WO2013093999A1 - Dispositif de commande électronique à sécurité intégrée - Google Patents

Dispositif de commande électronique à sécurité intégrée Download PDF

Info

Publication number
WO2013093999A1
WO2013093999A1 PCT/JP2011/079396 JP2011079396W WO2013093999A1 WO 2013093999 A1 WO2013093999 A1 WO 2013093999A1 JP 2011079396 W JP2011079396 W JP 2011079396W WO 2013093999 A1 WO2013093999 A1 WO 2013093999A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
arithmetic processing
unit
fail
processing
Prior art date
Application number
PCT/JP2011/079396
Other languages
English (en)
Japanese (ja)
Inventor
小山田 裕彦
Original Assignee
株式会社キトー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社キトー filed Critical 株式会社キトー
Priority to PCT/JP2011/079396 priority Critical patent/WO2013093999A1/fr
Priority to JP2013549977A priority patent/JP5788022B2/ja
Publication of WO2013093999A1 publication Critical patent/WO2013093999A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/076Error or fault detection not based on redundancy by exceeding limits by exceeding a count or rate limit, e.g. word- or bit count limit

Definitions

  • the present invention relates to a fail-safe electronic control device applied to industrial equipment such as hoists and cranes operated by an operating device such as a push button unit.
  • the arithmetic processing unit In the fail-safe electronic control device, in order to detect an abnormality of the fail-safe electronic control device, the arithmetic processing unit is multiplexed and the arithmetic processing result is collated.
  • Such verification includes bus verification and software verification.
  • the bus verification is limited by hardware, and the circuit is complicated and expensive.
  • software verification is to verify the calculation result by software, and verification is performed by sending an interrupt request signal to the other microcomputer of one microcomputer, so that the problem of independent control cannot be maintained. Had.
  • the peripheral device for example, display device and communication device
  • the drive device for example, the engine electronic control device
  • the peripheral device for example, display device and communication device
  • the drive device for example, the engine electronic control device
  • different arithmetic processing is executed by a plurality of arithmetic processing units, and safety such as arithmetic processing at the time of drive control of the driving device is required.
  • a microcomputer In industrial equipment where the operator controls the operation of the equipment by pressing a push button switch corresponding to each operation of the equipment such as a hoist, a microcomputer is used in the drive unit to support the operator and various maintenance is performed. Management of data such as operation history necessary for the operation, display and warning of the operation state of the equipment.
  • peripheral devices for example, various display devices
  • the drive device for example, hoist winding motor drive control unit
  • the drive device for example, hoist winding motor drive control unit
  • arithmetic processing that does not require relatively safety such as arithmetic processing related to the control of the control
  • priority is given to efficiency, and arithmetic processing that is different in a plurality of arithmetic processing units (for example, display or push button of hoist operating state and maintenance data)
  • arithmetic processing that requires strict safety such as arithmetic processing related to the control of the drive unit
  • the same arithmetic processing for example, winding
  • the conventional fail-safe electronic control device requires a verification circuit to detect an abnormality in the fail-safe electronic control device, the configuration of the fail-safe electronic control device is complicated and the control device is expensive. Has the problem of becoming.
  • An object of the present invention is to realize a multi-function and fail-safe device such as a hoist at low cost, and in particular, in a fail-safe electronic control device that multiplexes arithmetic processing units applied to a device such as a hoist.
  • An object of the present invention is to realize a fail-safe electronic control device having a simple and inexpensive configuration while maintaining the independent controllability of each arithmetic processing unit.
  • the present invention is a fail-safe electronic control device applied to a device operated by an operating device, and the same input signal is input from the operating device to drive and control the device.
  • each of the plurality of control units has a calculation processing unit, the calculation processing unit is a pulse signal of a fixed period For each pulse period, a first calculation process is performed in which the output signal is collated to detect the presence or absence of an abnormality in the calculation processing unit.
  • the output signal Including a calculation process in which an operation processing unit outputs an operation command signal for controlling driving of the device corresponding to the control unit from at least one of the plurality of control units and the operation processing unit prohibits the operation of the device when a collation abnormality is detected in the collation.
  • An arithmetic processing unit of at least one control unit among the plurality of control units executes a second arithmetic process other than the first arithmetic process, and the pulse signal pulse is generated while the second arithmetic process is being executed.
  • the fail-safe electronic control is characterized in that the second calculation process is interrupted each time the first calculation process is detected, the first calculation process is executed, and the second calculation process is resumed after the first calculation process is ended.
  • a multi-function and fail-safe device such as a hoist can be realized at low cost, and in particular, a fail-safe electronic control device that is applied to a device such as a hoist and that multiplexes arithmetic processing units. Is to achieve a fail-safe electronic control device having a simple and inexpensive configuration while maintaining the independent controllability of each arithmetic processing unit.
  • the pulse signal is preferably used as an interrupt request signal for the arithmetic processing unit to interrupt the second arithmetic processing and execute the first arithmetic processing.
  • the pulse signal is preferably generated based on an AC voltage signal from a commercial AC power supply.
  • the arithmetic processing unit performs collation a plurality of times, and continuously detects the coincidence between the output signal of the control unit including the arithmetic processing unit and the output signal of the arithmetic processing unit of another control unit twice or more. In this case, it is preferable to determine that there is no abnormality in the fail-safe electronic control device.
  • FIG. 1 is a block diagram of a system having a fail-safe electronic control device according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of control of the hoist and the display unit of the fail-safe electronic control device of FIG.
  • FIG. 3 is a flowchart of control of the hoist and the communication unit of the fail-safe electronic control device of FIG.
  • FIG. 4 is a flowchart of the interrupt process of FIGS.
  • FIG. 5 is a waveform diagram of a 50 Hz AC voltage, a pulse signal as an interrupt request signal, a winding operation signal, and a winding command signal when there is no abnormality in the fail-safe electronic control device.
  • FIG. 1 is a block diagram of a system having a fail-safe electronic control device according to an embodiment of the present invention.
  • the system shown in FIG. 1 includes a hoist 1 as a device, a pulse signal generator 2 that generates a pulse signal with a constant period, a push button unit 3 as an operating device, and a fail-safe electronic control device having independent controllability. 4, a display unit 5 as a peripheral device, and a communication unit 6 as another peripheral device.
  • the fail-safe electronic control device 4 is constituted by a microcomputer and includes two control units 4a and 4b as a plurality of control units and IIC buses 4c and 4d.
  • the hoist 1 has a hoisting part 12 having a hoisting mechanism for hoisting and lowering a hook 11 for suspending a suspended load, and a hoisting drive part 13 for driving the hoisting part 12.
  • the winding drive unit 13 includes an AC power supply circuit 14 connected to a commercial AC power supply of 50 Hz or 60 Hz, a motor 15, a motor drive control unit 16, an electromagnetic relay 17, a circuit breaker 18, and a solid state relay circuit 19 And having.
  • the AC power supply circuit 14 supplies power to motor drive control unit 16.
  • the motor 15 is a three-phase induction motor that is connected to the winding mechanism of the winding unit 12 and winds and lowers the hook 11 by the rotation of the motor 15.
  • the motor drive control unit 16 includes an inverter control unit having a converter, a smoothing capacitor, an inverter, or the like, or a power circuit having a forward / reverse switching circuit including a power electromagnetic switch, and an operation command from the fail-safe electronic control circuit 4 The rotation of the motor 15 is controlled by the signal.
  • the electromagnetic relay 17 outputs a power cutoff signal to the circuit breaker 18 when an abnormality detection signal indicating that an abnormality has been detected is input from the fail-safe electronic control device 4.
  • the breaker 18 forcibly cuts off the electric power supplied from the AC power supply circuit 14 to the motor drive control circuit 16 when a power cut-off signal is input from the electromagnetic relay 17, and rotates the motor 15, that is, hoist 1 hoisting / lowering operation. Is prohibited. Since the hoist 1 has an unexcited operation brake (not shown), when the electric power supplied to the motor drive control unit 16 is cut off, the unexcited operation brake is automatically operated and the hoist 1 is stopped.
  • the solid state relay circuit 19 receives a winding command signal or a lowering command signal as an operation command signal from the fail-safe electronic control device 4 so that the hoist 1 operates according to the winding command signal or the lowering command signal. A signal is output to the motor drive control unit 16.
  • the pulse signal generator 2 includes an AC power supply circuit 21 connected to a commercial AC power supply of 50 Hz or 60 Hz as in the AC power supply circuit 14, and a bidirectional photocoupler 23 connected to the power supply 21 via a resistor 22.
  • the power supply frequency is 50 Hz
  • a pulse signal having a constant cycle of 1/100 second (10 milliseconds) is output, and when the power supply frequency is 60 Hz, 1/120 second (about 8.3 Outputs a pulse signal with a constant period of milliseconds.
  • the bidirectional photocoupler 23 includes light emitting diodes 24a and 24b provided on the input side, and a phototransistor 25 provided on the output side.
  • the emitter of the phototransistor 25 is grounded, and the collector of the phototransistor 25 is a resistor. 26 is connected to a direct current power source (not shown).
  • a pulse signal having a constant period is stably generated based on the AC voltage signal of the AC power supply 21, and fail-safe electronic control is performed through the node S 1 between the collector of the phototransistor 25 and the resistor 26. Input to the control units 4a and 4b of the apparatus 4, respectively.
  • the push button unit 3 is an operating device for the operator to instruct the hoisting and lowering operations of the hoist 1 to the fail-safe electronic control device 4.
  • the push button unit 3 has a winding button 31a and a lowering button 32b.
  • the winding button 31a generates a winding operation pulse signal that is a pulse signal having a constant cycle based on the AC power supply frequency.
  • the winding button 31a includes an AC power supply circuit 32a connected to a commercial AC power supply of 50 Hz or 60 Hz, etc., like the AC power supply circuit 14, and a bidirectional photocoupler connected to the AC power supply circuit 32a via a resistor 33a. 34a and a switch 35a for maintaining or disconnecting the connection between the AC power supply circuit 32a and the bidirectional photocoupler 34a.
  • the bidirectional photocoupler 34a includes light emitting diodes 36a-1 and 36a-2 provided on the input side, and a phototransistor 37a provided on the output side.
  • the emitter of the phototransistor 37a is grounded, and the phototransistor 37a Is connected to a DC power source (not shown) through a resistor 38a.
  • the winding operation pulse signal fails through the node S2 between the collector of the phototransistor 37a and one end of the resistor 38a.
  • the hoist 1 is wound up by being input to the control units 4a and 4b of the safe electronic control unit 4, respectively.
  • the lowering button 31b generates a lowering operation pulse signal that is a pulse signal with a constant period based on the AC power supply frequency. For this reason, the lowering button 31b is connected to the AC power supply circuit 32b connected to a 50 Hz or 60 Hz commercial AC power supply and the like and the bidirectional power supply connected to the AC power supply circuit 32b via the resistor 33b, like the winding button 31a.
  • a photocoupler 34b and a switch 35b for maintaining or disconnecting the connection between the AC power supply circuit 32b and the bidirectional photocoupler 34b are provided.
  • the bidirectional photocoupler 34b has light emitting diodes 36b-1 and 36b-2 provided on the input side, and a phototransistor 37b provided on the output side.
  • the emitter of the phototransistor 37b is grounded, and the phototransistor 37b Are connected to a DC power source (not shown) through a resistor 38b.
  • the lowering operation pulse signal is transmitted to the node S3 between the collector of the phototransistor 37b and one end of the resistor 38b. Is input to the control units 4a and 4b of the fail-safe electronic control device 4 and the hoist 1 is lowered.
  • the control unit 4a includes a substrate 41a, an input unit 42a, a memory 43a, a clock oscillator 44a, a CPU 45a as an arithmetic processing unit, an input / output unit 46a, an output unit 47a, a communication unit 48a, and a bus 49a.
  • the control unit 4b includes a substrate 41b, an input unit 42b, a memory 43b, a clock oscillator 44b, a CPU 45b as an arithmetic processing unit, an input / output unit 46b, an output unit 47b, a communication unit 48b, And a bus 49b.
  • An input unit 42a, a memory 43a, a clock oscillator 44a, a CPU 45a, an input / output unit 46a, an output unit 47a, a communication unit 48a, and a bus 49a are formed on the substrate 41a.
  • an input unit 42b, a memory 43b, a clock oscillator 44b, a CPU 45b, an input / output unit 46b, an output unit 47b, a communication unit 48b, and a bus 49b are formed on the substrate 41b.
  • Each of the substrates 41a and 41b is preferably a one-chip microcomputer from the viewpoint of miniaturization and cost reduction.
  • Each of the input units 42a and 42b has a plurality of input ports through which the winding operation pulse signal and the lowering operation pulse signal from the push button unit 3 are input as input signals. Presence / absence of input of a constant period pulse signal at the winding operation pulse signal and lowering operation pulse signal input ports of the input units 42a and 42b is detected by the CPUs 45a and 45b, respectively, and a regular constant period pulse based on the frequency of the AC power supply is detected. When a signal is input, an H level hoisting operation signal or a lowering operation signal is generated, and when the hoisting operation pulse signal and the lowering operation pulse signal are detected at the same time, there is no input of a pulse signal with a constant period.
  • an L level winding operation signal or a winding operation signal is generated. Note that it is preferable to display an abnormality on the display unit 5 assuming that the push button unit 3 or the signal transmission path is abnormal when an irregular pulse signal other than noise is detected by the CPU 45a or the CPU 45b.
  • the memories 43a and 43b store the programs of the CPUs 45a and 45b, respectively, and are generated based on the winding operation signal or the lowering operation signal data generated by the CPUs 45a and 45b, the winding operation signal or the lowering operation signal, respectively.
  • the CPU 45a and 45b respectively write output signal data, hoisting operation pulse signals or lowering operation pulse signals, hoisting operation signals or lowering operation signals, data related to various arithmetic processing performed based on output signals, and the like.
  • Output signals generated based on the winding operation signal or the lowering operation signal are input / output between the control unit 4a and the control unit 4b via the ports of the input / output units 46a and 46b.
  • control unit 4a various data generated by the control unit 4a is obtained via the IIC bus 4c and stored in the memory 43b
  • various data generated by the control unit 4b is obtained via the IIC bus 4c and obtained by the memory 43a. It is preferable to store in.
  • the clock generators 44a and 44b output clock signals having a predetermined clock frequency (for example, 16 MHz) to the CPUs 45a and 45b, respectively.
  • the CPUs 45a and 45b execute hoist control programs stored in the CPUs 45a and 45b with reference to clock signals input from the clock generators 44a and 44b, respectively.
  • the CPUs 45a and 45b are respectively connected to the hoist in response to the pulse period of the pulse signal as the interrupt request signal. 1 is executed based on the winding operation signal or the lowering operation signal, and when there is no collation abnormality in the calculation result, a winding command signal or a lowering command signal is generated and output.
  • the winding command signal and the lowering command signal are programmed so as not to generate an H level at the same time.
  • the CPUs 45a and 45b respectively control the control units stored in the memories 43a and 43b in response to the pulse period of the pulse signal from the pulse signal generator 2 in order to detect an abnormality in the fail-safe electronic control unit 4.
  • the output signal data of 4a, 4b and the output signal data of the other control unit 4b, 4a input to the input / output units 46a, 46b are collated at least twice.
  • the coincidence between the data of the output signals of the control units 4a and 4b stored in the memories 43a and 43b and the output signal of the control unit 4b is a predetermined number of times even if a predetermined number of preset times (for example, 10 times) is repeated. If the detection is not continued (for example, twice), the CPUs 45a and 45b determine that the fail-safe electronic control device 4 has an abnormality.
  • the above-described collation of the output signal data by the CPUs 45a and 45b is performed according to the collation programs stored in the memories 43a and 43b, respectively.
  • the CPU 45a and 45b indicate that the collation result, that is, the fail-safe electronic control device 4 is abnormal.
  • the collation data as to whether or not there is is generated as one of the data of the various arithmetic processes.
  • the generated collation data is not only stored in the memories 43a and 43b by the CPUs 45a and 45b, but also transmitted to the other control units 4b and 4a by the CPUs 45a and 45b, and the respective memories 43b and 45a are transmitted by the other CPUs 45b and 45a. 43a and the control units 4a and 4b share the collation result with each other.
  • the CPU 45a controls the display unit 5 according to the display unit control program stored in the CPU 45a.
  • the CPU 45a executes a calculation process related to the control of the display unit 5 as a second calculation process, and generates a video signal representing hoist operation or maintenance data based on the data of the various calculation processes.
  • the CPU 45a detects the rising edge of the pulse signal at the interrupt request signal input port of the CPU 45a while executing the arithmetic processing related to the control of the display unit 5
  • the CPU 45a interrupts the arithmetic processing related to the control of the display unit 5.
  • the arithmetic processing related to the drive control of the hoist 1 as the interrupt processing is executed as the first arithmetic processing, and the arithmetic processing related to the control of the display unit 5 is resumed after completing the arithmetic processing related to the drive control of the hoist 1. That is, such interruption processing and resumption of calculation processing relating to the control of the display unit 5 after completion of the interruption processing are executed every time the rising edge of the pulse signal is detected.
  • the CPU 45b controls the communication unit 6 according to the communication unit control program stored in the CPU 45b.
  • the CPU 45b executes a calculation process related to the control of the communication unit 6 as a second calculation process, and sends a push button unit display control signal for controlling the display operation in the push button unit 3 to the above various calculation processes. Generate based on data.
  • the CPU 45b detects the rising edge of the pulse signal at the interrupt request signal input port of the CPU 45b while executing the arithmetic processing related to the control of the communication unit 6, the CPU 45b interrupts the arithmetic processing related to the control of the communication unit 6. Then, the arithmetic processing related to the drive control of the hoist 1 that is the interrupt processing is executed as the first arithmetic processing, and the arithmetic processing related to the control of the communication unit 6 is resumed after completing the arithmetic processing related to the drive control of the hoist 1. That is, the interruption process and the resumption of the calculation process related to the control of the communication unit 6 after the completion of the interruption process are executed every time the rising edge of the pulse signal is detected.
  • the processing capability of the CPU 45a may be the same as or different from the processing capability of the CPU 45b.
  • the CPU 45a and the CPU 45b can be configured by an inexpensive CPU having a minimum function necessary for performing arithmetic processing related to drive control of the hoist 1 that requires safety.
  • the CPU 45b can be constituted by a CPU manufactured by a manufacturing process different from that of the CPU 45a. In this case, the CPU 45b is manufactured by the same manufacturing process as that of the CPU 45a. It can be made lower than the case.
  • the IIC bus 4c transfers the data of the input signal of the control unit 4a and the collation data to the control unit 4b and the serial data line SDA for transferring the data of the input signal of the control unit 4b and the collation data to the control unit 4a, A serial clock line SCL for synchronizing these input signal data and verification data.
  • the display unit 5 is configured by, for example, a liquid crystal display (LCD), and displays character information corresponding to an operation or maintenance signal input from the input / output unit 46a.
  • the communication unit 6 includes a communication port for transmitting and receiving a push button unit display control signal, and outputs the push button unit display control signal input from the input / output unit 46b to the push button unit 3 to generate a push button unit display control signal. Display control of the push button unit 3 is performed according to the above.
  • FIG. 2 is a flowchart of hoist and display unit control executed by the control unit 4a of the fail-safe electronic control device of FIG.
  • the CPU 45a performs initial setting of the control unit 4a by resetting a power source (not shown) of the control unit 4a.
  • step S2 an interrupt is permitted, and thereafter, every time the CPU 45a inputs the pulse signal of the pulse signal generator 2 (H level signal of a constant cycle) to the interrupt request signal input port of the CPU 45a, the CPU 45a Execute the interrupt processing described.
  • the CPU 45a In the input signal processing in step S3, the CPU 45a generates a winding operation signal and a lowering operation signal from the winding operation pulse signal and the lowering operation pulse signal from the push button unit 3, and writes them in the memory 43a. At this time, it is preferable to determine whether the winding operation pulse signal and the lowering operation pulse signal input to the input unit 42a are regular pulse signals based on the commercial AC power source, and when an illegal pulse is detected. It is preferable to execute a predetermined abnormality process.
  • the input signal processing step S3 in the flowchart of FIG. 2 can be included in the input signal processing step S14 in the flowchart of FIG. 4 described later. Further, the input signal processing step S3 in the flowchart of FIG. 2 can be omitted.
  • step S4 the CPU 45a executes a display process for displaying operation or maintenance data, and outputs a display signal to the display unit 5.
  • FIG. 3 is a flowchart of hoist and communication unit control executed by the control unit 4b of the fail-safe electronic control device of FIG.
  • the CPU 45 b performs initial setting of the control unit 4 b by resetting a power supply (not shown) of the control unit 4 b.
  • step S2 ′ the interrupt is permitted, and thereafter, every time the CPU 45b inputs the pulse signal of the pulse signal generator 2 (H level signal of a constant cycle) to the interrupt request signal input port of the CPU 45b, the CPU 45b Execute the interrupt processing described.
  • the CPU 45b In the input signal processing in step S3 ', the CPU 45b generates a winding operation signal and a lowering operation signal from the winding operation pulse signal and the lowering operation pulse signal from the push button unit 3, and writes them in the memory 43b. At this time, it is preferable to determine whether the winding operation pulse signal and the lowering operation pulse signal input to the input unit 42b are regular pulse signals based on the commercial AC power supply, and when an illegal pulse is detected It is preferable to execute a predetermined abnormality process.
  • the input signal processing step S3 'in the flowchart of FIG. 3 can be included in the input signal processing step S14 in the flowchart of FIG. 4 described later. Further, the input signal processing step S3 'in the flowchart of FIG. 3 can be omitted.
  • step S ⁇ b> 4 ′ the CPU 45 b executes external communication processing and outputs a push button unit display control signal to the communication unit 6.
  • FIG. 4 is a flowchart of arithmetic processing common to the CPUs 45a and 45b, and is a flowchart of the interrupt processing described in the flowcharts of FIGS. 2 and 3, in which an interrupt request signal is input to the interrupt request signal input port of the CPUs 45a and 45b. It is executed every time.
  • step S11 the CPUs 45a and 45b reset the first count values N stored in the memories 43a and 43b to zero, respectively.
  • step S12 the CPUs 45a and 45b reset the second count values M stored in the memories 43a and 43b to zero, respectively.
  • step S13 the CPUs 45a and 45b add 1 to the first count value N. Thereafter, in step S14, the CPUs 45a and 45b write the data of the input signals input to the respective input units 42a and 42b into the respective memories 43a and 43b.
  • step S15 the CPUs 45a and 45b execute arithmetic processing relating to drive control of the hoist 1 based on the input signal.
  • step S16 the CPUs 45a and 45b store the input signal and the data of the output signal generated based on the data of the memories 43a and 43b (the winding operation signal or the lowering operation signal and the upper limit signal and the lower limit signal not shown). Write to 43a and 43b, respectively.
  • step S17 the CPUs 45a and 45b collate whether or not the output signals of the control units 4a and 4b match.
  • step S18 it is determined whether or not the collation result in step S17 is collation abnormality. If it is determined that there is no collation abnormality, in step S19, the CPUs 45a and 45b add 1 to the second count value M. Thereafter, in step S20, the CPUs 45a and 45b determine whether or not the count value M exceeds a specified number of times (for example, 2). If the count value M does not exceed the specified number, the process returns to step S13. On the other hand, if the count value M exceeds the specified number of times, in step S21, the CPUs 45a and 45b execute hoist drive control processing such as output of the winding command signal or the lowering command signal to the solid state relay circuit 19. . M is preferably 2 or more from the viewpoint of safety.
  • step S22 the CPUs 45a and 45b determine whether or not the count value N exceeds a specified number of times (for example, 10). If the count value N does not exceed the specified number, the process returns to step S12. On the other hand, if the count value N exceeds the specified number of times, in step S23, the CPUs 45a and 45b determine that there is an abnormality in the fail-safe electronic control unit 4, and output an abnormality detection signal to the electromagnetic relay 17 or the like. The abnormal process is executed independently.
  • a specified number of times for example, 10
  • the electromagnetic relay 17 is connected only when the abnormality process of step S23 is executed in a plurality of consecutive interrupt processes. It can also be changed to validate the output abnormal signal.
  • the specified number of times used in step S20 and step S22 is set in advance in consideration of the processing capabilities of the CPUs 45a and 45b, the presence of noise, and the like.
  • the processing capability of the CPU 45a is different from the processing capability of the CPU 45b, it is preferable that the specified number of times used in Step S20 and Step S22 in the CPU 45a is different from the specified number of times used in Step S20 and Step S22 in the CPU 45b.
  • FIG. 5 shows a 50 Hz alternating current when there is no abnormality in the fail-safe electronic control device, a pulse signal from the pulse signal generator 2, and a winding operation signal generated by the CPUs 45 a and 45 b from the winding operation pulse signal from the push button unit 3.
  • 4 is a waveform diagram of a winding command signal output as a calculation result by CPUs 45a and 45b.
  • the CPU 45a, 45b detects the rising edge of the pulse signal at time t1 when the fail-safe electronic control device 4 executes the arithmetic processing related to the control of the display unit 5 or the communication unit 6, the CPU 45a, 45b Alternatively, the arithmetic processing related to the control of the communication unit 6 is interrupted, and the arithmetic processing related to the drive control of the hoist 1 is executed. That is, at time t1, the CPUs 45a and 45b receive the interrupt request signal and execute interrupt processing.
  • the CPUs 45a and 45b end the arithmetic processing related to the drive control of the hoist 1, that is, the interrupt processing, and the arithmetic processing related to the control of the display unit 5 or the communication unit 6. To resume.
  • a predetermined time for example, 1 millisecond
  • step S13 When the fail-safe electronic control device 4 is normal, the procedure from step S13 to step S20 in the flowchart of FIG. 4 is repeated at least twice between time t1 and time t2, and then the process proceeds to step S21, and the output unit 47a , 47b output an L level winding command signal.
  • the arithmetic processing relating to the restarted control of the display unit 5 or the communication unit 6 is performed until the next rising edge of the pulse signal is detected, that is, until the time t3 when a predetermined time (for example, 9 milliseconds) elapses from the time t2. 45b. During this time, the output units 47a and 47b continue to output the L level winding command signal.
  • the CPUs 45a and 45b start arithmetic processing (interrupt processing) related to driving control of the hoist 1 from time t3 when the next rising edge of the pulse signal is detected, and for a predetermined time (for example, 1.5 milliseconds from time t3). ) The process is executed until the elapsed time t4, and the arithmetic processing related to the control of the display unit 5 or the communication unit 6 is executed until the time t5 when a predetermined time (for example, 8.5 milliseconds) elapses from the time t4.
  • a predetermined time for example, 8.5 milliseconds
  • the waveform diagram of FIG. 5 illustrates a case where the winding operation signal changes from L level to H level at time t3 ′ between time t2 and time t3.
  • the verification processing step S17 in the flowchart of FIG. 4 immediately after time t3 ′, the verification target data does not match. “Verification error”. Therefore, in the flowchart of FIG. 4, steps S12 to S18 are repeated in a predetermined number of times (for example, 10 times) until the collation abnormality is resolved.
  • the hoist control processing step S21 is executed, and at time t4, the CPUs 45a and 45b send the winding command signal to L The level is changed to the H level and output, and the arithmetic processing (interrupt processing) related to the drive control of the hoist 1 is completed.
  • the restarted calculation processing related to the control of the display unit 5 or the communication unit 6 is executed until the next rising edge of the pulse signal is detected. During this time, the output units 47a and 47b continue to output the H level winding command signal.
  • the CPUs 45a and 45b start calculation processing (interrupt processing) related to the drive control of the hoist 1 from time t5 when the next rising edge of the pulse signal is detected, and a predetermined time (for example, 1 millisecond) has elapsed from time t5.
  • the calculation process for controlling the display unit 5 or the communication unit 6 is performed until the time t7 when a predetermined time (for example, 9 milliseconds) elapses from the time t6.
  • the CPUs 45a and 45b similarly start arithmetic processing (interrupt processing) related to the drive control of the hoist 1, and for a predetermined time (for example, 1) from time t8.
  • arithmetic processing relating to control of the display unit 5 or communication unit 6 is resumed, and arithmetic processing for controlling the restarted display unit 5 or communication unit 6 is performed for a predetermined time (from time t9). For example, the process is executed until time t10 when 9 milliseconds have elapsed.
  • the winding operation signal changes from the H level to the L level between time t8 and time t10, more specifically, at time t9 ′ between time t9 and time t10, but the winding operation is performed from time t8 to time t9. Since the signal is at the H level, the winding command signal between time t8 and time t10 remains at the H level.
  • the CPUs 45a and 45b start arithmetic processing (interrupt processing) related to the drive control of the hoist 1 from time t10 when the next rising edge of the pulse signal is detected, and for a predetermined time (for example, 1.2 milliseconds from time t10). ) The process is executed until the elapsed time t11, and the arithmetic processing for controlling the display unit 5 or the communication unit 6 is executed until the time t12 when a predetermined time (for example, 8.8 milliseconds) elapses from the time t11.
  • a predetermined time for example, 8.8 milliseconds
  • the hoisting command signal is changed from the H level in the hoist control process of step S21 in the flowchart of FIG. Since the output is changed to the L level, the winding command signal from the time t11 when the arithmetic processing (interrupt processing) related to the drive control of the hoist 1 is completed to the time t12 when the next rising edge of the pulse signal is detected is L Become a level.
  • the CPUs 45a and 45b perform the calculation process (interrupt process) related to the drive control of the hoist 1 and the calculation process related to the display unit 5 or the communication unit 6 from the pulse signal generator 2 (the H level at a constant cycle). Repeatedly based on the signal) period.
  • the first calculation process that strictly emphasizes safety regarding the drive control of the hoist 1 and the second calculation process that does not require strict safety regarding the control of the display unit 5 or the communication unit 6 are performed.
  • the interrupt request signal is generated using the bidirectional photocouplers 24a and 24b based on the AC voltage signal of the AC power supply circuit 21 connected to the highly reliable commercial AC power supply.
  • the first calculation process related to the drive control of the hoist 1 can be surely executed at a constant cycle (10 milliseconds for a 50 Hz AC power supply and about 8.3 seconds for a 60 Hz AC power supply).
  • the first calculation process related to the drive control of the hoist 1 is interrupted by interrupting the calculation process related to the control of the display unit 5 or the communication unit 6, which is the second calculation process, for each interrupt request signal having a fixed period. Even if the CPU 45a operates asynchronously with the CPU 45b by executing the arithmetic process and restarting the second arithmetic process after finishing the first arithmetic process, the first arithmetic process for collating the results of the respective arithmetic processes Can be executed at the same timing without affecting the performance of the control target.
  • a fail-safe electronic control device used for hoists, cranes and the like can be realized using an inexpensive microcomputer, one-chip microcomputer, and the like.
  • the CPUs 45a and 45b erroneously determine such a short-time mismatch as an abnormality of the fail-safe electronic control unit 4.
  • the output signal of the control unit 4a and the output signal of the control unit 4b are collated a plurality of times, and the match between the output signal of the control unit 4a and the output signal of the control unit 4b is more than a specified number of times (Preferably twice or more) Since it is determined that there is no abnormality in the fail-safe electronic control device 4 when detected continuously, electromagnetic noise or an error in output verification caused by the CPU 45a operating asynchronously with the CPU 45b Judgment can be reliably avoided with a simple circuit configuration.
  • the present invention is not limited to the above-described embodiment, and many changes and modifications are possible.
  • the present invention can also be applied to other industrial equipment such as a crane.
  • peripheral devices other than the display unit, the communication unit, and the parameter setting unit can be used as the peripheral devices.
  • the fail-safe electronic control device according to the present invention does not include a pulse signal generator.
  • the fail-safe electronic control device according to the present invention may include a pulse signal generator. it can.
  • the fail-safe electronic control device according to the present invention has two control units.
  • the fail-safe electronic control device according to the present invention has three or more control units. You can also.
  • a highly reliable pulse signal is generated based on an AC voltage signal of a highly reliable 50 Hz commercial AC power supply.
  • a highly reliable pulse signal is Can be generated based on other signals having a high frequency (for example, an AC voltage signal of a commercial AC power supply having a frequency other than 50 Hz or 60 Hz).
  • the present invention can also be applied to the case where a portion other than the rising edge of the pulse signal (for example, a falling edge) is detected. .
  • the push button unit has the winding button and the lowering button has been described.
  • the push button unit may have a button (for example, a stop button) other than the winding button and the lowering button.
  • an operation unit other than the push button unit can be used.
  • a 2nd calculation process is a display part and communication with respect to the drive device which drives a main body.
  • the second arithmetic processing can be performed by an arithmetic processing unit of at least one control unit among the plurality of control units.
  • the hoisting operation signal or the lowering operation signal is used as the input signal.
  • a signal other than the hoisting operation signal or the lowering operation signal for example, a stop signal from the hoist
  • the first arithmetic processing is executed by the interrupt request signal.
  • the pulse signal generator 2 can perform the second arithmetic processing by a software technique such as polling. It is also possible to start the first arithmetic processing in response to a pulse signal having a fixed period to be output.
  • the winding button and the lowering button each have a configuration for generating a pulse signal, but may have a configuration for generating a signal of H level or L level.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • Safety Devices In Control Systems (AREA)
  • Hardware Redundancy (AREA)

Abstract

Ce dispositif de commande électronique à sécurité intégrée comporte une pluralité d'unités de commande pour lesquelles le même signal d'entrée est appliqué à partir d'un appareil opérationnel afin d'exécuter une commande d'attaque pour un appareil, et des signaux de sortie qui sont générés sur la base du signal d'entrée sont mutuellement entrés et sortis. Les multiples unités de commande possèdent chacune une unité de traitement. L'unité de traitement exécute un premier traitement qui vérifie l'adaptation des signaux de sortie afin de détecter la présence ou l'absence d'une anomalie de l'unité de traitement pour chaque période d'impulsion d'un signal d'impulsion périodique. Le premier traitement comprend une étape dans laquelle, si une anomalie de vérification n'est pas détectée dans la vérification, un signal d'instruction d'opération destiné à exécuter une commande d'attaque sur l'appareil correspondant au signal de sortie est émis à partir d'au moins une unité de commande de la pluralité d'unités de commande, et si une anomalie de vérification est détectée dans la vérification, l'unité de traitement empêche l'appareil de fonctionner. L'unité de traitement d'au moins une unité de commande parmi la pluralité d'unités de commande : exécute un deuxième traitement différent du premier traitement; pendant que le deuxième traitement est en cours d'exécution, interrompt le deuxième traitement à chaque fois qu'une impulsion du signal d'impulsion est détectée afin d'exécuter le premier traitement; et lorsque le premier traitement est terminé, reprend le deuxième traitement.
PCT/JP2011/079396 2011-12-19 2011-12-19 Dispositif de commande électronique à sécurité intégrée WO2013093999A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2011/079396 WO2013093999A1 (fr) 2011-12-19 2011-12-19 Dispositif de commande électronique à sécurité intégrée
JP2013549977A JP5788022B2 (ja) 2011-12-19 2011-12-19 フェイルセーフな電子制御装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/079396 WO2013093999A1 (fr) 2011-12-19 2011-12-19 Dispositif de commande électronique à sécurité intégrée

Publications (1)

Publication Number Publication Date
WO2013093999A1 true WO2013093999A1 (fr) 2013-06-27

Family

ID=48667929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/079396 WO2013093999A1 (fr) 2011-12-19 2011-12-19 Dispositif de commande électronique à sécurité intégrée

Country Status (2)

Country Link
JP (1) JP5788022B2 (fr)
WO (1) WO2013093999A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024051450A1 (fr) * 2022-09-08 2024-03-14 深圳市恒运昌真空技术股份有限公司 Dispositif à processeurs doubles et son procédé de commande, et processeur

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000076089A (ja) * 1998-09-01 2000-03-14 Hitachi Ltd 多重系処理装置
JP2008518298A (ja) * 2004-10-25 2008-05-29 ローベルト ボッシュ ゲゼルシャフト ミット ベシュレンクテル ハフツング 複数のコンポーネントを有する計算機システムで信号を生成するための方法および装置
JP2008299767A (ja) * 2007-06-04 2008-12-11 Hitachi Ltd 診断装置および診断方法
JP2011238082A (ja) * 2010-05-12 2011-11-24 Renesas Electronics Corp 計算機システム

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0673760B2 (ja) * 1989-06-22 1994-09-21 アイダエンジニアリング株式会社 プレスのスイッチ入力装置
JP2516128B2 (ja) * 1991-12-28 1996-07-10 株式会社イシダ 組合せ計量又は計数装置
JP2510472B2 (ja) * 1993-11-24 1996-06-26 株式会社京三製作所 鉄道保安装置
JP2007252175A (ja) * 2006-02-16 2007-09-27 Matsushita Electric Ind Co Ltd 蓄電装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000076089A (ja) * 1998-09-01 2000-03-14 Hitachi Ltd 多重系処理装置
JP2008518298A (ja) * 2004-10-25 2008-05-29 ローベルト ボッシュ ゲゼルシャフト ミット ベシュレンクテル ハフツング 複数のコンポーネントを有する計算機システムで信号を生成するための方法および装置
JP2008299767A (ja) * 2007-06-04 2008-12-11 Hitachi Ltd 診断装置および診断方法
JP2011238082A (ja) * 2010-05-12 2011-11-24 Renesas Electronics Corp 計算機システム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024051450A1 (fr) * 2022-09-08 2024-03-14 深圳市恒运昌真空技术股份有限公司 Dispositif à processeurs doubles et son procédé de commande, et processeur

Also Published As

Publication number Publication date
JPWO2013093999A1 (ja) 2015-04-27
JP5788022B2 (ja) 2015-09-30

Similar Documents

Publication Publication Date Title
US8436570B2 (en) Motor driving system, motor controller, and safety function expander
JP5840325B1 (ja) 電力遮断装置
JP5830952B2 (ja) インバータ装置
JP7225689B2 (ja) モータ制御装置
JP5788022B2 (ja) フェイルセーフな電子制御装置
JP5182463B2 (ja) 投写装置および制御方法
JP2005031778A (ja) セーフティコントローラおよびそれを用いたシステム
JP6077614B2 (ja) インバータの制御方法
US20160142001A1 (en) Motor control device and motor control system
JP2018136708A (ja) モータ制御装置
JP2017047760A (ja) 電子制御装置及びコンピュータプログラム
JP2007525760A (ja) 欠陥クロックを検出するための電子回路装置
WO2014188764A1 (fr) Dispositif de commande de sécurité fonctionnelle
JP2009189199A (ja) 電動機制御装置およびそれを用いた空気調和機
JPWO2005080249A1 (ja) エレベータの制御装置及びエレベータの制御方法
JPH10207586A (ja) コンピュータの電源オフ制御方式
JP2005157667A (ja) セーフティコントローラおよびそれを用いたシステム
US20120198256A1 (en) Method for Setting the Clock Frequency of a Microprocessor of an Industrial Automation Component, and Automation Component Having a Microprocessor with a Variable Clock Frequency
JP2009142004A (ja) 電動機制御装置およびそれを用いた空気調和機
KR101826576B1 (ko) 의료 로봇의 구동 안전성 확보를 위한 다중 안전장치
JP2005312090A (ja) 電動機駆動装置
KR20170107298A (ko) 상태 알림 기능을 갖는 인버터
JP5489880B2 (ja) 中央演算処理装置、制御システム、及び、ポート設定方法
KR101410870B1 (ko) 건설기계의 작동상태 표시장치 제어 구조
KR100662578B1 (ko) 인덱스모터 제어장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11878323

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2013549977

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11878323

Country of ref document: EP

Kind code of ref document: A1