Abstract: This paper addresses some problems encountered in the practical application of existing DCS systems. Combining communication and computer technologies, it proposes a solution based on the QNX distributed real-time operating system and CAN bus, and introduces the design concept and implementation method of the system. Keywords: DCS; CAN; Distributed Real-Time Operating System Introduction DCS systems have wide applications in power generation, steelmaking, petrochemicals, and other fields, greatly improving the automation level of production. However, as the scale of DCS systems increases, higher requirements are placed on their reliability, real-time response speed, scalability, and maintainability. This paper discusses large-scale distributed DCS systems and proposes a design method combining communication and computer technologies. This method achieves the following performance characteristics: loop control response time <5ms; redundant card switching time <10ms; emergency event response time <1ms; distributed structure, ensuring no increase in system complexity as the system scales up; redundancy in the underlying power supply, I/O cards, nodes, and network; direct access to underlying I/O cards and nodes without needing to know their location or routing information, even if the underlying topology changes, it will not affect the upper-level system; programs on each node can be dynamically downloaded and updated via the network without downtime; it can connect to PLCs, existing instruments, and computer networks to share information resources, exhibiting good openness; the design utilizes mature technologies and readily available components to reduce development and maintenance costs and facilitate production. System Overall Structure The system adopts a three-layer network structure, with the top-level high-level management network and the middle-level field control network both using 100M Ethernet. And improve communication distance and anti-interference capability by using fiber optic interconnection; improve network switching speed by using switches; improve system reliability by using industrial-grade products. High-level management network The top-level high-level management network consists of management computers, data servers, Internet, gateway servers, etc., and is the information channel for realizing comprehensive enterprise management. Intermediate-level field control network The intermediate-level field control network consists of gateway servers, engineering stations, operator stations, field control stations and bridges, etc. It is used for high-speed and reliable transmission of real-time process data, control data, configuration information and all field control layer data. Due to the large amount of data, in order to ensure reliability, two 100M Ethernet lines are used as redundancy in hardware; in software, the distributed real-time operating system QNX is used to realize the Ethernet redundancy of the system, dynamic download and update of programs and real-time loop control. The reasons for using QNX in this system are as follows: (1) QNX is a proven and reliable distributed real-time operating system. (2) As a distributed operating system, QNX has excellent network capabilities. It supports redundant operation of two Ethernet networks, which can distribute data evenly across the two Ethernet networks, thus significantly increasing network speed. When one network fails, it can dynamically switch all communication data to the other network, transparently to the user. This feature is well-suited for this system. (3) QNX can dynamically update programs on nodes via the network without downtime, facilitating maintenance and upgrades. (4) Unlike many other real-time operating systems that can run on numerous CPUs, QNX is specifically optimized for X86, fully leveraging its performance. (5) The QNX system is compact, with a kernel of only 10KB, allowing it to run directly on small-capacity electronic disks. Low-level Field Control Station Intranet The field control station intranet is used for data communication between Ethernet communication cards, CAN communication cards, and I/O cards, as well as interconnection between the field control station and the chassis. The CAN bus boasts high reliability, high real-time performance, priority-based non-destructive bus arbitration technology (ensuring response time for emergency events), multi-master operation, and high cost-effectiveness. Therefore, we chose a redundant 500kb/s CAN bus (capable of transmitting approximately 4 data packets within 1ms, resulting in a very short system response time) to construct the system's underlying communication network. System Hardware Introduction Only the field control station and network bridge in the entire hardware system require independent development. The field control station is the lowest-level component of the entire system, and its performance directly impacts the success of the entire DCS system. When developing the hardware, it is crucial to properly handle system grounding and electrical isolation, add protection circuits to each input and output section, filter the acquired data, and use electronic disks instead of ordinary hard drives for each QNX node to improve the overall system's anti-interference capability. The following will provide a detailed introduction to the field control station. Field Control Station The field control station consists of several independent chassis, interconnected via an intermediate-level field control network or a lower-level field control station internal network (redundant CAN network). Each chassis contains a series of plug-in cards and a common baseboard. All plug-in cards are hot-swappable and can be configured redundantly, with self-diagnostic capabilities to ensure uninterrupted system operation. Chassis can connect to the intermediate-level field control network via Ethernet communication cards or to other chassis via CAN communication cards. Both Ethernet and CAN communication cards have 32-bit high-speed CPUs running the QNX system, enabling direct control of field loops. The structure of the Ethernet communication card is described below. The structure of the CAN communication card is also described below. The I/O cards primarily handle digital and analog inputs and outputs, employing isolation designs to achieve electrical isolation between boards. Because each node on the CAN network can actively send information to other nodes on the network at any time, this feature can be used to enable dynamic routing of the entire CAN network by having each CAN node periodically send routing information to its local communication card. When a new card is inserted or an existing card is removed, this is reflected in the system's routing information in real time, achieving plug-and-play functionality. Traditional RS-485, however, cannot actively send information to other nodes on the network and can only achieve static routing manually. Bridge The bridge consists of an x86 CPU board and several communication sub-boards. One side connects to the intermediate layer field control network, and the other side connects to digital instruments and third-party devices, acting as a communication intermediary. The boards are interconnected via PC/104. The x86 CPU board runs the QNX system, which handles the TCP/IP protocol and network redundancy. The user program handles communication with each communication sub-board, completing the bridge's function. System Software Design The system software includes the host PC system software, the software in the lower-level QNX system, and the embedded software in the I/O cards. The host computer software includes web service programs, configuration software, industry-specific optimized control software, and high-level management software. It employs a graphical user interface, making operation intuitive and convenient. It manages and monitors the entire system and coordinates and optimizes the control of each node. It is programmed using Visual C++. The embedded software on the lower-level computers includes real-time monitoring software, routing software, communication software, redundancy management software, loop control software in nodes, and interface programs in bridges, all located on the x86 CPU board. It runs the QNX real-time operating system and the SQLanywhereforQNX real-time database system, programmed using Watcom C/C++ for QNX. It utilizes the remote functionality of the QNX operating system to dynamically download and update programs on each node. The embedded software in the I/O cards is mainly responsible for digital and analog input/output, redundancy management, and communication with the CAN bus. It is programmed using Keil C, avoiding the maintenance difficulties associated with assembly programming. Conclusion This system combines communication and computer technologies, employing a solution based on the CAN bus and the QNX distributed real-time operating system to realize a distributed real-time DCS system that meets the design requirements. References 1 QNXTheLeadingRealtimeOSforPCs.QNXsoftwaresystemsLtd.2001 2 WatcomC/C++forQNXHigh-performancecompilerandtools.QNXsoftwaresystemsLtd.2001 3 ControllerAreaNetwork (CAN) Specification.RobertBoschGmbH.1991