In industrial systems or processes the costs of plant downtime are usually quite high. Accordingly, inacceptable downtime costs advocate for increased reliability and high availability of the corresponding Industrial Automation Control Systems. The latter usually rely on redundancy, with critical parts of a control system or critical control applications being replicated, and fault-tolerance of the control system resulting from a combination of redundancy and error detection mechanisms, such as supervision, watchdog, or heartbeat.
Existing redundancy patterns, such as Standby Redundancy or Triple-Modular Redundancy (TMR) are capable of providing fault tolerance to an automation control system. However these fault tolerance mechanisms lose or degrade fault-tolerance once a failure has occurred. The TMR pattern, for instance, tolerates a single fault. As with most other patterns, the original fault tolerance is not restored until the faulty entity is replaced. In the interim, upon occurrence of a second fault, TMR typically initiates a safety shutdown. Redundancy can also be deployed with more replicas to tolerate multiple faults. This comes at a higher cost and increased complexity, and is therefore rarely done.
In the patent application EP 12182884.2 control applications in or of an Industrial Automation and Control System IACS for controlling an industrial primary system or process, are configured and deployed in an optimal way. The IACS includes a plurality of execution hosts such as CPU-cores of single- or multi-core CPUs, and the control application is composed of a plurality of components or sub-applications. These components may be interrelated and executed at least partially in parallel. Eventually, the components may be assigned individually for execution to an execution host in a preset execution order depending on specific constraints, such as relative component execution timing. The resulting component-based software architecture provides a framework for cyclic real-time systems relying on static scheduling, allowing for loading components and modifying schedules at runtime.