Electronic digital logic circuitry – Multifunctional or programmable – Having details of setting or programming of interconnections...
Reexamination Certificate
2001-12-27
2003-04-15
Le, Don (Department: 2819)
Electronic digital logic circuitry
Multifunctional or programmable
Having details of setting or programming of interconnections...
C326S010000
Reexamination Certificate
active
06549034
ABSTRACT:
CROSS-REFERENCE TO RELATED APPLICATIONS
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
BACKGROUND OF THE INVENTION
The present invention relates to programmable logic controllers (PLC's) and in particular to a PLC finding specific application in safety systems.
PLC's are special purpose computers used for the control of industrial processes and the like. During the execution of a stored control program, they read inputs from the controlled process and, per the logic of the control program, provide outputs to the controlled process. The outputs typically provide analog or binary voltages or “contacts” implemented by solid state switching devices.
PLC's differ from conventional computers both in their reliability and flexibility. In this latter regard, PLC's are normally constructed in modular fashion to allow them to be easily reconfigured to meet the demands of the particular process being controlled. For example, the processor and I/O circuitry are normally constructed as separate modules that may be inserted in a chassis and connected together through a common backplane using permanent or releasable electrical connectors. This modular, backplane construction allows, for example, varying the number of I/O modules as needed for the particular controlled process. The modular backplane also allows network cards to be attached to the backplane, for example, to communicate over a control network with additional remote I/O modules.
While PLC's have largely replaced systems composed of discrete interconnected relays for all but the smallest control systems, an exception exists in so-called safety applications. Safety applications are those in which failure of the control system could lead to significant hazard or injury. Safety systems, for use in such safety applications, may employ multiple redundant channels with monitoring and verification and may incorporate combinations of safety relays, sensors, and actuators, each with separate sets of interconnected wiring and cross-wiring to check for discrepancies between signal paths. The wiring of the safety system is done to move the safety system to a predetermined safe state if either of the redundant channels fails and or do not agree.
Such discrete safety systems can be costly to install and maintain, especially for complex control applications, where large amounts of point-to-point wiring is required both to implement the logic and to provide the redundant channels. For this reason, there is considerable interest in using PLC's, where the logic is implemented in a computer rather than as device interconnections, to provide similar levels of safety operation.
In one such approach to implementing a safety system with an PLC, duplicate PLCs are connected to sensors and actuators using separate signal paths to each. Each PLC and its associated I/O represents an independent control channel and the controllers are cross-wired so that the failure in either one may be detected and a safe state maintained
For example, referring to
FIG. 1
, a prior art safety system may be implemented with duplicate PLC
10
a
and
10
b
. Each of the PLCs
10
a
and
10
b
may receive input signals from a multiple sensors or contact switches
14
along redundant input leads
16
a
and
16
b
received by input modules
24
a
and
24
b
respectively and may provide redundant output signals (from output modules
25
a
and
25
b
) along leads
18
a
and
18
b
to actuator
20
. Both of signals
18
a
and
18
b
must be the same for the actuator
20
to be actuated. The output modules
25
a
and
25
b
may include internal testing and diagnostics, otherwise the status of outputs
18
a
and
18
b
may be monitored by inputs of input module
24
a
and
24
b
so that output faults can be detected.
Each of the PLC's
10
a
and
10
b
include a chassis
12
a
and
12
b
holding one of separate control modules
22
a
and
22
b
executing a redundant control program. The redundant control programs may be essentially identical or may be different control program intended to provide the same control outputs. Control module
22
a
and I/O modules
24
a
and
25
a
communicate on backplane
40
a
, while control modules
22
b
and IPO modules
24
b
and
25
b
communicate on backplane
40
b
. Each backplane
40
a
and
40
b
is associated with one of chassis
12
a
and chassis
12
b
and communicates with its respective modules by electrical connectors (not shown). The backplanes
40
a
and
40
b
are supplied with power from power supplies
32
a
and
32
b
and include diagnostic circuitry to detect failures and go to a predetermined safe state.
Cross-wiring
26
between I/O modules
24
a
and
24
b
allows each PLC
10
a
and
10
b
to review the other's inputs and outputs for disparity and testing if necessary. If a disparity or failure is detected, the control programs cause the controllers and their outputs to go into a safe state predefined according to the control application.
While this system provides the ability to detect and respond to failures, the cross-wiring can be costly to implement and maintain, especially for complex control applications. The need for duplicated hardware, including racks and backplanes, further increases the costs.
SUMMARY OF THE INVENTION
The present invention provides a safety system using duplicate PLCs and modules but providing substantially reduced wiring and, in certain embodiments, substantially reduced hardware costs.
The present inventors have recognized that in certain cases physical wiring may be replaced with equal safety through “virtual” wiring implemented on a single unitary backplane of the PLC. Thus, physical cross-wiring may be eliminated in favor of backplane messages.
In order that the virtual wiring provide the same level of safety as the physical wiring, a “connected” communication protocol must be used which both ensures reliable transmission of messages through pre-established connections and which detects failure of the virtual wiring represented by a connection. Generally, connected messaging systems require opening of connections to reserve necessary bandwidth and other network resources needed by the connection. After being opened, the connection may implement any of a variety of features to ensure the integrity of the connection including message echoing and comparison, I/O broadcast and verification of results or the regular transmission of a heart beat signal. Each connection becomes a virtual wire that mimics physical wire, but unlike a physical wire, the virtual wire is a fail safe component since each connection contains the redundancy and verification that would send the outputs to a safe de-energized state in the event of a connection anomaly such as a wire break or connection device failures.
Through the use of the reliable virtual wiring of connections, the actual physical wiring required to implement a safety system is much reduced as well as the number of I/O points. The ability to use a single backplane may allow the entire safety system to be implemented in a single chassis as opposed to duplicate chassis. Support of multicast/broadcast communications allows the messages implementing the cross wiring required for redundancy, monitoring and verification to be simultaneously transmitted to multiple devices, reducing the burden on network bandwidth.
Specifically, then, the present invention provides a PLC for safety applications including a backplane that may allow connection to at least two I/O modules and a first and second control module. The backplane, I/O modules, and control modules include communications circuitry supporting a connected communications protocol in which failure of a connection between modules may be detected by the modules. This connected communications protocol may, but need not, provide a producer/consumer broadcast messaging which allows the sharing of input and output information over the single backplane.
Each of the first and second control modules redundantly execute a control program to: (i) open connections ove
Pietrzyk Arthur Paul
Sugimoto Thomas
Baxter Keith M.
Gerasimow Alexander M.
Le Don
Rockwell Automation Technologies Inc.
Speroff R. Scott
LandOfFree
Programmable logic controller for safety systems with... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Programmable logic controller for safety systems with..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Programmable logic controller for safety systems with... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3085513