JP2009259134A - Safety plc - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve safety with respect to the operation of an apparatus to be controlled. <P>SOLUTION: A safety PLC includes at least two CPU units 3, 5 for synchronous performance with the same ladder program. The respective CPUs 3a, 5a in the respective CPU units 3, 5 are connected to the respectively independent buses 7, 9. Shared memories 11, 13 are respectively connected to the buses 7, 9. The respective shared memories 11, 13 store the processed data. The abnormality of a control system is determined by determining coincidence/noncoincidence of the both kinds of stored data. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention provides a safety PLC capable of ensuring the safety of the control operation of the above-mentioned devices when performing sequence control on the basis of signals input to a PLC (programmable controller) of various machines / devices and their peripheral devices. , And a system including them.

  The PLC is generally used in factory automation (FA) or the like. For example, a PLC is used to input ON / OFF signals from various input devices such as switches and sensors, and a ladder written in a ladder language or the like from the input signals. A logical operation is executed according to the program, and various output devices such as a relay and a motor are ON / OFF controlled based on the operation result. In contrast to such a general PLC, a safety PLC can be used to stop various devices to be controlled by using input signals from safety-compatible input devices such as an emergency stop button or a signal line disconnection detector, It is a fail-safe PLC that controls various devices to the safe side, such as operating, and is specialized in safety.

  In such a safety PLC, for example, the CPU and other processing units are duplicated to output correctly, for example, an emergency stop switch is pressed, or a sensor such as a light curtain detects the entry of a person In such a case, there is one in which fail-safe (safety) is activated, the system is on the safe side, and the operation is stopped (see Patent Document 1).

  In the safety PLC disclosed in Patent Document 1, the same ladder program is executed by each of a plurality of CPUs, and the corresponding calculation results are checked for matching and mismatching. If they match, the I / O refresh process is executed. If so, lockout processing is performed.

However, in this conventional safety PLC, since the buses that execute the ladder program and input / output signals are the same for each of the plurality of CPUs, the execution synchronization of the ladder program cannot be ensured. There is a problem of lack of reliability regarding coincidence and disagreement.
JP 2002-358106 A

  Therefore, the problem to be solved by the present invention is that the input signal from the safety input device is processed in the safety PLC and the bus is duplicated, so that the reliability of the processed data is secured and the operation of the controlled device is prevented. It is possible to increase safety.

  In order to solve the above problems, the safety PLC according to claim 1 of the present invention has at least two CPU units that execute synchronous processing of input signals input from external devices using the same ladder program. The CPU in the CPU unit stores the processing data in each shared memory connected to a separate external bus, while the CPU in the CPU unit shares the data indicating the processing status with the external bus on its own side. And the stored data is compared with the data indicating the processing state stored in the shared memory connected to the external bus by the CPU in the other CPU unit. As a result of the comparison, the two data are inconsistent. If there is an abnormality in the control system, the control output to the control target device is stopped.

  The external device is not particularly limited. For example, it is not limited to various buttons such as an emergency stop button, various switches such as a safety door switch, and various sensors such as a safety sensor, and any device that can give a signal for safe driving in the control system may be used.

  The control target device is not particularly limited. For example, it is not limited to a motor, an actuator, a relay, etc. For example, other PLC can also be included.

  According to the present invention, since the two CPU units are connected to different buses to form a bus duplex structure, it is possible to ensure the synchronization of execution of the ladder program and to process the signal from the input device. The reliability of the obtained data becomes high. As a result, the control output to the control target device is stopped when the control system is abnormal, and the operation of the control system can be stopped reliably.

  The safety PLC according to claim 2 of the present invention further connects both CPU units via a serial bus, transfers a ladder program from one CPU unit to the other CPU unit via the serial bus, The CPU can download the transferred ladder program to the internal memory, and can easily transfer the same ladder program from one CPU unit to the other CPU unit.

  The safety PLC according to claim 3 of the present invention further connects an external interface to both the external buses, and inputs signals from the safety input device to the external buses to the external interfaces. Each CPU processes the signal individually and stores the processed data in a corresponding shared memory.

  ADVANTAGE OF THE INVENTION According to this invention, the input signal from a safety input device can be processed, the reliability of the processed data can be ensured, and the safety | security with respect to operation | movement of a control object apparatus can be made high.

  Hereinafter, a safety PLC according to an embodiment of the present invention will be described with reference to the accompanying drawings. FIG. 1 is a partial concise example of a main part related to the present invention in a safety PLC according to an embodiment. Referring to FIG. 1, reference numeral 1 denotes an entire safety PLC. The safety PLC 1 includes two first and second CPU units 3 and 5, an external interface 6, and shared memories 11 and 13 having substantially the same configuration. In the embodiment, the number of CPU units is two, but it goes without saying that the number of CPU units may be larger.

  The first CPU unit 3 includes a CPU 3a, a memory 3b, and a tool interface 3c. The second CPU unit 5 includes a CPU 5a and a memory 5b. The CPUs 3 a and 5 a of both the CPU units 3 and 5 are connected by a serial bus 8. There is no master or slave relationship between the first and second CPU units 3 and 5.

  The internal bus 3 d of the first CPU unit 3 is connected to the external bus 7, and the internal bus 5 c of the second CPU unit 5 is connected to the external bus 9. Shared memories 11 and 13 are connected to the external buses 7 and 9, respectively.

  These external buses 7 and 9 are connected to the safety input device 15 and the control target device 17 via the external interface 6. The safety input device 15 is, for example, an emergency stop button, a safety door switch, a safety sensor, or the like. From the safety input device 15, contact ON / OFF data is input to the external interface 6. The control target device 17 is a valve, an actuator, a motor, or the like included in a machine tool, a machine robot, or other devices and systems. The connection form between the external interface 6 and the safety input device 15 or the control target device 17 is not limited. This connection form includes direct connection and connection form via a network. For example, when a sensor is arranged in the network system as the safety input device 15 and the network system enters a dangerous state from the sensor, for example, a door drive relay or the like works as the control target device 17 due to fail-safe. Is operated on the safe side.

  The ladder program is downloaded to the memory 3b of the first CPU unit 3 via the tool interface 3c, and the CPU 3a of the first CPU unit 3 sends the same ladder program to the CPU 5a of the second CPU unit 5 via the serial bus 8. Transfer the program. The CPU 5a of the second CPU unit 5 downloads the transferred ladder program to the memory 5b. Thus, the same ladder program is stored in the memories 3b and 5b of the first and second CPU units 3 and 5, respectively.

  Next, the CPUs 3a and 5a of both the first and second CPU units 3 and 5 sequentially execute the ladder programs stored in the respective memories 3b and 5b. The CPUs 3 a and 5 a of both the first and second CPU units 3 and 5 process signals input from the safety input device 15 via the external interface 6, and data obtained by the processing are respectively stored in the shared memories 11 and 13. Remember me. In this case, the CPUs 3a and 5a of the first and second CPU units 3 and 5 are duplexed by the external buses 7 and 9, respectively, so that a signal input from the safety input device 15 via the external interface 6 is received. The timing of processing and storing the processed data in the shared memories 11 and 13 can be synchronized.

  In this way, the CPUs 3a and 5a of the first and second CPU units 3 and 5 make a determination regarding the state of the safety input device 15 when comparing the processing data stored in the shared memories 11 and 13, respectively. The CPU 3a or 5a that has determined that the comparison data does not coincide with each other among the CPUs 3a and 5a operates the control system and the like because there is an abnormality in the control system including the control target device 17 It can be stopped safely and reliably.

  As described above, the present embodiment has at least two CPU units 3 and 5 that synchronously execute processing of input signals input from the safety input device 15 using the same ladder program. , 5 are connected to separate buses 7 and 9, respectively, and the shared memories 11 and 13 are connected to the buses 7 and 9, respectively. Since storing and determining whether the stored data match or not match, it becomes possible to accurately determine the abnormality of the control system, and to provide a safety PLC with improved safety. .

  In the above embodiment, a single safety PLC is used. However, the CPU units 3 and 5 can be configured as individual PLCs, and a safety system or a safety network including both the PLCs can be used.

FIG. 1 is a diagram showing a schematic configuration of a safety PLC according to an embodiment of the present invention.

Explanation of symbols

1 Safety PLC
3 1st CPU unit 3a CPU
3b Memory 3c Tool interface 5 Second CPU unit 5a CPU
5b Memory 6 External interface 7, 9 External bus 11, 13 Shared memory 15 Safety input device 17 Device to be controlled

Claims (4)

  It has at least two CPU units that synchronously execute processing of input signals input from external devices using the same ladder program, and the CPU in each CPU unit is connected to each shared memory connected to a separate external bus. The processing data is stored, and the CPU in one CPU unit stores the data indicating the processing state in a shared memory connected to the external bus on its own side, and the CPU in the other CPU unit stores the stored data. Compared with the data indicating the processing status stored in the shared memory connected to the external bus, and if the two data do not match as a result of the comparison, the control output to the control target device is stopped because there is an abnormality in the control system. A safety PLC.   Connect both CPU units via a serial bus, transfer the ladder program from one CPU unit to the other CPU unit via the serial bus, and the other CPU downloads the transferred ladder program to the internal memory. The safety PLC according to claim 1, which is enabled.   External interfaces are connected to both external buses, and signals from safety input devices are respectively input to the external interfaces to both external buses. CPUs of each CPU unit individually process signals from safety input devices, The safety PLC according to claim 1 or 2, wherein the data obtained by the processing is stored in a corresponding shared memory.   A system comprising at least two PLCs individually including the two CPU units according to any one of claims 1 to 3.

Images