The present invention relates to the use of controllers, such as programmable logic controllers on Ethernet networks with provisions for safety systems.
In a factory automation system, such as those in a nuclear power plant, manufacturing or petrochemical plant, the assurance of delivery of a message is critical to safe operation. As Ethernet protocols, which were originally developed for office automation markets, are moved into critical factory applications, new techniques need to be developed to assure the safety of the communication and control systems. Since network communications can never be fully guaranteed, provisions must be implemented to detect network errors and notify the corresponding programmable logical controller working in a factory environment so that it may take appropriate action when a failure occurs.
It is an object of the invention to provide a controller with provisions for a safety system.
In accordance with this object, a system and method are disclosed whereby the system determines whether an Ethernet communication error has occurred, and if an error has occurred notifies the controller that an error has occurred, stops normal controller operation; and executes fail-safe software code to take appropriate action.
In a second aspect of the present invention, a system and method are disclosed whereby a first and second controller in response to a detected Ethernet network error determines whether a communication error has occurred, notifies the first controller that an error has occurred, sends a network message to the second controller to start the second controller, and operates the second programmable controller on the network in place of the first controller.