文摘
This paper presents the redundancy architecture of the Programmable Logic Controller called the Safety PLC(SPLC) for the safety functions such as reactor protection in a nuclear power plant. The architecture of the SPLC is designed to switch flexibly redundancy model between the Dual Modular Redundancy(DMR) and Triple Modular Redundancy(TMR). Using this flexible redundancy architecture, the controller can be optimally configured to the application area, and the reliability and availability of the overall system can be increased because redundancy model varies as failures occur. The operating system of the SPLC is also specially designed to guarantee the strict real-time operation using the non-preemptive state-based scheduler and the supervisory task that manages timing violation of each task. The data communication of the SPLC uses the deterministic state-based protocol based on the Guaranteed Time Slot(GTS) protocol. The reliability analysis results show that MTTF of SPLC is 41,630 hours, which is about 15% and 50% more reliable than the TMR or DMR architecture, respectively.