32 results about "Common mode failure" patented technology

The Advanced Logic System (ALS) is a complete control system architecture, based on a hardware platform rather than a software-based microprocessor system. It is significantly different from other PLC-type control system architectures, by implementing a FPGA in the central control unit. Standard FPGA logic circuits are used rather than a software-based microprocessor which eliminate problems with software based microprocessor systems, such as software common-mode failures. It provides a highly reliable system suitable for safety critical control systems, including nuclear plant protection systems. The system samples process inputs, provides for digital bus communications, applies a control logic function, and provides for controlled outputs. The architecture incorporates advanced features such as diagnostics, testability, and redundancy on multiple levels. It additionally provides significant improvements in failure detection, isolation, and mitigation for the highest level of integrity and reliability.

The invention relates to a method and system for improving reliability of emergency power supplies of a nuclear power plant. At least one path of high-capacity battery energy storage system (fixed energy storage system and/or movable energy storage system) is used to supplement or replace final emergency power supplies of a nuclear power plant. When all existing emergency power supplies of the nuclear power plant fail, the system is started to supply power for equipment in an emergency plant of the nuclear power plant so as to keep discharging waste heat of reactor cores and cooling spent fuel pools of the nuclear power plant, thus ensuring the safety of the nuclear power station. The method and system provided by the invention can be used for resisting against extreme weathers and avoiding common mode failure of the emergency power supplies in the extreme weathers, can strength the reliability of the emergency power supplies of the nuclear power plant and can at least reduce the melting probability of reactor cores by 21.6%, thereby improving the integral nuclear safety level of the nuclear power plant.

The invention provides a computer interlocking system and a redundancy switching method thereof. The system includes an interlocking subsystem. The interlocking subsystem contains an interlocking I system and an interlocking II system which are the same and are interconnected. Each of the interlocking I system and the interlocking II system includes two CPUs which are the same in hardware and adopt task-level synchronization. The two CPUs respectively run executable files generated by compiling the same program code by different compilers. According to the system, heterogeneous software/hardware and program running starting times with a fixed difference are adopted to reduce occurrence probability of common-mode faults, development difficulty is reduced while the common-mode faults are reduced, production efficiency is improved, and reducing of requirements of debugging and maintenance is realized.

An electrically actuated braking system for an aircraft, comprising: an electro-mechanical brake actuator (EMAbrake) proximate a wheel of the aircraft, the EMAbrake including a motor; an electro-mechanical actuator controller (EMAC) including a first motor controller for generating a first drive signal for the EMAbrake, and a second motor controller for generating a second drive signal for the EMAbrake, wherein the first motor controller and the second motor controller are dissimilar so as to provide protection against common mode failure of the first and second motor controllers.

Provided is a plant protection system, which determines initiation of protective actions for the plant, and more particularly to the plant protection system including four channels which controls systems that shut down the plant or mitigate consequences of abnormal conditions of the plant by detecting non-permissible plant conditions with the result of bistable logic comparing process parameters with their setpoints assigned to each channel. Accordingly, common mode failure and cyber security vulnerability caused by software are removed since the system is composed of FPGA and other types of hardware without central processing units and software in determining the initiation of plant protective actions.

The invention provides a nuclear power station diversity protective system hardware architecture based on field programmable gate array (FPGA), aims at solving the technical problem to avoid potential risks caused by software common mode failure, and belongs to the industrial automatic control field. The architecture is characterized in that a card piece comprises an analogy quantity input card, a logical processing card, a digital quantity input/output card and a communication card, the card piece respectively uses the FPGA as a logical processing component, the analogy quantity input card and the digital quantity input/output card respectively carry out data transmission through a signal transmission line and the logical processing card, and the analogy quantity input card, the digital quantity input/output card, the logical processing card, an upper computer and display equipment respectively carry out the data transmission through the signal transmission line and the communication card. The architecture solves the problem of the potential risks brought about by the software common mode failure, and improves reliability of a nuclear power station instrument control system. Simultaneously, self diagnosis, real-time monitor, parameter setting and online channel test of the card piece can be carried out, and flexible card piece arrangement can ensure expandability and integrity of a whole hardware platform.

A UAV and its power system, and a system for minimizing UAV failure. The UAV power system has a propulsion propeller, which is arranged at the rear end of the UAV; the traction propeller which is arranged at the front end of the UAV; either the traction propeller or the propulsion propeller is the main propeller while the other is the backup one; when the UAV is in the level flight stage, at least one of the traction propeller and the propulsion propeller is in the working state; and the driving component which is used to drive the propulsion propeller and the traction propeller. The UAV power system provided by the disclosure is provided with a traction propeller and a propulsion propeller, respectively, to improve the failure redundancy and reduce the safety deficiency of the probability of common mode failure (CMF).

The invention discloses a software common mode failure detection system of a nuclear power station security level DCS. The software common mode failure detection system comprises a software control system sending a software control signal and a hardware control system sending a hardware control signal, wherein the software control system and the hardware control system are respectively in selection card connection with a receiving signal in anoptimization selection card mode. The optimization selection card is connected with a controlled device. The software control system and the hardware control system are further respectively connected with a common mode failure detection module which detects whether the software control system is correct or not. The common mode failure detection module is connected with the optimization selection card. According to the software common mode failure detection system of the nuclear power station security level DCS and the control method of the common mode failure detection software system of the nuclear power station security level DCS, correctness of the software control system is firstly judged, then with the basis, correctness of the hardware control system is judged, and correct output of the optimization selection card is guaranteed. The common mode failure detection module can detect the software control system in a real-time mode, and therefore the failure of the software control signal and the failure of the hardware control signal can be found out in a real-time mode, and changing-over can be carried out timely.

The invention discloses an equipment multipath instruction control method and a preferable control instruction output device of a nuclear power station, and aims at solving the technical problems that in the prior art onsite equipment is in error control when a DCS has faults and emits an error control signal to the onsite equipment and a DCS platform of the present safety level is incapable of cancelling the error instruction of the DCS. The method comprises that S1) when a control system of the nuclear power station runs, multipath instructions emitted by the control system are received; S2) whether the digital control system has a common-mode fault is determined to obtain a determination result; and S3) when the determination result is no, the onsite equipment is started or stopped according to first instruction emitted by the digital control system, and when the determination result is yes, the onsite equipment is started or stopped according to second instruction emitted by a backup disk. Thus, the DCS error instruction is canceled when the DCS has errors, and the onsite equipment is effectively controlled based on the instruction emitted by the backup disk.

The invention discloses a flooded subzone partitioning system for a nuclear power plant. The system is characterized by comprising a flooded subzone preliminary partitioning module, a flooded water level calculating module and a flooded subzone determining and optimizing module, wherein the flooded subzone preliminary partitioning module is used for preliminarily carrying out flooded subzone partitioning on an area of the nuclear power plant according to distribution conditions of flooding sources and important devices in the area of the nuclear power plant; the flooded water level calculating module is connected with the flooded subzone preliminary partitioning module and is used for calculating a flooded water level of each flooded subzone; and the flooded subzone determining and optimizing module is connected with the flooded water level calculating module and is used for determining existing subzones or optimizing and adjusting flooded subzones according to influence on the important devices in corresponding subzones caused by flooded water levels. According to the system, devices and components of different safe series, which execute the same safety function, are effectively isolated, and common-mode failure of different series devices, which execute some safety function, caused by flooding of the same time is avoided. In addition, the invention further discloses a flooded subzone partitioning method for the nuclear power plant.

The invention relates to a sensor intelligent data reconstruction method and system, and the method comprises the steps: sequentially judging whether a data reconstruction model operation condition is met or not, judging whether a sensor state detection result is abnormal or not, inputting the real-time measurement data of a sensor with an abnormal detection result into a data reconstruction model, and obtaining a reconstruction value. The fault sensor can be rapidly and actively identified, data are automatically generated under the condition that related conditions are met, the numerical value of the fault sensor is replaced, it is guaranteed that a unit is in a safe and stable state, and time is bought for operation control operation of operators and field maintenance replacement work of maintenance personnel. The method can replace the traditional'periodic test ', and uniform and targeted maintenance is realized during planned shutdown, so that the operation and maintenance cost is reduced. The unit operation state can be automatically stabilized under the condition of sensor common-mode fault, and the safety and stability of nuclear power plant operation are improved.

The invention provides a non-similar dual-redundancy atmosphere data processing system and method for a civil airliner, and the safety and reliability of the system and the fault-tolerant requirement of fault work are ensured by adopting redundancy design. For performance requirements and technical indexes of the atmospheric data computer, a framework of a redundant parallel type dissimilar dual-redundancy CPU working mode is adopted, possible common-mode faults of software and hardware are effectively restrained, the reliability and safety requirements of the atmospheric data computer are guaranteed, and safety evaluation and analysis are conducted on the atmospheric data computer through a fault tree.

The invention discloses a method and a system for realizing 2oo2 security display by a single industrial personal computer. The method comprises the following steps: sending a return code to the industrial personal computer; the CPU and the GPU in the industrial personal computer respectively process the returned codes to obtain two calculation results; differentially displaying the two calculation results on a display interface of the industrial personal computer; according to the two calculation results displayed in a differentiated mode, the returned code is judged. Two pieces of calculation result information are displayed on a display interface of the same industrial personal computer, the display mode is similar to an existing information display mode, and no special or complicated steps exist; a different design method is adopted, so that the common mode failure of the industrial personal computer in the calculation and display of a command execution result is greatly prevented, and the safety of the system is improved; compared with the prior art, the system technology better meets the standard requirements, and the safety and reliability of equipment are improved.