This invention relates to electrical control systems and more particularly to fault detection schemes for microprocessor systems.
When a failure in an electrical system has the potential to expose life or property to extreme danger, it is essential that the system be closely controlled. Any failure in the system or the control unit should result in immediate corrective action. Various design techniques are available when designing an electrical system which contains highly reliable control functions. These techniques include backup logic circuits, voting schemes, and special data processing techniques.
It is important that microprocessor systems used in critical control applications incorporate some means of detecting microprocessor and peripheral failures to prevent damage from a failed system. Failure detection schemes are used to force system outputs to predetermined states or to prevent any change in the system output state after detection of a failure. It is desirable to implement a failure detection scheme that adequately tests the microprocessor and at the same time does not add an unnecessary hardware or software burden to the controlled system.
U.S. Pat. No. 4,409,635, issued Oct. 11, 1983 to Kraus, discloses a microprocessor failure detection scheme. The scheme of that patent requires the microprocessor to read a fixed pattern read-only-memory (ROM) to initiate self-test routines. The resultant self-test data is fed to a comparator along with the correct output from the self-test ROM. If the microprocessor data output matches the ROM output, the comparator outputs a logic one. A correct output toggles a monostable one shot to increment a binary counter that selects another self-test routine from the ROM to be performed by the microprocessor. While the microprocessor is executing the self-test, the comparator output is zero since the previously latched data does not equal the new ROM data. When the system is operating normally, the comparator output is a square wave. This square wave is then amplified, filtered and rectified to enable an AND gate which permits microprocessor control of the system. If any part of the microprocessor system fails, the square wave from the comparator is lost and the microprocessor loses control of the system. The disclosure of U.S. Pat. No. 4,409,635 is hereby incorporated by reference.
Although the described prior art failure detection scheme adequately tests the microprocessor system and removes control of the system upon a failure, the hardware and overhead associated with the scheme is excessive. That circuit requires a dedicated read-only-memory, a comparator, a monostable pulse generator, a binary counter, an amplifier, a bandpass filter and a full wave rectifier to implement the failure detection scheme. It is therefore desirable to develop a fault detection scheme which can be implemented with a smaller number of hardware components.