A supervisory control system is such a system that provides an operator/observer with information given from units to be monitored such as sensors of various types including a temperature sensor, a pressure sensor, and a position sensor. The supervisory control system also controls units of various types including a motor, a valve, a switch, and an oil hydraulic unit in response to an operation by the operator/observer. The supervisory control system is used in a wide range of fields including power-generating plants, chemical plants, power receiving and distributing facilities, and water supply and sewerage systems.
A typical supervisory control system includes a plurality of modules responsible for respective processes such as transmission and receipt of signals to and from a unit targeted for supervisory control. These modules are coupled through a communication path to perform various processes (various modes).
In many cases, the substance of a process performed in each module of a supervisory control system is represented by an oriented graph such as a circuit diagram in which directions of input and output of signals are indicated by arrows. More specifically, the substance of a process performed in each module is expressed by a combination of nodes representing signal processes (hereinafter also called as “arithmetic elements”), and a link connecting the nodes and showing a flow of the signals (hereinafter also called a “signal line”). The substance of a process in a module was formerly realized fixedly in a hardware circuit. In recent years, in consideration of flexibility and cost performance, it has been implemented as a program relating to a digital calculator in many cases, so that the digital calculator can simulate the operation of the process before the process is performed.
Standards for a programming language that expresses the substance of a process with arithmetic elements and a signal line include the international standard IEC 61131-3, for example. The arithmetic elements are described in an FBD (function block diagram) conforming to the international standard IEC 61131-3, and the substance of the process expressed by a combination of the arithmetic elements and the signal line is described in a diagram called a logic diagram.
A trend of recent times toward a larger scale of a program has made debugging (finding and removing errors) a difficult task. This phenomenon also applies to generation of a logic diagram (control logic diagram) representing a control logic of supervisory control in a supervisory control system. More specifically, the logic diagram describes various processes (behaviors) corresponding to various modes, so that the control logic may tend to be complicated. The complicated control logic is described separately in a plurality of logic diagrams. Additionally, as a result of a large number of units to be controlled, a huge number of logic diagrams to control these units should be prepared.
Conventionally, if NG (no good) is detected in a test of a control logic, a designer searches for a logic diagram manually to be invested, then tracks the control logic based on a signal output determined to be an error, and specifies an error point as a cause for the NG on the test. If NG is detected in a complicated control logic described over a plurality of diagrams, specifying an error point has taken a long time accordingly.
Patent literature 1 describes a technique of estimating an error point as a conventional example. In this technique, a fault is assumed first inside a circuit by using a fault simulator, and then a functional or logic simulation is performed. A result of the simulation and an expected value are compared, a fault dictionary is generated in which the assumed point of the fault and a test vector having detected the fault are associated, and fail information is acquired from a result of an actual test of the circuit. Next, the fault dictionary is searched by each of a fail pin and a fail vector about the fail information to acquire the assumed point of the fault. A fault point is estimated by determining the priorities of a plurality of resultant fault points.
In a technique described in patent literature 2, logical consistency determining means detects an inconsistency in a logical status of each signal line during implication operation by first implication operation means. If no inconsistency is detected, process termination determining means determines whether logical statuses of all signal lines have been estimated to be “0,” “1,” or “X.” If it is determined that the estimation of a logical status has not been finished, U (unknown) status searching means searches for a signal line in an unknown status meaning an incomplete logical status, and detects a signal line connected through a gate to a fault propagation path including the signal line. The detected signal line is provisionally determined to be “0” and a provisional determination level indicating the number of times provisional determination is made is increased by 1. Then, the first implication operation means performs the implication operation again. If it is determined that the estimation of a logical status has been finished, fault output terminal connection line extracting means extracts a fault propagation path that might affect a fault output terminal directly and outputs the extracted path to an output unit.