1. Technical Field
This invention relates to control systems and, more particularly, to fault-tolerant methods and apparatus for process control.
2. Background Information
The terms “control” and “control systems” refer to the control of the operational parameters of a device or system by monitoring one or more of its characteristics. This is used to insure that output, processing, quality and/or efficiency remain within desired parameters over the course of time.
Control is used in a number of fields. Process control, for example, is typically employed in the manufacturing sector for process, repetitive and discrete manufacture, though it also has wide application in electric and other service industries. Environmental control finds application in residential, commercial, institutional and industrial settings, where temperature and other environmental factors must be properly maintained. Control is also used to monitor and control devices used in the manufacture of various products, ranging, for example, from toasters to aircraft.
Control systems typically utilize field devices, including sensors and the like, which are integrated into the equipment being controlled. For example, temperature sensors are usually installed directly on or within the articles, bins, or conduits that process, contain or transport the materials being measured. Control devices such as valves, relays, and the like, must also be integrated with the equipment whose operations they govern.
Predictability is among the key requirements of any control device. A fluid sensor that even occasionally produces unreliable readings is unacceptable. Overengineering may insure better reliability; however, it often results in devices that are too expensive or too large for wide application.
Redundancy is a well accepted alternative to overengineering. It typically involves using two or more standard control elements in place of one. The duplicated units can be field modules, controllers or other higher-level elements in the control hierarchy.
Thus, for example, U.S. Pat. No. 4,347,563 discloses an industrial control system in which redundant processing units serve as bus masters “of the moment,” monitoring status information generated by primary processing units. If a redundant unit detects that a primary has become faulty while executing an application program, the redundant unit loads that program and takes over the primary's function.
U.S. Pat. No. 5,008,805, on the other hand, discloses a real time control system in which “sender” and “listener” processors synchronously step through sequential schedules, with the sender controlling execution of events sent from a host. The listener monitors the sender and in the event of fault, assumes the role of the latter, executing commands omitted during the takeover interval.
A shortcoming of these and many other prior art redundancy schemes is their imposition of undue computational or hardware overhead. U.S. Pat. No. 5,008,805, for example, has the disadvantage of requiring that the sender and listener operate in lock-step, necessitating common timing lines and up-front synchronization procedures.
The I/A Series process control systems, manufactured by the assignee hereof, represent a significant advance in this technology. They utilize a fault-tolerant architecture including a workstation which provides a monitoring and control interface for operations and maintenance staff. Control algorithms may be executed in one or more control processors (CPs), with control achieved via redundant fieldbus modules (FBMs) that connect to Field Devices (FDs), such as transmitters or Programmable Logic Controllers (PLCs), and sensors or valves associated with the physical equipment to be operated. Various software packages provide historical tracking of plant data, alarming capabilities, operator action tracking, and status of all stations on the process control system network.
Each fieldbus module (FBM), for example, has a redundant, shadow (tracker) partner. The tracker is configured to assume the primary ‘master’ role, such as in the event of a failure or other error, to permit it to be replaced or updated without taking the system off-line.
In this approach, each of the redundant FBMs communicates with, and captures identical data from, redundant Field Devices (FDs).
While the prior art techniques have proven effective to date, the ever increasing complexity of control systems render those techniques problematic. For example, the data stream between the Master FD and each FBM tends to be of relatively large bandwidth, due to the nature of the often complex protocols used by the process control network. This bandwidth is even larger due to the duplicate data being sent to both FBMs in order to ensure full redundancy. Response time by the Master FD is thus often undesirably slow due both to this relatively large amount of traffic, and because the Master FD needs to process requests from both FBMs. In addition, use of Floating or Dynamic IP Addresses at the FD level also adds complexity to this overall approach.
Thus, a need exists for an improved fault-tolerant approach for process control that addresses the foregoing drawbacks.