Note: Descriptions are shown in the official language in which they were submitted.
64159-1152
RELATED PATENT APPLICATIONS
The present patent application is related to
Canadian Patent Application, Serial No. 2,016,191, entitled
"METHOD FOR CONTROL DATA BASE UPDATING OF A REDUNDANT
PROCESSOR IN A PROCESS CONTROL SYSTEM" by P. McLaughlin et al,
filed on May 7, 1990, and assigned to Honeywell Inc., the
assignee of the present application.
BACKGROUND OF THE INVENTION
This invention relates to an apparatus for
updating a secondary data base of a redundant processor in
a process control system, and more particularly, to an
apparatus for tracking changes of predetermined data of a
primary data base for subsequent updating of a secondary
data base.
Process Control Systems with backup process
controllers such as described and claimed in Vnited States
Patent No. 4,133,027, issued to J. A. Hogan on January
2, 1979, and Vnited States Patent No. 4,141,066, issued to Y.
Keiles on February 20, 1~79, include a backup
controller having a dedicated Random Access Memory
(RAM) and a dedicated Read~Only Memory (ROM). The
backup controller is essentially idle or can be doing
some background tasks, but generally not tasks relating
directly to the process control function. Upon
detection of a failure of one of the primary process
controllers, the data stored in the RAM of the failed
controller must be transferred to the RAM of the backup
controller to perform the operations of tha primary
controller. These sys~ems describe a l:N redundancy
system.
In the present invention, there is provided in a
1:1 redundancy system, an apparatus which captures and
stores predetermined information as the information is
being stored in a primary memory of a primary
controller. The secondary data base of a secondary
device (ie., secondary or backup controller) is updated
periodically with the information stored in the
apparatus of the present invention such that the
updating process does not tie-up or penalize CPU or
processor performance of the primary controller and
utilizes a minimum amount of time. The apparatus of
the present invention captures (and subsequently
updates) only the information which was changed,
Docket No. I2013177 -2- January 4, 1989
'~ .
resulting in a more efficient use of the primary CPU or~
microprocessor, and allows the updating process to be
performed more frequently, and on a real-time basis.
Thus, when a failover condition occurs, the time to get
the secondary controller to take over for a failed
primary controller is substantially minimized.
SUMMARY OF THE IN~ENTION
Therefore, there is provided by the present
invention, an apparatus for collecting predetermined
information being stored in a primary data base for
subsequent updating of a secondary data base. A
process control system includes a primary processor
connected to a primary memory via a bus. The primary
processor transfers data to be stored to said primary
memory. An apparatus of the present invention
connected to the bus, collects predetermined data of
the data being transferred simultaneously with the
transfer of the data to the primary memory. The
predetermined data collected by the apparatus is
subsequently transferred to a backup processor
controller to update the data base of the backup
process controller. The apparatus comprises a storage
element which stores the data collected. A logic unit
controls the operation of the apparatus including the
Docket No. I2013177 -3 January 4, 1989
64159-1152
collectlon of the predetermlned data. A control unlt of the
apparatus transfers the predetermined data stored in the storage
element to the backup process controller.
In accordance wlth the present lnventlon there i8
provided ln a process control system, havlng a prlmary processor
connected to a prlmary memory vla a bus, whereln ~ald primary
processor transfers data to be stored to sald prlmary memory, an
apparatus, connected to sald bus, for collectlng predetermined
data of said transferred data slmultaneously wlth the tr~nsfer of
said data to said prlmary memory, sald predetermlned data
collected by sald apparatus to subsequently update a data base of
a backup process controller, ~aid apparatus comprisingT
a) storage means, for storing the predetermined data
collected7
b) loglc me~n~, operatlvely connected to sald storage means,
for controlllng the operatlon of sald apparatus, lncludlng the
collectlon of the predetermlned data; and
c) control means, operatlvely connected to sald storage means
and to sald loglc means, for transfering the predetermlned data
stored in sald torage means to th0 backup process controller.
In accordance with yet another aspect of the present
lnventlon there 18 provlded an apparatus for slmultaneously
collectlng predetermlned data of data belng transferred on a bus
to a memory to subsequently update a backup memory, sald apparatus
comprlslng,
a) storage means, for storing the predetermlned data;
b~ logic means, connected to the storage means, for
: . .
:
,
64159-1152
controlllng the wrltlng lnto said storage means of said
predetermined data; and
c) control means, connected to sald storage means and to sald
logic mean~, for transferrlng the predetermlned data ~tored ln
sald storage means for stoppage ln the backup memor~.
In accordance wlth the present inventlon there ls
further provlded an apparatus for slmultaneously collectlng
predetermlned data of data belng transferred on a bus to a memory
to subsequently update a backup memory, sald apparatus comprlslng:
a) storage means, for storing the predetermined data; and
b) loglc means, connected to the storage means, for
controlllng the collectlon of said predetermined data.
In accordance with the present inventlon there ls
provlded ln a process control system havlng a prlmary controller
and a back-up controller, each of said controllers havlng a data
base whlch holds information representing the status of said
process control system and lnformatlon representlng the results of
processlng certaln of said status lnformatlon; sald prlmary
controller also havlng a temporary storage elementl a method of
updatlng the data base of the backup controller when the prlmary
controller is performlng control functlons for the process control
system characterlzed by the steps of:
(a) sald prlmary controller performlng sald control functlon~
(b) sald prlmary controller writlng lnformatlon into the data
base thereof, said lnformatlon belng a consequence of the control
functlons in step ~a);
(c) said prlmary controller wrltlng lnto sald ~emporary
4a
64159-1152
storage element certaln of sald informatlon being wrltten lnto
sald data base ln step (b) concurrently wlth sald wrltlng lnto
~aid data baset and
td) sald primary controller in cooperation wlth said back-up
controller tran~ferrlng sald lnformatlon ln sald temporary storage
element to the data base of sald back-up controller.
Accordlngly, lt ls an ob~ect of the present lnventlon to
provlde an apparatus for collecting predetermlned lnformation.
It ls another ob~ect of the present lnventlon to provlde
an apparatus for collectlng predetermlned lnformatlon belng stored
ln a prlmary data base.
It 15 stlll another ob~ect of the present lnventlon to
provlde an apparatus for collectlng predetermlned lnformatlon
belng stored ln a prlmary data bus for subsequent updatlng of a
secondary data base.
These and other ob~ects of the present lnventlon wlll
become more apparent when taken ln con~unctlon wlth the followlng
descrlptlon and attached drawlngs, whereln llke characters
lndlcate llke parts, and whlch drawlngs form a part of the present
appllcatlon.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a block dlagram of a process control
system havlng a redundant controller7
Flgure 2 shows a tlme allocatlon whlch defines a
4b
.
' " '
cycle of the controller:
Figure 3 shows a partial memory map of the primary
memo:ry of the controller of the preferred em~odiment of
the present invention;
Figure 4 shows the packet format of the captured
data in the preferred embodiment of the present
invention;
Figure 5 shows a block diagram of the pximary
controller, with particular emphasis on the preferred
embodiment of the primary tracking unit; and
Figure 6 shows a block diagram of the storage
elements of the preferred embodiment of the present
invention.
DETAILED ~ESCRIPTION
Referring to Figure 1, there is shown a block
diagram of a process control system 10 having redundant
controllers which utilizes the apparatus of the present
invention, and more specifically there is shown a
functional block diagram of a redundant process
controller 20 which includes a primary controller 30
and a secondary controller 40. Although in the
description which follows and the identification given
to the controllers/ the primary controller 30 and the
secondary controller 40, the controllers are
Docket No. I2013177 -5- January 4, 1989
bidirectional, meaning that either of the redundant (or
secondary) controllers can operate fully as a primary
or secondary. The labels identified herein as primary
and secondary are done strictly for purposes of
identification and explanation.
The process control system 10 includes a plant
control network 11 and connected thereto is a data
highway 12 which permits multiple process controllers
to be attached to the data highway 12. The primary
controller 30 includes a primary processor 31, a
primary memory 32, and a primary tracking unit 33.
The secondary controller 40 includes a secondary
processor 41, a secondary memory 42, and a secondary
tracking unit 43. The primary processor 31 and the
secondary processor 41 are each connected to the data
highway 12. Primary processor 31 is connected to its
primary memory 32 and its primary tracking unit 33.
The secondary processor 41 is connected to its
secondary memory 42 and its secondary tracking unit
43. Coupled to the process controller 20 are various
inputs and outputs including analog inputs (A/I~,
analog outputs (A/0), digital inputs (D/I), and digital
outputs (D/0), these inputs and outputs being connected
to various valves, pressure switches, pressure gauges,
thermocouples,... which are used to indicate the current
Docket No. I2013177 -6- January ~, 1989
: '
information or status and to control the process o~ the
process control system. The plant control network 11
can be of the type described in U.S. Patent No.
4,607,256 issued to R. A. Henzel on August 19, 1986,
and assigned to the same assignee as the present
application. Although not shown, it is understood that
the various analog and digital inputs and outputs are
connected via appropriate interface apparatus to the
primary processor 31 and the secondary processor 41.
The tracking unit 33, 43, the apparatus of the present
invention of the present application, will be described
in further detail hereinunder. Before describing the
tracking unit 33, 43, the system which utilizes the
apparatus of the present invention will be described in
order to more readily understand the function and
operation of the tracking unit.
Within the process controller 20, the
determination of which controller 30, 40 is to be the
primary or secondary, is determined by a download
control personality (ie., command information) from the
plant control network ll. At that time one of the
controllers 30, 40 will be the primary controller and
the,other will take the role of the secondary
controller 40, the controllers 30, 40 of the process
controller 20 having already being identified as the
Docket No. I2013177 -7 January ~, 1989
primary controller 30 and the secondary controller 40
in Figure 1, for purposes of description and example;
however, it will be understood that the primary
controller could have been the controller 40 and the
secondary controller could just as well have been the
controller 30. Having thus established the
primary/secondary roles of the controllers 30, 40, the
primary controller 30 performs the control processing
algorithms, which include reading the input data from
the valves, pressure gauges,... , performing
predete~mined calculations and outputting the results.
The data is also stored in the primary memory 32.
There is an area of the primary memory 32 that is
designated as tracked memory (or tracked RAM~. A write
to this area, ie. the tracked RAM will be shadowed by
the primary tracking unit 33. The primary tracking
unit 33 stores predetermined data simultaneously with
the writing of tracked RAM into its own internal
storage unit (not shown) in a predetermined format,
denoted herein as packets. Upon completion of its
processing function for a given time interval, the
primary proce~sor 31 transmits control signals to the
primary tracking unit 33 thereby initiating transfer of
the data stored within the primary tracking unit 33 to
the secondary tracking unit 43. Some control
Docket No. I2013177 -8- January 4, 1989
lnformation is also transferred by the primary
processor 31, ie., header information, byte count, data
type,.... The secondary processor 41 then takes the
data stored in the secondary tracking unit 43 and
~enerates the required information from the information
Ipackets stored in the secondary tracking unit 43, and
updates the secondary memory 42. The secondary
processor 41 accepts these packets, performs integrity
tests and communicates the results of these tests back
to the primary processor 31, extracts the data value,
and calculates the address to store the data value in
the address identified within the information packet of
the secondary memory 42. By performing the update of
the secondary memory in this fashion, there is no
performance penalty in the primary CPU (ie., the CPU
(not shown) of the processor 31) in writing the tracked
memory thereby effectively increasing the bandwidth o~
the processor 31. The CPU utilized in processor 31,
41, in the preferred embodiment is of the Motorola
68000 family.
The primary and secondary controllers 30, 40 can
communicate to each other via three mediums, the data
highway 12, the link 13 between the primary and the
secondary tracking units 33, 43, and the I/O link (not
shown, this link is the path to which the primary
Docket No. I2013177 -9- January 4, 1989
processor 31 and the secondary process 41 are connected
in order to interface with the A/I, A/O, D/I, and
D/0). Via these communication paths, the primary
controller 30 can ensure that the secondary controller
40 is present and operational, and the secondary
controller can test that the primary controller is
operational in order to determine when it (ie., the
controller designated as the secondary) is to assume
the primary status (or mode).
Referring to Figure 2 there is shown an allocation
of time utilized by the primary processor 31. In the
system of the preferred embodiment of the presPnt
invention, a cycle is defined as a time period of one
second and is divided into eight subcycles. Each
subcycle, the processor performs the predetermined
algorithms as mentioned above (referred to in Figure 2
as point processing). The time required for the point
processing is less than the time of the subcycle. Upon
completion of the point processing, the primary
processor 31 initiates the transfer of the tracked data
to the secondary controller 40 (denoted in the figure
as DBA data transfer). From this time frame dia~ram,
it can readily be seen that the data contained in the
data base of the secondary controller 40 is one step
~ie., subcycle) behind the data contained in the data
Docket No. I2013177 -10- January 4, 1989
base of the primary controller 30. (In systems where
every write to the primary memory gets written to the
secondary mamory, then the primary and secondary will
retain the same data base. However, if an error were
to occur, ie., a failure during the transmission of all
of the byte~, then the secondary would have a partial
set of the bytes, ie., inconsistent data.) In the
system of the present invention, as has been mentioned
before, the secondary data base will have complete data
but is one step behind that of the primary.
Referring to Figure 3 there is shown a partial
memory map of the primary memory 32. Included is the
scan data which contains the actual value of the I/O as
read from the valves, pressure gauges,.... The section
marked configuration data includes information
indicating the options which were selected, how points
are configured, what algorithms are running, and the
llke. I~he section indicatin~ process data to be backed
up includes the results of the algorithms. Also
included is information to indicate various functions
going on such as various timers which are set, various
alarms which are set,.... The area of memory mark DBA
Data is the area of primary memory 32 (ie., RAM) that
is designated "tracked memory." A write to this area
of primary memory 32 will be collected (or also
Docket No. I2013177 -11- January 4, 1989
3f~ J
referred to herein as tracked, shadowed, or captured)
by the primary tracking unit 33. The data collected by
the primary tracking unit 33 is format in a predefined
packet, and will be described further hereinunder.
Referring to Figure 4, there i~ shown the format
of the packet generated by the primary tracking unit 33
in the preferred embodiment of the present invention.
The upper and lower data strobe values indicate the
value of the least significant address bit, and the
most significant four address bits can be assured due
to the layout of the tracked memory. The tracked
memory packet is built for every write (byte or word~
to the tracked memory but only while memory tracking is
requested. An important feature of the primary
tracking unit 33 is that there is no performance
penalty in writing to the tracked memory. The method
of effecting the transfer of the changes to the primary
data base from the primary controller 30 the the
secondary controller 40, which utilizes the apparatus
of the present invention, is more fully described in
the aformentioned related application.
Referring to Figure 5, there is a block diagram of
the primary controller 30, and further showing a block
diagram of the preferred embodiment of the primary
tracking unit 33. The primary processor 31 is
Docket No. I2013177 -12- January 4, 1989
connected to the primary memory 33, via a primary
controller bus 301, also referred to herein as a local
bus 301. The primary tracking unit 33 is also
connected to the local bus 301. A ~irst RAM 320 has
its data terminal, D, connected to the data lines of
local bus 301. A second RAM 330 has its data terminal,
D, connected to an output of a multiplexer (MUX), 310,
a first input of the MUX 310 being connected to the
data lines of the local bus 301, and a second input of
the MUX 310 being connected to the address lines of the
local bus 301. A counter 351, which counts the
sequential addresses of the first and second R~M 320,
330, is connected to the first input of MUX 352, and
the second input of MUX 352 is connected to the address
lines of local b~s 301. A token bus controller (TBC)
353, which provides the communication control o~ the
primary tracking unit 33 with the secondary tracking
unit 43, is connected to the local bus 301. An
interface unit 354, connected to TBC 353, is also
connected to link 13, and provides the TBC-to-TBC
interface. The TBC 353 of the preferred embodi~ent of
the preset invention is a Motorola MC68824
Token-Passing Bus Controller.
Tracked data packets are stored in the RAM 320,
330 of the primary tracking unit 33. The three word
Docket No. I2013177 -13- January 4, 1989
h~
packets are not stored sequentially, but in column
format. The primary tracking unit stores the p~ckets
based on the counter 351 of the primary tracking unit
33, which is incremented by one whenever a packet is
stored. This counter 351 is readable by the primary
processor 31 in order to ascertain the quantity of data
to be transferred. In the transfer of data stored in
RAMs 320, 330, the TBCs 353, (ie., of the primary and
secondary tracking unit), pass data such that the data
0 i5 stored in the RAMs of the secondary tracking unit
(not shown). As mentioned above, the structure of the
secondary tracking unit 43 is the same as that of the
primary tracking unit. The control logic 355 is
connected to the local bus 301 and contains logic 357
15 which generates the control signals SELl, SEL2,
CONT1,.... These signals select the first or second
input terminals depending on the function being
performed, ie., tracking (collecting or capturing) data
being written into the primary memory 32 by the primary
processor, or storing data from the RAMs 320, 330 to
the primary memory 32. A CPU 356, connected to local
bus 301, is also included in the control logic 355 to
coordinate control of the tracking unit with the
primary processor 31.
Referring to Figure 6, there is shown a detailed
Docket No. I2013177 -14- January 4, 1989
block diagram of the structure of the storage elements,
the RAMs 320, 330, of the pre~erred embodiment of the
pres,ent invention. MUX 310 is comprised of MUX 1 311,
MUX 2 312, and MUX 3 313. First RAM 320 is comprised
of ~MDl 321, and RAMD2 322. Second ~AM 330 is
comprised of RAMAl 331, RAMA2 332, and RAMA3 333. Each
RAM 321, 322, 331, 332, 333 of the preferred embodiment
is a 32K x 8 bit RAM. Thus RAMD1 321 and RAMD2 322
store the 16-bit data value (shown in Figure 4). RAMAl
331, and RAMA2 332 store the 16-bit address value, and
RAMA3 333 stores word 3 of the packet, ie., three
address bits and the upper/lower strobe bits. A
predefined area of the primary memory 32 (in the
preferred embodiment locations 170000 through l9FFFF,
Hex) contain the data to be captured. When this area
of memory is being written into by the primary
processor 31, the primary tracking unit 33 also
captures the data and address and stores it in a 40-bit
wide memory, ie., word 1 of RAMDl, RAMD2, RAMAl, RAMA2,
and RAMA3, 321, 322, 331, 332, 333, respectively,
referred to as "wide memory." Only 37 bits are used -
16 data, 19 address and two control strobes (the
strobes, UDS and LDS, are necessary to indicate whether
a word or byte is being altered in ~he primary
memory). The wide memory is addressed during this time
Docket No. I2013177 -15- January 4, 1989
by the 15 bit address counter 351. The value of the
counter 351 is incremented by one for each wide write.
Thus wide writes are made sequentially into the wide
memo;ry 37 bits at a time. The counter is initialized
to z~ero by the CPU 3S6 which forms part of the control
logic 355. The CPU 356 can also read the value of the
counter 351. At the completion of data collection
(ie., the point processing time slot), the primary
processor 31 signals the primary tracking unit 33 to
start the transfer to the secondary controller 40, ie.,
the secondary tracking unit 43. The transfer is
effected by the TBC 353. The TBC empties the RAMs in
16 bit wide words ("narrow reads"). When addressing
the RAMs in narrow style, address space lC0000 through
lEFFFF) is used. Because the space is an odd number of
RAMs wide, three banks of 16-bit wide address space is
required although one of them (lE0000 through lEFFFF)
has meaningful data on only its lower byte. The TBC of
the secondary tracking unit receives the data and
performs "narrow writes" into its RAMs. When all the
data has been transferred, the counter 351 is reset,
and the next subcycle begins. During the next
subcycle, the secondary tracking unit control logic
begins emptying the contents of its ~AMs and stores the
data in the secondary memory 42, thereby duplicating
Docket No. I2013177 -16- January 4, 1989
the contents of the data stored in the primary memory
32.
The preferred embodiment of the present invention
utilizes parity checking as an approach to protecting
memory accesses although not shown. It will be
understood by those skilled in the art that other forms
of memory protection can be utilized without departing
from the scope of the present invention, and will not
be described further herein.
While there has been shown what is considered the
preferred embodiment of the present invention, it wi}l
be manifest that many changes and modifications can be
made therein without departing from the essential
spirit and scope of the invention. It is intended,
therefore, in the annexed claims to cover all such
changes and modifications which fall within the true
scope of the invention.
Docket No. I2013177 -17- January 4, 1989
