The invention relates to data processing system safety output circuits which monitor plural binary signals. A clock pulse generator is employed to control a gate stage for each signal path. Monitoring is provided to check correct equivalence of the signals.
In many technical areas, electronic switching units are being used to an increasing extent for the control of alternating sequence processes. These include in particular many devices which are now in common commercial use, such as microcomputers. These devices and other process computers cannot be readily applied to railway traffic safety systems or to the safeguarding of nuclear installations. In these system applications, special demands are made on the reliability of the data processing. Human lives may be dependent upon the correct operation of these systems. As a rule such systems are constructed in such a way as to ensure that component faults should never result in jeopardizing safe operation, but only lead at the most to inhibition of operation. With respect to railway safety this means that there is always a switch-over to a lower energy level upon any malfunction, so that, for example, the speed of a train is reduced, or a departure is cancelled. In this way, in the event of any sort of fault in the controlling devices, it is possible to bring these into a state which prevents harm to human beings or damage to machines.
In order to be able to recognize a fault within a switching unit promptly, it is possible to use double channel systems or plural channel systems. In the case of double systems emplying safety output circuits of the type described in the introduction, the control mechanisms are constructed in such a way that when a deviation occurs within one of two channels, the associated clock pulse supply is immediately disconnected so that no signals likely to result in any danger can be emitted.
Double systems of this kind can consist of a single micro-computer which in operation facilitates a two-channel output by means of diversity programs. However a multi-channel data processing system can consist of separate micro-computers which each process the same items of information.
A typical data processing system safety output circuit of the type described in the introduction is described in U.S. Pat. No. 4,149,069, incorporated herein by reference. It is particularly suitable for control units responsible for safety, e.g. in nuclear material medical fields, so that in the event of a defect, radiation output is interrupted. In motor car control systems it is possible to construct a reliable radar controlled distance warning system or a reliable control for skid-free braking. The known safety output circuit can also be used in traffic light control systems, large-scale chemical processes, rolling mill control systems, power station control systems, and in controlling nuclear processes. In the known safety output circuit the switching components which possess storage and logic-linking facilities are not required to be constructed in accordance with fail-safe principles, so that normal, commercially available circuit components are sufficient. However in more sophisticated systems comprising a plurality of output channels, the increased number of circuit components required for output require a relatively large amount of space.