This invention relates to fail-safe devices for electronic control circuits of the type described in Bala et al. U.S. Pat. No. 4,398,233 and having the same assignee as the present application.
The use of electronic control circuits is widespread in the prior art and is becoming even more wide spread as the cost and size of electronic components decreases and the power of these components increases. Such circuits have been used to control devices as varied as microwave ovens, industrial robots, chemical processing facilities, industrial furnaces, medical life support systems, and spacecraft, such as the Space Shuttle. As the responsibility entrusted to such circuits increases, so does the need that such circuits be fail-safe. For example, if the control circuit of a large industrial furnace used in an electric power plant fails to cut off the supply of fuel to the burner of that furnace after its flame has gone out, an explosion could result that would do millions of dollars worth of property damage and that could kill many lives. Thus, it is important to design electronic control circuitry in such a way so that if it should fail it will do so in a manner that is safe.
A fail-safe control circuit is disclosed in Bala et al. U.S. Pat. No. 4,398,233 which controls the power to controlled circuitry by only providing power when a fail-safe signal is within a predetermined frequency range. If the circuitry generating the fail-safe signal should fail, the frequency of this signal would likely differ from the predetermined frequency range and the power would be turned off. A microprocessor is provided for monitoring the operating conditions. If an undesirable operating condition should arise, the microprocessor would cause the fail-safe device to lock out power from the control circuitry. However, if there was a temporary external power loss, the microprocessor's memory of the undesirable operating condition would be lost. Upon return of the external power the microprocessor will operate from a clean slate and supply power to controlled circuitry even if there was an undesirable operating condition present prior to the power shut off. This could lead to a dangerous or even catastrophic event.
Furthermore, if a short circuit was present in the controlled circuitry, the etching on the circuit boards of the fail-safe device could get damaged when power is turned on thereby disabling the device. Still further a negligent use could defeat the fail-safe features by continually holding or jamming in the reset button.