CA2926352C - Process control system, maintenance support device, and controller - Google Patents

Process control system, maintenance support device, and controller Download PDF

Info

Publication number
CA2926352C
CA2926352C CA2926352A CA2926352A CA2926352C CA 2926352 C CA2926352 C CA 2926352C CA 2926352 A CA2926352 A CA 2926352A CA 2926352 A CA2926352 A CA 2926352A CA 2926352 C CA2926352 C CA 2926352C
Authority
CA
Canada
Prior art keywords
control program
control
revised
component
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA2926352A
Other languages
French (fr)
Other versions
CA2926352A1 (en
Inventor
Kenji Ishikawa
Yu Horikoshi
Yuusaku Ootsuka
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Hitachi Industry and Control Solutions Co Ltd
Original Assignee
Hitachi Ltd
Hitachi Industry and Control Solutions Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd, Hitachi Industry and Control Solutions Co Ltd filed Critical Hitachi Ltd
Publication of CA2926352A1 publication Critical patent/CA2926352A1/en
Application granted granted Critical
Publication of CA2926352C publication Critical patent/CA2926352C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/18Numerical control [NC], i.e. automatically operating machines, in particular machine tools, e.g. in a manufacturing environment, so as to execute positioning, movement or co-ordinated operations by means of programme data in numerical form
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44536Selecting among different versions
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23296Load, update new program without test program, save memory space
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/31From computer integrated manufacturing till monitoring
    • G05B2219/31418NC program management, support, storage, distribution, version, update
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Manufacturing & Machinery (AREA)
  • Stored Programmes (AREA)
  • Programmable Controllers (AREA)

Abstract

In the case where a controller revises a control program for controlling a control target process, a new identification sign having a larger value than used identification signs is applied to a revised component and a component affected by the revised component. Further, a control program distribution unit is included which distributes, to the controller, a maximum value of the identification signs applied to components of the revised control program, as an identification sign of the revised control program.

Description

PROCESS CONTROL SYSTEM, MAINTENANCE SUPPORT DEVICE, AND
CONTROLLER
BACKGROUND
1. Technical Field The present invention relates to a process control system for controlling a plant apparatus, and a maintenance support device and a controller included in the process control system.
2. Description of the Related Art In a power station and a plant, if each plant stops operation, it immediately causes reduction in productivity of products and reduction in sales and profits. Therefore, an application in which a plant is not stopped is desired as much as possible.
Not to cause trouble such as a system shutdown, appropriate management of a control program to control a process is important. Therefore, it is important that revision of a control program which affects operation be certainly detected, and a system operator can confirm that a range of the revision is necessarily sufficient and can crosscheck contents of the revision whether the contents are appropriate. By managing the revision of the control program in this way by the system operator, incorrect update of the control program can be prevented, and an operation rate of the system can be increased.

= CA 2926352 2017-05-04 To manage the revision of the above-described control program, conventionally, the revision management is performed by applying an ID to each control program. For example, in a version check method disclosed in JP 2005-242492 A, generation date information is used as an ID of a management target.
SUMMARY
In the case where a large-scale revision of a control program is performed in a process control system which controls a plant apparatus, it is unavoidable that an update operation procedure becomes complicated. At this time, an update program might be incorrectly targeted, and update failure might be caused. Further, functions which might be affected by the update are extensive; therefore, a failure to confirm operation of a control program is likely to be caused. When the confirmation failure of the control program operation is caused, a system may be operated in a state in which the failure is left.
Further, in the case where a program is substantially revised, the program revision may be performed by multiple devices. At this time, in version management by date information as described in JP 2005-242492 A, the latest program might be incorrectly determined since a sequence of the revision is collapsed due to difference in time setting and time difference among the devises. Further, in the case where an ID is applied by a hash value and the like, update of a program
3 file is only detected. Therefore, it is impossible to understand how much program revision affects system operation, and an appropriate operation plan cannot be established.
An object of selected embodiments is to perform confirmation and approval of update contents easily and certainly in the case where a control program is revised.
Certain exemplary embodiments provide a process control system, comprising: a controller configured to control a control target process by holding a control program in which an individual identification sign is applied to each component and executing the held control program; and a maintenance support device configured to revise the control program and to set the revised control program to the controller, wherein the maintenance support device comprises: a control program revision unit configured to perform a function for revising the control program and to apply a new identification sign having a larger value than used identification signs to a component revised in the revision function and a component affected by the revised component when the revision function is performed;
and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the new identification sign of the revised control program.
4 Other exemplary embodiments provide a maintenance support device configured to revise a control program in which the identification sign is an individual identification sign that is applied to each component and to distribute the revised control program to a controller which controls a control target process, the maintenance support device comprising: a control program revision unit configured to perform a work for revising the control program and to apply a new identification sign having a larger value than used identification signs to a revised component and a component affected by the revised component when the revision work is performed; and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the identification sign of the revised control program.
Yet other exemplary embodiments provide a controller for use in combination with the maintenance support device defined above, comprising: a control program storage unit configured to store a control program in which an individual identification sign is applied to each component; a control processing unit configured to control a control target process by the control program stored in the control program storage unit; and an executing program management unit configured to allow update of the control program in a case where a difference between an identification sign of the control program before being updated = CA 2926352 2017-05-04 and an identification sign of the control program after being updated is within a preliminarily set threshold and to limit execution of the updated control program in a case where the difference exceeds the threshold, when the control program stored in the control program storage unit is updated.
A process control system according to selected embodiments includes a controller and a maintenance support device. The controller controls a control target process by holding a control program in which an individual identification sign is applied to each component and executing the held control program. The maintenance support device revises the control program and sets the revised control program to the controller.
The maintenance support device includes a control program revision unit and a control program distribution unit.
The control program revision unit revises the control program and applies a new identification sign having a larger value than used identification signs to a revised component and a component affected by the revised component when revising the control program. The control program distribution unit distributes, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit as an identification sign of the revised control program.
A maintenance support device according to selected embodiments revises a control program in which an individual = CA 2926352 2017-05-04 5a identification sign is applied to each component and distributes the revised control program to a controller which controls a control target process.
Further, the maintenance support device includes a control program revision unit and a control program distribution unit. The control program revision unit revises the control program and applies a new identification sign having a larger value than used identification signs to a revised component and a component affected by the revised component when revising the control program. The control program distribution unit distributes, to the controller, a maximum value of identification signs applied to components of the control program revised by the control program revision unit as an identification sign of the revised control program.
A controller according to selected embodiments includes a control program storage unit, a control processing unit, and an executing program management unit. The control program storage unit stores a control program in which an individual identification sign is applied to each component. The control processing unit controls a control target process by the control program stored in the control program storage unit. When the control program stored in the control program storage unit is updated, the executing program management unit allows update of the control program in the case where a difference between an identification sign of the control program before being 5b updated and an identification sign of the control program after being updated is within a preliminarily set threshold and controls execution of the updated control program in a case where the difference exceeds the threshold.
According to selected embodiments, update of a control program can be correctly performed without failure. Further, when update operation is performed, a misdetermination by an operator and an error in an operation plan can be prevented.
Therefore, according to selected embodiments, a failure when a control program is updated can be eliminated, and a system with a high operation rate can be realized.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram illustrating a configuration example of an overall system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating an example of a program revision procedure according to the embodiment of the present invention;
FIG. 3 is a flowchart illustrating an example of a process to apply an ID to a component and a program according to the embodiment of the present invention;

FIG. 4 is a diagram illustrating an internal configuration example of a control program according to the embodiment of the present invention and an example of a case where an ID is applied (a first example);
FIG. 5 is a diagram illustrating an internal configuration example of the control program according to the embodiment of the present invention and an example of a case where an ID is applied (a second example);
FIG. 6 is a diagram illustrating an internal configuration example of the control program according to the embodiment of the present invention and an example of a case where an ID is applied (a third example);
FIG. 7 is a diagram illustrating an internal configuration example of a control program according to the embodiment of the present invention and an example of a case where an ID is applied (a fourth example);
FIG. 8 is a flowchart illustrating a process example by a maintenance support device according to the embodiment of the present invention; and FIG. 9 is a flowchart (continuation of FIG. 8) illustrating a process example by the maintenance support device according to the embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS

An embodiment of the present invention (hereinafter, called "the embodiment") will be described below with reference to attached drawings.
1. System overall configuration FIG. 1 illustrates an overall configuration example of a process control system 100.
The process control system 100 is a control system including duplicated controllers la and lb. Specifically, the process control system 100 includes the two controllers la and lb and a maintenance support device 5. The controllers la and lb control a control target process 3 via a process input/output device 2. The maintenance support device 5 is connected to the controllers la and lb via a communication network 4. The controller la of the two controllers la and lb is called an A-system, and another controller lb is called a B-system. Here, the A-system controller la is a main system, and the B-system controller lb is a standby system. However, as described below, the main system and the standby system are switched in accordance with a control state.
The A-system controller la includes a controller storage unit 10a and a controller processing unit 11a. An approved ID
table 12a is included in information stored in the controller storage unit 10a. The controller processing unit ha includes an executing program management unit 13a, a state control unit 14a, and a control processing unit 15a. A control program for execution 16a is stored in the control processing unit 15a. The control program for execution 16a is stored in a control program storage unit (not illustrated) in the control processing unit 15a. When the controller la is a main system, the control processing unit 15a controls the control target process 3 via the process input/output device 2 by executing the control program for execution 16a.
The B-system controller lb has the same configuration as the A-system controller la. Specifically, the B-system controller lb includes a controller storage unit 10b and a controller processing unit 11b. An approved ID table 12b is included in information stored in the controller storage unit 10b. The controller processing unit lib includes an executing program management unit 13b, a state control unit 14b, and a control processing unit 15b. A control program for execution 16b is stored in the control processing unit 15b. The control program for execution 16b is stored in a control program storage unit (not illustrated) in the control processing unit 15b. In the case where the controller lb becomes a main system instead of the controller la, the control processing unit 15b controls the control target process 3 via the process input/output device 2 by executing the control program for execution 16b.
The control processing units 15a and 15b include, for example, an arithmetic processor using a general-purpose microprocessor and a field-programmable gate array (FPGA) and a storage device by a semiconductor memory. The control programs for execution 16a and 16b are information stored in the storage device of each of the control processing units 15a and 15b. The arithmetic processor realizes predetermined control operation by executing the control programs for execution 16a and 16b. Further, an ID of approved control data is stored in the approved ID tables 12a and 12b.
The state control units 14a and 14b receive a controller state transition request sent from the maintenance support device 5 for update and maintenance of the control programs 16a and 16b. In accordance with contents of the received request, the state control units 14a and 14b control stop and operation of the controller la and lb.
The executing program management units 13a and 13b confirm whether the control programs for execution 16a and 16b are executable in the case where the controllers la and lb are switched to an operation state by the state control units 14a and 14b.
Specifically, the executing program management units 13a and 13b first confirm with reference to the approved ID tables 12a and 12b whether the control programs for execution 16a and 1 6b are approved. Next, the executing program management units 13a and 13b confirm whether functions of the control programs for execution 16a and 16b are not separated from functions of the control programs of another system. As a result of the confirmation, in the case where the control program for execution 16 is determined to be unexecutable, the executing program management units 13a and 13b return the result Lo the state control units 14a and 14b and stop the state transition process.
The control processing units 15a and 15b input process data via the process input/output device 2 from the control target process 3 in accordance with instructions of the control programs 16a and 16b and computes control data. Then, the control processing units 15a and 15b output a part of the computed control data to the control target process 3 via the process input/output device 2.
The maintenance support device 5 includes a maintenance function processing unit 50 and a maintenance data storage unit 51. The maintenance function processing unit 50 includes a control program editing unit 52, a control program compiling unit 53, a control program distribution unit 54, a control program comparison unit 55, and a control program approval unit 56. The control program editing unit 52 and the control program compiling unit 53 function as a control program revision unit to revise a control program.
A control program source 57, applied ID data 58, and a control program for distribution 59 are included in data stored in the maintenance data storage unit 51.

The maintenance support device 5 includes a computer device including an arithmetic processor and a semiconductor memory and is connected to an input device 60 such as a keyboard and a mouse and a display device 61 such as a liquid crystal display (LCD).
The control program editing unit 52 includes a graphical user interface with respect to the display device 61 and the like, and creates the control program source 57 or revises the existing control program source 57 by receiving operation input from a user via the input device 60. In addition to correction to rewrite component of a part of the control program source 57, the revision includes various processes to change a part of the control program source 57 such as addition of a component of the control program source 57.
In the case where revision contents of the revision of the control program source 57 affect program operation, the control program editing unit 52 newly applies an ID to a component revised in the control program source 57 and the affected operation. This ID is stored in the applied ID data 58, and whenever an ID is applied, the control program editing unit 52 updates to a value in which the applied ID data 58 is added to an original value. For example, the ID is updated to a value added one to an original value. The ID stored in the applied ID data 58 is applied to each component of a control program. Therefore, one control program includes multiple IDs.
An ID application example will be described later.
The control program compiling unit 53 performs compiling processing to convert the control program source 57 to a program executable by a computer device and creates the control program for distribution 59 which is an executing program module in the controllers la and lb. At this time, an ID written in a source is applied to the control program for distribution 59.
The control program source 57 created in this manner and the control program for distribution 59 are once stored in the maintenance data storage unit 51 in the maintenance support device 5. The control program for distribution 59 is distributed to the B-system controller lb, which is a standby system, by the control program distribution unit 54, and the control program for execution 16b is revised.
Further, an operator who approves when the control program source 57 is revised compares the control program for distribution 59 to be updated and the control program for execution 16b being operated by the control program comparison unit 55 and compares whether contents of the update are correct.
In the case where the approval operator determines in the comparison that the update contents are appropriate, the control program approval unit 56 sets an approved ID to the approved ID table 12b for managing an approved ID for each component of a control program.

Further, after the revised control program for execution 16b is approved, and an operator confirms operation, a main system is switched from the A-system controller la to the B-system controller lb. Then, the control target process 3 is controlled by the B-system controller lb in which the revised control program for execution 16b is set. After that, the control program for distribution 59 is distributed to the A-system controller la which becomes a standby system, and the control program for execution 16a is also revised.
2. Process flow for control program revision FIG. 2 is a flowchart illustrating a procedure for revising a program in the maintenance support device 5 by a user and a flow of a process performed thereby.
First, the revision operator uses the maintenance support device 5, revises a control program, and stores the revised control program (step S11). At this time, the control program editing unit 52 applies an ID 571 managed by the applied TD data 58 to the revised control program source 57 and outputs the control program source 57. A plurality of the control program sources 57 can be output, and an ID is applied to each of them. For example, as illustrated in FIG. 2, if there are revised control program sources 57-1, 57-2, and 57-3, IDs 571-1, 571-2, and 571-3 are applied thereto, respectively.
Next, when a revision operator performs a compiling operation (step S12), the control program compiling unit 53 outputs a control program for distribution 59 based on the control program source 57. At this time, an ID 591 which is same as the ID 571 is applied to the control program for distribution 59. A plurality of the control programs for distribution 59 can be output, and an ID is applied to each of them. For example, as illustrated in FIG. 2, if there are revised control programs for distribution 59-1, 59-2, and 59-3, IDs 591-1, 591-2, and 591-3 are applied thereto, respectively.
Next, when a revision operator performs a download operation (step S13), the control program distribution unit 54 distributes the control program for distribution 59 to a standby system controller (the A-system controller la or the B-system controller lb). The distributed control program for distribution 59 is copied and overwritten to the control program for execution 16a or 16b of the control processing unit 15a or 15b. At this time, an ID 161a or 161b of the copied control program for execution 16a or 16b is also overwritten to a same ID as the ID 591 of the control program for distribution 59.
For example, as illustrated in FIG. 2, if there are revised control programs for execution 16-1, 16-2, and 16-3, IDs 161-1, 161-2, and 161-3 thereof are also rewritten, respectively.
After that, in the maintenance support device 5, an operator who performs approval compares and confirms the control program for distribution 59 and the control program for execution 16a or 16b before revision (step S14). At this time, the control program comparison unit 55 causes the display device 61 to display a revised component of the control program for distribution 59. Then, the operator who performs approval performs an approval operation of a revised control program (step S15), and the control program approval unit 56 sets an approved ID 161 to an ID value of a control program to be approved.
Specifically, the control program approval unit 56 causes to coincide a corresponding ID in the approved ID table 12a or 12b and an ID of the control program for execution 16a or 16b.
Finally, an operator performs the control processing unit 15a or 15b in the controller la or lb, operates the control program for execution 16a or 16b set in the control processing unit 15a or 15b, and outputs an execution result to the maintenance support device 5. The operator confirms output contents.
3. ID application process when control program is revised FIG. 3 is a flowchart illustrating an example of an ID
application process when a control program is revised.
The control program editing unit 52 compares the control program source 57 after revision and the control program source 57 before revision and determines an updated component (step S101). The component updated herein includes a component indicating a function in addition to a component indicating a process.

Further, when a component determined in step S101 is changed, the control program editing unit 52 determines whether there is another component which affects process contents (step S102). Here, in the case where another component affects the process contents (Yes instep S102), IDs applied to the updated component and the component which affects the process contents are deleted (step S103). Further, in the case where there is no component which affects the process contents (No in step S102), an ID applied to the update component is deleted (step S104).
Next, the control program editing unit 52 applies a new ID to the component in which an ID has been deleted (step S105).
At this time, the control program editing unit 52 applies, to each component in order, an ID increased by one from a maximum value of IDs applied as the applied ID data 58. However, the case where the ID is added by one is one example. As described below, the ID may be added more than one.
After an ID application in step S105 is finished, the control program editing unit 52 sets a maximum value of the IDs applied to components in step S105 to an ID of the revised control program source 57 (step S106). When the ID of the control program source 57 is set in step S106, the ID 571 of the control program source 57 stored in the maintenance data storage unit 51 is updated to the set ID. The ID 571 is updated.
Accordingly, an ID 591 of the control program for distribution 59 and IDs 161a and 161b of the control programs for execution 16a and 16b are updated when a revised control program is distributed.
The control program approval unit 56 of the maintenance support device 5 determines components revised since an ID of each component is consistent or inconsistent before and after a control program is revised. Then, the control program approval unit 56 notifies the controllers la and lb whether the component is revised based on the determination.
4. Example of ID application process (first example) FIG. 4 illustrates an example (first example) of an ID
application process when components of a control program are partially revised.
Here, a control program A including eight components is indicated in a tree structure. In an initial state C11 before revision, an individual ID is applied to each component.
Specifically, there are a task-L and a task-MI below the highest element CPU-A, and there is a process-P below the task-L.
Further, there is a function-V and a function-W below the process-P. Furthermore, there is a function-X below a process-Q. At this time, as illustrated in FIG. 4, IDs from "1" to "8" are respectively applied to eight components of the program in the state Cll. Values in brackets in FIG. 4 are IDs.

In the initial state C11, a maximum value of IDs of the components is "8"; therefore an ID of the control program A is set to "8".
Then, the state is changed from the initial state C11 to a state C12 in which the process-Q is revised when an operator revises a control program. At this time, the control program editing unit 52 deletes ID (6) of the process -Q. In FIG. 4, ID values in the brackets are left blank, and it means that IDs are deleted.
Further, by revision of the process-Q, an ID of a component which may affect process contents is also deleted.
Here, an ID of the task-M, which is a component upper than a component of ID of the process-Q, and an ID of CPU-A, which is further upper than the task-M, are also deleted.
In a state C13 in which a revised control program is stored, a new ID is applied to the process-Q, the task-M, and the CPU-A. At this time, a maximum value of IDs of the components before revision is "8", and an ID to be applied next is "9" which is a value added one from "8". In this example, the lowest component to which an ID is not applied is the process-Q;
therefore, an ID of the process-Q is set to "9". By adding one by one subsequently from a lower component, "10" is applied to the task-M, and "11" is applied to CPU-A.
An ID of the revised control program A is a maximum value of IDs of components thereof and therefore set to "11".
5. Example of ID application process (second example) FIG. 5 illustrates an example (second example) of an ID
application process when components of a control program are partially revised. The control program A in the initial state C11 in the example illustrated in FIG. 5 is same as the control program A in the initial state C11 in the example illustrated in FIG. 4.
In the initial state C11, a maximum value of IDs of the components is "8"; therefore an ID of the control program A is set to "8".
Then, the state is changed from the initial state C11 to a state C14 in which the task-M is revised when an operator revises a control program. At this time, the control program editing unit 52 deletes ID(7) of the task-M. Further, by revision of the task-M, an ID of a component which may affect process contents is also deleted. Here, an ID of the CPU-A which is a component upper than the task-M is deleted. The case where ID values in brackets are left blank means that the IDs are deleted.
In a state C15 in which a revised control program is stored, a new TD is applied to the task-M and the CPU-A. At this time, a maximum value of IDs of components before revision is "8", and an ID of the task-M is set to "9", and an ID of the CPU-A is set to "10".

An ID of the revised control program A is a maximum value of IDs of these components and therefore set to "10".
6. Example of ID application process (third example) FIG. 6 illustrates an example (third example) of an ID
application process when components of a control program are partially revised. The control program A in the initial state C11 in an example illustrated in FIG. 6 is same as the control program A in the initial state C11 in the example illustrated in FIG. 4.
In the initial state C11, a maximum value of IDs of the components is "8"; therefore an ID of the control program A is set to "8".
Then, the state is changed from the initial state Cll to a state C16 in which the function-X is revised when an operator revises a control program. At this time, the control program editing unit 52 deletes ID(3) of the function-X.
Further, by revision of the function-X, an ID of a component which may affect process contents is also deleted.
Here, IDs of the process-Q, the task-M, and the CPU-A which are components upper than the task-M are deleted. The case where ID values in brackets are left blank means that the IDs are deleted.
In a state C17 in which a revised control program is stored, a new ID is applied to the function-X, the process-Q, the task-M, and the CPU-A. At this time, a maximum value of IDs of the components before revision is "8"; therefore an ID
of the function-X is set to "9", an ID of the process-Q is set to "10", an ID of the task-II is set to "11", and an ID of the CPU-A is set to "12".
An ID of the revised control program A is a maximum value of IDs of these components and therefore set to "12".
7. Example of ID application process (fourth example) FIG. V illustrates an example (fourth example) of an ID
application process when components of a control program are partially revised. The control program A in the initial state C11 in an example illustrated in FIG. 7 is same as the control program A in the initial state C11 in the example illustrated in FIG. 4.
In the initial state C11, a maximum value of IDs of the components is "8"; therefore an ID of the control program A is set to "8".
Then, the state is changed from the initial state C11 to a state C18 in which the process-Q is revised when an operator revises a control program. At this time, the control program editing unit 52 deletes ID(6) of the process -Q.
Here, revision of the process-Q does not affect other components. Alternatively, when an ID is managed, the revision of the process-Q can ignore the influence on the task-M and the CPU-A which are upper components. In this case, as in the state C18 illustrated in FIG. 7, IDs of the task-M and the CPU-A are not deleted.
In a state C19 in which a revised control program is stored, a new ID is applied to the process-Q. At this time, a maximum value of IDs of the components before revision is "8", and an ID to be applied next is "9" which is a value added one from "8". An ID of the revised control program A is a maximum value of the applied IDs and therefore set to "9".
The ID application state of each component illustrated in FIGS. 4 to 7 is an example. As described in a variation to be described later, an ID may be applied in other state.
8. Update example of control program by controller FIGS. 8 and 9 are flowcharts illustrating a switching process of the controllers la and lb when the control programs for execution 16a and 16b are updated.
Left sides in FIGS. 8 and 9 indicate processes in the maintenance support device 5, and right sides in FIGS. 8 and
9 indicate states of the controllers la and 1b. As illustrated in FIG. 8, in an initial state C21, the A-system controller la is a main system, and the B-system controller lb is a standby system. Here, an online operation state means, in the case of the main system, a state where control data is output to the control target process 3 and means, in the case of the standby system, a state where a same control program is executed as the main system, and the standby system can be switched to the main system at any time.
In the state C21, the maintenance support device 5 first sends a stop request to the B-system controller lb which is a standby system (step S21). When the state control unit 14b of the B-system controller lb receives the stop request, the B-system controller lb stops operation thereof (state 022).
The stop state herein means a state in which execution of the control program 16b is stopped. Therefore, in the state 022, the B-system controller lb is in a state in which a hot standby is cancelled.
In this state, the maintenance support device 5 sends the revised control program 59 to the B-system controller lb which is a standby system in the state C22 (step S22). The B-system controller lb receives the control program 59 and updates the control program 16b to the revised control program 59.
Next, the maintenance support device 5 sends an offline operation request to the B-system controller lb which is a standby system (step 323). The state control unit 14b of the B-system controller lb receives the offline operation request, and the B-system controller lb becomes a standby system offline operation state (state C23). Here, the offline operation state is a state in which the B-system controller .1b, which is a standby system, executes the control program 16b and confirms whether the operation is correct or incorrect. Determination whether the operation is corrector incorrect is performed, for example, by comparing control data for consistency sent from the A-system controller la to the B-system controller lb with control data obtained by the B-system controller lb.
Here, when the B-system controller lb which is a standby system is in an offline operation state, immediately before execution of the control program 16b is started, a process to confirm whether a control program intended by an operator is executed in the controller lb is performed. Specifically, the executing program management unit 13b in the B-system controller lb determines an approval state of the control program 16b.
First, the executing program management unit 13b determines whether the control program 16b is approved (step S24). Here, the executing program management unit 13b determines whether the control program 16b is approved by determining whether an ID is registered in the approved ID table 12.
Here, if the ID is not registered in the approved ID table 12b, the control program 16b is not approved (No in step S24), and the executing program management unit 13b suspends the process and notifies an operator by the display device 61 that the control program 16b is not approved. Then, after the operator, for example, further revises the control program 59, processes from step S21 are performed again. Further, if the ID is registered in the approved ID table 12, the control program 16b is approved (Yes in step S24), and the executing program management unit 13b continues the process, and determination in step S25 is performed.
Next, the executing program management unit 13b copies approved ID data stored in the approved ID table 12a of the A-system controller la to the controller storage unit 10b of the B-system controller lb. Then, the executing program management unit 13b compares the copied approved ID data value and the ID value in the approved ID table 12b of a standby system, and determines a difference between the both ID values (step S25).
Determining the difference between the ID values in step S25, for example, correspond to comparing ID "8" of the control program A in the state C11 before update illustrated in FIG.
4 and ID "11" of the control program A in the state C13 after update. Determining the difference between the ID values means determining whether a revision level of a control program exceeds a specified value (specified level).
The specified value of the difference in IDs is set in advance according to system properties. In the case where a revision level exceeds the specified value, during online operation, probably, the program revision significantly affects update, and operation cannot be sufficiently confirmed.
Therefore, it is determined in principle that a program should be updated after a system is stopped. Specifically, for example, the specified value is set to a relatively small value such as "1" or "2".
If the specified value is exceeded in the determination in step S25 (No in step S25), the maintenance support device suspends online maintenance and notifies an operator by the display device 61 that online maintenance cannot be performed since a revision level is large. The operator who has confirmed this notification confirms operation by performing simulation under other inspection environment and performs update operation. Further, in the determination in step S25, in the case where the revision level is within the specified value (Yes in step S25), the process is continued.
Next, the operator confirms operation of the control program 16b and determines whether operation of the B-system controller lb is correct (step S26). Here, in the case where the operator cannot confirm that the operation of the B-system controller lb is correct (No in step S26), the process is suspended. Then, the operator, for example, further revises the control program 59 and performs processes after step S21 again.
In the case where an action of the B-system controller lb is confirmed to be correct in step S26 (Yes in step S26), the maintenance support device 5 sends an online operation request to the B-system controller lb which is a standby system (step S27). When the state control unit 14b of the B-system controller lb receives the online operation request, the B-system controller lb becomes a standby system online operation state (state C24).
Next, the maintenance support device 5 sends amain system relinquishment request to the A-system controller la which is amain system (step S28). The A-system controller la which has received the main-system relinquishment request relinquishes a main system and becomes a standby system online operation state. Accordingly, the B-system controller lb becomes amain system online operation state (state C25). In the state C25, the main system and the standby system are changed between the A-system controller la and the B-system controller lb.
After that, the process is switched from processes in FIG. 8 to processes in FIG. 9 , and step S31 is performed.
Processes in steps S31 to S38 in FIG. 9 are performed with respect to the A-system controller la by the maintenance support device 5, and process contents thereof are same as contents of processes performed with respect to the B-system controller lb by the maintenance support device 5 in steps S21 to S28 in FIG. 8. Specifically, the A-system controller la and the B-system controller lb in steps S21 to S28 are exchanged in steps S31 to S38, and description thereof will be omitted herein. Further, regarding a controller state, the A-system controller la and the B-system controller lb in states C22 to C25 are exchanged in states 031 to 034.
As described above, the control programs 16a and 16b of the A-system controller la and the B-system controller lb are updated to the revised control program 59 sent from the maintenance support device 5. Then, states of the A-system controller la and the B-system controller lb are returned to the original state 021.
According to the process control system 100 in which the controllers la and lb according to the embodiment are duplicated as described above, two controllers la and lb become a standby system in order, and a control program is updated when the standby system controller is in an off-line state. When the control program is updated, it is determined for each of the controllers la and lb whether a revision level of the control program is within an allowable range, and if it is within the allowable range, the update is allowed. Therefore, according to the process control system 100 in the embodiment, online maintenance is restricted in the case where the update significantly affects and causes a high risk, and a safe system operation can be realized.
9. Specific example when control program is updated An ID value of a control program before update and an ID value of a control program after update are compared in steps S25 and S35, and a specific process to determine a revision level of Lhe control program will be herein described with reference to FIGS. 4 to 7.
For example, a specific value for comparison is set to "1". At this time, as illustrated in FIG. 4, if an ID of the control program A before update is "8", and an ID of the control program after update is "11", a difference between the ID values is "3". Therefore, in the case of the example in FIG. 4, the executing program management unit 13b determines that the specific value exceeds "1" and detects that a revision level of a program exceeds an allowable range. Therefore, in the maintenance support device 5, online maintenance is suspended since detailed operation confirmation is needed. Further, in the case of examples in FIGS. 5 and 6, differences between ID
values before and after update are "2" and "4", and similarly, it is detected that a revision level of a program exceeds an allowable range. On the other hand, in the case of the example in FIG. 7, a difference between ID values before and after update is "1", and it is detected that a revision level of a program is within an allowable range.
As described above, in the case where a specific value is "1", one component of a control program is corrected, and also in the case where the correction is a small level and does not affect other components, revision of a control program by online maintenance is automatically allowed.

In the case where the specific value is set to "2", the revision of the control program illustrated in FIG. 5 is within an allowable range, and the revisions in the examples in FIGS.
4 and 6 are out of the allowable range. The specific value is selected depending on various requirements such as a configuration of the control target process 3 and a required system stability level.
10. Variation when ID is set In the above-described embodiment, when a control program is revised, the maintenance support device 5 performs a process in which a new ID value added one to a used ID value is applied to each corrected component. For example, in the example in FIG. 6, in the state C17, IDs "9", "10", "11", and "12" which are larger than ID "8" of an original control program are set to the function-X which is an updated component and the process-Q, the task-M, and the CPU-A which are affected by the update.
At this time, the maintenance support device 5 may weight each of the components to which a new ID is applied depending on importance of the components, and an adding value when ID
is applied may be variably set. For example, a component of the function is significantly affected by correction; therefore an ID value added Lhree from an ID applied immediately before is applied thereto. Further, a component of the process is moderately affected by the correction; therefore an ID value added two from an ID applied immediately before is applied thereto. Further, components of the task and the CPU are relatively less affected by the correction; therefore an ID
value added one from an ID applied immediately before is applied thereto. According to the above-described rule, in the state C17 in the example in FIG. 6, in the case where an ID of each component is set, an ID of the function-X is (11), an ID of the process-Q is (13), an ID of the task-M is (14), and an ID of the CPU-A is (15). An ID of the control program A after correction is "15".
Thus, by weighting an ID when the ID is applied to a component, a difference between ID values before and after correction of a control program becomes remarkable depending on a revision level. Therefore, it can be determined whether revision is safe, by comparing a difference before and after correction of IDs of a control program and a specified value.
Further, instead of weighting each component depending on types, weighting when an ID is applied may be automatically performed depending on a revision pattern and a revision level of a corrected component. For example, when one component is corrected, and two portions are corrected in the component, an ID value thereof was added two from an ID applied immediately before. Thus, a difference between IDs before and after a control program is corrected becomes remarkable depending on a revision level.

In the examples illustrated in FIGS. 4 to 6, an ID is applied to all components. On the other hand, an ID may not be applied to a part of components such as the highest component (CPU-A in the example in FIG. 4).
11. Other variation The process control system 100 illustrated in FIG. 1 includes the duplicated controllers la and lb. However, the present invention is applicable to a system which is not duplicated. However, in the case of the system which is not duplicated, a revised control program needs to be set to a controller after a process control is stopped. Therefore the system cannot continuously operate as described in the flowcharts in FIGS. 8 and 9.
Further, in the flowcharts in FIGS. 8 and 9, an approval process in a controller is performed in the order of steps S24, S25, and S26 and S34, S35, and S36. On the other hand, determination whether steps S24 and S34 are approved, determination of a revision level in steps S25 and S35, determination of operations insteps S26 and S 3 6 may be performed in order other than the above order.
In the above-described embodiment, IDs of control programs before and after revision are compared in the controllers la and lb. On the other hand, IDs of the control programs before and after revision may be compared in the maintenance support device 5. For example, the control program approval unit 56 in the maintenance support device 5 may perform approval processes in steps S24, S25, and S26 in FIG.
8.
Certain exemplary embodiments provide a process control system, comprising: a controller configured to control a control target process by holding a control program in which an individual identification sign is applied to each component and executing the held control program; and a maintenance support device configured to revise the control program and to set the revised control program to the controller, wherein the maintenance support device comprises: a control program revision unit configured to perform a function for revising the control program and to apply a new identification sign having a larger value than used identification signs to a component revised in the revision function and a component affected by the revised component when the revision function is performed; and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the new identification sign of the revised control program.
Additional exemplary embodiments provide the process control system further having a main system controller configured to control a control target process as the controller; and a standby system controller configured to control the control target process instead of the main system controller in a case where the main system controller has trouble, wherein, while the main system controller controls the control target process, the maintenance support device performs online maintenance to update the control program of the standby system controller to the revised control program, 33a and when the online maintenance is performed, the standby controller allows the online maintenance in a case where a difference between the identification sign of the control program being executed by the main system controller and the identification sign of the control program being updated is within a preliminary set threshold and limits such that the online maintenance is not performed in a case where the difference exceeds the threshold.
Certain exemplary embodiments provide a maintenance support device configured to revise a control program in which the identification sign is an individual identification sign that is applied to each component and to distribute the revised control program to a controller which controls a control target process, the maintenance support device comprising: a control program revision unit configured to perform a work for revising the control program and to apply a new identification sign having a larger value than used identification signs to a revised component and a component affected by the revised component when the revision work is performed; and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the identification sign of the revised control program.
Additional exemplary embodiments provide the process control system further having a control program storage unit configured to store the control program in which the individual identification sign is applied to each component; a control processing unit configured to control a control target process by the control program stored in the control program storage unit; and an executing program management unit 33b configured to allow update of the control program in a case where a difference between an identification sign of the control program before being updated and an identification sign of the control program after being updated is within a preliminarily set threshold and to limit execution of the updated control program in a case where the difference exceeds the threshold, when the control program stored in the control program storage unit is updated.
Further, the present invention is not limited to the above-described embodiments, and other various applications and variations are applicable within the gist of the present invention described in claims.
For example, the above-described embodiment describes a device configuration in detail and specifically for clarifying the present invention, and every configurations described above may not be necessarily included.
Further, signal flow lines needed for description are illustrated in FIG. 1 indicating an internal configuration of a device, and every flow lines needed as a device are not necessarily indicated. It may be considered that almost all of the configurations are actually connected each other.

Claims (8)

Claims:
1. A process control system, comprising:
a controller configured to control a control target process by holding a control program in which an individual identification sign is applied to each component and executing the held control program; and a maintenance support device configured to revise the control program and to set the revised control program to the controller, wherein the maintenance support device comprises:
a control program revision unit configured to perform a function for revising the control program and to apply a new identification sign having a larger value than used identification signs to a component revised in the revision function and a component affected by the revised component when the revision function is performed; and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the new identification sign of the revised control program.
2. The process control system according to claim 1, wherein, when applying the new identification sign to the revised component and the component affected by the revised component, the control program revision unit automatically increases a value of the identification sign by a predetermined value, and a difference between the identification sign applied by the control program distribution unit and the identification sign of the control program before revision indicates a revision level of the revised control program.
3. The process control system according to claim 1, wherein the maintenance support device comprises an approval unit configured to approve the control program, the approval unit determines the revised component by consistency or inconsistency of identification information of each component, and notifies the controller based on the determination whether the component is revised.
4 . The process control system according to claim 1, wherein the controller manages execution of the revised control program based on a revision level determined from the difference between the identification sign of the revised control program distributed from the control program distribution unit and the identification sign of the control program before revision.
5. The process control system according to claim 1, comprising:
a main system controller configured to control a control target process as the controller; and a standby system controller configured to control the control target process instead of the main system controller in a case where the main system controller has trouble, wherein, while the main system controller controls the control target process, the maintenance support device performs online maintenance to update the control program of the standby system controller to the revised control program, and when the online maintenance is performed, the standby controller allows the online maintenance in a case where a difference between the identification sign of the control program being executed by the main system controller and the identification sign of the control program being updated is within a preliminary set threshold and limits such that the online maintenance is not performed in a case where the difference exceeds the threshold.
6. The process control system according to claim 1, wherein, in a case where the new identification sign having a larger value than used identification signs is applied to the revised component and the component affected by the revised component, the control program revision unit sets an increase value to be variable depending on a type or a revision level of the component when a value of the identification sign is increased.
7. A maintenance support device configured to revise a control program in which the identification sign is an individual identification sign that is applied to each component and to distribute the revised control program to a controller which controls a control target process, the maintenance support device comprising:
a control program revision unit configured to perform a work for revising the control program and to apply a new identification sign having a larger value than used identification signs to a revised component and a component affected by the revised component when the revision work is performed; and a control program distribution unit configured to distribute, to the controller, a maximum value of the identification signs applied to components of the control program revised by the control program revision unit, as the identification sign of the revised control program.
8. A controller for use in combination with the maintenance support device of claim 7, comprising:
a control program storage unit configured to store the control program in which the individual identification sign is applied to each component;
a control processing unit configured to control a control target process by the control program stored in the control program storage unit; and an executing program management unit configured to allow update of the control program in a case where a difference between an identification sign of the control program before being updated and an identification sign of the control program after being updated is within a preliminarily set threshold and to limit execution of the updated control program in a case where the difference exceeds the threshold, when the control program stored in the control program storage unit is updated.
CA2926352A 2015-04-28 2016-04-07 Process control system, maintenance support device, and controller Active CA2926352C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-091688 2015-04-28
JP2015091688A JP6401657B2 (en) 2015-04-28 2015-04-28 Process control system, maintenance support device and controller

Publications (2)

Publication Number Publication Date
CA2926352A1 CA2926352A1 (en) 2016-10-28
CA2926352C true CA2926352C (en) 2019-05-14

Family

ID=57215500

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2926352A Active CA2926352C (en) 2015-04-28 2016-04-07 Process control system, maintenance support device, and controller

Country Status (3)

Country Link
JP (1) JP6401657B2 (en)
CA (1) CA2926352C (en)
GB (1) GB2539079B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018122893A1 (en) * 2016-12-26 2018-07-05 株式会社日立製作所 Data access system and data access method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1356377A2 (en) * 2000-10-04 2003-10-29 Siemens Energy & Automation, Inc. Manufacturing system software version management
US7117052B2 (en) * 2003-02-18 2006-10-03 Fisher-Rosemount Systems, Inc. Version control for objects in a process plant configuration system
JP3913742B2 (en) * 2004-02-24 2007-05-09 株式会社大和総研 Object version check system and method, and program
JP2006318197A (en) * 2005-05-12 2006-11-24 Fuji Electric Fa Components & Systems Co Ltd Controller support device and program
JP4799114B2 (en) * 2005-10-06 2011-10-26 中村留精密工業株式会社 NC machine tool control program update method and apparatus
JP4865634B2 (en) * 2007-05-14 2012-02-01 株式会社キーエンス Program editing support apparatus, computer program, program editing support method, and PLC system

Also Published As

Publication number Publication date
GB2539079B (en) 2019-01-16
JP6401657B2 (en) 2018-10-10
JP2016207150A (en) 2016-12-08
CA2926352A1 (en) 2016-10-28
GB2539079A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
US10409270B2 (en) Methods for on-process migration from one type of process control device to different type of process control device
US10705500B2 (en) Support device, method, and recording medium for simplifying control program changing operation
WO2016060266A1 (en) Control program maintenance device, control program maintenance method, and program
US10698678B2 (en) Method for online updating firmware of complex programmable logic device
CN109358549B (en) Intelligent control method and device for excavator
TWI520067B (en) Engineering tool program product and network system
EP3151071B1 (en) System for updating a control program while actively controlling an industrial process
CN111290768A (en) Updating method, device, equipment and medium for containerization application system
US20210165650A1 (en) Seamless and safe upgrade of software intensive systems during operation
CN104615501A (en) Method, controller, management platform and system used for fault recovery
CA2926352C (en) Process control system, maintenance support device, and controller
JP5421894B2 (en) Duplex process control apparatus and control data matching method
EP3304282B1 (en) System and method for replacing a live control/estimation application with a staged application
JP2007102625A (en) Method and device for updating control program of nc machine tool
US9953293B2 (en) Method for controlling changes of replication directions in a multi-site disaster recovery environment for high available application
CN110784353B (en) Network element equipment configuration data migration method and device
JP2015146117A (en) Engineering device and control logic verification method
CN112204479A (en) Program management system, program support device, program management method, and program support program
JP6611227B2 (en) NC machine control system
CN105183301A (en) User view attribute modifying method and device
JP2018180722A (en) Data management system
JP2015162179A (en) Sequence program replacement method of programmable controller
JP2695525B2 (en) Program module management device
WO2012177597A1 (en) Networking elements as a patch distribution platform for distributed automation and control domains
KR20030041605A (en) Apparatus and method for remote upgrading of program in communication system