CA2122384A1 - Fault tolerant programmable controller - Google Patents
Fault tolerant programmable controllerInfo
- Publication number
- CA2122384A1 CA2122384A1 CA 2122384 CA2122384A CA2122384A1 CA 2122384 A1 CA2122384 A1 CA 2122384A1 CA 2122384 CA2122384 CA 2122384 CA 2122384 A CA2122384 A CA 2122384A CA 2122384 A1 CA2122384 A1 CA 2122384A1
- Authority
- CA
- Canada
- Prior art keywords
- modules
- load
- pair
- fault tolerant
- programmable logic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/054—Input/output
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/10—Plc systems
- G05B2219/14—Plc safety
- G05B2219/14113—Fault tolerant objectives for equipment, controller
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/10—Plc systems
- G05B2219/14—Plc safety
- G05B2219/14135—Single plc, load between two I-O to plus and two I-O to ground
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2015—Redundant power supplies
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Programmable Controllers (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
FAULT TOLERANT PROGRAMMABLE CONTROLLER
ABSTRACT OF THE DISCLOSURE
Redundant modules are interconnected between the power line conductors and a load remotely-controlled by means of a programmable logic controller. Sampling algorithms within the controller continuously determine the presence and absence of an electrical fault within any of the modules and selectively connect and disconnect the modules to maintain operating power to the load.
ABSTRACT OF THE DISCLOSURE
Redundant modules are interconnected between the power line conductors and a load remotely-controlled by means of a programmable logic controller. Sampling algorithms within the controller continuously determine the presence and absence of an electrical fault within any of the modules and selectively connect and disconnect the modules to maintain operating power to the load.
Description
30GF-1055 ~
................ ............................................................. ... ... ... :' 2 1 2 2 3 8 4 ~ -FAULT TOLERANT PROGRAMMABLE CONTROLLER
BACKGROUND OF THE INVENTION
Process control with a programmable controller involves the acquisition of input signals from various process sensors and the provision of output signals to controlled elements of the process. The process is thus controlled as a ;
~unction of a stored program and of process -conditions as reported by the sensors. Numerous and diverse processes are, of course, subject to such control, and sequential operation of industrial processes, conveyor systems, and chemical, petroleum, and metallurgical processes may all, for example, be advantageously controlled by programmable controllers.
Programmable logic controllers (hereinafter "PLC") comprise a central processing unit (CPU) ~ ~
made up, broadly, of a data processor for executing - -the stored program, a memory unit of sufficient size to store the program and the data relating to the status of the inputs and outputs, and one or more power supplies. In addition, an input/output ~ ~ -module provides the interface between the central processing unit and the input devices and controlled element~ of the process being 25 controlled. U.S. Pat. No. 4,293,924 describes one such module.
When such PLCS are used with sensitive equipment such as offshore oil rigs, medical equipment, nuclear equipment and the like, 30 supplemental circuits are required to insure that ~ ;~
' .'-~ ,'' the associated equipment remains operational when faults may have occurred within any of the modules associated with the PLCS. So-called "fault tolerant" operation is described within U.S.
Patents 4,868,826 and 4,967,347 wherein discrete circuit components are employed to provide the fault tolerant operation. U.S. Patent 4,926,281 describes the use of a pair of redundant modules interconnected by a means of crowbar switches and supplemental logic circuits to achieve a similar result.
U.S. Patent 4,752,886 describes a method for on-line testing of the modules associated with a PLC to insure operability of the associated load in the event of fault occurrence within any of the modules. Since standard "off-the-shelf~ components are employed, this approach is relatively inexpensive to implement. -~-one purpose of this invention accordingly, is 20 to provide complete fault tolerant operation to a load associated with a PLC without requiring the supplemental components and associated customized circuits currently employed within the state-of-the art of such fault tolerant operations.
SUMMARY OF THE INVENTION
A PLC is interconnected with a sensitive load by means of a multiplicity of standard off-the-shelf I/O modules to provide fault tolerant operation at a substantial cost savings. A pair of 30 similar modules are redundantly interconnected -~
between the line and the load on both sides of the :
-':
. :~ . , :-., '' :'' 3oGF-loss ~ . . .
~' DC power distribution system. Sampling algorithms within the PLC continuously test the modules for ~ ~`
fault oecurrence and disconnect the faulted module without interrupting power to the load.
BRIEF DESCRIPTION OF THE DRAWINGS `:`
FIG. 1 is a simplified block diagram of a PLC
system including a plurality of I/O modules in accordance with the prior art;
FIG. 2 is a diagrammatic representation of 10 the redundant interconnection of the modules of ~ -` `
Figure 1 with a power source and a load in -aeeordanee with the invention~
FIG. 3 is a flow chart representation of the sampling algorithm for the load of Figure 4 in an 15 OFF state; and ~ ~
FIG. 4 is a flow chart representation of the - ~ -sampling algorithm for the load of Figure 4 in an ON state.
' '' .
DESCRIPTION OF THE PREFERRED EMBODIMENT
Before describing the invention in detail, it is helpful to review the operation of a PLC such as deseribed within U.S. Patent 4,628,397. The PLC 10 o~ FIG. 1 ineludes a central processing unit (CPU) 11, an I/O eontroller 12, a plurality of I/O
modules 14A-14D, and a data bus 13 whieh inter~
eonneets eaeh module with the I/O eontroller.
These items, exelusive of the CPU, generally eomprise the I/O system of the eontroller. The CPU
is substantially of eonventional design and may inelude one or more mieroproeessors for data ' ' ' 212238~
handling and control, plus memory for storage of operating programs, input/output data, and other computed, interim, or permanent data for use in executing the stored programs and for S implementation of control. In addition, other conventional elements, such as power supplies, are included as necessary to make the CPU fully functional. The I/0 controller 12 provides for control of information exchanged between the various modules and the CPU.
Each module may be separately located, remote from the CPU and the I/0 controller, and in close proximity to the process being controlled as depicted as a load 21, for example. Although only three modules are illustrated, it will be understood that the actual number may be considera-bly greater. For example, sixteen separate modules may be readily accommodated in the system to be de-scribed herein. Each module is independent of the 20 other and each may be devoted to control of a -~
process separate from that controlled by all other -modules. The data bus 13 is preferably a serial link although parallel transmission of signals between the CPU and the modules may be readily provided. In either case, the modules are connected ta~the data bus for communication with the CPU.
The data bus may comprise a twisted pair of conductors, a coaxial cable, or a fiber optics cable; all are acceptable depending on such 30 considerations as cost and availability. ~;
Each module include~ a microcontroller 19 having an interface port for exchanging information . =. .. . . . .... ... . .. . .. . .. .. . .. . . .. .
...
.. : . .. .:' : ' ,, . ~ ,'. .. ' : ' , :.
.
- 5 - '' . .
with the CPU and including an associated memory (not illustrated) for implementation of a stored ' ~
program of operation according to which the various ~ -elements of the modules are controlled and diagnosed for incurred faults; a plurality of ~' '"
individual I/0 points 20, each of which may be -~
selectably operated either as an input point or as an output point and each of which interfaces '~-~
individually through conductors directly to input~'~
10 or output elements of the controlled process: and a~`
data bus 15 for interconnecting the I/0 points with the microcontroller. The number of I/0 points depends on practical considerations such as heat dissipation and the limitations of the microcon~
15 troller. As an example, it has been found quite ~, practical and,convenient to provide sixteen I/0 points per module.
For verifying the integrity and functionality of the input and output components and for maintenance and troubleshooting, a monitor unit 16 is provided. The monitor is hand-held so that it ,~
can be readily and conveniently moved from one module to the other. It is adapted for connection ' '~' -into each module by a cable lS which includes a '-;~
25 connector ~or mating with another connector affixed'''',,~
to the module. The monitor includes a keypad 17 and , ' ' display 18 to allow the I/0 points of the module to be monitored and controlled and provides a display of diagnostic information pertaining to the module.
Also connected within each module iB a ' '- ~, switching circuit (not shown) which interconnects the I/0 points with the associated load 21. A
preferred switching circuit will, in any case, include a shunt current path including means for providing a signal indicative of the current to the load. The switching circuit most preferred is the insulated gate transistor (hereinafter "IGT") which comprises a power semiconductor device which may be gated both into and out of conduction. That is, the IGT may be both turned on and turned off through its gate terminal. Some versions of the IGT include a current emulation section which is a section of the IGT provided to carry a proportional fraction of the total IGT current. The emulation section is advantageous in that it can be used to monitor the total current without resort to means for dissipating large circuit currents. A single gate signal controls current flow both in the main section of the IGT and in its emulation section. -The insulated gate transistor is fully described within the aforementioned U.S. Patent 4,628,397.
The fault tolerant circuit 22 according to the invention is shown in Figure 2 to include a ~ -pair of modules 14A, 14B, interconnecting between the positive line bus 23 of a DC power distribution system and the positive load bus 27 that is connected with one side of the associated load 21 by means of the positive power conductor 25. A -similar pair of modules 14C,14D is connected between the negative line bus 24 of the DC power system and the negative load bus 28 that is connected with the other side of the load by means of the negative power conductor 26. Each of the modules includes an IGT, although not shown, . :
"..~.. .
:
30GF-1055 ;
21223~ ~
-: :.
- 7 - : -: : -operates in the manner described within the ;~-aforementioned U.S. Patent 4,628,397. To insure provision of operating power to the modules, each module connecting with the same side of the load is connected ~ith a different source of operating power which are indicated as power supply A and power supply B. Either of which could comprise a set of batteries or an auxiliary DC generator. In the event that one of the power supplies fails, at -~
least one pair of modules would be operational to continue to supply power to the load. The provision of the separate power supplies is an important feature of the invention. To distinguish between the positive power conductor 25 connecting with the 15 positive load bus 27 and the negative power conductor 26 connecting with the negative load bus -~
28, the data bus 13 interconnecting the modules and --the controller 12 (Figure 1) is indicated in dashed lines and the data bus 15 interconnecting the 20 modules and the load is indicated in phantom. An additional feature is the redundant arrangement of the modules on both sides of the load to insure that the load remains operational in the event one of the modules on either side of the load should 2S fail~
In further accordance with the invention, ~-the modules are each connected as both Input and Output modules providing information to the load as well as receiving information from the various 30 sensors associated wlth the load. In the arrange~ent depicted in Figure 2, modules 14A and 14C are in the ON state wherein their associated ~'..1 212~3~4 IGTs are turned on and the modules 14B, 14D are in their OFF state with their associated IGTs turned off To insure operability of the associated load ... .
in the event that one of the modules or any of their IGTs should fail, the sampling algorithms in Figures 3 and 4 are employed within the CPU 11 of the PLC 10 of Figure 1. Before the load is automatically disconnected from the power supply, both of the modules connected on the same side of the supply bus must indicate a fault.
The algorithms 29 of Figure 3 and 95 of -Figure 4 determine the presence or absence of voltage across the associated IGTs as well as the presence of current through the IGTs to indicate 15 whether the IGTs are operational. In the - -algorithms ~An, ~B~ C~ and "D" represent the IGTs associated within the modules 14A, 14B, 14C and 14D respectively. The algorithm 29 of Figure 3 is designed to test the associated IGTs when the load - ~ ;
20 21 of Figure 2 is de-energized, i.e. "OFF" and the ~ -algorithm 95 of Figure 4 is designed to test the associated IGTs when the load i9 energized, i.e.
"ONn. Tho method of pulsinq a load to determine the operability of the module components is doscribed within the aforementioned U.S. Patent 4,752,886.
Referring now to Figure 3, a determination iq made as to whether there is voltage across ~ and (30,31) and if so C is closed (33) and A is pulsed (34). If there is no voltage, a fault is reported to the CPU (32) and the test is stopped (57). A
determination is made a~ to whether there is -:
i~, 212238~
_ 9 _ ::
: , current through A (35) and if not, A is reported as faulted (36) and the test is stopped (57). If there is current through A , the voltage across A
. . . :
is measured (37) and A is reported as faulted i~
such voltage is present (38) and the test is :~
stopped (57). If there is no voltage across A, B
is pulsed (39) and the current through B is determined (40). If there is no current, B is -reported as faulted (41) and the test is stopped (57). If there is current through B, the voltage across B is measured (42) and 8 is reported as faulted if there is a voltage across B (43). The :. -~ :
voltage across C and D is next determined (44) and -;~
if there is no voltage, a fault is reported to the CPU (45) and the test is stopped (57). If there is a voltage across C and D , A is closed (46) and C ~: -is pulsed (47). The current through C is measured (48) and if no current exists, C is reported as faulted (49) and the test is stopped (57). The - .
voltage across is measured (50) and if there is voltage, C is reported as faulted (Sl) and the test is stopped (57). ~ is then pulsed (52) and the current through ~ is measured (53) and if no : -current exists, D is reported as faulted (54) and the test is stopped (57). lhe voltage across D is ~asured (55) and if there is voltage, D is reported as faulted (56) and the test is stopped (57). If there is no voltage across D, the sampling is completed for one test cycle. ~ .
The algorithm 9S for the load in the "ON"
state is depicted in Figure 4 and begins (58) with a determination as to whether there is current `-` 21223~
through either A or B (59) and if not, a fault is reported to the CPU (60) and the test is stopped : ~:
(94). If there ls current, A is pulsed (61), the voltage across A is measured (62~ and if there is voltage, B is reported as faulted (63) and the test ~ ~
is stopped (94). If no voltage, B is pulsed (64), :
the voltage across B is measured (65) and if there is voltage, ~ is reported faulted (66) and the test ~::
is stopped (94). If no voltage, A is opened (67), ~ is pulsed (68), and the voltage across B is measured ~69). No voltage across B results in A :~
reported faulted (70) and the test stopped (94).
If there is voltage across B, A is closed (71), B
is opened (72) and ~ is pulsed (73). The voltage across A is measured (74), and if no voltage, B is reported faulted (~5), and the test is stopped :~
(94). The current through C or D is measured (77), and if no current, a fault is reported to the CPU
(78) and the test is stopped (94). If there is - . ~ ~.
current, C i8 pulsed (79), and the voltage-across C
is measured (80). If there is voltage, D is reported as faulted (81) and the test is stopped (94). If there i~ no voltage, ~ i8 pulsed (82) and th- voltage across D is measured (83). If there is voltage, C i8 reported as faulted (84) and the test i8 ~topp~d (94). If no voltage, ~ is opened (85) :~
and ~ i~ pulsed (86). The voltage across D is mQasured (8~) and if no voltage (88), ~ is reported as faulted and the test is stopped (94). If there is voltage, ~ is closed (89), ~ is opened (90) and is pul~ed (91). The voltage acro~s C is measured (92) and if no voltage, D is reported as faulted : ' ' 21~23~ ~
(93) and the test is stopped (94). If there is voitage, the test is ended.
A PLC has herein been described providing fault tolerant operation to an associated load.
The PLC is interconnected with the load by ~-means of a plurality of I/O modules wherein one pair of the modulas interconnects the load with the pcsitive power bus and a separate pair of the modules interconnects the load with the negative power bus. Sampling algorithms stored in the PLC
test the modules continuously to determine whether any of the modules have become faulted.
Having thus described my invention, what I ~
claim as Letters Patent is: -. '' ` "
................ ............................................................. ... ... ... :' 2 1 2 2 3 8 4 ~ -FAULT TOLERANT PROGRAMMABLE CONTROLLER
BACKGROUND OF THE INVENTION
Process control with a programmable controller involves the acquisition of input signals from various process sensors and the provision of output signals to controlled elements of the process. The process is thus controlled as a ;
~unction of a stored program and of process -conditions as reported by the sensors. Numerous and diverse processes are, of course, subject to such control, and sequential operation of industrial processes, conveyor systems, and chemical, petroleum, and metallurgical processes may all, for example, be advantageously controlled by programmable controllers.
Programmable logic controllers (hereinafter "PLC") comprise a central processing unit (CPU) ~ ~
made up, broadly, of a data processor for executing - -the stored program, a memory unit of sufficient size to store the program and the data relating to the status of the inputs and outputs, and one or more power supplies. In addition, an input/output ~ ~ -module provides the interface between the central processing unit and the input devices and controlled element~ of the process being 25 controlled. U.S. Pat. No. 4,293,924 describes one such module.
When such PLCS are used with sensitive equipment such as offshore oil rigs, medical equipment, nuclear equipment and the like, 30 supplemental circuits are required to insure that ~ ;~
' .'-~ ,'' the associated equipment remains operational when faults may have occurred within any of the modules associated with the PLCS. So-called "fault tolerant" operation is described within U.S.
Patents 4,868,826 and 4,967,347 wherein discrete circuit components are employed to provide the fault tolerant operation. U.S. Patent 4,926,281 describes the use of a pair of redundant modules interconnected by a means of crowbar switches and supplemental logic circuits to achieve a similar result.
U.S. Patent 4,752,886 describes a method for on-line testing of the modules associated with a PLC to insure operability of the associated load in the event of fault occurrence within any of the modules. Since standard "off-the-shelf~ components are employed, this approach is relatively inexpensive to implement. -~-one purpose of this invention accordingly, is 20 to provide complete fault tolerant operation to a load associated with a PLC without requiring the supplemental components and associated customized circuits currently employed within the state-of-the art of such fault tolerant operations.
SUMMARY OF THE INVENTION
A PLC is interconnected with a sensitive load by means of a multiplicity of standard off-the-shelf I/O modules to provide fault tolerant operation at a substantial cost savings. A pair of 30 similar modules are redundantly interconnected -~
between the line and the load on both sides of the :
-':
. :~ . , :-., '' :'' 3oGF-loss ~ . . .
~' DC power distribution system. Sampling algorithms within the PLC continuously test the modules for ~ ~`
fault oecurrence and disconnect the faulted module without interrupting power to the load.
BRIEF DESCRIPTION OF THE DRAWINGS `:`
FIG. 1 is a simplified block diagram of a PLC
system including a plurality of I/O modules in accordance with the prior art;
FIG. 2 is a diagrammatic representation of 10 the redundant interconnection of the modules of ~ -` `
Figure 1 with a power source and a load in -aeeordanee with the invention~
FIG. 3 is a flow chart representation of the sampling algorithm for the load of Figure 4 in an 15 OFF state; and ~ ~
FIG. 4 is a flow chart representation of the - ~ -sampling algorithm for the load of Figure 4 in an ON state.
' '' .
DESCRIPTION OF THE PREFERRED EMBODIMENT
Before describing the invention in detail, it is helpful to review the operation of a PLC such as deseribed within U.S. Patent 4,628,397. The PLC 10 o~ FIG. 1 ineludes a central processing unit (CPU) 11, an I/O eontroller 12, a plurality of I/O
modules 14A-14D, and a data bus 13 whieh inter~
eonneets eaeh module with the I/O eontroller.
These items, exelusive of the CPU, generally eomprise the I/O system of the eontroller. The CPU
is substantially of eonventional design and may inelude one or more mieroproeessors for data ' ' ' 212238~
handling and control, plus memory for storage of operating programs, input/output data, and other computed, interim, or permanent data for use in executing the stored programs and for S implementation of control. In addition, other conventional elements, such as power supplies, are included as necessary to make the CPU fully functional. The I/0 controller 12 provides for control of information exchanged between the various modules and the CPU.
Each module may be separately located, remote from the CPU and the I/0 controller, and in close proximity to the process being controlled as depicted as a load 21, for example. Although only three modules are illustrated, it will be understood that the actual number may be considera-bly greater. For example, sixteen separate modules may be readily accommodated in the system to be de-scribed herein. Each module is independent of the 20 other and each may be devoted to control of a -~
process separate from that controlled by all other -modules. The data bus 13 is preferably a serial link although parallel transmission of signals between the CPU and the modules may be readily provided. In either case, the modules are connected ta~the data bus for communication with the CPU.
The data bus may comprise a twisted pair of conductors, a coaxial cable, or a fiber optics cable; all are acceptable depending on such 30 considerations as cost and availability. ~;
Each module include~ a microcontroller 19 having an interface port for exchanging information . =. .. . . . .... ... . .. . .. . .. .. . .. . . .. .
...
.. : . .. .:' : ' ,, . ~ ,'. .. ' : ' , :.
.
- 5 - '' . .
with the CPU and including an associated memory (not illustrated) for implementation of a stored ' ~
program of operation according to which the various ~ -elements of the modules are controlled and diagnosed for incurred faults; a plurality of ~' '"
individual I/0 points 20, each of which may be -~
selectably operated either as an input point or as an output point and each of which interfaces '~-~
individually through conductors directly to input~'~
10 or output elements of the controlled process: and a~`
data bus 15 for interconnecting the I/0 points with the microcontroller. The number of I/0 points depends on practical considerations such as heat dissipation and the limitations of the microcon~
15 troller. As an example, it has been found quite ~, practical and,convenient to provide sixteen I/0 points per module.
For verifying the integrity and functionality of the input and output components and for maintenance and troubleshooting, a monitor unit 16 is provided. The monitor is hand-held so that it ,~
can be readily and conveniently moved from one module to the other. It is adapted for connection ' '~' -into each module by a cable lS which includes a '-;~
25 connector ~or mating with another connector affixed'''',,~
to the module. The monitor includes a keypad 17 and , ' ' display 18 to allow the I/0 points of the module to be monitored and controlled and provides a display of diagnostic information pertaining to the module.
Also connected within each module iB a ' '- ~, switching circuit (not shown) which interconnects the I/0 points with the associated load 21. A
preferred switching circuit will, in any case, include a shunt current path including means for providing a signal indicative of the current to the load. The switching circuit most preferred is the insulated gate transistor (hereinafter "IGT") which comprises a power semiconductor device which may be gated both into and out of conduction. That is, the IGT may be both turned on and turned off through its gate terminal. Some versions of the IGT include a current emulation section which is a section of the IGT provided to carry a proportional fraction of the total IGT current. The emulation section is advantageous in that it can be used to monitor the total current without resort to means for dissipating large circuit currents. A single gate signal controls current flow both in the main section of the IGT and in its emulation section. -The insulated gate transistor is fully described within the aforementioned U.S. Patent 4,628,397.
The fault tolerant circuit 22 according to the invention is shown in Figure 2 to include a ~ -pair of modules 14A, 14B, interconnecting between the positive line bus 23 of a DC power distribution system and the positive load bus 27 that is connected with one side of the associated load 21 by means of the positive power conductor 25. A -similar pair of modules 14C,14D is connected between the negative line bus 24 of the DC power system and the negative load bus 28 that is connected with the other side of the load by means of the negative power conductor 26. Each of the modules includes an IGT, although not shown, . :
"..~.. .
:
30GF-1055 ;
21223~ ~
-: :.
- 7 - : -: : -operates in the manner described within the ;~-aforementioned U.S. Patent 4,628,397. To insure provision of operating power to the modules, each module connecting with the same side of the load is connected ~ith a different source of operating power which are indicated as power supply A and power supply B. Either of which could comprise a set of batteries or an auxiliary DC generator. In the event that one of the power supplies fails, at -~
least one pair of modules would be operational to continue to supply power to the load. The provision of the separate power supplies is an important feature of the invention. To distinguish between the positive power conductor 25 connecting with the 15 positive load bus 27 and the negative power conductor 26 connecting with the negative load bus -~
28, the data bus 13 interconnecting the modules and --the controller 12 (Figure 1) is indicated in dashed lines and the data bus 15 interconnecting the 20 modules and the load is indicated in phantom. An additional feature is the redundant arrangement of the modules on both sides of the load to insure that the load remains operational in the event one of the modules on either side of the load should 2S fail~
In further accordance with the invention, ~-the modules are each connected as both Input and Output modules providing information to the load as well as receiving information from the various 30 sensors associated wlth the load. In the arrange~ent depicted in Figure 2, modules 14A and 14C are in the ON state wherein their associated ~'..1 212~3~4 IGTs are turned on and the modules 14B, 14D are in their OFF state with their associated IGTs turned off To insure operability of the associated load ... .
in the event that one of the modules or any of their IGTs should fail, the sampling algorithms in Figures 3 and 4 are employed within the CPU 11 of the PLC 10 of Figure 1. Before the load is automatically disconnected from the power supply, both of the modules connected on the same side of the supply bus must indicate a fault.
The algorithms 29 of Figure 3 and 95 of -Figure 4 determine the presence or absence of voltage across the associated IGTs as well as the presence of current through the IGTs to indicate 15 whether the IGTs are operational. In the - -algorithms ~An, ~B~ C~ and "D" represent the IGTs associated within the modules 14A, 14B, 14C and 14D respectively. The algorithm 29 of Figure 3 is designed to test the associated IGTs when the load - ~ ;
20 21 of Figure 2 is de-energized, i.e. "OFF" and the ~ -algorithm 95 of Figure 4 is designed to test the associated IGTs when the load i9 energized, i.e.
"ONn. Tho method of pulsinq a load to determine the operability of the module components is doscribed within the aforementioned U.S. Patent 4,752,886.
Referring now to Figure 3, a determination iq made as to whether there is voltage across ~ and (30,31) and if so C is closed (33) and A is pulsed (34). If there is no voltage, a fault is reported to the CPU (32) and the test is stopped (57). A
determination is made a~ to whether there is -:
i~, 212238~
_ 9 _ ::
: , current through A (35) and if not, A is reported as faulted (36) and the test is stopped (57). If there is current through A , the voltage across A
. . . :
is measured (37) and A is reported as faulted i~
such voltage is present (38) and the test is :~
stopped (57). If there is no voltage across A, B
is pulsed (39) and the current through B is determined (40). If there is no current, B is -reported as faulted (41) and the test is stopped (57). If there is current through B, the voltage across B is measured (42) and 8 is reported as faulted if there is a voltage across B (43). The :. -~ :
voltage across C and D is next determined (44) and -;~
if there is no voltage, a fault is reported to the CPU (45) and the test is stopped (57). If there is a voltage across C and D , A is closed (46) and C ~: -is pulsed (47). The current through C is measured (48) and if no current exists, C is reported as faulted (49) and the test is stopped (57). The - .
voltage across is measured (50) and if there is voltage, C is reported as faulted (Sl) and the test is stopped (57). ~ is then pulsed (52) and the current through ~ is measured (53) and if no : -current exists, D is reported as faulted (54) and the test is stopped (57). lhe voltage across D is ~asured (55) and if there is voltage, D is reported as faulted (56) and the test is stopped (57). If there is no voltage across D, the sampling is completed for one test cycle. ~ .
The algorithm 9S for the load in the "ON"
state is depicted in Figure 4 and begins (58) with a determination as to whether there is current `-` 21223~
through either A or B (59) and if not, a fault is reported to the CPU (60) and the test is stopped : ~:
(94). If there ls current, A is pulsed (61), the voltage across A is measured (62~ and if there is voltage, B is reported as faulted (63) and the test ~ ~
is stopped (94). If no voltage, B is pulsed (64), :
the voltage across B is measured (65) and if there is voltage, ~ is reported faulted (66) and the test ~::
is stopped (94). If no voltage, A is opened (67), ~ is pulsed (68), and the voltage across B is measured ~69). No voltage across B results in A :~
reported faulted (70) and the test stopped (94).
If there is voltage across B, A is closed (71), B
is opened (72) and ~ is pulsed (73). The voltage across A is measured (74), and if no voltage, B is reported faulted (~5), and the test is stopped :~
(94). The current through C or D is measured (77), and if no current, a fault is reported to the CPU
(78) and the test is stopped (94). If there is - . ~ ~.
current, C i8 pulsed (79), and the voltage-across C
is measured (80). If there is voltage, D is reported as faulted (81) and the test is stopped (94). If there i~ no voltage, ~ i8 pulsed (82) and th- voltage across D is measured (83). If there is voltage, C i8 reported as faulted (84) and the test i8 ~topp~d (94). If no voltage, ~ is opened (85) :~
and ~ i~ pulsed (86). The voltage across D is mQasured (8~) and if no voltage (88), ~ is reported as faulted and the test is stopped (94). If there is voltage, ~ is closed (89), ~ is opened (90) and is pul~ed (91). The voltage acro~s C is measured (92) and if no voltage, D is reported as faulted : ' ' 21~23~ ~
(93) and the test is stopped (94). If there is voitage, the test is ended.
A PLC has herein been described providing fault tolerant operation to an associated load.
The PLC is interconnected with the load by ~-means of a plurality of I/O modules wherein one pair of the modulas interconnects the load with the pcsitive power bus and a separate pair of the modules interconnects the load with the negative power bus. Sampling algorithms stored in the PLC
test the modules continuously to determine whether any of the modules have become faulted.
Having thus described my invention, what I ~
claim as Letters Patent is: -. '' ` "
Claims (20)
1. A fault tolerant programmable logic controller comprising:
a central processor unit;
a controller unit operably connected with said processor unit and adapted for providing output control signals:
a pair of first I/O modules connected with said controller and receiving said output control signals, said first modules interconnecting between a positive power bus and a load; and a pair of second I/O modules connected with said controller and receiving said output control signals, said second modules interconnecting between a negative power bus and said load, whereby said load remains operational upon failure of either one of said first or second I/O modules.
a central processor unit;
a controller unit operably connected with said processor unit and adapted for providing output control signals:
a pair of first I/O modules connected with said controller and receiving said output control signals, said first modules interconnecting between a positive power bus and a load; and a pair of second I/O modules connected with said controller and receiving said output control signals, said second modules interconnecting between a negative power bus and said load, whereby said load remains operational upon failure of either one of said first or second I/O modules.
2. The fault tolerant programmable logic controller of claim 1 wherein said first and second modules include an electronic switch.
3. The fault tolerant programmable logic controller of claim 2 wherein said electronic switch includes means for measuring voltage and current.
4. The fault tolerant programmable logic controller of claim 1 wherein said electronic switch comprises a transistor.
5. The fault tolerant programmable logic controller of claim 4 wherein said electronic switch comprises an insulated gate transistor.
6. The fault tolerant programmable logic controller of claim 1 wherein said central processor unit is interconnected with said modules by means of a first data bus.
7. The fault tolerant programmable logic controller of claim 1 wherein said modules are interconnected with each other and said load by means of a second data bus.
8. The fault tolerant programmable logic controller of claim 1 wherein said first modules are connected together in parallel.
9. The fault tolerant programmable logic controller of claim 1 wherein said second modules are connected together in parallel.
10. The fault tolerant programmable logic controller of claim 1 wherein one of said first modules is connected to a first power supply and the other of said first modules is connected to a second power supply electrically isolated from said first power supply.
11. The fault tolerant programmable logic controller of claim 1 wherein one of said second modules is connected to a first power supply and the other of said second modules is connected to a second power supply electrically isolated from said first power supply.
12. A method of providing fault tolerant operation to an electric load comprising the steps of:
providing a programmable logic controller having a central processor unit and a controller unit;
connecting a plurality of I/O modules between said controller unit and a load each of said modules including an electronic switch;
connecting a first pair of said I/O modules between a positive power bus and a positive input to said load; and connecting a second pair of said I/O modules between a negative power bus and a negative input to said load.
providing a programmable logic controller having a central processor unit and a controller unit;
connecting a plurality of I/O modules between said controller unit and a load each of said modules including an electronic switch;
connecting a first pair of said I/O modules between a positive power bus and a positive input to said load; and connecting a second pair of said I/O modules between a negative power bus and a negative input to said load.
13. The method of claim 12 including the step of connecting one module from said first pair and one module from said second pair to a first common power supply.
14. The method of claim 13 including the step of connecting another module from said first pair and another module from said second pair to a second common power supply electrically-isolated from said first power supply.
15. The method of claim 12 including the steps of measuring current through first electronic switches within said first pair of modules and disconnecting said load when current is absent from both said electronic switches within said first pair.
16. The method of claim 12 including the steps of measuring current through said second pair of modules and disconnecting said load when current is absent from both said electronic switches within said second pair.
17. The method of claim 12 including the steps of reporting a fault condition to said central processor when current is applied to one of said first electronic switches and a voltage is detected across said one first electronic switch.
18. The method of claim 12 including the steps of reporting a fault condition when current is applied to one of said second switches and a voltage is measured across said one second electronic switch.
19. The method of claim 17 wherein said current is applied to said first electronic switches when said load is energized.
20. The method of claim 17 wherein said current is applied to said second electronic switches when said load is de-energized.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US5702493A | 1993-05-05 | 1993-05-05 | |
| US08/057,024 | 1993-05-05 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2122384A1 true CA2122384A1 (en) | 1994-11-06 |
Family
ID=22008030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2122384 Abandoned CA2122384A1 (en) | 1993-05-05 | 1994-04-28 | Fault tolerant programmable controller |
Country Status (5)
| Country | Link |
|---|---|
| JP (1) | JPH0798601A (en) |
| BR (1) | BR9401872A (en) |
| CA (1) | CA2122384A1 (en) |
| DE (1) | DE4415541A1 (en) |
| GB (1) | GB2277814B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2295032A (en) * | 1994-11-14 | 1996-05-15 | Ibm | Fault tolerant cooling in a data storage system |
| SE524639C2 (en) | 2002-10-15 | 2004-09-07 | Abb As | Error detection in an industrial controller under safety-related control |
| SE0203819D0 (en) | 2002-12-19 | 2002-12-19 | Abb As | Method to increase the safety integrity level of a control system |
| DE10358989A1 (en) * | 2003-12-16 | 2005-08-04 | Siemens Ag | Redundant control system |
| DE102004039698B4 (en) * | 2004-08-16 | 2007-04-19 | Siemens Ag | Peripheral unit for an automation device and redundant control system with such peripheral units |
| US8260487B2 (en) | 2008-01-08 | 2012-09-04 | General Electric Company | Methods and systems for vital bus architecture |
| CN105700354B (en) * | 2016-01-31 | 2018-08-07 | 南通大学 | The intellegent sampling and detecting system of adjustable failure |
| CN113791601A (en) * | 2021-08-13 | 2021-12-14 | 南通大学 | Design method of controller with fault self-diagnosis isolation capability |
-
1994
- 1994-04-28 CA CA 2122384 patent/CA2122384A1/en not_active Abandoned
- 1994-05-02 JP JP9346394A patent/JPH0798601A/en active Pending
- 1994-05-03 DE DE19944415541 patent/DE4415541A1/en not_active Withdrawn
- 1994-05-04 BR BR9401872A patent/BR9401872A/en not_active Application Discontinuation
- 1994-05-05 GB GB9408968A patent/GB2277814B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| GB9408968D0 (en) | 1994-06-22 |
| DE4415541A1 (en) | 1994-11-10 |
| JPH0798601A (en) | 1995-04-11 |
| BR9401872A (en) | 1994-12-27 |
| GB2277814B (en) | 1997-04-30 |
| GB2277814A (en) | 1994-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4628397A (en) | Protected input/output circuitry for a programmable controller | |
| US4593380A (en) | Dual function input/output for a programmable controller | |
| US7741958B2 (en) | Network cable for transmitting data and power to networked devices | |
| US4935863A (en) | Control and protection assembly connecting a local area communication network to an industrial process | |
| US20120126626A1 (en) | Device for supplying electrical energy from a plurality of strings of photovoltaic modules to a power grid | |
| US8149554B2 (en) | Apparatus for fault tolerant digital inputs | |
| US6246928B1 (en) | Electrical interruption device comprising a communication module | |
| US4764868A (en) | Distributed input/output system | |
| US7173345B2 (en) | Multi-function integrated automation cable connector system and method | |
| US4870564A (en) | Distributed input/output system | |
| AU3791700A (en) | Monitoring system for low-voltage switch gear | |
| CA2122384A1 (en) | Fault tolerant programmable controller | |
| GB2159987A (en) | Distributed input/output system | |
| EP1664806B1 (en) | Method and system for verifying voltage in an electrical system | |
| EP0933859A1 (en) | Electronic on-line control and monitoring system for high-voltage circuit breakers | |
| US5093804A (en) | Programmable controller input/output communications system | |
| US4872136A (en) | Programmable controller input/output communications system | |
| JP3892572B2 (en) | Test method and test apparatus for control rod operation monitoring control system | |
| JP2001157381A (en) | Substation equipment control and monitoring equipment | |
| CN219417667U (en) | Low-voltage circuit breaker calibration device | |
| KR101415269B1 (en) | Power Distribution Panel Capable of Controlling on Real Time | |
| RU2052828C1 (en) | Device for diagnostics of monitoring and control units with redundancy provision by interchangeable units | |
| JP3077686B2 (en) | Circuit breaker circuit inspection device | |
| CN208334566U (en) | Transmitter change-over panel bakes machine device and transmitter change-over panel bakes machine system | |
| US7743125B1 (en) | Computer multiple communications port unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |