Process control is an application which requires higly reliable operation of the control system.
One method of increasing the reliability of a computer system is to introduce redundant components. Of special interest is the introduction of redundant components in the most vital part of the computer, the central unit. For this purpose and for switching in the components in a bumpless manner, i.e. without influencing the process control procedure, methods are required for establishing rollback points at short time intervals with a known central unit state, from which points the central unit can resume the program execution, and for handling interrupts and peripheral unit references.
One known method is to double the central unit and to update the computer base in the redundant central unit at checkpoints. These are selected such that the redundant unit is able to take over the function of the active unit by starting the execution of the program at the last checkpoint. In order to obtain a bumpless changeover, the checkpoints have to be selected such that the information therein is consistent. In computer systems with cyclically executing programs without interrupt handling, it is possible to enter a checkpoint after each program cycle and handle peripheral unit references such that each input or output is referred to once per program cycle at the most. This solves the problem in the limited case where the program for process monitoring and control is built up of sequentially executing modules, which execute at the same priority level. The method is described in U.S. Pat. No. 4,351,023.
The background of the invention is the development of increasingly more complex computer systems for monitoring and control of industrial processes in real time. These are characterized in that they are capable of handling interruptions from the process and in that the user programs are built up of two or more cooperating program modules which, independently of each other, execute in parallel but asynchronously at different priority levels. The program structures are defined by the user on the basis of requirements of each individual installation and vary from one plant to another. The difficulty in establishing rollback points in these computer systems resides partly in defining checkpoints in the program in which all dynamic data variables are consistent with each other, partly in handling the interrupts which, of course, result in the program execution taking place along non-predetermined paths, and partly in handling the peripheral unit references such that the state of the peripheral units is not affected by a reexecution of the program from the last rollback point, which would, of course, cause disturbance of the controlled process.
The present invention aims to provide a general solution to the problems associated with the introduction of redundant processors and memories in the central unit by suggesting methods that may be applied to all computer systems independently of the structure of the application program.