Programmable controllers are a common type of industrial computer for operating a wide variety of manufacturing equipment, such as assembly lines and machine tools, in accordance with a stored program. The program comprises a series of process control instructions which are read out and executed to examine the state of selected sensing devices on the controlled equipment, and to energize or deenergize selected operating devices contingent upon the state of one or more of the examined sensing devices.
The state of many sensing and operating devices can be represented by a single bit of data which is manipulated by the control program instructions. Other devices, such as position sensors, provide multiple bits of data representing a condition of the equipment being controlled. For these latter devices, instructions are provided to manipulate bytes and words of data representing the state of the sensing and operating devices. Additional program instructions perform arithmetic operations, timing and counting functions, and complex statistical reporting operations. Such instructions have become quite standardized in the industry and are directly associated with the elements of a ladder logic diagram which is easily understood by process control engineers. Program panels such as those described in U.S. Pat. Nos. 3,798,612; 3,813,649 and 4,070,702 have been developed to assist the user in developing and editing ladder logic control programs comprised of such programmable controller instructions.
There are many applications of programmable controllers in which "down time" resulting from malfunction of the controller must be minimized. For example, the cost of shutting down an automobile assembly line is enormous and extraordinary measures are taken to insure that quality components are employed in the control systems. In other manufacturing systems, such as chemical processing, failure of the control system can result in the loss of life or a large quantity of the product being produced. Despite these efforts it is statistically certain that malfunctions or failures will occur in the electrical and mechanical components.
An inherent characteristic of programmable controllers is the concentration of decision making functions of the system in certain subsystems and components. For example, a malfunction of the memory which stores the control program or a malfunction of the processor that reads and executes the control program is catastrophic in the sense that the entire system being controlled is affected. Malfunction detection techniques are employed to sense and quickly diagnose such problems and components are mounted on circuit boards for easy replacement. However even when a malfunction is quickly discovered, diagnosed and fixed, the resetting and power-up of the manufacturing system consumes considerable time.
The use of redundant components or modules is a common practice in a number of fields. In the aerospace field, for example, there is multiple redundancy of the entire flight control system and in the data processing field it is common to provide redundant processors or input/output controllers. In the industrial control field redundancy of the entire system is economically impractical. As a result one approach, described in U.S. Pat. No. 4,521,871, doubles selected hardware components which perform the program storage and execution functions. One set of the components is designated as the primary unit and the other as the backup unit which takes control of the system only when the primary unit fails. In order for a transition from one set of components to the other to occur smoothly, both sets must have the same information regarding the status of the manufacturing process and equipment. In addition, it has been found desirable that each set of components have knowledge of the status of the other set.