The present invention relates to an automation system, and a method for operating an automation system. In particular, the invention relates to such a system and/or method in which a data transmission between the individual components of the automation system is made possible in each case by means of a telegram. The data transmission takes place between, for example, a central automation unit and a sensor and/or actuator for controlling and/or monitoring a technical process. The individual components of the automation system, e.g., the central automation unit and the sensor and/or actuator, are connected to one another communicatively via a bus.
Such a telegram usually has at least one destination identifier in order to identify the receiver of the telegram unambiguously, and usually also an origin identifier in order to identify the transmitter unambiguously. If telegrams are repeatedly exchanged cyclically between the transmitter and receiver at predefined or predefineable times, at least the destination identifier and the origin identifier remain constant. This is therefore a redundant section of the telegram, which has the effect of restricting the quantity of data that can be transmitted via the bus during a given time period.
One object of the present invention is consequently to provide an automation system and a method for operating an automation system in which the quantity of data that can be transmitted via the bus during a given time period is increased.
These and other objects are achieved with an automation system and a method for operating an automation system in accordance with the invention. According to one formulation of the invention, the automation system includes an automation unit, at least one transmitter and at least one receiver, which are connected to one another communicatively via a bus in such a way that a data transmission is performed in each case by means of a telegram. The transmitter is particular an input unit for connecting one or more external sensor systems and the receiver is in particular an output unit for connecting one or more external actuator systems. The telegram is output at predefined or predefineable times, preferably cyclically, and has a variable part and a constant part. According to the invention, the constant part is not transmitted along with the variable part if the constant part is known to the receiver.
If the constant part is known both to the transmitter and to the receiver, it is not necessary to transmit the constant part during a communications operation. The constant part can be specified to the transmitter or the receiver in any of several different ways. For instance, it is possible to specify the data of the constant part by means of a hardware setting, for example by using so-called coding switches to specify the constant part at the respective communications subscriber. On the other hand, there is of course also the possibility of specifying the data to the respective communications subscribers by means of software, i.e. by means of appropriate programming. This programming can be carried out by means of a programming device that is connected either directly to the communications subscriber or to the automation system as a whole.
Moreover, the constant part is known both to the transmitter and to the receiver at least in those circumstances when at least one communications operation with transmission both of the constant part and of the variable part has already taken place. Thus, it is possible to ensure, with a communications operation that has included both the constant part and the variable part, at least once that the constant part is known both to the transmitter and to the receiver.
Because the constant part is known both to the transmitter and to the receiver once the at least one communications operation transmitting both the constant part and of the variable part has taken place, it is no longer necessary to transmit the constant part during further communications operations in this case either.
In communications operations in which the transmission of the constant part is dispensed with, the length of the telegram is therefore shortened by the length of the constant part. The resulting smaller quantity of data during a communications operation relieves the bus and makes it possible to transmit a larger quantity of data via the bus during a given time period.
If a check signature is formed both by means of the constant part and by means of at least the user data in the variable part of the telegram, and the check signature is in fact transmitted in the variable part of the telegram during a data transmission, faulty alterations in either the variable part and/or in the non-transmitted constant part can be recognized and, if appropriate, suitably processed.
If at least one predefined or predefineable data item of the variable part is incremented or decremented, then the cyclically output telegrams can be distinguished unambiguously. Accordingly, the receiver can unambiguously detect the respective most recent telegram by comparing the predefined or predefineable data item of different telegrams. Additionally, when telegrams continue to be received with a respectively incremented or decremented data item, conclusions can be drawn regarding the intactness of the data transmission. The incrementing or decrementing can take place in a variety of ways, e.g. (a) by incrementing or decrementing either before, during or after each transmission operation or (b) as a function of time, i.e. in each case after a predefineable time period has elapsed, or (c) as a function of a data transmission which has taken place, in particular as a function of a data transmission which has taken place free of errors.
However, this predefined or predefineable data item, which is also referred to below as a so-called xe2x80x9csign of lifexe2x80x9d, does not necessarily have to constitute a continuous sequence of natural numbers, because source processing and destination processing do not necessarily have to be synchronous. The receiver can therefore tolerate xe2x80x9cgapsxe2x80x9d to a limited degree. Moreover, it is possible to specify the size of the gaps so that an appropriate alarm reaction can be triggered if there is a gap that is greater than the maximum gap that is tolerable for the respective process.
In one advantageous refinement of the present invention, the life sign is not taken into account in the formation of the check signature. Advantageously, it thereby becomes possible to perform a rapid and reliable evaluation of the telegram (e.g. for alarm recognition) by simply comparing the received telegram with the previous telegram, including the check signature.
In the normal case, in which there is no alarm situation, the telegram is repeatedly identical with the previous telegram. An alarm is indicated only if there is a difference. The safety requirement is satisfied by the respective comparison of user data on the one hand and the check signature on the other. If the sign of life were also to be taken into account in the formation of the check signature, the check signatures of successive telegrams in connection with identical user data would differ only in terms of the sign of life which changes from telegram to telegram.
This gives rise to a variety of different strategies for evaluating the check signature. According to one alternative, only the check signatures of two successive telegrams are compared. In this case, when there are different check signatures, the evaluation indicates that the user data of the two successive telegrams differ. Given the presence of different check signatures, the user data would then be compared, and it would be determined in which particular user data a change has taken place. However, such a check strategy is sufficient only when there are comparatively low technical safety requirements.
In the event of relatively high technical safety requirements, when there are successive telegrams, a comparison is made in each instance both between the check signature of the present telegram and the check signature of the preceding telegram and between the complete user data set and the corresponding user data set of the preceding telegram. If the user data set changes, this is apparent both from the changed check signature and from the changed user data set.
In the case of a data transmission from the transmitter to the receiver, the transmitter forms a check signature regarding the user data before the new telegram is sent. This check signature is appended to the telegram and transmitted with it. At the receiver end, the receiver compares the check signature of the most recently received telegram with the check signature of the previously received telegram. The check signature of the most recently received telegram is identical to the check signature of the previously received telegram if the transmission has taken place free of errors and if there have been no changes to the user data since the last transmission. For this reason, the sign of life, which, as previously noted, changes from transmission to transmission, is therefore advantageously not included in the formation of the check signature.
When a new telegram is received, the receiver then compares the check signature of the most recently telegram with the check signature of the previously received telegram and compares the user data as a whole with the user data of the previously received telegram. In the event of differences, either in the check signature or the user data, the check signature is newly calculated and the comparison with the check signature of the previously received telegram is repeated. The same applies if there is a change in the user data but no change in the check signature. Only if both check signature and user data have changed in comparison with the preceding transmission does this qualify as a new status for the process, e.g., an alarm situation, to which the receiver must react appropriately.
If, on the other hand, there is a change either in the check signature or in the user data only, the check signature has to be newly calculated by the receiver and the comparison with the check signature of the preceding telegram has to be repeated. Depending on the result obtained, the receiver can, for example, request a new telegram if appropriate.
If at least one of the input units and/or at least one of the output units is designed respectively as a safety-related input unit or a safety-related output unit, the method described above for operating an automation system, or the automation system creates a safety-related component of the automation system, which comprises at least the safety-related input unit, the safety-related output unit and the data transmission which takes place between these components. The automation system is preferably designed in accordance with said method and is adapted to carry out the operations of such an automation system.