Direct digital control systems have been used in the process industries for some time now. With the increased use of digital computers to provide process management and control, there has also been an increased awareness in the area of system security and reliability. One such effort is disclosed in copending application Ser. No. 139,495 now U.S. Pat. No. 4,351,023, assigned to the same assignee as the present case. That application discloses the use of redundant digital controllers with a shared data buffer arranged to permit the transfer of data base from one controller to the other, together with means for the other controller to examine the integrity of the first controller before accepting the information being transferred.
Usually digital controllers are configured in a vertical storage assembly, commonly referred to as a rack, located in a central station (e.g., a control room). The rack includes, in addition to power supplies, provisions for housing the central processing unit (CPU) and the interface circuitry for communicating with the process field sensors and actuators. This field communication interface is typically accomplished by a series of input/output (I/O) modules located in a connector housing area or nest in one centralized portion of the digital controller. A parallel bus structure is often used to transmit commands/data between the I/O modules and the CPU of the controller. When a parallel bus is used, a wired-conductor (e.g., a ribbon cable) forms the external bus link between the controller and the I/O nest, while a backplane in the nest extends the bus interface through appropriate connectors to the individual I/O modules within the nest.
These parallel bus structured systems increase the difficulty in isolating system failures. In particular, failed I/O modules or bus line failures that short the bus to ground are troublesome to locate because the modules and related bus interface components are in effect "or'ed" together.
One way of troubleshooting such failures is to continuously run diagnostic programs when a failure is detected and sequentially remove each module from its assigned area in the nest to see which one causes the problem to disappear. This can be a time consuming procedure because of the necessity of removing the module from its connection to the bus backplane, which in some cases involves unscrewing and disconnecting field terminations to permit physical separation of the module connector from the bus. Removal of the module from its connector housing area in this manner also would result in loss of field signal value. Additionally the possibility exists of transferring erroneous control data to the I/O modules during the connect/disconnect process outlined above.
It is apparent that a need exists to provide better fault isolation capabilities within process control systems of the type described above. This is especially so in pinpointing within a minimum time and with a minimum process upset, failures of individual I/O modules connected to a parallel I/O bus structure.