The present invention relates to an apparatus and method of relay fault detection, and more particularly, to an apparatus and method of detecting faults in a relay network, including relays used for switching redundant or back-up equipment of a system in the event of an error, while the system is performing its normal and intended function (i.e., on-line).
Process Control Systems with backup process controllers such as described and claimed in U.S. Pat. No. 4,133,027, issued to J.A. Hogan on Jan. 2, 1979, and U.S. Pat. No. 4,141,066, issued to Y. Keiles on Feb. 20, 1979, include a backup controller having a dedicated Random Access Memory (RAM) and a dedicated Read-Only Memory (ROM). The back-up controller is essentially idle or can be doing some background tasks, but not tasks relating directly to the process control function. Upon detection of a failure of one of the primary process controllers, the data stored in the RAM of the failed controller must be transferred to the RAM of the backup controller to perform the operations of the primary controller. These systems describe a 1:N redundancy system.
Existing systems, such as that described in U.S. Pat. application, Ser. No. 07/299,859, filed on Jan. 23, 1989, and assigned to Honeywell Inc., the assignee of the present application, provide for a 1:1 redundancy system, whereby the data base of a secondary device (i.e., secondary or backup controller) is updated periodically such that the updating process is transparent to the primary functions and does not tie-up (or penalize) CPU or processor performance and utilizes a minimum amount of time. When a failover condition occurs, there is a period of time when no communications can take place (i.e., an outage) between the primary controller and the remainder of the system.
Previously, a relay switch was controlled by a single microprocessor. If more than one relay switch was required (due to the number of contacts required), then multiple outputs from that microprocessor were used. Multiple inputs were also returned to the microprocessor to detect faults.
Thus there is provided by the present invention an apparatus and method which provides for the detection of faults of relay switching circuits which might otherwise go undetected and thereby preventing the proper operation of relay switch circuits. In the present invention, control of the relay switch circuits is shared by two microprocessors, each microprocessor having only one output and one input to the relay switch circuit, thereby minimizing interconnection which limit fault propagation and minimizes interconnection costs.