MONITORING OF FAILURE TOLERANCE FOR AN AUTOMATION INSTALLATION

摘要

A method for monitoring failure tolerance for an automation installation is disclosed. The automation installation operates a process via a controlled system. At least two control apparatuses alternately regulate the controlled system in a control mode by outputting control outputs and failure of the currently regulating control apparatus prompts changeover to another of the control apparatuses. During the changeover, the controlled system continues to be operated in controller-less fashion for a down time. At least one operating point for the controlled system that is possible in control mode is ascertained. Controller-less operation is respectively simulated for each operating point for the duration of the down time. A state trajectory setting out from the operating point is ascertained for the controlled system and a check is performed to determine whether the state trajectory fails to meet a predetermined safety criterion. A predetermined protective measure is initiated to avoid the operating point.