This invention relates to an apparatus for preventing malfunction when a failure occurs in a duplex unit. More particularly, the invention relates to an apparatus for preventing malfunction at failure in a system which controls a subordinate simplex unit by an acting device.
As shown in FIG. 6, a system comprises a host device 1, a duplex unit 2 and a simplex unit 3 controlled by an acting device in the duplex unit. The duplex unit 2 is composed of two devices 2a, 2b of identical construction, one device constituting an acting system (#0 system) and the other a standby system (#1 system). The duplex unit 2 is so adapted that the acting system controls the subordinate simplex unit 3 in accordance with commands from the host device 1. The acting device and standby device perform identical control and processing. When it is necessary to switch between the acting and standby devices at the time of maintenance or when the acting device is down because of failure, the standby device becomes active in response to an acting/standby changeover command from the host device 1 and is capable of continuing control of the simplex unit 3 without momentary interrupt. The simplex unit 3 has an acting-device discriminating circuit for discriminating, on the basis of an acting/standby signal that enters from each of the devices 2a, 2b, of the duplex unit 2, whether the device 2a or the device 2b is the acting system, a selector 3b for selecting and outputting control data that is output by the acting system, and a controller 3c for executing predetermined processing based upon the control data.
Each of the devices 2a, 2b constructing the duplex unit 2 has a power supply monitoring unit 4 for monitoring an interruption in power or a decline in power supply voltage in its own system. The power supply monitoring unit 4 of one device notifies the other device of an interruption in power or a decline in power supply voltage in its own system. Accordingly, when one of the devices 2a, 2b recognizes an interruption in power or a decline in power supply voltage in the other system, the device so notifies the host device 1. Upon receiving notification of an interruption in power or a decline in power supply voltage in the acting device, the host device 1 issues an acting/standby changeover signal so that the device that was serving as the standby device up to this point is made the acting device. As a result, from this point onward the controller 3c of the simplex unit 3 accepts control data via the selector 3b from the device just made the acting device and performs predetermined control.
Thus, in the conventional system as described above, the host device 1 takes the initiative in changing over the acting and standby modes of the devices 2a, 2b constructing the duplex unit 2. Consequently, when there is a decline in power supply voltage or interruption in power in the acting device, there may be instances where the acting device sends erroneous control data to the simplex unit 3 before the system changeover command based upon the decision made by the host device 1 reaches the duplex unit 2. In such case the controller 3 of the simplex unit 3 will perform control upon accepting the erroneous data, and this control may be erroneous, such as control for resetting data that has been accumulated.
Further, there are occasions where, due to noise or some other phenomenon, the devices 2a, 2b in the duplex unit 2 simultaneously send the simplex unit 3 indications that they are both acting or both standing by. In such cases the conventional simplex unit is unsure as to which of the devices 2a, 2b it should accept data from and malfunctions as a result.
In addition, there are instances where the control data from the acting device becomes corrupted owing to noise or the like, thereby causing the controller 3c of the simplex unit 3 to malfunction.