WO2016138956A1 - Commande à l'épreuve des erreurs pour une installation automatisée - Google Patents

Commande à l'épreuve des erreurs pour une installation automatisée Download PDF

Info

Publication number
WO2016138956A1
WO2016138956A1 PCT/EP2015/054579 EP2015054579W WO2016138956A1 WO 2016138956 A1 WO2016138956 A1 WO 2016138956A1 EP 2015054579 W EP2015054579 W EP 2015054579W WO 2016138956 A1 WO2016138956 A1 WO 2016138956A1
Authority
WO
WIPO (PCT)
Prior art keywords
processor
result
control device
processor device
control
Prior art date
Application number
PCT/EP2015/054579
Other languages
German (de)
English (en)
Inventor
Thomas Grosch
Maximilian Walter
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to PCT/EP2015/054579 priority Critical patent/WO2016138956A1/fr
Publication of WO2016138956A1 publication Critical patent/WO2016138956A1/fr

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/058Safety, monitoring

Definitions

  • the invention relates to a method for controlling a plant component of an automation system.
  • the invention also includes a control device for carrying out the method and an automation system with the control device.
  • a control device can generate output values for setting the system component, as can be generated, for example, on the basis of a control algorithm or a controller algorithm in dependence on input values of the automation system.
  • a control device for a system component that heats a boiler can regulate a heating output as output value as a function of an input value "temperature.”
  • the control device can be designed, for example, as a programmable logic controller (PLC).
  • a control device can be arranged in the field of the automation system where the process to be carried out by the automation system takes place. This can lead to a thermal and / or mechanical stress or radiation exposure of the control device. This may cause the processor device to malfunction when executing the control routine. For example, memory contents can be falsified in a memory of the processor device, ie bits can be tilted or changed.
  • fail-safe control devices are used in industrial automation technology in many places.
  • simple interlocking and / or limit value monitoring there is an increasing need to also implement safety functions with more complex evaluations.
  • this includes the calcula- More complex filtering algorithms or fail-safe use of matrix operations.
  • a control routine for setting an installation component can have so-called functionally secured processing steps for this purpose.
  • a functionally secured processing step also includes an additional check for error-free execution. For example, a falsification of a memory content can be detected, as it can be caused by radioactive radiation or heat.
  • a fail-safe control device can be realized, for example, by means of coded processing.
  • the safety-relevant processing steps are performed on the basis of coded data as well as coded operations.
  • the data and control commands are supplemented by an arithmetic transparent coding with redundant information.
  • This arithmetically transparent coding is referred to here for short as arithmetic coding.
  • An arithmetic coding is characterized in that the coding is retained even after arithmetic operations. For example, if A and B are valid coded values, A + B is the valid coded result of adding these values without decoding as an intermediate step.
  • the operation "+" must be modified for this procedure, which is generally referred to as "coded processing".
  • coded processing The execution or processing of such coded commands is time consuming. Coded processing can increase the runtime by several orders of magnitude, which limits the possible use of fail-safe control.
  • the invention has for its object to provide a robust control for a system component of an automation system.
  • the invention comprises a method for controlling a plant component of an automation plant.
  • the method is carried out by a control device executing a control routine by means of a first processor device.
  • the control routine may e.g. to realize a controller.
  • the control routine generates output values for setting the system component as a function of input values of the automation system.
  • the control routine comprises at least one section, each having at least one functionally-secured processing step. Such a section will be referred to as a safe section below.
  • a functionally-assured processing step in the manner described also includes checking for error-free performance of the processing step in addition to processing or calculating or checking values for generating the output values.
  • each functionally-secured processing step may be formed by an arithmetic-coded processor instruction and / or coded data values and / or it may be checked to verify plausibility of a result of the processing step whether the result of the processing step lies within a predetermined interval of allowable values.
  • the check additionally provided by the functional fuse does not change the result but only generates an additional signal that the processing step was error-free (no bit errors and / or result of the processing step within an allowable value interval) or that the processing step was erroneous (bit error, implausible) Result outside the value interval).
  • the processing step may be provided by means of the described "coded processing".
  • a secure section is realized by unsecured processing steps whose execution remains unchecked in terms of a plausibility of the processing step.
  • the described signal is not calculated or generated for erroneous or error-free execution of the respective method step.
  • the control routine also has an unsafe section.
  • the unsafe portion includes at least one unsecured processing step, that is, a processing step that is performed unchecked.
  • the first processor device generates a first unchecked result by executing the unsafe portion.
  • the result may be a numeric value.
  • the at least one secure section it is not clear at the end of the uncertain section whether the unchecked first result is corrupted by a bit error in the first processor device. For this, the first unchecked result has been determined with a lower calculation effort and thus with a shorter duration than in the case where the first result is determined on the basis of functionally-secured processing steps.
  • the method provides that the non-safe section is additionally executed by a second processor device and as a result the second processor device generates a second unchecked result.
  • the first and / or the second processor device compare the first result and the second result. By comparing, a signal can be generated that signals whether the unsafe portion in both processor devices has expired identically.
  • the advantage of the invention is that time-critical or complex calculations can be carried out quickly by means of the uncertain section. At the same time, verification of the result of the unsafe portion is made possible by calculating the unsafe portion twice, each from one of the two processor devices.
  • the method can also be provided with several unsafe sections.
  • the invention also includes developments, which give additional advantages.
  • each functionally-secured processing step is provided by arithmetic-coded commands. By checking using the arithmetic coding, a bit corruption of the commands is detected.
  • each functionally-assured processing step is stored in a memory of the processor device as an arithmetic-coded instruction or by means of arithmetic coding. Accordingly, the at least one unsecured processing step of the uncertain section redundancy is free, that is stored without arithmetic coding in a memory of the first processor device.
  • At least one intermediate value which was generated by a preceding secure section, is transmitted to the second processor device at the beginning of the non-secure section.
  • the unchecked second result is calculated or determined or generated by the second processor device.
  • at least one predetermined safe substitute value is used instead of the results.
  • an output value can be provided or used, by which the system component is stopped or stopped.
  • the comparison of the results is carried out in a secure section. This results in the advantage that the comparison can be performed by a single one of the processor devices and yet a falsification of the comparison result can be detected.
  • control routine provides or realizes a real-time loop.
  • a real-time loop generates an associated output value within a predetermined maximum time duration for a specific input value.
  • the maximum duration may be in the range of 10 milliseconds to one second.
  • Another term for real-time loop is loop or control loop. The maximum duration can be maintained in an advantageous manner by realizing runtime-critical sections as unsafe sections.
  • the second processor device performs the same control routine as the first processor device.
  • the two processor devices transmit their respective unchecked result to the other control device.
  • the two processor devices cross their respective unchecked result crosswise. That is, the second processor device is used not only to generate an uncertain result, but also to generate the output values to provide the plant component. This has the advantage that if the first processor device fails, the second without the set-up time or start time, the control of the system component can take over.
  • the second processor device comprises at least one processor core of the control device.
  • the first processor device and the second processor device are provided by different processor cores of the same processor. This has the advantage that the parallel or redundant or simultaneous execution of the unsafe section can be carried out in one and the same device.
  • the second processor device is provided by a computing device arranged separately from the control device and coupled to the control device via a communication network. This results in the advantage that at least the second processor device can be operated in a secure environment, for example in an air-conditioned environment or in a radiation-protected environment.
  • the second processor device executes a respective unsafe section for at least one further control device.
  • the second processor device is assigned not only to a control device, but to a plurality of control devices, each performing a control routine with an insecure section and using the second processor device as a redundant processor device for parallel or simultaneous or redundant execution of its respective non-secure section.
  • the invention also includes a control device for a system component of an automation system.
  • the control device has a receiving device for receiving input values and an output device for outputting output signals. th and a first processor device.
  • the control device can be designed, for example, as a programmable logic controller.
  • the receiving device may comprise, for example, a connection for a sensor and / or a bus connection for connecting a communication bus, for example a fieldbus.
  • the output device may, for example, include a connection for connecting the system component and for outputting control signals for the system component.
  • the output device may additionally or alternatively also include a bus connection.
  • the processor device may comprise, for example, a central processing unit (CPU) or a microcontroller or an ASIC (application specific integrated circuit).
  • the first processor device is configured to generate the output values from the input values by means of a control routine having at least one secure section and at least one non-secure section.
  • Each secure section comprises at least one functionally secured processing step as described.
  • Each unsafe section comprises at least one unsecured processing step as described.
  • the control device is designed to trigger the execution of the unsafe section at the beginning of each insecure section at a second processor device. In other words, the control device is designed to trigger a parallel or simultaneous or redundant execution or execution of each non-secure section in a second processor device.
  • the second processor device may be part of the control device itself.
  • the first processor device and the second processor device may each be formed by at least one processor core of a multi-core processor, wherein the at least one processor core of the first processor device and the at least one processor core of the second processor device are different.
  • the second processor device can also be arranged outside the control device, for example in a further computing device of the automation system.
  • the invention also includes the automation system with at least one system component, for each of which a control device is provided which in each case has a first processor device.
  • the control device provided in each case is an embodiment of the control device according to the invention.
  • at least one further processor device is provided, and the automation system is designed to carry out an embodiment of the method according to the invention by means of the at least one further processor device.
  • the at least one further processor device in each case represents a second processor device with regard to the unsafe sections of the control routines.
  • FIG. 1 shows a schematic representation of an embodiment of the automation system according to the invention
  • FIG. 2 shows a schematic representation of a first and a second processor device, as may be provided in the automation system of FIG. 1, and
  • FIG. 3 shows a schematic representation of an arrangement of a plurality of control devices and a central computing device, as may be provided in the automation system of FIG.
  • the exemplary embodiment explained below is a preferred embodiment of the invention.
  • the described components of the embodiment in each case represent individual features of the invention, which are to be considered independently of one another, which further develop the invention independently of one another and which may also be considered as part of the invention individually or in any other than the combination shown.
  • the described embodiment can also be supplemented by further features of the invention already described.
  • a production process can be carried out, by which a product is produced, for example motor vehicles.
  • the process may also be a process by which a process is carried out, for example, the recovery of electrical energy from nuclear power or the bottling of a beverage.
  • the process may also be a control process, for example the control of traffic lights of a traffic light system in a traffic route network, for example a district.
  • the automation system can have system components 2, 3, of which only two are shown in FIG. 1 for the sake of clarity.
  • the plant component 2, 3 can each be, for example, a production cell (PROD), that is, for example, a CNC milling machine or a robot.
  • the plant component 2, 3 can also be, for example, a production line for conveying a product or intermediate product.
  • the plant component 2, 3 can also be, for example, a single signal generator in a signaling system, e.g. a traffic light.
  • the plant component can generally represent an actuator device.
  • a control device 4 For controlling the system component 2, a control device 4 is provided, which may be, for example, a programmable logic controller (PLC).
  • the control device 4 can via a data network 5, for example a Fieldbus, such as a Profinet bus, be coupled to the system component 2.
  • the control device 4 can be connected to the data network 5 via an output device 6, for example a bus coupling device.
  • the control device 4 can have a first processor device 7, by means of which a control routine 8 can be carried out in a manner known per se.
  • the control routine 8 can realize or provide, for example, a controller for the system component 2.
  • output values 10 can be generated by the processor device 7 from input values which can be transmitted via the output device 6 to the system component 2.
  • the output values 10 may represent a control signal for the system component 2.
  • the input values 9 can be received by the control device 4 via a receiving device 11.
  • the receiving device 11 may be, for example, a bus coupler or a bus connection.
  • the input values 9 can be generated, for example, by sensors 12, which, for example, can detect temperature values of the system component 2, 3 or speed values or other current values of an operating variable or an operating parameter of the automation system 1 as input values.
  • the control routine 8 can be realized, for example, as a real-time program loop or real-time loop. In other words, the control routine 8 is executed repeatedly or periodically by the processor device 7, it being ensured that each pass does not exceed a predetermined maximum time duration. So that a run of the control routine 8 is possible within the maximum period, the control routine 8 is subdivided into at least one secure section 13 and at least one non-secure section 14. Each secure section 13 is implemented by at least one functionally-secured processing step. For example, each processing step may be formed by a coded processor instruction and coded data values and / or it may be used to verify a result of the processing. be checked whether a result of the processing step in a predetermined interval of acceptable values.
  • Each unsafe section 14, on the other hand, is realized by unsecured processing steps, the execution of which remains unchecked in terms of a plausibility of the processing step.
  • a functionally-assured processing step requires more runtime or processing time compared to a functionally identical unsecured processing step.
  • the control routine 8 can be accelerated and thereby, for example, the predetermined maximum time duration for the real-time loop or real-time control can be maintained.
  • a second processor device 17 is provided, which can be realized, for example, by a further processor core in the control device 4.
  • the second processor device 17 can also be provided, for example (as shown in FIG. 1), by a computing device that is different from the control device 4.
  • each unsafe portion 14 can be performed.
  • the intermediate values 16 can be transmitted via a communication channel 18 from the first processor device 7 to the second processor device 17.
  • the communication channel 18 may be a shared memory area. If the processor devices 7, 17 are provided by different devices, the communication channel 18 may comprise, for example, a communication network or data network.
  • the section 14 ⁇ carried out by the second processor device 17 an unchecked second result 19 is generated on the basis of the transmitted intermediate values 16, which can be transmitted again to the first processor device 7 via the communication channel 18.
  • the processor device 7, the first and the second unchecked result 15, 19 can be compared with one another. This makes it possible to determine whether there has been an error in the calculation of the results 15, 19. If the results 15, 19 match, it can be assumed that there is no error and the result 15 can be used for the subsequent safe section 13. Otherwise, a secure replacement value 20 can be used.
  • a further redundancy can also be provided in that the second processor device 17 executes a control routine 8 ⁇ , which is identical to the control routine 8.
  • secure sections 13 ⁇ can also be performed by the second processor device 17, wherein the secure sections 13 ⁇ are identical to the secure sections 13.
  • redundant output values 10 ⁇ can be generated by the processor device 17. If one of the processor devices 7, 17 fails, then the remaining processor device is ready to generate output values 10, 10 ⁇ .
  • program parts of the control routine 8 which does not encode can be processed or processed in parallel via hardware redundancy. All other program parts continue to be processed in the usual way, for example, coded as secure sections 13 without hardware redundancy.
  • two methods for robust or fail-safe processing of input values 9 for generating output values 10 are thus combined.
  • the hardware redundancy can be understood both in the form of a second, physical control and in the form of a second virtual control, which is executed on a second processor core.
  • FIG 2 again illustrates the basic operation.
  • a program part representing the unsafe portion is uncoded and processed redundantly in an identical manner.
  • program parts which, for example, are coded and processed without hardware redundancy, continue to be processed as secure sections before and after the program part of the non-secure section 14 to be processed redundantly. These program parts are not affected by the redundant processing. Coded and non-coded, but redundant program parts can alternate.
  • the coded intermediate values 16 are first decoded in a decoding step 23 (DEC-decode) and converted to the second by means of, for example, an error-proof transmission method (for example PROFISafe) Processor device 17 transmitted.
  • an error-proof transmission method for example PROFISafe
  • the intermediate values 16 are received in a receiving step 24 (REC - receive) and checked for corruption.
  • the calculated result 19 of the second processor device 17 is sent back from the latter in a fail-safe manner in a transmission step 25 (SND-send).
  • the first processor device 7 receives the result 19 of the second processor device 17 and compares this with the result 15 calculated by itself in a comparison step 26 (CHK / ENC check / encode).
  • the received result 19 is coded, and the comparison is coded, that is functionally secured.
  • the comparison step 26 is a functionally assured processing step.
  • the output values 10 are then calculated with identical results 15, 19 from the result 15 or 19 by coded processing without hardware redundancy on the first processor device 7.
  • the method described makes it possible to reliably detect errors in the processing of the uncoded redundant operations.
  • a safety integrity level For a user program consisting of coded and uncoded but redundant parts, a safety integrity level (SIL) can be achieved for applications in industrial automation technology.
  • the prerequisite for the method is that the redundant program parts must be present on both processor devices. This can be supported and ensured, for example, by an engineering system.
  • each control device 4 is connected to the common remote second processor device 17 via a data network 27.
  • the data network 27 may be provided, for example, as an Ethernet network.
  • the shared remote second processor device 17 is able to process the respective redundantly executed program parts of each control device 4 in parallel.
  • a secure remote function call or procedure call 28 RPC
  • RPC procedure call 28
  • numerous control devices 4 for the processing of complex program parts can be upgraded at low cost.
  • the procedure call 28 initiates the execution of the respective unsafe section in the second processor device 17.
  • output values 10, 10 ⁇ can thereby be generated in a redundant manner.
  • Such systems can be used to increase the availability, since in this case, both of the control devices, the same control routine 8, 8 ⁇ execute and thereby mutually results 15, 15 ⁇ of unsafe sections 14, 14 exchange ⁇ .
  • the example shows how the invention can provide a method for the secure execution of complex operations by means of secure remote procedure call (RPC).
  • RPC secure remote procedure call

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Hardware Redundancy (AREA)

Abstract

L'invention concerne un procédé de commande d'un composant d'installation (2) d'une installation automatisée (1), une routine de commande (8) étant exécutée par un dispositif de commande (4) au moyen d'un premier système de processeur (7), la routine de commande (8) permettant de produire des valeurs d'émission (10) pour le placement du composant d'installation (2) en fonction de valeurs d'entrée (9), et présentant au moins une section fiable (13) comportant une étape de traitement dont la fonctionnalité est sécurisée. Les étapes de traitement critiques sur le plan de la durée sont également sécurisées. À cet effet, la routine de commande (8) comprend une section non fiable (14) comportant au moins une étape de traitement non sécurisée. Le premier système de processeur (7) produit un premier résultat non vérifié (15) par l'exécution de la section non fiable (14). La section non fiable (14) est en plus exécutée par un deuxième système de processeur (17). Par ce biais, le deuxième système de processeur (17) produit un deuxième résultat non vérifié (19). Le premier résultat (15) et le deuxième résultat (19) sont comparées par le premier et/ou le deuxième système de processeur (7, 17).
PCT/EP2015/054579 2015-03-05 2015-03-05 Commande à l'épreuve des erreurs pour une installation automatisée WO2016138956A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/054579 WO2016138956A1 (fr) 2015-03-05 2015-03-05 Commande à l'épreuve des erreurs pour une installation automatisée

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/054579 WO2016138956A1 (fr) 2015-03-05 2015-03-05 Commande à l'épreuve des erreurs pour une installation automatisée

Publications (1)

Publication Number Publication Date
WO2016138956A1 true WO2016138956A1 (fr) 2016-09-09

Family

ID=52682684

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/054579 WO2016138956A1 (fr) 2015-03-05 2015-03-05 Commande à l'épreuve des erreurs pour une installation automatisée

Country Status (1)

Country Link
WO (1) WO2016138956A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018114193A1 (fr) * 2016-12-21 2018-06-28 Endress+Hauser SE+Co. KG Circuit électronique conçu pour un appareil de terrain de technique d'automation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MARTIN HOFFMANN ET AL: "Experiences with software-based soft-error mitigation using AN codes", SOFTWARE QUALITY JOURNAL, 22 November 2014 (2014-11-22), pages 1 - 27, XP055209592, ISSN: 0963-9314, DOI: 10.1007/s11219-014-9260-4 *
PETER ULBRICH ET AL: "Eliminating Single Points of Failure in ? Software-Based Redundancy", DISKUSSIONSKREIS FEHLERTOLERANZ 2012 WORKSHOP TALK IN NUREMBERG, GERMANY, 22 November 2012 (2012-11-22), pages 1 - 25, XP055209597, Retrieved from the Internet <URL:https://www4.cs.fau.de/Publications/2012/ulbrich_12_dft_slides.pdf> [retrieved on 20150826] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018114193A1 (fr) * 2016-12-21 2018-06-28 Endress+Hauser SE+Co. KG Circuit électronique conçu pour un appareil de terrain de technique d'automation
CN110268342A (zh) * 2016-12-21 2019-09-20 恩德莱斯和豪瑟尔欧洲两合公司 用于自动化技术中的现场设备的电子电路

Similar Documents

Publication Publication Date Title
EP1738233B1 (fr) Dispositif de commande de securite
DE102007042353B4 (de) Verfahren zum Detektieren von Fehlern in einem Fahrzeugsystem einer aktiven Frontlenkung
DE102005055428B4 (de) Busmodul zum Anschluss an ein Bussystem sowie Verwendung eines solchen Busmoduls in einem AS-i-Bussystem
EP2447843B1 (fr) Procédé de vérification d&#39;un programme d&#39;application d&#39;une commande par programme enregistré protégée contre les erreurs et commande par programme enregistré destinée à l&#39;exécution du procédé
DE102007054672A1 (de) Feldgerät zur Bestimmung oder Überwachung einer Prozessgröße in der Prozessautomatisierung
EP3170287A1 (fr) Système de commande et de transmission de données, module de passerelle, module e/a et procédé de commande de processus
EP2441003B1 (fr) Arithmétique à virgule flottante avec détection d&#39;erreur
DE10219501B4 (de) System und Verfahren zur Verbesserung von Fehlerbeherrschungsmassnahmen, insbesondere in Automatisierungssystemen
EP4235323A2 (fr) Procédé et appareil de validation automatique de fonctions de sécurité sur un système de sécurité modulaire
DE10320522A1 (de) Verfahren und Vorrichtug zum Steuern eines sicherheitskritischen Prozesses
EP1043640A2 (fr) Système d&#39;automatisation à sécurité intrinsèque avec un processeur standard et méthode pour un système d&#39;automatisation à sécurité intrinsèque
DE102014100970A1 (de) Verfahren und Vorrichtung zum sicheren Abschalten einer elektrischen Last
WO2016138956A1 (fr) Commande à l&#39;épreuve des erreurs pour une installation automatisée
EP3207386B1 (fr) Contrôle d&#39;un module fonctionnel d&#39;un système d&#39;automatisation
EP3470937B1 (fr) Procédé et dispositifs de surveillance du temps réactionnel d&#39;une fonction de sécurité fournie par un système de sécurité
WO2014122063A1 (fr) Dispositif et procédé de détection de manipulations non autorisée de l&#39;état du système d&#39;une unité de commande et de régulation d&#39;une installation nucléaire
EP2237118B1 (fr) Système de sécurité destiné à sécuriser la commande protégée contre l&#39;erreur d&#39;installations électriques et commande de sécurité équipée de celui-ci
EP1928091B1 (fr) Capteur avec système de sécurité
EP1596517B1 (fr) Procédé de transmission sur un seul canal de données fournies sous forme redondante
DE102009002734A1 (de) Feldgerät zur Bestimmung oder Überwachung einer Prozessgröße in der Prozessautomatisierung
EP3620869A1 (fr) Procédé et composant de mise en uvre pour l&#39;échange de données entre deux systèmes de différents concepts de sécurité pour la sécurité fonctionnelle
EP2741451A1 (fr) Procédé de liaison d&#39;un module matériel sur un bus de terrain
EP2667267B1 (fr) Circuit de sortie pour signal analogique avec plusieurs canaux de sortie pour signal analogique
EP4127934A1 (fr) Procédé et système de sécurité pour l&#39;exécution de fonctions de sécurité
DE102019201728A1 (de) Verfahren zum Absichern von Daten unter Verwendung von wenigstens zwei Recheneinheiten und einer mit den wenigstens zwei Recheneinheiten in Kommunikationsverbindung stehenden Entscheidungseinheit

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15709876

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15709876

Country of ref document: EP

Kind code of ref document: A1