Method for verifying an application program in a failsafe programmable logic controller, and programmable logic controller for performing the method

摘要

A method and a programmable logic controller (SPS) for verifying an application program in a failsafe programmable logic controller, wherein a signature (desired value) is generated using program modules or a complete application program when creating a program, and a copy of the signature is stored in the programmable logic controller and in an external component, respectively. Before the safety-oriented application program is started, the copy of the signature stored by the programmable logic controller is transmitted to the external component and is compared with the copy in the external component. In a further comparison, a signature (actual value) is generated using the content of the main memory of the programmable logic controller and using the actually loaded application program and is then compared with the local copy of the desired value of the signature. Starting of the actual application program is enabled only when both comparisons are positive.

主权项

1. A method for verifying an application program in a failsafe programmable logic controller, the application program consisting of a plurality of program modules transmitted from a load memory to a main memory, the method comprising:
forming, as a desired value, a signature using one of the application program and the plurality of the program modules when creating the application program, a first copy of the formed signature being transmitted to the failsafe programmable logic controller and being stored in the failsafe programmable logic controller, and a second copy of the formed signature being stored in an external component; transmitting the first copy of the formed signature to the external component and comparing the transmitted first copy of the formed signature with the second copy of the formed signature by a second comparison after at least one of the application program and the first copy of the formed signature is transmitted to the failsafe programmable logic controller; determining, as an actual value, a second signature from one of the application program in the main memory and the plurality of the program modules transmitted to the main memory by a management entity of the failsafe programmable logic controller; comparing the determined second signature with the first copy of the formed signature by a first comparison of the programmable logic controller; and changing the programmable logic controller to a safe operating state in an event of at least one of a discrepancy in the first comparison and a discrepancy in the second comparison; wherein the second signature determined as the actual value is transmitted to the external component, a device of the external component performing a further comparison with the second copy of the signature stored in the device as the desired value, operation of the application program in the programmable logic controller being enabled in an event of a positive result of the further comparison.