1. Field of the Invention
The invention relates firstly to a standard field device for connection to a field bus system, which is controlled by a microprocessor. Field devices of the stated type are, for example, measured-value sensors (also referred to as sensors) or actuators. Secondly, the invention relates to a field bus system, to which at least one freely programmable safety controller and at least one standard field device, which is controlled by a microprocessor, are connected.
2. Description of the Related Art
Process technology and manufacturing can no longer be imagined without the use of the field bus technique for decentralization. Wherever people and machines need to be protected in the process and manufacturing industry, special safety devices are installed, such as sensors or actuators, in particular pressure and temperature measurement devices, emergency stop switches, step mats, light barriers and the like.
Until now, it has been possible to connect such field devices to the automation chain only by separately wired or additional special buses. Otherwise, there were too many possibilities for faults. During transfer via a so-called standard field bus, it is was thus possible, for example for messages to be lost, to occur more than once, to be additionally inserted, to appear in the incorrect sequence, to be delayed or even to be corrupted. Furthermore, there is always a risk of incorrect addressing, as a result of which, for example, standard messages could appear to be safety-relevant. Just one of these faults is sufficient to cause the entire safety mechanism to fail, and the relevant regulations do not, of course, tolerate this.
Devices of the type mentioned above are, for example, connected via a so-called Profibus (bus system from the Siemens AG Company) to a freely programmable controller, such as a failsafe PLC. Nowadays, Profibus is the most widely used field bus system, and is a component of European Standard EN 50170, and thus guarantees openness and investment protection for the user. Profibus is suitable for rapid communication to decentralized peripherals for automation of manufacture and for the communication task in process automation. It is the first field bus system which covers the requirements of both areas using identical communications services.
It should now be stated that, for safety applications, every primary fault (and this also applies to every safety circuit) must be covered within the safety time or process fault tolerance time. A second fault must be determined by regular inspection.
In the prior art, this technical problem was solved by point-to-point connections between the redundant standard field devices and the safety PLC (that is to say the freely programmable controller). With regard to a star-shaped system such as this, there were no common mode faults in the communication between the field devices and the central control unit (in this context, it should be noted that the expression common-mode fault means a failure of components resulting from a common cause). The signals from the sensors and/or from the actuators are compared in the safety PLC.
When using a field bus between the field devices and the safety PLC, it was necessary to use sensors or actuators that had been certified as being safe and which are connected to the failsafe PLC via safe communication, in order to ensure safe communication between the field devices and the controller. If redundant standard sensors and/or standard actuators were to be used in a standard communication system, then certain faults in the communications system (for example frozen signal values, that is to say primary faults) would not be covered and could lead to a dangerous state without being noticed.