through the maintenance interface module specifically includes: forwarding the incremental download package to the target module via broadcast through the maintenance interface module.

[0035] Secondly, this application provides an FPGA-based nuclear safety-grade control station non-intrusive incremental download system, including a control station and an engineer station; the control station includes a maintenance interface module, a controller, input modules and output modules.

[0036] The engineer station is used for: modifying the configuration to obtain a new version configuration; generating incremental download packages and performing incremental downloads.

[0037] The maintenance interface module is configured to: receive the incremental download packet and parse the incremental download packet to obtain the destination address; determine whether the data belongs to the maintenance interface module based on the destination address, and obtain a first determination result; if the first determination result is yes, store the incremental download packet in the maintenance interface module and update the configuration information of the maintenance interface module; if the first determination result is no, forward the incremental download packet to the target module through the maintenance interface module; the target module is a controller, an input module, or an output module, and after obtaining the incremental data from the incremental download packet, the target module updates its configuration information.

[0038] The engineering station is also used to: send a secondary confirmation when the new version of the controller configuration is correctly executed; after the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, the master card switches to the updated slave card, the slave card switches to the updated master card, and the updated slave card automatically synchronizes the new version configuration and the new version application data and variable status information of the updated master card; after the updated slave card is initialized, the controller automatically performs a master-slave switch, the updated slave card switches to the master card, the updated master card switches to the slave card, and executes according to the new version configuration, with bus output.

[0039] Optionally, the FPGA-based nuclear safety-grade control station non-intrusive incremental download system further includes:

[0040] The 1st slot controller of the control station is put into maintenance mode. After receiving the incremental download package, the 1st slot controller enters the download state and completes the download of the incremental download package. The 1st slot controller is the slave card of the control station.

[0041] After the incremental download is completed, the 1-slot controller automatically synchronizes the application data and variable forced states configured in the old version of the 0-slot controller; the 0-slot controller is the master card of the control station;

[0042] After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration and the bus does not output.

[0043] The engineer can switch to the Slot 1 controller online via station monitoring to monitor the operation of the new version configuration of the Slot 1 controller;

[0044] Determine if the new version configuration is executed correctly; if the new version configuration is executed correctly, the engineer station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration is not executed correctly, control the engineer station to modify the configuration, obtain the modified new version configuration, generate a new incremental download package based on the modified new version configuration, replace the incremental download package with the new incremental download package, and return to the step of "putting the 1 slot controller of the control station into maintenance mode, and after receiving the incremental download package, the 1 slot controller enters the download state and completes the download of the incremental download package";

[0045] After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting.

[0046] When the Slot 1 controller detects that Slot 0 has been reset, it automatically performs a master-slave switch. The Slot 1 controller automatically switches to the updated master card and runs according to the new version configuration. Through the synchronization bus between the Slot 0 controller and the Slot 1 controller, the Slot 0 controller automatically synchronizes the new version configuration, as well as the application data and variable forced states under the new version.

[0047] After the 0-slot controller automatically synchronizes with the new version configuration, a master-slave switch is performed. The 0-slot controller switches from the updated slave card to the master card and operates the bus output normally according to the new version configuration. The 1-slot controller switches from the updated master card to the slave card and operates the bus output normally according to the new version configuration.

[0048] Optionally, the FPGA-based nuclear safety-grade control station non-intrusive incremental download system further includes:

[0049] In maintenance mode, the input module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains a second determination result;

[0050] If the second judgment result is yes, the input module stores the new version configuration in the external memory and updates the channel configuration information;

[0051] If the second judgment result is negative, determine whether the data packet is an incremental completion packet to obtain the third judgment result;

[0052] If the third judgment result is yes, the input module will collect data normally according to the new version of the configured channel;

[0053] If the third judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0054] Optionally, the FPGA-based nuclear safety-grade control station non-intrusive incremental download system further includes:

[0055] In maintenance mode, the output module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains the fourth determination result;

[0056] If the fourth judgment result is yes, the output module stores the new version configuration in the external memory and updates the channel configuration information;

[0057] If the fourth judgment result is negative, determine whether the data is an incremental completion package to obtain the fifth judgment result;

[0058] If the fifth judgment result is yes, the output module is configured according to the new version, normally receives the data sent by the controller on the bus, and outputs according to the bus data update channel;

[0059] If the fifth judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0060] Optionally, the maintenance interface module forwards the incremental download package to the target module using a broadcast method.

[0061] According to the specific embodiments provided in this application, the following technical effects are disclosed:

[0062] This application provides a non-intrusive incremental download method and system for a nuclear safety-grade control station based on FPGA. The system receives a new version configuration on an engineer station, generates an incremental download package, and executes the incremental download. The control station's maintenance interface module receives and parses the incremental download package to obtain the destination address. Based on the destination address, the configuration information of the maintenance interface module, controller, input modules, and output modules is updated. Incremental download is performed on the target module. When the new version configuration of the controller is correctly executed, a secondary confirmation is sent through the engineer station. After the engineer station sends the secondary confirmation, the controller in the control station automatically switches between master and slave modes: the master card switches to the updated slave card, and the slave card switches to the updated master card. The updated slave card automatically synchronizes the new version configuration, application data, and variable status information of the updated master card. After the updated slave card is initialized, the controller automatically switches between master and slave modes, with the updated slave card becoming the master card and the updated master card becoming the slave card, executing according to the new version configuration and bus output. The main control, logic operation and communication functions are implemented through a hardware architecture based on FPGA technology. The stable operation of the system does not depend on the microprocessor and software. It can realize the upgrade or incremental download of nuclear industry control stations, and can perform online incremental download without interference. After the incremental download is completed, it will run according to the new configuration. Attached Figure Description

[0063] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0064] Figure 1 A flowchart illustrating a non-intrusive incremental download method for a nuclear safety-grade control station based on FPGA, provided as an embodiment of this application;

[0065] Figure 2 A schematic diagram illustrating the specific process of a non-intrusive incremental download method for a nuclear safety-grade control station based on FPGA, provided in an embodiment of this application;

[0066] Figure 3 This is a schematic diagram of a controller's non-intrusive incremental download process provided in an embodiment of this application;

[0067] Figure 4 This is a schematic diagram of the intrusive incremental download process for input modules provided in an embodiment of this application;

[0068] Figure 5This is a schematic diagram of the non-intrusive incremental download process for output modules provided in an embodiment of this application;

[0069] Figure 6 A schematic diagram of configuration V1 in the download mode or the old version that was last successfully downloaded incrementally, provided in an embodiment of this application;

[0070] Figure 7 This is a schematic diagram of incremental download of new version configuration V2 in maintenance mode provided in an embodiment of this application;

[0071] Figure 8 This is a schematic diagram of the structure of an FPGA-based nuclear safety-grade control station non-intrusive incremental download system provided in one embodiment of this application. Detailed Implementation

[0072] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of the embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.

[0073] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0074] In one exemplary embodiment, such as Figure 1 and Figure 2 As shown, a non-intrusive incremental download method for a nuclear safety-grade control station based on FPGA is provided, which includes the following steps 101 to 105.

[0075] Step 101: In response to the upgrade request or incremental download request from the control station, receive the new version configuration V2 from the engineer station; the control station includes a maintenance interface module, a controller, an input module, and an output module.

[0076] Step 102: Generate an incremental download package using the engineer's workstation and execute the incremental download.

[0077] Step 103: Receive the incremental download packet through the maintenance interface module of the control station, and parse the incremental download packet to obtain the destination address.

[0078] Step 104: Based on the destination address, determine whether the data belongs to the maintenance interface module through the maintenance interface module to obtain a first determination result; if the first determination result is yes, store the incremental download package in the maintenance interface module and update the configuration information of the maintenance interface module; if the first determination result is no, forward the incremental download package to the target module through the maintenance interface module; the target module is a controller, an input module, or an output module. After obtaining the incremental data of the incremental download package, the target module updates its configuration information.

[0079] Step 105: Incrementally download the target module. When the new version configuration of the controller is correctly executed, send a secondary confirmation through the engineering station. After the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, switching the master card to the updated slave card, and the slave card to the updated master card. The updated slave card automatically synchronizes the new version configuration, application data, and variable status information of the updated master card. After the updated slave card is initialized, the controller automatically performs a master-slave switch, switching the updated slave card to the master card and the updated master card to the slave card, executing according to the new version configuration, and outputting the bus.

[0080] By implementing steps 101 to 105 above, the main control, logic operation and communication functions are realized through a hardware architecture based on FPGA technology. The stable operation of the system does not depend on the microprocessor and software. It can realize the upgrade or incremental download of nuclear industry control stations, and can perform online incremental download without interference. After the incremental download is completed, it will run according to the new configuration.

[0081] In the distributed control system (DCS) field of nuclear industry control, when the system is running, if the control station needs to be upgraded or incrementally downloaded, the user modifies the configuration according to the application, compiles it, and then performs the incremental download operation. After the incremental download is completed, the user monitors and confirms the correctness of the new version configuration V2 on the engineer station. If it is correct, a second confirmation is made to make the new version configuration V2 effective. At the same time, during the entire incremental download process, the output modules of the control station retain the valid values ​​of the previous cycle, and the input data sent to the controller also retains the valid values ​​of the previous cycle.

[0082] In step 101, after the system is powered on and running, in maintenance mode, the control station needs to be upgraded or incrementally downloaded. The user modifies the configuration on the engineer station according to the application requirements, and the compilation is successful.

[0083] Based on the destination address, the maintenance interface module determines whether the data belongs to its own module. If so, it stores the data within the module and updates its configuration information. If it belongs to another module (controller, input module, output module), it forwards the data. Each target module then obtains the incremental data and updates its configuration information. Specifically, the maintenance interface module forwards the incremental download package to the target module via broadcast.

[0084] like Figure 3 As shown, when the target module is a controller, after the target module obtains the incremental data, it updates the configuration information. That is, the incremental download process of the controller specifically includes the following steps 201 to 209.

[0085] Step 201: Put the Slot 1 controller of the control station into maintenance mode. After receiving the incremental download package, the Slot 1 controller enters the download state and completes the download of the incremental download package. The Slot 1 controller is the slave card of the control station and operates normally via bus output.

[0086] Step 202: After the incremental download is completed, the 1 slot controller automatically synchronizes the application data and variable forced state of the old version configuration V1 of the 0 slot controller and performs synchronized data remapping; the 0 slot controller is the master card of the control station and operates normally with bus output.

[0087] Step 203: After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration V1 from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration V2, and the bus does not output.

[0088] Step 204: Switch to the Slot 1 controller via online monitoring from the engineer station to monitor the operation of the new version configuration V2 of the Slot 1 controller.

[0089] Step 205: Determine if the new version configuration V2 is executed correctly; if the new version configuration V2 is executed correctly, the engineer station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration V2 is not executed correctly, the message "Incremental failure, please check the new configuration" is displayed, and the engineer station is controlled to modify the configuration to obtain the modified new version configuration. A new incremental download package is generated based on the modified new version configuration, and the new incremental download package replaces the original incremental download package. The controller receives the new incremental download package through the maintenance interface module and returns to step 201 to continue the incremental download operation until the new version configuration is executed correctly.

[0090] Step 206: After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting.

[0091] Step 207: The Slot 1 controller determines that Slot 0 is reset and automatically performs master-slave switching. The Slot 1 controller automatically switches to the updated master card and runs according to the new version configuration V2. The Slot 0 controller switches to the updated slave card. Through the synchronization bus of the Slot 0 controller and the Slot 1 controller, the Slot 0 control station is controlled to automatically synchronize with the new version configuration V2, as well as the application data and variable forced states under the new version.

[0092] Step 208: After the 0 slot controller automatically synchronizes with the new version configuration V2, perform a master-slave switch. The 0 slot controller switches from the updated slave card to the master card and operates normally according to the new version configuration V2. The 1 slot controller switches from the updated master card to the slave card and operates normally according to the new version configuration V2.

[0093] Step 209: Complete the uninterrupted incremental download of the controller.

[0094] like Figure 4 As shown, when the target module is an input module, after obtaining incremental data, the target module updates the configuration information, specifically including the following steps 301 to 306:

[0095] Step 301: In maintenance mode, receive the data packets forwarded by the maintenance interface module through the input class module.

[0096] Step 302: Analyze and determine whether the data packet is an incremental download packet to obtain the second judgment result; if the second judgment result is yes, proceed to step 303; if the second judgment result is no, proceed to step 304.

[0097] Step 303: The input module stores the new configuration V2 version in external memory and updates the channel configuration information; the channel acquires data normally, but the bus output data is not updated. "Not updated" means that the bus output data retains the previous valid value when transmitted to the controller.

[0098] Step 304: Determine whether the data packet is an incremental completion packet to obtain a third determination result; if the third determination result is yes, proceed to step 305; if the third determination result is no, proceed to step 306.

[0099] Step 305: The input modules are configured to collect data normally according to the new version V2 channel, and the bus updates and sends the collected data in real time, i.e., transmits it to the controller; incremental completion.

[0100] Step 306: If the data packet is a maintenance data packet, then the operation is performed according to the maintenance data packet. The channel collects data normally, and the bus updates and sends data in real time according to the collected data, that is, it transmits the data to the controller.

[0101] like Figure 5As shown, when the target module is an output module, after the target module obtains incremental data, it updates the configuration information, specifically including the following steps 401 to 406.

[0102] Step 401: In maintenance mode, receive the data packets forwarded by the maintenance interface module through the output class module.

[0103] Step 402: Analyze and determine whether the data packet is an incremental download packet to obtain the fourth judgment result; if the fourth judgment result is yes, proceed to step 403; if the fourth judgment result is no, proceed to step 404.

[0104] Step 403: The output module stores the new version configuration V2 in the external memory and updates the channel configuration information; it normally receives data sent by the controller on the bus, but the channel output remains unchanged, that is, the output has a calibration value from the previous cycle.

[0105] Step 404: Determine whether the data is an incremental completion package to obtain the fifth determination result; if the fifth determination result is yes, proceed to step 405; if the fifth determination result is no, proceed to step 406.

[0106] Step 405: The output module is configured according to the new version V2, normally receives the data sent by the controller on the bus, and updates the channel output according to the bus data;

[0107] Step 406: If the data packet is a maintenance data packet, then perform the operation according to the maintenance data packet, normally receive the data sent by the controller on the bus, and update the channel output according to the bus data.

[0108] After the engineering station sends a second confirmation, the 0 slot controller is reset and automatically synchronizes the new version configuration V2 for slot 1, as well as the application data and variable status information of V2. After initialization, it switches to the main card and executes according to the new version configuration V2, with bus output. At this point, the uninterrupted incremental download of the entire control station is complete.

[0109] The following is combined Figure 6 and Figure 7 This application provides a further explanation of the FPGA-based non-intrusive incremental download method for nuclear safety-grade control stations.

[0110] The first step is to power on the system. In maintenance mode, the control station operates normally according to the old version configuration V1. The control station includes one maintenance interface module, two controllers, one input module (DI module) (channel 1 enabled), and one output module (DO module) (channel 1 enabled). The algorithm logic is executed, with DI assigning values ​​to the DO output. The old version configuration V1 diagram is as follows: Figure 6 .

[0111] The engineering station communicates with the maintenance interface module via M-NET, while the maintenance interface module, controller, and input / output modules within the control station communicate via M-BUS. Redundant controllers are synchronized via S-LINK, and controllers and input / output modules communicate via L-BUS.

[0112] The second step involves the user performing DI input redundancy processing according to their needs. This involves adding a DI module (channel 1 enabled), executing the algorithm logic, assigning the values ​​of the two DIs to the DO output after passing through an AND gate, and then compiling. The old version configuration V1 diagram is as follows: Figure 7 .

[0113] The third step involves the engineer station generating an incremental download package for the control station, including the relocation list in slot 1 controller and the mapping list with the old version, as well as the algorithm logic configuration; adding an incremental package for the first channel of the DI module and performing incremental download.

[0114] The fourth step is for the maintenance interface module in the control station to obtain the incremental data packets sent by the engineer station and parse the destination address.

[0115] Step 5: If it is an incremental download package for a 1-slot controller (slave card), perform incremental download and do not output on the bus; if it is an incremental download package for a newly added DI module, perform incremental download.

[0116] Step 6: After all the incremental download packages for the control station generated by the engineer station have been downloaded, send the incremental completion package.

[0117] Step 7: After receiving the incremental completion package, the maintenance interface module broadcasts the incremental download completion package.

[0118] Step 8: When the slot 1 controller receives the incremental download completion package, it loads and initializes the new version configuration V2. After completion, it automatically synchronizes the application data and variable forced states of the old version configuration V1 in slot 0 according to the old version's mapping list, and the bus does not output. When the newly added DI module receives the incremental download completion package, it loads the configuration and completes the initialization. After that, channel 1 collects DI data and sends it to the controller on the bus. All redundant controllers on the bus can receive it.

[0119] Step 9: The engineer switches the online monitoring to monitor the Slot 1 controller, checks whether the two DI variables are correct, and whether the result of the logical AND of the two DI variables is correct. If they are not correct, the incremental configuration fails. If they are correct, the incremental configuration is correct, and the engineer station can perform a secondary confirmation operation by sending a reset frame to the Slot 0 controller.

[0120] Step 10: After receiving the reset frame, the 0 slot controller performs a reset (no heartbeat, no bus output). The 1 slot controller will determine that the card is not in place, automatically switch master and slave, switch the slave card to master card, execute according to the new version configuration V2, and output bus, that is, the new version configuration V2 takes effect.

[0121] Step 11: After the 0 slot controller is reset, it automatically synchronizes with the new version V2 configuration of the 1 slot controller via the synchronization bus. After initialization, it executes according to the new version V2 configuration and adds output to the bus. The 0 slot is switched back to the master card, and the 1 slot is switched to the slave card.

[0122] At this point, the uninterrupted incremental download of the entire control station is complete.

[0123] The FPGA-based non-intrusive incremental download method for nuclear safety-grade control stations provided in this application has high reliability, integrity, determinism, sustainability, and economy:

[0124] Determinism: FPGA chips implement the security functions of a trusted system in a purely hardware circuit manner, and the execution of hardware circuits is more deterministic than the execution of software and operating systems.

[0125] Reliability: After compilation and incremental download by the engineering station, there is no need for manual reset of the Slot 1 controller. The new version V2 configuration of the Slot 1 controller is downloaded and the original configuration application logic variables are forced to synchronize. After ensuring that the new version V2 configuration is executed correctly, a second manual confirmation operation is performed to ensure the safety and reliability of the system. The Slot 0 controller automatically synchronizes with the new version V2 configuration of the Slot 1 controller. The process is simple and reliable.

[0126] Sustainability and cost-effectiveness: FPGA logic code and register-level designs written in hardware description languages ​​can be ported to new FPGA chips with only adaptive modifications, thus preserving the investment in software design to the greatest extent.

[0127] Based on the same inventive concept, this application also provides an FPGA-based nuclear safety-grade control station uninterrupted incremental download system for implementing the aforementioned FPGA-based nuclear safety-grade control station uninterrupted incremental download method. The solution provided by this system is similar to the implementation scheme described in the above method. Therefore, the specific limitations of one or more FPGA-based nuclear safety-grade control station uninterrupted incremental download system embodiments provided below can be found in the limitations of the FPGA-based nuclear safety-grade control station uninterrupted incremental download method described above, and will not be repeated here.

[0128] In one exemplary embodiment, such as Figure 8 As shown, a nuclear safety-grade control station non-intrusive incremental download system based on FPGA is provided, including a control station and an engineer station; the control station includes a maintenance interface module, a controller, input modules and output modules.

[0129] The engineer station is used to: modify the configuration to obtain the new version configuration V2; generate incremental download packages and perform incremental downloads.

[0130] The maintenance interface module is configured to: receive the incremental download packet and parse the incremental download packet to obtain the destination address; determine whether the data belongs to the maintenance interface module based on the destination address, and obtain a first determination result; if the first determination result is yes, store the incremental download packet in the maintenance interface module and update the configuration information of the maintenance interface module; if the first determination result is no, forward the incremental download packet to the target module through the maintenance interface module; the target module is a controller, an input module, or an output module, and after obtaining the incremental data from the incremental download packet, the target module updates its configuration information.

[0131] The engineering station is also used to: send a secondary confirmation when the new version configuration V2 of the controller is correctly executed; after the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, the master card is switched to the updated slave card, the slave card is switched to the updated master card, and the updated slave card automatically synchronizes the new version configuration and the new version application data and variable status information of the updated master card; after the updated slave card is initialized, the controller automatically performs a master-slave switch, the updated slave card is switched to the master card, the updated master card is switched to the slave card, and the new version configuration is executed, with bus output.

[0132] As an optional implementation method, the uninterrupted incremental download process for the controller is as follows:

[0133] The 1st slot controller of the control station is put into maintenance mode. After receiving the incremental download package, the 1st slot controller enters the download state and completes the download of the incremental download package. The 1st slot controller is the slave card of the control station.

[0134] After the incremental download is completed, the 1-slot controller automatically synchronizes the application data and variable forced states configured in the old version of the 0-slot controller; the 0-slot controller is the master card of the control station;

[0135] After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration V2, and the bus does not output.

[0136] The engineer can switch to the Slot 1 controller online via station monitoring to monitor the operation of the new version V2 configuration of the Slot 1 controller.

[0137] Determine if the new version configuration V2 is executed correctly; if the new version configuration V2 is executed correctly, the engineer station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration V2 is not executed correctly, the engineer station is controlled to modify the configuration to obtain the modified new version configuration, and a new incremental download package is generated based on the modified new version configuration. The new incremental download package replaces the original incremental download package, and the process returns to the step of "putting the 1 slot controller of the control station into maintenance mode. After receiving the incremental download package, the 1 slot controller enters the download state and completes the download of the incremental download package".

[0138] After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting.

[0139] When the 1-slot controller detects that the 0-slot is reset, it automatically performs a master-slave switch. The 1-slot controller automatically switches to the updated master card and runs according to the new version configuration V2. Through the synchronization bus between the 0-slot controller and the 1-slot controller, the 0-slot controller automatically synchronizes the new version configuration V2, as well as the application data and variable forced states under the new version.

[0140] After the 0 slot controller automatically synchronizes with the new version V2 configuration, a master-slave switch is performed. The 0 slot controller switches from the updated slave card to the master card and operates the bus output normally according to the new version V2 configuration. The 1 slot controller switches from the updated master card to the slave card and operates the bus output normally according to the new version V2 configuration.

[0141] The FPGA-based nuclear safety-grade control station non-intrusive incremental download system further includes: in maintenance mode, the input module receives data packets forwarded by the maintenance interface module, parses and determines whether the data packet is an incremental download packet, and obtains a second determination result; if the second determination result is yes, the input module stores the new version configuration V2 in external memory and updates the channel configuration information; if the second determination result is no, it determines whether the data packet is an incremental completion packet, and obtains a third determination result; if the third determination result is yes, the input module collects data normally according to the new version configuration V2 channel; if the third determination result is no, the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0142] The FPGA-based nuclear safety-grade control station non-intrusive incremental download system further includes: In maintenance mode, the output module receives data packets forwarded by the maintenance interface module, parses and determines whether the data packet is an incremental download packet, and obtains a fourth determination result; if the fourth determination result is yes, the output module stores the new version configuration V2 in external memory and updates the channel configuration information; if the fourth determination result is no, it determines whether the data is an incremental completion packet, and obtains a fifth determination result; if the fifth determination result is yes, the output module normally receives data sent by the controller on the bus according to the new version configuration V2, and updates the channel output according to the bus data; if the fifth determination result is no, the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

[0143] The maintenance interface module forwards the incremental download package to the target module using a broadcast method.

[0144] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.

[0145] This document uses specific examples to illustrate the principles and implementation methods of this application. The descriptions of the above embodiments are only for the purpose of helping to understand the methods and core ideas of this application. Furthermore, those skilled in the art will recognize that, based on the ideas of this application, there will be changes in the specific implementation methods and application scope. Therefore, the content of this specification should not be construed as a limitation of this application.

Claims

1. A non-intrusive incremental download method for a nuclear safety-grade control station based on FPGA, characterized in that, The FPGA-based non-intrusive incremental download method for nuclear safety-grade control stations includes: In response to an upgrade request or incremental download request from the control station, the system receives a new version configuration from the engineer station; the control station includes a maintenance interface module, a controller, input modules, and output modules. Generate incremental download packages using the engineer workstation and execute the incremental download; The incremental download packet is received through the maintenance interface module of the control station, and the incremental download packet is parsed to obtain the destination address; Based on the destination address, the maintenance interface module determines whether the data belongs to it and obtains a first determination result. If the first determination result is yes, the incremental download package is stored in the maintenance interface module, and the configuration information of the maintenance interface module is updated. If the first determination result is no, the incremental download package is forwarded to the target module through the maintenance interface module. The target module is a controller, an input module, or an output module. After obtaining the incremental data from the incremental download package, the target module updates its configuration information. When the target module is a controller, after obtaining the incremental data, the target module updates its configuration information, specifically including: The 1st slot controller of the control station is put into maintenance mode. After receiving the incremental download package, the 1st slot controller enters the download state and completes the download of the incremental download package. The 1st slot controller is the slave card of the control station. After the incremental download is completed, the slot 1 controller automatically synchronizes the application data and variable forced states configured in the old version of the slot 0 controller; the slot 0 controller is the master card of the control station; After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration and the bus does not output. The engineer can switch to the Slot 1 controller online via station monitoring to monitor the operation of the new version configuration of the Slot 1 controller; Determine if the new version configuration is executed correctly; if the new version configuration is executed correctly, the engineer station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration is not executed correctly, the engineer station is controlled to modify the configuration to obtain the modified new version configuration, and a new incremental download package is generated based on the modified new version configuration. The new incremental download package replaces the original incremental download package, and the process returns to the step of "Putting the 1 slot controller of the control station into maintenance mode. After receiving the incremental download package, the 1 slot controller enters the download state and completes the download of the incremental download package". After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting. When the Slot 1 controller detects that Slot 0 has been reset, it automatically performs a master-slave switch. The Slot 1 controller automatically switches to the updated master card and runs according to the new version configuration. Through the synchronization bus between the Slot 0 controller and the Slot 1 controller, the Slot 0 controller automatically synchronizes the new version configuration, as well as the application data and variable forced states under the new version. After the 0 slot controller automatically synchronizes the new version configuration, a master-slave switch is performed. The 0 slot controller switches from the updated slave card to the master card and runs the bus output normally according to the new version configuration. The 1 slot controller switches from the updated master card to the slave card and runs the bus output normally according to the new version configuration. Incremental download of the target module is performed. When the new version of the controller configuration is correctly executed, a secondary confirmation is sent through the engineering station. After the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, switching the master card to the updated slave card, and the slave card to the updated master card. The updated slave card automatically synchronizes the new version configuration, application data, and variable status information of the updated master card. After the updated slave card is initialized, the controller automatically performs a master-slave switch, switching the updated slave card to the master card and the updated master card to the slave card, executing according to the new version configuration, and outputting the bus. In distributed control systems in the nuclear industry, when the system is running, if the control station needs to be upgraded or incrementally downloaded, the user modifies the configuration according to the application, compiles it, and then performs the incremental download operation. After the incremental download is completed, the user monitors and confirms the correctness of the new version configuration V2 on the engineer station. If it is correct, a second confirmation is made to make the new version configuration V2 effective. At the same time, during the entire incremental download process, the output modules of the control station retain the valid values ​​of the previous cycle, and the input data sent to the controller also retains the valid values ​​of the previous cycle.

2. The FPGA-based method for non-intrusive incremental downloading of nuclear safety-grade control stations according to claim 1, characterized in that, When the target module is an input module, after obtaining incremental data, the target module updates its configuration information, specifically including: In maintenance mode, the input module receives data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains a second determination result. If the second judgment result is yes, the input module stores the new version configuration in the external memory and updates the channel configuration information; If the second judgment result is negative, determine whether the data packet is an incremental completion packet to obtain the third judgment result; If the third judgment result is yes, the input module will collect data normally according to the new version of the configured channel; If the third judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

3. The FPGA-based method for non-intrusive incremental downloading of nuclear safety-grade control stations according to claim 1, characterized in that, When the target module is an output module, after obtaining incremental data, the target module updates its configuration information, specifically including: In maintenance mode, the output class module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains the fourth determination result; If the fourth judgment result is yes, the output module stores the new version configuration in the external memory and updates the channel configuration information; If the fourth judgment result is negative, determine whether the data is an incremental completion package to obtain the fifth judgment result; If the fifth judgment result is yes, the output module is configured according to the new version, normally receives the data sent by the controller on the bus, and outputs according to the bus data update channel; If the fifth judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

4. The FPGA-based method for non-intrusive incremental downloading of nuclear safety-grade control stations according to claim 1, characterized in that, The incremental download package is forwarded to the target module through the maintenance interface module, specifically including: The incremental download package is forwarded to the target module via broadcast through the maintenance interface module.

5. A non-intrusive incremental download system for a nuclear safety-grade control station based on FPGA, characterized in that, The FPGA-based nuclear safety-grade control station non-intrusive incremental download system includes a control station and an engineer station; the control station includes a maintenance interface module, a controller, input modules, and output modules. The engineering station is used for: modifying the configuration to obtain a new version configuration; generating incremental download packages and performing incremental downloads. The maintenance interface module is used to: receive the incremental download packet and parse the incremental download packet to obtain the destination address; Based on the destination address, the maintenance interface module determines whether the data belongs to the maintenance interface module and obtains a first determination result. If the first determination result is yes, the incremental download package is stored in the maintenance interface module, and the configuration information of the maintenance interface module is updated. If the first determination result is no, the incremental download package is forwarded to the target module through the maintenance interface module. The target module is a controller, an input module, or an output module. After obtaining the incremental data of the incremental download package, the target module updates its configuration information. The 1st slot controller of the control station is put into maintenance mode. After receiving the incremental download package, the 1st slot controller enters the download state and completes the download of the incremental download package. The 1st slot controller is the slave card of the control station. After the incremental download is completed, the slot 1 controller automatically synchronizes the application data and variable forced states configured in the old version of the slot 0 controller; the slot 0 controller is the master card of the control station; After the Slot 1 controller automatically synchronizes the application data and variable forced states of the old version configuration from the Slot 0 controller, the Slot 1 controller runs according to the new version configuration and the bus does not output. The engineer can switch to the Slot 1 controller online via station monitoring to monitor the operation of the new version configuration of the Slot 1 controller; Determine if the new version configuration is executed correctly; If the new version configuration is executed correctly, the engineering station performs a second confirmation and sends a reset frame to the 0 slot controller; if the new version configuration is not executed correctly, the control engineering station modifies the configuration to obtain the modified new version configuration, generates a new incremental download package based on the modified new version configuration, replaces the incremental download package with the new incremental download package, and returns to the step of "putting the 1 slot controller of the control station into maintenance mode, and after receiving the incremental download package, the 1 slot controller enters the download state and completes the download of the incremental download package"; After the 0 slot controller receives the reset frame, it performs a reset, and the bus stops outputting. When the Slot 1 controller detects that Slot 0 has been reset, it automatically performs a master-slave switch. The Slot 1 controller automatically switches to the updated master card and runs according to the new version configuration. Through the synchronization bus between the Slot 0 controller and the Slot 1 controller, the Slot 0 controller automatically synchronizes the new version configuration, as well as the application data and variable forced states under the new version. After the 0 slot controller automatically synchronizes the new version configuration, a master-slave switch is performed. The 0 slot controller switches from the updated slave card to the master card and runs the bus output normally according to the new version configuration. The 1 slot controller switches from the updated master card to the slave card and runs the bus output normally according to the new version configuration. The engineering station is also used for: sending a secondary confirmation when the new version of the controller configuration is correctly executed; after the engineering station sends the secondary confirmation, the controller in the control station automatically performs a master card switch, the master card switches to the updated slave card, the slave card switches to the updated master card, and the updated slave card automatically synchronizes the new version configuration and the new version application data and variable status information of the updated master card; after the updated slave card is initialized, the controller automatically performs a master-slave switch, the updated slave card switches to the master card, the updated master card switches to the slave card, and executes according to the new version configuration, with bus output; In distributed control systems in the nuclear industry, when the system is running, if the control station needs to be upgraded or incrementally downloaded, the user modifies the configuration according to the application, compiles it, and then performs the incremental download operation. After the incremental download is completed, the user monitors and confirms the correctness of the new version configuration V2 on the engineer station. If it is correct, a second confirmation is made to make the new version configuration V2 effective. At the same time, during the entire incremental download process, the output modules of the control station retain the valid values ​​of the previous cycle, and the input data sent to the controller also retains the valid values ​​of the previous cycle.

6. The FPGA-based nuclear safety-grade control station non-intrusive incremental download system according to claim 5, characterized in that, The FPGA-based nuclear safety-grade control station non-intrusive incremental download system also includes: In maintenance mode, the input module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains a second determination result; If the second judgment result is yes, the input module stores the new version configuration in the external memory and updates the channel configuration information; If the second judgment result is negative, determine whether the data packet is an incremental completion packet to obtain the third judgment result; If the third judgment result is yes, the input module will collect data normally according to the new version of the configured channel; If the third judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

7. The FPGA-based nuclear safety-grade control station non-intrusive incremental download system according to claim 5, characterized in that, The FPGA-based nuclear safety-grade control station non-intrusive incremental download system also includes: In maintenance mode, the output module receives the data packets forwarded by the maintenance interface module, parses and determines whether the data packets are incremental download packets, and obtains the fourth determination result; If the fourth judgment result is yes, the output module stores the new version configuration in the external memory and updates the channel configuration information; If the fourth judgment result is negative, determine whether the data is an incremental completion package to obtain the fifth judgment result; If the fifth judgment result is yes, the output module is configured according to the new version, normally receives the data sent by the controller on the bus, and outputs according to the bus data update channel; If the fifth judgment result is negative, then the data packet is a maintenance data packet, and the operation is performed according to the maintenance data packet.

8. The FPGA-based nuclear safety-grade control station non-intrusive incremental download system according to claim 5, characterized in that, The maintenance interface module forwards the incremental download package to the target module via broadcast.