Synchronized, fail-operational, fail-safe multi-computer control system
First Claim
1. A multi-computer processing control system including a plurality of computer systems, each of said computer systems comprising:
- a central processing unit (CPU) operating under a program of instructions and having interrupt handling capability for running a plurality of asynchronous, unrelated programs;
a plurality of memory devices;
a plurality of input sources for providing data to said computer system in response to which said computer system contributes to the control of said process;
a data link to another one of said computer systems;
a direct memory access controller for communicating data between said input sources, at least one memory of the related computer system and, over said data link, at least one memory of said another one of said computer systems; and
a master clock means for providing a variety of clock signals for the control of the related computer system and a series of real time interrupt commands for interrupting said CPU, the master clock means of said computer system being interconnected with the master clock means of said another one of said computer systems for recognizing the first to be generated, specific one of said real interrupt command of any of the interconnected master clock means, in all of said computer systems to, said computer system and said other computer systems each interrupting the related CPU in response to said first to be generated real time interrupt command thereby synchronizing said computer system, said master clock means being connected to said direct memory access controller to synchronize said direct memory access controller with the related CPU of said computer system.
0 Assignments
0 Petitions
Accused Products
Abstract
For each of two computer systems, logic flowcharts describe background program in which highly detailed memory checksum tests of fixed memory and complementary tests of variable memory are performed, the background program being interrupted for utility programs which are for the most part responsive to transducer or other sensor and discrete inputs to calculate control values for operation of control actuators or other responsive devices. The utility programs include specific self test routines. A direct memory access unit is included in each computer for moving data between inputs of either computer and memories of both, and between the memories of both computers. Periodic testing of fault codes registering the health of each computer is done during utility program routines, any variation from normal causing further health-analysis routines to be performed until dispositive action-causing conditions are determined. Neither computer checks the internal health of other, but inputs, results and data link transmissions must compare equally between the two computers, or routines determine whether one computer will recognize itself (or a component thereof) as being faulty, and disable itself. If not, then each computer disables itself after disabling the other. A variety of self tests and other checks and routines are included. Disablement is accomplished in a complex fashion of each computer'"'"'s output, by itself, and additional disablement if instituted by the other computer.
31 Citations
3 Claims
-
1. A multi-computer processing control system including a plurality of computer systems, each of said computer systems comprising:
-
a central processing unit (CPU) operating under a program of instructions and having interrupt handling capability for running a plurality of asynchronous, unrelated programs; a plurality of memory devices; a plurality of input sources for providing data to said computer system in response to which said computer system contributes to the control of said process; a data link to another one of said computer systems; a direct memory access controller for communicating data between said input sources, at least one memory of the related computer system and, over said data link, at least one memory of said another one of said computer systems; and a master clock means for providing a variety of clock signals for the control of the related computer system and a series of real time interrupt commands for interrupting said CPU, the master clock means of said computer system being interconnected with the master clock means of said another one of said computer systems for recognizing the first to be generated, specific one of said real interrupt command of any of the interconnected master clock means, in all of said computer systems to, said computer system and said other computer systems each interrupting the related CPU in response to said first to be generated real time interrupt command thereby synchronizing said computer system, said master clock means being connected to said direct memory access controller to synchronize said direct memory access controller with the related CPU of said computer system. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneeUnited Technologies Corporation (Raytheon Technologies Corporation d/b/a RTX)
-
Original AssigneeUnited Technologies Corporation (Raytheon Technologies Corporation d/b/a RTX)
-
InventorsMurphy, Richard D., Clelford, Douglas H.
-
Primary Examiner(s)Shaw, Gareth D.
-
Assistant Examiner(s)Chan, Eddie P.
-
Application NumberUS06/151,489Time in Patent Office876 DaysField of Search364/200 MS File, 364/900 MS FileUS Class Current712/1CPC Class CodesG05D 1/0077 using redundant signals or ...G06F 11/08 Error detection or correcti...G06F 11/1633 using mutual exchange of th...G06F 11/165 with continued operation af...G06F 11/1683 at instruction levelG06F 11/1691 using a quantumG06F 11/277 with comparison between act...G06F 15/167 using a common memory, e.g....
