WO2009080550A2 - Procédé de surveillance de l'ordre d'exécution logique et de la transmission de données d'un programme subdivisé en modules individuels - Google Patents

Procédé de surveillance de l'ordre d'exécution logique et de la transmission de données d'un programme subdivisé en modules individuels Download PDF

Info

Publication number
WO2009080550A2
WO2009080550A2 PCT/EP2008/067373 EP2008067373W WO2009080550A2 WO 2009080550 A2 WO2009080550 A2 WO 2009080550A2 EP 2008067373 W EP2008067373 W EP 2008067373W WO 2009080550 A2 WO2009080550 A2 WO 2009080550A2
Authority
WO
WIPO (PCT)
Prior art keywords
program
modules
value
test
interfaces
Prior art date
Application number
PCT/EP2008/067373
Other languages
German (de)
English (en)
Other versions
WO2009080550A3 (fr
Inventor
Udo Fuchs
Manfred Hammer
Martin Link
Rainer Faller
Original Assignee
Endress+Hauser Gmbh+Co.Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Endress+Hauser Gmbh+Co.Kg filed Critical Endress+Hauser Gmbh+Co.Kg
Publication of WO2009080550A2 publication Critical patent/WO2009080550A2/fr
Publication of WO2009080550A3 publication Critical patent/WO2009080550A3/fr

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/28Error detection; Error correction; Monitoring by checking the correct order of processing

Definitions

  • the invention relates to a method for monitoring the logical execution order and the data transmission of a subdivided into individual modules program according to claim 1.
  • Corresponding methods for monitoring the logical execution sequence and the data transmission of a program subdivided into individual modules are used in process and automation technology in the measuring transducers of measuring devices or of field devices.
  • the Applicant sells and distributes, for example, field devices or entire measuring systems for filling level, flow, pressure and temperature measurement as well as liquid analysis and measured value registration.
  • measuring devices and actuators are referred to as field devices.
  • these field devices measure a physical quantity, e.g. the pressure, the temperature, the flow rate or the level at defined points in a process unit and send a measured value signal to a process control system for further processing.
  • Functional safety includes all aspects to prevent, prevent and treat faulty behavior of control systems and machinery and personnel, with the aim of reducing risks to employees, the environment and the environment To reduce process equipment. Functional safety can be found in energy and process engineering (NPP), in traffic engineering (rail), process industry (chemical, oil gas) and in machine tools.
  • NPP energy and process engineering
  • traffic engineering rail
  • process industry chemical, oil gas
  • the operators of systems with safety-relevant functions set the safety integrity level for the respective safety function as part of a risk assessment. According to this definition, the appropriate devices are selected and merged into one system.
  • program flow monitoring As a measure for fault detection during the operating phase of the field device.
  • the basic goal of a program flow control method is to detect unauthorized program deviations or deviations from the planned program shutdown and to initiate corresponding measures in case of deviations.
  • the deviations in a program sequence are present, for example, if functions or command sequences of a program are processed in the wrong order, in the wrong time period or not at all.
  • the program flow monitoring or control can be divided into two basic monitoring principles, the temporal or logical program flow control.
  • the object of the invention is to provide a method for monitoring (nodular programs that works reliably and is easy to implement in programs.
  • An advantage of the invention is that the monitoring of the execution order of the individual modules of the program and the checking of the links of the cut parts of the modules can take place simultaneously.
  • 1 a shows a first representation of a correct linking of modules of a program
  • 1b shows a second representation of an incorrect linking of modules of a program
  • FIG. 2a is a first program flow chart of the modules of a program shown in FIG. 1;
  • FIG. 2a is a first program flow chart of the modules of a program shown in FIG. 1;
  • FIG. 2b is a second program flow diagram of the modules of a program shown in FIG. 1;
  • FIG. 2c is a third program flow chart of the modules of a program shown in FIG. 1;
  • FIG. 2c is a third program flow chart of the modules of a program shown in FIG. 1;
  • 3a shows a second representation of a faulty linking of modules of a program
  • FIG. 3b is a fourth program flowchart of erroneously linked modules of a program shown in FIG. 3a.
  • a first representation of a correct link (V) of modules B of a program A is shown.
  • the program A is integrated, for example, for carrying out measuring and operating tasks and / or for communication in a measuring transducer of a feeder device of the process and / or automation technology, which is not explicitly shown here.
  • An advanced program A is subdivided into modules B or blocks which are linked to one another statically and / or dynamically via defined interfaces P or ports at runtime of the program A and via these links V exchange at least the data calculated in the modules B.
  • each interface P of the modules B is first assigned an indicator ID which, for example, corresponds to a binary data word of at least 8 bits (binary digit), a code number or a MAC address (Media Access Control).
  • this indicator ID is the binary address with which the corresponding interface P can be addressed as an input element or as an output element of the module B.
  • this indicator ID is transmitted to the interface P by appending it, for example, before the data word calculated in module B.
  • modules B In the modular programming technique, procedures and their data are combined in logical units, so-called modules B.
  • the program A is basically broken down into functional modules B, which can be individually planned, programmed and tested. To complete the programming, the individual modules B can then be logically linked with each other via interfaces P, and are thus ready for use.
  • the modular programming with standardized or standardized interfaces P between the modules B describes the attempt to simplify the programming and to make it even more efficient.
  • the modular structure of a program A preferably also has the advantage that the individual modules B can be generated on different data processing devices and / or by different programmers and only individual modules B of the program A in the main memory of the data processing device of, for example, a transmitter of a field device of process automation must be loaded.
  • the program A can be extended as desired by the modular design and can be easily and quickly changed and / or corrected by the exchange of individual modules B.
  • the transfer of the data words to the universal interfaces P of the modules B must have been defined, so that the modules B can do something with the data words of the other modules B.
  • the low development costs and the short development times, as well as the individual development of the modules B with a modular structure of a program A make this kind of program construction also for the industrial applications highly interesting.
  • FIG. 1a shows a section of a program A with six modules B1, B2, B3, B4, B5, 86.
  • the modular structure of the program A is arbitrarily expandable.
  • the first module B1 is connected via a link V of the first Cut parts P1 connected to the third interface P3 of the second module B2 and additionally connected via the second interface P2 to the sixth interface PQ of the fifth module B5.
  • the second module B2 is connected via a fourth interface P4 to the eighth interface P8 of the third module B3 of the program A via a link V.
  • the second module B2 is connected via the fifth interface P5 to the tenth interface P10 of the fourth module B4.
  • Another link V exists between the seventh interface P7 of the fifth module P5 and the twelfth interface P12 of the sixth module B6.
  • the interfaces P9, P11, P13 are not connected in Fig. 1 a with other modules B, however, further embodiments of
  • the individual module B of the program A are executed successively and / or in parallel according to the specifications from the configuration phase of the program A.
  • the execution order of the individual modules B is indicated in FIG. 1a by the individual numbered modules B1, B2, B3, B4, B5, B6.
  • a correct configuration of the links V of the individual modules B via the interfaces P represents the first row R1 with the first, third, fourth, eighth and ninth cut parts P1, P3, P4, P8, P9.
  • Another correct configuration of the links V of individual modules B on the cutting parts P is formed by the first, fifth and sixth module BI 1 B5, 86 with the second, sixth, seventh, twelfth and thirteenth interfaces P2, P6, P7, P12, P13 as the third row R3.
  • the second row R2 of the first module B1 with the second interface P2, the second module B2 with the third and fifth interface P3, P5 and the fourth module B4 with the tenth and eleventh interface P10, P11 is the execution order of the modules B, to be monitored according to the invention in this embodiment.
  • the monitored links V of the interfaces P are shown as dashed lines and the monitored interfaces P1, P3, P4, P10, P11 themselves as staffed squares.
  • the first and third rows R1, R3 are not monitored in these embodiments of FIGS. 1a and 1b.
  • Fig. 1 b a second representation of an incorrect linkage of modules B of a program A is shown.
  • the link V between the first interface P1 and the third interface P3 has been separated in this illustration, whereby the first interface P1 is connected to the tenth cutting parts P10 and the eleventh interface P11 is connected to the third cutting parts P3.
  • an incorrect execution order of the modules B is generated, which can be seen in the program flow chart of the calculation algorithms of the modules B and the check algorithm of the indicators ID of the interfaces P in Fig. 2c.
  • FIG. 2a shows a first program flow diagram of the modules B to be monitored of the program A to be monitored and the correct links of the modules B to be monitored, which are shown in FIG. 1a.
  • program A executes the individual modules B according to the sequence specified by, for example, a numbering.
  • the correct linking of the individual modules B via the interfaces P and the execution order of the individual modules B is carried out by the formation of at least one test value C at the interfaces P of the modules B.
  • the program A is started, first the calculation of the first module B1 is carried out and a start indicator for the calculation of the test value C is specified.
  • a comparison value S of the first check value C is added, which is determined from the start indicator IDO and the first indicator ID1.
  • the data word of the first interface P1 to be transmitted via the link V to the third interface P3 of the second module B2 is composed of the test value C of the first interface P1 calculated using the first indicator ID1 and the data calculated by the first module B1 ,
  • the data word transmitted to the third interface P3 of the second module B2 is checked by means of a third indicator ID3 of the third interface P3 by the calculation of the current comparison value S of the second test value C. After this check, the second module B2 is executed.
  • the data word which is derived from the second module B2 via the fifth cutting parts P5 is determined by the formation a check value C with the fifth indicator ID5 checked.
  • the third module B3 can be executed.
  • the program A is executed with the processing of the fourth module B4.
  • a comparison value S is determined at the eleventh interface P11 by means of a renewed formation of the test value C.
  • the eleventh interface P11 of the fourth module B4 is not linked to any further interface P of a module B in this exemplary embodiment.
  • the unsupervised fifth and sixth modules B5, B6 are executed.
  • the current comparison value S of the determined test value C at the end of the chain of interconnected modules B are compared with the stored expected values E to check whether the data to the monitored interfaces P1, P3, P5, P10, P11 the second row were correctly transmitted and the order of execution of the execution of the individual modules B were met.
  • the monitoring principle implies that any substitution of the execution order of the individual modules B or a link V via the interfaces P of the modules B to another
  • the program A is stopped, for example, and restarted if necessary or continued at a defined position with a predefined data word.
  • the check algorithm computes the check value C from the indicator ID by means of a cyclic redundancy check by a polynomial division of a bit sequence.
  • FIG. 2b there is shown a second program flow diagram of the monitored, second order R2 of program A modules A shown in Fig. 1a.
  • the difference in this second embodiment from the first embodiment of monitoring the execution order of the modules B and the correct linking V of the interfaces P of the modules B shown in Fig. 2a is that the execution of the fifth module B5 and the sixth module B6 between the transmission of the data word from the first interface P1 of the first module B1 to the third interface P3 of the second module B2. Since only the second order R2 of the links V 1 of the interfaces P 1, P 3, P 5, P 10, P 11 is monitored in these two exemplary embodiments from FIGS. 2 a and 2 b, a correct comparison of the comparison values S of the test values C with the expected values is also carried out here E of the test value C determined.
  • FIG. 3a shows the case of a cross-linking K in which the first interface PI of the first module B1 is not linked to the third interface P3 of the second module B2 but to the sixth interface P6 of the fifth module B5.
  • the second interface P2 of the first module B1 is not linked to the third interface P3 of the second module B2 and not to the sixth interface PQ of the fifth module B5.
  • the cross-link K does not produce correct comparison values S of the check values C in the calculation of the second interface P2 instead of the first interface P1 one sole
  • FIG. 3b shows the case of an allowed, fourth program flow diagram of the second sequence R2 of the modules B of the program A monitored in FIG. 3a, which due to a faulty link FV or a cross-link K does not contain valid check values C in the check of the link Interfaces P1, P3, PS 1 P10, P11 can determine the second order R2.
  • the comparison value S of the checksum C formed in the first module B1 by the second indicator ID2 is transmitted via the cross-link K to the third cutting parts P3 with the data determined in the second module B2.
  • the conditions of the second sequence R2 of the interface P1, P3, PS, P10, P11 is not met, and thus a faulty connection V of the interfaces P of the individual modules B is detected.
  • the individual links V of the individual interfaces P of the modules B must be redefined in a configuration phase.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un procédé de surveillance de l'ordre d'exécution et de la transmission de données d'un programme subdivisé en modules individuels, caractérisé en ce que les modules individuels du programme sont réunis entre eux au moyen d'interfaces définies correspondant à un ordre, et en ce qu'entre les modules individuels, des données sont transmises, via ces interfaces, suivant un standard prédéterminé, en ce qu'un indicateur correspondant est associé à chaque interface d'un module, les indicateurs associés étant également transmis lors de la transmission de données entre les interfaces individuelles, et en ce qu'une valeur de contrôle est formée par un algorithme de contrôle, à partir des indicateurs des interfaces individuelles en fonction de la liaison de l'ordre des modules.
PCT/EP2008/067373 2007-12-21 2008-12-12 Procédé de surveillance de l'ordre d'exécution logique et de la transmission de données d'un programme subdivisé en modules individuels WO2009080550A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102007062920A DE102007062920A1 (de) 2007-12-21 2007-12-21 Verfahren zur Überwachung der logischen Ausführungsreihenfolge und der Datenübertragung eines in einzelne Module unterteilten Programms
DE102007062920.8 2007-12-21

Publications (2)

Publication Number Publication Date
WO2009080550A2 true WO2009080550A2 (fr) 2009-07-02
WO2009080550A3 WO2009080550A3 (fr) 2009-11-12

Family

ID=40679232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/067373 WO2009080550A2 (fr) 2007-12-21 2008-12-12 Procédé de surveillance de l'ordre d'exécution logique et de la transmission de données d'un programme subdivisé en modules individuels

Country Status (2)

Country Link
DE (1) DE102007062920A1 (fr)
WO (1) WO2009080550A2 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009047724A1 (de) 2009-12-09 2011-06-16 Endress + Hauser Wetzer Gmbh + Co Kg Verfahren zur Programmlaufkontrolle

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0615188B1 (fr) * 1993-03-11 1997-11-05 Gec Alsthom Transport Sa Procédé pour contrÔler l'exécution correcte d'un programme d'ordinateur multitâche
EP1043641A2 (fr) * 1999-04-09 2000-10-11 Siemens Aktiengesellschaft Système d'automatisation à sécurité intrinsèque avec un processeur standard et méthode pour un système d'automatisation à sécurité intrinsèque
DE102004018857A1 (de) * 2004-04-19 2005-11-10 Elektro Beckhoff Gmbh Unternehmensbereich Industrie Elektronik Sicherheitssteuerung
US20070255980A1 (en) * 2006-04-28 2007-11-01 Takashi Endo Method and apparatus for detecting false operation of computer
DE102007015369A1 (de) * 2006-12-29 2008-07-03 Endress + Hauser Gmbh + Co. Kg Verfahren zur Überwachung des logischen Programmablaufs von kritischen Funktionen in Programmen eines Feldgeräts der Prozess- und Automatisierungstechnik

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05341819A (ja) * 1991-02-05 1993-12-24 Mitsubishi Electric Corp Sfcプログラムのデバッグ装置及びデバッグ方法
DE19617332A1 (de) * 1996-04-30 1997-08-07 Siemens Ag Verfahren zur Prüfung der Funktionsweise eines Prozeßsystems einer technischen Anlage
GB9911890D0 (en) * 1999-05-22 1999-07-21 Lucas Ind Plc Method and apparatus for detecting a fault condition in a computer processor
DE10063350C1 (de) * 2000-12-19 2002-07-18 Siemens Ag Verfahren zur Überwachung einer Datenverarbeitung und -übertragung

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0615188B1 (fr) * 1993-03-11 1997-11-05 Gec Alsthom Transport Sa Procédé pour contrÔler l'exécution correcte d'un programme d'ordinateur multitâche
EP1043641A2 (fr) * 1999-04-09 2000-10-11 Siemens Aktiengesellschaft Système d'automatisation à sécurité intrinsèque avec un processeur standard et méthode pour un système d'automatisation à sécurité intrinsèque
DE102004018857A1 (de) * 2004-04-19 2005-11-10 Elektro Beckhoff Gmbh Unternehmensbereich Industrie Elektronik Sicherheitssteuerung
US20070255980A1 (en) * 2006-04-28 2007-11-01 Takashi Endo Method and apparatus for detecting false operation of computer
DE102007015369A1 (de) * 2006-12-29 2008-07-03 Endress + Hauser Gmbh + Co. Kg Verfahren zur Überwachung des logischen Programmablaufs von kritischen Funktionen in Programmen eines Feldgeräts der Prozess- und Automatisierungstechnik

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NAMJOO M ED - INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS: "TECHNIQUES FOR CONCURRENT TESTING OF VLSI PROCESSOR OPERATION" 1. November 1982 (1982-11-01), QUALITY PRODUCTIVITY PROFIT. PHILADELPHIA, 15 - 18 NOVEMBER 1982; [INTERNATIONAL TEST CONFERENCE], SILVER SPRING, IEEE COMP. SOC. PRESS, US, PAGE(S) 461 - 468 , XP000746184 das ganze Dokument *

Also Published As

Publication number Publication date
WO2009080550A3 (fr) 2009-11-12
DE102007062920A1 (de) 2009-06-25

Similar Documents

Publication Publication Date Title
DE60019038T2 (de) Intelligente Fehlerverwaltung
EP2210151B1 (fr) Appareil de champ pour déterminer ou surveiller une variable de processus dans l'automatisation des processus
EP2359204B1 (fr) Système de maintenance central adaptatif et procédé de planification d'opérations de maintenance de systèmes
EP2359201B1 (fr) Procédé pour définir un niveau de sécurité et gestionnaire de sécurité
EP2447843B1 (fr) Procédé de vérification d'un programme d'application d'une commande par programme enregistré protégée contre les erreurs et commande par programme enregistré destinée à l'exécution du procédé
EP2078253A2 (fr) Procédé et dispositif de gestion des pannes
EP3745217B1 (fr) Dispositif de surveillance d' un système de traitement et de transmission de données.
EP2927819A1 (fr) Procédé de traitement automatique de plusieurs fichiers journaux d'un système d'automatisation
DE102014111361A1 (de) Verfahren zum Betreiben einer Sicherheitssteuerung und Automatisierungsnetzwerk mit einer solchen Sicherheitssteuerung
DE102009047724A1 (de) Verfahren zur Programmlaufkontrolle
EP1359485B1 (fr) Système de commande et surveillance
WO2009080550A2 (fr) Procédé de surveillance de l'ordre d'exécution logique et de la transmission de données d'un programme subdivisé en modules individuels
WO2014122063A1 (fr) Dispositif et procédé de détection de manipulations non autorisée de l'état du système d'une unité de commande et de régulation d'une installation nucléaire
DE102007015369A1 (de) Verfahren zur Überwachung des logischen Programmablaufs von kritischen Funktionen in Programmen eines Feldgeräts der Prozess- und Automatisierungstechnik
EP3470937A1 (fr) Procédé et dispositifs de surveillance du temps réactionnel d'une fonction de sécurité fournie par un système de sécurité
EP2480940A1 (fr) Procédé de mise à disposition de fonctions de sécurité
EP3470939A1 (fr) Procédé et dispositifs de surveillance de l'intégrité de sécurité d'une fonction de sécurité fournie par un système de sécurité
EP3709113B1 (fr) Procédé de vérification de l'intégrité de données
DE102019109353B3 (de) Dynamische Anomalieerkennung und -behandlung
DE19545645A1 (de) Sicherheitskonzept für Steuereinheiten
WO2007065571A1 (fr) Systeme et procede de verification automatique de resultats de conception
WO1998038577A1 (fr) Appareil electronique redondant a canaux certifies et non certifies
DE202023102955U1 (de) Sicherheitssystem mit einem Sicherheitskanal zur Ausführung und Verwaltung von Sicherheitsfunktionen
DE102021204460A1 (de) Verfahren und Hardwarevorrichtung für diverse Redundanz aus nicht diversem Software-Quellcode
EP3002652B1 (fr) Procédé de surveillance d'état dans un système d'automatisation industriel et programme de commande

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08865090

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 08865090

Country of ref document: EP

Kind code of ref document: A2