High speed synchronization in dual-processor safety controller

US 7,287,184 B2
Filed: 09/16/2003
Issued: 10/23/2007
Est. Priority Date: 09/16/2003
Status: Active Grant

First Claim

Patent Images

1. A safety controller comprising:

a first and second processing unit communicating on a communication bus, each including a processor and memory, the memory of each of the first and second processing units loadable with a common safety program and input/output variables, wherein the safety program is repeatably executable to read input variables representing inputs from external controlled devices and write output variables representing outputs to external controlled devices at least one processor including a buffer receiving a plurality of input variables asynchronously from I/O circuits connected to sensors;

a coordinator program providing each of the first and second processing units with identical copies of the input variables from the buffer at a predetermined point in the repeated execution of the common safety programs;

a synchronization program executable by the first and second processing units to execute the common safety programs based on the identical copies and to compare execution of the common safety programs and to enter a safety state when this execution differs.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A safety controller executes a control program in two processing units to detect processor failure by comparison of the execution in each unit. This comparison is made rapid by synchronizing the input variables at the beginning of the task and comparing output variables at a conclusion of the task, avoiding line-by-line comparison of input and output variables. Intermediate variables, that are neither input nor output values, are compared at a less frequent interval.

41 Citations

View as Search Results

24 Claims

1. A safety controller comprising:
- a first and second processing unit communicating on a communication bus, each including a processor and memory, the memory of each of the first and second processing units loadable with a common safety program and input/output variables, wherein the safety program is repeatably executable to read input variables representing inputs from external controlled devices and write output variables representing outputs to external controlled devices at least one processor including a buffer receiving a plurality of input variables asynchronously from I/O circuits connected to sensors;
  
  a coordinator program providing each of the first and second processing units with identical copies of the input variables from the buffer at a predetermined point in the repeated execution of the common safety programs;
  
  a synchronization program executable by the first and second processing units to execute the common safety programs based on the identical copies and to compare execution of the common safety programs and to enter a safety state when this execution differs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The safety controller of claim 1 wherein the coordination program provides identical input variables at only a single point in the repeated execution of the common safety programs.
  - 3. The safety controller of claim 1 wherein at least one of the processing units further executes a non-safety program and wherein the predetermined point in the repeated execution of the common safety programs is the start of the common safety programs.
  - 4. The safety controller of claim 1 wherein the synchronization program compares execution of the safety program by comparing output variables generated by the first and second processing unit executing the safety program.
  - 5. The safety controller of claim 4 wherein the safety program is executed repeatedly and wherein the comparison of the output variables is performed at the conclusion of each repeated execution immediately prior to outputting of the output variables to the external controlled device.
  - 6. The safety controller of claim 1 wherein the safety program also executes to generate values of internal variables different from the input and output variables and wherein the synchronization program compares execution of the safety program by comparing values of internal variables generated by the first and second processing unit executing the safety program.
  - 7. The safety controller of claim 6 wherein the safety program is executed repeatedly and wherein the comparison is performed at a period greater than the repetition period.
  - 8. The safety controller of claim 1 wherein the coordination program stops the common safety programs execution at the predetermined point in the repeated execution of the common safety program until the identical input variables have been provided to the common safety programs.
  - 9. The safety controller of claim 1 wherein the communication bus is a backplane having releasable electrical connectors allowing connection of the first and second processing unit to and from the backplane.
  - 10. The safety controller of claim 1 wherein the communications bus is a serial communications network having releasable electrical connectors allowing connection of the first and second processing unit to and from the serial communication bus.
  - 11. The safety controller of claim 1 wherein the synchronization program combines the output variables when the execution of the common safety program does not differ to produce a single set of output variables transmittable to the controlled device.
  - 12. The safety controller of claim 1 wherein the combination creates a message having one output variable concatenated to the value of the output variable complemented.

13. A method of operating a safety controller having a first and second processing unit, each including a processor and memory, the memory of each of the first and second processing units loadable with a common safety program and input/output variables, the safety program being repeatably executable to read input variables representing inputs from external controlled devices and write output variables representing outputs to external controlled devices, the method comprising the steps of:
- (a) accumulating asynchronous input variables in a buffer;
  
  (a) providing each of the first and second processing units with identical copies of the accumulated input variables from the buffer at a first time at a predetermined point in the repeated execution of the common safety programs; and
  
  (b) executing by the first and second processing units the common safety programs and comparing execution of the common safety programs to enter a safety state when this execution differs.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13 wherein step (a) provides identical input variables at only a single point in the repeated execution of the common safety programs.
  - 15. The method of claim 13 wherein the predetermined point in the repeated execution of the common safety programs is the start of the common safety programs.
  - 16. The method of claim 13 wherein step (b) compares execution of the safety program by comparing output variables generated by the first and second processing unit executing the safety program.
  - 17. The method of claim 16 wherein the safety program is executed repeatedly and wherein step (b) is performed at the conclusion of each repeated execution immediately prior to outputting of the output variables to the external controlled device.
  - 18. The method of claim 13 wherein the safety program also executes to generate values of internal variables different from the input and output variables and wherein step (b) compares execution of the safety program by comparing values of internal variables generated by the first and second processing unit executing the safety program.
  - 19. The method of claim 13 wherein the safety program is executed repeatedly and wherein the comparison is performed at a period greater than the repetition period.
  - 20. The method of claim 13 wherein step (a) stops the common safety programs execution at the predetermined point in the repeated execution of the common safety program until the identical input variables have been provided to the common safety programs.
  - 21. The method of claim 13 wherein identical input variables are provided by copying of input variables from the first processing unit to the second processing unit.
  - 22. The method of claim 13 wherein the first processing unit includes a buffer memory receiving input variables asynchronously and wherein step (a) copies the buffer memory identically to memory in each of the processing units.
  - 23. The method of claim 13 wherein step (b) combines the output variables when the execution of the common safety program does not differ to produce a single set of output variables transmittable to the controlled device.
  - 24. The method of claim 13 wherein the combination creates a message having one output variable concatenated to the value of the output variable complemented.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Rischar, Charles Martin, Izzo, Joseph Paul, Kucharski, Paul G., Gibart, Anthony Gerard, Kalan, Michael Dean
Primary Examiner(s)
Beausoliel; Robert W.
Assistant Examiner(s)
Mehrmanesh; Elmira

Application Number

US10/663,863
Publication Number

US 20050060605A1
Time in Patent Office

1,498 Days
Field of Search

714/12, 714/11
US Class Current

714/11
CPC Class Codes

G05B 2219/24187   Redundant processors run id...

G05B 2219/24195   Compare data in channels at...

G05B 9/03   with multiple-channel loop,...

G06F 11/1633   using mutual exchange of th...

G06F 11/1683   at instruction level

High speed synchronization in dual-processor safety controller

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

High speed synchronization in dual-processor safety controller

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others