The field of the invention is programmable controllers such as those described in U.S. Pat. Nos. 3,810,118; 3,942,158; and 4,165,534.
Programmable controllers are typically connected to industrial equipment such as assembly lines and machine tools to sequentially operate the equipment in accordance with a stored program. In programmable controllers such as those disclosed in the above cited patents, for example, the control program is stored in a memory and includes instructions which are read out in rapid sequence to examine the condition of selected sensing devices on the controlled equipment and instructions which energize or deenergize selected operating devices on the controlled equipment contingent upon the status of one or more of the examined sensing devices.
There are many applications for programmable controllers in which the "down time" resulting from malfunctions in the controller must be kept to an absolute minimum. For example, the cost of shutting down an automtive assembly line is enormous, and extraordinary measures are taken to insure that quality components are employed in their control systems. Despite such efforts, it is statistically certain that malfunctions, or failures, will occur in electrical and mechanical components. In control systems which employ relays and discrete logic circuits, individual components which malfunction can be easily and quickly replaced. Often such replacement can be accomplished without shutting down the entire system, since the discrete component performs a very specific function that affects a very limited portion of the system.
It is an inherent characteristic of programmable controllers that the decision making functions of the system are concentrated in certain subsystems and components. For example, a malfunction in the memory which stores the control program, or a malfunction in the processor which reads and executes the control program, is catastrophic in the sense that the entire system being controlled is affected. Malfunction detection techniques are employed to sense and quickly diagnose such problems, and the components are mounted on circuit boards which can be quickly replaced. However, even if the malfunction is quickly discovered, diagnosed and fixed, the resetting and power-up of the system requires considerable effort and time.
The use of redundant components, or modules, is common practice in a number of fields. In the aerospace field, for example, there is multiple redundancy of the entire flight control system and in the data processing field it is common to provide redundant processors or input/output controllers. In the industrial control field redundancy of the entire system is economically impractical. On the other hand, the mere doubling of selected hardware modules is inadequate since the integrity of the data structures stored in memory is often destroyed by a hardware malfunction, and the correction or reconstruction of such data structures requires considerable time.