1. Field of the Invention
The invention relates, on the one hand, to a method for checking an installation location of a component in a failsafe automation system, wherein a plurality of components are connected to one another in series and uniquely defined addresses are continuously assigned from a first component to the successor components.
Furthermore, the invention relates to an automation component configured for operation in a safety-oriented automation system, further configured for checking an installation location in a failsafe automation system, configured to connect to further components in series.
The specified components can be considered to be automation components and can be used, for example, in safety-oriented systems for industrial process automation. In this context, a first component can be configured as an F central unit which communicates via a communication bus with further components which are configured as F I/O devices. For example a Profinet I/O system or a back plane bus of an automation device is considered as the communication bus. “F” means failsafe here. In this grouping of components or automation devices, all the faults in an address allocation, addressing with a very high degree of coverage, must be detected, and a safety-oriented reaction must be carried out when a fault is present. A uniquely defined address is to be understood here, for example, as an F address or else a geographic address or a 1:1 relationship with the geographic address. Examples of a geographic address are: plug-in location of an F module in the rack or the installation location of an F device in an automation system.
2. Description of the Related Art
The exchange of F modules or F devices is considered to be particularly critical. Before or during the exchange, a fault in a standard address allocation may be present. This must be detected since otherwise during the further operation of the safety-oriented system an F controller would react to incorrect inputs or outputs. For example, in a process automation system an “incorrect” drive or an “incorrect” press would operate and could therefore injure an operator who is present at the location because he is carrying out small repairs or maintenance work in this part of the system.
Possible addressing errors which can occur are as follows:
The address/addresses of the module/modules or components are shifted in such a way that they correspond again to the address of the next F module, which also happens to have the same assembly properties. Alternatively, a further fault scenario, an addressing mechanism, is operating incorrectly with the result that the F module signals with the address of another F module.
German patent DE 10 2006 013 578 B4 has already presented a method and a control and data transmission system for checking the installation location of a secure communication participant. In the method in said document, the positions/addresses of the bus users of a field bus result from the fact that the positions of the bus users are known from the sequence in which the bus users have been stored in configuration data records. A disadvantage of this method is, however, that when an F assembly is replaced, an operator control action, specifically a confirmation by an operator, has to occur at the installation location for each replaced assembly. An operator is therefore required to confirm that the respective secure participant is connected at the predetermined installation location.