This invention relates to fault tolerant control systems, and, more particularly, to fault tolerant systems using multiple processors and output components configured such that a single fault will not lead to an incorrect load state.
Industrial control systems employ the measurement and acquisition of process quantities or states through instrumentation circuits interfaced to a processor via appropriate input modules. These field measurements are analyzed by a stored program within the processor which is executed periodically. The program is designed such that output control actions are generated to influence the process to the desired state in response to specific input conditions. Output modules connected to the processor convert the control actions of the stored program to voltage levels appropriate to the loads under control. In such control systems, it is desirable to provide a level of protection or assurance to increase the likelihood of continued system operation in the event of a component failure. Fault tolerant systems have traditionally been designed using special purpose, custom circuits with limited application. This has impeded the adoption of economy of scale in the manufacture of the components of these systems. Resultant high costs of production has limited their appeal in the general control market.
One example of a prior art fault tolerant system providing redundant output circuit design is shown in U.S. Pat. No. 4,868,826 where fault tolerant operation is achieved by connecting two output modules in parallel to a load. Each module is a custom design with two series outputs and two separate voters. The fault detection feedback circuit for each output is isolated from the load via a series diode, limiting its diagnostic scope to the components of the output module. Failures in the output wiring to the load, or of the load itself, cannot be detected due to the blocking action of the diode. Since the design of the module is specific to fault tolerant control, it does not achieve the sales volume of a truly general purpose input or output module as used in the programmable control industry. Hence, its manufacture is optimized for relatively low volume, high cost techniques.