[go: up one dir, main page]

JP2011248625A - Failure diagnosis circuit and failure diagnosis method of control device - Google Patents

Failure diagnosis circuit and failure diagnosis method of control device Download PDF

Info

Publication number
JP2011248625A
JP2011248625A JP2010121126A JP2010121126A JP2011248625A JP 2011248625 A JP2011248625 A JP 2011248625A JP 2010121126 A JP2010121126 A JP 2010121126A JP 2010121126 A JP2010121126 A JP 2010121126A JP 2011248625 A JP2011248625 A JP 2011248625A
Authority
JP
Japan
Prior art keywords
diagnosis
circuit
control device
output
failure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2010121126A
Other languages
Japanese (ja)
Inventor
Tomohiro Mizutani
友洋 水谷
Masakazu Ishikawa
雅一 石川
Hisao Nagayama
久雄 長山
Yasuyuki Furuta
康幸 古田
Tatsuyuki Otani
辰幸 大谷
Shuichi Nagayama
修一 長山
Nao Terae
尚 寺江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Hitachi Industry and Control Solutions Co Ltd
Original Assignee
Hitachi Ltd
Hitachi Information and Control Solutions Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd, Hitachi Information and Control Solutions Ltd filed Critical Hitachi Ltd
Priority to JP2010121126A priority Critical patent/JP2011248625A/en
Publication of JP2011248625A publication Critical patent/JP2011248625A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Testing And Monitoring For Control Systems (AREA)
  • Safety Devices In Control Systems (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

PROBLEM TO BE SOLVED: To realize prevention of an erroneous output of a control circuit due to a failure of a diagnosis circuit without increasing an amount of hardware, in a control device in a system having high reliability, including the diagnosis circuit.SOLUTION: In the control device in the system having high reliability, a diagnosis instruction signal from an upper-level device is received at multiplexed communication control circuits, and a diagnosis instruction signal to the diagnosis circuit and a diagnosis permission signal are generated. By monitoring a diagnosis output of the diagnosis circuit by multiplexed diagnosis permission circuits using the diagnosis permission signal, the prevention of an erroneous output due to a failure of the diagnosis circuit is realized, and a problem of hardware increase by multiplexing of the diagnosis circuit is solved.

Description

本発明は、各種システムの制御装置の故障検出を行う故障診断回路およびその故障診断方法に関する。   The present invention relates to a failure diagnosis circuit for detecting a failure of a control device of various systems and a failure diagnosis method thereof.

発電プラントのような潜在的リスクの高いシステムにおける制御装置では、故障などによる制御装置の誤出力を避けるため、故障発生時に制御装置の安全な停止や誤出力防止を行ってシステム及び制御装置を安全な状態に移行する機能が求められる。この機能を実現する上で、制御装置における自己または周囲デバイスの故障を検出する故障診断回路は、極めて重要な役割を持つ。例えば、特許文献1には、プラント等の制御装置において、各々故障診断回路を有するアナログ出力モジュールを並設し、診断結果を相手方に出力し、出力切替手段により稼働側のみ出力する、二重化された安定な制御回路構成が開示されている。   In a control device in a system with a high potential risk such as a power plant, in order to avoid an erroneous output of the control device due to a failure, the system and the control device are made safe by performing a safe stop of the control device or preventing an erroneous output when a failure occurs A function to shift to a new state is required. In realizing this function, a failure diagnosis circuit that detects a failure of the device itself or a surrounding device in the control apparatus plays an extremely important role. For example, in Patent Document 1, in a control device such as a plant, analog output modules each having a fault diagnosis circuit are arranged in parallel, the diagnosis result is output to the other party, and only the operating side is output by the output switching means, which is duplicated A stable control circuit configuration is disclosed.

また、非特許文献1は、電気的/電子的/プログラム可能な電子的安全制御装置を安全制御システムの一部に利用する場合の要件を規定した国際規格を示し、機能安全認証はシステムの安全性を4段階のSafety Integrity Level(SIL)として規定している。SILは装置の異常や故障を検出した際にどれだけ確実に所定の安全制御を実施できるかを意味する。   Non-Patent Document 1 shows an international standard that defines requirements for using an electrical / electronic / programmable electronic safety control device as a part of a safety control system. Functional safety certification is a system safety Is defined as a four-level Safety Integrity Level (SIL). SIL means how reliably certain safety control can be performed when an abnormality or failure of the apparatus is detected.

SILはシステムの安全性を保証するため、各制御装置、デバイスが持つ故障診断回路自体の故障検出についても要求している。そのため、システムの安全性確保には、故障診断回路の多重化、故障診断回路出力の比較などの対応による、故障診断回路の故障検出機能の実装が必要である。   In order to guarantee the safety of the system, the SIL also requires the failure detection of the failure diagnosis circuit itself of each control device and device. Therefore, in order to ensure the safety of the system, it is necessary to implement a failure detection function of the failure diagnosis circuit by means such as multiplexing of failure diagnosis circuits and comparison of failure diagnosis circuit outputs.

図2に従来のシステム制御装置における一般的な故障診断回路を説明する。図2に示す主従系の制御装置において、上位装置1から下位装置200に通信回線を通じて診断指示信号2を送信し、通信インターフェイス3でこれを受信する。下位装置200は受信した診断指示信号2を通信インターフェイス3で分配して診断指示信号4とし、二重化した故障診断回路111、故障診断回路112を設けて、診断指示信号4を入力し、その診断出力を比較回路19で比較して正常性をチェックした後、診断出力20を生成し、診断対象として例示した二重化出力の比較照合回路21の機能を診断する。   FIG. 2 illustrates a general failure diagnosis circuit in a conventional system control apparatus. In the master-slave control apparatus shown in FIG. 2, the diagnosis instruction signal 2 is transmitted from the upper apparatus 1 to the lower apparatus 200 through the communication line, and is received by the communication interface 3. The subordinate apparatus 200 distributes the received diagnostic instruction signal 2 through the communication interface 3 to form the diagnostic instruction signal 4, and provides a redundant failure diagnosis circuit 111 and failure diagnosis circuit 112, inputs the diagnosis instruction signal 4, and outputs the diagnosis output. Are compared by the comparison circuit 19 to check the normality, and then a diagnostic output 20 is generated to diagnose the function of the comparison output circuit 21 of the duplex output exemplified as the diagnosis target.

上位装置からは、診断指示信号2とともに、点線で示したように下位装置200本来の機能である制御信号が出力されて一対の出力回路A22、出力回路B23に分配されて二重化出力の比較照合回路21により出力回路A22、出力回路B23の正常性が照合された後、正常な制御信号24によりモータやアクチュエータ等の制御対象300を制御する。   From the host device, a control signal that is the original function of the lower device 200 is output together with the diagnosis instruction signal 2 and is distributed to the pair of output circuit A22 and output circuit B23 to be compared with a duplicate output. After the normality of the output circuit A22 and the output circuit B23 is verified by 21, the control target 300 such as a motor or actuator is controlled by the normal control signal 24.

しかし、故障診断回路の多重化は、実装面積など物理的な面およびコスト面で他の機能を圧迫している。特に、制御装置の故障診断のためにマイクロコンピュータを用いた故障診断回路を用いた場合には、故障診断回路の多重化は論理面積やコスト、消費電力、発熱の増加を招き、大きな問題となっている。   However, multiplexing of fault diagnosis circuits imposes other functions on physical and cost aspects such as mounting area. In particular, when a fault diagnosis circuit using a microcomputer is used for fault diagnosis of the control device, multiplexing of the fault diagnosis circuit causes a large problem due to an increase in logical area, cost, power consumption, and heat generation. ing.

特開2003−256037号公報JP 2003-256037 A

IEC61508-1-7, “Functional safety of electrical/electronic/programmable electronic safety-related systems” part1-7IEC61508-1-7, “Functional safety of electrical / electronic / programmable electronic safety-related systems” part1-7

高い安全性が求められるシステムの制御装置において、故障診断回路の故障に起因する誤出力を防止することは極めて重要である。しかし、故障診断回路の単純な冗長化/多重化は、ハードウェア量の増加すなわちコストアップに直結する。そのため、ハードウェアの増加を抑えた誤出力防止技術の確立が課題となっている。   In a control device of a system that requires high safety, it is extremely important to prevent an erroneous output caused by a failure of a failure diagnosis circuit. However, simple redundancy / multiplexing of the fault diagnosis circuit directly increases the amount of hardware, that is, increases the cost. Therefore, establishment of erroneous output prevention technology that suppresses the increase in hardware has become an issue.

本発明は、上位装置が下位の制御装置に命令を行うシステムの主従系制御装置において、上位装置から下位装置に対して故障診断を指示する場合の故障診断装置および故障診断方法であって、上位装置からの診断指示を含む命令を受信する通信制御回路を多重化し、通信制御回路が診断指示を単独の故障診断回路に入力し、故障診断回路からの診断出力を多重化された診断許可回路に分配し、多重化された通信制御回路により診断許可信号を出力して多重化された診断許可回路に入力して診断出力を監視し、許可された診断出力を比較することにより、故障診断回路を多重化することなく故障診断回路の故障による装置の誤出力を防止することを特徴とする。   The present invention relates to a failure diagnosis device and a failure diagnosis method in a case where a host device instructs a failure diagnosis from a host device to a lower device in a master-slave control device of a system in which a host device issues a command to a lower control device. A communication control circuit that receives a command including a diagnosis instruction from the device is multiplexed, the communication control circuit inputs the diagnosis instruction to a single failure diagnosis circuit, and the diagnosis output from the failure diagnosis circuit is multiplexed to the multiplexed diagnosis permission circuit. By distributing and outputting a diagnosis permission signal by a multiplexed communication control circuit and inputting it to a multiplexed diagnosis permission circuit to monitor the diagnosis output and comparing the permitted diagnosis output, It is characterized by preventing erroneous output of the device due to failure of the failure diagnosis circuit without multiplexing.

本発明は、上位装置と下位装置を有する制御装置において、上位装置からの診断指示を受けて、下位装置に設けた多重化通信制御回路が、故障診断回路への診断指示及び診断許可信号の出力を並行して行い、多重化診断許可回路で故障診断回路出力を監視することにより、故障診断回路自体を多重化することなく診断し、制御装置の誤出力の防止を実現する。   In the control device having the host device and the lower device, the multiplexed communication control circuit provided in the lower device outputs the diagnosis instruction and the diagnosis permission signal to the failure diagnosis circuit in response to the diagnosis instruction from the host device. Are performed in parallel, and the fault diagnosis circuit output is monitored by the multiplexing diagnosis permission circuit, so that the fault diagnosis circuit itself is diagnosed without being multiplexed, thereby preventing the erroneous output of the control device.

また、本発明は、上位装置と下位装置を有する制御装置の故障診断方法において、上位装置からの診断指示を受けて、下位装置が故障診断回路への診断指示信号及び診断許可信号の出力を並行して行うことにより、故障診断回路自体を多重化することなく誤出力の防止を実現する。   Further, according to the present invention, in a failure diagnosis method for a control device having a host device and a lower device, the lower device receives a diagnosis instruction from the host device and outputs a diagnosis instruction signal and a diagnosis permission signal to the failure diagnosis circuit in parallel. By doing so, it is possible to prevent erroneous output without multiplexing the fault diagnosis circuit itself.

これにより、ハードウェアの増加を抑制し、コスト低減と消費電力・発熱低減による制御装置の安定稼動、および寿命の改善を実現することができる。   As a result, an increase in hardware can be suppressed, and stable operation of the control device and improvement of the service life can be realized by reducing costs and reducing power consumption and heat generation.

本発明の制御装置を示すブロック図である。It is a block diagram which shows the control apparatus of this invention. 従来例の制御装置を示すブロック図である。It is a block diagram which shows the control apparatus of a prior art example.

本発明の実施形態について、実施例につき以下の順序で説明を行う。以下に述べる実施例は本発明の好適な具体例であり、技術的に好ましい種々の限定が付されている。しかしながら、本発明の範囲は特に記載がない限りこれらの実施例に限定されるものではない。例えば、以下の実施例で挙げる各条件は好適例に過ぎず、説明に用いた各図における配置関係も概略的なものである。   The embodiment of the present invention will be described in the following order for each example. Examples described below are preferred specific examples of the present invention, and various technically preferable limitations are given. However, the scope of the present invention is not limited to these examples unless otherwise specified. For example, each condition given in the following examples is only a preferable example, and the arrangement relationship in each drawing used for the description is also schematic.

本発明の実施例であるプラント制御等に用いられる制御装置の構成を図1に示す。ここでは、上位装置と下位装置を有する主従系の構成を持つ制御装置において、下位装置に診断指示信号を出す上位装置と下位装置とを各々1つ有する場合について説明するが、実際の実施において上位装置、下位装置の数や種別(入出力・その他)及び通信形態に制限はない。また、下位装置の回路構成は二重化されており、二重化出力の比較照合回路を診断対象としているが、上位装置も含めて内部の多重度、及び診断対象に制限はない。   FIG. 1 shows a configuration of a control device used for plant control or the like which is an embodiment of the present invention. Here, a case where a control device having a master-slave configuration having a host device and a lower device has one each of a host device and a lower device that issue a diagnosis instruction signal to the lower device will be described. There are no restrictions on the number and type of devices, subordinate devices (input / output / others) and communication mode. In addition, the circuit configuration of the lower device is duplicated, and the comparison output comparison circuit of the duplex output is targeted for diagnosis, but there are no restrictions on the internal multiplicity including the higher device and the diagnosis target.

図2に示す従来例では、故障診断回路111、112を二重化して診断出力を比較回路19で比較し、出力が不一致になり故障診断回路動作が異常とされると、制御装置を制御対象300から遮断して安全状態に移行し、故障診断回路故障による制御回路の誤出力を防止している。これにより制御対象の誤動作によるシステムへのダメージを未然に防いでいる。   In the conventional example shown in FIG. 2, the fault diagnosis circuits 111 and 112 are duplicated and the diagnosis outputs are compared by the comparison circuit 19. When the outputs become inconsistent and the fault diagnosis circuit operation is abnormal, the control device is controlled 300. It shuts off from the power supply and shifts to a safe state to prevent erroneous output of the control circuit due to a failure diagnosis circuit failure. This prevents damage to the system due to malfunction of the controlled object.

これに対し本発明では、通信制御装置からの診断指示信号を分配して比較し、また故障診断回路の診断出力を診断許可信号を用いて出力許可した上で比較する構成により、故障診断回路を二重化することなく診断し、誤出力を防止する。
〔基本構成〕
図1において、制御回路は上位装置1と下位装置100からなり、上位装置1は下位装置100に対して診断指示信号2により、下位装置100の故障診断の実行を命令する。下位装置100は通信回線を通じて上位装置1からの診断指示信号2を通信インターフェイス3で受信する。
〔通信制御〕
通信インターフェイス3により受信され分配された診断指示信号4は、通信制御回路A5、通信制御回路B6に入力され、診断指示信号7、診断指示信号8として比較回路9に入力される。通信制御回路A5、通信制御回路B6は二重に冗長化された通信制御回路で、診断指示信号2および通常の制御信号を含む上位装置1との通信を二重化する。通信制御回路A5、通信制御回路B6は、特に上位装置1から故障診断を命令された場合に、比較回路9に向けて診断指示信号7、診断指示信号8を出力する。比較回路9は診断指示信号7、診断指示信号8を比較して故障診断回路11に両者の一致、不一致を示す比較信号10を出力する。 In contrast, the present invention distributes and compares the diagnosis instruction signal from the communication control device, and also compares the diagnosis output of the failure diagnosis circuit using the diagnosis permission signal and then compares the diagnosis output signal. Diagnose without duplication and prevent erroneous output.
[Basic configuration]
In FIG. 1, the control circuit includes a host device 1 and a lower device 100, and the host device 1 instructs the lower device 100 to execute a failure diagnosis of the lower device 100 by a diagnosis instruction signal 2. The lower level device 100 receives the diagnostic instruction signal 2 from the higher level device 1 through the communication line by the communication interface 3.
(Communication control)
The diagnosis instruction signal 4 received and distributed by the communication interface 3 is input to the communication control circuit A5 and the communication control circuit B6, and is input to the comparison circuit 9 as the diagnosis instruction signal 7 and the diagnosis instruction signal 8. The communication control circuit A5 and the communication control circuit B6 are double redundant communication control circuits, and duplex communication with the host device 1 including the diagnosis instruction signal 2 and the normal control signal. The communication control circuit A5 and the communication control circuit B6 output a diagnosis instruction signal 7 and a diagnosis instruction signal 8 to the comparison circuit 9 particularly when a failure diagnosis is instructed from the host device 1. The comparison circuit 9 compares the diagnosis instruction signal 7 and the diagnosis instruction signal 8 and outputs a comparison signal 10 indicating the coincidence or disagreement between them to the failure diagnosis circuit 11.

上記通信制御回路A5は、診断指示信号4から診断指示信号7と診断許可信号13を生成する。通信制御回路B6も同様に診断指示信号4から診断指示信号8と診断許可信号14を生成する。上記診断許可信号13及び診断許可信号14は、制限時間や時間窓等の時間条件を設定して、以下に説明する構成により故障診断回路11の出力をチェックする。
〔故障診断回路〕
次に、故障診断回路11について説明する。故障診断回路11は、比較回路9の比較信号10の入力を受けて、上位装置1の指示内容に対応した種々の診断出力12の生成と出力を行う。すなわち、故障診断回路11は、比較信号10が入力されると診断指示信号7、診断指示信号8が一致する場合は正常状態を示す診断出力12を出力し、診断指示信号7、診断指示信号8が一致しない場合は異常状態を示す診断出力12を出力する。診断出力12は、二重化された診断許可回路A15、診断許可回路B16に分配される。
〔診断許可回路〕
次に、診断許可回路A15、診断許可回路B16について説明する。診断許可回路A15、診断許可回路B16は冗長化された出力許可回路であり、故障診断回路11の診断信号12は診断許可回路A15、診断許可回路B16に分配される。 The communication control circuit A5 generates a diagnosis instruction signal 7 and a diagnosis permission signal 13 from the diagnosis instruction signal 4. Similarly, the communication control circuit B6 generates a diagnosis instruction signal 8 and a diagnosis permission signal 14 from the diagnosis instruction signal 4. The diagnosis permission signal 13 and the diagnosis permission signal 14 set time conditions such as a time limit and a time window, and check the output of the failure diagnosis circuit 11 with the configuration described below.
[Failure diagnosis circuit]
Next, the failure diagnosis circuit 11 will be described. The failure diagnosis circuit 11 receives the comparison signal 10 from the comparison circuit 9 and generates and outputs various diagnosis outputs 12 corresponding to the instruction contents of the host device 1. That is, the failure diagnosis circuit 11 outputs a diagnosis instruction signal 7 when the comparison signal 10 is input, and outputs a diagnosis output 12 indicating a normal state when the diagnosis instruction signal 8 matches. If they do not match, a diagnostic output 12 indicating an abnormal state is output. The diagnosis output 12 is distributed to the duplex diagnosis permission circuit A15 and diagnosis permission circuit B16.
[Diagnosis permission circuit]
Next, the diagnosis permission circuit A15 and the diagnosis permission circuit B16 will be described. The diagnosis permission circuit A15 and the diagnosis permission circuit B16 are redundant output permission circuits, and the diagnosis signal 12 of the failure diagnosis circuit 11 is distributed to the diagnosis permission circuit A15 and the diagnosis permission circuit B16.

診断許可回路A15、診断許可回路B16には、それぞれ通信制御回路A5、通信制御回路B6からの診断許可信号13、診断許可信号14が入力されている。診断許可回路A15、診断許可回路B16は通信制御回路A5、通信制御回路B6の診断許可信号13、診断許可信号14により診断出力12を監視し、診断許可信号13、診断許可信号14の条件に合致した場合に、診断出力信号17、診断出力信号18を次段の比較回路19に出力する。   The diagnosis permission signal 13 and the diagnosis permission signal 14 from the communication control circuit A5 and the communication control circuit B6 are input to the diagnosis permission circuit A15 and the diagnosis permission circuit B16, respectively. The diagnosis permission circuit A15 and the diagnosis permission circuit B16 monitor the diagnosis output 12 with the diagnosis permission signal 13 and the diagnosis permission signal 14 of the communication control circuit A5 and the communication control circuit B6, and meet the conditions of the diagnosis permission signal 13 and the diagnosis permission signal 14. In this case, the diagnostic output signal 17 and the diagnostic output signal 18 are output to the comparison circuit 19 at the next stage.

すなわち通信制御回路A5、通信制御回路B6は診断許可信号13、診断許可信号14から診断出力12の正常性をチェックし、二重化された診断出力信号17、診断出力信号18を出力する機能を持つ。
〔比較回路〕
比較回路19において診断出力信号17、診断出力信号18が一致しない場合は、故障診断回路11が故障していると判断し、制御対象300への制御信号24を遮断し、制御回路およびシステムを安全状態に移行させる。診断出力信号17、診断出力信号18が一致した場合は正常な診断出力20を出力し、診断対象である二重化出力比較照合回路21を診断する。二重化出力比較照合回路21が正常に動作しているときは、制御信号24により制御対象300を制御する。 That is, the communication control circuit A5 and the communication control circuit B6 have a function of checking the normality of the diagnosis output 12 from the diagnosis permission signal 13 and the diagnosis permission signal 14, and outputting a duplicated diagnosis output signal 17 and diagnosis output signal 18.
[Comparison circuit]
If the diagnosis output signal 17 and the diagnosis output signal 18 do not match in the comparison circuit 19, it is determined that the failure diagnosis circuit 11 has failed, the control signal 24 to the controlled object 300 is cut off, and the control circuit and system are made safe. Transition to the state. When the diagnosis output signal 17 and the diagnosis output signal 18 coincide with each other, a normal diagnosis output 20 is output, and the duplexed output comparison / collation circuit 21 to be diagnosed is diagnosed. When the duplex output comparison / collation circuit 21 is operating normally, the control object 300 is controlled by the control signal 24.

1:上位装置
2、4、7、8:診断指示信号
3:通信インターフェイス
5:通信制御回路A
6:通信制御回路B
9、19:比較回路
11:故障診断回路
13、14:診断許可信号
15:診断許可回路A
16:診断許可回路B
17、18:診断出力信号
21:二重化出力比較照合回路
100:下位装置
300:制御対象 1: Host device 2, 4, 7, 8: Diagnosis instruction signal 3: Communication interface 5: Communication control circuit A
6: Communication control circuit B
9, 19: Comparison circuit 11: Failure diagnosis circuit 13, 14: Diagnosis permission signal 15: Diagnosis permission circuit A
16: Diagnosis permission circuit B
17, 18: Diagnostic output signal 21: Duplex output comparison / collation circuit 100: Subordinate device 300: Control target

Claims (12)

上位装置と下位装置を有する制御装置により制御を行うシステムの制御装置であって、前記下位装置は、前記上位装置からの制御信号と診断指示信号を受信する通信インターフェイスと、故障診断回路と、制御対象への制御信号を出力する出力回路とを有する制御装置において、
前記上位装置から受信した診断指示信号を受信する多重化された通信制御回路と、該多重化された通信制御回路出力により前記故障診断回路の診断出力を監視して診断出力の許可を行う診断許可回路を有することを特徴とする制御装置の故障診断回路。 A control device of a system that performs control by a control device having a host device and a host device, wherein the host device receives a control signal and a diagnosis instruction signal from the host device, a fault diagnosis circuit, and a control In a control device having an output circuit that outputs a control signal to a target,
A multiplexed communication control circuit that receives a diagnosis instruction signal received from the host device, and a diagnosis permission that permits diagnosis output by monitoring the diagnosis output of the failure diagnosis circuit by the multiplexed communication control circuit output A fault diagnosis circuit for a control device comprising a circuit. 請求項1に記載の制御装置の故障診断回路において、多重化された前記通信制御回路からの診断指示信号を比較する比較回路を有することを特徴とする制御装置の故障診断回路。   2. The failure diagnosis circuit for a control device according to claim 1, further comprising a comparison circuit for comparing diagnosis instruction signals from the multiplexed communication control circuits. 請求項2に記載の制御装置の故障診断回路において、前記比較回路は、多重化された前記診断指示信号が一致した場合のみ、前記故障診断回路に診断指示を行うことを特徴とする制御装置の故障診断回路。   3. The failure diagnosis circuit for a control device according to claim 2, wherein the comparison circuit issues a diagnosis instruction to the failure diagnosis circuit only when the multiplexed diagnosis instruction signals match. Fault diagnosis circuit. 請求項1に記載の制御装置の故障診断回路において、前記通信制御回路は診断許可信号を生成して前記診断許可回路に出力し、前記診断許可回路は前記診断許可信号を用いて、前記故障診断回路の診断出力を監視することを特徴とする制御装置の故障診断回路。   2. The failure diagnosis circuit for a control device according to claim 1, wherein the communication control circuit generates a diagnosis permission signal and outputs the diagnosis permission signal to the diagnosis permission circuit, and the diagnosis permission circuit uses the diagnosis permission signal to perform the failure diagnosis. A fault diagnosis circuit for a control device, characterized by monitoring a diagnostic output of the circuit. 請求項4に記載の制御装置の故障診断回路において、多重化された前記診断許可回路からの診断出力を比較して診断出力の正常性を診断する比較回路を有することを特徴とする制御装置の故障診断回路。   5. A failure diagnosis circuit for a control device according to claim 4, further comprising a comparison circuit for comparing the diagnosis outputs from the multiplexed diagnosis permission circuits to diagnose the normality of the diagnosis output. Fault diagnosis circuit. 請求項1乃至5のいずれかに記載の制御装置の故障診断回路において、多重化された前記通信制御回路は、各々前記出力回路に制御信号を送信し、前記出力回路の出力は多重化出力の比較照合回路に出力され照合された後、制御信号として出力され制御対象を制御することを特徴とする制御装置の故障診断回路。   6. The failure diagnosis circuit for a control device according to claim 1, wherein each of the multiplexed communication control circuits transmits a control signal to the output circuit, and an output of the output circuit is a multiplexed output. A fault diagnosis circuit for a control device, which is output to a comparison / collation circuit and collated and then output as a control signal to control a control target. 上位装置と下位装置を有する制御装置により制御を行うシステムの制御装置であって、前記上位装置から故障診断回路を有する前記下位装置に対し故障診断を指示する制御装置の故障診断方法において、
前記上位装置からの診断指示信号を、多重化して前記故障診断回路に入力し故障診断を行うと共に、診断指示信号を多重化して故障診断の診断許可を行うことを特徴とする制御装置の故障診断方法。 In a control device of a system that performs control by a control device having a host device and a subordinate device, the fault diagnosis method for the control device instructing fault diagnosis from the host device to the subordinate device having a fault diagnosis circuit,
Failure diagnosis of a control device characterized in that diagnosis instruction signals from the host device are multiplexed and input to the failure diagnosis circuit to perform failure diagnosis, and diagnosis instruction signals are multiplexed to permit diagnosis of failure diagnosis Method. 請求項7に記載の制御装置の故障診断方法において、多重化された診断指示信号を比較し、各診断指示信号が一致した場合のみ故障診断を行うことを特徴とする制御装置の故障診断方法。   8. The failure diagnosis method for a control device according to claim 7, wherein the multiplexed diagnosis instruction signals are compared, and the failure diagnosis is performed only when the diagnosis instruction signals coincide with each other. 請求項7に記載の制御装置の故障診断方法において、多重化された診断許可信号を生成し、該診断許可信号を用いて故障診断の診断許可を行うことにより故障診断出力を監視することを特徴とする制御装置の故障診断方法。   8. The failure diagnosis method for a control device according to claim 7, wherein a multiplexed diagnosis permission signal is generated, and the failure diagnosis output is monitored using the diagnosis permission signal to monitor the failure diagnosis output. A fault diagnosis method for a control device. 請求項9に記載の制御装置の故障診断方法において、多重化された診断出力信号を比較し、各診断出力信号が一致した場合のみ、診断対象の診断を行うことを特徴とする制御装置の故障診断方法。   10. The failure diagnosis method for a control device according to claim 9, wherein multiplexed diagnosis output signals are compared, and the diagnosis target is diagnosed only when the diagnosis output signals match. Diagnosis method. 請求項7に記載の制御装置の故障診断方法において、多重化された前記診断指示信号が不一致である場合に、制御回路の故障を検出し制御装置を安全状態に移行させることを特徴とする制御装置の故障診断方法。   8. The control device failure diagnosis method according to claim 7, wherein when the multiplexed diagnosis instruction signals are inconsistent, a control circuit failure is detected and the control device is shifted to a safe state. Device failure diagnosis method. 請求項7に記載の制御装置の故障診断方法において、多重化された診断出力信号が不一致である場合に、制御装置の故障を検出し制御装置を安全状態に移行させることを特徴とする制御装置の故障診断方法。   8. The control device failure diagnosis method according to claim 7, wherein when the multiplexed diagnosis output signals do not match, the control device failure is detected and the control device is shifted to a safe state. Fault diagnosis method.
JP2010121126A 2010-05-27 2010-05-27 Failure diagnosis circuit and failure diagnosis method of control device Pending JP2011248625A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010121126A JP2011248625A (en) 2010-05-27 2010-05-27 Failure diagnosis circuit and failure diagnosis method of control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010121126A JP2011248625A (en) 2010-05-27 2010-05-27 Failure diagnosis circuit and failure diagnosis method of control device

Publications (1)

Publication Number Publication Date
JP2011248625A true JP2011248625A (en) 2011-12-08

Family

ID=45413808

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010121126A Pending JP2011248625A (en) 2010-05-27 2010-05-27 Failure diagnosis circuit and failure diagnosis method of control device

Country Status (1)

Country Link
JP (1) JP2011248625A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112526979A (en) * 2020-12-16 2021-03-19 中国兵器装备集团自动化研究所 Serial communication interface diagnosis system and method of multiple redundancy architecture
JPWO2023144923A1 (en) * 2022-01-26 2023-08-03

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112526979A (en) * 2020-12-16 2021-03-19 中国兵器装备集团自动化研究所 Serial communication interface diagnosis system and method of multiple redundancy architecture
CN112526979B (en) * 2020-12-16 2023-06-09 中国兵器装备集团自动化研究所 Serial communication interface diagnosis system and method with multiple redundancy architecture
JPWO2023144923A1 (en) * 2022-01-26 2023-08-03
JP7697060B2 (en) 2022-01-26 2025-06-23 株式会社日立産機システム Control equipment and processing equipment

Similar Documents

Publication Publication Date Title
US10229016B2 (en) Redundant computer system utilizing comparison diagnostics and voting techniques
US7877627B1 (en) Multiple redundant computer system combining fault diagnostics and majority voting with dissimilar redundancy technology
US9625894B2 (en) Multi-channel control switchover logic
US9367375B2 (en) Direct connect algorithm
CN105204431B (en) Four remaining signal monitoring means of votings and equipment
WO2017056688A1 (en) Monitoring system and vehicle control device
US10222770B2 (en) Method and apparatus for analogue output current control
CN104267713A (en) Fault detection and switching method of ATO equipment of two-machine hot standby structure
JP6222362B2 (en) Power converter
CN105988365B (en) Safety device for a burner system and corresponding burner system
CN103809429A (en) Hardware arbitration mixture redundancy intelligent controller and redundancy backup method
US20140229772A1 (en) Partial redundancy for i/o modules or channels in distributed control systems
KR101448013B1 (en) Fault-tolerant apparatus and method in multi-computer for Unmanned Aerial Vehicle
JP2011248625A (en) Failure diagnosis circuit and failure diagnosis method of control device
US9665447B2 (en) Fault-tolerant failsafe computer system using COTS components
JPH11190251A (en) Electronic control unit of internal combustion engine
US8831912B2 (en) Checking of functions of a control system having components
JP7419324B2 (en) Control device with protection module
EP3170082A1 (en) Partial redundancy for i/o modules or channels in distributed control systems
CN203759492U (en) Three-plus-one redundancy control communication bus structure for triplex redundancy control system
JP2017228159A (en) Control device and control method of control device
WO2011099233A1 (en) Multiple redundancy system
WO2024241403A1 (en) Switching device and abnormality diagnosis method
KR101808618B1 (en) High safety double structure system based railroad system
JP2012103882A (en) Monitoring device of redundant system arithmetic processing device