1. Field of the Invention
The present invention relates to electronic devices that monitor transitions in electronic process control equipment or output signals and provide automatic shutdown of critical devices in case of failure.
2. Discussion of Background and Prior Art
The increasing use of automatic electronic control in industrial processes and laboratory automation encourages operation with little or no human supervision. In the case of control failure, however, critical devices such as heaters and pumps sometimes remain turned on. With controls inoperative, the resulting temperature or pressure excursions can cause equipment damage, product degradation, and possibly the release of hazardous substances into the environment. Because newer electronic controllers are microprocessor based, they are more vulnerable to power line disturbances; hence, even brief power line disturbances can cause computer memory or program loss.
If controller failure is likely to occur, backup control or shutdown systems are often used to sense controller failure and initiate appropriate alarms. To protect a commercial industrial process, however, many such devices would need to be connected to each other and to a set of master control relays. Even so, such shutdown systems do not act promptly on main controller failure but only when process variables already exceed normal working limits. Because of the lag times between sensing controller failure and shutdown action, the variables might go still further out of bounds before corrective measures took effect.
Many types of computer systems are guarded by "watchdog timer" circuits which detect malfunctions. Such a circuit is independent of the main computer circuitry and monitors some event which takes place periodically during normal computer operation, such as a pulse or other signal transition on some well-chosen logic line. In case of computer failure, the monitored signal takes on a constant value and no transitions appear. After some predetermined length of time, the "watchdog" responds to their absence by generating a "reset" signal which--unless there is a major malfunction--sends the computer into some known state from which normal operation can be restarted.
As with computer systems, many automatic process control systems have outputs which undergo cycles of change within fairly well-defined time periods. On controller failure, these changes cease.
The absence of an expected periodic change in a well-chosen process controller output signal within an appropriately selected time limit provides a strong and very prompt indication of controller failure and foretells the possibility of equipment, product or environmental damage if critical process equipment, such as pumps and heaters, are not shut down promptly by some backup control device. However, no commercially available product is presently known which functions in a "watchdog-like" manner to shut down critical process control equipment when this occurs.