The invention pertains to process control and, more particularly, to digital data processing methods and apparatus for duplicating data in control systems.
The terms xe2x80x9ccontrolxe2x80x9d and xe2x80x9ccontrol systemsxe2x80x9d refer to the control of a device or system by monitoring one or more of its characteristics. This is used to insure that output, processing, quality and/or efficiency remain within desired parameters over the course of time. In many control systems, digital data processing or other automated apparatus monitor the device or system in question and automatically adjust its operational parameters. In other control systems, such apparatus monitor the device or system and display alarms or other indicia of its characteristics, leaving responsibility for adjustment to the operator.
Control is used in a number of fields. Process control, for example, is typically employed in the manufacturing sector for process, repetitive and discrete manufactures, though, it also has wide application in electric and other service industries. Environmental control finds application in residential, commercial, institutional and industrial settings, where temperature and other environmental factors must be properly maintained. Control is also used in articles of manufacture, from toasters to aircraft, to monitor and control device operation.
Reliability is among the key requirements of any control system. Failures are almost never acceptable, for example, in critical process control and safety applications. Even occasional failures are undesirable in conventional control applications, such as manufacturing process control.
The art suggests the use of testing and other operational techniques to improve the reliability of control systems. Industry standards, such as IEC 61508 and DIN V VDE 0801, Class AK6, for example, set minimum requirements for fault detection in digital data processors used in safety-related systems. One of these calls for testing the random access memory of an operating computer on a periodic basis, e.g., every 15 seconds. This typically involves writing a known value to each addressable memory location and reading the locations to verify the stored values. Applications data contained in the memory is temporarily stored, e.g., in processor registers, while each memory location is being tested.
Though testing techniques as described above can give system designers and operators added comfort in the reliability of their control systems, the utility of those techniques is limited.
Though otherwise unrelated to the foregoing, the art also suggests the use of redundancy as a means of enhancing reliability. This typically involves using two or more control elements in place of one. For example, U.S. Pat. No. 4,347,563 discloses an industrial control system in which redundant digital data processing units serve as bus masters xe2x80x9cof the moment,xe2x80x9d monitoring status information generated by primary processing units. If a redundant unit detects that a primary has gone faulty while executing an application program, the redundant unit loads that program and takes over the primary""s function.
A problem with systems that rely on redundant processing units is updating newly inserted units. Typically, this is accomplished by taking both active and new units off-line so that the contents of the former can be downloaded to the latter. Though the off-line period can be relatively brief by layman""s standards, it can be quite long from a control perspective, thus, raising the probability that a failure will disrupt system operation, or worse.
An object of the present invention is to provide improved methods and apparatus for control and, more particularly, by way of example, for duplicating data utilized by modules in a control system. Another object is to provide improved such methods and apparatus as can be utilized in fault-tolerant or fault-detecting systems, e.g., for purposes of copying data from an active module to a newly inserted backup module.
Yet still another object of the invention is to provide such methods and apparatus as permit a backup unit to be updated while the control system remains online.
Still yet another object of the invention is to provide such methods and apparatus as can be implemented with little additional software and hardware overhead.
The foregoing are among the objects attained by the invention which provides, in one aspect, a control system with a first module that includes a memory and diagnostic logic. The diagnostic logic periodically tests at least selected locations in the memory and, in connection with such testing, reads data from those locations and writes the data back to them. A second module is coupled to the first module such that the data that is written back to the memory of the first module is transferred to the second module, as well.
Further aspects of the invention provide a system as described above in which the first and/or second modules each form part of a workstation, field controller, field device, smart field device, or other functionality arranged for industrial, manufacturing, service, environmental, or process control. Data transferred between the modules can comprise any of bits, bytes, words, longwords, records, arrays, matrices, structs, objects, data structures or other items from or portions of the first module""s memory. The system can include logic that maps addresses, symbolic names or other identifiers associated with data in the first module to corresponding addresses, symbolic names or other identifiers for association with the data in the second module.
By way of example, the first module can be a xe2x80x9csmartxe2x80x9d field device in a process control system. The second module can be a workstation that (among other things) stores backup copies of configuration or other data in the field device. Diagnostic logic present in the field device, for example, can test locations in its memory, e.g., in compliance with the aforementioned IEC and DIN standards. In connection with the testing, the logic can read and rewrite the contents of the memory locations. Switching logic can transfer those rewritten contents (e.g., data words, records, objects, etc.) to the second module, as well as to the first module""s memory. Mapping or other conversion logic can map or translate addresses or other identifiers in connection with the transfer.
Further aspects of the invention provide a system as described above in which the first and second modules include first and second memories, respectively; the first memory element normally being coupled to a first memory bus; the second memory element normally being coupled to a second memory bus. Each memory element stores data in accord with commands received over the bus to which it is coupled. The switching logic has a memory update mode that temporarily couples the second memory element to the first memory bus in lieu of the second memory bus, e.g., so that the second memory element receives data and data storage commands identically with those received by the first memory element. The switching logic can remain in the memory update mode long enough for the diagnostic logic to rewrite all of the selected locations of the first memory element.
Further aspects of the invention provide a control device as described above in which the switching element includes a field effect transistor (FET) switch and, preferably, an array of such switches. The switches connect conductors in the first and second memory buses to respective conductors of the first memory element.
The invention provides, in other aspects, a control device having first and second memory elements and first and second memory buses, as described above. A first switching element has a first switching mode that couples the first memory element to the first memory bus, and a second switching mode that couples the first memory element to the second memory bus. A second switching element likewise has a first switching mode that couples the second memory element to the second memory bus, and a second switching mode that couples the second memory element to the first memory bus.
Logic coupled to the first and second switching elements normally places them in their respective first modes. The logic can respond, e.g., to insertion or powering-up of one of those elements, for placing the associated switching element in its second mode, thereby, causing its memory to be updated from the other memory.
Still further aspects of the invention provide a control device as described above in which the first and second memory elements are part of first and second modules, respectively, that include processors and input/output logic, as well as memory elements.
Still other aspects of the invention provide methods of operating control devices and systems of the types described above.
Methods and apparatus according to the invention are advantageous over the prior art. For example, a memory (or a selected portion thereof) can be copied to a backup unit without either unit being brought off-line. Moreover, the memory (or memory portion) can be copied quickly, i.e., in no more time than is required to verify the integrity of the unit being backed up. Still further, apart from switch setting, no substantial foreground, background or other additional processes are required for the update process.