This invention relates to a unit for a programmable controller (PLC) and to a method of automatically restoring a memory.
Programmable controllers are used as a control device in factory automation (FA). Programmable controllers are formed with a plurality of units, or as a suitable combination of various types of units such as a power source unit serving as a supply source of electric power, a CPU unit for controlling the PLC as a whole, an input unit for inputting signals from switches and sensors that are suitably positioned on the production and equipment devices for FA, an output unit for outputting control signals to actuators or the like and a communication unit for connecting to a communication network.
The PLC (or its CPU unit) carries out repeatingly the operations of receiving signals inputted through the input unit into the I/O memory of the CPU unit (“IN refresh”), carrying out logical calculations on the basis of a preliminarily registered user program (“calculation”), transmitting the results of such calculations to the output unit by writing them in the I/O memory (“OUT refresh”) and thereafter the so-called peripheral processes. The PLC controls an object to be controlled by repeating such operations.
User programs and set data (“user data”) are saved on a RAM and data are read from and written in it sequentially when the calculation process is carried on.
At a factory where the PLC is installed, many kinds of apparatus such as servo motors, inverters and high-voltage power devices are connected to the PLC or disposed near the PLC. Thus, data stored on a memory in the PLC are susceptible to destruction due to radiation noise, instantaneous power failure or magnetic and electric fields. Destruction of data on the memory in the PLC may also take place due to cosmic rays. Destruction of data of the former type takes place normally in units of several bits, while that of the latter type often takes place in units of single bits.
It now goes without saying that a PLC cannot function normally if its control is based on destroyed user data. Thus, a PLC is adapted to keep checking during its operations whether the destruction of data has not occurred. For example, a PLC is adapted to calculate a sum value of the data on its RAM and compare the calculated sum value with a preliminarily stored sum value to thereby check the presence or absence of an abnormal condition.
Explained more in detail, whenever user data are newly downloaded or modified, the values of the user data are added from its beginning to the end and the value thus obtained is saved as the sum value in another area. During an actual operation, the sum value of the user data on the RAM is calculated by portions and whenever the final sum value is obtained, this value is compared with the value previously stored. If they do not match, it is concluded that the data on the RAM have been destroyed (or a memory abnormality has occurred) for whatever reason and the system operation is stopped in order to prevent a runaway situation and an incorrect output.
The user program is formed with instruction object codes that can be understood by a dedicated IC (ASIC) capable of carrying out user programs at a high speed as well as by a multi-purpose MPU.
It is normally an ASIC that interprets the instruction object code and determines whether the command is to be carried out by the ASIC itself or by the MPU. If the ASIC detects a code that cannot be carried out either by the ASIC itself or by the MPU, this abnormal condition is communicated to the MPU. As this communication is received, the MPU concludes that the RAM storing the object code is destroyed and may proceed to stop the PLC.
After the system is thus stopped, a work to restore the memory is carried out. In order to carry out this restoration work, however, a tool such as a personal computer for transmitting and outputting user programs must be connected to the PLC but since the PLC is usually set at a deep end of a control box, it is not easy to make such a connection.
Moreover, when the sum values are compared, there is the possibility of the sum values matching accidentally although data have been destroyed, and even after an object code becomes modified due to the destruction of data, the situation may be interpreted as being normal if the codes and the ASIC after the modification are still capable of being carried out by the MPU. In other words, it is a difficult job to reliably detect a destruction of data.
In view of this problem, Japanese Patent Publication Tokkai 11-143784 (at paragraphs 0022, 0023 and 0034 and FIGS. 1-3), for example, has disclosed a display device for a programmable controller. According to the disclosure therein, backup data with the same contents as the user data stored in the memory of the PLC are stored in the display device. When power is switched on and at specified time intervals thereafter, the presence or absence of destruction of data stored in the memory of the PLC is checked and if a destruction is found to be present, a restoration work on the memory of the PLC is carried out on the basis of the backup data stored in the display device. It also has the function of logging data on disagreement and displaying their contents. The examination for presence or absence of destruction is carried out by sequentially retrieving the backup data stored in the memory inside the display device for PLC backup and the PLC data in the memory of the PLC, comparing them by using a work memory within the display device and concluding that there was a destruction of data if there is a disagreement between the PLC backup data and the PLC data. The destroyed data portion is downloaded to the PLC to carry out a restoration work.
There is a problem with this method, however, because the display device is at a relatively distance position away from the PLC and is connected through a network. Accordingly, the memory of the PLC is read out through the network and hence the readout operation cannot be carried out sufficiently frequently. Thus, aforementioned Japanese Patent Publication Tokkai 11-143784 teaches that this be carried out only periodically at specified time intervals after power is switched on, without clearly stating what these specified time intervals might be. From the description of the specification as a whole, it may be imagined that they are fairly long time intervals. If so, they may be longer than the intervals at which prior art checking methods by way of sum values may be carried out and it is difficult to detect a destruction of data immediately.
With a method of detecting an abnormal occurrence by a display device and downloading correct data to the PLC on the basis thereof, however, a delay is involved in the communication of the abnormality to the PLC and it is usually necessary to stop the PLC temporarily for the restoration work by downloading data from the display device. This makes it difficult to carry out a real-time restoration of the memory.
Even with a checking method by means of sum values, furthermore, the user program as a whole cannot be checked for each cycle of the cyclically operating PLC. Thus, calculations are carried out sequentially in parts and a sum value is obtained by summing up the results of such partial calculations. In other words, there is a relatively large time lag from the moment when a destruction of data takes place until it is actually detected.