In fail-safe systems in particular there must be a high probability of all kinds of error being detected and thereby dealt with so that they do not trigger any impermissible reaction. This especially also relates to sensors and to electronic circuits which accept the signals of the sensors as their input signal. Such an electronic circuit is for example a digital input chip. An obstacle to the use of standard input/output chips for safety systems is frequently a common input/output driver chip. Specific internal short circuits in this driver chip in particular cannot be covered by conventional tests. The relevant input would also have to be tested from outside in such cases. For applications in safety systems however all short circuits and interruptions have to be covered, especially internal short circuits within modules as well. In process and manufacturing technology there are modules for a diversity of applications, which also feature outputs in addition to inputs. Such modules are for example the operating panels usually used. The inputs and outputs are frequently embodied as digital inputs or digital outputs. Keyswitches can be connected for example via digital inputs and signal lamps can be connected via digital outputs. Typically a relatively large number of such inputs and outputs are present, of which often only some are used. The use of at least a part of the inputs/outputs of standard circuits for fail-safe tasks usually fails due to the fact that the safety requirements cannot be fulfilled with the standard hardware.
The object of the invention is to increase the probability of error detection for an electronic circuit with at least one input and at least one output.
This object is achieved by an electronic circuit with at least one input and at least one output, with the input featuring an input filter for delaying the change to an input signal, with the delay being characterized by a time constant, with a control component being provided for supplying an output signal and for evaluation of the input signal, with the control component being provided for supply of a test signal for output via an output and for a first evaluation of the input signal directly after the output of the test signal and for a second evaluation of the input signal after a timer has expired after output of the test signal which corresponds to the at least one time constant.
This object is achieved by a system, especially an industrial automation system, with such a circuit, with the system featuring at least one fail-safe component, which is connected to at least one input and at least one output of the circuit such that the relevant input is connected electrically conductively to the relevant output in the safe state.
This object is achieved by a method for testing an electronic circuit, with the electronic circuit featuring at least one input and at least one output, by which method a modification of the input signal is delayed by an input filter of the input, where the delay is characterized by a time constant, with the input signal being supplied and evaluated by a control component, with a test signal supplied by the control component being output via the output and the input signal being evaluated for the first time immediately after the input of a test signal and for the second time after expiry of a timer after output of the test signal which at least corresponds to the time constant.
An embodiment of the invention skillfully employs the fact that inputs of an electronic circuit are usually provided with input filters for delaying a change in the input signal, especially for noise filtering. The electronic circuit can be tested for internal short circuits, cross-connection short circuits and interruptions by the value at the input being first tested immediately after the output of an output signal and subsequently again after the filter constant has expired. As a result of the delay function of the input filter, the value of the input signal in the error-free case may not change the first time that it is read, i.e. when immediately read or evaluated. The value of the input signal may not change until the filter time constant of the input filter has expired. If it changes before this point this indicates the presence of a hardware error, especially a short circuit or a cross connection within the electronic circuit.
In accordance with an advantageous embodiment of the invention the control component for first evaluation of the input signal is provided within a period after the output of the test signal which corresponds to a maximum of 10 percent of the time constant. This ensures that the input signal is actually first evaluated immediately after output of the test signal and that no further change of the input signal after the input filter can be caused by a change in the input signal before the input filter. Both the first and also the second evaluation of the input signal are basically undertaken after the input filter, i.e. after the input signal has passed through the input filter. The input signal is thus not recorded and evaluated by the control component until after the input filter, either directly after it or further intermediate components, e.g. a driver chip.
Further indicators of errors in the electronic circuit can be determined, if, in accordance with an advantageous embodiment of the invention the control component is provided for comparing the first and the second evaluation with the test signal in each case.
Advantageously a fail-safe reaction is initiated by the control component, provided the first evaluation produces an input signal equal to the test signal. Since at the time of the first evaluation the input signal must not be equal to the test signal, a match indicates an error within the electronic circuit, which is handled by the fail-safe reaction. A fail-safe reaction brings the electronic circuit and a system connected to the circuit into a safe state, frequently achieved by immediate disconnection of all or at least one part of the actuators in the system.
In accordance with a further advantageous embodiment of the invention at least one driver chip is provided for converting the input and output signals, with the driver chip being arranged between the control component and the input or the output. The driver chip in particular allows a voltage or current conversion and/or an amplification of the input and output signals.
An especially simple evaluation of the input signals is produced, if, in accordance with a further advantageous embodiment, the at least one input is a digital input and the at least one output a digital output. In this case the test signal is executed as a signal change from zero to one or vice versa.
To meet increased safety requirements, especially for achieving a safety class greater than SIL 2 (SIL=Safety Integrity Level, in accordance with IEC 61508), in accordance with a further advantageous embodiment of the invention, it is proposed that at least two inputs and two outputs be provided. The safety is thus increased by the redundant detection of the sensor signals present at the relevant inputs/outputs.
In accordance with a further advantageous embodiment of the invention the control component features fail-safe firmware components. These fail-safe firmware components are especially suitable for executing the provision of the output signal and for evaluation of the input signal. This allows standard electronic circuits which do not have any fail-safe hardware attributes to be made fit for handling fail-safe tasks by expansion of the firmware of the control component.
In accordance with a further advantageous embodiment of the invention the circuit is particularly suitable for use within fail-safe systems because at least one fail-safe component is able to be connected to at least one input and at least one output such that the relevant input is connected to the relevant output so that it is electrically conductive in the safe state. The safe state is for example the state in which a fail-safe component, e.g. an emergency cutout button, is not activated, meaning that the conductive connection is established.
The invention is described and explained in greater detail below with reference to the exemplary embodiment shown in the figures.