Data processing: generic control systems or specific application – Generic control system – apparatus or process – Sequential or selective
Reexamination Certificate
1999-09-27
2002-10-08
Patel, Ramesh (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Sequential or selective
C700S002000, C700S005000, C700S019000, C700S021000, C700S079000, C700S086000, C719S323000, C719S323000, C719S323000, C719S323000, C719S323000
Reexamination Certificate
active
06463339
ABSTRACT:
CROSS-REFERENCE TO RELATED APPLICATIONS
N/A
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
N/A
BACKGROUND OF THE INVENTION
The present invention relates to industrial controllers and in particular to high reliability industrial controllers such as may be used to implement safety interlocks or other critical control functions.
Industrial controllers are special purpose computers used for controlling industrial processes or manufacturing equipment. Under the direction of a stored program, the industrial controller examines a series of inputs reflecting the status of the controlled process, and changes a series of outputs controlling the industrial process. The inputs and outputs may be binary, that is on or off, or analog providing a value within a continuous range. Typically analog signals are converted to binary words for processing.
A typical industrial controller includes a microprocessor sequentially executing instructions of a control program stored in electronic memory to read and write control values to an input/output (I/O) table. The I/O table is scanned independently of execution of the control program to communicate the control values as electrical control signals between the I/O table and the controlled equipment. The basic functions of the microprocessor in executing the control program and scanning the I/O table are performed by an operating system (OS) program.
Industrial controllers may be programmed in a “relay ladder language” logic in which instructions are represented graphically by rungs composed of “normally-open” or “normally-closed” contacts connected in series or parallel to “coils” of relays. The contacts represent inputs from the controlled process and the coils represent outputs to the controlled process. This graphical language mirrors early industrial control systems which used actual relays to provide the control logic needed to control machinery or a factory.
The rungs are arranged in parallel across power lines suggesting the parallel operation of such a relay assembly. Execution of the rungs on the industrial controller, however, is performed sequentially, each rung is evaluated one at a time. By performing the sequential scanning and execution of the rungs at high speed, parallel execution of the rungs is simulated.
Industrial controllers differ from conventional computers in that industrial controllers normally control the real-time operation of machinery often in the manufacture of a product. Momentary interruption of the industrial controller can cause damage to equipment or loss of product. In some critical applications, such as the operation or monitoring of safety equipment, failure of an industrial controller can create a risk of injury to humans. It is desirable that industrial controllers be extremely reliable, that they fail in a safe mode, and that their failure be immediately detectable.
One approach to increasing the reliability of an industrial controller is to use a redundant primary and secondary industrial controller. Failure of the primary controller causes a switch over to the secondary controller which assumes the primary controller's control responsibilities. Such systems are described in U.S. Pat. No. 4,521,871, 5,313,386, and 5,777,874 assigned to the assignee of the present invention and incorporated herein by reference. The switch over between two industrial controllers is performed by special modules within the industrial controllers which monitor hardware or software generated error signals to determine that a switch over is required. Detecting the errors and the switch over process itself can introduce delay in restoring control.
A more general approach to increasing the reliability of an industrial controller which does not require the production or monitoring of error signals (which may also fail) uses multiple industrial controllers operating at the same time. The outputs provided by each industrial controller are compared and only if the outputs are the same are they transmitted to the controlled process. Critical to the effectiveness of this system is the ability to detect and take appropriate actions at run time not only for individual hardware failures but for systemic failures that might have been introduced inadvertently during the design phase. The key to detecting these systemic failures is to ensure that the industrial controllers, if they fail, fail at different times or in different ways so that a difference in their outputs will occur. For this reason, it may be desired to use different industrial controller components and in particular different programs, algorithms, operating systems, development tools, development environments and developers. This later requirement significantly increases the cost of this approach.
When an industrial controller is used for the control of certain safety systems, such as in implementing machine stop commands, fast control response times are necessary. The faster the response from the input (the pressing of an emergency stop button, the breaking of a light curtain or the like) to the output response (the stopping of the machine) the greater the safety margin. For large or complex control programs, such fast response times require powerful processors which are extremely complex and use many millions of transistors. Because a failure of even one transistor in these processors may cause a failure of the entire processor, the complexity of these microprocessors raises its own reliability problems.
BRIEF SUMMARY OF THE INVENTION
The present invention provides a highly reliability industrial controller providing not only higher execution speed and greater predictability of operation but lower cost.
A key to the present invention is replacing microprocessors and their operating systems with programmable gate-arrays. The gate-arrays execute the control program directly as interconnected logic gates in a manner analogous to that of original relay ladders used in industrial control, but of course, at far greater speed. The number of gates in the gate-array may be several orders of magnitude fewer than the number of gates in a typical microprocessor, thereby improving reliability and because of the parallel nature of execution the operation of a gate-array, can be much faster than the operation of a microprocessor. Operating systems and the reliability problems they introduce are eliminated.
In the invention, multiple gate-arrays are programmed to provide the same global control logic (executing the control program) but to implement that control logic in different ways so as to increase the probability of any failure being reflected in different ways in different gate-arrays. Outputs of the multiple gate-arrays are then compared to detect errors and increase reliability. Errors may alternatively be detected independently of the outputs. Variations in the implementation of the control logic may be provided by using gate-arrays with different internal architectures (for example from different vendors) or by modifying the control program or the compiling process itself.
Specifically the present invention provides a high reliability industrial controller for control of an industrial process according to a control program where the controller includes at least two programmable gate-arrays having logic gates interconnected according to programmable memory cells. The programmable gate-arrays have gate-array inputs received by the interconnected logic gates which in turn provide gate-array outputs that are Boolean functions of the gate-array inputs. The programmable memory cells of the first and second programmable gate-arrays are programmed to each independently execute a control program using different interconnections between logic gates. Input circuitry accepts electric inputs from the industrial process and routes the inputs to the gate-arrays of both the first and second programmable gate-arrays. Comparison circuitry receives gate-array outputs from each of the first and second programmable gate-arrays to produce controller outputs dependent on whether corre
Baxter Keith M.
Gerasimow Alexander M.
Patel Ramesh
Rockwell Automation Technologies Inc.
Walbrun William R.
LandOfFree
High reliability industrial controller using tandem... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with High reliability industrial controller using tandem..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and High reliability industrial controller using tandem... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2942064