EP2118708A1 - Système de commande d'un dispositif technique - Google Patents

Système de commande d'un dispositif technique

Info

Publication number
EP2118708A1
EP2118708A1 EP08709010A EP08709010A EP2118708A1 EP 2118708 A1 EP2118708 A1 EP 2118708A1 EP 08709010 A EP08709010 A EP 08709010A EP 08709010 A EP08709010 A EP 08709010A EP 2118708 A1 EP2118708 A1 EP 2118708A1
Authority
EP
European Patent Office
Prior art keywords
redundant
protocol
control system
values
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08709010A
Other languages
German (de)
English (en)
Inventor
Alexej Gerstmaier
Eberhard Schlarb
Guido Steinhauer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP2118708A1 publication Critical patent/EP2118708A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24173One sensor, two I-O channels each for different processor
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24196Plausibility check in channels for correct sequence or result
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25153Checking communication
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25157Checksum CRC

Definitions

  • the invention relates to a control system of a technical installation, which has at least one field device, of which at least two redundant protocol values are provided, which are converted by the control system into a single non-redundant function value.
  • the protocol values are read into a target system via two independent communication links, which is provided with a specially adapted selection logic.
  • the selection logic By means of the selection logic, the respectively correct protocol value is determined, but erroneous protocol values are rejected. To configure this selection logic for each individual case is very time-consuming and error-prone.
  • a control system of a technical installation which has at least one field device, is of the mini- At least two redundant protocol values are provided, which are converted by the control system into a single non-redundant function value, in which at least two redundant communication channels are provided for converting the at least two redundant protocol values, by means of which the associated protocol value is checked for correctness and one as correctly considered protocol value can be passed on.
  • the checking of the correctness of the protocol values is implemented redundantly in two communication channels and, furthermore, the check is shifted to a level below the actual target system or the actual data processing.
  • the solution according to the invention has the advantages that the test overall provides greater security and at the same time can be provided and handled more easily. Due to the redundant design, the test is at least doubled and, moreover, is implemented in a separate software layer, which can be specially adapted to the test requirements and then used again and again independently of the target systems. In addition, with the solution according to the invention, the basis is created in order to be able to realize, in particular, the coupling of the communication channels on the field device as well as on the target system faster and more cost-effectively. This also basic advantage will be explained in more detail below.
  • the at least two redundant communication channels each comprise a driver logic, by means of which the associated protocol value can be provided as a standardized value based on a signal of the field device.
  • the driver logic is used according to the invention to obtain standardized process images, which are subsequently correct and incorrect in their content Values can be checked with a likewise standardized test software.
  • the at least two redundant communication channels according to the invention also advantageously each comprise a judgment logic by means of which the protocol value can be assessed for its correctness.
  • This evaluation logic is according to the invention, in particular due to the standardized process images for all applications substantially the same or similar. Significant cost savings are possible in the preparation and operation of such evaluation logics. In particular, no logic specially configured for the target system for the selection of values has to be created, as was previously the case.
  • the evaluation logic is advantageously provided in the form of a protocol evaluation plug-in for the associated communication channel.
  • the communication channel in this and the other solutions discussed here is advantageously based on a personal computer (PC).
  • the at least two redundant communication channels alternatively or additionally advantageously each have a function logic by means of which the associated protocol value deemed to be correct can be further processed into a function value.
  • the communication channels thus assume further processing tasks, so that overall for the target system an adapted, in particular standardized data provision can also take place with regard to the protocols of connected terminals.
  • the at least two redundant communication channels are coupled to each other with a connection channel by means of which the redundant protocol values between the communication channels can be exchanged alternately. That way, everyone gets the Communication channels are provided with a set of two protocol values, so that they can make a correspondingly sound check for correct and incorrect protocol values on this basis.
  • connection channel is particularly preferably self-redundant.
  • a redundancy for example, a plurality of parallel connection lines can be provided for the connection channel. The security for the above-described exchange of protocol values between the communication channels is thereby substantially increased.
  • the redundant protocol values are preferably exchanged alternately as standardized values by means of the connection channel.
  • the invention provides that concealment logic is provided in the control system, by means of which the redundant protocol values considered correct, which have been further processed in particular into redundant function values, are combined to form a single protocol value or functional value.
  • This protocol value or function value is then provided to the associated target system, which is, for example, a configuration interface.
  • the target system thus does not notice the redundant protocol processing and does not have to be adapted to it.
  • the proposed concealment logic thus obscures the redundancy downwards.
  • the comparison logic allows the redundant protocol values, which have been considered to be correct, to be compared for conformity, in particular to redundant function values. By comparing the log values considered correct, it can be detected if it leads to an undesired decrease in the redundant protocol processing. soft or a mistake came.
  • the protocol processing according to the invention is then subject to further quality assurance.
  • FIG. 1 is a block diagram of a Leitsys- system according to the invention with a connected field device.
  • a control system 10 is shown, to which a field device 12 is connected.
  • the field device 12 is for example a turbine or a generator of a power plant.
  • the field device 12 is connected by means of a first line 14 and a second line 16 to a first communication channel 18 and a second communication channel 20.
  • the communication channels 18 and 20 are designed in the form of a computer module and are provided for checking in each case individual protocol values of a protocol provided redundantly by the field device 12 for its correctness.
  • the protocol values deemed to be correct are forwarded by the communication channels 18 and 20 to a concealment logic 20, which delivers them via a line 24 to a destination system 26.
  • the target system 26 is, for example, a configuration interface for the log values.
  • Each individual communication channel 18 and 20 comprises a driver logic 30 or 32, by means of which the values provided by the field device 12 are converted into standardized protocol values, for example according to the professional bus standard or the INC standard. The converted values are further processed by a judgment logic 34 and 36, respectively.
  • This evaluation logic 34 or 36 is in each case embodied in the form of a largely always the same protocol assessment plug-in, which determines the protocol values processed therein to their correctness. assessed. The evaluation logic 34 or 36 is therefore essentially the same or similar, regardless of the particular application situation of the field device 12.
  • the protocol values judged to be correct are forwarded to a function logic 38 or 40, which are each embodied in the form of a computer component of the associated communication channel 18 or 20 and further process the protocol values deemed to be correct into function values.
  • the functional values of the two communication channels 18 and 20 are then compared with each other by means of a comparison logic within the concealment logic 22. They must be the same if redundant protocol processing has worked correctly until this step.
  • the correct function values reach the target system 26 accordingly, which by the way has not taken any notice of the redundant protocol processing.
  • the protocol values of the one communication channel 18 are exchanged with those of the other communication channel 20.
  • a connecting channel 42 between the communication channels 18 and 20 is specially designed.
  • This connection channel 20 is designed with redundant connection lines 44, 46 and 48.
  • a first protocol image 50 and a second protocol image 52 are obtained in each of the two communication channels 18 and 20.
  • the two log images 50 and 52 can then be evaluated and the correct log values can be passed on.
  • the two evaluation logics 34 and 36 should arrive at the same result, so that, as explained above, the same function values should subsequently be obtained in both communication channels 18 and 20. LIST OF REFERENCE NUMBERS

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

L'invention concerne un système de commande (10) d'un dispositif technique présentant au moins un appareil de terrain (12) fournissant au moins deux valeurs de protocole redondantes, qui sont transformées par le système de commande (10) en une seule valeur fonctionnelle non redondante. Ledit système de commande est pourvu d'au moins deux canaux de communication redondants (18, 20) pour la transformation des deux valeurs de protocole redondantes, les canaux permettant de contrôler la valeur de protocole respective en ce qui concerne son exactitude et de transmettre une valeur de protocole considérée exacte.
EP08709010A 2007-02-15 2008-02-14 Système de commande d'un dispositif technique Withdrawn EP2118708A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200710007537 DE102007007537A1 (de) 2007-02-15 2007-02-15 Leitsystem einer technischen Anlage
PCT/EP2008/051820 WO2008098999A1 (fr) 2007-02-15 2008-02-14 Système de commande d'un dispositif technique

Publications (1)

Publication Number Publication Date
EP2118708A1 true EP2118708A1 (fr) 2009-11-18

Family

ID=39325829

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08709010A Withdrawn EP2118708A1 (fr) 2007-02-15 2008-02-14 Système de commande d'un dispositif technique

Country Status (4)

Country Link
US (1) US8831756B2 (fr)
EP (1) EP2118708A1 (fr)
DE (1) DE102007007537A1 (fr)
WO (1) WO2008098999A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9772617B2 (en) * 2011-06-30 2017-09-26 General Electric Company Systems and methods for function block instantiation
US11258888B2 (en) 2019-11-11 2022-02-22 Cisco Technology, Inc. Parallel redundancy protocol (PRP) using non-overlapping resource unit (RU) groupings on a radio

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658850B1 (en) * 2002-11-05 2003-12-09 General Electric Company Radio frequency communications network for power plant control systems
US7460865B2 (en) * 2003-06-18 2008-12-02 Fisher-Rosemount Systems, Inc. Self-configuring communication networks for use with process control systems
US7203885B2 (en) * 2003-09-30 2007-04-10 Rockwell Automation Technologies, Inc. Safety protocol for industrial controller
DE102004008251A1 (de) * 2004-02-19 2005-09-29 Siemens Ag Intelligente Sensorik/Aktorik mit interner Redundanz
DE502004006409D1 (de) 2004-05-10 2008-04-17 Siemens Ag Verfahren zur einkanaligen Übertragung von redundant vorliegenden Daten
US8233998B2 (en) 2004-11-19 2012-07-31 Fisher-Rosemount Systems, Inc. Secure data write apparatus and methods for use in safety instrumented process control systems
JP3897046B2 (ja) 2005-01-28 2007-03-22 横河電機株式会社 情報処理装置および情報処理方法
US7346469B2 (en) * 2005-03-31 2008-03-18 General Electric Company System and method for sensor data validation
DE102006002824B4 (de) * 2006-01-19 2008-10-09 Phoenix Contact Gmbh & Co. Kg Verfahren und Vorrichtung zur Umwandlung mehrkanalig vorliegender Nachrichten in eine einkanalige sichere Nachricht
US7715433B2 (en) * 2006-07-14 2010-05-11 Boren Gary W Universal controller and signal monitor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008098999A1 *

Also Published As

Publication number Publication date
DE102007007537A1 (de) 2008-08-21
US20090326683A1 (en) 2009-12-31
WO2008098999A1 (fr) 2008-08-21
US8831756B2 (en) 2014-09-09

Similar Documents

Publication Publication Date Title
EP1802019B1 (fr) Détection d'erreurs lors de la transmission de données
DE60309928T2 (de) Verfahren zur erhöhung der sicherheitsintegritätsstufe eines kontrollsystems
WO2015193007A1 (fr) Procédé et système d'obtention et d'analyse de données forensiques dans une infrastructure informatique distribuée
EP1349024A2 (fr) Dispositif de couplage pour coupler des dispositifs à un système de bus
DE202010016362U1 (de) Anordnung mit einer übergeordneten Steuereinheit und zumindest einem mit der Steuereinheit verbindbaren intelligenten Feldgerät
EP3149710B1 (fr) Appareil pour diagnostiquer une véhicule et appareil de communication de données
DE112008003195T5 (de) Elektrischer Schaltkreis mit einem physikalischen Übertragungsschicht-Diagnosesystem
EP2246756A1 (fr) Procédé et appareil de commande destinés à commander un composant d'automatisation industriel orienté vers la protection
EP2613463A2 (fr) Procédé destiné à la surveillance dýun émetteur et émetteur correspondant
EP2856649B1 (fr) Circuit d'entrée de signaux analogiques avec un certain nombre de canaux de détection de signaux analogiques
EP2118708A1 (fr) Système de commande d'un dispositif technique
EP1646919B1 (fr) Systeme de couplage destine a trois systemes de bus
EP2237118B1 (fr) Système de sécurité destiné à sécuriser la commande protégée contre l'erreur d'installations électriques et commande de sécurité équipée de celui-ci
DE102007045509A1 (de) Fahrzeug-Steuereinheit mit einem Versorgungspannungsüberwachten Mikrocontroller sowie zugehöriges Verfahren
DE102005037723B4 (de) Steuerungseinheit für Verbundbetrieb
DE102017217301A1 (de) Verfahren und Vorrichtung zum unmittelbaren und rückwirkungsfreien Übertragen von Log-Nachrichten
EP2741451B1 (fr) Procédé de liaison d'un module matériel sur un bus de terrain
EP1972107B1 (fr) Appareil de protection ou de commande
DE102013213402A1 (de) Mikrocontroller mit mindestens zwei Kernen
DE3009355C2 (de) Redundante Rechenanlage
DE102021127310B4 (de) System und Verfahren zur Datenübertragung
DE10252109B4 (de) Verfahren zur Parametrierung
EP1168853A2 (fr) Méthode de contrôle de fonctions et de réparation externes d'appareils tv, vidéo et/ou hifi, et dispositif associé
EP3459204B1 (fr) Procédé de mise en oeuvre d'une capacité à diagnostiquer de dispositifs de commande non automobiles dans un environnement automobile
DE102016208869A1 (de) Verfahren zum Betreiben einer Datenverarbeitungsvorrichtung für ein Fahrzeug

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090703

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20100615

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160901