A typical microprocessor operated system controller includes a microprocessor for executing a main program comprised of an instruction code, a read only memory (ROM) for storing the program, a series of random access memory registers (RAM) for use by the microprocessor during the execution of the program, and an input/output interface for providing information to the microprocessor and control signals from the microprocessor to the working loads acted upon by the system controller.
One of the advantages of the typical microprocessor operated system controller lies in its ability to respond to real time changes in the working loads controlled by the system controller. However, because of this real time response, it is desirable and in many cases necessary to insure proper ongoing operation of the system controller to prevent costly and potentially hazardous failures of the systems controlled. For example, it is often desirable to link microprocessor operated system controllers for air conditioning systems to centralized building control systems for minimizing or preventing the spread of fire in a building. Measures have been taken in prior art microprocessor lockup due to an electrical system disturbance or controller component failure. These measures have typically included the provision of an external timer to periodically reinitialize the microprocessor and restart the main program or to provide multiple timers activated by separate portions of the main program whereby the failure of the microprocessor to execute one or more of the software units would permit a timer to expire and reinitialize the microprocessor.
These systems have the disadvantage of providing single point control, i.e. providing control of the reinitialization process from a single point. For example, microprocessor controls having a single hardware watchdog timer will not be properly initialized in the event of the failure of the hardware timer. Conversely, units having timers dependent upon proper software operation in the microprocessor will not properly reinitialize in the event of a failure in the microprocessor which causes the timer restart signals to be sent continuously or in the event of a failure of the clock driving the timers. Providing redundancy in such a system to prevent the foregoing failures becomes prohibitively expensive and, as the number of components is increased to account for these 0 potential failures, increasingly subject to failure simply due to the additional number of components in the system.
Therefore, it is an object of the present invention to provide a method of insuring proper operation of a microprocessor operated system controller which is simple and reliable.
It is a further object of the present invention to provide such a method which minimizes the required number of components to properly perform its function.
It is yet a further object of the present invention to provide such a method which is cost effective and susceptible to use in mass produced system controllers.
It is still a further object of the present invention to provide such a method of operating a system controller to insure the functionality of the various parts-of the system controller.
These and other objects of the invention will be apparent from the attached drawings and the description of the preferred embodiment that follows hereinbelow.