The present invention relates generally to computerized process control systems. More particularly, the invention relates to an information display and diagnostic system for conveying information to an operator about the state of a process being controlled by redundant process control computers.
In controlling complex processes by computer, particularly in mission critical applications, it is very desirable to have redundant computer control. This is certainly true, for example, in automated chemical processing plants, where two or more computers may be connected redundantly to ensure that the process steps are properly carried out and to minimize the necessity for a system shutdown in the event of a component malfunction.
In the case of a chemical processing plant there are typically a very large number of sensors, mixers, valves and other analog and digital components that are needed in order to carry out the process. It can be very expensive to shut down and restart a chemical process, hence many process control systems are designed to operate 24 hours a day, seven days a week. In such systems it is often desirable to employ redundant process control computers, to make the system more fault tolerant. Applicants' assignee, The Dow Chemical Company, has found that redundancy is perhaps best implemented by using two or more process control computers, each running separate instruction code and in which the computers are timed by loosely synchronized. separate clocks. The Applicants' assignee has also found that it can be beneficial to connect these process control computers in an actively redundant fashion, whereby each computer performs its own sequence of program instructions and each computer provides an output signal for simultaneously driving a common device.
In complex process control applications, such as petrochemical process control applications, where thousands of variables must be monitored and controlled essentially simultaneously, and in essentially real time (without substantial delay), providing useful information to the operator or engineer is by no means a simple task. The difficulty in providing information is particularly acute where redundant systems are employed, since it can often be difficult to identify the source of an error or malfunction, particularly where the error or malfunction is intermittent. It would therefore be desirable to have a process control system and a display system which a control engineer or control system operator could use to quickly locate a defective or malfunctioning part or software element in the event the redundant process control computers disagree.
Troubleshooting component failures aside, another difficulty encountered in redundant systems is the problem of how to change or upgrade system software or process control programs without shutting the system down. In a nonredundant system it is typically necessary to shut down the system in order to install a new software upgrade. In a large chemical processing plant this can be very expensive, since components may cool down, processes may begin to react incorrectly, component cleaning may be required, and so forth.
Where a redundant control computer system is employed, the redundancy would appear to provide a unique opportunity for software upgrade without shutting the system down. In some cases this can be done by shutting down only one of the redundant computer systems, leaving the remaining systems operative and running the existing software. The new software revision is then loaded and run on the computer previously shut down, and with great care, the new version is brought on line in an effort to transfer operation of the process from the old software version to the new software version.
While workable in theory, in practice it is often exceedingly difficult to switch over from the old version to the new version, since it must be ensured that both versions are in lock step synchronization. In a complex chemical processing application this might mean that several thousand controllers and valves are in exactly the same state under the old software version as they will be under the new software version at the instant of switchover. In many complex chemical processing applications it is difficult for a human to comprehend this much data using currently existing technology.