JP2019016170A - Controller device, and synchronization method of dual system - Google Patents

Abstract

To provide a controller device and a synchronization method of a dual system capable of suppressing increase in execution time of a control application, and maintaining periodic control of a control target device even when switching between a control system and a standby system, in the dual system of the controller device.SOLUTION: A controller device 10A constitutes a dual system 1 together with another controller device 10B. The controller device 10A comprises a control execution part 130 executing control processing for a control target device 30 in a predetermined control cycle, and a plan receiving part 110 receiving input data transmitted from the outside (for example, a plan server 20) at a timing different from the control cycle. When the plan receiving part 110 receives the input data, the control execution part 130 sets the input data to the controller device 10A, and applies the input data to actual control processing after confirming that the input data is set in both the controller devices 10A, 10B.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a controller device and a synchronization method of a duplex system, and more particularly to a controller device that switches a system when an abnormality occurs in a control system that controls a control target device and a synchronization method of a duplex system. Is preferred.

  Conventionally, a controller device is also called a sequence control device, a motion control device, a programmable logic controller (PLC) or a PC-based controller, and includes a ladder logic (LD language), a sequential function chart (SFC language). ), Function block (FBD language), structured text (ST language), instruction list (IL language) and other programming languages specific to the control device, C language used in general-purpose PCs, etc. The And the application program which performs such control content is called a control application.

  Further, such a controller device has a control system in which a first CPU module is a control system and a second CPU module is a standby system among two CPU modules in a system or the like that requires a high degree of reliability. When an abnormality occurs in the first CPU module, the redundant CPU system may be configured to prevent system down by switching the second CPU module, which is a standby system, to the control system. In such a duplex system, it is necessary to perform “synchronization” that guarantees that the first CPU module and the second CPU module execute the same program with the same contents.

  Here, in a typical controller device, the control application is executed in a fixed cycle, thereby performing a fixed cycle control on the control target device connected to the controller device. Specifically, in each cycle, input (input) from an IO module or the like, execution of control contents described in a control application, and output (output) of an execution result of control contents to an IO module or the like are performed. The When a duplex system is constituted by this typical controller device, it is confirmed that the input is the same between the first CPU module and the second CPU module between the input and execution of the control contents. Further, synchronization can be realized by performing life monitoring between the execution of the control and the output and confirming which one executes the output process as the control system.

  Further, Patent Document 1 discloses a duplex programmable controller that can be expected to suppress an increase in the execution time of a control application rather than a method for synchronizing a duplex system using the above typical controller device.

  Specifically, in Patent Document 1, in the first CPU module (CPU unit), execution contents such as an interrupt instruction in the control application are stored as synchronization information in association with the first program counter value. It is disclosed that data is transmitted from one CPU module to a second CPU module, and the second CPU module executes a control application based on this synchronization information. In this way, the second CPU module can follow and execute the control application having the same content as the first CPU module. According to the duplex programmable controller disclosed in Patent Document 1, the synchronization is synchronized. The increase in the execution time of the control application due to the increase in the time for communicating the control information can be suppressed.

JP 2014-137795 A

  However, the duplex programmable controller disclosed in Patent Document 1 is created by executing the control application in the first CPU module, although it can suppress an increase in the execution time of the control application due to an increase in the time for communicating the synchronization information. Since the second CPU module follows the synchronized information and executes the control application, the first CPU module and the second CPU module have a difference in the execution time (execution timing) of the control application. It will occur. For this reason, there is a problem that the fixed-cycle control for the device to be controlled may be disrupted when the control system and the standby system are switched when a failure occurs.

  The present invention has been made in consideration of the above points, and in a duplex system using a controller device that periodically controls a device to be controlled, suppresses an increase in the execution time of a control application and switches between a control system and a standby system. It is an object of the present invention to propose a controller device capable of maintaining constant cycle control of a control target device even at times, and a synchronization method of a duplex system.

  In order to solve such a problem, in the present invention, a controller device that controls a control target device and can configure a duplex system together with another controller device to be duplexed, and receives a plan input unit that receives input data from the outside And a control execution unit that executes a control process for the control target device at a predetermined control cycle, and when the plan reception unit receives input data input at a timing different from the control cycle, The control execution unit sets the input data received by the plan receiving unit in the own controller device, and confirms that the input data is set in both the own controller device and the other controller device. When the duplication operation process is performed and the confirmation in the duplication operation process is obtained, the input data is applied to the control process. The controller device is provided which is characterized in that.

  Further, in order to solve such a problem, in the present invention, there is provided a duplex system synchronization method by a controller device that controls a control target device and can configure a duplex system together with another controller device to be duplexed. The apparatus includes a plan receiving unit that receives input data from the outside, and a control execution unit that executes a control process for the control target device at a predetermined control cycle, and a timing different from the control cycle from the outside. When the input data is input, the data receiving step in which the plan receiving unit receives the input data, and the control execution unit sets the input data received by the plan receiving unit in its own controller device. A data setting step, and the control execution unit is configured such that the own controller device and the other controller device On the other hand, a duplexing operation processing step for confirming that the input data has been set, and the control execution unit applies the input data to the control processing when confirmation in the duplexing operation processing step is obtained. And a data application step. A method of synchronizing a duplex system is provided.

  ADVANTAGE OF THE INVENTION According to this invention, in the duplication system of a controller apparatus, while suppressing the increase in the execution time of a control application, even when switching the control system and standby system of a controller apparatus, the fixed period control of a control object apparatus can be maintained. .

It is a figure which shows an example of a function structure of the duplex system comprised by the controller apparatus which concerns on this Embodiment. It is a figure which shows an example of the hardware constitutions of the duplex system shown in FIG. It is a figure for demonstrating an example of the table structure of data matching information. It is a figure for demonstrating the structural example of an operation state management table. It is a figure for demonstrating the structural example of a flag management table. It is a figure for demonstrating the structural example of a data management table. It is a flowchart which shows an example of the process sequence of a control execution process. It is a flowchart which shows an example of the process sequence of a duplication process. It is a figure for demonstrating the state transition of the operation state in a duplex system. It is a flowchart which shows an example of the process sequence of a single operation process. It is a flowchart which shows an example of the process sequence of a duplication operation | movement process. It is a flowchart which shows an example of the process sequence of a synchronous data transmission process. It is a flowchart which shows an example of the process sequence of a synchronous data reception process. It is a flowchart which shows an example of the process sequence in synchronous data reception. It is a flowchart which shows an example of the process sequence in output data writing. It is a flowchart which shows an example of the process sequence of a plan data setting process.

  Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.

  First, before describing an embodiment of the present invention, control required for synchronization between controller devices when a dual system is configured by two conventional typical controller devices will be described. .

As described in the background art of this specification, in a typical controller device, a control application is executed at a fixed cycle, thereby performing a fixed cycle control on a control target device connected to the controller device. Specifically, the following processes (i) to (iii) are executed in order every cycle.
(I) Input of information from IO module or fieldbus (input)
(Ii) Execution of control contents described in control application (iii) Output of execution result of control processing to IO module or fieldbus (output)

  When a duplex system is configured by using such two controller devices, the same calculation result is always obtained by performing control processing using the same input at the same timing in both of the two controller devices. It becomes possible. Specifically, during the processes (i) and (ii), it is confirmed that the inputs in both controller devices are the same, and during the processes (ii) and (iii), the life and death are monitored. If it is possible to confirm which is executing the output as the control system, synchronization of the duplex system can be realized.

  Here, regarding the input of (i) above, if the information input from the IO module or the field bus is performed in synchronization with the control processing by the periodic control cycle, the same input information is used by the two controller devices. Can be obtained, it is possible to estimate that the inputs are always the same without confirmation by synchronized communication or the like. Specifically, for example, when EtherCAT, which is one of the fieldbus protocols, is used, if two controller devices and a control target device (slave device) are connected via a switching hub, input data from the control target device Is transmitted to the broadcast address of Ethernet (destination MAC address is “FF: FF: FF: FF: FF: FF”), the same input can be acquired simultaneously by two controller devices.

  However, it is conceivable that the input (i) is input from the outside at a timing different from the control cycle of the control process. Specifically, for example, reception of plan information (plan data) instructing a change in setting to the control target device from the host system, reception of sensor notification from the control target device, or the like. In order to maintain the constant cycle control for the control target device even when switching between the control system and the standby system, for the input at a timing different from the control cycle, setting to the controller device based on the input, and Application to a control target device needs to be performed in a situation where input data is matched in a duplex system. Furthermore, since it is also required to suppress an increase in the execution time of the control application, it has been difficult to construct a duplex system that satisfies these requirements with a conventional typical controller device.

  Based on such a situation, the present invention makes the inputs coincide between the controller devices constituting the duplex system even if the input is performed at a timing different from the control cycle of the control processing as described above. Proposes a duplex system that can be safely reflected in fixed-cycle control processing and can maintain the fixed-cycle control of the control target device even when the control system of the controller device and the standby system are switched. One embodiment will be described below.

(1) Configuration of Redundant System (1-1) Functional Configuration FIG. 1 is a diagram illustrating an example of a functional configuration of a redundant system configured by a controller device according to the present embodiment.

  As shown in FIG. 1, the duplex system 1 includes two controller devices 10 (individually, controller devices 10A and 10B). The controller devices 10A and 10B may have the same functional configuration and hardware configuration, and in the following, the detailed configuration of one controller device 10A will be described, and the description of the configuration of the other controller device 10B will be omitted. Further, in the present embodiment, unless otherwise specified, in the duplex system 1, the controller device 10A mainly operates as a control system, and the controller device 10B operates as a standby system.

  First, the controller devices 10A and 10B are communicably connected to the planning server 20 via the information control network 40 (40A and 40B), and a synchronization communication path 140 is used between the controller device 10A and the controller device 10B. It is connected so that it can communicate. For example, an Ethernet cable or the like is used for each connection cable. The plan server 20 is, for example, a host system, and includes a plan transmission unit 210 that transmits plan information such as setting changes to the controller device 10 (10A, 10B). The transmission of the plan information (plan data) by the plan transmission unit 210 is not related to the control cycle of the control processing in the controller devices 10A and 10B, and is performed at a unique timing (different timing).

  Each controller device 10A, 10B is connected to the control target device 30 (individually, the control target devices 30A, 30B, 30C,...) Via the field bus 50 so as to be communicable. Specifically, the control target device 30 is, for example, an inverter, a servo motor, or the like, and operates under the control of the controller devices 10A and 10B. Controller device 10A, 10B can perform the control process with respect to the control object apparatus 30 with a predetermined | prescribed control period (for example, fixed period). In the duplex system 1, the controller device 10 </ b> A of the control system actually executes control processing for the control target device 30. As the connection cable, an Ethernet cable or the like is used. Although details will be described later with reference to FIG. 2, input data from each control target device 30 to the controller devices 10A and 10B is performed by broadcast transmission of Ethernet (registered trademark), and the controller devices 10A and 10B are simultaneously the same. Input can be obtained.

  As illustrated in FIG. 1, the controller device 10 </ b> A includes a plan receiving unit 110, data matching information 120, and a control execution unit 130.

  The plan receiving unit 110 receives the plan information transmitted from the plan transmitting unit 210 of the plan server 20 and registers the received plan information in the data matching information 120. The plan receiving unit 110 also has a function of confirming whether or not the plan information has been reflected in the control processing in the controller device 10 </ b> A and notifying the plan server 20.

  The data matching information 120 is information necessary for controlling duplexing of the duplexing system 1 (synchronization with the controller device 10B) on the controller device 10A side, and the plan reception unit 110 and the control execution unit 130 (in more detail). Is stored in a memory (shared memory) accessible from both of the data matching processing unit 133) described later. As will be described later with reference to FIG. 3, the data matching information 120 includes, for example, an operation state management table 121, a flag management table 122, and a data management table 123.

  The control execution unit 130 is a processing unit that executes general control processing in the controller device 10. When the plan receiving unit 110 receives input data (for example, plan data) from the outside, control based on the input data is performed. Perform execution processing. As shown in FIG. 1, the control execution unit 130 includes a control application 131 and a duplex processing unit 132. The specific contents of the control execution process will be described later with reference to FIG.

  The control application 131 is set with a control cycle, control content (control logic), information on input / output data, parameters necessary for processing by the duplex processing unit 132, and the like, and is executed by the control execution unit 130.

  The duplexing processing unit 132 performs processing (duplexing processing) related to control of duplexing operation (synchronization) among the control execution processing performed by the control execution unit 130. The duplexing processing unit 132 can be classified into a data matching processing unit 133, a life / death monitoring unit 134, a state management unit 135, and a synchronization communication unit 136 based on detailed processing responsibility in the duplexing processing. Specifically, the data matching processing unit 133 is in charge of processing for matching data with the duplexing partner (data matching processing), and the life and death monitoring unit 134 is monitoring the life and death with the duplexing partner. The state management unit 135 is in charge of processing relating to management of the duplex operation state. Further, the synchronization communication unit 136 is responsible for transmission / reception of the synchronization data performed via the synchronization communication path 140 in the data matching process.

(1-2) Hardware Configuration FIG. 2 is a diagram illustrating an example of a hardware configuration of the duplex system illustrated in FIG.

  As shown in FIG. 2, the controller device 10 (10A, 10B) has a CPU (Central Processing Unit) 11, a main storage device 12, an auxiliary storage device 13, and a network I / F 14 (14a, 14b, 14c) as a bus. 15 are connected to each other. The controller device 10 is a computer having a function of, for example, a PLC (Programmable Logic Controller).

  The CPU 11 is a processor that performs overall control of the controller device 10 (for example, the controller device 10A). The main storage device 12 is a storage device that can be directly accessed by the CPU 11. Specifically, the main storage device 12 is a RAM (Random Access Memory), a ROM (Read Only Memory), or the like. The auxiliary storage device 13 is a secondary storage device, specifically, an HDD (Hard Disk Drive), a flash memory, or the like. The CPU 11 expands the operating system (OS), various programs, and various files stored in the auxiliary storage device 13 to the main storage device 12, and executes various calculations. The network I / F 14 is an interface for network communication, and transmits / receives information to / from other devices according to a predetermined procedure using an Ethernet cable or the like. Specifically, the network I / F 14a enables communication with the planning server 20 via the information control network 40 (for example, the information control network 40A), and the network I / F 14b is a duplex target via the synchronization communication path 140. Communication with the controller device 10 (for example, the controller device 10B) is enabled, and the network I / F 14c enables communication with the control target device 30 (30A, 30B, 30C) via the switching hub 51.

  In such a controller device 10, when the correspondence between the hardware configuration and the functional configuration (see FIG. 1) is exemplified, the plan receiving unit 110 is realized by the function of the OS executed by the CPU 11 and the like, and the control execution unit 130 is the CPU 11 It is realized by the function of the PLC executed by, for example. The data matching information 120 is stored in, for example, the main storage device 12, and is stored in a storage area that can be accessed by any of the functions of the OS and the PLC.

  The planning server 20 is configured by connecting a CPU 21, a main storage device 22, an auxiliary storage device 23, an input device 24, an output device 25, and a network I / F 26 (26 a, 26 b) to each other via a bus 27.

  The plan server 20 is, for example, a host system computer, and each of the above-described configurations may be considered as a component of a general computer. Specifically, for example, the CPU 21 develops an operating system (OS), various programs, and various files stored in the auxiliary storage device 23 in the main storage device 22 and executes various calculations and the like. An input device 24 such as a keyboard or a mouse receives information based on an input operation from the user, and an output device 25 such as a monitor or a speaker outputs information to the user. The network I / F 26 is an interface for network communication, and transmits / receives information to / from other devices according to a predetermined procedure using an Ethernet cable or the like. Specifically, the network I / F 26a enables communication with the controller device 10A via the information control network 40A, and the network I / F 26b enables communication with the controller device 10B via the information control network 40B.

  Moreover, the switching hub 51 is arrange | positioned between controller apparatus 10A, 10B and the control object apparatus 30 (30A, 30B, 30C). In the present embodiment, for example, EtherCAT is used as the fieldbus communication protocol. At this time, as shown in FIG. 2, the controller devices 10A and 10B and the control target device 30 are connected via the switching hub 51 with an Ethernet cable. It can be configured by connecting.

(1-3) Supplementary Configuration Here, the details of the data matching information held in the controller device 10 described above will be supplemented.

  FIG. 3 is a diagram for explaining an example of a table structure of data matching information. The data matching information 120 holds a plurality of information tables necessary for duplex (synchronization) control. Specifically, in the example of FIG. 3, the data matching information 120 includes an operation state management table 121 that manages the operation state of duplication, and a flag management table 122 that manages various flags used in duplication (synchronization) processing. , And a data management table 123 that manages information about some of the variables handled by the control application 131.

  FIG. 4 is a diagram for explaining a configuration example of the operation state management table. In the example of FIG. 4, the operation state management table 121 has an operation state 1211 item. The operation state 1211 records the operation state of duplication in the controller device 10 (for example, the controller device 10A) that holds the table. Specific operating states include, for example, “Bootup”, which means initializing, “Standalone”, which means that it is operating independently, and that it is operating in the control system (main system) "Active" to be active, and "Standby" to mean that the system is operating in the standby system (secondary system). The operation state management table 121 is mainly referred to in the duplex processing (FIG. 8).

  FIG. 5 is a diagram for explaining a configuration example of the flag management table. In the example of FIG. 5, the flag management table 122 includes items of a flag name 1221 and a value 1222. Various flags relating to data matching (for example, a data matching flag, a transmitted flag, and a received flag) are registered in advance in the flag name 1221, and values of various flags are recorded in a value 1222.

  More specifically, in this example, the “data matching flag” is “true (data matching is required / in progress)” or “false (data) for the execution state of the data matching process (synchronization process). This value is set to “true” when the plan information is received from the plan server 20. The “sent flag” indicates whether or not the data matching command has been sent to the duplex target by a value of “true (sent)” or “false (not sent)”. “Received flag” indicates whether or not the data matching command has been received from the duplication target by a value of “true (received)” or “false (not transmitted)”.

  When all the flag values of “data matching flag”, “sent flag”, and “received flag” are “true” in the flag management table 122, data matching in the duplex system 1 is performed. This means that the controller device 10 can apply control (for example, setting change) based on the plan information received from the plan server 20 to the control target device 30 that is a slave device. In this example, in such a case, a process of resetting all the flag values in the flag management table 122 to “false” is performed (step S510 in FIG. 12, step S609 in FIG. 13).

  Therefore, the flag management table 122 is referred to and written in the synchronized data transmission process (FIG. 12), the synchronized data reception process (FIG. 13), the plan data setting process (FIG. 16), and the like.

  FIG. 6 is a diagram for explaining a configuration example of the data management table. In the example of FIG. 6, the data management table 123 includes items of a variable name 1231, a data type 1232, a temporary variable value 1233, and a matching target flag 1234. The variable name 1231 describes variables that can be set from the plan server 20 among the variables handled by the control application 131. The data type 1232 is a data type of a variable described in the variable name 1231. Specifically, for example, a data type of a programming language defined in IEC 61131-3 which is a standard for PLC is described. The temporary variable value 1233 holds the set value of the plan data transmitted from the plan server 20 for a period until the variable value is shared between the controller devices 10 (10A, 10B) constituting the duplex system 1. . The matching target flag 1234 describes a flag value for designating whether or not the corresponding variable is a data matching target. Specifically, for example, “true (target)” or “false ( Not specified) ”. The data management table 123 is referred to and written in the synchronized data transmission process (FIG. 12) and the plan data setting process (FIG. 16).

(2) Control execution process The control execution process executed by the control execution unit 130 will be described in detail. As described above, the control application 131 is preset with a control cycle, control contents (control logic), information on input data and output data, parameters necessary for processing by the duplex processing unit 132, and the like. A control execution process is performed by the control execution unit 130 executing the control application 131 while referring to the parameters.

  FIG. 7 is a flowchart illustrating an example of a processing procedure of the control execution process. The control execution process by the control execution unit 130 is executed at regular intervals, and FIG. 7 illustrates an outline of the processing contents for one period.

  As shown in FIG. 7, the control execution unit 130 first reads input data (plan data) set in the control application 131 from the data matching information 120 (step S101), and uses the read plan data. Then, the control logic described in the control application 131 is executed (step S102). Through the processing in steps S101 and S102, the plan information (plan data) received by the plan receiving unit 110 is set in the controller device 10A (more specifically, the control application 131).

  Next, the control execution unit 130 calls the duplex processing unit 132 to execute the duplex processing (step S103). Although details will be described later with reference to FIGS. 8 to 14, in the duplex processing, different processing is executed according to the operation state of the controller device 10 in the duplex system 1. For example, when the operation states of the two controller devices 10A and 10B constituting the duplex system 1 are “Active” and “Standby”, the duplex operation for synchronizing data between the controller devices 10A and 10B. Processing is performed.

  Thereafter, in step S104, the control execution unit 130 writes the output data based on the execution result of the control logic in step S102 (step S104). Note that the output data is written when the controller device 10 (for example, the controller device 10A) is a control system, and is not performed when the controller device 10 is a standby system. Details of the output data writing will be described later with reference to FIG.

  And after the process of step S104 is complete | finished, a process is paused (sleep) until the control execution process of the next period is performed (step S105).

(2-1) Duplexing process The duplexing process (step S103 in FIG. 7) will be described in detail below. FIG. 8 is a flowchart illustrating an example of the processing procedure of the duplex processing. As described above, the duplexing process is a process in which the control execution unit 130 calls and executes the duplexing processing unit 132 in the control execution process, and may be considered as a subroutine of the control execution process.

  First, in step S201, the duplexing processing unit 132 checks the duplexing operation state in the controller device 10 (controller device 10A). More specifically, the duplex processing unit 132 refers to the operation state management table 121 of the data matching information 120 and acquires the value of the operation state 1211 recorded in the table. For example, in the case of FIG. 4, the operating state of “Active” is confirmed.

  Next, the duplexing processing unit 132 executes any of the processes in steps S202 to S204 according to the operation state confirmed in step S201, and ends the duplexing process. Specifically, when the operation state is “Bootup”, a predetermined process for initialization is executed in step S202 (initialization process). When the operation state is “Standalone”, a predetermined process for the single operation is executed in step S203 (single operation process). If the operation state is “Active” or “Standby”, a predetermined process for duplex operation is executed in step S204 (duplex operation process). Details of the single operation process in step S203 will be described later with reference to FIG. 10, and details of the duplex operation process in step S204 will be described later with reference to FIGS.

  Here, it supplements about the operation state of the controller apparatus 10 in the duplex system 1. FIG. As described above in FIG. 4, the operation state of the controller device 10 in the duplex system 1 is recorded in the operation state 1211 of the operation state management table 121. Specifically, “Bootup”, “Standalone”, “Active ”And“ Standby ”are recorded.

  FIG. 9 is a diagram for explaining the state transition of the operation state in the duplex system. Each operation state (Bootup 901, Standalone 902, Active 903, and Standby 904) illustrated in FIG. 9 corresponds to the above four operation states. In other words, Bootup 901 is an operation state that means initialization is in progress, Standalone 902 is an operation state that means that the controller device 10 is operating independently (that is, is not duplexed), and Active 903 is an operation state that the controller device 10 itself is in. Is an operation state that means that the redundant system 1 is operating in the control system (primary system), and Standby 904 indicates that the controller device 10 is operating in the standby system (secondary system) in the redundant system 1. It is an operational state that means.

  In addition, transitions 905 to 910 in FIG. 9 indicate the relationship of state transitions between the respective operation states. The state transition shown in FIG. 9 will be specifically described.

  First, in the first controller device 10A, transition to Bootup 901 is made when the operation is started by the control execution unit 130 (Transition 905). In the Bootup 901, the second controller device 10 (for example, the controller device 10B) to be duplexed is searched for, and when timed out without being found, the operation goes to Standalone 902 because of a single operation (Transition 906). The Standalone 902 waits for the activation of the second controller device 10B to be duplexed while performing the single operation process. When the first controller device 10A is Standalone 902 and the second controller device 10B to be duplexed is in the operation state of Bootup 901, initialization processing that configures the duplex system is executed, and the first is configured when duplex is configured. The operation state of the controller device 10A is Active 903 (transition 907), and the operation state of the second controller device 10B is Standby 904 (transition 909).

  If the second controller device 10B stops due to the occurrence of an abnormality when the duplexing is configured, the duplexing cannot be maintained, and the operating state of the first controller device 10A transitions to the Standalone 902 (transition 908). ). On the other hand, if the first controller device 10A stops due to the occurrence of an abnormality when the duplexing is configured, the duplexing cannot be maintained, and the operation state of the second controller device 10B transitions to Standalone 902 (transition 910). ). Note that the stopped controller device 10 enters the operation state “None”, and transitions to Bootup 901 upon restart.

  As described above, as shown in FIG. 9, in the duplex system 1, the operation state of each controller device 10 is one of four operation states (5 if “none” is included) depending on the duplex configuration status. For example, in order to make a transition to Active 903, which is a duplex control system, it must always pass through Standby 904 (duplex standby system).

(2-1-1) Single Operation Process The single operation process (step S203 in FIG. 8) will be described in detail. FIG. 10 is a flowchart illustrating an example of the processing procedure of the single operation processing. The single operation processing is executed by the duplex processing unit 132 (mainly the data matching processing unit 133).

  According to FIG. 10, first, the duplexing processing unit 132 refers to the flag management table 122 illustrated in FIG. 5 in order to determine whether the data matching processing is necessary, and the value 1222 of “data matching flag”. Is confirmed (step S301). When the data matching flag confirmed in step S301 is “false (data matching is not required)” (false in step S301), the duplexing processing unit 132 ends the single operation process.

  If the data matching flag confirmed in step S301 is “true (data matching required)” (true in step S301), the duplex processing unit 132 sets the temporary variable value 1233 recorded in the data management table 123. Is copied to the corresponding actual variable (step S302), then the data matching flag in the flag management table 122 is reset (step S303), and the single operation process is terminated. It should be noted that the temporary variable value copying in step S302 can be assumed to be performed only for variables whose matching target flag 1234 is “true” in the data management table 123.

(2-1-2) Duplexing Operation Processing Here, the duplexing operation processing (step S204 in FIG. 8) will be described. The duplexing operation process is a process performed in order to realize data matching (synchronization) between the two controller devices 10A and 10B constituting the duplexing system 1, and the controller device configuring the duplexing system 1 It is executed in each of 10A and 10B. The duplex operation process is roughly divided into a synchronized data transmission process related to transmission of synchronized data for data matching and a synchronized data reception process related to reception of synchronized data.

  FIG. 11 is a flowchart illustrating an example of a processing procedure of the duplex operation processing. As illustrated in FIG. 11, the duplex processing unit 132 executes a synchronized data transmission process (step S401), then executes a synchronized data reception process (step S402), and then ends the duplex operation process.

  First, the synchronized data transmission process will be described in detail. FIG. 12 is a flowchart illustrating an example of a processing procedure of the synchronized data transmission process.

  According to FIG. 12, in step S501, the duplexing processing unit 132 checks the value 1222 of the “data matching flag” in the flag management table 122 in order to determine whether data matching processing is necessary.

  If the data matching flag confirmed in step S501 is “false (data matching is not required)” (false in step S501), the duplex processing unit 132 synchronizes only the heartbeat (HB) for alive monitoring. Data is transmitted to the controller device 10B to be duplexed (step S511), and the synchronized data transmission process is terminated. The transmission of the synchronization data is performed by the synchronization communication unit 136 of the duplex processing unit 132, and the synchronization data transmitted from the controller device 10A is received by the controller device 10B via the synchronization communication path 140. . This applies not only to the synchronized data transmission in step S511, but also to other synchronized data transmissions (steps S504 and S507) described later.

  On the other hand, if the data matching flag confirmed in step S501 is “true (data matching required)” (true in step S501), the process proceeds to step S502.

  In step S <b> 502, the duplex processing unit 132 refers to the flag management table 122 in order to confirm the progress of data matching, and confirms the combination of the “transmitted flag” and “received flag” values 1222. The following three confirmation results are assumed in step S502, and processing corresponding to each confirmation result is performed.

  First, regarding the confirmation result in step S502, if the transmitted flag is a combination of “true (data matching command transmitted)” and the received flag is “false (data matching command not received)”, This means that it is waiting for a response from the controller device 10B to be duplicated. Therefore, in step S511, the duplexing processing unit 132 transmits only the heartbeat (HB) for transmitting the alive state as synchronization data to the controller device 10B to be duplexed, and ends the synchronization data transmission processing. Note that the synchronization data transmitted in step S511 may include master-slave data and the like necessary for configuring the duplex between the controller devices 10A and 10B, but synchronization in second and third processing described later. Unlike the data transmission, the plan data (or information indicating the contents) set in the controller device 10A (more specifically, the control application 131) in steps S101 and S102 is not transmitted.

  Second, regarding the confirmation result in step S502, if the transmitted flag is a combination of “false (data matching command not transmitted)” and the received flag is “false (data matching command not received)”, The duplex processing unit 132 creates a Set command as a data matching command to be transmitted to the controller device 10B to be duplexed (step S503). The Set command is created by referring to the data management table 123 and collecting the variable name 1231 and the temporary variable value 1233 for the variable whose matching target flag 1234 is “true (matching target)”.

  Then, the duplex processing unit 132 transmits the synchronization data including the Set command and the heartbeat (HB) created in step S503 to the controller device 10B (step S504), and changes the transmitted flag to “true” (step S505). ), And finishes the synchronized data transmission process. In addition to the Set command and HB, the synchronization data transmitted in step S504 includes plan data (or information indicating the contents) set in the controller device 10A (more specifically, the control application 131) in steps S101 and S102. ) Is included.

  Third, regarding the confirmation result of step S502, if the transmitted flag is a combination of “false (data matching command not transmitted)” and the received flag is “true (data matching command received)”, The duplexing processing unit 132 creates an Ack command as a data matching command to be returned to the controller device 10B to be duplexed (step S506).

  Then, the duplexing processing unit 132 transmits the synchronization data composed of the Ack command and the heartbeat (HB) created in Step S506 to the controller device 10B (Step S507), and changes the transmitted flag to “true” (Step S507). S508). In addition to the Ack command and HB, the synchronization data transmitted in step S507 includes plan data (or information indicating the contents) set in the controller device 10A (more specifically, the control application 131) in steps S101 and S102. ) Is included.

  When the processing in step S508 is completed, the data matching flag, the transmitted flag, and the received flag are all “true”, and as described above with reference to FIG. 5, data matching with the duplex target is completed. Means that At this time, the duplex processing unit 132 copies the temporary variable value 1233 recorded in the data management table 123 to the corresponding actual variable (step S509). In step S509, the temporary variable value 1233 set based on the plan data is copied to the actual variable, whereby the plan data is applied to the actual control processing for the control target device 30. Similar to step S302 in FIG. 10, it can be assumed that the temporary variable value copy in step S509 is performed only for variables for which the matching target flag 1234 is “true”. Thereafter, the duplex processing unit 132 resets all of the data matching flag, the transmitted flag, and the received flag in the flag management table 122 to “false” (step S510), and ends the synchronized data transmission process.

  Next, the synchronized data reception process will be described in detail. FIG. 13 is a flowchart illustrating an example of a processing procedure of the synchronization data reception process.

  According to FIG. 13, in step S601, the duplex processing unit 132 receives synchronized data. Details of the synchronization data reception will be described later with reference to FIG.

  Next, the duplex processing unit 132 confirms whether or not the result of the synchronization data reception is a timeout (step S602), and if it is a timeout (YES in step S602), the operation state 1211 of the operation state management table 121 is determined. Is changed to Standalone (step S610), and the synchronization data receiving process is terminated. The time-out confirmation in step S602 is performed based on the time-out determination (see step S701 in FIG. 14) performed during the reception of the synchronization data in step S601.

  If the result of the synchronization data reception is not a timeout (NO in step S602), the duplex processing unit 132 confirms the type of the synchronization data received in step S601 (step S603).

  In the confirmation in step S603, when the received synchronization data is only the heartbeat (HB in step S603), the synchronization data transmission described in step S511 in FIG. 12 has been received from the controller device 10B to be duplexed. Means. At this time, the duplex processing unit 132 ends the synchronized data reception process without performing any special process in order to maintain the current state.

  In the confirmation in step S603, if the received synchronization data is a Set command and a heartbeat (Set command + HB in step S603), the synchronization data transmission shown in step S504 in FIG. It means that it has been received from the device 10B. At this time, the duplex processing unit 132 copies the Set command information to the data management table 123 (step S604). Further, the duplexing processing unit 132 sets the data matching flag to “true (data matching in progress)” in the flag management table 122 (step S605) and sets the received flag to “true (data matching command received)”. "(Step S606), and the synchronized data reception process ends.

  In the confirmation in step S603, if the received synchronization data is an Ack command and a heartbeat (Ack command + HB in step S603), the synchronization data transmission shown in step S507 in FIG. It means that it has been received from the device 10B. At this time, the duplex processing unit 132 sets the received flag of the flag management table 122 to “true (data matching command received)” (step S607).

  When the processing in step S607 is completed, the data matching flag, the transmitted flag, and the received flag are all “true” (meaning that data matching with the duplex target has been completed). Therefore, the duplication processing unit 132 copies the temporary variable value 1233 recorded in the data management table 123 to the corresponding actual variable (step S608), and the data matching flag, the transmitted flag, and the received flag in the flag management table 122 are received. All of the flags are reset to “false” (step S609), and the synchronized data transmission process ends. The process of steps S608 to S609 is the same as the process of steps S509 to S510 in the synchronized data transmission process (FIG. 12). In particular, in step S608, the temporary variable value 1233 set based on the plan data is copied to the actual variable, so that the plan data is applied to the actual control processing for the control target device 30.

  Here, the details of the synchronization data reception in step S601 will be described with reference to FIG. FIG. 14 is a flowchart illustrating an example of a processing procedure in receiving synchronized data.

  According to FIG. 14, first, the duplex processing unit 132 confirms whether or not a predetermined time-out time set in advance has elapsed (step S701). If time-out occurs in step S701 (YES in step S701), the reception of the synchronization data is terminated because no synchronization data has been received.

  If the time-out has not occurred in step S701 (NO in step S701), the synchronization data is received (step S702), and the presence or absence of the received data is confirmed (step S703). If there is reception data in step S703 (YES in step S703), the synchronization data reception ends. If there is no received data in step S703 (NO in step S703), the device sleeps for a predetermined time (step S704), and then returns to the processing in step S701 again.

  As described above, according to the synchronization data reception shown in FIG. 14, the synchronization data is received until the synchronization data is received before the timeout or until the timeout occurs without receiving the synchronization data.

  As described above, the processing shown in FIGS. 11 to 14 is performed in each of the controller devices 10A and 10B configuring the duplex system 1, whereby the controller device 10A synchronizes data with the controller device 10B to be duplexed. be able to.

(2-2) Output Data Writing In the following, output data writing (step S104 in FIG. 7) will be described in detail. FIG. 15 is a flowchart illustrating an example of a processing procedure in writing output data.

  As described in step S104 in FIG. 7, as described above in the description of FIG. 7, in the output data writing, the control execution unit 130 of the controller device 10 outputs a result based on the execution of the control logic (step S <b> 102). Which is executed after completion of the duplexing process (step S103 in FIG. 7). Therefore, when the duplex system 1 is configured by the controller devices 10A and 10B, the control execution unit 130 of the controller device 10A of the control system until the data matching is completed between the controller devices 10A and 10B by the duplex processing. Does not start writing output data.

  According to FIG. 15, first, the control execution unit 130 refers to the operation state management table 121 and confirms the operation state 1211 of the own controller device 10 (for example, the controller device 10A) (step S801).

  Next, when the operation state 1211 is “Bootup” or “Standby” in step S801, the controller device 10A does not need or qualify to write the output data, and writes the output data without performing special processing. Exit. On the other hand, if the operation state 1211 is “Active” or “Standalone” in step S801, the controller device 10A is in a position to write the output data, so the result based on the execution of the control logic (output data) Is written (step S802), and the output data writing is terminated.

(3) Plan data setting process As described above, in the controller device 10A according to the present embodiment, when the plan information (plan data) is received from the plan server 20, the control execution unit 130 executes the control execution. By performing the process, the data is matched with the controller device 10B that has received the same plan data, and after the data match is completed, the execution result of the control application 131 based on the plan data is displayed as a slave device (control target device 30). ) To set the plan data.

  Further, in the controller device 10A according to the present embodiment, the plan receiving unit 110 sets the received plan data in the controller devices 10A and 10B separately from the control execution processing by the control execution unit 130 (the plan It is possible to confirm whether or not the data is appropriately reflected in the control processing of the fixed period by the control execution unit 130 and notify the plan data transmission source (plan data setting processing). This chapter will explain this plan data setting process in detail.

  FIG. 16 is a flowchart illustrating an example of a processing procedure of the plan data setting process. Hereinafter, each process of FIG. 16 will be described as being executed by the plan receiving unit 110 of the controller device 10A, but actually, the plan receiving unit 110 performs the plan data setting process similarly in the controller device 10B.

  As shown in FIG. 16, in step S901, the plan receiving unit 110 receives plan information (plan data). Next, the plan receiving unit 110 refers to the flag management table 122 and checks the value 1222 of the “data matching flag” (step S902).

  When the data matching flag is “true (data matching is in progress)” in the confirmation in step S902, the plan receiving unit 110 receives a signal (data) indicating that data matching processing is being performed in the controller device 10A. An error during matching process) is transmitted to the plan server 20 (step S910), and the plan data setting process is terminated.

  In such a case, the plan server 20 receives the error during data matching processing, so that the controller device 10A is in the process of data matching based on the transmitted plan data, and the setting of the plan data is completed. You can recognize that they are not. Therefore, the plan server 20 can determine whether to wait for transmission of the next plan data, for example, when transmission of the next plan data is prepared.

  On the other hand, if the data matching flag is “false (data matching is not in progress)” in the confirmation in step S902, the data matching can be executed based on the reception of the plan data in step S901. The plan receiving unit 110 sets the received plan data in the data management table 123 (step S903), and sets the data matching flag of the flag management table 122 to “true (data matching in progress)” (step S904). ).

  Then, the plan receiving unit 110 checks whether or not a predetermined time-out time set in advance has elapsed (step S905). The time-out time is a time that defines a time-out related to the entire data matching process by the control execution unit 130.

  If it is time-out in the confirmation in step S905 (YES in step S905), the plan receiving unit 110 transmits a time-out error to the plan server 20 (step S909) and ends the plan data setting process.

  In such a case, the plan server 20 receives the time-out error, whereby the data matching process based on the transmitted plan data is not normally completed in the controller device 10A, and the plan data is appropriately sent to the controller device 10A. You can recognize that it was not set. Therefore, the plan server 20 can determine to retransmit the previous plan data, or can estimate the possibility of failure or malfunction in the controller devices 10A and 10B.

  On the other hand, if the timeout is not confirmed in the confirmation in step S905 (NO in step S905), the plan receiving unit 110 refers to the flag management table 122 and confirms the value 1222 of the “data matching flag” (step S906). If the data matching flag is “true (data matching is in progress)” in the confirmation in step S906, after a predetermined time of sleep (step S908), the process returns to step S905 to check the timeout. If the data matching flag is “false (data matching is not in progress)” in the confirmation in step S906, the data matching is completed between the controller devices 10A and 10B of the duplex system 1, and the plan It means that the data was properly reflected (set). Therefore, the plan receiving unit 110 transmits a setting OK command indicating that the setting of the plan data is completed to the plan server 20 (step S907), and ends the plan data setting process.

  In such a case, the plan server 20 receives the setting OK command, whereby the controller device 10A, 10B normally completes the data matching process based on the transmitted plan data, and the plan data is stored in the controller device 10A, 10B. It can be recognized that 10B is set. Therefore, the plan server 20 can perform control such as permitting transmission of the next plan data on the condition that the setting OK command has been received. If the setting OK command has been received from both the controller devices 10A and 10B, the stability can be further improved.

  As described above, the process of steps S901 to S910 in FIG. 16 is performed, so that the plan receiving unit 110 receives from the outside (for example, the plan server 20) at a timing different from the control cycle of the control process by the control execution unit 130. With respect to the plan data, the setting status of the plan data in the controller devices 10A and 10B (whether or not it is appropriately reflected in the control process) can be notified to the transmission source of the plan data. In this way, the certainty regarding the setting of the plan data in the duplex system 1 is improved, and it contributes to the stable operation of the duplex system 1.

(4) Summary The controller device 10 according to the present embodiment uses a fieldbus communication protocol such as EtherCAT to convert input data (for example, plan data) via the fieldbus into a control system controller device 10A and a standby system controller. The synchronization required for communicating the synchronization information by enabling the plan data to be transmitted together with the alive monitoring information (heartbeat) in the control execution process by the control execution unit 130 when the device 10B always matches. The number of times of communication is once per control cycle (synchronized data transmission only), and an increase in the execution time of the control application accompanying an increase in the time of synchronized communication can be suppressed.

  Further, according to the present embodiment, in the first cycle of the control process in which the control application 131 is executed at a fixed cycle, the controller devices 10A and 10B are made to perform synchronization data transmission processing and synchronization data reception processing of duplex operation processing. When the data matching of the set plan data is completed and the control process of the second cycle is started, the plan data is applied to the actual control process (application of the temporary variable value to the actual variable: step of FIG. 12 S509, step S608 of FIG. 13) becomes possible. By performing control in accordance with the control cycle in this way, the control execution timing does not shift in the controller devices 10A and 10B of both the control system and the standby system, so even when the control system and the standby system are switched, It is possible to maintain the constant cycle control for the control target device 30, and to stably switch between the control system and the standby system.

  Further, as described above, the controller device 10 according to the present embodiment, when the data matching is completed in the controller devices 10A and 10B in the duplexing operation processing by the control execution unit 130 (duplexing processing unit 132) (data matching The temporary variable value 1233 recorded in the data management table 123 is copied to the actual variable for the first time (when the conversion flag, the transmitted flag, and the received flag are all “true”). That is, even if the controller device 10 receives input data (for example, plan data from the plan server 20) from the outside at a timing different from the control cycle of the control process, until the synchronization in the duplex system 1 is determined. The input data is not reflected in the actual control process to the control target device 30, and the duplexing reliability and stability of the duplexing system 1 can be improved.

  In the duplex system 1 according to the present embodiment, the control execution process described above receives input data (for example, plan information from the plan server 20) input from the outside at a timing different from the control cycle of the control process. When the input data input at the same timing as the control cycle of the control process is received, a part of the process can be prevented from being performed.

  Specifically, for example, after input data is set in the control application 131 (steps S101 and S102 in FIG. 7), output data writing (step S104) is performed without performing the duplication operation process (step S103). Can be. This is because it is possible to always obtain the same calculation result when the control processing is always performed using the same input at the same timing in both of the two controller devices 10A and 10B constituting the duplex system 1. For this reason, when the above input is performed in accordance with the control cycle of the control process, the duplex operation process can be omitted. By doing in this way, in the duplex system 1, it is possible to reduce the amount of synchronization communication between the controller devices 10A and 10B, and to suppress an increase in control processing time associated with the synchronization processing. However, even in this case, alive monitoring communication using a heartbeat may be performed.

  In addition, this invention is not limited to the Example demonstrated by said embodiment, Various modifications are included. For example, the examples described in the above embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Therefore, a part of the configuration of the embodiment may be deleted or another configuration may be added or replaced.

  In addition, each configuration, function, processing unit, processing unit, and the like described in the above embodiments may be realized in hardware by designing a part or all of them, for example, with an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a recording device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

  Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. In practice, it may be considered that almost all components are connected to each other.

  The present invention, in a duplex system composed of controllers, can simultaneously satisfy the reduction in the number of synchronized communications and the coincidence of the control timings in the control system and the standby system. This technology is useful for reliability.

1 Redundant system 10 (10A, 10B) Controller 11 CPU
12 Main storage device 13 Auxiliary storage device 14 (14a, 14b, 14c) Network I / F
15 bus 20 planning server 21 CPU
22 Main storage device 23 Auxiliary storage device 24 Input device 25 Output device 26 (26a, 26b) Network I / F
27 Bus 30 (30A, 30B, 30C) Control target device 40 (40A, 40B) Information control network 50 Fieldbus 51 Switching hub 110 Plan receiving unit 120 Data matching information 121 Operation state management table 122 Flag management table 123 Data management table DESCRIPTION OF SYMBOLS 130 Control execution part 131 Control application 132 Duplication process part 133 Data matching process part 134 Life monitoring part 135 State management part 136 Synchronization communication part 140 Synchronization communication path 210 Plan transmission part 1211 Operation state 1221 Flag name 1222 Value 1231 Variable name 1232 Data type 1233 Temporary variable value 1234 Matching target flag

Claims (12)

A controller device that controls a control target device and can configure a duplex system together with another controller device to be duplexed.
A plan receiving unit for receiving input data from the outside;
A control execution unit that executes control processing on the control target device at a predetermined control period;
With
When the plan receiving unit receives input data input at a timing different from the control cycle,
The control execution unit
Set the input data received by the plan receiving unit in its own controller device,
Performing a duplication operation process for confirming that the input data is set in both the own controller device and the other controller device,
The controller device, wherein the input data is applied to the control process when confirmation in the duplex operation process is obtained. A process from when the plan receiving unit receives the input data input at a timing different from the control cycle until the control execution unit applies the input data to the control processing is a plurality of control cycles. The controller device according to claim 1, wherein the controller device is performed across the two. The duplex operation process is:
Synchronized data transmission for transmitting the input data set in the controller device to the other controller device;
Synchronized data reception for receiving the input data set by the another controller device from the other controller device;
Including
The controller device according to claim 1, wherein life-and-death monitoring communication of the duplex system is performed simultaneously with the transmission of the synchronization data and the reception of the synchronization data. When input data that is input from the outside at the same timing as the control cycle is always the same between the controller device and the other controller device,
When the plan receiving unit receives input data input at the same timing as the control cycle,
The control execution unit
The input data received by the plan receiving unit is set in the own controller device,
The controller device according to claim 1, wherein the input data is applied to the control process without performing the duplex operation process. When the plan receiving unit receives input data input at a timing different from the control cycle,
The controller device according to claim 1, wherein the plan receiving unit notifies a transmission source of the input data whether or not the input data is applied to the control processing by the control execution unit. Holding matching information for managing flags used in the duplex operation processing;
The controller device according to claim 1, wherein the matching information is accessible from the plan receiving unit and the control execution unit. The controller device according to claim 1, wherein the controller device is communicably connected to one or more of the control target devices via a switching hub. A method for synchronizing a duplex system by a controller device that controls a control target device and can configure a duplex system together with another controller device to be duplexed,
The controller device includes a plan receiving unit that receives input data from the outside, and a control execution unit that executes a control process on the control target device at a predetermined control cycle,
When the input data is input from the outside at a timing different from the control cycle,
A data receiving step in which the plan receiving unit receives the input data;
A data setting step in which the control execution unit sets the input data received by the plan receiving unit in its own controller device;
The control execution unit confirms that the input data is set in both the own controller device and the other controller device, and a duplex operation processing step,
A data applying step of applying the input data to the control process when the control execution unit obtains confirmation in the duplex operation process step;
A synchronization method of a duplex system, comprising: When the input data is input from the outside at a timing different from the control cycle,
The method from the data reception step to the data application step is performed across a plurality of the control cycles. The synchronization method of a duplex system according to claim 8. The duplex operation processing step includes:
Synchronized data transmission step of transmitting the input data set in the controller device in the data setting step to the other controller device;
A synchronization data receiving step of receiving the input data set by the another controller device from the other controller device;
Including
The synchronization method of the duplex system according to claim 8, wherein the alive monitoring communication of the duplex system is simultaneously performed in the synchronized data transmission step and the synchronized data reception step. When input data that is input from the outside at the same timing as the control cycle is always the same between the controller device and the other controller device,
When the input data is input from the outside at the same timing as the control cycle,
The plan receiving unit receives the input data in the data receiving step,
9. The duplexing according to claim 8, wherein the control execution unit applies the input data to the control processing in the data application step without performing the duplexing operation processing step after the data setting step. How to synchronize the system. When the input data is input from the outside at a timing different from the control cycle,
The said plan receiving part is further provided with the application notification step which notifies the transmission source of the said input data whether the said input data was applied to the said control process by the said data application step. The synchronization method of the duplex system described in 1.

Images