The present invention pertains to a device and method for providing a single microprocessor based control architecture which provides an inherent self-test capability of sufficient rigor to insure that the structure is free of critical failures.
In recent years, microprocessors have begun to be used in almost all sectors of electronic equipment design. This trend has evolved because the microprocessors are versatile, low-cost, easy-to-use and powerful. There are many areas of electronics which have not been able to utilize microprocessors. These areas include command and control applications which require extreme reliability or the ability to detect and inhibit improper operation of the system or a critical portion of the system. The general difficulty stems from the self-contained nature of a microprocessor which makes it very difficult to determine, via self-test, whether the processor and its associated support devices (RAM, ROM, etc.) are operating properly.
A previous solution to this problem has been to design two completely separate microprocessor systems which execute identical programs concurrently and verify proper operation via comparison techniques on selected outputs of the two systems. This method has significant drawbacks including the expense of duplicating all the functions of the system including the microprocessor, RAM, ROM, and input/output functions plus the cost and complexity of comparison circuitry. Another difficulty with duplicating processors is the problem of synchronization of the two microprocessors. The microprocessors must be synchronized so that the compared outputs of the two systems occur at the exact same time. If they do not occur simultaneously, the comparison logic will declare an error. Therefore, circuitry must be provided to insure the synchronization of the microprocessors. Adequate precautions must also be taken to provide immunity to powerline transients.