Automatic fault detection and recovery system which provides stability and continuity of operation in an industrial multiprocessor control
First Claim
1. A multiprocessor computer control system comprising at least a first central processor and a second central processor, a plurality of sensors coupled to equipment in a production system, means for connecting said sensors to first and second process input/output systems, a plurality of controllable devices for operating the production system equipment, switch means including at least first switch means for coupling said first process input/output system to said first central processor and second switch means for coupling said second process input/output system to said second central processor, and means for detecting control system faults and providing control system recovery in reconfigured form as necessary with substantially no process disturbance, said fault detecting and recovery means including a system bootstrap microprocessor controller coupled to each said central processor, means forming a part of said microprocessor controller and said central processors for sensing any of a plurality of control system failures and for thereby triggering said microprocessor controller into a recovery mode of operation, means for stopping said central processors and placing process control signals in a hold state upon command by said microprocessor controller, means for detecting the integrity of each central processor, said central processors including means for defining reconfigured central processor hardware so that process control duties are loaded only on operational central processor hardware, means including said microprocessor controller for operating said switch means as required so that only operational central processor hardware is coupled to the process equipment, means for restarting said system after completion of control system reconfiguration if any, and means for returning said microprocessor controller to a monitor mode after completion of the fault detection and recovery mode.
1 Assignment
0 Petitions
Accused Products
Abstract
A multiprocessor computer control system for a process includes at least two central processors and respectively associated input/output systems. Control system faults are detected and a bootstrap microprocessor is triggered into its fault detector and recovery mode. The output control signals are placed on and central processors are stopped and restarted and then it is determined which if any of them is to be inoperative. A reconfigured control system is defined with the inoperative unit(s) excluded. The microprocessor switches the input/output systems as necessary to structure the control system in reconfigured form so that process control can resume without disturbance.
-
Citations
5 Claims
- 1. A multiprocessor computer control system comprising at least a first central processor and a second central processor, a plurality of sensors coupled to equipment in a production system, means for connecting said sensors to first and second process input/output systems, a plurality of controllable devices for operating the production system equipment, switch means including at least first switch means for coupling said first process input/output system to said first central processor and second switch means for coupling said second process input/output system to said second central processor, and means for detecting control system faults and providing control system recovery in reconfigured form as necessary with substantially no process disturbance, said fault detecting and recovery means including a system bootstrap microprocessor controller coupled to each said central processor, means forming a part of said microprocessor controller and said central processors for sensing any of a plurality of control system failures and for thereby triggering said microprocessor controller into a recovery mode of operation, means for stopping said central processors and placing process control signals in a hold state upon command by said microprocessor controller, means for detecting the integrity of each central processor, said central processors including means for defining reconfigured central processor hardware so that process control duties are loaded only on operational central processor hardware, means including said microprocessor controller for operating said switch means as required so that only operational central processor hardware is coupled to the process equipment, means for restarting said system after completion of control system reconfiguration if any, and means for returning said microprocessor controller to a monitor mode after completion of the fault detection and recovery mode.
Specification
-
- Resources
-
Current AssigneeWestinghouse Process Control, Inc. (Emerson Electric Company)
-
Original AssigneeWestinghouse Electric Corporation (Paramount Global (f/k/a ViacomCBS Inc.))
-
InventorsStaab, Carl J.
-
Primary Examiner(s)ATKINSON, CHARLES
-
Application NumberUS06/160,411Time in Patent Office1,000 DaysField of Search371/11, 364/101, 364/119, 364/200, 364/900, 364/184, 364/186, 364/187US Class Current714/55CPC Class CodesG06F 11/1417 Boot up proceduresG06F 11/2025 using centralised failover ...G06F 11/2038 with a single idle spare pr...G06F 11/2041 with more than one idle spa...
