Many control systems have independent protection devices. For example. engine control systems, and particularly multi-channel engine control systems, include overspeed detection systems that detect the occurrence of an overspeed within an engine and trigger an action in response to detecting an overspeed to mitigate the overspeed condition.
Protection systems often include redundancy, such that no single point failure in the protection system causes the plant to be unable to protect against an event. Furthermore, protection systems are also designed such that no single point failure inadvertently shuts down the plant. Typically plant control systems use two dedicated plant control-function independent hardware overspeed devices to detect and respond to overspeed conditions. These systems can fail to protect against overspeed if one of the two protection devices fails.
In other systems that use a primary control to supplement the protection devices, the protection devices are hardware devices that lack flexibility in self-testing or in changing the implementation. Furthermore, the prior art shared a microprocessor bus between the primary controller and the protection device.