The present invention relates to industrial controllers used for real time control of industrial processes, and in particular, to a high reliability industrial controller appropriate for use in devices intended to protect human health and life.
Industrial controllers are special purpose computers used in controlling industrial processes. Under the direction of a stored control program, an industrial controller examines a series of inputs reflecting the status of the control process and changes a series of outputs controlling the industrial process. The inputs and outputs may be binary, that is, on or off, or analog, providing a value within a continuous range. The inputs may be obtained from sensors attached to the controlled equipment and the outputs may be signals to actuators on the controlled equipment.
“Safety systems” are systems intended to ensure the safety of humans working in the environment of an industrial process. Such systems may include, but are not limited to, the electronics associated with emergency stop buttons, interlock switches and machine lockouts. Traditionally, safety systems have been implemented by a set of circuits wholly separate from the industrial control system used to control the industrial process with which the safety system is associated. Such safety systems were originally “hard-wired” from switches and relays, some of which may be specialized “safety relays” allowing comparison of redundant signals and providing internal checking of conditions such as welded or stuck contacts. Safety systems may use switches with dual contacts providing an early indication of contact failure, and multiple contacts may be wired to actuators so that the actuators are energized only if multiple contacts close.
Hard-wired safety systems have proven inadequate as the complexity of industrial processes has increased. This is in part because of the cost of installing and wiring relays and in part because of the difficulty of troubleshooting and maintaining the “program” implemented by the safety system in which the logic can only be changed by rewiring physical relays and switches.
For this reason, there is considerable interest in implementing safety systems using industrial controllers. “High reliability” refers generally to systems that guard against the propagation of erroneous data or signals to a predetermined high level of probability defined by safety certification standards. Such high reliability is obtained by detecting error or fault conditions and entering into a predetermined fault state. High reliability systems may be distinguished from high availability systems, however, the present invention may be useful in both situations, and therefore as used herein, high reliability should not be considered to exclude high availability systems.
High reliability controllers are easier to program and have reduced installation costs because of their ability for use of a high-speed serial communication network eliminating long runs of point-to-point wiring. For a system to have sufficiently high reliability, the system should be sufficiently robust so as to reliably detect errors in transmitting network messages.
Efforts have been undertaken to develop a “safety network” which is a high-speed serial communication network providing greater certainty in the transmission of data. Unfortunately, conventional high-speed serial communication networks commonly used in industrial control are not sufficiently reliable for safety systems. For instance, such networks add a large amount of safety information to each message, which increases the message length and thereby reduces the capacity of the network. This reduced capacity may adversely affect the response time for the industrial controller and/or limit additional reliability enhancing features that might be added to the message to otherwise improve its reliability. If the amount of safety information embedded in the messages of conventional safety networks is decreased, the reliability of error detection is compromised.
What is therefore needed is a high reliability safety network using error detection methods that reliably indicate data corruption while reducing the overall size of messages and increasing network performance.