Data processing: generic control systems or specific application – Generic control system – apparatus or process – Having protection or reliability feature
Reexamination Certificate
1998-12-18
2002-03-12
Grant, William (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Having protection or reliability feature
C709S241000, C714S012000
Reexamination Certificate
active
06356795
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a synchronization method for a redundant automation system having at least two subsystems, where the minimum of two subsystems have a minimum of one processor, are linked together via communication means, execute functionally identical sequences of machine instructions to control a process and synchronize with one another from time to time via the communication means.
BACKGROUND INFORMATION
Synchronization methods for automation systems are generally conventional. European Patent 497 147 describes a method in which the subsystems of an automation system composed of two subsystems synchronize one another after a period of time preselectable by the user at the latest. European Patent 616 274 describes a similar method where synchronization is performed as a function of the actual run time of a sequence of machine instructions. Thus, it is necessary to know the run times of the instructions of the user program and to constantly add up these run times. The conventional methods are not optimal inasmuch as an unnecessarily long amount of time is spent for synchronization.
An object of the summary present invention is to provide a synchronization method with minimal complexity for an automation systems composed of at least two subsystems. The synchronization method independent of the presence of special hardware. The synchronization method according to the present invention has the least possible negative effect on the computing capacity of the automation system.
The synchronization method is based on a counter for each of the subsystems—hereinafter called synchronization counters—which is incremented, i.e., increased by one, using increment instructions. Incrementation is an especially simple task for a processor. In individual cases, incrementation can take place within a single clock cycle and therefore especially rapidly.
Synchronization is performed at least when one of the minimum of two subsystems—hereinafter referred to as the alerted subsystem—registers a special event, e.g., an interrupt or an alarm. In this case, the alerted subsystem relays to the minimum of one other subsystem the instantaneous value of its synchronization counter. This relaying informs the minimum of one other subsystem that a special event has occurred. The minimum of one other subsystem in turn relays to each other subsystem the instantaneous value of its synchronization counter. Each of the subsystems is thus informed of the instantaneous value of its own synchronization counter as well as the value of the synchronization counter of the minimum of one other subsystem.
At the time of occurrence of the special event, one of the subsystems may be ahead of the minimum of one other subsystem in executing the sequence of machine instructions. If this is the case, it is also possible for the subsystem which is in the lead to have already executed a larger number of increment instructions, so that the values of the synchronization counters of the subsystems differ.
Each subsystem determines the largest value at the moment from the value of its own synchronization counter and the value of the synchronization counter of the minimum of one other subsystem. The value of the synchronization counter which all subsystems can attain together by continuing to execute the sequence of machine instructions is the largest value of the synchronization counter increased by one, i.e., incremented. Therefore, in each subsystem, the largest value of the synchronization counters of all subsystems is incremented. This value which is the same for all subsystems is hereinafter referred to as the synchronization counter target value. This can, of course, also be determined by an alternative method by first incrementing the values of the synchronization counters and then determining the synchronization counter target value as their maximum value.
The subsystems interrupt the execution of the sequence of machine instructions on attaining the position of the increment instruction (hereinafter referred to as synchronization position) at which the values of the respective synchronization counters attain the synchronization counter target value. Since the increment instructions occur at corresponding locations in the functionally identical sequences of machine instructions, the increment instructions are consequently especially suitable as the potential synchronization position.
The fact that such a synchronization position has been attained can be determined especially easily by comparing the value of the respective synchronization counter with the synchronization counter target value. The synchronization method is thus based on incrementation and comparison operations, which can be carried out especially rapidly and efficiently by a processor.
Since both subsystems can attain their synchronization positions at different times, each subsystem signals the minimum of one other subsystem that the synchronization position has been attained by sending a synchronization signal. Each subsystem then waits for arrival of the synchronization signal from the minimum of one other subsystem. This signals that it has attained its synchronization position. In the case of more than one other subsystem, each subsystem waits for arrival of the synchronization signal from all other subsystems, so that each subsystem executes additional actions only when all subsystems have attained the synchronization position. However, there are also conceivable applications where no synchronization signal is exchanged on attaining the synchronization position.
After attaining the synchronization position, and after registering the synchronization signal from the minimum of one other subsystem, each subsystem determines a specific response for the special event and performs it. This response is a specific sequence of machine instructions for the special event. Then, each subsystem continues executing the sequence of machine instructions, the execution of which was reset on attaining the synchronization position because of the synchronization and because of the response to the special event.
The alerted subsystem relays the special event to the minimum of one other subsystem immediately after registering the special event at the earliest, e.g., in conjunction with relaying the instantaneous value of the synchronization counter, but at the latest in conjunction with the synchronization signal.
There are also cases where exchanging or waiting for the synchronization signal does not take place for the specific response for the special event to be executed. In such a case, the special event-specific response is carried out immediately on attaining the synchronization position. Then, there is no time synchronization, but the method according to the present invention ensures that although the special event-specific response will not be carried out at the same time but at functionally identical positions within the sequence of machine instructions of the respective subsystem. In this way, the desired synchronization is ensured, because the synchronization positions are arranged at corresponding positions in the sequences of functionally identical machine instructions.
The synchronization position can be attained especially efficiently if the address of each machine instruction of the sequence of machine instructions, in particular the address of the machine instruction being carried out at the moment, and the address of the machine instruction corresponding to the synchronization position can be determined.
This makes it possible for the address of the machine instruction being carried out at the moment to always be compared with the address of the machine instruction corresponding to the synchronization position when executing the sequence of machine instructions—at least after the alerted subsystem has registered a special event. If the two addresses compared are found to match, the synchronization position has been attained. In this way, execution of the sequence of machine instructions can be interrupted precisely on
Barthel Herbert
Fuchs Heiner
Göbel Alfons
Garland Steven R.
Grant William
Seimens Aktiengesellschaft
Staas & Halsey , LLP
LandOfFree
Synchronization method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Synchronization method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Synchronization method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2862633