Over the years, a number of ways have developed for the design and construction of control devices using mechanical and electromechanical equipment that have proved to be safe and reliable in operation. These types of devices have been used for many years in the control of equipment that can create unsafe conditions if a failure occurs. An example of this type of equipment is a burner control system that is operated under the supervision of units that generically are referred to as flame safeguard systems. In this burner control art it is essential that upon certain types of failures that the fuel valve to a fuel burner be closed. The failure of a flame safeguard control system to operate properly can lead to a situation in which a fuel valve is left open when no flame exists, and a fuel-burning chamber can be loaded with fuel. This fuel can then accidentally be ignited causing an explosion. This type of failure can generally be guarded against in the existing technology of flame safeguard systems by utilizing safety checking types of circuits that repetitively simulate the absence of flame and then check for the presence of flame. These types of systems then repetitively charge and discharge a capacitive series arrangement to hold in a control relay that in turn energizes the fuel valve. This type of closed loop safety system has been used for a number of years, and is generally considered to be quite reliable.
In recent years, the conventional electromechanical and electronic types of control systems, including flame safeguard control systems, have been displaced by electronic control systems of the digital type that utilize microprocessors or microcomputers as the heart of the condition responsive control circuit means. The use of digital logic including microcomputers and microprocessors leads to many benefits in that more sophisticated and fuel efficient types of control systems can be developed. The detriment of the use of digital logic and microcomputers or microprocessors is that circuit failures within the digital equipment can occur and result in an unsafe mode of operation of the overall control system.
The normal technique for verifying the operation of a computer-type of microprocessors or microcomputer arrangement is in the use of dual processors. In this case, one computer or processor is programmed to check up on the other processor or computer, and vice versa. This redundancy allows for the detection of a malfunction, and allows the healthy processor or microcomputer to take the necessary corrective action in the event of a failure of the other of the dual elements. The use of dual microcomputers or microprocessors is a very expensive and complex technique for generating a safe operating control system. It is essential for the practical application of safety control systems, such as the flame safeguard control systems, that a reliable and less expensive approach be developed.