In fields of industrial control like railway, electric power, iron and steel-producing and petrochemical industry, there are relatively strict requirements for availability and reliability of control systems. The dual-channel hot standby systems are widely used due to the higher availability and reliability, at the same time they have certain capability of fault-tolerance and are convenient for maintenance.
In order to ensure the availability and reliability of a dual-channel hot standby system, several questions that should be taken into consideration in the designing process are status switching, status synchronization and consistency check of “active” and “standby” channels, etc.
In the existing dual-channel hot standby systems, providing with a heartbeat line between two channels is a common technical solution, the presetting and switching between “active” and “standby” statuses are realized by separately determining the status of each other depending on software. This kind of way is short of supervision from a third party, so that when the heartbeat line is out of order, a “standby” channel may mistakenly become an “active” one, which generates a status of dual-channel-active, influences the transmission and control of messages, hence an insecure state may be occurred.
In order to solve the problem of shortage of determination from a third party, some systems are provided with switch units, so that a logic control for switching can be carried out by a simple logic circuit which consists of relays as well as small and medium-sized digital integrated circuits, so as to ensure that only one channel is on “active” status at any moment. However, the function of such switch unit is just limited to the presetting and switching between “active” and “standby” statuses, and it's unable to control the synchronization status between two channels, which results in blind spots for the supervision of dual-channel status. At the same time, the breakdown of a switch unit short of redundancy configuration may cause relatively greater risks to the normal operation of the whole system.