The subject matter disclosed herein relates to industrial automation controllers. Specifically, the subject matter disclosed herein relates to an industrial automation controller including an energy storage subsystem to power a diagnostic subsystem.
Industrial automation controllers are special purpose computers used for the control of industrial machines and/or processes. While executing a stored program, they read inputs from one or more controlled machines/processes and, according to the logic of a contained control program, provide outputs to the same and/or different controlled machine(s)/process(es) based upon the inputs. Industrial controllers must provide “real-time” control (i.e., control in which control outputs are produced predictably and timely in response to given control inputs), and must provide for extremely reliable operation and recovery from faults. In this latter regard, critical data contained in processor registers and other volatile memory (e.g., DRAM, SRAM, SDRAM, etc.) of the controller must be saved or “backed-up” to a non-volatile memory (e.g., flash EEPROM, disk, etc.) in the event of loss of electrical power.
Furthermore, end users of industrial controllers require maintaining user memory and state of controllers over power failure and power cycling. With increasing user requirements of user program size and challenges of battery maintenance, some controllers have opted for saving user memory into sold-state memory upon power fail and power cycling. This operation is abbreviated as save-to-flash operation. Therefore, sufficient energy storage needs to be generated and stored during normal operation in order to harvest stored energy as backup to perform save-to-flash operation during power fail.
In addition to backing up controller states and user memory during power cycling or failure, a functional safety integrated controller, depending on the level of safety integrity required to meet, may require a wide-input tolerant and large size regulator to power both a functional safety domain subsystem and a diagnostic domain subsystem, or separate and dedicated power supply sources may be provided for functional safety related subsystems and diagnostic related subsystems respectively to reduce risk of having common cause failure that potential compromises both safety function and diagnostic concurrently in single fault.
Both requirements described above including memory back-up and dedicated power supplies drive hardware design to be complicated, redundant with multiple backup supplies or regulators, expensive and consuming large real estate.
This disclosure and the exemplary embodiments described herein, provide an industrial control system, controller and method including a memory back-up subsystem which reduces risk of common cause failures without the need to have separate and dedicated power supply sources, or a relatively wide-input tolerant and large size regulator.