GB2243453A - Testing logic circuits - Google Patents

Testing logic circuits Download PDF

Info

Publication number
GB2243453A
GB2243453A GB9009555A GB9009555A GB2243453A GB 2243453 A GB2243453 A GB 2243453A GB 9009555 A GB9009555 A GB 9009555A GB 9009555 A GB9009555 A GB 9009555A GB 2243453 A GB2243453 A GB 2243453A
Authority
GB
United Kingdom
Prior art keywords
logic
pulse
response
output device
period
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9009555A
Other versions
GB9009555D0 (en
Inventor
Richard C Marshall
Philip D Hockley
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PROTECH INSTR AND SYSTEMS Ltd
Rotork Instruments Ltd
Original Assignee
PROTECH INSTR AND SYSTEMS Ltd
Rotork Instruments Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PROTECH INSTR AND SYSTEMS Ltd, Rotork Instruments Ltd filed Critical PROTECH INSTR AND SYSTEMS Ltd
Priority to GB9009555A priority Critical patent/GB2243453A/en
Publication of GB9009555D0 publication Critical patent/GB9009555D0/en
Publication of GB2243453A publication Critical patent/GB2243453A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/28Testing of electronic circuits, e.g. by signal tracer
    • G01R31/317Testing of digital circuits
    • G01R31/3181Functional testing
    • G01R31/319Tester hardware, i.e. output processing circuits
    • G01R31/3193Tester hardware, i.e. output processing circuits with comparison between actual response and known fault free response
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/28Testing of electronic circuits, e.g. by signal tracer
    • G01R31/30Marginal testing, e.g. by varying supply voltage
    • G01R31/3016Delay or race condition test, e.g. race hazard test
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs

Abstract

In a logic system comprising an input conditioning circuit (05), combinational logic (07), and a power amplifier solid- state output relay (09), signal paths through the logic are verified by injecting (11) a test pulse into an input filter (03, 04) and checking for its arrival at the output with an indicator (15). The test pulse duration is shorter than the response time of a solenoid load (10). The test process may be computer-controlled. <IMAGE>

Description

IN-8ERVICE TESTING OF LOGIC SYSTEMS This invention relates to methods and apparatus for the testing of binary digital logic systems whilst they are in operational service.
In order to protect industrial manufacturing processes and distribution equipment, the human race and the environment from damage by fire, explosion and similar hazards, it is customary to provide emergency shutdown arrangements that include sensors that monitor critical temperatures and pressures, and which upon detecting dangerous situations cause protective measures to be taken, for example, by opening valves to release excessive pressure. Such arrangements include logic systems that function automatically to take the most appropriate output measures in response to each pattern of inputs from the sensors.
Logic systems for this purpose may be constructed from electro-mechanical relays, from combinational solidstate electronic logic circuits, or from programmable digital computers. The reliability of such logic, in the sense of its availability to act upon the demand to shut down the process in an emergency, is of paramount importance because of the safety-critical nature of the application, and for this reason combinational electronic logic is often preferred.
However there is still the possibility that the logic will fail, and so a need to minimise the associated risk. Prior methods have included arrangements that periodically disconnect the logic from the process, test it, and then reconnect it. These have the disadvantages that the process is not automatically protected whilst testing is being carried out, and that the act of reconnection is itself difficult to test. Another prior method is to construct special logic elements in which all possible component failures lead to immediate shutdown of the plant, rather than remaining as a concealed inability to shutdown upon demand. This leads to complex logic with an inherently high rate of spurious shutdown that may result in large financial loss to the owner of the process.Consequently there is a need for a way of increasing the availability of logic systems that does not increase the complexity of the safetycritical logic, and does not require the logic to be disconnected from the process during the test. Furthermore it is desirable that testing may proceed without need of human involvement, particularly in the case of un-manned facilities such as maritime oil-platforms.
According to the present invention there is provided a method and apparatus for testing the integrity of a path through a binary digital logic system whose response is faster than that of the output device to which it is attached, said method comprising complementing an input logic level for a period of time shorter than the output device response time and verifying that the logic level directed to said output device is consequently complemented.
An embodiment of the invention will now be described by way of example with reference to the accompanying drawing, in which : Figure 1 shows in schematic form a safety critical logic system incorporating the basic invention.
Figure 2 shows in schematic form details of a solid-state relay forming part of an enhanced embodiment.
Figure 3 shows in schematic form how a computer may be connected.
In figure 1 a single contact 01 is shown as an example of the many contacts associated with sensors responsive to the pressure, temperature, or level of elements of the process to be protected. This contact is arranged to be closed when the process is in its normal operating state, and to open when a potentially dangerous situation arises. This contact forms part of a path from a voltage V1 via interference-reducing components 02, 03, and 04 to a comparator and level-shifter 05, whose output, together with those of the similar paths 06 from the other contacts, is connected to the combinational logic system 07.This may consist of 'and', 'or', 'invert' and other functions implemented with schottky or CMOS integrated circuits or with discrete diode transistor components, and its function is to determine the most appropriate shut-down actions for any pattern of input data. A number of outputs 08 are provided, and connected via power amplifiers, otherwise described as solid-state relays, such as that shown as 09, which is arranged to hold the solenoid 10 energised whilst the process is operating normally. When it is required to shut-down the process the appropriate solenoid is deenergised, typically causing pressure to be released.
To practise the present invention, advantage is taken of the relatively slow response of electromechanical solenoids compared with the speed of electronic circuits.
Such solenoids typically require 20 to 40 milliseconds to move from one position to the other position, and so it is practicable to test paths such as that from the filter 03 to and including the solid-state relay 09 by injecting into the filter an electrical pulse of such polarity and amplitude as to drive the circuit into the 'shutdown' condition for about one millisecond, and detecting the arrival of this pulse at the solenoid terminals. This may be achieved by a monostable pulse generator 11 whose negative-going output is impressed across a small resistor 12 in series with the filter capacitor 04.Other injection arrangements are within the scope of the invention, but this is a preferred method because it provides some coverage of faults in the input filter, and because the value of coupling capacitor 13 may be chosen to ensure that no single fault in the test circuit can extend the test pulse to such a duration that the process is shut down unnecessarily. The pulse may be initiated by a push-button 14 or by a digital computer as will be described later.
The detection of the pulse dispatched to the solenoid 10 is achieved by monitoring the voltage across the solidstate switch 09, since whilst the switch is open for the duration of the pulse this voltage will change from a very low value to a higher value which will be approximately equal to the supply if the solenoid has a purely resistive impedance and greater than the supply voltage if the impedance has an inductive component. In the latter case the monitoring circuit may detect this excess and so verify the actual presence of the inductive load. In figure 1 the monitoring device is shown as an indicator lamp 15, and the duration of the voltage pulse applied to it is increased by the capacitor 16 and the diode 17. If the lamp is a light- emitting galliumarsenide diode then the pulse need only be extended to about 10 milliseconds to obtain adequate visibility without excessive power dissipation. If a computer is used in place of the indicator as will be described later, then the monitor pulse duration may be further extended to facilitate the collection of this data by the computer. It will be seen that the integrity of the logic path shown may be verified by operating the button 14 and observing that lamp 15 flashes.
In some applications it may be necessary to operate the solenoid 10 from a supply that is galvanically isolated from the logic, and yet connect the indicator 15 to the logic supply and ensure that it will operate correctly independently of the solenoid supply. In this case the arrangement shown in figure 2 may be used in place of the corresponding elements of figure 1. In figure 2 the solid-state switch 09 comprises an oscillator 9a, an isolating transformer #9b, and a rectifier and filter 9c providing the gate drive to turn on an enhancement-mode power MOSFET semiconductor switch 9d. The invention provides an additional rectifier 18 whose output voltage V3 is stored on the capacitor 19.V3 is less than the solenoid supply voltage V4 so that current can only flow through the resistor 20, the blocking diode 21, and the light-emitting diode of the optocoupler 22 if the MOSFET 9d is conductive. During the period of the test pulse the MOSFET 9d should be open-circuit: This will be confirmed if the optocoupler 22 is then de-energised, since charge stored on the capacitor 19 will energise it if the path through 9d remains closed. The negativeedge triggered monostable 23 will provide an extended pulse to the indicator 15 if 9d is momentarily opencircuited.
Safety-critical logic systems may employ redundant logic configurations in which a number of independent paths are combined in output voting logic to determine the action required. The present invention is applied to such systems by testing the outcome of various combinations of inputs. For example, the process may be shutdown only if 2 or more of 3 paths indicate that this is necessary. In this case each of the three paths may be individually pulse-tested to ensure that there is no effect on the voted output, and then pairs of paths may be simultaneously tested to ensure that the output is complemented. Output voting logic as described above is commonly formed from relay contacts connected in series-parallel.The present invention provides for the testing of each solid-state relay contact in such a series-parallel configuration for output voting by the arrangement already described in relation to figure 2.
Whist in many instances an adequate improvement in availability is provided by manual testing as described above, there are situations where lack of manpower or need of frequent testing mandates that testing be automated. This may be accomplished as shown in figure 3, where prior references are used for like functions but the input buffers and output relays associated with the logic inputs and outputs of various channels of the system are shown only in outline form and are referenced as 24a, 24b, 24c, and 25a, 25b, 25c respectively. The test switches such as 14 of figure 1 are replaced or supplemented by connections 26 from the output interface of computer 27, and the indicators such as 15 of figure 1 are replaced or supplemented by connections 28 to the computer input interface. The computer program is thus able to initiate a sequence of test initiation pulses and compare the resulting output pulses with the expected pattern corresponding to the configuration of the logic 07 that is stored as a table in the computer memory. VDU and keyboard 29 allow program entry and modification as well as detailed analysis of results.
An alarm output 30 may also be provided. Multitasking software may be used to allow the collection of process data concurrently with the test sequence.

Claims (12)

  1. What we claim is; 1) A method for testing the integrity of a path through a binary digital logic system whose response is faster than that of the output device to which it is attached, said method comprising complementing an input logic level for a period of time shorter than the output device response time and verifying that the logic level directed to said output device is consequently complemented.
  2. 2) A method according to claim 1 in which redundant paths are additionally tested by simultaneously complementing the logic levels of two or more of the inputs of said redundant paths.
  3. 3) A method according to claims 1 or 2 in which the process of complementing said inputs is controlled by digital computing means that includes a database of the expected responses of said outputs and means to compare said expected responses with the actual responses so as to verify the correctness of function of a plurality of paths through said system.
  4. 4) A method according to any of the above claims in which said complemented output response is connected to monitoring means which increase the duration of the response so as to facilitate its detection.
  5. 5) A method according to any of the above claims in which said logic includes a solid-state relay, the operation of whose output circuit is monitored using a power circuit that includes storage so as to allow use of a source that is not available during said period of complementary logic level.
  6. 6) Apparatus for testing the integrity of a path through a binary digital logic system whose response is faster than that of the output device to which it is attached, said apparatus including pulse injection means connected to an input circuit of said system, said means being adapted to complement the signal received by said input circuit for a period less than the response time of said output device, and also including pulse detecting means connected to an output circuit of said system.
  7. 7) Apparatus according to claim 5 in which a plurality of said pulse injection means are adapted to complement simultaneously two or more input circuits that form part of a redundant logic system.
  8. 8) Apparatus according to claims 5 or 6 in which said input circuit includes a low-pass filter comprising a series resistor or inductor and a shunt capacitor, and in which said pulse injection means act in series with said filter capacitor.
  9. 9) Apparatus according to claims 5, 6 or 7 in which said pulse injection means include two distinct arrangements to limit the period of said pulse, each arrangement alone being capable of limiting said period to a value less than the response time of said output device.
  10. 10) Apparatus according to claim 5 in which said pulse detecting means are adapted to increase the duration of the response to said pulse so as to facilitate its detection.
  11. 11) Apparatus according to claims 5, 6, 7, 8, or 9 in which said pulse injection means are controlled by digital computing means that include a database of the expected responses of said outputs and means to compare said responses with those of said pulse detecting means and indicate the correctness of function of paths through said system.
  12. 12) Apparatus substantially as described herein with reference to figures 1, 2, or 3 of the accompanying drawing.
GB9009555A 1990-04-27 1990-04-27 Testing logic circuits Withdrawn GB2243453A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9009555A GB2243453A (en) 1990-04-27 1990-04-27 Testing logic circuits

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9009555A GB2243453A (en) 1990-04-27 1990-04-27 Testing logic circuits

Publications (2)

Publication Number Publication Date
GB9009555D0 GB9009555D0 (en) 1990-06-20
GB2243453A true GB2243453A (en) 1991-10-30

Family

ID=10675138

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9009555A Withdrawn GB2243453A (en) 1990-04-27 1990-04-27 Testing logic circuits

Country Status (1)

Country Link
GB (1) GB2243453A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2026705A (en) * 1978-07-21 1980-02-06 Honda Motor Co Ltd Monitoring control circuit operation
US4200225A (en) * 1977-06-06 1980-04-29 Hitachi, Ltd. Diagnostic check system for digital signal circuit

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200225A (en) * 1977-06-06 1980-04-29 Hitachi, Ltd. Diagnostic check system for digital signal circuit
GB2026705A (en) * 1978-07-21 1980-02-06 Honda Motor Co Ltd Monitoring control circuit operation

Also Published As

Publication number Publication date
GB9009555D0 (en) 1990-06-20

Similar Documents

Publication Publication Date Title
US4583224A (en) Fault tolerable redundancy control
US5754963A (en) Method and apparatus for diagnosing and isolating faulty sensors in a redundant sensor system
US9477212B2 (en) Safety switching device for the failsafe shutdown of an electrical load
US3892954A (en) Programmable, tester for protection and safeguards logic functions
Etemadi et al. New considerations in modern protection system quantitative reliability assessment
US20100148805A1 (en) Fail-Safe System and Test Module, Notably For Use In A Railroad Signaling System
US4762663A (en) Self-testing monitoring circuit
US3748540A (en) Testing and monitoring system for redundant trip devices
US4664870A (en) Testable voted logic power interface
US5613064A (en) Output network for a fault tolerant control system
EP4206697A1 (en) Self-locking and detection circuit and apparatus, and control method
US20030002612A1 (en) Energize to actuate engineered safety features actuation system and testing method therefor
US4696785A (en) Testable voted logic power circuit and method of testing the same
GB2243453A (en) Testing logic circuits
US5267117A (en) Electrical phase and amplitude fault detection and response system
US4737879A (en) Redundant digital distance relay
US4496941A (en) Switch protection device
US3508232A (en) Electrical monitoring system having ready performance testing capability
Mozina et al. Multifunction digital relay commissioning and maintenance testing
CN107589733B (en) Method and system for generating controller diagnosis signal, protecting fault and ensuring functional safety
SU1348924A1 (en) Arrangement for checking modules of discrete control systems
KR980011521A (en) Reactor Abnormal State Detection Device and Method using ASIC
SU1273886A1 (en) Device for checking control system of electric drive
SU1056089A1 (en) Device for checking integrated microcircuits
KR890000024B1 (en) Security device between a control system of a security actuator and a logic control circuit thereof

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)