The VLSI route for highly reliable ESDs

The major difference between an Emergency Shutdown (ESD) system and other c ontrol systems is the degree of tolerable operational integrity. A malfunct ion in the latter is immediately visible and the system can be replaced by a fully operational one. A shutdown system on the other hand is usually 'do rmant'. When, however, a true emergency situation arises and real demand is placed on it, it must be fully functional. A shutdown system by its nature should be fail-safe. That is, in case of failure in any of its operations, it should shut the plant down that it controls. However, a complete shutdo wn of a petrochemical or nuclear plant, for example, is extremely costly. T herefore highly reliable emergency shutdown systems are required both to sh ut the plant down when required and to prevent unnecessary shutdowns. Highl y structured algorithmic state machine (ASM) design techniques are used to achieve a hardware programmable and customisable product implementation. In order to increase system reliability, besides the application of structure d design and improved testability techniques, other design methods are also investigated. The issue of resolving the conflict, between complexity expl osion of ever increasing system's intelligence and increasing system reliab ility, is examined through the design of a VLSI (Very Large Scale Integrate d) ESD chip. The chip was primarily designed for the water industry, but it s field of application can be much broader. (C) 1999 Elsevier Science Ltd. All rights reserved.