Electrical computers and digital processing systems: multicomput – Master/slave computer controlling
Reexamination Certificate
1997-03-10
2001-01-23
Maung, Zarni (Department: 2758)
Electrical computers and digital processing systems: multicomput
Master/slave computer controlling
C700S003000
Reexamination Certificate
active
06178444
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a computer system containing a plurality of data processing systems connected over a network for distributed data processing. More specifically, this invention relates to a data processing method as well as the systems on which the data processing method is implemented.
2. Description of the Prior Art
It is required that industrial systems such as chemical or steel plants, traffic control systems, and power systems including nuclear power plants, always be controlled correctly. This requires that data be processed in the correct sequence when controlling these systems.
One of the means to control these systems is to use a plurality of distributed data processing systems. This control means has a group of control units, each having a data processing system. These data processing systems are connected over a network to exchange control data (control messages) among them and to operate control units. For this type of control means, it should be noted that a plurality of data pieces sent from the sending system are not always received by the receiving system in the sequence in which they are sent. If the receiving system do not receive them in the sequence in which they are sent and control them in different sequence, the system safety may be affected.
For example, assume that two data processing systems connected over a computer network control an reactor as shown in FIG.
8
. The reactor
100
, which contains the heater
101
, heats the materials fed from the materials feed pipe
102
and ejects a resulting product into the product ejection pipe
103
. The materials feed pipe
102
has the flow adjustment valve
104
to adjust the feed speed. This materials feed pipe
102
and the flow adjustment valve
104
may be controlled by two data processing systems, one contained in this control unit and the other connected to this data processing system over a network. For example, the first data processing system is installed in the central control room of the plant, and the second data processing system is installed on the control unit to run two programs: “the materials feed control program” and “the flow adjustment valve control program”. The second data processing system uses these two programs to control the temperature and the flow amount in the plant in accordance with messages from the first data processing system. Assume that the first data processing system sends the command “Open flow-adjustment valve 10 degrees” and then the command “Feed 20 Kg of materials to reactor”. That is, the first data processing system sends the “flow” command and “materials” command in this sequence.
However, the second data processing system may receive the “materials” command and then the “flow” command because these two commands are sent along two different paths. Upon receiving the “materials” command, the second data processing system starts “the materials feed control program” and, before adjusting the flow, feeds 20 Kg of materials into the reactor. This is not the sequence intended by the first data processing system. This incorrect sequence of operation causes an abnormal reaction, endangering the safe plant operation.
To ensure the safe plant operation, the data processing system is sometimes duplicated to allow the overall system operation to continue even if an error occurs in the hardware constituting one of those systems. For example, assume that three data processing systems are connected to a computer network and that “the materials feed control program” and “the flow adjustment valve control program” stored in the second data processing system control the temperature and flow amount in the plant according to the control messages from the first data processing system. The third data processing system also contains these two programs to allow the whole plant system operation to continue even when a hardware error occurs in the second or third data processing system.
In a configuration described above, assume that the first data processing system sends the command “Open flow-adjustment valve 10 degrees” and then the command “Feed 20 Kg of materials to reactor”.
However, the second data processing system and the third data processing system may receive the commands in different sequences because these two commands are sent along two different paths: that is, in some cases, the former receives the “materials” command and then the “flow” command while the latter may receive the “flow” command and then the “materials” command. Upon receiving the “materials” command, the second data processing system starts “the materials feed control program” and, before adjusting the flow, feeds 20 Kg of materials to the reactor. This is not the sequence intended by the first data processing system. On the other hand, the third data processing system first starts “the flow adjustment valve control program” and then feeds 20 Kg of materials to the reactor. This is the sequence intended by the first data processing system. This means that, even if the same commands are received by the second data processing system and the third data processing system as sent by the first data processing system, the consistency of the process cannot be maintained. As a result, if the third data processing system which has received the sequence of commands correctly fails, the commands received by the second data processing system, one of the duplicated systems, are executed. This results in an abnormal reaction and endangers the safe plant operation.
To eliminate an inconsistency in the sequence of operation, a data processing system containing a sequencer, which specifies the sequence of messages, has been devised heretofore. This sequencer makes it possible to send the commands to all the data processing systems in the same sequence, eliminating the inconsistency. More specifically, this sequencer sends to all the data processing systems a command specifying the sequence of messages (hereafter called a processing sequence command) on which the sequence of message operation of each data processing system is based.
Generally, a sequencer sends the processing sequence command based on the sequence in which the sequencer received the messages. Other data processing systems store the messages received from the sequencer for a while and, after receiving the sequence command from the sequencer, processes the sequence of messages based on the sequence command.
For system safety, the sequencer is also duplicated. That is, a plurality of sequencers are connected to a network, each in one of two modes: “operation mode” and “standby mode”. A data processing system containing a sequencer in “the operation mode” (hereafter called an operation mode sequencer) controls the units of the whole plant system. On the other hand, while the data processing system containing the operation mode sequencer is active, a data processing system containing a sequencer in “the standby mode” (hereafter called standby mode sequencer) is in the standby state and does not send the message processing sequence command. That is, when an operation mode sequencer receives a plurality of messages, the sequence in which the sequencer receives the messages is sent to a standby mode sequencer and other data operating systems.
However, a conventional data processing system containing a sequencer has the following problem. When the data processing system containing “the operation mode sequencer” fails, some other data processing system must take over the processing of the failed data processing system in order to continue to control various kinds of plant system. To take over the processing successfully, the conventional system has a predetermined sequencer. And, the operation mode sequencer sends message processing sequence information to the data processing system of each control unit as well as to the predetermined standby mode sequencer. This requires the operation mode sequencer to continually send message processing sequence information to the standby mode sequencer.
However, neith
Kaibe Hiroshi
Okataku Yasukuni
Tamura Shinsuke
Caldwell Andrew
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
Kabushiki Kaisha Toshiba
Maung Zarni
LandOfFree
System and method that prevent messages transferred among... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method that prevent messages transferred among..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method that prevent messages transferred among... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2489519