83-GT-98

THE AMERICAN SOCIETY OF MECHANICAL. ENGINEERS

345 E. 47 St., New York, N.Y. 10017
The Society shall not be responsible for statements or opinions advanced In papers or in
discussion at meetings of the Society or of its Divisions or Sections, or printed in its
publications. Discussion is printed only if the paper is published in an ACME Journal.
Released for general publication upon presentation. Full credit should be given to ASME,
the Technical Division, and the author(s). Papers are available from ACME for nine months
after the meeting.
Printed in USA.

Copyright 1983 by ASME

A FAULT TOLERANT DIGITAL CONTROL SYSTEM FOR TURBO MACHINERY

Terry A. Shetler
Chief Electrical Engineer
Woodward Governor Company
Ft. Collins, Colorado

ABSTRACT

. when there is a need for data communication with other equipment.

There are several major factors influencing the

development of modern turbomachinery control systems.
First, the demand for fuel efficient engines with low
emissions creates complex control requirements. Second,
unmanned sites or plants where downtime is exceedingly
expensive demand controls with high reliability and
availability.
In addition, there is a desire for
controls to be programmable and to have the ability to
communicate with data gathering and logging systems.
This paper describes the development and application of a digital control system which answers the
above needs.
INTRODUCTION
Those responsible for specifying control equipment
for turbo-machinery are faced with a choice between
analog and digital controls. Although analog controls
have for years used discrete digital devices to implement many functions, the term "digital controls" refers
to full authority, microprocessor based controls.
While it is apparent that digital controls will become
much more common in the future, under what conditions
should digital controls be used? What are their
advantages over analog controls? Or, what is the
rationale behind the development and application of
digital controls?
The following sections outline the major features
which make digital controls attractive and describe a
control system which implements those features.

Complexity
The demand for more fuel efficient engines with
low emissions is leading to even more complex controls.
For example, acceleration scheduling may be a function
of three or more parameters including corrected speed,
which in itself involves division and extracting the
square root. It may be necessary to correct nonlinearities in the engine, fuel system, or sensors, or
to compensate non-linear dynamic characteristics of the
engine. There may be interactive control laws which
require a form of multi-variable control, as in multiple
extraction steam turbines or in variable geometry gas
turbines. The above examples illustrate the need for
powerful computing capability in the controller.
Both analog and digital controls require signal
conditioning circuitry to process signals to and from
the controlled plant. In addition, digital controls
require analog to digital (A/D) and digital to analog
(D/A) conversion circuitry. The important difference
between the two types of controls is in the computation
section. The analog control uses operational amplifiers, diodes, and other discrete parts for computation
while the digital control uses a microprocessor,
memory, and associated peripheral parts. With digital
controls, we only need to add lines of code (software)
as computational requirements increase. However, with
analog technology the amount of hardware required
increases directly with the increase in computational
requirements.

THE RATIONALE FOR DIGITAL CONTROLS

There are several major areas whereFROM
digital
SIGNAL
CONTROLLED *CONDITIONING*
controls can have an advantage over existing analog
FA(
PLANT
I-v
systems:

SIGNALS

. when the control requirements are

very complex;
. when the availability/integrity
requirements are very high;
. when there is a need for programmability;

COMPUTATION*

CONDITIONING
ING *

GENERAL CONTROL SYSTEM

FIGURE lA

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

SIGNALS TO
ED
PLANT

ANALOG CONTROLS

COMPUTATION

OPERATIONAL
AMPLIFIERS

the computational section. Also, self testing

depends on having knowledge of all possible fault
conditions or scenarios and testing for them. The
solution to this problem is to use dual microprocessors
which are executing exactly the same program in stepby-step synchronism and then comparing the results
before outputs are activated or changed. The action
taken when there is a difference in results depends on
the system requirements, but, as will be shown in the
next section, architectures can be selected for digital
controllers which will satisfy virtually any requirement for availability.

DIGITAL CONTROLS
COMPUTATION

ANALOG
TO
DIGITAL
CONVERSION

MICROPROCESSOR

DIGITAL
TO
ANALOG
CONVERSION

LOGIC GATES
MEMORY

COMPUTATIONAL SECTION COMPARISON

Programmability
Programmable digital controls allows standard
hardware to be built and simply reprogrammed as necessary for different applications. In addition, many
users desire the capability of doing their own programming. When changes occur in the field (as they
inevitably do), it is much easier to change the application program in a digital control than it is to add
circuitry to an analog control.
There is also a significant difference in
calibration and tuning between analog and digital
controls. Analog controls are usually characterized
by dozens of potentiometers and circuitry which can
drift with time and temperature. While both techniques
require analog circuits to do the input/output signal
conditioning, there is no drift problem with digital
controls once the conversion is made from analog to
digital, and calibration and tuning can be done using
a keyboard and cathode ray tube (CRT). This affords
considerable accuracy since exact values can be keyed
in (rather than "tweaking" a pot) by simply plugging
in a CRT terminal to the serial data port. There is
no need for connecting a signal generator, counter,
voltmeter, etc. to the control with the attendant
safety and damage possibilities. There is no need to
"poke" around in the digital control at all; it can
even be out of sight, behind a panel, when it is
programmed and calibrated.

FIGURE 1B
If we assume equivalent generic failure rates
(high quality parts in all cases), using fewer parts
will generally lead to higher system reliability.
Therefore, if digital techniques use fewer parts,
digital controls will exhibit a longer MTBF (mean time
between failure). It should also be noted that, while
software flaws do not directly contribute to the system
failure rate, new programs will usually contain errors
which must be found and corrected. Overall, as the
control complexity increases, the reliability advantage
of digital controls increases.
Control Availability/Integrity
Presumably then, a control system would be
selected which involves the minimum amount of hardware.
However, the failure rate for even this minimum hardware may be unacceptably high for a given application,
which can easily occur when the cost of a single shutdown exceeds the cost of a control system. For these
applications it may be necessary to construct a "fault
tolerant" control system, one that can develop a fault
and continue to operate the plant safely. The usual
approach to the design of such a system is the use of
circuit redundancy.
Both analog and digital controls can, of course,
employ redundancy to the point of duplicating the
entire control. The problem then becomes one of :
1) correctly identifying faults, and 2) smoothly transferring to the back-up controller. This is called
fault coverage and, as will be shown, can be accomplished more easily using digital controls.
Fault coverage in the sensors and input/output
(I/O) conditioning circuitry is a simple task with
either analog or digital controls, although the digital
control can do much more sophisticated checking. For
example, both analog and digital controls can easily
make out of range" checks of input signals. Either
kind of control can easily switch to redundant or
alternate sensors in the event of a fault. But if we
also desire to determine whether a signal from the
turbine is "reasonable" with respect to other engine
parameters, we find it very difficult using analog
techniques but trivial using a digital controller.
Fault coverage in the computational section is
quite another matter. Detection of failures in an
analog PID loop is very difficult since a channel which
is not in control tends to wander off, making comparison
checks invalid. This tendency also makes it difficult
to smoothly transfer to a back-up control channel.
Digital controls have traditionally used self
test routines including watch dog timers, parity checks
in memory, and computation of standard algorithms to
detect faults. A major flaw in self testing is that
it does not function if the microprocessor stops executing, which can result from any number of faults in

Data Communication
Many users of controls desire to have various
engine parameters gathered and collected automatically
for logging and health monitoring purposes. Also, it
is often useful to have this information made available
for plant supervision computers. Since many engine
parameters are already available in the fuel control,
it makes sense to communicate this data to other equipment rather than duplicating the sensors. With digital
controls, we only need to add software to send the data
over a serial data link. Data communication is beyond
the capability of analog controls without extensive
additional hardware.
ARCHITECTURES AVAILABLE
Digital controls can be configured in several
different ways to cater to different reliability or
availability requirements. When control systems are
studied for reliability (MTBF), provided conservative
design techniques are used along with high quality
parts, the sensors are usually found to have the
It makes sense, then, to
highest failure rates.
duplicate (or triplicate) the sensors along with the
conditioning circuits. This is true in both analog
and digital systems. If we now put the signal conditioning together with a single microprocessor and
memory (called a kernel), we can have a fairly reliable controller roughly equivalent to today's analog
systems.

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

The fault coverage achievable with a simplex

digital controller is a hotly debated topic within the
industry, but the coverage claimed is generally within
the 80-95 percent range. As long as the microprocessor
and memory (and peripheral devices) are still working,
a considerable number of self-check routines can be
executed. Also, as pointed out earlier, even a simplex
digital controller can do a lot more with regard to
sensor fault management than analog control can. For
example, it can easily pick the average value or the
median value out of a group of thermocouples or it can
substitute a calculated value for a missing or failed
sensor (analytic redundancy).
A watchdog timer can usually detect a failure of
a microprocessor to execute instructions. Therefore,
a minimum amount of built-in test can get the fault
coverage of a simplex controller up to 85 percent or
so, and higher numbers can be achieved with memory
checks and other techniques. This may be acceptable
especially if there is backup overspeed and overtemperature protection. But it is impossible to get 100
percent fault coverage with a single kernel since, as
pointed out above, a failed kernel cannot troubleshoot
itself.

SIMPLEX
SENSOR

KERNEL
A

DUPLEX, FAIL - SAFE SYSTEM

FIGURE 3

If we add a third kernel (triplex), it becomes

possible for the voting mechanism to positively identify
and isolate a failed kernel. Therefore, we can have
complete coverage of all first faults and continue to
operate the plant safely. The continued operation will
be in a duplex mode but with absolute failsafe operation. Note that in a triplex system, reliability has
decreased (more parts yield higher failure rate) but
In fact, if
system availability has increased.
ordinary conservative design techniques are used which
result in reasonably low failure rates of the individual channels in a triplex system, overall system availability essentially depends only on the mean time to
repair (MTTR). If that number is reasonably low (a
few hours), system availability becomes very high and
does not depend on built-in test, self check routines,
or coverage within an individual channel. With all
channels executing instructions in tight synchronism,
results are voted on before outputs are enabled, thereby insuring that only valid results are allowed on the
outputs. Faults are identified by the triplex fault
tolerant voting network and the bad channel is outvoted by the remaining two.
By implementing the voting and checking system in
hardware, the software operating system remains
elegantly simple. Once faults are detected, isolating
them is straightforward. The efficiency of implementing the fault tolerance mechanism in hardware is
reflected in the fact that the entire software operating system consumes less than five percent of the
computational resources.

PI-OUTPUTS

OPTIONAL
DUPLEX
SENSOR

CPU. MEMORY

SIMPLEX
ACTUATION

SIMPLEX
SENSORS

SIMPLEX
ACTUATION

SELF
TEST

SIMPLEX, SINGLE STRING SYSTEM

FIGURE 2

If we now add a second kernel (called a duplex

system), we can do direct bit-by-bit compa .ison of the
computations, and using a hardware voter, determine if
there is a difference before any outputs are actuated
or changed. Provided the voters themselves are fault
tolerant, we can know absolutely when one channel has
failed since there will be a difference between the
computations, and we can safely shutdown the plant.
This gives us assurance of a failsafe system regardless
of the fault, makes the built-in test much less significant, and, even more importantly, no longer depends
on having identified all possible "what if situations
and designed a built-in test to accomodate them. It
is also quite possible to produce the second kernel
with less additional hardware (therefore yielding
higher reliability) than other kinds of backup or self
test circuitry which would have less than perfect
coverage.
One can choose to continue to operate the plant
with a duplex system even if one kernel Fails (fail
operational) but there is a risk that control will be
transferred to the failed kernel through an inability
of self test to correctly identify which kernel has
failed. Therefore, it would be recommended to operate
this type of system as failsafe only.
,.

1 0.1 INPUTS 1-
-

--HOUTPUTS1 - --KERNEL
A

DUPLEX
SENSORS

VOTER A

DUPLEX
OUTPUT
ACTUATION
)

KERNEL

VOTER B

(VOTER C

-TIPI

INPUTS

KERNEL .4
C -PIOUTPUTS

TRIPLEX SYSTEM, FAIL OPERATIONAL

FIGURE 4
3

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

In order of increasing reliability/availability,

we can summarize some of the available architectures:
SYSTEM

THE HARDWARE
A single channel including a kernel togethe L'ith
the associated signal conditioning and power supplies
is housed in a standard 19 inch (483 mm) rack. The
kernel is contained on six plug-in modules which include
the microprocessor, memory, monitor and interlock
circuits, clock, communication circuits, and serial
(RS232) data port. The rest of the rack, 12 spaces,
is dedicated to input/output signal conditioning
modules.
The microprocessor is a Z8001, a 16 bit device
chosen for its computational power and availability in
mil-spec versions. The microprocessor module also
contains enough memory to hold the operating system so
that it can be run independently of the other modules
for testing purposes. The clock is running the microprocessor at 6 MHz. In redundant architectures, the
clocks are tightly synchronized with one another to
insure that application program steps are executed
simultaneously. This is central to the fault tolerant
design philosophy of doing direct bit-for-bit comparison
of the computations. These computation results are
sent to voter registers which note any differences and
set an error latch. Special design techniques are used
to insure that the voter circuits are fault tolerant
and are able to detect even subtle faults such as the
"malicious liar". This could occur when, for example,
kernel A of a triplex systems fails in such a way as to

COVERAGE

1) Simplex kernel, simplex 80-90 percent failsafe

I/O
2) Simplex kernel, duplex
80-90 percent failsafe
I/O
with improved availability
3) Duplex kernel, simplex I/O X100 percent failsafe
4) Duplex kernel, duplex
6,100 percent failsafe
I/O
with improved availability
5) Triplex kernel, at
X100 percent fail operaleast duplex I/O
tional then 100 percent
failsafe
The criterion for selecting kernel redundancy is
the fault coverage desired. In addition, selection of
sensor redundancy depends on individual sensor failure
rates.
One other important feature to note is that in
the redundant systems, all kernels are performing
identical calculations in tight synchronism using
identical data. In the case of redundant sensors, a
single value to be used is agreed upon first. The
results of the calculations are voted upon before an
output is activated. The redundant kernels do not
operate in a primary/backup mode since all have equal
authority.

FIGURE 5A

FIGURE 5B
4

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

give kernel B one erroneous result and give kernel C

another. Under these conditions, the voter must still
be able to recognize the fact that kernel A is in error.
The main memory module contains three types of
memory: Random Access Memory (RAM), Ultra-Violet
erasible Programmable Read Only Memory (UV PROM), and
Electronically Erasable PROM. The RAM is used for
scratch pad (temporary) purposes. The UV PROM is used
for permanent program including the application
program. The EE PROM is used for changeable set point
values.
The kernel is designed in such a way that in
redundant architectures, the system is perfectly
symmetric, i.e. everything in the kernel is either
duplicated or triplicated. Interconnecting cables
allow kernels to communicate with each other but faults
within a kernel cannot be propagated to the other
kernels.
Housing each channel in its own rack is consistent
with the fail-operational philosophy of a triplex
system since this allows service of a faulty channel
on the run. The faulty channel can be disconnected
from the others, serviced (or replaced) and returned
to duty. A synchronization program is run on start-up
to re-synchronize with the others and then resume
operation.
The input/output conditioning is modular and can
be assembled in appropriate blocks to handle all normal
signals to and from the controlled plant. Some of the
modules available and the number of signals each are
listed:
Magnetic Pickup
Analog Inputs
Thermocouples
RTD's
Discrete Inputs
Discrete Outputs
Actuator Drivers

SOFTWARE
The operating system software is designed to
efficiently support the real-time operating requirements of the controller. This means that the microprocessor must have sufficient throughput to assure
jitter-free execution of the application code. In
addition, for duplex and triplex architectures the
operating system must provide for cross-channel data
exchange and synchronization. It must also schedule
execution of the application code according to the
pre-determined rate structure. The fastest rate
group is on the order of 10 milliseconds with subsequent groups each running at one half the previous
group rate. The rate at which particular control loops
or processes are run is selected in the application
code. For example, a speed loop may be serviced every
10 milliseconds while an ambient temperature bias may
be re-calculated every 80 milliseconds.
The most visible portion of the software is the
menu driven application programming system. This
translation/editing system interacts with the programmer by prompting him with a hierarchy of menus and
submenus. The programmer can specify the particular
parameters in each menu and thereby configure the
controller to meet customer specifications. The
translator takes these responses, puts them in a
compact form and loads them into the control for
execution by the operating system. The translator
resides in a Hewlett Packard 9826 desk top minicomputer which is portable for field use.
The menu system is a tree of menus and sub-menus
which the designer may call up at will. The top level
is the master menu which provides three options: Edit,
Load, or Service. "Edit" allows the user to create or
alter an application program, "Load" allows the user
to load the program into the controller, and "Service"
enables service routines for trouble shooting.
The menu system of programming was chosen over
other methods for several important reasons. Although
assembly language programming is appropriate in some
smaller projects, it would be an overwhelming task to
put together an application program in such a manner
for a control of this size and complexity. Also,
programming in assembly language requires an intimate
knowledge of the microprocessor and access to sophisticated debugging equipment. It is very time
consuming and requires extensive practice to gain
expertise. The quantities of any particular control
are usually very low and the programming time needs to
be minimized. Even with a well commented assembly
language program it is difficult to follow the tracks
of the original programmer, making maintenance
(engineering changes) very difficult, if not impossible
High level language programming, especially
Pascal based languages, solve the maintenance problem
for the most part since they are designed to be self
documenting. However, writing efficient high level
language programs also requires programming expertise.
It is preferable for control engineers without such
expertise to be able to put together an efficient
application program directly from the control system
block diagram. In addition, standard high level
languages are designed for specific tasks on computers
rather than real time control of engines and turbines.
The use of a menu system is very much like
answering a questionnaire. At any point, the possible
choices of answers are available and, if these aren't
sufficient, the designer can ask for "Help" and the
menu system will respond with explanatory text.

(3)
(4)
(4)
(4)
(28)
(28)
(2)

Central analog to digital conversion circuitry

schemes quite often present reliability problems.
Therefore, the analog to digital conversion in this
control is distributed so that each analog input has
its own. The conversion is combined with the isolation
strategy in that the signals are first converted to a
frequency, run through optical isolation, and then
directly converted to digital format. The conversion
resolution is generally 12 bit (0.025 percent) and the
update time is appropriate for the signal being
converted. Thermocouples, which are relatively slow,
do not need updating as quickly as other devices such
as magnetic pickups.
To enhance EMI (noise) immunity discrete inputs
and outputs are optically isolated. Since relay
contacts generally carry relatively "dirty" signals
from the plant, the relays are housed in a separate
chassis outside the main control. All communication
with the control is through serial data (RS232C) ports.
Initial programming is done offline using a desktop
computer and the completed program is downloaded
through a serial port. Provision is also made for
operator interface equipment such as control panels,
CRTs, and data logging devices through serial ports.
Tuning and adjustment of set point values is accomplished using an external keyboard and is protected by
appropriate passwords.

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

To build up a controller from the block diagram

we would start by selecting "Edit" from the master
menu. The CRT screen will then display the menu block
choices:

EDIT MENU

>Examine the control channel functions.

>Fill in bus characteristics.
>Help.
>Return to previous level.
>Quit.

(FILENAME)
Valid Data

1.
2.
3.
4.
5.
6.
7.
8.

Controllers
Sequencers
Field wiring and I/O management
DCS kernel hardware configuration
Alter menu defaults
Return to previous level
Quit
Help

>Bus Characteristics
-Numerical Value
-Real Variable Name
>Function Names
-Length Less Than * Characters
-Must Begin With Alpha Character

Enter number of desired selection and return.

"Controllers" contains all the functions normally
found on a fuel control system block diagram. This
menu would be selected to program the control functions
associated with regulating fuel flow to the plant.
"Sequencers" is used to select the sequential
logic functions such as starting logic.
"Field Wiring and I/O Management" contains the
menu items necessary to assign the I/O modules to
particular slots in the rack cabinet (which automatically fixes the field wiring) and is also used to
select the sensor and fault management options.
"DCS Kernel Hardware Configuration" is used to
allocate the memory space.
"Alter Menu Defaults" allows the user' to change
the default values (such as false = high).
If "Controllers" is selected, the menu system will
respond by asking for the names of the controller
elements. All of the elements on the block diagram
must be named including the buses. These names can be
arbitrary but it is helpful to use meaningful terms
such as "LIQFUEL" for the output bus corresponding to
liquid fuel flow on a gas turbine. Similarly, "N1LOOP"
may refer to the Ni speed control loop.
Once the control elements are named, we can begin
to fill in the detailed characteristics. For example,
if we now call up the "LIQFUEL" bus, the menu system
will respond:

BUS NAME:
1.

2.

3.
4.
5.
FOR BUS:

The designer must first fill in the names of the

control elements tied to the "LIQFUEL" bus (items 1
through 5) and then identify the bus characteristics.
The designer can specify fixed limits on the bus as
well as time dependent limits. Note that as the
control system is being defined, the calibration values
are being entered as well.
Next, the detailed loop characteristics will be
filled in. For example: If "N1LOOP" is selected the
following menu appears:

LIQFUEL. N1LOOP

CHANNEL:

1:
2:
3:
4:
5:
6:
7:
8:

9:

FUOCTION

OUTPUT NAME

COMPUTE
COMPARISON
COMPARISON
COMPARISON
RAMP
MONITOR
MONITOR
COMPUTE
PID

:
:

TIES
N1SW1

NISW2
NSW3
N1REF
T _IAMB
N1MPU
AMB
N1

Items 1 through 9 are the functions composing the

N1LOOP control channel. Similar User Options are
available here:

LIQFUEL

>Insert
>Delete
>Modify
>Help
>Return
>Quit

N1LOOP
N2LOOP
N3LOOP
EGT
CDP
LIQFUEL

new function at indicated line.

indicated line.
spelling if new entry.
to previous level.

Valid Data

IS THIS A LOW SIGNAL BUS? (2/N)

>Function

*OUTPUT LOW LIMIT:

*OUTPUT HIGH LIMIT:
*JUMP UP:
*UP RATE:
*JUMP DOWN:
*DOWN RATE:

-Compute
-Comparison
-Ramp
-Monitor
-PID
>Output

Items 1 through 5 correspond to the control

elements tied to the "LIQFUEL" bus.
The User Options are as follows:

-Must begin with alpha character.

-Length less than * characters.

>Insert new function name at indicated line.

>Delete indicated name.
>Modify the spelling of indicated name if
new entry.

Each of the functions must be called up in turn to

specify its characteristics. For example, when
"Comparison" is selected, a blank template is displayed.

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use

COMPARISON:

SUMMARY

N1MPU
INPUT 1 NAME:
INPUT 2 NAME:
3000
HYSTERESIS IN PERCENT:

The foregoing discussion has illustrated some of

the unique features of digital controls with emphasis
on their capability for setting new standards of system
reliability, integrity, and ease of design for new
applications.
Furthermore, it has been shown that digital
controls can be arranged in several different redundant
configurations to meet fault-tolerant system requirements.
Finally, an actual system was described which
included some of the unique features and capabilities
of the digital control as applied to turbo machinery.

1.0

If PID is selected its template is displayed:

LOOP NAME:
RATI' CROUP:
*DROOP IN PERCENT:
DROOP SOURCE:
PROCESS:
*SETPOINT:
*PROPORTIONAL:
''TNTEVRAL:
CONTROL INDICATOR:

N1
R4

*6
kza
n1mvu

nlref

3.8
0.1
n1ontrcV

Typical responses are shown. When *5 for the

droop is entered, the menu below will appear. When
the menu below is finished, the menu above can be
continued.
TUNEALLE PARAMETER
*DROOP PERCENT:
ENTER LTPITI

HIGH LIMIT:
LOW L=T:

The starred options indicate those that are user

tuneable in the field.
Following this pattern, the entire block diagram
is entered into the menu program.
In order to specify input and output signals, we
return to level 1 menu and select "3". "Field Wiring
and I/O Management". The following is a sample wiring
menu including typical responses (underlined):
Analog in Menu:
KERNEL IS a
CHASSIS IS 1
SLOT NUMBER IS 3
BOARD TYPE' IS
INPUT 1 NAME IS
ZERO TS 0
SPAN IS 200
DEFAULT VALUE IS 0
IS THIS SIMPLEX?
RATE GROUP IS P 2
INPUT 2 NAME IS disqpres
ZERO IS 0
SPAN IS 900
DEFAULT VALUE IS 0
IS THIS SIMPLEX? u
RATE GROUP IS r 2

When this process is complete and the entire block

diagram has been programmed, "Load" is selected from
the master menu to cause the program to be down loaded
into the control. Once this is done the control design
and calibration is complete.

Downloaded From: http://asmedigitalcollection.asme.org/ on 11/03/2015 Terms of Use: http://www.asme.org/about-asme/terms-of-use