Generic software fault mitigation
First Claim
Patent Images
1. A computer system capable of mitigating a generic software fault thereon, said system comprising:
- (a) a computing channel including a main processor under control of a first operating system and a monitor processor under control of a second operating system , said first and second operating systems being distinct;
(b) means for providing the same inputs to said main and monitor processors, said main and monitor processors performing the same processing steps to produce output data;
(c) means for comparing said output data from said main and monitor processors to detect a software fault and for producing a generic failure discrete upon said output data from said main and monitor processors not agreeing within a predetermined threshold value; and
(d) means responsive to said comparing means determining that said output data from s aid main and monitor processors do not agree for causing execution of a fully tested software package distinct from said operating systems to mitigate any effect of the detected software fault.
1 Assignment
0 Petitions
Accused Products
Abstract
A flight control computer system includes a plurality of computing channels (11, 21, and 31) where each computing channel further includes a main processor (113) and a monitor processor (114) under control of distinct operating systems. When the main processor and the monitor processor miscompare, cross-channel failure discretes (131) are transmitted to the other computing channels and a local generic fault discrete is armed. When the local generic fault discrete is armed and cross-channel failure discretes (141, 142) are received from the other computing channels, a program interrupt (133) is issued causing the main processor to execute a minimal fully tested ‘get home’ software package (150).
80 Citations
9 Claims
-
1. A computer system capable of mitigating a generic software fault thereon, said system comprising:
-
(a) a computing channel including a main processor under control of a first operating system and a monitor processor under control of a second operating system , said first and second operating systems being distinct;
(b) means for providing the same inputs to said main and monitor processors, said main and monitor processors performing the same processing steps to produce output data;
(c) means for comparing said output data from said main and monitor processors to detect a software fault and for producing a generic failure discrete upon said output data from said main and monitor processors not agreeing within a predetermined threshold value; and
(d) means responsive to said comparing means determining that said output data from s aid main and monitor processors do not agree for causing execution of a fully tested software package distinct from said operating systems to mitigate any effect of the detected software fault. - View Dependent Claims (2, 3, 4)
-
-
5. A method for mitigating a generic software fault in a computer system comprising a computing channel including a main processor and a monitor processor, said main and monitor processors being under control of distinct operating systems for performing the same functions;
- said method comprising the steps of;
(a) inputting input data to said main and said monitor processors;
(b) processing said input data by said main and said monitor processors to produce output data from said main and said monitor processors, (c) comparing said output data from said main and said monitor processors to detect a software fault if they do not agree within a predetermined threshold value; and
(d) executing a fully tested software package distinct from said main and said monitor operating systems responsive to detection of the software fault to mitigate any effect of the detected software fault. - View Dependent Claims (6, 7)
- said method comprising the steps of;
-
8. A method of mitigating a generic software fault in a multi-channel flight control computer system (1) comprising a plurality of computing channels (11, 21, and 31), each channel including a main processor (113) and a monitor processor (114), said method comprising the steps of:
-
(a) inputting data (step 41) into a shared memory (112) of a first of said channels (11) that is accessible by either the main processor (113) or associated monitor processor (114) of said first of said channels;
(b) processing data at the main processor (step 42) by reading inputs (121) from said shared memory, computing main processor output data (122), and placing the main processor output data into said shared memory;
(c) processing data at the monitor processor (step 43) by reading inputs from said shared memory, computing monitor processor output data (123), and placing the monitor processor output data into said shared memory;
(c) comparing data at the main processor (step 44) by determining whether the main processor output data and the monitor processor output data agree with each other within a predetermined set of threshold values and outputting a main processor miscompare discrete (124) when they do not agree;
(d) comparing data at the monitor processor (step 45) by determining whether the main processor output data and the monitor processor output data agree with each other within a predetermined threshold and outputting a monitor processor miscompare discrete (125) when they do not agree and such disagreement persists;
(e) transmitting (step 46) a plurality of cross-channel failure discretes (131) to each of the other computing channels (21, 31) and arming a local generic fault discrete (132);
(f) causing a program interrupt (step 47) when the local generic fault discrete is armed and a set of corresponding cross-channel failure discretes (141, 142) are received from said plurality of other computing channels; and
(g) running (step 48) a minimal fully tested software package (150) on said main processor to mitigate the generic software fault. - View Dependent Claims (9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHoneywell International Inc.
-
Original AssigneeHoneywell International Inc.
-
InventorsFeintuch, Martin W.
-
Application NumberUS11/070,018Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current701/3CPC Class CodesG05B 9/03 with multiple-channel loop,...G06F 11/1487 using N-version programmingG06F 11/1641 where the comparison is not...G06F 11/1645 and the comparison itself u...
