WO2006002069A2 - Redundant processing architecture for single fault tolerance - Google Patents
Redundant processing architecture for single fault tolerance Download PDFInfo
- Publication number
- WO2006002069A2 WO2006002069A2 PCT/US2005/021063 US2005021063W WO2006002069A2 WO 2006002069 A2 WO2006002069 A2 WO 2006002069A2 US 2005021063 W US2005021063 W US 2005021063W WO 2006002069 A2 WO2006002069 A2 WO 2006002069A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- processors
- comparator
- function
- comparison function
- sifts
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/183—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
- G06F11/184—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/187—Voting techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/1658—Data re-synchronization of a redundant component, or initial sync of replacement, additional or spare unit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/182—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits based on mutual exchange of the output between redundant processing components
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/183—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
- G06F11/184—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality
- G06F11/185—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality and the voting is itself performed redundantly
Definitions
- the present invention relates generally to the field of redundant architectures, and in particular, to developing a single fault tolerant architecture.
- BACKGROUND INFORMATION [0002] Space missions require the highest upset rate immunity available to overcome Single Event Upsets (SEUs). At times, electronic systems can operate outside normal parameters thereby producing faulty data. In some circumstances, failure of these systems can be catastrophic. Although radiation hardened processors are available, they offer lower performance and higher cost than commercial off the shelf processors. In order to use non- hardened devices, a fault tolerant scheme is used in architectures that include one or more redundant systems. To identify the faulty system, voting mechanisms are used. The voting mechanisms process the simultaneous outputs of the redundant systems to determine the system producing the correct data. The voting mechanisms used in these architectures are implemented through software. However, software implementations of the voting mechanisms are very slow.
- Embodiments of the present invention address enhancing the speed of voting mechanism processes in systems with redundant processors.
- a system includes a first logic device having at least two processors and a first comparator and a second logic device having at least one processor and a second comparator.
- Each of the at least two processors are coupled to each of the first and second comparators.
- the first and second comparators operate as a distributed comparator system. Each comparator independently identifies faults in the processors.
- a method for identifying a fault in a programmable device having at least three redundant processors each having a software implemented fault tolerance (SIFT) function includes generating an output at each of the at least three redundant processors, receiving the generated outputs at each of the SIFTs, performing a first portion of a comparison function using each of the SIFTs, performing a > second portion of the comparison function using a hardware comparator, combining results of each of the first portion of the comparison function and the second portion of the comparison function and analyzing the combined results.
- the analysis includes performing a voting function of the combined results, comprising checking for a minority vote and determining faulty processors among the at least three redundant processors based on the minority vote.
- Figure 1 is a block diagram of the architecture of one embodiment of an electronic module having redundant processors and comparators.
- Figure 2 is a block diagram of the architecture of one embodiment of a programmable logic device having redundant processors, software implemented fault tolerance functions and a hardware comparator.
- Figure 3 is a block diagram of one embodiment of a hardware comparator.
- Figure 4 is a flowchart of one embodiment of a method for accelerating a voting mechanism in a programmable device.
- FIG 1 is a block diagram of the architecture of one embodiment of an electronic module 110, indicated generally at 100 according to the teachings of the present invention.
- Electronic module 110 includes a single fault tolerant architecture having first and second, redundant logic devices 102 and 104.
- the electronic module 110 is an Application Specific Integrated Chip (ASIC).
- the electronic module 110 is a Printed Wired Assembly (PWA).
- ASIC Application Specific Integrated Chip
- PWA Printed Wired Assembly
- logic devices 102 and 104 are field programmable gate arrays (FPGAs) that are programmed to include two processors in each.
- Logic device 102 includes a comparator 130 and logic device 104 includes comparator 140.
- Comparators 130 and 140 combine to perform the function of comparing in a distributed architecture, hi one embodiment, a distributed architecture is directed to dividing or separating the comparison function into two or more units, hi one embodiment, both comparators 130 and 140 perform substantially the same function and in another embodiment they complement each other and together complete the function of comparison.
- the distributed architecture used for comparators 130 and 140 provides an additional layer of redundancy.
- the first logic device 102 has processors 120-1 through 120-T and the second logic device has processors 121- 1 through 121-N.
- processors 120-1 through 120- T and 121-1 through 121-N are programmed to perform substantially the same function.
- embodiments of the present invention have processors 120-1 through 120-T and 121-1 through 121-N generating output that is utilized to compare against each other for possible faults in any of the processors 120-1 through 120-T and 121-1 through 121-N.
- Both comparators 130 and 140 are coupled with each of processors 120-1 through 120-T and 121-1 through 121-N.
- each output generated by processors 120-1 through 120-T and 121- 1 through 121-N are compared against each other using a distributed comparator mechanism comprising comparators 130 and 140. Individual bit-level comparisons are performed and the results are then redistributed to the processors 120-1 through 120-T and 121-1 through 121 -N. Since the comparison is performed in hardware it is faster than software implementations that maybe run on processors 120-1 through 120-T and 121-1 through 121 -N.
- comparators 130 and 140 are identical and hence provide additional redundancy in performing a fault identification function.
- comparators 130 and 140 share the workload of comparing the processor outputs and thereby reduce the total processing time. Comparators 130 and 140 depend on each others results to complete the fault identification function.
- the electronic module 110 includes at least three redundant processors 120-1 to 120-T and 121-1 to 121-N. It is required that a minimum of three redundant processors will be necessary to determine a single faulty processor among processors 120-1, 120-T, 121-1 and 121 -N. When only two processors are present, the fact that a faulty processor exists can be identified, but which processor is faulty cannot be determined. The addition of a third processor provides a tie-breaking vote in determining the faulty processor.
- FIG. 2 is a block diagram of the architecture of one embodiment of an electronic module 210, indicated generally at 200 according to the teachings of the present invention.
- electronic module 210 includes one or more optional processors 220-1 to 220-M.
- electronic module 210 operates essentially as a programmable logic device.
- processors 220-1 through 220-M are separate processors separated from electronic module 210.
- processors 220-1 to 220-M are independent and are de-coupled from each other for the architecture to be radiation hardened.
- the electronic module 210 includes at least three redundant processors 220-1 to 220-M. It is required that a minimum of three redundant processors will be necessary to determine a single faulty processor among processors 220-1, 220-2 and 220-3. In the event there are only two processors 220-1 and 220-2 present, the fact that a faulty processor exist can be identified, however, which one of the two processors 220-1 and 220-2 is faulty cannot be determined. The addition of a third processor will provide the tie-breaker vote in determining the faulty processor.
- processors 220-1 to 220-M perform substantially the same function.
- Each of processors 220-1 to 220-M includes a software implemented fault tolerance (SIFT) function represented by 222-1 to 222-M.
- SIFT 222-1 through 222-M is a programming interface that has a library set to perform the function of comparison, management, voting and reset functions with regard to the processors 220-1 through 220-M.
- SIFT 222-1 through 222-M supports the detection of a single event error of one of the processors 220-1 through 220-M.
- the operation of SIFT functions 222-1 through 222-M are de-coupled to perform independently from the operations of the processors 220-1 through 220-M.
- the comparison is performed at some application (e.g., SIFT) designated checkpoint.
- SIFT some application
- Each SIFT 222-1 through 222-M performs its tasks at some pre-determined application period that is specified by the designer.
- a hardware comparator 230 also included in the electronic module 210 is a hardware comparator 230 that is implemented in the remaining space of the electronic module 210.
- Hardware comparator 230 reduces the time and effort to perform the comparison function executed by each of the SIFTs 222-1 through 222-M and relieves some of the burden of executing the comparison function for SIFT 222-1 through 222-M.
- the hardware comparator 230 is radiation hardened by using a triple modular redundancy (TMR) implementation.
- TMR triple modular redundancy
- the SIFT software 222-1 through 222-M is executed on each processor. As the software is being executed, a portion of the comparison function is forwarded to the hardware comparator 230 to perform the bit-level comparison in hardware. The hardware comparator 230 enhances SIFT 222-1 through 222-M in performing the comparison faster through hardware. After the completion of the comparison task, the hardware comparator 230 forwards the results to SIFT 222-1 through 222-M. Upon completion of the execution of the SIFT software, the results are forwarded to each of the processors 220-1 through 220-M. In one embodiment, each SIFT 222-1 through 222-M sends a message to the faulty processor among processors 220-1 through 220-M to initialize or reset the processor. In one embodiment, the faulty processor may also receive a copy of the current image of one of the other processors 220-1 through 220-M that would enable it to continue its duties as required.
- FIG. 3 is a block diagram of one embodiment of a hardware comparator, indicated generally at 300.
- hardware comparator 300 is as found in Figure 2 above labeled as 230.
- Hardware comparator 300 comprises a binary comparator 310, control logic 320, selector 335 and a broadcaster 340.
- binary comparator 310 is coupled to a control logic device 320 which in turn is coupled to a selector 330.
- each of SIFT 222-1 through 222-M generates outputs C 1 -C M - Outputs C 1 through C M are received by a binary comparator 310.
- the binary comparator 310 performs a bit-level comparison to detect any change in bit positions between processor outputs thereby determining if there is a faulty or failed processor.
- the result of the bit comparison in binary comparator 310 is forwarded to control logic device 320.
- Control logic device 320 generates a control signal based on the comparison results.
- the control signal from control logic device 320 triggers selector 330.
- selector 330 In the event of a failed processor, a control signal from control logic 330 triggers selector 330 to choose an output other than the failed output to be sent to broadcaster 340.
- Broadcaster 340 broadcasts the chosen signal back to all the processors 120-1 through 120-T, 121-1 through 121 -N and 220-1 through 220-M and the failed processor is reset consequently.
- FIG 4 is a flow chart of one embodiment of a method for accelerating a voting mechanism in an electronic module as shown generally at 400, according to the teachings of the present invention.
- Method 400 is performed by an electronic module such as electronic module 210 shown in Figure 2 above.
- the electronic module includes a hardware comparator and at least three or more redundant systems each having a software implemented fault tolerance function.
- the method begins at block 410 where each of the redundant processors generates an output for analysis.
- each of the outputs from the redundant processors are received by the SIFT.
- a portion of the output is sent to a hardware comparator in block 430.
- the method then proceeds to block 440 and performs a comparison process in the hardware comparator.
- the method proceeds to block 450 and the results of the comparison process are retrieved by the SIFT.
- the results are checked to determine if there is a minority vote. When there is no minority vote the method proceeds to block 490 where it is terminated. The presence of no minority vote would indicate to all of the processors that there are no faulty processors present.
- the method proceeds to block 470.
- the failed processors are identified, assuming that the number of failed processors is less than the number of properly working processors.
- the method then proceeds to block 480 where the identified failed processors are initialized or corrective action is performed on it.
- the method terminates at block 490.
- CONCLUSION [0026] Embodiments of the present invention have been described. The embodiments provide a redundant architecture that can increase the speed of the voting mechanism. Ordinarily, the voting mechanism is performed using a software process. This invention reduces the time taken to perform the voting process and also reduces the effort of the software by transferring critical bit comparison operation and performing it in a hardware device on the same programmable device.
- the electronic module of the described invention can be assembled using many off the shelf components in providing a faster solution to overcome SEU problems. This is particularly advantageous for overcoming SEU problems in architectures used in space applications.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007516665A JP2008503002A (en) | 2004-06-15 | 2005-06-15 | Redundant processing architecture for single fault tolerance |
EP05759169A EP1759293A2 (en) | 2004-06-15 | 2005-06-15 | Redundant processing architecture for single fault tolerance |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/867,894 US7392426B2 (en) | 2004-06-15 | 2004-06-15 | Redundant processing architecture for single fault tolerance |
US10/867,894 | 2004-06-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006002069A2 true WO2006002069A2 (en) | 2006-01-05 |
WO2006002069A3 WO2006002069A3 (en) | 2006-04-27 |
Family
ID=35414771
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2005/021063 WO2006002069A2 (en) | 2004-06-15 | 2005-06-15 | Redundant processing architecture for single fault tolerance |
Country Status (4)
Country | Link |
---|---|
US (1) | US7392426B2 (en) |
EP (1) | EP1759293A2 (en) |
JP (1) | JP2008503002A (en) |
WO (1) | WO2006002069A2 (en) |
Families Citing this family (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050273653A1 (en) * | 2004-05-19 | 2005-12-08 | Honeywell International Inc. | Single fault tolerance in an architecture with redundant systems |
US7328371B1 (en) * | 2004-10-15 | 2008-02-05 | Advanced Micro Devices, Inc. | Core redundancy in a chip multiprocessor for highly reliable systems |
JP2006228121A (en) * | 2005-02-21 | 2006-08-31 | Toshiba Corp | Arithmetic processing unit |
US9137417B2 (en) | 2005-03-24 | 2015-09-15 | Kofax, Inc. | Systems and methods for processing video data |
US9769354B2 (en) | 2005-03-24 | 2017-09-19 | Kofax, Inc. | Systems and methods of processing scanned data |
DE102005037233A1 (en) * | 2005-08-08 | 2007-02-15 | Robert Bosch Gmbh | Method and device for data processing |
US7577870B2 (en) * | 2005-12-21 | 2009-08-18 | The Boeing Company | Method and system for controlling command execution |
US20070220367A1 (en) * | 2006-02-06 | 2007-09-20 | Honeywell International Inc. | Fault tolerant computing system |
US20070186126A1 (en) * | 2006-02-06 | 2007-08-09 | Honeywell International Inc. | Fault tolerance in a distributed processing network |
US20070260939A1 (en) * | 2006-04-21 | 2007-11-08 | Honeywell International Inc. | Error filtering in fault tolerant computing systems |
US7685464B2 (en) * | 2006-11-20 | 2010-03-23 | Honeywell International Inc. | Alternating fault tolerant reconfigurable computing architecture |
WO2008146091A1 (en) * | 2007-05-25 | 2008-12-04 | Freescale Semiconductor, Inc. | Data processing system, data processing method, and apparatus |
US7850127B2 (en) * | 2008-03-11 | 2010-12-14 | Ansaldo Sts Usa, Inc. | Cab signal receiver demodulator employing redundant, diverse field programmable gate arrays |
US8200947B1 (en) * | 2008-03-24 | 2012-06-12 | Nvidia Corporation | Systems and methods for voting among parallel threads |
KR101476187B1 (en) * | 2008-04-04 | 2014-12-24 | 엘지전자 주식회사 | Method for instructing and performing a network entry |
US7877627B1 (en) | 2008-12-18 | 2011-01-25 | Supercon, L.L.C. | Multiple redundant computer system combining fault diagnostics and majority voting with dissimilar redundancy technology |
US9349046B2 (en) | 2009-02-10 | 2016-05-24 | Kofax, Inc. | Smart optical input/output (I/O) extension for context-dependent workflows |
US9767354B2 (en) | 2009-02-10 | 2017-09-19 | Kofax, Inc. | Global geographic information retrieval, validation, and normalization |
US9576272B2 (en) | 2009-02-10 | 2017-02-21 | Kofax, Inc. | Systems, methods and computer program products for determining document validity |
US8958605B2 (en) | 2009-02-10 | 2015-02-17 | Kofax, Inc. | Systems, methods and computer program products for determining document validity |
US8774516B2 (en) | 2009-02-10 | 2014-07-08 | Kofax, Inc. | Systems, methods and computer program products for determining document validity |
US7969229B2 (en) * | 2009-02-19 | 2011-06-28 | Hitachi, Ltd. | On-chip redundancy high-reliable system and method of controlling the same |
US8564616B1 (en) | 2009-07-17 | 2013-10-22 | Nvidia Corporation | Cull before vertex attribute fetch and vertex lighting |
US8542247B1 (en) | 2009-07-17 | 2013-09-24 | Nvidia Corporation | Cull before vertex attribute fetch and vertex lighting |
US20110099421A1 (en) * | 2009-09-30 | 2011-04-28 | Alessandro Geist | Radiation-hardened hybrid processor |
US20110078498A1 (en) * | 2009-09-30 | 2011-03-31 | United States Of America As Represented By The Administrator Of The National Aeronautics And Spac | Radiation-hardened hybrid processor |
US8976195B1 (en) | 2009-10-14 | 2015-03-10 | Nvidia Corporation | Generating clip state for a batch of vertices |
US8384736B1 (en) | 2009-10-14 | 2013-02-26 | Nvidia Corporation | Generating clip state for a batch of vertices |
US8499193B2 (en) * | 2010-07-30 | 2013-07-30 | Honeywell International Inc. | Integrated dissimilar high integrity processing |
US9625894B2 (en) * | 2011-09-22 | 2017-04-18 | Hamilton Sundstrand Corporation | Multi-channel control switchover logic |
WO2013088519A1 (en) * | 2011-12-13 | 2013-06-20 | トヨタ自動車株式会社 | Multi-core processor |
US10146795B2 (en) | 2012-01-12 | 2018-12-04 | Kofax, Inc. | Systems and methods for mobile image capture and processing |
US9483794B2 (en) | 2012-01-12 | 2016-11-01 | Kofax, Inc. | Systems and methods for identification document processing and business workflow integration |
US8855375B2 (en) | 2012-01-12 | 2014-10-07 | Kofax, Inc. | Systems and methods for mobile image capture and processing |
US9058580B1 (en) | 2012-01-12 | 2015-06-16 | Kofax, Inc. | Systems and methods for identification document processing and business workflow integration |
US9058515B1 (en) | 2012-01-12 | 2015-06-16 | Kofax, Inc. | Systems and methods for identification document processing and business workflow integration |
DE102013202253A1 (en) * | 2013-02-12 | 2014-08-14 | Paravan Gmbh | Circuit for controlling an acceleration, braking and steering system of a vehicle |
US9208536B2 (en) | 2013-09-27 | 2015-12-08 | Kofax, Inc. | Systems and methods for three dimensional geometric reconstruction of captured image data |
WO2014160426A1 (en) | 2013-03-13 | 2014-10-02 | Kofax, Inc. | Classifying objects in digital images captured using mobile devices |
US9355312B2 (en) | 2013-03-13 | 2016-05-31 | Kofax, Inc. | Systems and methods for classifying objects in digital images captured using mobile devices |
US20140316841A1 (en) | 2013-04-23 | 2014-10-23 | Kofax, Inc. | Location-based workflows and services |
DE202014011407U1 (en) | 2013-05-03 | 2020-04-20 | Kofax, Inc. | Systems for recognizing and classifying objects in videos captured by mobile devices |
JP2016538783A (en) | 2013-11-15 | 2016-12-08 | コファックス, インコーポレイテッド | System and method for generating a composite image of a long document using mobile video data |
JP2015222467A (en) * | 2014-05-22 | 2015-12-10 | ルネサスエレクトロニクス株式会社 | Microcontroller and electronic control device using the same |
US9912733B2 (en) * | 2014-07-31 | 2018-03-06 | General Electric Company | System and method for maintaining the health of a control system |
US9760788B2 (en) | 2014-10-30 | 2017-09-12 | Kofax, Inc. | Mobile document detection and orientation based on reference object characteristics |
US10242285B2 (en) | 2015-07-20 | 2019-03-26 | Kofax, Inc. | Iterative recognition-guided thresholding and data extraction |
US9779296B1 (en) | 2016-04-01 | 2017-10-03 | Kofax, Inc. | Content-based detection and three dimensional geometric reconstruction of objects in image and video data |
US10331532B2 (en) * | 2017-01-19 | 2019-06-25 | Qualcomm Incorporated | Periodic non-intrusive diagnosis of lockstep systems |
US10803350B2 (en) | 2017-11-30 | 2020-10-13 | Kofax, Inc. | Object detection and image cropping using a multi-detector approach |
US11641395B2 (en) * | 2019-07-31 | 2023-05-02 | Stratus Technologies Ireland Ltd. | Fault tolerant systems and methods incorporating a minimum checkpoint interval |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5274554A (en) * | 1991-02-01 | 1993-12-28 | The Boeing Company | Multiple-voting fault detection system for flight critical actuation control systems |
EP1014237A1 (en) * | 1998-12-17 | 2000-06-28 | Honeywell Inc. | Modular computer architecture |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4228496A (en) * | 1976-09-07 | 1980-10-14 | Tandem Computers Incorporated | Multiprocessor system |
JPS6170637A (en) * | 1984-09-11 | 1986-04-11 | インタ−ナショナル ビジネス マシ−ンズ コ−ポレ−ション | Correction of error detection due to decision by majority |
US4817094A (en) * | 1986-12-31 | 1989-03-28 | International Business Machines Corporation | Fault tolerant switch with selectable operating modes |
US4959836A (en) * | 1987-12-09 | 1990-09-25 | Siemens Transmission Systems, Inc. | Register robustness improvement circuit and method |
US4965717A (en) * | 1988-12-09 | 1990-10-23 | Tandem Computers Incorporated | Multiple processor system having shared memory with private-write capability |
US5339404A (en) * | 1991-05-28 | 1994-08-16 | International Business Machines Corporation | Asynchronous TMR processing system |
US5550736A (en) * | 1993-04-27 | 1996-08-27 | Honeywell Inc. | Fail-operational fault tolerant flight critical computer architecture and monitoring method |
US5812757A (en) * | 1993-10-08 | 1998-09-22 | Mitsubishi Denki Kabushiki Kaisha | Processing board, a computer, and a fault recovery method for the computer |
US6112140A (en) * | 1996-05-14 | 2000-08-29 | The Boeing Company | Flight management system providing for automatic control display unit backup utilizing structured data routing |
US5903717A (en) * | 1997-04-02 | 1999-05-11 | General Dynamics Information Systems, Inc. | Fault tolerant computer system |
US5923830A (en) * | 1997-05-07 | 1999-07-13 | General Dynamics Information Systems, Inc. | Non-interrupting power control for fault tolerant computer systems |
FR2774359B1 (en) * | 1998-01-30 | 2000-04-07 | Aerospatiale | ENGINE CONTROL SYSTEM FOR AIRCRAFT |
US6085350A (en) * | 1998-03-04 | 2000-07-04 | Motorola, Inc. | Single event upset tolerant system and method |
FR2803057B1 (en) * | 1999-12-22 | 2002-11-29 | Centre Nat Etd Spatiales | COMPUTER SYSTEM TOLERANT TO TRANSIENT ERRORS AND MANAGEMENT METHOD IN SUCH A SYSTEM |
US6532550B1 (en) * | 2000-02-10 | 2003-03-11 | Westinghouse Electric Company Llc | Process protection system |
US6732300B1 (en) * | 2000-02-18 | 2004-05-04 | Lev Freydel | Hybrid triple redundant computer system |
US6550018B1 (en) * | 2000-02-18 | 2003-04-15 | The University Of Akron | Hybrid multiple redundant computer system |
US6990555B2 (en) * | 2001-01-09 | 2006-01-24 | Pact Xpp Technologies Ag | Method of hierarchical caching of configuration data having dataflow processors and modules having two- or multidimensional programmable cell structure (FPGAs, DPGAs, etc.) |
US6704887B2 (en) * | 2001-03-08 | 2004-03-09 | The United States Of America As Represented By The Secretary Of The Air Force | Method and apparatus for improved security in distributed-environment voting |
US7065672B2 (en) * | 2001-03-28 | 2006-06-20 | Stratus Technologies Bermuda Ltd. | Apparatus and methods for fault-tolerant computing using a switching fabric |
US6971043B2 (en) * | 2001-04-11 | 2005-11-29 | Stratus Technologies Bermuda Ltd | Apparatus and method for accessing a mass storage device in a fault-tolerant server |
US6928583B2 (en) * | 2001-04-11 | 2005-08-09 | Stratus Technologies Bermuda Ltd. | Apparatus and method for two computing elements in a fault-tolerant server to execute instructions in lockstep |
US6862693B2 (en) * | 2001-04-13 | 2005-03-01 | Sun Microsystems, Inc. | Providing fault-tolerance by comparing addresses and data from redundant processors running in lock-step |
US6839866B2 (en) * | 2001-05-31 | 2005-01-04 | Sycamore Networks, Inc. | System and method for the use of reset logic in high availability systems |
US6938183B2 (en) * | 2001-09-21 | 2005-08-30 | The Boeing Company | Fault tolerant processing architecture |
US6667520B1 (en) * | 2002-11-21 | 2003-12-23 | Honeywell International Inc. | SEU hard majority voter for triple redundancy |
US7260742B2 (en) * | 2003-01-28 | 2007-08-21 | Czajkowski David R | SEU and SEFI fault tolerant computer |
US7047440B1 (en) * | 2004-07-27 | 2006-05-16 | Freydel Lev R | Dual/triple redundant computer system |
US20060200278A1 (en) * | 2005-03-02 | 2006-09-07 | Honeywell International Inc. | Generic software fault mitigation |
-
2004
- 2004-06-15 US US10/867,894 patent/US7392426B2/en active Active
-
2005
- 2005-06-15 WO PCT/US2005/021063 patent/WO2006002069A2/en not_active Application Discontinuation
- 2005-06-15 EP EP05759169A patent/EP1759293A2/en not_active Withdrawn
- 2005-06-15 JP JP2007516665A patent/JP2008503002A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5274554A (en) * | 1991-02-01 | 1993-12-28 | The Boeing Company | Multiple-voting fault detection system for flight critical actuation control systems |
EP1014237A1 (en) * | 1998-12-17 | 2000-06-28 | Honeywell Inc. | Modular computer architecture |
Also Published As
Publication number | Publication date |
---|---|
US20050278567A1 (en) | 2005-12-15 |
US7392426B2 (en) | 2008-06-24 |
JP2008503002A (en) | 2008-01-31 |
WO2006002069A3 (en) | 2006-04-27 |
EP1759293A2 (en) | 2007-03-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7392426B2 (en) | Redundant processing architecture for single fault tolerance | |
EP0653708B1 (en) | Logic circuit having error detection function, redundant resource management method, and fault tolerant system using it | |
US5903717A (en) | Fault tolerant computer system | |
US7308605B2 (en) | Latent error detection | |
US7321989B2 (en) | Simultaneously multithreaded processing and single event failure detection method | |
US6519730B1 (en) | Computer and error recovery method for the same | |
US10657010B2 (en) | Error detection triggering a recovery process that determines whether the error is resolvable | |
US7020800B2 (en) | System and method for memory failure recovery using lockstep processes | |
US6334194B1 (en) | Fault tolerant computer employing double-redundant structure | |
RU2411570C2 (en) | Method and device to compare data in computer system, including at least two actuator units | |
US10114356B2 (en) | Method and apparatus for controlling a physical unit in an automation system | |
JPH06342381A (en) | Majority decision circuit, control unit, and semiconductor integrated circuit for majority decision | |
JP2007538340A (en) | Single fault tolerance in architectures with redundant systems | |
US7996585B2 (en) | Method and system for state tracking and recovery in multiprocessing computing systems | |
US10185635B2 (en) | Targeted recovery process | |
US20070271486A1 (en) | Method and system to detect software faults | |
CN103473153B (en) | For detecting the method and system of the incipient fault in microcontroller | |
US9977720B2 (en) | Method, information processing apparatus, and computer readable medium | |
WO2019012907A1 (en) | Computation device | |
JP2001306348A (en) | Redundant information processing system | |
US10719356B1 (en) | High integrity multicore computing environment with granular redundant multi-threading | |
Dugan et al. | Simple models of hardware and software fault tolerance | |
US9542266B2 (en) | Semiconductor integrated circuit and method of processing in semiconductor integrated circuit | |
Zhezhera et al. | Development of a functionally sustainable system of orientation of a free battle flighting unit | |
Wu et al. | Optimal fault-secure scheduling |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005759169 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007516665 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005759169 Country of ref document: EP |