WO2012003862A1 - Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation - Google Patents

Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation Download PDF

Info

Publication number
WO2012003862A1
WO2012003862A1 PCT/EP2010/059651 EP2010059651W WO2012003862A1 WO 2012003862 A1 WO2012003862 A1 WO 2012003862A1 EP 2010059651 W EP2010059651 W EP 2010059651W WO 2012003862 A1 WO2012003862 A1 WO 2012003862A1
Authority
WO
WIPO (PCT)
Prior art keywords
messages
processes
synchronization
communication
controllers
Prior art date
Application number
PCT/EP2010/059651
Other languages
German (de)
English (en)
Inventor
Rene Graf
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to PCT/EP2010/059651 priority Critical patent/WO2012003862A1/fr
Publication of WO2012003862A1 publication Critical patent/WO2012003862A1/fr

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2038Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant with a single idle spare processing component
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2048Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant where the redundant components share neither address space nor persistent storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2097Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24186Redundant processors are synchronised
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25472Synchronise controllers, sensors, measurement with data bus
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25483Synchronize several controllers using messages over data bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1687Temporal synchronisation or re-synchronisation of redundant processing components at event level, e.g. by interrupt or result of polling

Definitions

  • the invention relates to a device for synchronizing two processes of a redundant control system of an industrial automation system according to the preamble of patent claim 1.
  • HV high-availability
  • this important and potentially endangered by the failure components executed two or more times so that reproached in reserve component Anstel ⁇ le the failed component can continue to operate in case of failure.
  • This operating mode is also referred to as "hot standby”.
  • the user programs or the operating systems underlying them have integrated so-called instruction counters which count the executed instructions since the last synchronization. This can be ensured even with interruptions in program loops that not only the same command in the loop body, ie at the same program counter state of the processor, but also in the same run of the loop is stopped.
  • the instruction counter can be provided with a trigger value. The occurrence of an "external" event can occur in the case of non-synchronicity in both controllers at different times in the respective sequence of the user program. In this case, both controllers determine which command they were interrupted for and exchange that information. Thereafter, both controllers increase the higher of the two values by one (or to any other agreed value) than
  • Trigger value for the command counter and start the user program again or release the continuation of the respective process. Once both instruction counter has reached the set trigger value, the event can be processed synchronously on both controllers because the user pro ⁇ gram respectively at exactly the same time or interrupted at the exact same place.
  • both controllers which comprise the processes and programs to be synchronized, have such a device.
  • the object is in particular provides a means for synchronization of two processes of a redundant control system of an industrial Automatmaschinesanord ⁇ voltage with two redundant controllers, wherein the means for forwarding messages from a first one of the processes a first of the controllers to a second of the processes a second of the controls is set up.
  • the device for receiving and processing configuration commands is set up by the second of the processes, wherein the configuration commands specify the source and / or the type of messages to be forwarded, with no forwarding to the second of the processes being provided for other messages.
  • the device can be configured in such a way that only the messages of the first process needed for synchronization to the second processes are forwarded for a synchronization of the processes.
  • the device is part of the second control ⁇ tion, so that it can be realized in the manner of a "middleware" by software.
  • the device transmits not only messages to the processes, programs, etc. of the affected STEU ⁇ augmentation, but conversely also by the pro ⁇ processes, programs, etc. of the control messages sent answers and, preferably according to a
  • the available communication channels, media, etc. It is also advantageous if both or all of the controllers to be synchronized have such a device.
  • the participating devices can also exchange configuration data with each other so that inconsistencies in the configuration can be detected and avoided.
  • the devices tion channels depending on the status and usage of available communication, etc. define media for news of Various ⁇ nen processes, applications and programs the respective commu ⁇ nikationswege automatically.
  • the device is connected to a further communication device
  • Linked manner of a "middleware" pathways which messages the un ⁇ -ranking means of communication and that are formatted in accordance with ⁇ Kunststoffaji communication protocols, transmits in a common format or protocol and transmitted to the input direction, and vice versa, so that in the themselves must be no protocol conversions einrich ⁇ processing.
  • such functionality can also be integrated into the device so that the processes and applications of the application layer (layer 7) are relieved of protocol-specific adaptations of the messages.
  • the communications ⁇ device ie the so-called second "middleware" set up for the exchange of messages both via a fieldbus system and via a backplane bus, so that a suitable communication medium can be selected depending on the topography of the networking of the controllers to be synchronized.
  • all le involved controllers such a communication device.
  • the device is connected to an internal message system in the manner of a "message queue", so that the internal messages of the controller, which are not routed via external communication interfaces, can likewise be processed by the device Configuration commands are configurable such that the forwarding of the messages of the internal communication system is releasable or lockable.
  • Figure 1 shows a schematic representation of two controllers with a synchronization connection according to the prior art
  • Figure 2 is a schematic representation of the instances used for the communication and synchronization of a controller with the device according to the invention.
  • FIG. 1 shows two controllers S1, S2 according to an arrangement from the prior art, the architecture of which is based on the invention explained later on the basis of FIG.
  • the controllers Sl, S2 each have their own hardware HW1, HW2 as a platform, wherein for the purposes of synchronization of the controllers Sl, S2, which together form a high-availability automation system or are a part of such, these with the communication interfaces KU, KI2 are equipped.
  • These are connected via a physi cal ⁇ SVP synchronization connection with each other, a fiber optic link in this embodiment (optical fiber line) is.
  • the synchronization connection (SVP and thus SVL1, SVLn) can be used both by the operating systems OS1, OS2, as well as by the network stacks NWS1, NWS2 and the various applications AP11, AP2n. Since the physical synchronization connection SVP and thus the logical synchronization connections SVL1, SVLn and thus the communication interfaces KU, KI2 support or support the data exchange of the various applications AP11, AP2n in parallel, the messages or data messages must always be sent to the correct recipient which means that channel allocation in the considered system according to the prior art is completely static. It should also be noted that in the described configuration of the prior art further communication interfaces such. the message queue MQS, which the applications AP11, AP2n and threads or processes use among themselves for communication, are not provided or can not be integrated into the communication via the interfaces KU, KI2. Therefore, a process or thread that has such an inter-
  • Process communication uses, alternating both communications ⁇ paths with respect to any present messages überprü- which results in performance disadvantages, is complicated in terms of handling and hinders real-time capability.
  • FIG. 2 the architecture of which deviates from the controls S1, S2 described with reference to FIG. 2 schematically shows the "layer structure" of the software of such a controller based on the ISO / OSI layer model, where layers 2 and 4 are shown in the lower part of the architecture, with the corresponding function blocks for communication via Profibus PBL2 , PBL4, via Profinet PNL2, PNL4, a backplane bus RWBL2, RWBL4
  • the function blocks SL2, SL4 as synchronization layer 2 and synchronization layer 4 are shown, which is analogous to the synchronization connection SVP, SVL1 from the example of FIG 1 illustrating a dedicated synchronization connection or are connected to such.
  • such synchronizers ⁇ tion link may be analogous to the example of the prior art according to figure 1, a light fiber connection.
  • MQS internal message system
  • the applications, processes and “threads” of said layer 7 are shown in the figure as an application AP, server service SD, network stack NWS, etc. While the applications AP11, AP2n of Figure 1 directly to the communication interface KU or KI2 of the ISO / OSI layer model are linked as a function block of the layers 2 and 4, at least one further "layer” with the facility S ( "Selector") interposed in the example of FIG. 2 the a ⁇ directionally accepts S for all applications and other facilities of the layer 7 (shown in Figure 2 above) the role ei ⁇ ner "central waiting place". That is, the applications and processes AP, SD, NWS, etc. for any traffic and
  • Message exchange are only connected to the device S.
  • the device S is given a list with so-called "file descriptors" as a configuration command, with which the type of messages or via which communication channel (for example, Profibus, Profinet, rear ⁇ plane bus or synchronization connection) messages are expected and can be processed at present.
  • the application AP in an idle state or in a non-time-critical state, it can set up configure S so that messages of all
  • the application AP is, for example, in a time-critical state, in particular in the phase of synchronization with a similar application on a different controller, for example via the internal message system MQS.
  • File descriptor is specified, the only one and only the expected synchronization messages or the associated logical synchronization connection SVLl, ..., SVLn applies.
  • the Synchronisati ⁇ onsnachonne be accepted not only on the fiber optic link with the function blocks SL2, SL4, but additionally or alternatively serve through other Karlunikationsme-.
  • a communication device SIE ocket interface device
  • PBL4, PNL4, RWBL4, SL4 protocol stacks of the layer 4
  • a uniform (“ generic ") communication protocol communicates.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Hardware Redundancy (AREA)

Abstract

L'invention concerne un dispositif (S) pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation comportant deux commandes redondantes (S1, S2), le dispositif (S) étant configuré pour la transmission de messages d'un premier des processus d'une première des commandes (S1) à un deuxième des processus d'une deuxième des commandes (S2). Le dispositif (S) est configuré pour la réception et le traitement d'instructions de configuration du deuxième des processus, la source et/ou la nature des messages à transmettre étant spécifiables par les instructions de configuration, tandis que pour d'autres messages, aucune transmission au deuxième des processus n'est prévue. Le dispositif (S) est configurable de telle sorte que pour une synchronisation des processus, seuls les messages du premier processus nécessaires pour la synchronisation sont transmis au deuxième des processus. Ceci apporte une grande flexibilité de configuration des connexions de synchronisation à travers différentes voies de transmission et permet d'éviter les perturbations des processus de synchronisation par des messages non pertinents.
PCT/EP2010/059651 2010-07-06 2010-07-06 Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation WO2012003862A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2010/059651 WO2012003862A1 (fr) 2010-07-06 2010-07-06 Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2010/059651 WO2012003862A1 (fr) 2010-07-06 2010-07-06 Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation

Publications (1)

Publication Number Publication Date
WO2012003862A1 true WO2012003862A1 (fr) 2012-01-12

Family

ID=43759757

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/059651 WO2012003862A1 (fr) 2010-07-06 2010-07-06 Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation

Country Status (1)

Country Link
WO (1) WO2012003862A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2701065A1 (fr) * 2012-08-24 2014-02-26 Siemens Aktiengesellschaft Procédé de fonctionnement d'un système d'automatisation redondant
CN111867006A (zh) * 2020-06-29 2020-10-30 新华三技术有限公司 一种配置文件恢复方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5551034A (en) * 1993-01-08 1996-08-27 Cegelec System for synchronizing replicated tasks
WO2001058114A1 (fr) * 2000-02-02 2001-08-09 Siemens Aktiengesellschaft Reseau ayant des proprietes de redondance et noeud de reseau, notamment appareil de champ pour reseau de ce type
EP1291744A2 (fr) * 2001-09-06 2003-03-12 Siemens Aktiengesellschaft Procédé et dispositif de synchronisation
US20060168013A1 (en) * 2004-11-26 2006-07-27 Invensys Systems, Inc. Message management facility for an industrial process control environment
US20070168058A1 (en) * 2006-01-13 2007-07-19 Emerson Process Management Power & Water Solutions , Inc. Method for redundant controller synchronization for bump-less failover during normal and program mismatch conditions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5551034A (en) * 1993-01-08 1996-08-27 Cegelec System for synchronizing replicated tasks
WO2001058114A1 (fr) * 2000-02-02 2001-08-09 Siemens Aktiengesellschaft Reseau ayant des proprietes de redondance et noeud de reseau, notamment appareil de champ pour reseau de ce type
EP1291744A2 (fr) * 2001-09-06 2003-03-12 Siemens Aktiengesellschaft Procédé et dispositif de synchronisation
US20060168013A1 (en) * 2004-11-26 2006-07-27 Invensys Systems, Inc. Message management facility for an industrial process control environment
US20070168058A1 (en) * 2006-01-13 2007-07-19 Emerson Process Management Power & Water Solutions , Inc. Method for redundant controller synchronization for bump-less failover during normal and program mismatch conditions

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2701065A1 (fr) * 2012-08-24 2014-02-26 Siemens Aktiengesellschaft Procédé de fonctionnement d'un système d'automatisation redondant
CN103631683A (zh) * 2012-08-24 2014-03-12 西门子公司 用于运行冗余的自动化系统的方法
US10365618B2 (en) 2012-08-24 2019-07-30 Siemens Aktiengesellschaft Method for operating a redundant automation system
CN111867006A (zh) * 2020-06-29 2020-10-30 新华三技术有限公司 一种配置文件恢复方法及装置
CN111867006B (zh) * 2020-06-29 2023-10-24 新华三技术有限公司 一种配置文件恢复方法及装置

Similar Documents

Publication Publication Date Title
DE102004001031B4 (de) Redundante Anwendungsendgeräte für Prozesssteuerungssysteme
EP2034668B1 (fr) Système de communication hautement disponible
EP1374052B1 (fr) Procede d'exploitation d'un systeme informatique reparti
DE102009042368B4 (de) Steuerungssystem zum Steuern von sicherheitskritischen Prozessen
EP1566029B1 (fr) Unite de passerelle permettant de connecter des sous-reseaux, notamment dans des vehicules
EP1657608B1 (fr) Procédé et appareil pour actionner d'un réseau
EP2099163B1 (fr) Système de bus de terrain redondant
EP3547618B1 (fr) Procédé d'établissement d'une connexion de communication redondante et unité de commande sécurisée
EP3622357B1 (fr) Système de commande servant à commander des processus critiques pour la sécurité et non-critiques pour la sécurité, muni d'une fonctionnalité maître-esclave
EP2838220A1 (fr) Procédé de transmission redondante de messages dans un réseau de communication industriel et appareil de communication
EP2626789A2 (fr) Liaisons de synchronisation alternatives entre des installations de commande redondantes
DE4416795A1 (de) Redundant konfigurierbares Übertragungssystem zum Datenaustausch und Verfahren zu dessen Betrieb
EP2491492A1 (fr) Système d'automatisation et procédé pour faire fonctionner un système d'automatisation
WO2009127470A1 (fr) Procédé d’utilisation d’une commande de sécurité et réseau d’automatisation doté d’une telle commande de sécurité
DE19921589C2 (de) Verfahren zum Betrieb eines Datenübertragungssystems
WO2012003862A1 (fr) Dispositif pour la synchronisation de deux processus d'un système de commande redondant d'un dispositif industriel d'automatisation
DE102013215035B3 (de) Soft-Redundanzprotokoll
EP3753205B1 (fr) Transmission de données dans des réseaux de données sensibles au temps
EP3647888B1 (fr) Ensemble de commande et procédé de fonctionnement de l'ensemble de commande
DE102005003060A1 (de) Verfahren zur Handhabung von Unterbrechungen in einem Ethernet-Ring
EP0720337A2 (fr) Méthode de communication de messages consistente et à haute fiabilité
WO2018202446A1 (fr) Procédé de coordination d'accès à une ressource d'un système informatique distribué, système informatique et programme informatique
EP1526420B1 (fr) Méthode de synchronisation pour des appareils d'automatisation à haute disponibilité
EP3435179B1 (fr) Procédé d'échange fonctionnel sécurisé d'informations conforme à une norme de sécurité
EP1686036A1 (fr) Système de surveillance et de commande d'objets

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10732913

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10732913

Country of ref document: EP

Kind code of ref document: A1