1. Field of the Invention
The invention relates to a programmable controller for controlling and/or monitoring a technical process, including a memory for storing at least one user program including at least one task and process- and user-program-related data, and when a redundant programmable controller is connected, the content of the memory is transferred into a memory of the redundant programmable controller. It also relates to a method for updating a redundant programmable controller, communicatively connected to such a programmable controller.
2. Description of the Related Art
A widely used special implementation of a programmable controller suitable for single operation and thus for non-redundant operation is a stored-program controller (SPC). A so-called process computer or also a so-called personal computer which, in comparison with a personal computer provided for pure office use, is supplemented, in particular, by a special power supply, by special shielding, by a buffered memory and/or by an uninterruptible power supply, can also be used as programmable controller.
In principle, the programmable controller, like any “standard computer”, comprises at least one processor for executing a user program stored in a memory. In comparison with a standard computer, the special feature of the programmable controller is that the programmable controller Is capable of linking to a process to be controlled and/or to be monitored, particularly input/output devices such as, e.g. digital/analog input interfaces and digital/analog output interfaces.
A programmable controller which, in contrast to the programmable controller provided for single operation, is suitable for redundant operation with at least one redundant programmable controller—also called back-up programmable controller in the text which follows—is distinguished from the former at least by a device for communicative connection to the associated redundant programmable controller. Such a device is usually an interface, e.g. a serial/parallel interface or a bus interface which makes it possible to establish a communication link to the associated redundant programmable controller. Such programmable controllers suitable for redundant operation are known, e.g. from EP 0 497 147, EP 0 636 956 or DE 196 24 302.
From EP 0 497 147, a programmable controller constructed redundantly of two part-devices is known. Each of the part-devices exhibits a central processing unit and a memory and a communication processor, the two communication processors being connected to one another via a communication line. The two part-devices execute identical user programs and exchange synchronization data via the communication line for ensuring synchronous processing of the identical user programs.
From EP 0 636 956, a programmable control system is also known which exhibits two subsystems, namely an initial programmable control system and an additional programmable control system. When one of the subsystems fails, the technical process is conducted by the remaining subsystem, the initial programmable control system. After the failed subsystem has been replaced, this system, namely the additional programmable control system, must be coupled to the initial programmable control system again. For this purpose, both the initial programmable control system and the additional programmable control system have a communication interface by which the two subsystems can be communicatively connected. The content of the memory of the initial programmable control system is transferred via this communication connection into the memory of the additional programmable control system. This transfer takes place either during a noncritical state of the initial programmable control system with respect to time or progressively in so-called time slices, the control of the technical process being retained by the initial programmable control system.
The transfer of the content of the memory of the first device/subsystem into the memory of the redundant second device/subsystem is also called “updating”. Thus, a method for updating (updating method) is known from DE 196 24 302, by which the current database of the initial programmable control system is transferred to an additional programmable control system temporarily shut down, e.g. due to maintenance work.
The known updating method is subdivided into two passes. In a first pass, the content of the memory of the initial programmable control system is transferred by progressive read-out from the memory of the initial programmable control system and writing into the memory of the additional programmable control system. The volume of the data read out and written in, in one step during this process, is determined by the time interval needed for this process and the maximum tolerable latency phase of the initial programmable control system with respect to the process to be controlled. After a certain number of such write and read processes, a “basic database” of the initial programmable control system has been transferred to the additional programmable control system. During this time, however, the data in the memory of the initial programmable control system are subject to continuous change due to the uninterrupted control of the technical process. These memory contents, which have changed in the meantime, are transferred in a further pass. For this purpose when new and/or changed data are written into the memory of the initial programmable control system, the same data, together with position information, are also written into a buffer and in a second pass, the content of the buffer is transferred into the memory of the additional programmable control system with evaluation of the position information.