阅读说明：本技术 预防工程机械控制器失效的安全系统及工程机械 (Safety system for preventing failure of engineering machinery controller and engineering machinery ) 是由 安卡 李寒霜 于 2021-07-06 设计创作，主要内容包括：本发明公开了一种预防工程机械控制器失效的安全系统及工程机械,所述安全系统包括安全控制器和标准控制器；所述标准控制器接收外部输入信号,并对接收到的输入信号处理后输出；所述安全控制器与所述标准控制器相连,从所述标准控制器中读取所有输入信号,当检测到异常输入信号时,所述安全控制器复位所述标准控制器,并关断标准控制器的输出端,和/或所述安全控制器关断其自身的输出端,用于关闭所述安全系统。本发明能够保证当控制器自身失效或者由于编程经验不足或对被控对象不熟悉导致的输入失效发生时,避免程序跑飞或硬件端口损坏等异常问题,保障整车和人员的安全。(The invention discloses a safety system for preventing failure of an engineering machinery controller and engineering machinery, wherein the safety system comprises a safety controller and a standard controller; the standard controller receives an external input signal, processes the received input signal and outputs the processed input signal; and the safety controller is connected with the standard controller, reads all input signals from the standard controller, resets the standard controller and turns off the output end of the standard controller when detecting abnormal input signals, and/or turns off the output end of the safety controller, so as to turn off the safety system. The invention can ensure that when the controller fails or input failure caused by insufficient programming experience or unfamiliarity with the controlled object occurs, the abnormal problems of program runaway or hardware port damage and the like are avoided, and the safety of the whole vehicle and personnel is ensured.)

1. A safety system for preventing a controller of a construction machine from malfunctioning, comprising: a safety controller and a standard controller;

the standard controller receives an external input signal, processes the received input signal and outputs the processed input signal;

and the safety controller is connected with the standard controller, reads all input signals from the standard controller, resets the standard controller and turns off the output end of the standard controller when detecting abnormal input signals, and/or turns off the output end of the safety controller, so as to turn off the safety system.

2. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 1, wherein: the safety system also comprises an expansion controller which is respectively connected with the safety controller and the standard controller.

3. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 1, wherein: and data synchronization, data verification and data diagnosis are carried out among the standard controller, the safety controller and the expansion controller.

4. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 3, wherein: the standard controller, the safety controller and the expansion controller respectively collect data, and compare and measure the collected data with the data collected by other controllers.

5. A safety system for preventing a work machine controller from malfunctioning according to claim 4, wherein: the data collected by the standard controller, the safety controller and the expansion controller comprise voltage data, current data and temperature data.

6. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 1, wherein: the standard controller, the safety controller and the expansion controller respectively comprise firmware, the firmware comprises a hardware mapping layer and a driving layer, and the hardware mapping layer defines the mapping relation between software and hardware; the driver layer implements hardware bottom layer driving.

7. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 6, wherein: the standard controller also comprises a standard Codesys running module connected with the firmware, and the standard Codesys running module is used for a programmer to directly program in a Codesys environment.

8. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 6, wherein: the safety controller also comprises a Codesys operation module connected with the firmware, wherein the Codesys operation module adopts an IEC61508 standard SIL 2 grade certified operation module and is used for a programmer to directly program in a Codesys environment.

9. A safety system for preventing a work machine controller from malfunctioning as claimed in claim 1, wherein: and CAN interfaces are arranged on the safety controller and the standard controller.

10. A construction machine characterized in that: comprising a security system according to any one of claims 1-9.

Technical Field

The invention belongs to the field of engineering machinery, and particularly relates to a safety system for preventing an engineering machinery controller from being out of work and engineering machinery.

Background

The engineering machinery controller is a control core of engineering machinery and is responsible for realizing the control function of the whole vehicle. Along with the development of the intelligent and automatic control of the engineering machinery, higher and higher requirements are put forward on the performance of the controller, the safety of the controller is the basis for realizing all other characteristics, and how to prevent the failure of the engineering machinery controller is an important problem to be solved in the design process of the controller.

In the prior art, in order to prevent the failure of the engineering machinery controller, the following methods are mainly proposed:

the method comprises the following steps: the method adds external electrical components and can only realize simple control function by adding a manual switching mode to the external electrical appliance and switching to manual control when the controller fails.

The second method comprises the following steps: the 'watchdog' control, which is a scheme commonly adopted in the industry, is usually implemented directly in the MCU by being cured, that is, if the 'watchdog' is not operated, the system enters a reset state within a period of time. The scheme can release system resources temporarily, but cannot solve the fundamental problem and sometimes causes an abnormal phenomenon of repeated resetting.

The third method comprises the following steps: the controller adopts double-MCU control, and each MCU independently realizes all normal functions. This scheme can prevent failure of a single MCU itself, but for input failures caused by programmer error, it cannot address such failures as both MCUs will respond to the erroneous input, which may result in failure of the underlying layers.

The method four comprises the following steps: embedding a minimum control system in the program, as described in detail in patent cn201310310774.x, can recover the MCU from a dead halt, but an input failure may simultaneously affect the minimum control system portion, resulting in a failure of the entire controller.

Disclosure of Invention

Aiming at the problems, the invention provides a safety system for preventing the failure of an engineering machinery controller, which can avoid the abnormal problems of program runaway or hardware port damage and the like when the controller fails or input failure caused by insufficient programming experience or unfamiliarity to a controlled object occurs, and ensure the safety of the whole vehicle and personnel.

In order to achieve the technical purpose and achieve the technical effects, the invention is realized by the following technical scheme:

in a first aspect, the present invention provides a safety system for preventing a controller of a construction machine from malfunctioning, including: a safety controller and a standard controller;

the standard controller receives an external input signal, processes the received input signal and outputs the processed input signal;

and the safety controller is connected with the standard controller, reads all input signals from the standard controller, resets the standard controller and turns off the output end of the standard controller when detecting abnormal input signals, and/or turns off the output end of the safety controller, so as to turn off the safety system.

Optionally, the safety system further comprises an expansion controller, and the expansion controller is respectively connected with the safety controller and the standard controller.

Optionally, data synchronization, data verification and data diagnosis are performed among the standard controller, the safety controller and the expansion controller.

Optionally, the standard controller, the safety controller and the expansion controller respectively collect data, and compare and measure the collected data with data collected by other controllers.

Optionally, the data collected by the standard controller, the safety controller and the extended controller comprises voltage data, current data and temperature data.

Optionally, the standard controller, the security controller, and the expansion controller respectively include firmware, where the firmware includes a hardware mapping layer and a driving layer, and the hardware mapping layer defines a mapping relationship between software and hardware; the driver layer implements hardware bottom layer driving.

Optionally, the standard controller further comprises a standard Codesys running module connected to the firmware, the standard Codesys running module being for a programmer to program directly in a Codesys environment.

Optionally, the safety controller further comprises a codec operation module connected with the firmware, wherein the codec operation module adopts an IEC61508 standard SIL 2 grade certified operation module for a programmer to directly program in a codec environment.

Optionally, the safety controller and the standard controller are both provided with a CAN interface.

In a second aspect, the invention provides a work machine comprising a safety system as defined in any one of the first aspects.

As a further improvement of the invention, the method comprises the following steps.

Compared with the prior art, the invention has the beneficial effects that:

the safety system comprises an independent safety part (a safety controller) and a standard part (a standard controller), wherein the safety part (the safety controller) and the standard part (the standard controller) operate independently, so that the standard program under normal conditions can not influence a safety related part, and the normal operation of an application layer can not influence a safety related bottom layer, so that the abnormal problems of program runaway or hardware port damage and the like can be avoided when the MCU of the controller fails or input failure caused by insufficient programming experience or unfamiliarity with a controlled object occurs, and the safety of the whole vehicle and personnel can be guaranteed.

Drawings

In order that the present disclosure may be more readily and clearly understood, reference is now made to the following detailed description of the present disclosure taken in conjunction with the accompanying drawings, in which:

fig. 1 is a schematic structural diagram of a safety system for preventing a failure of a controller of a construction machine according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the scope of the invention.

The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.

Example 1

The embodiment of the invention provides a safety system for preventing the failure of an engineering machinery controller, which comprises: a safety controller (safety MCU) and a standard controller (standard MCU);

the standard controller receives an external input signal, processes the received input signal and outputs the processed input signal; in the specific implementation process, the standard controller is responsible for realizing the normal functions of the controller, and specifically comprises the input of sensor signals such as digital quantity, analog quantity and pulse quantity, the logic processing of input signals, the output of digital quantity, analog quantity and PWM signals, the CAN communication function and the like;

the safety controller is connected with the standard controller, reads all input signals from the standard controller, resets the standard controller when detecting abnormal input signals, and turns off the output end of the standard controller; in a specific implementation process, the safety controller is used for taking charge of all safety-related control; in other embodiments of the embodiment of the present invention, when an abnormal input signal is detected, the safety controller turns off its own output terminal, or the safety controller turns off its own output terminal and the output terminal of the standard controller, so as to turn off the whole safety system;

it can be seen that the safety system in the embodiment of the present invention employs dual controller control to ensure physical independence. The dual-controller control mentioned in the embodiment of the invention is not direct redundant backup, but utilizes a standard controller to realize a standard function, a safety controller is responsible for realizing a safety function, and the safety controller needs to meet the requirements of functional safety standards.

In a specific implementation manner of the embodiment of the present invention, the security system further includes an expansion controller (expansion MCU), and the expansion controller is connected to the security controller and the standard controller, respectively. The expansion controller is used as an extension of a standard controller, more IO ports can be provided, the application range of the controller is expanded, and data interaction can be performed among the standard controller, the safety controller and the expansion controller, specifically including data synchronization, data verification and data diagnosis.

In a specific implementation process, the standard controller, the safety controller and the expansion controller respectively collect data, and compare and measure the collected data with data collected by other controllers. The data collected by the standard controller, the safety controller and the expansion controller comprise voltage data and temperature data.

In a specific implementation manner of the embodiment of the present invention, the standard controller, the security controller, and the expansion controller respectively include firmware (firmware uC1, firmware uC2, and firmware uC3 in fig. 1), the firmware includes a hardware mapping layer and a driver layer, and the hardware mapping layer defines a mapping relationship between software and hardware; the driver layer implements hardware bottom layer driving.

The standard controller also includes a standard Codesys run module coupled to the firmware for the programmer to program directly in the Codesys environment without concern for the underlying implementation.

The safety controller also comprises a Codesys running module connected with the firmware, wherein the Codesys running module adopts a running module certified by IEC61508 standard SIL 2 grade to ensure the whole function safety and is used for a programmer to directly program in a Codesys environment without concerning the implementation of a bottom layer; when an abnormal input signal is detected, the safety controller sends a reset signal to the firmware in the standard controller, and the firmware in the standard controller switches off the output end of the standard controller; or the safety controller directly turns off the output end of the safety controller; in a specific implementation, the safety controller is responsible for all safety-related controls.

In a specific implementation manner of the embodiment of the present invention, the safety controller and the standard controller are both provided with a CAN interface, so as to implement a CAN communication function.

In summary, from the perspective of a programmer, standard programming is only required to be performed in the Codesys under normal conditions, and the safety function of the controller is automatically realized by the firmware in the safety controller corresponding to the firmware in the standard controller, so that the safety function of the bottom layer cannot be influenced by input failure.

Example 2

An embodiment of the present invention provides a construction machine including the safety system according to any one of embodiments 1.

The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.