A fail safe programmable logic controller

To architecturally support the programming of safety related control applications in the graphical language function block diagram and the verification of such software meeting the requirements of Safety Integrity Level SIL 3, a dedicated, low complexity execution platform is presented. Its hardware is fault detecting to immediately initiate emergency shut-downs in case of malfunctions. With their low processing speeds, currently available fail safe comparators constitute bottlenecks and, in case of malfunctions, do not distinguish between comparison errors and comparator errors. To solve these problems, a novel fail safe comparator of two binary inputs is presented, which does not only indicate a result, but also its status. Built in a modified CMOS technology, it can match the execution speed of digital computers. In contrast to all earlier designs of fail safe comparators, by employing ternary logic it provides three different output values, allowing to distinguish between the three indications "inputs equal and comparator working properly," "inputs unequal and comparator working properly" as well as "comparator malfunctioning." By design, there is no semantic gap between the programming and machine execution levels of the controller, enabling the safety licensing of application software by extremely simple, but rigorous methods, viz., diverse back translation and inspection. Operating in a strictly periodic fashion, the platform exhibits fully predictable real time behaviour.