The present invention relates to industrial controllers used for real-time control of industrial processes, and in particular to “high reliability” or “safety” industrial controllers appropriate for use in devices intended to protect human life and health.
Industrial controllers are special-purpose computers used in controlling industrial processes. Under the direction of a stored, controlled program, an industrial controller examines a series of inputs reflecting the status of the controlled process and changes a series of outputs controlling the industrial process. The inputs and outputs may be binary, that is, on or off, or analog, providing a value within a substantially continuous range. The inputs may be obtained from sensors attached to the controlled process, and the outputs may be signals to actuators on the controlled process.
“Safety systems” are systems intended to ensure the safety of humans working in the environment of an industrial process. Such systems may include the electronics associated with emergency-stop buttons, light curtains, and other machine lockouts. Traditionally, safety systems have been implemented by a set of redundant circuits separate from the industrial control system used to control the industrial process with which the safety system is associated. Such safety systems have been “hardwired” from switches and relays including specialized “safety relays” which provide comparison of redundant signals and internal checking of fault conditions such as welded or stuck contacts.
Hard-wired safety systems using duplicate wiring have proven cumbersome in practice because of the difficulty of installing and connecting hardwired components and duplicate sets of wiring, particularly in complex control applications, and in part because of the difficulty of troubleshooting and maintaining a hard-wired system whose logic can be changed only by re-wiring.
For this reason, there has been considerable interest in developing industrial controllers that may implement safety systems using programs simulating the operation of the physical components in hard-wired safety systems. Industrial controllers are not only easier to program but may provide reduced installation costs by eliminating long runs of redundant wiring in favor of a high speed serial communication network and by providing improved troubleshooting capabilities. U.S. patent applications 60/373,592 filed Apr. 18, 2002; Ser. No. 10/034,387 filed Dec. 27, 2001; Ser. No. 09/667,145 filed Sep. 21 2000; Ser. No. 09/666,438 filed Sep. 21, 2000; and Ser. No. 09/663,824 filed Sep. 18, 2000, assigned to the assignee of the present invention, describe the implementation of safety systems using industrial controller architectures, and are hereby incorporated by reference.
High reliability can be obtained in an industrial controller system by employing two industrial controllers which simultaneously execute the same control program and compare their operations to detect faults. Configuring a dual controller system requires work by the operator who must now ensure not only that a first control program is correctly installed and running in a primary controller but that an identical control program has been loaded into a partner controller and that the two controllers are communicating to operate in synchrony. Editing of the program in the primary controller is complicated by the need to ensure that the identical editing is performed on the program in the partner controller. The work required to configure and maintain the dual controller system is normally in addition to work required to configure and maintain a separate standard controller devoted to standard control tasks separate from the tasks of the safety system. Personnel working on both systems must learn two sets of procedures and protocols.
These complexities and costs can deter the use of industrial control systems for safety applications.