WO2017033319A1 - Control system - Google Patents

Control system Download PDF

Info

Publication number
WO2017033319A1
WO2017033319A1 PCT/JP2015/074090 JP2015074090W WO2017033319A1 WO 2017033319 A1 WO2017033319 A1 WO 2017033319A1 JP 2015074090 W JP2015074090 W JP 2015074090W WO 2017033319 A1 WO2017033319 A1 WO 2017033319A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
frame
communication
control unit
digital
Prior art date
Application number
PCT/JP2015/074090
Other languages
French (fr)
Japanese (ja)
Inventor
圭輔 山本
清水 勝人
石井 一彦
雅裕 白石
悟史 西川
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to JP2017536139A priority Critical patent/JP6471234B2/en
Priority to GB1721830.6A priority patent/GB2559681B/en
Priority to PCT/JP2015/074090 priority patent/WO2017033319A1/en
Publication of WO2017033319A1 publication Critical patent/WO2017033319A1/en

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/004Error avoidance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24189Redundant processors monitor same point, common parameters

Definitions

  • the present invention relates to a control system.
  • High reliability is required for control systems used in fields where safety is a top priority, such as chemical plants and nuclear power plants.
  • the reliability is improved by duplicating the arithmetic device and the input / output device alone and collating the output of each of the duplicated systems so that an abnormality of the device can be detected.
  • Patent Document 1 data of a plurality of digital input / output contacts is read into a duplicated DI board, each DI board is incorporated into a DI module, and the data is input to the input / output control device via a transmission cable connected to each DI board.
  • the input / output control device connects a synchronization signal cable for communication to each DI board so as to avoid the mismatch of the data to be captured by synchronizing the reading timing of each DI board.
  • Patent Document 2 discloses a digital input having a duplexed input circuit that inputs a digital signal from a plant and a comparator circuit that compares the output signal from the duplexed input circuit and detects the presence or absence of an abnormality.
  • signal change detecting means for detecting a change point of the signal output from the input circuit, and counting at an interval of 1 / n with respect to the pulse width of the digital signal input from the plant, the signal change detecting means Counting means for clearing the count value by the output of and a holding means for temporarily storing the abnormality detection signal from the comparison circuit, and when the count value by the counting means reaches a predetermined value, the holding means Describes a digital input device with a diagnostic function for outputting an abnormality detection signal stored in the computer.
  • Such a conventional duplex (multiplex) input device has the following problems.
  • a control system that is duplicated in the A system and the B system and inputs a digital signal from a signal source in parallel to the A system and the B system, the digital signal between the A system and the B system due to a signal transmission time error or a difference in operating frequency.
  • the capture timing Due to this capture timing error, if the timing at which the value of the digital signal changes and the data capture timing of the A system and the B system overlap, the value of the captured digital signal may differ between the A system and the B system. .
  • there is a problem in that the collation result is inconsistent even though both the A system and the B system are operating normally.
  • An object of the present invention is to provide a control system capable of avoiding mismatching of verification results during normal operation.
  • a control system includes an input control unit that captures and inputs a digital signal from a signal source, and a communication control unit that generates a digital signal frame based on the captured digital signal.
  • the processing apparatus includes a plurality of systems so as to be parallel to the signal source, and includes a frame verification unit that captures the digital signal frame in the processing apparatus of each system and compares the matching between systems,
  • the input control unit of each system has a function of capturing the digital signal multiple times at an interval larger than the sum of the transmission time error of the digital signal and the signal capture time difference in each system, and the communication control unit of each system And generating the digital signal frame to which the signal value of the digital signal captured multiple times is added for each system.
  • the frame matching unit determines the match of the signal value added to the digital signal frame every time the digital signal is captured, and each of the signal values matches if there is at least one match. It has the function of matching between systems.
  • FIG. 1 It is a figure which shows the communication frame which the A system communication control part and B system communication control part of the digital input device of the control system of the said 1st Embodiment generate
  • FIG. It is a figure which shows a communication frame collation part in case the number of input channels of the control system of the said 1st Embodiment is 2.
  • FIG. It is a figure which shows as a table
  • FIG. It is a figure which shows the communication frame format used for the output request of the control system of the said 1st Embodiment. It is a figure which shows the communication frame format used for the output response of the control system of the said 1st Embodiment. It is a figure which shows the structure of the control system which concerns on the 2nd Embodiment of this invention.
  • FIG. 1 is a diagram showing a configuration of a control system 1 according to the first embodiment of the present invention.
  • the control system of this embodiment can be applied to a site where safety is a top priority, such as a chemical plant or a nuclear power plant.
  • the control system 1 is a digital control device in which internal functions are duplexed (multiplexed) between the A system and the B system in order to improve reliability. Duplexing by the A system and the B system is an example and can be similarly applied to multiplexing of three or more.
  • the control system 1 includes an arithmetic device 100, a digital input device 200, and a digital output device 300.
  • the arithmetic device 100, the digital input device 200, and the digital output device 300 are connected by a communication line 400, and communication between the devices 100, 200, and 300 is performed by a frame.
  • each of the input device and the output device has a digital type and an analog type.
  • a plurality of input / output devices can be connected to the communication line 400.
  • a signal source 410 of a digital signal input from a system or a plant is connected to the digital input device 200, and a control target 420 of the control system 1 is connected to the digital output device 300.
  • the control is performed with the arithmetic device 100 serving as a master.
  • the computing device 100 makes a data input request to the digital input device 200 via the communication line 400 in order to acquire input data necessary for control computation.
  • the digital input device 200 takes in the input data from the signal source 410 and outputs the acquired data as a response to the arithmetic device 100 via the communication line 400.
  • the arithmetic device 100 performs control arithmetic based on the acquired input data.
  • the arithmetic device 100 makes a data output request to the digital output device 300 via the communication line 400 in order to output the arithmetic result to the control target 420.
  • the digital output device 300 that has received the data output request outputs to the control object 420 according to the received data and notifies the arithmetic device 100 via the communication line 400 in order to notify the completion of the data output. Output a response.
  • the arithmetic device 100 includes an A-system arithmetic device 110, a B-system arithmetic device 120, a frame matching unit 130, and a SW 131.
  • the A system computing device 110 includes an A system computing unit 111 that performs computation based on input data, and an A system communication control unit 112 that controls communication between the devices.
  • the B-system arithmetic device 120 includes a B-system arithmetic unit 121 that performs an operation based on input data, and a B-system communication control unit 122 that controls communication between the devices.
  • the A-system arithmetic unit 111 and the B-system arithmetic unit 121, the A-system communication control unit 112, and the B-system communication control unit 122 have a duplex configuration of the A-system arithmetic device 110 and the B-system arithmetic device 120.
  • a communication frame from the communication line 400 is input in parallel to the A-system arithmetic device 110 and the B-system arithmetic device 120.
  • the frame collation unit 130 collates communication frames output from the A-system arithmetic device 110 and the B-system arithmetic device 120.
  • the digital input device 200 includes an A-system digital input device 210, a B-system digital input device 220, a frame verification unit 230, and SW235 (blocking means).
  • the A-system digital input device 210 includes an A-system communication control unit 211 that controls communication between devices, and an A-system input control unit 213 that captures digital input data from the signal source 410.
  • the B-system digital input device 220 includes a B-system communication control unit 221 that controls communication between devices, and a B-system input control unit 223 that captures digital input data from the signal source 410.
  • the A system communication control unit 211 and the B system communication control unit 221, the A system input control unit 213, and the B system input control unit 223 have a duplex configuration of the A system digital input device 210 and the B system digital input device 220.
  • the A system input control unit 213 and the B system input control unit 223 are configured such that the A system operates with the first clock to capture the digital signal value, and the B system operates with the second clock to acquire the digital signal value. You may capture it. Even if the internal function is duplicated in the A system and the B system to improve reliability, if the clock for operating the internal function is different, the digital signal is captured between the A system and the B system due to the difference in operating frequency. There may be some error in timing.
  • a communication frame from the communication line 400 is input to the A-system digital input device 210 and the B-system digital input device 220 in parallel.
  • the A system input control unit 213 and the B system input control unit 223 input the digital signal from the signal source 410 in parallel to the A system and the B system, and the duplexed A system and B system digital signal transmission time errors and signals
  • the digital signal value is captured at least twice at a time interval larger than the sum of the capture time differences, and the digital signal value captured twice is held.
  • the A-system communication control unit 211 and the B-system communication control unit 221 generate a communication frame to which the digital signal value captured twice is added.
  • the frame collation unit 230 collates communication frames output from the A-system digital input device 210 and the B-system digital input device 220.
  • the frame matching unit 230 determines whether the digital signal value added to the digital signal frame matches each time the digital signal is captured, and if there is at least one matching of the digital signal value, matching between the systems is matched. It has the function. Specifically, when the above-described rounding is performed twice, the frame matching unit 230 calculates the digital signal value (signal value) captured in the first time of the communication frame generated by each of the A system and the B system and the second time. If at least one of the captured digital signal values (signal value) matches (once), it is regarded as a matching match.
  • the frame collation unit 230 also performs collation for other than the digital signal values captured twice. For example, the frame collation unit 230 performs collation other than the digital signal value captured twice for the communication frames generated by the A system and the B system, and the digital signal value captured for the first time of the communication frame and 2 If at least one of the digital signal values captured for the second time matches and matches, and other than the digital signal values match, it is determined that the matching results match.
  • the frame matching unit 230 performs matching other than the digital signal value captured twice for the communication frames generated by the A system and the B system, and the digital signal value captured for the first time of the communication frame and 2 If both of the digital signal values captured for the second time do not match, or if the check other than the digital signal values does not match, it is determined that the check results do not match.
  • SW 235 blocks the signal transmission path when the frame verification results do not match in accordance with the instruction from frame verification unit 230 to prevent the corresponding communication frame from being transmitted to another device.
  • the digital output device 300 includes an A-system digital output device 310, a B-system digital output device 320, a frame matching unit 330, and a SW 331.
  • the A-system digital output device 310 includes an A-system communication control unit 311 that controls communication between devices, and an A-system output control unit 312 that outputs data to the control target 420.
  • the B-system digital output device 320 includes a B-system communication control unit 321 that controls communication between devices, and a B-system output control unit 322 that outputs data to the control target 420.
  • the A system communication control unit 311 and the B system communication control unit 321, the A system output control unit 312, and the B system output control unit 322 have a duplex configuration of the A system digital output device 310 and the B system digital output device 320.
  • a communication frame from the communication line 400 is input in parallel to the A-system digital output device 310 and the B-system digital output device 320.
  • the frame collation unit 330 collates communication frames output from the A-system digital output device 310 and the B-system digital output device 320.
  • FIG. 2 is a diagram showing a communication frame format used for an input request of the control system 1.
  • the communication frame format of the input request includes a start flag 500 indicating the head of the frame, a mode area 501 indicating input / output and request / response, a transmission destination address 507, and a transmission source address 508.
  • the address area 502 includes a data size area 503 that specifies the size of input data, a CRC area 504 that ensures the soundness of the frame, and an end flag 505 that indicates the end of the frame.
  • the mode area 501 contains a bit 506 indicating an input request.
  • communication frames sent by the A-system communication control unit 112 of the A-system arithmetic device 110 of the arithmetic device 100 and the B-system communication control unit 122 of the B-system arithmetic device 120 are collated by the frame collation unit 130.
  • frame collating section 130 determines that both A-system arithmetic device 110 and B-system arithmetic device 120 are operating normally, and sends the communication frame of A-system arithmetic device 110 to communication line 400.
  • the communication frame matching unit 130 determines that there is an abnormality in either the A-system arithmetic device 110 or the B-system arithmetic device 120 when the collation results do not match, and the SW 131 blocks (blocks the signal transmission path). ) To prevent abnormal communication frames from being sent to other devices.
  • the A-system communication control unit 112 and the B-system communication control unit 122 of the arithmetic device 100 receive an output response frame addressed to the self-device from the digital output device 300 via the communication line 400, the output is output. Judge that completed.
  • FIG. 3 and FIG. 4 are diagrams showing inconsistencies in captured data due to transmission time errors and asynchronous errors.
  • FIG. 3 shows a case where data is inconsistent due to a transmission time error.
  • FIG. 3 shows a case where there is no asynchronous error between the A-system digital input device 210 and the B-system digital input device 220.
  • the digital input data A600 received by the A system digital input device 210 and the digital input data B601 received by the B system digital input device 220 are the same as those of the A system digital input device 210 and the B system digital input device 220.
  • the timing of the digital value change is shifted by the transmission time error 603.
  • the digital value change timing and the A / B capture timing 602 overlap, the data captured by the A system digital input device 210 is “1”, and the data captured by the B system digital input device 220 is “0”. Are inconsistent.
  • FIG. 4 shows a case where data is inconsistent due to an asynchronous error.
  • FIG. 4 shows a case where there is no transmission time error between the digital input data A604 received by the A-system digital input device 210 and the digital input data B605 received by the B-system digital input device 220.
  • the capture timing 606 of the A system digital input device 210 and the capture timing 607 of the B system digital input device 220 May be shifted by the amount of the asynchronous error 608.
  • the digital value change timing the A system capture timing 606 and the B system capture timing 607 overlap, the data captured by the A system digital input device 210 is “0”, and the data captured by the B system digital input device 220 is “1”. "And they are inconsistent.
  • the control system 1 is a digital unit including the A-system digital input device 210, the B-system digital input device 220, the frame collation unit 230, and the SW 235.
  • An input device 200 is provided.
  • the A-system digital input device 210 and the B-system digital input device 220 include an A-system communication control unit 211 and a B-system communication control unit 221 that are duplicated in the A-system and the B-system, an A-system input control unit 213, and a B-system input.
  • the A-system input control unit 213 and the B-system input control unit 223 that have received the data capture instruction are digitally transmitted twice at a time interval larger than the sum of the duplexed A-system and B-system digital signal transmission time errors and signal capture time differences. Captures the signal value and holds the digital signal value captured twice. That is, the A-system input control unit 213 and the B-system input control unit 223 capture the digital signal value from the signal source 410 twice with a time interval longer than the time obtained by adding the transmission time error and the asynchronous error. .
  • the frame matching unit 230 determines whether the digital signal value added to the digital signal frame matches each time the digital signal is captured (here, twice), and the digital signal value matches. If there is at least one time, the matching between each system will be the same.
  • At least one of the first-time acquisition data and the second-time acquisition data matches between the A-system digital input device 210 and the B-system digital input device 220.
  • FIG. 5 to 8 are diagrams showing digital input data of the A system and the B system depending on the capture timing.
  • FIG. 5 shows a case where the timing of the first data acquisition and the data change overlap.
  • the digital input data A700 at the time of the first acquisition of the A system 702 is “1”
  • the digital input data B701 at the time of the first acquisition of the B system 704 is “0”.
  • both the A system second capture 703 and the B system second capture 705 are both "1".
  • Fig. 6 shows a case where there is a data change timing between the first acquisition and the second acquisition.
  • the digital input data A 707 and digital input data B 708 of the first acquisition 709 and 711 are both “0”, and the second acquisition 710 and 712 are both “1”.
  • Fig. 7 shows the case where the second data acquisition and data change timing overlap.
  • the digital input data A714 and digital input data B715 of 716 and 718 at the first capture are both “0” and they match, but the digital digital input data of 717 at the second capture of the A system.
  • A714 is “1”
  • the digital input data B715 at the time of the second acquisition of the B system 719 is “0”.
  • Fig. 8 shows the case where there is no data change at the time of capture.
  • both the digital input data A721 and digital input data B722 of 723 and 725 at the first capture are “0”, and both 724 and 726 at the second capture are “0”. The next) also agrees.
  • the first acquisition data 214, 224 (see FIG. 1) and 2 are acquired by performing data acquisition twice at intervals larger than the time obtained by adding the transmission time error and the asynchronous error. At least one of the second acquisition data 215 and 225 (see FIG. 1) always matches.
  • the first acquisition data and the second acquisition data are stored in the A system input control unit 213 and the B system input control unit 223 (see FIG. 1) of the digital input device 200, respectively.
  • the A-system communication control unit 211 and the B-system communication control unit 221 (see FIG. 1) of the digital input device 200 store the first acquisition data 214, 224 and the second acquisition data 215, 225. Both are used to perform frame generation 212, 222 (see FIG. 1).
  • FIG. 9 and 10 are diagrams illustrating communication frames generated by the A-system communication control unit 211 and the B-system communication control unit 221 of the digital input device 200.
  • FIG. FIG. 9 shows a case where the number of input channels is one.
  • the number of input channels refers to the number of input digital signals.
  • the number of input digital signals is the number of digital signals to be handled independently, and there are cases where the types of digital signals are different. For example, if the external signal source 410 is 3, the number of input channels is 3, and if the signal source 410 is 8, the number of input channels is 8. As shown in FIG.
  • the communication frame format of the input response includes a start flag 800 indicating the beginning of the frame, a mode area 801 indicating input / output and request / response, a transmission destination address 807, and a transmission source address 808.
  • An address area 802 a data area 803 in which input data is placed, a CRC (Cyclic Redundancy Code) area 804 that ensures the soundness of the frame, and an end flag 805 that indicates the end of the frame.
  • the mode area 801 contains a bit 806 representing an input response
  • the data area 803 contains the first fetch data 809 and second fetch data 810 of Ch0.
  • FIG. 10 shows a case where the number of input channels is two.
  • the first capture data 812 of Ch0, the second capture data 813, the first capture data 814 of Ch1, and the second capture are stored in the data area 811.
  • Data 815 is entered.
  • the same configuration is used when the number of input channels is greater than two. For example, when the number of input channels is 3, Ch2 is further added to the data area 811 in FIG. 10, and the first-time acquisition data and the second-time acquisition data are entered in this Ch2. Similarly, when the number of input channels is 8, Ch7 is further added to the data area 811 in FIG. 10, and the first-time acquisition data and the second-time acquisition data are entered in this Ch7.
  • the communication frame verification unit 230 (see FIG. 1) of the digital input device 200 includes the communication frame generated by the A system communication control unit 211 of the A system digital input device 210 and the B system communication control unit 221 of the B system digital input device 220. The communication frame generated by is checked.
  • FIG. 11 is a diagram illustrating the function of the communication frame verification unit 912 when the number of input channels is 1 (Ch0).
  • the communication frame verification unit 912 in FIG. 11 has the same configuration as the communication frame verification unit 230 of the digital input device 200 in FIG. 1 and shows the logic when the number of input channels is 1 in detail.
  • the frame matching unit 912 performs the first data matching 902 on the communication frame 900 generated by the A-system communication control unit 211 and the communication frame 901 generated by the B-system communication control unit 221. Three collations are performed: a second data collation 904 and a collation 906 other than data.
  • the data verification is performed by comparing the first acquired data and the second acquired data for each input channel of the A system and the B system.
  • the number of input channels is 1, the first-time captured data verification and the second-time captured data verification are performed in Ch0. Also, as will be described later, when the number of input channels is 2, the first acquisition data and the second acquisition data are verified at Ch0, and the first acquisition data and the second acquisition are verified at Ch1. Check the data.
  • the first data collation 902 performs the collation 903 of the first captured data in the A-system communication frame 900 and the first captured data in the B-system communication frame 901. Output.
  • the second data collation 904 performs the collation 905 between the second captured data in the A-system communication frame 900 and the second captured data in the B-system communication frame 901. Output.
  • Collation 906 other than data performs collation 907 between a portion (mode and address) other than the data area in the A-system communication frame 900 and a portion (mode and address) other than the data area in the B-system communication frame 901. If the data is different, a mismatch is output.
  • the CRC area of the communication frame 900 is data added to the frame to ensure the data integrity of the communication cable (between devices), and is not data for detecting a communication abnormality in the device. Not performed. Also, the CRC area may be different between the A system and the B system. The start flag and the end flag are also flags for the receiving side to recognize the frame, and thus are not verified.
  • the communication frame verification unit 912 of the digital input device 200 performs a verification result determination that determines whether the operation of the digital input device is normal or abnormal from the results obtained by the three verifications (see reference numeral 908). .
  • the collation result determination 908 first, when both the results of the first data collation 902 and the second data collation 904 are inconsistent, it is determined that the data collation is inconsistent (see reference numeral 909). Next, when at least one of the result of data collation (see reference numeral 909) and the result of collation 907 other than data (see reference numeral 906) is inconsistent, it is determined that the operation of the digital input device is abnormal ( Reference numeral 910). If the determination is abnormal, the SW 235 (see FIG. 1) is blocked to prevent an abnormal communication frame from being sent to another device.
  • FIG. 12 is a table showing a communication frame matching result determination matrix when the number of input channels is 1.
  • white circle marks ( ⁇ marks) indicate the case where the matching results match, and x marks indicate the case where the matching results do not match.
  • the communication frame verification unit 230 (see FIG. 1) of the digital input device 200 performs the first data verification on the communication frame generated by the A-system communication control unit 211 and the communication frame generated by the B-system communication control unit 221. Three collations are performed: a second data collation and a collation other than data.
  • the first captured data in the A-system communication frame is compared with the first captured data in the B-system communication frame, and if the two data are different, a mismatch is output. .
  • the second captured data in the A-system communication frame and the second captured data in the B-system communication frame are collated, and if the two data are different, a mismatch is output.
  • collation other than data is performed by collating the portion other than the data area in the A-system communication frame and the data area other than the data area in the B-system communication frame, and if the two data are different, a mismatch is output. To do.
  • a matching result determination matrix shown in Table 1 of FIG. 12 is obtained.
  • the collation result determination is “normal. Is determined.
  • the collation result with the collation other than the data does not match. If there is, the verification result determination is determined as “abnormal”. This corresponds to the case where the type of captured data itself (mode, address) is different.
  • the verification result determination is determined as “abnormal”. This corresponds to the case where the type of captured data itself (mode, address) is different.
  • the verification result determination is Determined as “abnormal”. In this case, the mismatch determination is the same as in the conventional case.
  • the determination matrix portion surrounded by reference character A in FIG. 12 performs the verification of the first acquisition data, the verification of the second acquisition data, and verification other than the data, and compares the first acquisition data and the second acquisition data. This is a case in which at least one of them (one time) matches, and matching other than data matches.
  • the first-time captured data is collated
  • the second-time captured data is collated
  • other data is collated
  • the present control system 12 is not present in the prior art, and is realized for the first time by the present control system 1.
  • the control system 1 that inputs a digital signal from the signal source 410 in parallel to the A system and the B system, there is a slight error in the timing of capturing the digital signal between the A system and the B system due to a difference in signal transmission time error or operating frequency Can occur.
  • the collation results become inconsistent during normal operation.
  • the determination matrix portion surrounded by the symbol A in FIG. 12 has been conventionally determined as a mismatch of the collation results, that is, an abnormality.
  • FIG. 13 is a diagram illustrating the function of the communication frame verification unit 1015 when the number of input channels is 2 (Ch0, Ch1).
  • the communication frame verification unit 1015 in FIG. 13 has the same configuration as the communication frame verification unit 230 of the digital input device 200 in FIG. 1, and shows the logic when the number of input channels is two in detail.
  • the number of input channels is 2
  • the first acquisition data and the second acquisition data are verified at Ch0
  • the first acquisition data and the second acquisition data are verified at Ch1, and further Perform verification other than data.
  • the first data collation 1002 collates the first fetch data of Ch0 in the A-system communication frame 1000 with the first fetch data of Ch0 in the B-system communication frame 1001 (see reference numeral 1003).
  • the first acquisition data of Ch1 in the system communication frame 1000 is compared with the first acquisition data of Ch1 in the system B communication frame 1001 (see reference numeral 1004). That is, the first fetched data collation 1003 for Ch0 and the first fetched data collation 1004 for Ch1 are performed, and if the A system and B system data are different, a mismatch is output.
  • the second data collation 1005 collates the second fetch data of Ch0 in the A-system communication frame 1000 with the second fetch data of Ch0 in the B-system communication frame 1001 (see reference numeral 1006).
  • the second acquisition data of Ch1 in the A-system communication frame 1000 is compared with the second acquisition data of Ch1 in the B-system communication frame 1001 (see reference numeral 1007). That is, the second fetched data collation 1006 for Ch0 and the second fetched data collation 1007 for Ch1 are performed, and if the A system and B system data are different, a mismatch is output.
  • collation 1008 other than data performs collation 1009 of a portion (mode, address) other than the data area in the A-system communication frame 1000 and a portion (mode, address) other than the data area in the B-system communication frame 1001. If the two data are different, a mismatch is output.
  • the CRC areas of the A-system communication frame 1000 and the B-system communication frame 1001 are data added to the frame to ensure the data integrity of the communication cable (between apparatuses), and are used to detect communication abnormalities within the apparatus. Because it is not the data of, it is not verified. Also, the CRC area may be different between the A system and the B system.
  • the start flag and the end flag are also flags for the receiving side to recognize the frame, and thus are not verified.
  • the collation result determination 1010 first, if the results of the first data collation 1003 and the second data collation 1006 of Ch0 do not match, it is determined that the data collation of Ch0 does not match (see reference numeral 1011). ). Similarly, if both of the results of the first data collation 1004 and the second data collation 1007 of Ch1 do not match, it is determined that the data verification of Ch1 does not match (see reference numeral 1012).
  • FIG. 14 is a table showing a communication frame matching result determination matrix when the number of input channels is two.
  • white circle marks ( ⁇ marks) indicate the case where the matching results match
  • x marks indicate the case where the matching results do not match.
  • the collation result determination is “normal. Is determined.
  • reference sign b in FIG. 14 even if the collation results of the first-time captured data collation and the second-time captured data collation match, the collation results with the collation other than the data are inconsistent. If there is, the verification result determination is determined as “abnormal”.
  • the verification result determination is Determined as “abnormal”. In this case, the mismatch determination is the same as in the conventional case.
  • the first captured data is collated, the second captured data is collated, and other data is collated, and the first captured data and the second captured data are collated.
  • collation coincides with at least one of the captured data (once) and collation other than the data coincides.
  • the first-time captured data is collated, the second-time captured data is collated, and other data is collated, and at least one of the first-time captured data and the second-time captured data (one time). If the collation matches and the collation other than data matches, it is determined that the collation results match, that is, normal.
  • the determination surrounded by the symbol A shown in Table 2 of FIG. 14 corresponding to the example of FIGS. 11 and 12 (when the number of input channels is 1).
  • the determination matrix portion surrounded by reference characters B and C in FIG. 14 is normal.
  • the determination matrix portion surrounded by reference signs A, B, and C shown in Table 2 of FIG. 14 is where both the A system and the B system are operating normally, and should be determined to be normal.
  • the determination matrix portion surrounded by reference signs A, B, and C in FIG. 14 has been conventionally determined to be a mismatch of the collation results, that is, abnormal.
  • normal determination can be made by relieving the abnormality determination in the determination matrix portion surrounded by the symbols A, B, and C in FIG.
  • the first acquisition data (first acquisition data 809 in FIG. 9, The first acquisition data 812 and 814 in FIG. 10 and the second acquisition data (second acquisition data 810 in FIG. 9 and second acquisition data 813 and 815 in FIG. 10) are used for calculation. May be.
  • the A system calculation unit 111 and the B system calculation unit 121 notify the A system communication control unit 112 and the B system communication control unit 122 of the calculation results.
  • the A-system communication control unit 112 and the B-system communication control unit 122 send an output request frame to the digital output device 300 in order to output the calculation result to the control target 420.
  • FIG. 15 is a diagram showing a communication frame format used for an output request.
  • the output request communication frame format includes a start flag 1100 indicating the head of the frame, a mode area 1101 indicating input / output and request / response, a transmission destination address 1108, and a transmission source address 1109.
  • An address area 1102 a data size area 1103 for designating the size of data to be output, a data area 1104 for placing output data, a CRC area 1105 for ensuring the soundness of the frame, and an end flag 1106 for indicating the end of the frame
  • Consists of The mode area 1101 contains a bit 1107 representing an output request.
  • the frames sent by the A-system communication control unit 112 of the A-system arithmetic device 110 and the B-system communication control unit 122 of the B-system arithmetic device 120 are collated by the frame collation unit 130, and if the collation results match, the A-system arithmetic device 110 and B system arithmetic unit 120 are determined to be operating normally, and the frame of A system arithmetic unit 110 is sent to communication line 400. If the collation results do not match, it is determined that there is an abnormality in either the A-system arithmetic device 110 or the B-system arithmetic device 120, the SW 131 is shut off, and an abnormal frame is sent to the other device. prevent.
  • FIG. 16 is a diagram showing a communication frame format used for an output response.
  • the communication frame format of the output response includes a start flag 1200 indicating the head of the frame, a mode area 1201 indicating input / output and request / response, a transmission destination address 1206, and a transmission source address 1207.
  • the address area 1202 includes a CRC area 1203 that ensures the soundness of the frame, and an end flag 1204 that indicates the end of the frame.
  • the mode area 1201 contains a bit 1205 indicating an output response.
  • the communication frame sent by the A-system communication control unit 311 (see FIG. 1) of the A-system digital output device 310 and the A-system communication control unit 321 of the B-system digital output device 320 is collated by the frame collation unit 330.
  • frame collation section 330 determines that both A-system digital output device 310 and B-system digital output device 320 are operating normally, and transmits the communication frame of A-system digital output device 310 to communication line 400. Send it out.
  • the frame collation unit 330 determines that either the A-system digital output device 310 or the B-system digital output device 320 has an abnormality, and the SW 331 blocks (blocks the signal transmission path). ) To prevent abnormal communication frames from being sent to other devices.
  • the control system 1 includes the arithmetic device 100, the digital input device 200, and the digital output device 300, and the devices 100, 200, and 300 are connected by the communication line 400. Communication between the devices 100, 200, and 300 is performed using frames.
  • the digital input device 200 inputs the digital signal from the signal source 410 in parallel to the A system and the B system, and has a time interval that is larger than the sum of the double A system and B system digital signal transmission time errors and the signal acquisition time difference. Captures the value of the digital signal at least twice, and generates a communication frame with the A-system input control unit 213 and the B-system input control unit 223 holding the digital signal value captured twice, and the digital signal value captured twice.
  • the A system communication control unit 211 and the B system communication control unit 221 to be duplicated in the A system and the B system are provided. Also, a frame matching unit that is regarded as a matching match if at least one of the first digital signal value and the second digital signal value captured in the communication frame generated by each of the A system and the B system matches. 230.
  • the input value of the digital signal may be different between the A system and the B system of the duplexed input control unit due to an asynchronous error due to a transmission time error or a difference in operating frequency.
  • the A-system input control unit 213 and the B-system input control unit 223 perform the digital signal twice with an interval greater than the time obtained by adding the transmission time error and the asynchronous error. The value is fetched, and the first fetch data and the second fetch data are held.
  • the A-system communication control unit 211 and the B-system communication control unit 221 communicate both the first acquisition data and the second acquisition data held by the A system input control unit 213 and the B system input control unit 223.
  • the frame collation unit 230 performs first-time captured data verification, second-time captured data verification on the communication frames generated by the duplexed A-system input control unit 213 and B-system input control unit 223, respectively. , Collation other than data is performed, and if at least one of the first captured data and the second captured data is collated and the collation other than the data matches, the collation result is matched, that is, it is determined to be normal. To do. In addition, if both the first-time captured data and the second-time captured data are inconsistent, or the collation other than the data is inconsistent, it is determined that the collation result is inconsistent, that is, abnormal.
  • both the A system and the B system are operating normally. It can be avoided that the collation results are inconsistent.
  • both the A system and the B system operate normally in the determination matrix portion surrounded by the symbol A shown in Table 1 of FIG. 12 and the determination matrix portion surrounded by the symbols A, B, and C shown in Table 2 of FIG. It should be judged that it is normal.
  • the abnormality determination in the determination matrix portion is relieved and the normal determination is made. For the same reason, even if the determination method of this embodiment is adopted, the reliability is not lowered.
  • FIG. 17 is a diagram showing a configuration of the control system 2 according to the second embodiment of the present invention.
  • FIG. 17 shows an example in which the frame matching unit has a duplex configuration.
  • the control system 2 includes an arithmetic device 2100, a digital input device 2200, and a digital output device 2300.
  • the arithmetic device 2100, the digital input device 2200, and the digital output device 2300 are connected by a communication line 400, and communication between the devices 2100, 2200, and 2300 is performed by frames.
  • the control is performed by the arithmetic device 2100 serving as a master.
  • the arithmetic device 100 makes a data input request to the digital input device 2200 via the communication line 400 in order to acquire input data necessary for control arithmetic.
  • the digital input device 2200 takes in the input data from the signal source 410 and outputs the acquired data as a response to the arithmetic device 2100 via the communication line 400.
  • the arithmetic device 2100 performs control arithmetic based on the acquired input data.
  • the arithmetic device 2100 makes a data output request to the digital output device 2300 via the communication line 400 in order to output the arithmetic result to the control target 420.
  • the digital output device 300 that has received the data output request outputs to the control target 420 according to the received data and notifies the arithmetic device 2100 via the communication line 400 in order to notify the completion of the data output. Output a response.
  • the arithmetic device 2100 includes an A-system arithmetic device 2110, a B-system arithmetic device 2120, SW 2131, and SW 2141.
  • the A system computing device 2110 includes an A system computing unit 111 that performs computation based on input data, an A system communication control unit 112 that controls communication between devices, and an A system frame matching unit 2130.
  • the B-system arithmetic device 120 includes a B-system arithmetic unit 121 that performs an operation based on input data, a B-system communication control unit 122 that controls communication between the devices, and a B-system frame matching unit 2140.
  • the communication frame verification unit of the computing device 2100 is duplicated by the A system frame verification unit 2130 and the B system frame verification unit 2140, and each communication frame verification unit verifies the A system communication frame and the B system communication frame.
  • the arithmetic device 2100 blocks the SW 2131 (SW1) to prevent an abnormal communication frame from being sent to another device.
  • the arithmetic device 2100 blocks the SW 2141 (SW2) and prevents an abnormal communication frame from being sent to another device.
  • Arithmetic device 2100 determines that it is operating normally when both A-system communication frame verification unit 2130 and B-system communication frame verification unit 2140 determine that they match, and transmits the A-system communication frame to the communication line. To 400.
  • the digital input device 2200 includes an A-system digital input device 2210, a B-system digital input device 2220, SW2235 (SW1), and SW2245 (SW2).
  • the A-system digital input device 2210 includes an A-system communication control unit 211 that controls communication between devices, an A-system input control unit 213 that captures digital input data from the signal source 410, and an A-system frame matching unit 2230.
  • the B-system digital input device 220 includes a B-system communication control unit 221 that controls communication between devices, a B-system input control unit 223 that captures digital input data from the signal source 410, a B-system frame verification unit 2240, Is provided.
  • the digital input device 2200 is duplexed by an A-system frame matching unit 2230 and a B-system frame matching unit 2240, and each communication frame matching unit collates an A-system communication frame and a B-system communication frame.
  • each communication frame matching unit collates an A-system communication frame and a B-system communication frame.
  • the digital input device 2200 blocks the SW 2235 to prevent an abnormal communication frame from being sent to another device.
  • the digital input device 2200 blocks the SW 2245 to prevent an abnormal communication frame from being sent to another device.
  • both the A-system communication frame matching unit 2230 and the B-system communication frame matching unit 2240 determine that they match, the digital input device 2200 determines that the system is operating normally and communicates the A-system communication frame. Send to line 400.
  • the digital output device 2300 includes an A-system digital output device 2310, a B-system digital output device 2320, SW2314 (SW1), and SW2324 (SW2).
  • the A-system digital output device 2310 includes an A-system communication control unit 311 that controls communication between devices, an A-system output control unit 312 that outputs data to the control target 420, and an A-system frame matching unit 2330.
  • the B-system digital output device 320 includes a B-system communication control unit 321 that controls communication between devices, a B-system output control unit 322 that outputs data to the control target 420, and a B-system frame verification unit 2340. Prepare.
  • the communication frame verification unit of the digital output device 2300 is duplexed by the A system frame verification unit 2330 and the B system frame verification unit 2340, and each communication frame verification unit collates the A system communication frame and the B system communication frame.
  • the digital output device 2300 blocks the SW 2314 to prevent an abnormal communication frame from being sent to another device.
  • the digital output device 2300 blocks the SW 2324 to prevent an abnormal communication frame from being sent to another device.
  • the digital output device 2300 determines that the A system communication frame collation unit 2330 and the B system communication frame collation unit 2340 are collated and coincides with each other, determines that the digital communication apparatus 2300 is operating normally, and communicates the A system communication frame. Send to line 400.
  • the frame collation units of the arithmetic device 2100, the digital input device 2200, and the digital output device 2300 are configured to be A-system and B-system duplex configurations. Can be further enhanced.
  • control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

Abstract

The purpose of the present invention is to provide a control system which is capable of avoiding a comparison result mismatch during regular operation. A digital input device (200) of a control system (1) comprises, duplexed in a System A and a System B: a System A input control unit (213) and a System B input control unit (223) which receive input in parallel of a digital signal from a signal source (410) to the System A and the System B, capture digital signal values at least twice at a time interval which is greater than the sum of a digital signal transmission time error and a signal capture time lag of the duplexed System A and System B, and retain the first and second captured digital signal values; and a System A communication control unit (211) and a System B communication control unit (221) which generate communication frames with the first and second captured digital signal values added. The digital input device (200) further comprises a frame comparison unit (230) which treats as a comparison match a situation in which there is a match between the first captured digital signal values and/or the second captured digital signal values of the communication frames which the System A and System B have respectively generated.

Description

制御システムControl system
 本発明は、制御システムに関する。 The present invention relates to a control system.
 化学プラントや原子力発電所といった、安全確保が最優先される現場に用いられる制御システムには、特に高い信頼性が求められる。これらの制御システムでは、演算装置や入出力装置単体を内部で二重化し、二重化した各系の出力を照合し、装置の異常を検出可能とすることで、信頼性を高めている。 High reliability is required for control systems used in fields where safety is a top priority, such as chemical plants and nuclear power plants. In these control systems, the reliability is improved by duplicating the arithmetic device and the input / output device alone and collating the output of each of the duplicated systems so that an abnormality of the device can be detected.
 特許文献1には、複数のデジタル入出力接点のデータを二重化したDIボードに読み込み、それぞれのDIボードをDIモジュールに組み込み、それぞれのDIボードに接続する伝送ケーブルを経てデータを入出力制御装置に取り込む二重化計装システムにおいて、前記入出力制御装置は、それぞれのDIボードの読み込みタイミングを同期させて取り込むデータの不一致を回避するように、それぞれのDIボードへ通信用の同期信号用ケーブルを接続することを特徴とする二重化計装システムが記載されている。 In Patent Document 1, data of a plurality of digital input / output contacts is read into a duplicated DI board, each DI board is incorporated into a DI module, and the data is input to the input / output control device via a transmission cable connected to each DI board. In the dual instrumentation system for capturing, the input / output control device connects a synchronization signal cable for communication to each DI board so as to avoid the mismatch of the data to be captured by synchronizing the reading timing of each DI board. A dual instrumentation system is described.
 特許文献2には、プラントからのデジタル信号を入力する2重化された入力回路と、前記2重化された入力回路からの出力信号を比較し異常の有無を検出する比較回路を有するデジタル入力装置において、前記入力回路から出力される信号の変化点を検出する信号変化検出手段と、前記プラントから入力されるデジタル信号のパルス幅に対し1/nの間隔で計数し、前記信号変化検出手段の出力により計数値をクリアする計数手段と、前記比較回路からの異常検出信号を一時的に格納する保持手段とを備え、前記計数手段による計数値が所定値に達した時点で、前記保持手段に格納されている異常検出信号を出力する診断機能付きデジタル入力装置が記載されている。 Patent Document 2 discloses a digital input having a duplexed input circuit that inputs a digital signal from a plant and a comparator circuit that compares the output signal from the duplexed input circuit and detects the presence or absence of an abnormality. In the apparatus, signal change detecting means for detecting a change point of the signal output from the input circuit, and counting at an interval of 1 / n with respect to the pulse width of the digital signal input from the plant, the signal change detecting means Counting means for clearing the count value by the output of and a holding means for temporarily storing the abnormality detection signal from the comparison circuit, and when the count value by the counting means reaches a predetermined value, the holding means Describes a digital input device with a diagnostic function for outputting an abnormality detection signal stored in the computer.
特開平11-219322号公報JP-A-11-219322 特開平8-221116号公報JP-A-8-221116
 しかしながら、このような従来の二重化(多重化)入力装置では、下記の課題がある。
 A系とB系に二重化され、信号源からのデジタル信号をA系とB系に並列に入力する制御システムにおいて、信号伝達時間誤差や動作周波数の違いによってA系とB系の間でデジタル信号の取り込みタイミングに若干の誤差が発生する。この取り込みタイミング誤差により、デジタル信号の値が変化するタイミングと、A系とB系のデータ取り込みタイミングが重なった場合、A系とB系の間で取り込んだデジタル信号の値が異なる可能性がある。このように、A系とB系がともに正常動作しているにもかかわらず、照合結果の不一致が発生するという課題があった。 However, such a conventional duplex (multiplex) input device has the following problems.
In a control system that is duplicated in the A system and the B system and inputs a digital signal from a signal source in parallel to the A system and the B system, the digital signal between the A system and the B system due to a signal transmission time error or a difference in operating frequency. There is a slight error in the capture timing. Due to this capture timing error, if the timing at which the value of the digital signal changes and the data capture timing of the A system and the B system overlap, the value of the captured digital signal may differ between the A system and the B system. . As described above, there is a problem in that the collation result is inconsistent even though both the A system and the B system are operating normally.
 本発明の目的は、正常動作時に照合結果が不一致となることを回避することが可能な制御システムを提供することにある。 An object of the present invention is to provide a control system capable of avoiding mismatching of verification results during normal operation.
 前記課題を解決するため、本発明による制御システムは、信号源からのデジタル信号を取り込んで入力する入力制御部と、前記取り込んだデジタル信号に基づいてデジタル信号フレームを生成する通信制御部とを有する処理装置を、前記信号源に対して並列となるように複数系統を備えるとともに、各系統の前記処理装置における前記デジタル信号フレームを取り込んで系統間での一致を照合するフレーム照合部を備え、前記各系統の入力制御部は、前記各系統における前記デジタル信号の伝達時間誤差と信号取り込み時間差の合計よりも大きい間隔で前記デジタル信号を複数回取り込む機能を有し、前記各系統の通信制御部は、前記複数回取り込んだ前記デジタル信号の信号値を付加した前記デジタル信号フレームを系統ごとに生成する機能を有し、前記フレーム照合部は、前記デジタル信号フレームに付加された前記信号値の一致をデジタル信号の取り込みの回次ごとに判定し、前記信号値の一致が少なくとも1回あれば前記各系統間での照合が一致とする機能を有する。 In order to solve the above problems, a control system according to the present invention includes an input control unit that captures and inputs a digital signal from a signal source, and a communication control unit that generates a digital signal frame based on the captured digital signal. The processing apparatus includes a plurality of systems so as to be parallel to the signal source, and includes a frame verification unit that captures the digital signal frame in the processing apparatus of each system and compares the matching between systems, The input control unit of each system has a function of capturing the digital signal multiple times at an interval larger than the sum of the transmission time error of the digital signal and the signal capture time difference in each system, and the communication control unit of each system And generating the digital signal frame to which the signal value of the digital signal captured multiple times is added for each system. The frame matching unit determines the match of the signal value added to the digital signal frame every time the digital signal is captured, and each of the signal values matches if there is at least one match. It has the function of matching between systems.
 本発明によれば、正常動作時に照合結果が不一致となることを回避することが可能な制御システムを提供することができる。 According to the present invention, it is possible to provide a control system capable of avoiding a mismatch in verification results during normal operation.
本発明の第1の実施形態に係る制御システムの構成を示す図である。It is a figure which shows the structure of the control system which concerns on the 1st Embodiment of this invention. 上記第1の実施形態に係る制御システムの入力要求に用いる通信フレームフォーマットを示す図である。It is a figure which shows the communication frame format used for the input request of the control system which concerns on the said 1st Embodiment. 上記第1の実施形態に係る制御システムの伝達時間誤差による取込データ不一致を示す図である。It is a figure which shows the acquisition data mismatch by the transmission time error of the control system which concerns on the said 1st Embodiment. 上記第1の実施形態の制御システムの非同期誤差による取込データ不一致を示す図である。It is a figure which shows the acquisition data mismatch by the asynchronous error of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムの取り込みタイミングによるA系とB系のデジタル入力データを示す図である。It is a figure which shows the A system and B system digital input data by the taking-in timing of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムの取り込みタイミングによるA系とB系のデジタル入力データを示す図である。It is a figure which shows the A system and B system digital input data by the taking-in timing of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムの取り込みタイミングによるA系とB系のデジタル入力データを示す図である。It is a figure which shows the A system and B system digital input data by the taking-in timing of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムの取り込みタイミングによるA系とB系のデジタル入力データを示す図である。It is a figure which shows the A system and B system digital input data by the taking-in timing of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムのデジタル入力装置のA系通信制御部およびB系通信制御部が生成する通信フレームを示す図である。It is a figure which shows the communication frame which the A system communication control part and B system communication control part of the digital input device of the control system of the said 1st Embodiment generate | occur | produce. 上記第1の実施形態の制御システムのデジタル入力装置のA系通信制御部およびB系通信制御部が生成する通信フレームを示す図である。It is a figure which shows the communication frame which the A system communication control part and B system communication control part of the digital input device of the control system of the said 1st Embodiment generate | occur | produce. 上記第1の実施形態の制御システムの入力チャンネル数が1の場合の通信フレーム照合部を示す図である。It is a figure which shows a communication frame collation part in case the number of input channels of the control system of the said 1st Embodiment is 1. 上記第1の実施形態の制御システムの入力チャンネル数が1のときの通信フレーム照合結果判定マトリクスを表にして示す図である。It is a figure which shows as a table | surface the communication frame collation result determination matrix when the number of input channels of the control system of the said 1st Embodiment is 1. FIG. 上記第1の実施形態の制御システムの入力チャンネル数が2の場合の通信フレーム照合部を示す図である。It is a figure which shows a communication frame collation part in case the number of input channels of the control system of the said 1st Embodiment is 2. FIG. 上記第1の実施形態の制御システムの入力チャンネル数が2のときの通信フレーム照合結果判定マトリクスを表にして示す図である。It is a figure which shows as a table | surface the communication frame collation result determination matrix when the number of input channels of the control system of the said 1st Embodiment is 2. FIG. 上記第1の実施形態の制御システムの出力要求に用いる通信フレームフォーマットを示す図である。It is a figure which shows the communication frame format used for the output request of the control system of the said 1st Embodiment. 上記第1の実施形態の制御システムの出力応答に用いる通信フレームフォーマットを示す図である。It is a figure which shows the communication frame format used for the output response of the control system of the said 1st Embodiment. 本発明の第2の実施形態に係る制御システムの構成を示す図である。It is a figure which shows the structure of the control system which concerns on the 2nd Embodiment of this invention.
 以下、本発明の実施形態について図面を参照して詳細に説明する。
(第1の実施形態)
 図1は、本発明の第1の実施形態に係る制御システム1の構成を示す図である。本実施形態の制御システムは、化学プラントや原子力発電所といった、安全確保が最優先される現場に適用できる。
 制御システム1は、信頼性向上のために内部機能をA系とB系で二重化(多重化)したデジタル制御装置である。A系とB系による二重化は、一例であり、3以上の多重化でも同様に適用できる。
 図1に示すように、制御システム1は、演算装置100と、デジタル入力装置200と、デジタル出力装置300と、を備える。演算装置100とデジタル入力装置200とデジタル出力装置300とは、通信回線400により接続され、各装置100,200,300間の通信は、フレームによって行われる。また、入力装置、出力装置には、それぞれデジタルとアナログの種別がある。通信回線400には、図1のデジタル入力装置200およびデジタル出力装置300以外にも、複数の入出力装置を接続することが可能である。また、系統あるいはプラントから入力されるデジタル信号の信号源410がデジタル入力装置200に接続され、制御システム1の制御対象420がデジタル出力装置300に接続される。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(First embodiment)
FIG. 1 is a diagram showing a configuration of a control system 1 according to the first embodiment of the present invention. The control system of this embodiment can be applied to a site where safety is a top priority, such as a chemical plant or a nuclear power plant.
The control system 1 is a digital control device in which internal functions are duplexed (multiplexed) between the A system and the B system in order to improve reliability. Duplexing by the A system and the B system is an example and can be similarly applied to multiplexing of three or more.
As shown in FIG. 1, the control system 1 includes an arithmetic device 100, a digital input device 200, and a digital output device 300. The arithmetic device 100, the digital input device 200, and the digital output device 300 are connected by a communication line 400, and communication between the devices 100, 200, and 300 is performed by a frame. In addition, each of the input device and the output device has a digital type and an analog type. In addition to the digital input device 200 and the digital output device 300 in FIG. 1, a plurality of input / output devices can be connected to the communication line 400. In addition, a signal source 410 of a digital signal input from a system or a plant is connected to the digital input device 200, and a control target 420 of the control system 1 is connected to the digital output device 300.
 制御は、演算装置100がマスタとなって実施する。まず、演算装置100は、制御演算に必要となる入力データを取得するため、通信回線400を介してデジタル入力装置200に対して、データの入力要求を行う。データ入力要求を受けたデジタル入力装置200は、信号源410から入力データの取り込みを行い、通信回線400を介して演算装置100に対して、取得したデータを応答として出力する。
 演算装置100は、取得した入力データを元に制御演算を行う。演算装置100は、演算結果を制御対象420に出力するため、通信回線400を介してデジタル出力装置300に対して、データ出力の要求を行う。データ出力要求を受けたデジタル出力装置300は、制御対象420に対して受け取ったデータに応じた出力を行い、データ出力が完了したことを通知するため、通信回線400を介して演算装置100に対して応答を出力する。 The control is performed with the arithmetic device 100 serving as a master. First, the computing device 100 makes a data input request to the digital input device 200 via the communication line 400 in order to acquire input data necessary for control computation. Upon receiving the data input request, the digital input device 200 takes in the input data from the signal source 410 and outputs the acquired data as a response to the arithmetic device 100 via the communication line 400.
The arithmetic device 100 performs control arithmetic based on the acquired input data. The arithmetic device 100 makes a data output request to the digital output device 300 via the communication line 400 in order to output the arithmetic result to the control target 420. The digital output device 300 that has received the data output request outputs to the control object 420 according to the received data and notifies the arithmetic device 100 via the communication line 400 in order to notify the completion of the data output. Output a response.
 <演算装置>
 演算装置100は、A系演算装置110と、B系演算装置120と、フレーム照合部130と、SW131と、を備える。
 A系演算装置110は、入力データを元に演算を行うA系演算部111と、装置間の通信を制御するA系通信制御部112と、を備える。また、B系演算装置120は、入力データを元に演算を行うB系演算部121と、装置間の通信を制御するB系通信制御部122と、を備える。
 A系演算部111およびB系演算部121と、A系通信制御部112およびB系通信制御部122とは、A系演算装置110とB系演算装置120の二重化構成である。また、通信回線400からの通信フレームは、A系演算装置110とB系演算装置120に並列に入力される。
 フレーム照合部130は、A系演算装置110とB系演算装置120が出力する通信フレームを照合する。A系演算装置110の通信フレームとB系演算装置120の通信フレームとを照合することにより、装置の異常判定の信頼性を向上している。 <Calculation device>
The arithmetic device 100 includes an A-system arithmetic device 110, a B-system arithmetic device 120, a frame matching unit 130, and a SW 131.
The A system computing device 110 includes an A system computing unit 111 that performs computation based on input data, and an A system communication control unit 112 that controls communication between the devices. The B-system arithmetic device 120 includes a B-system arithmetic unit 121 that performs an operation based on input data, and a B-system communication control unit 122 that controls communication between the devices.
The A-system arithmetic unit 111 and the B-system arithmetic unit 121, the A-system communication control unit 112, and the B-system communication control unit 122 have a duplex configuration of the A-system arithmetic device 110 and the B-system arithmetic device 120. A communication frame from the communication line 400 is input in parallel to the A-system arithmetic device 110 and the B-system arithmetic device 120.
The frame collation unit 130 collates communication frames output from the A-system arithmetic device 110 and the B-system arithmetic device 120. By comparing the communication frame of the A-system arithmetic device 110 with the communication frame of the B-system arithmetic device 120, the reliability of the abnormality determination of the device is improved.
 <デジタル入力装置>
 デジタル入力装置200は、A系デジタル入力装置210と、B系デジタル入力装置220と、フレーム照合部230と、SW235(遮断手段)と、を備える。
 A系デジタル入力装置210は、装置間の通信を制御するA系通信制御部211と、信号源410からデジタル入力データを取り込むA系入力制御部213と、を備える。また、B系デジタル入力装置220は、装置間の通信を制御するB系通信制御部221と、信号源410からデジタル入力データを取り込むB系入力制御部223と、を備える。
 A系通信制御部211およびB系通信制御部221と、A系入力制御部213およびB系入力制御部223とは、A系デジタル入力装置210とB系デジタル入力装置220の二重化構成である。 <Digital input device>
The digital input device 200 includes an A-system digital input device 210, a B-system digital input device 220, a frame verification unit 230, and SW235 (blocking means).
The A-system digital input device 210 includes an A-system communication control unit 211 that controls communication between devices, and an A-system input control unit 213 that captures digital input data from the signal source 410. The B-system digital input device 220 includes a B-system communication control unit 221 that controls communication between devices, and a B-system input control unit 223 that captures digital input data from the signal source 410.
The A system communication control unit 211 and the B system communication control unit 221, the A system input control unit 213, and the B system input control unit 223 have a duplex configuration of the A system digital input device 210 and the B system digital input device 220.
 ここで、A系入力制御部213およびB系入力制御部223は、A系が第1のクロックで動作してデジタル信号値を取り込み、B系が第2のクロックで動作してデジタル信号値を取り込むものでもよい。信頼性向上のために内部機能をA系とB系で二重化した場合であっても、内部機能を動作させるクロックが異なると、動作周波数の違いによってA系とB系の間でデジタル信号の取り込みタイミングに若干の誤差が発生する可能性がある。
 また、通信回線400からの通信フレームは、A系デジタル入力装置210とB系デジタル入力装置220に並列に入力される。 Here, the A system input control unit 213 and the B system input control unit 223 are configured such that the A system operates with the first clock to capture the digital signal value, and the B system operates with the second clock to acquire the digital signal value. You may capture it. Even if the internal function is duplicated in the A system and the B system to improve reliability, if the clock for operating the internal function is different, the digital signal is captured between the A system and the B system due to the difference in operating frequency. There may be some error in timing.
A communication frame from the communication line 400 is input to the A-system digital input device 210 and the B-system digital input device 220 in parallel.
 A系入力制御部213およびB系入力制御部223は、信号源410からのデジタル信号をA系とB系に並列に入力し、二重化されたA系とB系のデジタル信号伝達時間誤差と信号取り込み時間差の合計よりも大きい時間間隔で少なくとも2回デジタル信号の値を取り込み、2回取り込んだデジタル信号値を保持する。
 A系通信制御部211およびB系通信制御部221は、2回取り込んだデジタル信号値を付加した通信フレームを生成する。 The A system input control unit 213 and the B system input control unit 223 input the digital signal from the signal source 410 in parallel to the A system and the B system, and the duplexed A system and B system digital signal transmission time errors and signals The digital signal value is captured at least twice at a time interval larger than the sum of the capture time differences, and the digital signal value captured twice is held.
The A-system communication control unit 211 and the B-system communication control unit 221 generate a communication frame to which the digital signal value captured twice is added.
 フレーム照合部230は、A系デジタル入力装置210とB系デジタル入力装置220が出力する通信フレームを照合する。フレーム照合部230は、デジタル信号フレームに付加されたデジタル信号値の一致をデジタル信号の取り込みの回次ごとに判定し、デジタル信号値の一致が少なくとも1回あれば各系統間での照合が一致とする機能を有する。具体的には、フレーム照合部230は、前記回次を2回とする場合、A系とB系のそれぞれが生成した通信フレームの1回目に取り込んだデジタル信号値(信号値)と2回目に取り込んだデジタル信号値(信号値)の少なくともどちらか一方(1回)が一致していれば照合一致とみなす。 The frame collation unit 230 collates communication frames output from the A-system digital input device 210 and the B-system digital input device 220. The frame matching unit 230 determines whether the digital signal value added to the digital signal frame matches each time the digital signal is captured, and if there is at least one matching of the digital signal value, matching between the systems is matched. It has the function. Specifically, when the above-described rounding is performed twice, the frame matching unit 230 calculates the digital signal value (signal value) captured in the first time of the communication frame generated by each of the A system and the B system and the second time. If at least one of the captured digital signal values (signal value) matches (once), it is regarded as a matching match.
 フレーム照合部230は、2回取り込んだデジタル信号値以外についても照合を行う。例えば、フレーム照合部230は、A系とB系のそれぞれが生成した通信フレームに対して、2回取り込んだデジタル信号値以外の照合を行い、通信フレームの1回目に取り込んだデジタル信号値と2回目に取り込んだデジタル信号値の少なくともどちらか一方が照合一致し、かつデジタル信号値以外の照合が一致となった場合は、照合結果一致と判定する。また、フレーム照合部230は、A系とB系のそれぞれが生成した通信フレームに対して、2回取り込んだデジタル信号値以外の照合を行い、通信フレームの1回目に取り込んだデジタル信号値と2回目に取り込んだデジタル信号値のどちらも照合不一致となるか、またはデジタル信号値以外の照合が不一致となった場合は、照合結果不一致と判定する。A系デジタル入力装置210の通信フレームとB系デジタル入力装置220の通信フレームとを照合することにより、データ照合の信頼性を向上している。 The frame collation unit 230 also performs collation for other than the digital signal values captured twice. For example, the frame collation unit 230 performs collation other than the digital signal value captured twice for the communication frames generated by the A system and the B system, and the digital signal value captured for the first time of the communication frame and 2 If at least one of the digital signal values captured for the second time matches and matches, and other than the digital signal values match, it is determined that the matching results match. In addition, the frame matching unit 230 performs matching other than the digital signal value captured twice for the communication frames generated by the A system and the B system, and the digital signal value captured for the first time of the communication frame and 2 If both of the digital signal values captured for the second time do not match, or if the check other than the digital signal values does not match, it is determined that the check results do not match. By verifying the communication frame of the A-system digital input device 210 and the communication frame of the B-system digital input device 220, the reliability of data verification is improved.
 SW235は、フレーム照合部230からの指示に従って、フレームの照合結果が不一致の場合に信号送出経路を遮断して、該当する通信フレームが他の装置に送出されることを防ぐ。 SW 235 blocks the signal transmission path when the frame verification results do not match in accordance with the instruction from frame verification unit 230 to prevent the corresponding communication frame from being transmitted to another device.
 <デジタル出力装置>
 デジタル出力装置300は、A系デジタル出力装置310と、B系デジタル出力装置320と、フレーム照合部330と、SW331と、を備える。
 A系デジタル出力装置310は、装置間の通信を制御するA系通信制御部311と、制御対象420へデータを出力するA系出力制御部312と、を備える。また、B系デジタル出力装置320は、装置間の通信を制御するB系通信制御部321と、制御対象420へデータを出力するB系出力制御部322と、を備える。
 A系通信制御部311およびB系通信制御部321と、A系出力制御部312およびB系出力制御部322とは、A系デジタル出力装置310とB系デジタル出力装置320の二重化構成である。通信回線400からの通信フレームは、A系デジタル出力装置310とB系デジタル出力装置320に並列に入力される。
 フレーム照合部330は、A系デジタル出力装置310とB系デジタル出力装置320が出力する通信フレームとを照合する。A系デジタル出力装置310の通信フレームとB系デジタル出力装置320の通信フレームとを照合することにより、データ照合の信頼性を向上している。 <Digital output device>
The digital output device 300 includes an A-system digital output device 310, a B-system digital output device 320, a frame matching unit 330, and a SW 331.
The A-system digital output device 310 includes an A-system communication control unit 311 that controls communication between devices, and an A-system output control unit 312 that outputs data to the control target 420. The B-system digital output device 320 includes a B-system communication control unit 321 that controls communication between devices, and a B-system output control unit 322 that outputs data to the control target 420.
The A system communication control unit 311 and the B system communication control unit 321, the A system output control unit 312, and the B system output control unit 322 have a duplex configuration of the A system digital output device 310 and the B system digital output device 320. A communication frame from the communication line 400 is input in parallel to the A-system digital output device 310 and the B-system digital output device 320.
The frame collation unit 330 collates communication frames output from the A-system digital output device 310 and the B-system digital output device 320. By verifying the communication frame of the A system digital output device 310 and the communication frame of the B system digital output device 320, the reliability of data verification is improved.
 以下、上述のように構成された制御システム1の動作について説明する。
[演算装置100の動作(1)]
 まず、制御システム1の演算装置100の動作について説明する。
 図1に示すように、A系通信制御部112およびB系通信制御部122は、入力データを取得するため、デジタル入力装置200に対して入力要求の通信フレームを送出する。 Hereinafter, the operation of the control system 1 configured as described above will be described.
[Operation (1) of Arithmetic Device 100]
First, the operation of the arithmetic device 100 of the control system 1 will be described.
As shown in FIG. 1, the A-system communication control unit 112 and the B-system communication control unit 122 transmit an input request communication frame to the digital input device 200 in order to acquire input data.
 図2は、制御システム1の入力要求に用いる通信フレームフォーマットを示す図である。
 図2に示すように、入力要求の通信フレームフォーマットは、フレームの先頭を示す開始フラグ500と、入力/出力、要求/応答を表すモードエリア501と、送信先アドレス507と送信元アドレス508を含むアドレスエリア502と、入力するデータの大きさを指定するデータサイズエリア503と、フレームの健全性を保障するCRCエリア504と、フレームの終わりを示す終了フラグ505とから構成される。モードエリア501には、入力要求を表すビット506が入る。 FIG. 2 is a diagram showing a communication frame format used for an input request of the control system 1.
As shown in FIG. 2, the communication frame format of the input request includes a start flag 500 indicating the head of the frame, a mode area 501 indicating input / output and request / response, a transmission destination address 507, and a transmission source address 508. The address area 502 includes a data size area 503 that specifies the size of input data, a CRC area 504 that ensures the soundness of the frame, and an end flag 505 that indicates the end of the frame. The mode area 501 contains a bit 506 indicating an input request.
 図1に戻って、演算装置100のA系演算装置110のA系通信制御部112とB系演算装置120のB系通信制御部122が送出した通信フレームは、フレーム照合部130で照合される。フレーム照合部130は、照合結果が一致した場合、A系演算装置110とB系演算装置120とが共に正常動作していると判断し、A系演算装置110の通信フレームを通信回線400へ送出する通信フレーム照合部130は、照合結果が不一致であった場合、A系演算装置110またはB系演算装置120のどちらかの系に異常があると判断し、SW131により遮断(信号送出経路の遮断)して異常な通信フレームが他装置に送出されることを防ぐ。 Returning to FIG. 1, communication frames sent by the A-system communication control unit 112 of the A-system arithmetic device 110 of the arithmetic device 100 and the B-system communication control unit 122 of the B-system arithmetic device 120 are collated by the frame collation unit 130. . When the collation results match, frame collating section 130 determines that both A-system arithmetic device 110 and B-system arithmetic device 120 are operating normally, and sends the communication frame of A-system arithmetic device 110 to communication line 400. The communication frame matching unit 130 determines that there is an abnormality in either the A-system arithmetic device 110 or the B-system arithmetic device 120 when the collation results do not match, and the SW 131 blocks (blocks the signal transmission path). ) To prevent abnormal communication frames from being sent to other devices.
 また、後記するように、演算装置100のA系通信制御部112およびB系通信制御部122は、通信回線400を介してデジタル出力装置300から自装置宛の出力応答フレームを受けると、出力が完了したと判断する。 As will be described later, when the A-system communication control unit 112 and the B-system communication control unit 122 of the arithmetic device 100 receive an output response frame addressed to the self-device from the digital output device 300 via the communication line 400, the output is output. Judge that completed.
[デジタル入力装置200の動作]
 次に、制御システム1のデジタル入力装置200の動作について説明する。
 図1に示すように、デジタル入力装置200のA系通信制御部211およびB系通信制御部221は、通信回線400を介して演算装置100から自装置宛の入力要求フレームを受けると、自系のA系入力制御部213およびB系入力制御部223にデータ取り込み指示を出す。このとき、信号源410からA系デジタル入力装置210、B系デジタル入力装置220それぞれへのデジタル入力信号の伝達時間誤差や、A系デジタル入力装置210とB系デジタル入力装置220が非同期で動作している場合には非同期誤差により、A系デジタル入力装置210とB系デジタル入力装置220の間で取り込んだデータが不一致となる可能性がある。以下、具体的に説明する。 [Operation of Digital Input Device 200]
Next, the operation of the digital input device 200 of the control system 1 will be described.
As shown in FIG. 1, when the A-system communication control unit 211 and the B-system communication control unit 221 of the digital input device 200 receive an input request frame addressed to the own device from the arithmetic device 100 via the communication line 400, The A system input control unit 213 and the B system input control unit 223 are instructed to take in data. At this time, the transmission time error of the digital input signal from the signal source 410 to each of the A system digital input device 210 and the B system digital input device 220 or the A system digital input device 210 and the B system digital input device 220 operate asynchronously. In such a case, the data captured between the A-system digital input device 210 and the B-system digital input device 220 may become inconsistent due to an asynchronous error. This will be specifically described below.
 <伝達時間誤差、非同期誤差による取込データ不一致>
 図3および図4は、伝達時間誤差、非同期誤差による取込データ不一致を示す図である。図3は、伝達時間誤差によりデータ不一致となるケースを示す。なお、図3では、A系デジタル入力装置210とB系デジタル入力装置220の間に非同期誤差がない場合を示している。
 図3に示すように、A系デジタル入力装置210が受け取るデジタル入力データA600と、B系デジタル入力装置220が受け取るデジタル入力データB601とは、A系デジタル入力装置210とB系デジタル入力装置220の伝達時間誤差603の分だけデジタル値変化のタイミングがずれる。デジタル値変化のタイミングとA系/B系の取り込みタイミング602が重なった場合、A系デジタル入力装置210が取り込むデータは“1”、B系デジタル入力装置220が取り込むデータは“0”となり、両者は不一致となる。 <Inconsistency in captured data due to transmission time error and asynchronous error>
FIG. 3 and FIG. 4 are diagrams showing inconsistencies in captured data due to transmission time errors and asynchronous errors. FIG. 3 shows a case where data is inconsistent due to a transmission time error. FIG. 3 shows a case where there is no asynchronous error between the A-system digital input device 210 and the B-system digital input device 220.
As shown in FIG. 3, the digital input data A600 received by the A system digital input device 210 and the digital input data B601 received by the B system digital input device 220 are the same as those of the A system digital input device 210 and the B system digital input device 220. The timing of the digital value change is shifted by the transmission time error 603. When the digital value change timing and the A / B capture timing 602 overlap, the data captured by the A system digital input device 210 is “1”, and the data captured by the B system digital input device 220 is “0”. Are inconsistent.
 図4は、非同期誤差によりデータ不一致となるケースを示す。なお、図4では、A系デジタル入力装置210が受け取るデジタル入力データA604と、B系デジタル入力装置220が受け取るデジタル入力データB605の間に伝達時間誤差がない場合を示している。
 図4に示すように、A系デジタル入力装置210とB系デジタル入力装置220が非同期で動作している場合、A系デジタル入力装置210の取り込みタイミング606とB系デジタル入力装置220の取り込みタイミング607が非同期誤差608の分だけずれる可能性がある。デジタル値変化のタイミングとA系の取り込みタイミング606とB系の取り込みタイミング607が重なった場合、A系デジタル入力装置210が取り込むデータは“0”、B系デジタル入力装置220が取り込むデータは“1”となり、両者は不一致となる。 FIG. 4 shows a case where data is inconsistent due to an asynchronous error. FIG. 4 shows a case where there is no transmission time error between the digital input data A604 received by the A-system digital input device 210 and the digital input data B605 received by the B-system digital input device 220.
As shown in FIG. 4, when the A system digital input device 210 and the B system digital input device 220 are operating asynchronously, the capture timing 606 of the A system digital input device 210 and the capture timing 607 of the B system digital input device 220. May be shifted by the amount of the asynchronous error 608. When the digital value change timing, the A system capture timing 606 and the B system capture timing 607 overlap, the data captured by the A system digital input device 210 is “0”, and the data captured by the B system digital input device 220 is “1”. "And they are inconsistent.
 制御システム1は、このようなデジタル信号入力値の不一致によって生じる照合異常を防ぐために、A系デジタル入力装置210と、B系デジタル入力装置220と、フレーム照合部230と、SW235と、からなるデジタル入力装置200を備える。A系デジタル入力装置210およびB系デジタル入力装置220は、A系とB系で二重化構成されたA系通信制御部211およびB系通信制御部221と、A系入力制御部213およびB系入力制御部223と、を備える。 In order to prevent the collation abnormality caused by the mismatch of the digital signal input values, the control system 1 is a digital unit including the A-system digital input device 210, the B-system digital input device 220, the frame collation unit 230, and the SW 235. An input device 200 is provided. The A-system digital input device 210 and the B-system digital input device 220 include an A-system communication control unit 211 and a B-system communication control unit 221 that are duplicated in the A-system and the B-system, an A-system input control unit 213, and a B-system input. A control unit 223.
 データ取り込み指示を受けたA系入力制御部213およびB系入力制御部223は、二重化されたA系とB系のデジタル信号伝達時間誤差と信号取り込み時間差の合計よりも大きい時間間隔で2回デジタル信号の値を取り込み、2回取り込んだデジタル信号値を保持する。すなわち、A系入力制御部213およびB系入力制御部223は、伝達時間誤差と非同期誤差を足した時間よりも大きい時間間隔を空けて、信号源410からのデジタル信号値の取り込みを2回行う。A系デジタル入力装置210とB系デジタル入力装置220の伝達時間誤差と非同期誤差を足した時間よりも大きい間隔で2回取り込みを行うことにより、1回目取込データと2回目取込データの少なくともどちらか一方は、必ずA系デジタル入力装置210とB系デジタル入力装置220で一致する。
 ただし、前提として、信号源410におけるデジタル信号の変化周期はデータ取込間隔よりも大きく、2回のデータ取込の間に複数回値が変化することはないものとする。
 そして、後記するように、フレーム照合部230は、デジタル信号フレームに付加されたデジタル信号値の一致をデジタル信号の取り込みの回次(ここでは2回)ごとに判定し、デジタル信号値の一致が少なくとも1回あれば各系統間での照合が一致とする。 The A-system input control unit 213 and the B-system input control unit 223 that have received the data capture instruction are digitally transmitted twice at a time interval larger than the sum of the duplexed A-system and B-system digital signal transmission time errors and signal capture time differences. Captures the signal value and holds the digital signal value captured twice. That is, the A-system input control unit 213 and the B-system input control unit 223 capture the digital signal value from the signal source 410 twice with a time interval longer than the time obtained by adding the transmission time error and the asynchronous error. . By performing the capture twice at an interval larger than the sum of the transmission time error and the asynchronous error of the A system digital input device 210 and the B system digital input device 220, at least the first capture data and the second capture data Either one always matches in the A system digital input device 210 and the B system digital input device 220.
However, it is assumed that the change period of the digital signal in the signal source 410 is larger than the data acquisition interval, and the value does not change a plurality of times between two data acquisitions.
Then, as will be described later, the frame matching unit 230 determines whether the digital signal value added to the digital signal frame matches each time the digital signal is captured (here, twice), and the digital signal value matches. If there is at least one time, the matching between each system will be the same.
 以下、図5ないし図8を参照して、1回目取込データと2回目取込データの少なくともどちらか一方(1回)は、A系デジタル入力装置210とB系デジタル入力装置220で一致することを説明する。 Hereinafter, referring to FIG. 5 to FIG. 8, at least one of the first-time acquisition data and the second-time acquisition data (one time) matches between the A-system digital input device 210 and the B-system digital input device 220. Explain that.
 <1回目取込データと2回目取込データの一致>
 図5ないし図8は、取り込みタイミングによるA系とB系のデジタル入力データを示す図である。
 図5は、1回目のデータ取込とデータ変化のタイミングが重なった場合を示す。図5のケースでは、A系の1回目取込時702のデジタル入力データA700は“1”、B系の1回目取込時704のデジタル入力データB701は“0”となり、両者は不一致となるが、A系の2回目取込時703、B系の2回目取込時705はどちらも“1”となる。 <Matching of first and second acquisition data>
5 to 8 are diagrams showing digital input data of the A system and the B system depending on the capture timing.
FIG. 5 shows a case where the timing of the first data acquisition and the data change overlap. In the case of FIG. 5, the digital input data A700 at the time of the first acquisition of the A system 702 is “1”, and the digital input data B701 at the time of the first acquisition of the B system 704 is “0”. However, both the A system second capture 703 and the B system second capture 705 are both "1".
 図6は、1回目取込時と、2回目取込時の間にデータ変化のタイミングがあった場合を示す。図6のケースでは、1回目取込時709,711のデジタル入力データA707とデジタル入力データB708はともに“0”、2回目取込時710,712はともに“1”となり、どちらのタイミングでも両者は一致する。 Fig. 6 shows a case where there is a data change timing between the first acquisition and the second acquisition. In the case of FIG. 6, the digital input data A 707 and digital input data B 708 of the first acquisition 709 and 711 are both “0”, and the second acquisition 710 and 712 are both “1”. Match.
 図7は、2回目のデータ取込とデータ変化のタイミングが重なった場合を示す。図7のケースでは、1回目取込時716,718のデジタル入力データA714とデジタル入力データB715はともに“0”となり、両者は一致するが、A系2回目取込時717のデジタルデジタル入力データA714は“1”、B系2回目取込時719のデジタル入力データB715は“0”となり、両者は不一致となる。 Fig. 7 shows the case where the second data acquisition and data change timing overlap. In the case of FIG. 7, the digital input data A714 and digital input data B715 of 716 and 718 at the first capture are both “0” and they match, but the digital digital input data of 717 at the second capture of the A system. A714 is “1”, and the digital input data B715 at the time of the second acquisition of the B system 719 is “0”.
 図8は、取込時にデータ変化がない場合を示す。図8のケースでは、1回目取込時723,725のデジタル入力データA721とデジタル入力データB722はともに“0”、2回目取込時724,726もともに“0”となり、どちらのタイミング(回次)でも両者は一致する。 Fig. 8 shows the case where there is no data change at the time of capture. In the case of FIG. 8, both the digital input data A721 and digital input data B722 of 723 and 725 at the first capture are “0”, and both 724 and 726 at the second capture are “0”. The next) also agrees.
 このように、正常動作時においては、伝達時間誤差と非同期誤差を足した時間よりも大きい間隔で2回データ取込を行うことにより、1回目取込データ214,224(図1参照)と2回目取込データ215,225(図1参照)の少なくともどちらか一方は、必ず一致する。
 上述の方法により、1回目取込データと2回目取込データは、それぞれデジタル入力装置200のA系入力制御部213およびB系入力制御部223(図1参照)に格納される。 In this way, during normal operation, the first acquisition data 214, 224 (see FIG. 1) and 2 are acquired by performing data acquisition twice at intervals larger than the time obtained by adding the transmission time error and the asynchronous error. At least one of the second acquisition data 215 and 225 (see FIG. 1) always matches.
By the above-described method, the first acquisition data and the second acquisition data are stored in the A system input control unit 213 and the B system input control unit 223 (see FIG. 1) of the digital input device 200, respectively.
 上記データ取り込みが完了すると、デジタル入力装置200のA系通信制御部211およびB系通信制御部221(図1参照)は、1回目取込データ214,224と2回目取込データ215,225の両方とも用いてフレーム生成212,222(図1参照)を行う。 When the data acquisition is completed, the A-system communication control unit 211 and the B-system communication control unit 221 (see FIG. 1) of the digital input device 200 store the first acquisition data 214, 224 and the second acquisition data 215, 225. Both are used to perform frame generation 212, 222 (see FIG. 1).
 <A系通信制御部211およびB系通信制御部221の通信フレーム生成動作>
 図9および図10は、デジタル入力装置200のA系通信制御部211およびB系通信制御部221が生成する通信フレームを示す図である。
 図9は、入力チャンネル数が1の場合を示す。本実施形態において、入力チャンネル数とは、入力するデジタル信号の数をいう。入力するデジタル信号の数は、独立して扱うべきデジタル信号の数であり、デジタル信号の種類が異なる場合が挙げられる。例えば、外部の信号源410が3であれば、入力チャンネル数は3、信号源410が8であれば、入力チャンネル数は8である。
 図9に示すように、入力応答の通信フレームフォーマットは、フレームの先頭を示す開始フラグ800と、入力/出力、要求/応答を表すモードエリア801と、送信先アドレス807と送信元アドレス808を含むアドレスエリア802と、入力データを載せるデータエリア803と、フレームの健全性を保障するCRC(Cyclic Redundancy Code)エリア804と、フレームの終わりを示す終了フラグ805とから構成される。モードエリア801には、入力応答を表すビット806が入り、データエリア803には、Ch0の1回目取込データ809と2回目取込データ810が入る。 <Communication frame generation operation of A-system communication control unit 211 and B-system communication control unit 221>
9 and 10 are diagrams illustrating communication frames generated by the A-system communication control unit 211 and the B-system communication control unit 221 of the digital input device 200. FIG.
FIG. 9 shows a case where the number of input channels is one. In the present embodiment, the number of input channels refers to the number of input digital signals. The number of input digital signals is the number of digital signals to be handled independently, and there are cases where the types of digital signals are different. For example, if the external signal source 410 is 3, the number of input channels is 3, and if the signal source 410 is 8, the number of input channels is 8.
As shown in FIG. 9, the communication frame format of the input response includes a start flag 800 indicating the beginning of the frame, a mode area 801 indicating input / output and request / response, a transmission destination address 807, and a transmission source address 808. An address area 802, a data area 803 in which input data is placed, a CRC (Cyclic Redundancy Code) area 804 that ensures the soundness of the frame, and an end flag 805 that indicates the end of the frame. The mode area 801 contains a bit 806 representing an input response, and the data area 803 contains the first fetch data 809 and second fetch data 810 of Ch0.
 図10は、入力チャンネル数が2の場合を示す。図10に示すように、チャンネル数が2の場合、データエリア811にCh0の1回目取込データ812と、2回目取込データ813と、Ch1の1回目取込データ814と、2回目取込データ815とが入る。
 なお、入力チャンネル数が2より大きい場合も同様の構成となる。例えば、入力チャンネル数が3の場合には、図10のデータエリア811に、さらにCh2が追加され、このCh2に1回目取込データと、2回目取込データとが入る。以下同様に、入力チャンネル数が8の場合には、図10のデータエリア811に、さらにCh7が追加され、このCh7に1回目取込データと、2回目取込データとが入る。 FIG. 10 shows a case where the number of input channels is two. As shown in FIG. 10, when the number of channels is 2, the first capture data 812 of Ch0, the second capture data 813, the first capture data 814 of Ch1, and the second capture are stored in the data area 811. Data 815 is entered.
The same configuration is used when the number of input channels is greater than two. For example, when the number of input channels is 3, Ch2 is further added to the data area 811 in FIG. 10, and the first-time acquisition data and the second-time acquisition data are entered in this Ch2. Similarly, when the number of input channels is 8, Ch7 is further added to the data area 811 in FIG. 10, and the first-time acquisition data and the second-time acquisition data are entered in this Ch7.
 図11ないし図14を参照して、デジタル入力装置200の通信フレーム照合部230の動作について説明する。 The operation of the communication frame verification unit 230 of the digital input device 200 will be described with reference to FIGS.
 <フレーム照合部230の通信フレーム照合動作>
 デジタル入力装置200の通信フレーム照合部230(図1参照)は、A系デジタル入力装置210のA系通信制御部211が生成した通信フレームと、B系デジタル入力装置220のB系通信制御部221が生成した通信フレームを照合する。 <Communication frame verification operation of frame verification unit 230>
The communication frame verification unit 230 (see FIG. 1) of the digital input device 200 includes the communication frame generated by the A system communication control unit 211 of the A system digital input device 210 and the B system communication control unit 221 of the B system digital input device 220. The communication frame generated by is checked.
(入力チャンネル数が1の場合)
 まず、入力チャンネル数が1の場合の通信フレーム照合部912について、図11を用いて説明する。
 図11は、入力チャンネル数が1(Ch0)の場合の通信フレーム照合部912の機能を示す図である。図11の通信フレーム照合部912は、図1のデジタル入力装置200の通信フレーム照合部230と同一構成であり、入力チャンネル数が1の場合の論理を詳細に示している。
 図11に示すように、フレーム照合部912は、A系通信制御部211が生成した通信フレーム900と、B系通信制御部221が生成した通信フレーム901に対して、1回目データ照合902と、2回目データ照合904と、データ以外の照合906との3つの照合を行う。
 ここで、データ照合は、A系とB系の各入力チャンネル毎に、1回目取込データの照合と2回目取込データの照合を行う。入力チャンネル数が1の場合、Ch0において1回目取込データの照合と2回目取込データの照合である。また、後記するように、入力チャンネル数が2の場合、Ch0で1回目取込データの照合と2回目取込データの照合を行うとともに、Ch1で1回目取込データの照合と2回目取込データの照合を行う。 (When the number of input channels is 1)
First, the communication frame matching unit 912 when the number of input channels is 1 will be described with reference to FIG.
FIG. 11 is a diagram illustrating the function of the communication frame verification unit 912 when the number of input channels is 1 (Ch0). The communication frame verification unit 912 in FIG. 11 has the same configuration as the communication frame verification unit 230 of the digital input device 200 in FIG. 1 and shows the logic when the number of input channels is 1 in detail.
As shown in FIG. 11, the frame matching unit 912 performs the first data matching 902 on the communication frame 900 generated by the A-system communication control unit 211 and the communication frame 901 generated by the B-system communication control unit 221. Three collations are performed: a second data collation 904 and a collation 906 other than data.
Here, the data verification is performed by comparing the first acquired data and the second acquired data for each input channel of the A system and the B system. When the number of input channels is 1, the first-time captured data verification and the second-time captured data verification are performed in Ch0. Also, as will be described later, when the number of input channels is 2, the first acquisition data and the second acquisition data are verified at Ch0, and the first acquisition data and the second acquisition are verified at Ch1. Check the data.
 1回目データ照合902は、A系通信フレーム900内の1回目取込データと、B系通信フレーム901内の1回目取込データの照合903を行い、両者のデータが異なる場合には、不一致を出力する。2回目データ照合904は、A系通信フレーム900内の2回目取込データと、B系通信フレーム901内の2回目取込データの照合905を行い、両者のデータが異なる場合には、不一致を出力する。データ以外の照合906は、A系通信フレーム900内のデータエリア以外の部分(モード、アドレス)と、B系通信フレーム901内のデータエリア以外の部分(モード、アドレス)の照合907を行い、両者のデータが異なる場合には、不一致を出力する。 The first data collation 902 performs the collation 903 of the first captured data in the A-system communication frame 900 and the first captured data in the B-system communication frame 901. Output. The second data collation 904 performs the collation 905 between the second captured data in the A-system communication frame 900 and the second captured data in the B-system communication frame 901. Output. Collation 906 other than data performs collation 907 between a portion (mode and address) other than the data area in the A-system communication frame 900 and a portion (mode and address) other than the data area in the B-system communication frame 901. If the data is different, a mismatch is output.
 なお、通信フレーム900のCRCエリアは、通信ケーブル(装置間)のデータ健全性保障のためにフレームに付加されるデータであり、装置内の通信異常を検出するためのデータではないため、照合は行わない。また、CRCエリアは、A系とB系で異なる可能性もある。開始フラグ、終了フラグについても、受信側がフレームを認識するためのフラグであるため、照合は行わない。 Note that the CRC area of the communication frame 900 is data added to the frame to ensure the data integrity of the communication cable (between devices), and is not data for detecting a communication abnormality in the device. Not performed. Also, the CRC area may be different between the A system and the B system. The start flag and the end flag are also flags for the receiving side to recognize the frame, and thus are not verified.
 デジタル入力装置200の通信フレーム照合部912は、3つの照合により得られた結果から、デジタル入力装置の動作が正常であるか、異常であるかを判定する照合結果判定を行う(符号908参照)。
 照合結果判定908では、まず1回目データ照合902と2回目データ照合904の結果に対して、どちらも不一致であった場合に、データ照合が不一致であると判定する(符号909参照)。次に、データ照合の結果(符号909参照)とデータ以外の照合907の結果(符号906参照)のうち、少なくとも一方が不一致であった場合、デジタル入力装置の動作は異常であると判定する(符号910参照)。判定が異常であった場合、SW235(図1参照)を遮断して異常な通信フレームが他装置に送出されることを防ぐ。 The communication frame verification unit 912 of the digital input device 200 performs a verification result determination that determines whether the operation of the digital input device is normal or abnormal from the results obtained by the three verifications (see reference numeral 908). .
In the collation result determination 908, first, when both the results of the first data collation 902 and the second data collation 904 are inconsistent, it is determined that the data collation is inconsistent (see reference numeral 909). Next, when at least one of the result of data collation (see reference numeral 909) and the result of collation 907 other than data (see reference numeral 906) is inconsistent, it is determined that the operation of the digital input device is abnormal ( Reference numeral 910). If the determination is abnormal, the SW 235 (see FIG. 1) is blocked to prevent an abnormal communication frame from being sent to another device.
 図12は、入力チャンネル数が1のときの通信フレーム照合結果判定マトリクスを表にして示す図である。図12中、白丸印(○印)は、照合結果が一致した場合を、また×印は、照合結果が不一致の場合をそれぞれ示す。
 デジタル入力装置200の通信フレーム照合部230(図1参照)は、A系通信制御部211が生成した通信フレームと、B系通信制御部221が生成した通信フレームに対して、1回目データ照合と、2回目データ照合と、データ以外の照合との3つの照合を行う。 FIG. 12 is a table showing a communication frame matching result determination matrix when the number of input channels is 1. In FIG. 12, white circle marks (◯ marks) indicate the case where the matching results match, and x marks indicate the case where the matching results do not match.
The communication frame verification unit 230 (see FIG. 1) of the digital input device 200 performs the first data verification on the communication frame generated by the A-system communication control unit 211 and the communication frame generated by the B-system communication control unit 221. Three collations are performed: a second data collation and a collation other than data.
 例えば、1回目データ照合では、A系通信フレーム内の1回目取込データと、B系通信フレーム内の1回目取込データの照合を行い、両者のデータが異なる場合には、不一致を出力する。2回目データ照合では、A系通信フレーム内の2回目取込データと、B系通信フレーム内の2回目取込データの照合を行い、両者のデータが異なる場合には、不一致を出力する。また、データ以外の照合は、A系通信フレーム内のデータエリア以外の部分)と、B系通信フレーム内のデータエリア以外の部分の照合を行い、両者のデータが異なる場合には、不一致を出力する。 For example, in the first data verification, the first captured data in the A-system communication frame is compared with the first captured data in the B-system communication frame, and if the two data are different, a mismatch is output. . In the second data collation, the second captured data in the A-system communication frame and the second captured data in the B-system communication frame are collated, and if the two data are different, a mismatch is output. In addition, collation other than data is performed by collating the portion other than the data area in the A-system communication frame and the data area other than the data area in the B-system communication frame, and if the two data are different, a mismatch is output. To do.
 これにより、図12の表1に示す照合結果判定マトリクスが得られたとする。
 図12の符号aに示すように、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合との照合結果がいずれも一致した場合は、照合結果判定は「正常」と判定する。
 図12の符号bに示すように、1回目取込データの照合と、2回目取込データの照合との照合結果が一致した場合であっても、データ以外の照合との照合結果が不一致である場合は、照合結果判定は「異常」と判定する。取り込んだデータの種別自体(モード、アドレス)等が異なる場合に該当する。
 図12の符号cに示すように、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合のいずれか一つ、または全部が不一致の場合は、照合結果判定は「異常」と判定する。なお、このような場合の不一致判定は、従来と同様である。 As a result, a matching result determination matrix shown in Table 1 of FIG. 12 is obtained.
As shown by reference sign a in FIG. 12, when the collation results of the first-time captured data collation, the second-time captured data collation, and the collation other than the data match, the collation result determination is “normal. Is determined.
As shown by reference sign b in FIG. 12, even if the collation result between the first-time captured data collation and the second-time captured data collation match, the collation result with the collation other than the data does not match. If there is, the verification result determination is determined as “abnormal”. This corresponds to the case where the type of captured data itself (mode, address) is different.
As shown by reference sign c in FIG. 12, if any one or all of the verification of the first captured data, the verification of the second captured data, and the verification other than the data do not match, the verification result determination is Determined as “abnormal”. In this case, the mismatch determination is the same as in the conventional case.
 図12の符号Aで囲んだ判定マトリクス部分は、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合を行い、1回目取込データと2回目取込データの少なくともどちらか一方(1回)で照合一致し、かつデータ以外の照合が一致となった場合である。本実施形態では、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合を行い、1回目取込データと2回目取込データの少なくともどちらか一方(1回)で照合一致し、かつデータ以外の照合が一致となった場合は、照合結果一致、すなわち正常と判定する。図12の符号Aで囲んだ判定マトリクス部分に着目したものは従来技術にはなく、本制御システム1で初めて実現するものである。信号源410からのデジタル信号をA系とB系に並列に入力する制御システム1において、信号伝達時間誤差や動作周波数の違いによってA系とB系の間でデジタル信号の取り込みタイミングに若干の誤差が発生することはあり得る。この場合、A系とB系がともに正常動作しているにもかかわらず、1回目取込データの照合と、2回目取込データの照合とで照合結果の不一致が発生していた。本実施形態によれば、正常動作時に照合結果が不一致となることを回避することができる。因みに、図12の符号Aで囲んだ判定マトリクス部分は、従来では照合結果の不一致、すなわち異常と判定されていたところである。 The determination matrix portion surrounded by reference character A in FIG. 12 performs the verification of the first acquisition data, the verification of the second acquisition data, and verification other than the data, and compares the first acquisition data and the second acquisition data. This is a case in which at least one of them (one time) matches, and matching other than data matches. In the present embodiment, the first-time captured data is collated, the second-time captured data is collated, and other data is collated, and at least one of the first-time captured data and the second-time captured data (one time). If the collation matches and the collation other than data matches, it is determined that the collation results match, that is, normal. What is focused on the determination matrix portion surrounded by symbol A in FIG. 12 is not present in the prior art, and is realized for the first time by the present control system 1. In the control system 1 that inputs a digital signal from the signal source 410 in parallel to the A system and the B system, there is a slight error in the timing of capturing the digital signal between the A system and the B system due to a difference in signal transmission time error or operating frequency Can occur. In this case, in spite of the normal operation of both the A system and the B system, there is a mismatch in the collation results between the first-time captured data collation and the second-time captured data collation. According to the present embodiment, it can be avoided that the collation results become inconsistent during normal operation. Incidentally, the determination matrix portion surrounded by the symbol A in FIG. 12 has been conventionally determined as a mismatch of the collation results, that is, an abnormality.
(入力チャンネル数が2の場合)
 次に、入力チャンネル数が2の場合の通信フレーム照合部1015について、図13を用いて説明する。
 図13は、入力チャンネル数が2(Ch0,Ch1)の場合の通信フレーム照合部1015の機能を示す図である。図13の通信フレーム照合部1015は、図1のデジタル入力装置200の通信フレーム照合部230と同一構成であり、入力チャンネル数が2の場合の論理を詳細に示している。
 入力チャンネル数が2の場合、Ch0で1回目取込データの照合と2回目取込データの照合を行うとともに、Ch1で1回目取込データの照合と2回目取込データの照合を行い、さらにデータ以外の照合を行う。 (When the number of input channels is 2)
Next, the communication frame matching unit 1015 when the number of input channels is 2 will be described with reference to FIG.
FIG. 13 is a diagram illustrating the function of the communication frame verification unit 1015 when the number of input channels is 2 (Ch0, Ch1). The communication frame verification unit 1015 in FIG. 13 has the same configuration as the communication frame verification unit 230 of the digital input device 200 in FIG. 1, and shows the logic when the number of input channels is two in detail.
When the number of input channels is 2, the first acquisition data and the second acquisition data are verified at Ch0, the first acquisition data and the second acquisition data are verified at Ch1, and further Perform verification other than data.
 1回目データ照合1002は、A系通信フレーム1000内のCh0の1回目取込データと、B系通信フレーム1001内のCh0の1回目取込データとの照合を行うとともに(符号1003参照)、A系通信フレーム1000内のCh1の1回目取込データと、B系通信フレーム1001内のCh1の1回目取込データとの照合を行う(符号1004参照)。すなわち、Ch0の1回目取込データ照合1003とCh1の1回目取込データ照合1004を行い、A系とB系のデータが異なる場合には、不一致を出力する。 The first data collation 1002 collates the first fetch data of Ch0 in the A-system communication frame 1000 with the first fetch data of Ch0 in the B-system communication frame 1001 (see reference numeral 1003). The first acquisition data of Ch1 in the system communication frame 1000 is compared with the first acquisition data of Ch1 in the system B communication frame 1001 (see reference numeral 1004). That is, the first fetched data collation 1003 for Ch0 and the first fetched data collation 1004 for Ch1 are performed, and if the A system and B system data are different, a mismatch is output.
 同様に、2回目データ照合1005は、A系通信フレーム1000内のCh0の2回目取込データと、B系通信フレーム1001内のCh0の2回目取込データとの照合を行うとともに(符号1006参照)、A系通信フレーム1000内のCh1の2回目取込データと、B系通信フレーム1001内のCh1の2回目取込データとの照合を行う(符号1007参照)。すなわち、Ch0の2回目取込データ照合1006とCh1の2回目取込データ照合1007を行い、A系とB系のデータが異なる場合には、不一致を出力する。 Similarly, the second data collation 1005 collates the second fetch data of Ch0 in the A-system communication frame 1000 with the second fetch data of Ch0 in the B-system communication frame 1001 (see reference numeral 1006). ), The second acquisition data of Ch1 in the A-system communication frame 1000 is compared with the second acquisition data of Ch1 in the B-system communication frame 1001 (see reference numeral 1007). That is, the second fetched data collation 1006 for Ch0 and the second fetched data collation 1007 for Ch1 are performed, and if the A system and B system data are different, a mismatch is output.
 さらに、データ以外の照合1008は、A系通信フレーム1000内のデータエリア以外の部分(モード、アドレス)と、B系通信フレーム1001内のデータエリア以外の部分(モード、アドレス)の照合1009を行い、両者のデータが異なる場合には、不一致を出力する。 Further, collation 1008 other than data performs collation 1009 of a portion (mode, address) other than the data area in the A-system communication frame 1000 and a portion (mode, address) other than the data area in the B-system communication frame 1001. If the two data are different, a mismatch is output.
 なお、A系通信フレーム1000およびB系通信フレーム1001のCRCエリアは、通信ケーブル(装置間)のデータ健全性保障のためにフレームに付加されるデータであり、装置内の通信異常を検出するためのデータではないため、照合は行わない。また、CRCエリアはA系とB系で異なる可能性もある。開始フラグ、終了フラグについても、受信側がフレームを認識するためのフラグであるため、照合は行わない。 The CRC areas of the A-system communication frame 1000 and the B-system communication frame 1001 are data added to the frame to ensure the data integrity of the communication cable (between apparatuses), and are used to detect communication abnormalities within the apparatus. Because it is not the data of, it is not verified. Also, the CRC area may be different between the A system and the B system. The start flag and the end flag are also flags for the receiving side to recognize the frame, and thus are not verified.
 照合結果判定1010では、まずCh0の1回目データ照合1003と2回目データ照合1006の結果に対して、どちらも不一致であった場合に、Ch0のデータ照合が不一致であると判定する(符号1011参照)。同様に、Ch1の1回目データ照合1004と2回目データ照合1007の結果に対して、どちらも不一致であった場合に、Ch1のデータ照合が不一致であると判定する(符号1012参照)。 In the collation result determination 1010, first, if the results of the first data collation 1003 and the second data collation 1006 of Ch0 do not match, it is determined that the data collation of Ch0 does not match (see reference numeral 1011). ). Similarly, if both of the results of the first data collation 1004 and the second data collation 1007 of Ch1 do not match, it is determined that the data verification of Ch1 does not match (see reference numeral 1012).
 次に、Ch0データ照合1011、Ch1データ照合1012、データ以外の照合1008のうち、少なくとも一つが不一致であった場合、デジタル入力装置の動作は異常であると判定する(符号1013参照)。判定が異常であった場合、SW235(図1参照)を遮断して異常な通信フレームが他装置に送出されることを防ぐ。
 なお、入力チャンネル数が2より大きい場合も、図13同様の構成でフレーム照合を行う。 Next, when at least one of the Ch0 data collation 1011, the Ch1 data collation 1012, and the collation 1008 other than data does not match, it is determined that the operation of the digital input device is abnormal (see reference numeral 1013). If the determination is abnormal, the SW 235 (see FIG. 1) is blocked to prevent an abnormal communication frame from being sent to another device.
Even when the number of input channels is greater than 2, frame matching is performed with the same configuration as in FIG.
 図14は、入力チャンネル数が2のときの通信フレーム照合結果判定マトリクスを表にして示す図である。図14中、白丸印(○印)は、照合結果が一致した場合を、また×印は、照合結果が不一致の場合をそれぞれ示す。
 図14の符号aに示すように、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合との照合結果がいずれも一致した場合は、照合結果判定は「正常」と判定する。
 図14の符号bに示すように、1回目取込データの照合と、2回目取込データの照合との照合結果が一致した場合であっても、データ以外の照合との照合結果が不一致である場合は、照合結果判定は「異常」と判定する。取り込んだデータの種別自体(モード、アドレス)等が異なる場合に該当する。
 図12の符号cに示すように、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合のいずれか一つ、または全部が不一致の場合は、照合結果判定は「異常」と判定する。なお、このような場合の不一致判定は、従来と同様である。 FIG. 14 is a table showing a communication frame matching result determination matrix when the number of input channels is two. In FIG. 14, white circle marks (◯ marks) indicate the case where the matching results match, and x marks indicate the case where the matching results do not match.
As shown by reference sign a in FIG. 14, when the collation results of the first-time captured data collation, the second-time captured data collation, and the collation other than the data match, the collation result determination is “normal. Is determined.
As shown by reference sign b in FIG. 14, even if the collation results of the first-time captured data collation and the second-time captured data collation match, the collation results with the collation other than the data are inconsistent. If there is, the verification result determination is determined as “abnormal”. This corresponds to the case where the type of captured data itself (mode, address) is different.
As shown by reference sign c in FIG. 12, if any one or all of the verification of the first captured data, the verification of the second captured data, and the verification other than the data do not match, the verification result determination is Determined as “abnormal”. In this case, the mismatch determination is the same as in the conventional case.
 図14の符号A,B,Cで囲んだ判定マトリクス部分は、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合を行い、1回目取込データと2回目取込データの少なくともどちらか一方(1回)で照合一致し、かつデータ以外の照合が一致となった場合である。本実施形態では、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合を行い、1回目取込データと2回目取込データの少なくともどちらか一方(1回)で照合一致し、かつデータ以外の照合が一致となった場合は、照合結果一致、すなわち正常と判定する。 In the determination matrix portion surrounded by reference signs A, B, and C in FIG. 14, the first captured data is collated, the second captured data is collated, and other data is collated, and the first captured data and the second captured data are collated. This is a case where collation coincides with at least one of the captured data (once) and collation other than the data coincides. In the present embodiment, the first-time captured data is collated, the second-time captured data is collated, and other data is collated, and at least one of the first-time captured data and the second-time captured data (one time). If the collation matches and the collation other than data matches, it is determined that the collation results match, that is, normal.
 図13および図14の例(入力チャンネル数が2の場合)では、図11および図12の例(入力チャンネル数が1の場合)に相当する図14の表2に示す符号Aで囲んだ判定マトリクス部分に加えて、さらに図14の符号B,Cで囲んだ判定マトリクス部分においても正常と判定することができる。図14の表2に示す符号A,B,Cで囲んだ判定マトリクス部分は、A系とB系がともに正常動作しているところであり、本来、正常であると判定されるべきところである。因みに、図14の符号A,B,Cで囲んだ判定マトリクス部分は、従来では照合結果の不一致、すなわち異常と判定されていた。本実施形態は、図14の符号A,B,Cで囲んだ判定マトリクス部分の異常判定を救済して正常判定することができる。 In the example of FIGS. 13 and 14 (when the number of input channels is 2), the determination surrounded by the symbol A shown in Table 2 of FIG. 14 corresponding to the example of FIGS. 11 and 12 (when the number of input channels is 1). In addition to the matrix portion, it can be determined that the determination matrix portion surrounded by reference characters B and C in FIG. 14 is normal. The determination matrix portion surrounded by reference signs A, B, and C shown in Table 2 of FIG. 14 is where both the A system and the B system are operating normally, and should be determined to be normal. Incidentally, the determination matrix portion surrounded by reference signs A, B, and C in FIG. 14 has been conventionally determined to be a mismatch of the collation results, that is, abnormal. In the present embodiment, normal determination can be made by relieving the abnormality determination in the determination matrix portion surrounded by the symbols A, B, and C in FIG.
[演算装置100の動作(2)]
 再び、制御システム1の演算装置100の動作について説明する。
 演算装置100のA系通信制御部112およびB系通信制御部122は、通信回線400を介してデジタル入力装置200から自装置宛の入力応答フレームを受けると、フレームからデータを取り出し、A系演算部111およびB系演算部121に演算指示を出す。 [Operation (2) of arithmetic device 100]
Again, operation | movement of the arithmetic unit 100 of the control system 1 is demonstrated.
When the A-system communication control unit 112 and the B-system communication control unit 122 of the arithmetic device 100 receive an input response frame addressed to the own device from the digital input device 200 via the communication line 400, the data is extracted from the frame, Calculation instructions are issued to the unit 111 and the B-system calculation unit 121.
 このとき、図9および図10に示す入力応答フレームに載っているデータ(図9のデータ803、図10のデータ811)のうち、1回目取込データ(図9の1回目取込データ809、図10の1回目取込データ812,814)と2回目取込データ(図9の2回目取込データ810、図10の2回目取込データ813,815)はどちらを使用して演算を行ってもよい。
 A系演算部111およびB系演算部121は、演算が完了すると、演算結果をA系通信制御部112およびB系通信制御部122に通知する。演算結果を受けたA系通信制御部112およびB系通信制御部122は、制御対象420に演算結果を出力するため、デジタル出力装置300に対して出力要求のフレームを送出する。 At this time, out of the data (data 803 in FIG. 9 and data 811 in FIG. 10) included in the input response frame shown in FIGS. 9 and 10, the first acquisition data (first acquisition data 809 in FIG. 9, The first acquisition data 812 and 814 in FIG. 10 and the second acquisition data (second acquisition data 810 in FIG. 9 and second acquisition data 813 and 815 in FIG. 10) are used for calculation. May be.
When the calculation is completed, the A system calculation unit 111 and the B system calculation unit 121 notify the A system communication control unit 112 and the B system communication control unit 122 of the calculation results. Upon receiving the calculation result, the A-system communication control unit 112 and the B-system communication control unit 122 send an output request frame to the digital output device 300 in order to output the calculation result to the control target 420.
 図15は、出力要求に用いる通信フレームフォーマットを示す図である。
 図15に示すように、出力要求の通信フレームフォーマットは、フレームの先頭を示す開始フラグ1100と、入力/出力、要求/応答を表すモードエリア1101と、送信先アドレス1108と送信元アドレス1109を含むアドレスエリア1102と、出力するデータの大きさを指定するデータサイズエリア1103と、出力データを載せるデータエリア1104と、フレームの健全性を保障するCRCエリア1105と、フレームの終わりを示す終了フラグ1106とから構成される。
 モードエリア1101には、出力要求を表すビット1107が入る。A系演算装置110のA系通信制御部112とB系演算装置120のB系通信制御部122が送出したフレームは、フレーム照合部130で照合され、照合結果が一致した場合はA系演算装置110、B系演算装置120ともに正常動作していると判断し、A系演算装置110のフレームを通信回線400へ送出する。照合結果が不一致であった場合は、A系演算装置110、B系演算装置120のどちらかの系に異常があると判断し、SW131を遮断して異常なフレームが他装置に送出されることを防ぐ。 FIG. 15 is a diagram showing a communication frame format used for an output request.
As shown in FIG. 15, the output request communication frame format includes a start flag 1100 indicating the head of the frame, a mode area 1101 indicating input / output and request / response, a transmission destination address 1108, and a transmission source address 1109. An address area 1102, a data size area 1103 for designating the size of data to be output, a data area 1104 for placing output data, a CRC area 1105 for ensuring the soundness of the frame, and an end flag 1106 for indicating the end of the frame, Consists of
The mode area 1101 contains a bit 1107 representing an output request. The frames sent by the A-system communication control unit 112 of the A-system arithmetic device 110 and the B-system communication control unit 122 of the B-system arithmetic device 120 are collated by the frame collation unit 130, and if the collation results match, the A-system arithmetic device 110 and B system arithmetic unit 120 are determined to be operating normally, and the frame of A system arithmetic unit 110 is sent to communication line 400. If the collation results do not match, it is determined that there is an abnormality in either the A-system arithmetic device 110 or the B-system arithmetic device 120, the SW 131 is shut off, and an abnormal frame is sent to the other device. prevent.
[デジタル出力装置300の動作]
 次に、制御システム1のデジタル出力装置300の動作について説明する。
 図1に示すように、デジタル出力装置300のA系通信制御部311およびB系通信制御部321は、通信回線400を介して演算装置100から自装置宛の出力要求フレームを受けると、自系のA系出力制御部312およびB系出力制御部322にデータ出力指示を出す。
 データ出力指示を受けたA系出力制御部312およびB系出力制御部322は、制御対象420に対してデータ出力を行う。出力が完了すると、A系通信制御部311およびB系通信制御部321は演算装置100に対して出力応答フレームを送出する。 [Operation of Digital Output Device 300]
Next, the operation of the digital output device 300 of the control system 1 will be described.
As shown in FIG. 1, when the A-system communication control unit 311 and the B-system communication control unit 321 of the digital output device 300 receive an output request frame addressed to the own device from the arithmetic device 100 via the communication line 400, The A system output control unit 312 and the B system output control unit 322 are instructed to output data.
Upon receiving the data output instruction, the A-system output control unit 312 and the B-system output control unit 322 output data to the control target 420. When the output is completed, the A-system communication control unit 311 and the B-system communication control unit 321 send an output response frame to the arithmetic device 100.
 図16は、出力応答に用いる通信フレームフォーマットを示す図である。
 図16に示すように、出力応答の通信フレームフォーマットは、フレームの先頭を示す開始フラグ1200と、入力/出力、要求/応答を表すモードエリア1201と、送信先アドレス1206と送信元アドレス1207を含むアドレスエリア1202と、フレームの健全性を保障するCRCエリア1203と、フレームの終わりを示す終了フラグ1204とから構成される。モードエリア1201には、出力応答を表すビット1205が入る。 FIG. 16 is a diagram showing a communication frame format used for an output response.
As shown in FIG. 16, the communication frame format of the output response includes a start flag 1200 indicating the head of the frame, a mode area 1201 indicating input / output and request / response, a transmission destination address 1206, and a transmission source address 1207. The address area 1202 includes a CRC area 1203 that ensures the soundness of the frame, and an end flag 1204 that indicates the end of the frame. The mode area 1201 contains a bit 1205 indicating an output response.
 A系デジタル出力装置310のA系通信制御部311(図1参照)とB系デジタル出力装置320のA系通信制御部321が送出した通信フレームは、フレーム照合部330で照合される。フレーム照合部330は、照合結果が一致した場合、A系デジタル出力装置310、B系デジタル出力装置320ともに正常動作していると判断し、A系デジタル出力装置310の通信フレームを通信回線400へ送出する。フレーム照合部330は、照合結果が不一致であった場合、A系デジタル出力装置310、B系デジタル出力装置320のどちらかの系に異常があると判断し、SW331により遮断(信号送出経路の遮断)して異常な通信フレームが他装置に送出されることを防ぐ。 The communication frame sent by the A-system communication control unit 311 (see FIG. 1) of the A-system digital output device 310 and the A-system communication control unit 321 of the B-system digital output device 320 is collated by the frame collation unit 330. When the collation results match, frame collation section 330 determines that both A-system digital output device 310 and B-system digital output device 320 are operating normally, and transmits the communication frame of A-system digital output device 310 to communication line 400. Send it out. If the collation results do not match, the frame collation unit 330 determines that either the A-system digital output device 310 or the B-system digital output device 320 has an abnormality, and the SW 331 blocks (blocks the signal transmission path). ) To prevent abnormal communication frames from being sent to other devices.
 演算装置100(図1参照)のA系通信制御部112およびB系通信制御部122は、通信回線400を介してデジタル出力装置300から自装置宛の出力応答フレームを受けると、出力が完了したと判断する。 When the A-system communication control unit 112 and the B-system communication control unit 122 of the arithmetic device 100 (see FIG. 1) receive the output response frame addressed to itself from the digital output device 300 via the communication line 400, the output is completed. Judge.
 以上説明したように、本実施形態に係る制御システム1は、演算装置100と、デジタル入力装置200と、デジタル出力装置300と、を備え、各装置100,200,300は、通信回線400により接続され、各装置100,200,300間の通信は、フレームによって行われる。デジタル入力装置200は、信号源410からのデジタル信号をA系とB系に並列に入力し、二重化されたA系とB系のデジタル信号伝達時間誤差と信号取り込み時間差の合計よりも大きい時間間隔で少なくとも2回デジタル信号の値を取り込み、2回取り込んだデジタル信号値を保持するA系入力制御部213およびB系入力制御部223と、2回取り込んだデジタル信号値を付加した通信フレームを生成するA系通信制御部211およびB系通信制御部221と、をA系とB系で二重化して備える。また、A系とB系のそれぞれが生成した通信フレームの1回目に取り込んだデジタル信号値と2回目に取り込んだデジタル信号値の少なくともどちらか一方が一致していれば照合一致とみなすフレーム照合部230を備える。 As described above, the control system 1 according to the present embodiment includes the arithmetic device 100, the digital input device 200, and the digital output device 300, and the devices 100, 200, and 300 are connected by the communication line 400. Communication between the devices 100, 200, and 300 is performed using frames. The digital input device 200 inputs the digital signal from the signal source 410 in parallel to the A system and the B system, and has a time interval that is larger than the sum of the double A system and B system digital signal transmission time errors and the signal acquisition time difference. Captures the value of the digital signal at least twice, and generates a communication frame with the A-system input control unit 213 and the B-system input control unit 223 holding the digital signal value captured twice, and the digital signal value captured twice. The A system communication control unit 211 and the B system communication control unit 221 to be duplicated in the A system and the B system are provided. Also, a frame matching unit that is regarded as a matching match if at least one of the first digital signal value and the second digital signal value captured in the communication frame generated by each of the A system and the B system matches. 230.
 上述したように、伝達時間誤差や動作周波数の違いによる非同期誤差によって、二重化された入力制御部のA系、B系の間でデジタル信号の入力値が異なることがある。このデジタル信号入力値不一致によって生じる照合異常を防ぐために、A系入力制御部213およびB系入力制御部223は、伝達時間誤差と非同期誤差を足した時間より大きい間隔を空けて2回デジタル信号の値を取り込み、1回目取込データと2回目取込データをそれぞれ保持する。
 また、A系通信制御部211およびB系通信制御部221は、A系入力制御部213およびB系入力制御部223の保持する1回目取込データと2回目取込データの両方を載せた通信フレームを生成する。
 フレーム照合部230は、二重化されたA系入力制御部213およびB系入力制御部223のそれぞれが生成した通信フレームに対して、1回目取込データの照合と、2回目取込データの照合と、データ以外の照合を行い、1回目取込データと2回目取込データの少なくともどちらか一方で照合一致し、かつデータ以外の照合が一致となった場合は、照合結果一致、すなわち正常と判定する。また、1回目取込データと2回目取込データのどちらも照合不一致となるか、またはデータ以外の照合が不一致となった場合は、照合結果不一致、すなわち異常と判定する。 As described above, the input value of the digital signal may be different between the A system and the B system of the duplexed input control unit due to an asynchronous error due to a transmission time error or a difference in operating frequency. In order to prevent a collation abnormality caused by this digital signal input value mismatch, the A-system input control unit 213 and the B-system input control unit 223 perform the digital signal twice with an interval greater than the time obtained by adding the transmission time error and the asynchronous error. The value is fetched, and the first fetch data and the second fetch data are held.
In addition, the A-system communication control unit 211 and the B-system communication control unit 221 communicate both the first acquisition data and the second acquisition data held by the A system input control unit 213 and the B system input control unit 223. Generate a frame.
The frame collation unit 230 performs first-time captured data verification, second-time captured data verification on the communication frames generated by the duplexed A-system input control unit 213 and B-system input control unit 223, respectively. , Collation other than data is performed, and if at least one of the first captured data and the second captured data is collated and the collation other than the data matches, the collation result is matched, that is, it is determined to be normal. To do. In addition, if both the first-time captured data and the second-time captured data are inconsistent, or the collation other than the data is inconsistent, it is determined that the collation result is inconsistent, that is, abnormal.
 この構成により、A系とB系に二重化され、信号源410からのデジタル信号をA系とB系に並列に入力する制御システムにおいて、A系とB系がともに正常動作している正常動作時に照合結果が不一致となることを回避することができる。因みに、図12の表1に示す符号Aで囲んだ判定マトリクス部分および図14の表2に示す符号A,B,Cで囲んだ判定マトリクス部分は、A系とB系がともに正常動作しているところであり、本来、正常であると判定されるべきところである。本実施形態は、この判定マトリクス部分の異常判定を救済して正常判定するものである。同様の理由で、本実施形態の判定方法を採用したとしても信頼性の低下を招くことはない。 With this configuration, in the control system in which the A system and the B system are duplicated and the digital signal from the signal source 410 is input to the A system and the B system in parallel, both the A system and the B system are operating normally. It can be avoided that the collation results are inconsistent. Incidentally, both the A system and the B system operate normally in the determination matrix portion surrounded by the symbol A shown in Table 1 of FIG. 12 and the determination matrix portion surrounded by the symbols A, B, and C shown in Table 2 of FIG. It should be judged that it is normal. In the present embodiment, the abnormality determination in the determination matrix portion is relieved and the normal determination is made. For the same reason, even if the determination method of this embodiment is adopted, the reliability is not lowered.
(第2の実施形態)
 各装置単体の信頼性をより高めるためには、フレーム照合部をA系、B系の二重化構成とする。
 図17は、本発明の第2の実施形態に係る制御システム2の構成を示す図である。図17は、フレーム照合部を二重化構成とした場合の例である。図1と同一構成部分には同一符号を付して重複箇所の説明を省略する。
 図17に示すように、制御システム2は、演算装置2100と、デジタル入力装置2200と、デジタル出力装置2300と、を備える。演算装置2100とデジタル入力装置2200とデジタル出力装置2300とは、通信回線400により接続され、各装置2100,2200,2300間の通信は、フレームによって行われる。 (Second Embodiment)
In order to further improve the reliability of each device alone, the frame matching unit has a duplex configuration of A system and B system.
FIG. 17 is a diagram showing a configuration of the control system 2 according to the second embodiment of the present invention. FIG. 17 shows an example in which the frame matching unit has a duplex configuration. The same components as those in FIG. 1 are denoted by the same reference numerals, and description of overlapping portions is omitted.
As shown in FIG. 17, the control system 2 includes an arithmetic device 2100, a digital input device 2200, and a digital output device 2300. The arithmetic device 2100, the digital input device 2200, and the digital output device 2300 are connected by a communication line 400, and communication between the devices 2100, 2200, and 2300 is performed by frames.
 制御は、演算装置2100がマスタとなって実施する。まず、演算装置100は、制御演算に必要となる入力データを取得するため、通信回線400を介してデジタル入力装置2200に対して、データの入力要求を行う。データ入力要求を受けたデジタル入力装置2200は、信号源410から入力データの取り込みを行い、通信回線400を介して演算装置2100に対して、取得したデータを応答として出力する。
 演算装置2100は、取得した入力データを元に制御演算を行う。演算装置2100は、演算結果を制御対象420に出力するため、通信回線400を介してデジタル出力装置2300に対して、データ出力の要求を行う。データ出力要求を受けたデジタル出力装置300は、制御対象420に対して受け取ったデータに応じた出力を行い、データ出力が完了したことを通知するため、通信回線400を介して演算装置2100に対して応答を出力する。 The control is performed by the arithmetic device 2100 serving as a master. First, the arithmetic device 100 makes a data input request to the digital input device 2200 via the communication line 400 in order to acquire input data necessary for control arithmetic. Receiving the data input request, the digital input device 2200 takes in the input data from the signal source 410 and outputs the acquired data as a response to the arithmetic device 2100 via the communication line 400.
The arithmetic device 2100 performs control arithmetic based on the acquired input data. The arithmetic device 2100 makes a data output request to the digital output device 2300 via the communication line 400 in order to output the arithmetic result to the control target 420. The digital output device 300 that has received the data output request outputs to the control target 420 according to the received data and notifies the arithmetic device 2100 via the communication line 400 in order to notify the completion of the data output. Output a response.
 演算装置2100は、A系演算装置2110と、B系演算装置2120と、SW2131と、SW2141と、を備える。
 A系演算装置2110は、入力データを元に演算を行うA系演算部111と、装置間の通信を制御するA系通信制御部112と、A系フレーム照合部2130と、を備える。また、B系演算装置120は、入力データを元に演算を行うB系演算部121と、装置間の通信を制御するB系通信制御部122と、B系フレーム照合部2140と、を備える。 The arithmetic device 2100 includes an A-system arithmetic device 2110, a B-system arithmetic device 2120, SW 2131, and SW 2141.
The A system computing device 2110 includes an A system computing unit 111 that performs computation based on input data, an A system communication control unit 112 that controls communication between devices, and an A system frame matching unit 2130. In addition, the B-system arithmetic device 120 includes a B-system arithmetic unit 121 that performs an operation based on input data, a B-system communication control unit 122 that controls communication between the devices, and a B-system frame matching unit 2140.
 演算装置2100の通信フレーム照合部は、A系フレーム照合部2130とB系フレーム照合部2140で二重化され、各々の通信フレーム照合部がA系の通信フレームとB系の通信フレームを照合する。演算装置2100は、A系の通信フレーム照合部2130での照合結果が不一致であった場合、SW2131(SW1)を遮断して異常な通信フレームが他装置に送出されることを防ぐ。演算装置2100は、B系の通信フレーム照合部2140での照合結果が不一致であった場合、SW2141(SW2)を遮断して異常な通信フレームが他装置に送出されることを防ぐ。演算装置2100は、A系の通信フレーム照合部2130とB系の通信フレーム照合部2140がともに照合一致と判定した場合には、正常動作していると判断し、A系の通信フレームを通信回線400へ送出する。 The communication frame verification unit of the computing device 2100 is duplicated by the A system frame verification unit 2130 and the B system frame verification unit 2140, and each communication frame verification unit verifies the A system communication frame and the B system communication frame. When the collation result in the A-system communication frame collation unit 2130 does not match, the arithmetic device 2100 blocks the SW 2131 (SW1) to prevent an abnormal communication frame from being sent to another device. When the collation result in the B-system communication frame collation unit 2140 does not match, the arithmetic device 2100 blocks the SW 2141 (SW2) and prevents an abnormal communication frame from being sent to another device. Arithmetic device 2100 determines that it is operating normally when both A-system communication frame verification unit 2130 and B-system communication frame verification unit 2140 determine that they match, and transmits the A-system communication frame to the communication line. To 400.
 <デジタル入力装置>
 デジタル入力装置2200は、A系デジタル入力装置2210と、B系デジタル入力装置2220と、SW2235(SW1)と、SW2245(SW2)と、を備える。
 A系デジタル入力装置2210は、装置間の通信を制御するA系通信制御部211と、信号源410からデジタル入力データを取り込むA系入力制御部213と、A系フレーム照合部2230と、を備える。また、B系デジタル入力装置220は、装置間の通信を制御するB系通信制御部221と、信号源410からデジタル入力データを取り込むB系入力制御部223と、B系フレーム照合部2240と、を備える。 <Digital input device>
The digital input device 2200 includes an A-system digital input device 2210, a B-system digital input device 2220, SW2235 (SW1), and SW2245 (SW2).
The A-system digital input device 2210 includes an A-system communication control unit 211 that controls communication between devices, an A-system input control unit 213 that captures digital input data from the signal source 410, and an A-system frame matching unit 2230. . The B-system digital input device 220 includes a B-system communication control unit 221 that controls communication between devices, a B-system input control unit 223 that captures digital input data from the signal source 410, a B-system frame verification unit 2240, Is provided.
 デジタル入力装置2200は、A系フレーム照合部2230とB系フレーム照合部2240で二重化され、各々の通信フレーム照合部がA系の通信フレームとB系の通信フレームを照合する。デジタル入力装置2200は、A系の通信フレーム照合部2230での照合結果が不一致であった場合、SW2235を遮断して異常な通信フレームが他装置に送出されることを防ぐ。デジタル入力装置2200は、B系の通信フレーム照合部2240での照合結果が不一致であった場合、SW2245を遮断して異常な通信フレームが他装置に送出されることを防ぐ。デジタル入力装置2200は、A系の通信フレーム照合部2230とB系の通信フレーム照合部2240がともに照合一致と判定した場合には、正常動作していると判断し、A系の通信フレームを通信回線400へ送出する。 The digital input device 2200 is duplexed by an A-system frame matching unit 2230 and a B-system frame matching unit 2240, and each communication frame matching unit collates an A-system communication frame and a B-system communication frame. When the collation result in the A-system communication frame collation unit 2230 does not match, the digital input device 2200 blocks the SW 2235 to prevent an abnormal communication frame from being sent to another device. If the collation result in the B-system communication frame collation unit 2240 does not match, the digital input device 2200 blocks the SW 2245 to prevent an abnormal communication frame from being sent to another device. When both the A-system communication frame matching unit 2230 and the B-system communication frame matching unit 2240 determine that they match, the digital input device 2200 determines that the system is operating normally and communicates the A-system communication frame. Send to line 400.
 <デジタル出力装置>
 デジタル出力装置2300は、A系デジタル出力装置2310と、B系デジタル出力装置2320と、SW2314(SW1)と、SW2324(SW2)と、を備える。
 A系デジタル出力装置2310は、装置間の通信を制御するA系通信制御部311と、制御対象420へデータを出力するA系出力制御部312と、A系フレーム照合部2330と、を備える。また、B系デジタル出力装置320は、装置間の通信を制御するB系通信制御部321と、制御対象420へデータを出力するB系出力制御部322と、B系フレーム照合部2340と、を備える。 <Digital output device>
The digital output device 2300 includes an A-system digital output device 2310, a B-system digital output device 2320, SW2314 (SW1), and SW2324 (SW2).
The A-system digital output device 2310 includes an A-system communication control unit 311 that controls communication between devices, an A-system output control unit 312 that outputs data to the control target 420, and an A-system frame matching unit 2330. The B-system digital output device 320 includes a B-system communication control unit 321 that controls communication between devices, a B-system output control unit 322 that outputs data to the control target 420, and a B-system frame verification unit 2340. Prepare.
 デジタル出力装置2300の通信フレーム照合部は、A系フレーム照合部2330とB系フレーム照合部2340で二重化され、各々の通信フレーム照合部がA系の通信フレームとB系の通信フレームを照合する。デジタル出力装置2300は、A系の通信フレーム照合部2330での照合結果が不一致であった場合、SW2314を遮断して異常な通信フレームが他装置に送出されることを防ぐ。デジタル出力装置2300は、B系の通信フレーム照合部2340での照合結果が不一致であった場合、SW2324を遮断して異常な通信フレームが他装置に送出されることを防ぐ。デジタル出力装置2300は、A系の通信フレーム照合部2330とB系の通信フレーム照合部2340がともに照合一致と判定した場合には、正常動作していると判断し、A系の通信フレームを通信回線400へ送出する。
 このように、本実施形態に係る制御システム2は、演算装置2100、デジタル入力装置2200およびデジタル出力装置2300のフレーム照合部をA系、B系の二重化構成としているので、各装置単体の信頼性をより高めることができる。 The communication frame verification unit of the digital output device 2300 is duplexed by the A system frame verification unit 2330 and the B system frame verification unit 2340, and each communication frame verification unit collates the A system communication frame and the B system communication frame. When the collation result in the A-system communication frame collation unit 2330 does not match, the digital output device 2300 blocks the SW 2314 to prevent an abnormal communication frame from being sent to another device. When the collation result in the B-system communication frame collation unit 2340 does not match, the digital output device 2300 blocks the SW 2324 to prevent an abnormal communication frame from being sent to another device. The digital output device 2300 determines that the A system communication frame collation unit 2330 and the B system communication frame collation unit 2340 are collated and coincides with each other, determines that the digital communication apparatus 2300 is operating normally, and communicates the A system communication frame. Send to line 400.
As described above, in the control system 2 according to the present embodiment, the frame collation units of the arithmetic device 2100, the digital input device 2200, and the digital output device 2300 are configured to be A-system and B-system duplex configurations. Can be further enhanced.
 本発明は上記の実施形態例に限定されるものではなく、特許請求の範囲に記載した本発明の要旨を逸脱しない限りにおいて、他の変形例、応用例を含む。 The present invention is not limited to the above-described embodiments, and includes other modifications and application examples without departing from the gist of the present invention described in the claims.
 また、上記した各実施形態例は本発明をわかりやすく説明するために詳細に説明したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。また、ある実施形態例の構成の一部を他の実施形態例の構成に置き換えることが可能であり、また、ある実施形態例の構成に他の実施形態例の構成を加えることも可能である。また、各実施形態例の構成の一部について、他の構成の追加・削除・置換をすることが可能である。
 また、制御線や情報線は説明上必要と考えられるものを示しており、製品上必ずしもすべての制御線や情報線を示しているとは限らない。実際には殆ど全ての構成が相互に接続されていると考えてもよい。 Each of the above-described embodiments has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described. Further, a part of the configuration of an embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of an embodiment. . Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each exemplary embodiment.
In addition, the control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
 1,2 制御システム
 100,2100 演算装置
 110,2110 A系演算装置
 120,2120 B系演算装置
 130 フレーム照合部
 131,235,331,2131,2141,2235,2245,2314,2324 SW(遮断手段)
 200,2200 デジタル入力装置
 210,2210 A系デジタル入力装置
 211 A系通信制御部
 213 A系入力制御部
 220,2220 B系デジタル入力装置
 221 B系通信制御部
 223 B系入力制御部
 230,330 フレーム照合部
 300,2300 デジタル出力装置
 310,2310 A系デジタル出力装置
 311 A系通信制御部
 312 A系出力制御部
 320,2320 B系デジタル出力装置
 321 B系通信制御部
 322 B系出力制御部
 400 通信回線
 410 信号源
 420 制御対象
 2130,2330 A系フレーム照合部
 2140,2340 B系フレーム照合部 DESCRIPTION OF SYMBOLS 1, 2 Control system 100, 2100 Arithmetic device 110, 2110 A system arithmetic device 120, 2120 B system arithmetic device 130 Frame collation part 131,235,331,2311,1411,235,2245,2314,2324 SW (blocking means)
200, 2200 Digital input device 210, 2210 A system digital input device 211 A system communication control unit 213 A system input control unit 220, 2220 B system digital input device 221 B system communication control unit 223 B system input control unit 230, 330 frame Verification unit 300, 2300 Digital output device 310, 2310 A system digital output device 311 A system communication control unit 312 A system output control unit 320, 2320 B system digital output device 321 B system communication control unit 322 B system output control unit 400 Communication Line 410 Signal source 420 Control target 2130, 2330 A system frame verification unit 2140, 2340 B system frame verification unit

Claims (7)

  1.  信号源からのデジタル信号を取り込んで入力する入力制御部と、前記取り込んだデジタル信号に基づいてデジタル信号フレームを生成する通信制御部とを有する処理装置を、前記信号源に対して並列となるように複数系統を備えるとともに、各系統の前記処理装置における前記デジタル信号フレームを取り込んで系統間での一致を照合するフレーム照合部を備え、
     前記各系統の入力制御部は、前記各系統における前記デジタル信号の伝達時間誤差と信号取り込み時間差の合計よりも大きい間隔で前記デジタル信号を複数回取り込む機能を有し、
     前記各系統の通信制御部は、前記複数回取り込んだ前記デジタル信号の信号値を付加した前記デジタル信号フレームを系統ごとに生成する機能を有し、
     前記フレーム照合部は、前記デジタル信号フレームに付加された前記信号値の一致をデジタル信号の取り込みの回次ごとに判定し、前記信号値の一致が少なくとも1回あれば前記各系統間での照合が一致とする機能を有することを特徴とする制御システム。     A processing device having an input control unit that captures and inputs a digital signal from a signal source and a communication control unit that generates a digital signal frame based on the captured digital signal is arranged in parallel with the signal source. Including a plurality of systems, and a frame verification unit that captures the digital signal frame in the processing device of each system to verify matching between systems,
    The input control unit of each system has a function of capturing the digital signal multiple times at an interval larger than the sum of the transmission time error of the digital signal and the signal capturing time difference in each system,
    The communication control unit of each system has a function of generating the digital signal frame added with the signal value of the digital signal captured multiple times for each system,
    The frame matching unit determines the match of the signal value added to the digital signal frame every time the digital signal is captured, and if there is at least one match of the signal value, the matching between the systems is performed. A control system characterized by having a function of matching.
  2.  前記フレーム照合部は、さらに、前記信号値以外の照合が一致となった場合は、照合結果一致と判定することを特徴とする請求項1に記載の制御システム。 The control system according to claim 1, wherein the frame matching unit further determines that the matching result is matched when matching other than the signal value matches.
  3.  前記フレーム照合部は、前記信号値の一致が少なくとも一回あれば前記各系統間での照合が一致とする場合であっても、前記信号値以外の照合が不一致となったときは、照合結果不一致と判定することを特徴とする請求項1に記載の制御システム。 The frame matching unit, if there is a match between the systems if there is at least one match of the signal value, a match result when a match other than the signal value does not match The control system according to claim 1, wherein it is determined that there is a mismatch.
  4.  前記フレーム照合部は、前記照合結果一致の判定を複数系統の多重化で構成することを特徴とする請求項1ないし請求項3のいずれか一項に記載の制御システム。 The control system according to any one of claims 1 to 3, wherein the frame matching unit configures the matching result matching determination by multiplexing a plurality of systems.
  5.  前記各系統の通信制御部は、各系統がそれぞれ異なるクロックで動作して前記デジタル信号値を取り込むことを特徴とする請求項1に記載の制御システム。 2. The control system according to claim 1, wherein the communication control unit of each system captures the digital signal value by operating each system with a different clock.
  6.  演算装置、入力装置、および出力装置の各装置が通信回線によって接続され、前記各装置間の通信が前記通信フレームによって行われる場合において、
     前記入力装置は、前記各系統の入力制御部、前記各系統の通信制御部、および前記フレーム照合部、を備え、
     前記照合結果が不一致のとき、前記入力装置は、該当する前記通信フレームを他の装置に送出することを防ぐ遮断手段を備えることを特徴とする請求項1に記載の制御システム。     In the case where the arithmetic device, the input device, and the output device are connected by a communication line, and communication between the devices is performed by the communication frame,
    The input device includes an input control unit for each system, a communication control unit for each system, and the frame matching unit.
    The control system according to claim 1, further comprising: a blocking unit that prevents the corresponding communication frame from being sent to another device when the collation result does not match.
  7.  前記遮断手段は、前記通信フレームを他の装置に送出することを防ぐ遮断機能を複数系統の多重化で構成することを特徴とする請求項6に記載の制御システム。
          The control system according to claim 6, wherein the blocking unit comprises a blocking function that prevents the communication frame from being sent to another device by multiplexing a plurality of systems.
PCT/JP2015/074090 2015-08-26 2015-08-26 Control system WO2017033319A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2017536139A JP6471234B2 (en) 2015-08-26 2015-08-26 Control system
GB1721830.6A GB2559681B (en) 2015-08-26 2015-08-26 Control system
PCT/JP2015/074090 WO2017033319A1 (en) 2015-08-26 2015-08-26 Control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/074090 WO2017033319A1 (en) 2015-08-26 2015-08-26 Control system

Publications (1)

Publication Number Publication Date
WO2017033319A1 true WO2017033319A1 (en) 2017-03-02

Family

ID=58101235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/074090 WO2017033319A1 (en) 2015-08-26 2015-08-26 Control system

Country Status (3)

Country Link
JP (1) JP6471234B2 (en)
GB (1) GB2559681B (en)
WO (1) WO2017033319A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019043745A1 (en) * 2017-08-28 2019-03-07 株式会社日立製作所 Analog control device and analog control system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5941066A (en) * 1982-09-01 1984-03-07 Toshiba Corp Method for collating data of controller
JPH11219322A (en) * 1998-02-04 1999-08-10 Babcock Hitachi Kk Duplex instrumentation system and its data collation method
JP2006178730A (en) * 2004-12-22 2006-07-06 Yaskawa Electric Corp Safe signal i/f device and duplicated signal input processing method thereof
JP2007312525A (en) * 2006-05-19 2007-11-29 Hitachi Ltd Digital protection control apparatus
JP2014192796A (en) * 2013-03-28 2014-10-06 Hitachi Ltd Control system, line connection diagnosis method and program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5941066A (en) * 1982-09-01 1984-03-07 Toshiba Corp Method for collating data of controller
JPH11219322A (en) * 1998-02-04 1999-08-10 Babcock Hitachi Kk Duplex instrumentation system and its data collation method
JP2006178730A (en) * 2004-12-22 2006-07-06 Yaskawa Electric Corp Safe signal i/f device and duplicated signal input processing method thereof
JP2007312525A (en) * 2006-05-19 2007-11-29 Hitachi Ltd Digital protection control apparatus
JP2014192796A (en) * 2013-03-28 2014-10-06 Hitachi Ltd Control system, line connection diagnosis method and program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019043745A1 (en) * 2017-08-28 2019-03-07 株式会社日立製作所 Analog control device and analog control system

Also Published As

Publication number Publication date
GB2559681A (en) 2018-08-15
GB2559681B (en) 2021-06-09
GB201721830D0 (en) 2018-02-07
JP6471234B2 (en) 2019-02-13
JPWO2017033319A1 (en) 2018-03-08

Similar Documents

Publication Publication Date Title
US8359529B2 (en) Information processing apparatus and information processing method
US9003271B2 (en) Error detecting device and method of a dual controller system
EP1857937A1 (en) Information processing apparatus and information processing method
US8423835B2 (en) System and method providing fault detection capability
JP4277030B2 (en) Communication control system
US8089372B2 (en) Method for transmission of data for controlling an HVDC transmission installation
US9323605B2 (en) Measured value transmitting device
JP6471234B2 (en) Control system
CN109906609B (en) Method and apparatus for monitoring an image sensor
JP6096693B2 (en) Bulk transmission apparatus, bulk transmission system, and bulk transmission method
US20090106461A1 (en) Information Processing Apparatus and Information Processing Method
JPH02150138A (en) Series controller
CN101098210A (en) Sending device, receiving device, communication control device, communication system, and communication control method
EP3316135B1 (en) Control system
JP2020064382A (en) Storage device and storage method
JPS62293441A (en) Data outputting system
EP2824572B1 (en) Fail safe device and method for operating the fail safe device
JP6059652B2 (en) Signal security control device
JP2008109325A (en) Communication system
JP2007323190A (en) Calculation control system for performing data communication and its communication method
US20140033225A1 (en) Method for monitoring the coordinated execution of sequenced tasks by an electronic card comprising at least two processors synchronized to two different clocks
JP4521722B2 (en) Plant operation control system
JP4441873B2 (en) Input module
JP2021152767A (en) Sensor device and sensor system
JP5921424B2 (en) Data transmission device, data reception device, and bus system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15902288

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017536139

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 201721830

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20150826

WWE Wipo information: entry into national phase

Ref document number: 1721830.6

Country of ref document: GB

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15902288

Country of ref document: EP

Kind code of ref document: A1