System and method for fail-safe provision of an analog output value
11150624 ยท 2021-10-19
Assignee
Inventors
Cpc classification
G01R19/252
PHYSICS
G05B2219/14012
PHYSICS
G05B2219/21168
PHYSICS
International classification
G01R19/252
PHYSICS
G05B19/05
PHYSICS
Abstract
A method for fail-safe provision of an analog output value for a control process designed for functional safety, wherein the output value is specified by a control unit as a digital output value and, in a first step, the digital output value is converted into the analog output value via a converter, in a second step, the analog output value is converted into a fail-safe digital output value using fail-safe criteria via a read-back device and, in a third step, the originally provided digital output value is compared with the converted fail-safe digital output value, where in the event of the comparison revealing a deviation or of a plausibility criterion being infringed, a safety action is performed, otherwise, the analog output value is output to the control process with the aid of a release device.
Claims
1. A method for fail-safe provision of an analog output value for a control process to provide functional safety, wherein the output value is specified by a control unit as a digital output value, the method comprising: converting the digital output value into the analog output value via a converter comprising an analog output assembly; converting the analog output value into a fail-safe digital output value utilizing fail-safe criteria via a read-back device comprising an analog input assembly which provides functional safety; comparing an originally provided digital output value with the converted fail-safe digital output value, in an event of the comparison revealing one of (i) a deviation and (ii) a plausibility criterion being infringed, a safety action being performed, otherwise, the analog output value being output to the control process aided by a release device comprises a digital output assembly which provides functional safety; wherein the fail-safe digital output value is provided to the control unit and compared with the digital output value in the control unit.
2. The method as claimed in claim 1, wherein the control unit comprises a programmable logic control system configured to provide functional safety with a safety program.
3. The method as claimed in claim 1, wherein the method is implemented to apply a fail-safe analog regulation process.
4. A system for fail-safe provision of an analog output value for a control process to provide functional safety, the system comprising: a control unit which specifies a digital output value; a converter which converts the digital output value into the analog output value; a read-back device which converts the analog output value into a fail-safe digital output value utilizing fail-safe criteria; a release device which is configured to output the analog output value to the control process if an originally provided digital output value conforms to the converted fail-safe digital output value; wherein in an event of one of (i) non-conformity and or of a plausibility criterion being infringed, a safety action is performed by the control unit, otherwise, the analog output value is output to the control process aided by the release device; and wherein the converter comprises an analog output assembly, the read-back device comprises an analog input assembly which provides functional safety and the release device comprises a digital output assembly which provides functional safety.
5. The system as claimed in claim 4, wherein the control unit compares the originally provided digital output value with the converted fail-safe digital output value and, in an event of one of (i) the comparison revealing a deviation and (ii) a plausibility criterion being infringed, a safety action is performed by the control unit, otherwise, the control unit causes output of the analog output value to the control process aided by the release device.
6. The system as claimed in claim 5, wherein the control unit is configured as a programmable logic control system which provides functional safety with a safety program.
7. The system as claimed in claim 4, wherein the control unit is configured as a programmable logic control system which provides functional safety with a safety program.
8. The system as claimed in claim 4, further comprising: a dual-channel tester which compares a fail-safe digital output value provided via a first channel with the originally provided digital output value and in addition compares a fail-safe digital output value provided via a second channel with the fail-safe digital output value of the first channel; wherein the read-back device comprises the first channel and the second channel and is arranged in a fail-safe analog output module.
9. A method for fail-safe provision of an analog output value for a control process which provides functional safety, wherein the output value is specified by a control unit as a digital output value, the method comprising: converting the digital output value into the analog output value via a converter; converting the analog output value into a fail-safe digital output value utilizing fail-safe criteria via a read-back device; comparing an originally provided digital output value with the converted fail-safe digital output value, in an event of the comparison revealing one of (i) a deviation and (ii) a plausibility criterion being infringed, a safety action being performed, otherwise, the analog output value being output to the control process aided by a release device; wherein the fail-safe digital output value is generated by the read-back device via two channels and the fail-safe digital output value generated via a first channel is compared with the originally provided digital output value, and the fail-safe digital output value generated via a second channel is additionally compared with the fail-safe digital output value of the first channel.
10. A system for fail-safe provision of an analog output value for a control process designed for functional safety, the system comprising: a control unit which specifies a digital output value; a converter which converts the digital output value into the analog output value; a read-back device which converts the analog output value into a fail-safe digital output value utilizing fail-safe criteria; a release device which is configured to output the analog output value to the control process if an originally provided digital output value conforms to the converted fail-safe digital output value; wherein in an event of one of (i) non-conformity and or of a plausibility criterion being infringed, a safety action is performed by the control unit, otherwise, the analog output value is output to the control process aided by the release device; and wherein the fail-safe digital output value is generated by the read-back device via two channels and the fail-safe digital output value generated via a first channel is compared with the originally provided digital output value, and the fail-safe digital output value generated via a second channel is additionally compared with the fail-safe digital output value of the first channel.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) The drawing shows two different exemplary embodiments of the invention, in which:
(2)
(3)
(4)
DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS
(5)
(6) The fail-safe digital output value AWf.sub.d generated by the fail-safe analog input assembly B is provided to the control unit D, which compares the originally provided digital output value AW.sub.d with the converted fail-safe digital output value AWf.sub.d. In the event of the comparison revealing a deviation or of a plausibility criterion being infringed, a safety action is performed. Otherwise, the analog output value AW.sub.a is output to the control process with the aid of a release device arranged in a fail-safe digital output assembly C. Accordingly, the release device or the fail-safe digital output assembly C is configured to forward the analog output value AW.sub.a to the control process when instructed by the control unit D, for example, by a switch via a triggering device 10.
(7) For digital-to-analog conversion, the analog output assembly A comprises a digital-analog converter D/A including an amplifier and level adaptation. For reconversion from an analog value into a digital value, the fail-safe analog input assembly B comprises a fail-safe analog-digital converter F-A/D including level adaptation. In the fail-safe digital output assembly C, which can, on the one hand, be configured as a fail-safe digital output or as a fail-safe relay output, the release device is formed as a(logic) triggering device 10, which comprises or can trigger two series-connected switches to forward the analog output value AW.sub.a.
(8)
(9) The control unit D again provides a digital output value AW.sub.d, which is guided by the control unit D via a backplane bus RWB in the fail-safe analog output module F-AO. The fail-safe analog output module F-AO now comprises a first triggering device 11 and a second triggering device 12 as release device. The first and second triggering devices 11,12 are embedded in a dual-channel tester 13. The fail-safe analog-digital converter F-AD provides a fail-safe digital output value AFfd via a first channel 21 and via a second channel 22 in each case.
(10) The dual-channel tester is configured to compare a fail-safe digital output value AWf.sub.d provided via the first channel 21 with the originally provided digital output value AW.sub.d and, in addition, to compare a fail-safe digital output value AWf.sub.d provided via the second channel 22 with the fail-safe digital output value AWf.sub.d of the first channel 21.
(11) If a valid analog output value AW.sub.a is present, the first triggering device 11 can close a switch to forward the analog output value AW.sub.a. After verification of the digital output value AW.sub.d provided digitally via the first channel 21 with the digital output value AW.sub.d provided via the second channel 22, the second triggering device 12 can close the second switch to output the analog output value AW.sub.a and, hence, the analog output value AW.sub.a can be sent to the actuator with an analog interface. For the verification, the first and the second triggering devices 11, 12 comprise a comparator connection 14. If one of the two comparisons fails, not only is the output value AW.sub.a not released, but in addition a diagnostic message Diag is sent to the control system D.
(12)
(13) Next, the analog output value AW.sub.a is converted into a fail-safe digital output value AWf.sub.d utilizing fail-safe criteria via a read-back device, as indicated in step 320.
(14) The originally provided digital output value AW.sub.d is now compared with the converted fail-safe digital output value AWf.sub.d, as indicated in step 330. In an event of the comparison revealing either a deviation or a plausibility criterion being infringed, a safety action being performed, otherwise, the analog output value AW.sub.a being output to the control process aided by a release device.
(15) Thus, while there have been shown, described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.