1. Field of the Invention
The present invention relates to a controller for taking in an input such as a status of an apparatus, executing predetermined arithmetic and logical operations, and outputting a control signal of the apparatus; and further in particular, to a fail-safe controller for executing the arithmetic and logical operations by a plurality of processors, determining correctness of an arithmetic and logical operations result by comparing arithmetic and logical operations results, and control an output to a safe side in a case that the arithmetic and logical operations result is not correct.
2. Description of the Related Art
As a conventional fail-safe controller, for example, there is one described in Japanese Patent Laid-Open Publication Hei 9-288150. This conventional example executes a same processing by a plurality of processors, compares an output of each processor, and thereby verifies correctness of the processors. When in the output of each processor a disagreement occurs, it becomes possible to maintain safety by determining that a malfunction occurs and stopping an apparatus at a safe side.
However, in accordance with the conventional example, when an anomaly occurs in input data from an outside due to an extraneous noise and the like, a disagreement occurs in input data of each processor. As a result, because it becomes necessary to stop an apparatus at a safe side, there is a problem that an availability of the apparatus lowers.
A method for handling the problem is described in Japanese Patent Laid-Open Publication Hei 10-214918. In this example, when in the output of each processor a disagreement occurs, a method is disclosed for avoiding an influence of an extraneous noise and the like and improving the availability by retrying a processing with returning to a status of start timing of a control period.
However, because in the conventional example an extra processing such as a backup and a restoration becomes necessary due to retrying the processing with returning to the status of the start timing of the control period, there is a problem that software becomes complex. In addition, in order to maintain a time for retrying the processing, it is necessary to suppress a processing time not more than a half of a control period of a critical processing and thereby there is a possibility that a rate of operation of a processor lowers.
Consequently, it is strongly requested a controller that can avoid an influence of an extraneous noise and the like and improve the availability of an apparatus without causing a complexity of software and a lowering of the rate of operation of a processor.