Backup control system (BUCS)
First Claim
Patent Images
1. In a computer system (10) having a plurality of identical processors (12) and controlling a device (24), a method of providing control over the device comprising:
- installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software directing the operation of the processors to control the device during normal operation;
installing backup software, dissimilar from the primary software, in an isolated portion (20) of memory (16) associated with at least one of the processors (12), said backup software capable of directing the operation of the processor(s) to control the device of in the event of a sensed event;
sensing for a fault event occurring in the primary software affecting all processors;
sensing for a fault event occurring in the primary software affecting a majority of the processors (12);
sensing for an externally initiated event represented by a backup software transfer command signal;
providing a nonmaskable interrupt request in response to one of said sensed events;
completing whatever instruction is being executed in the primary software when the nonmaskable interrupt request is provided, and then acknowledging the nonmaskable interrupt request; and
disabling the primary software and executing the backup software in response to the nonmaskable interrupt request so as to maintain control over the device with the backup software associated with the at least one processor.
0 Assignments
0 Petitions
Accused Products
Abstract
A backup software program is installed in an isolated portion in the memory of at least one of redundant computers. The backup program performs basically the same functions as the prime program but is dissimilarly programmed to prevent a common software error. Switchover to the backup program occurs either automatically in response to monitors, or manually by the operator (i.e. pilot) when he detects an anomaly.
41 Citations
10 Claims
-
1. In a computer system (10) having a plurality of identical processors (12) and controlling a device (24), a method of providing control over the device comprising:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software directing the operation of the processors to control the device during normal operation; installing backup software, dissimilar from the primary software, in an isolated portion (20) of memory (16) associated with at least one of the processors (12), said backup software capable of directing the operation of the processor(s) to control the device of in the event of a sensed event; sensing for a fault event occurring in the primary software affecting all processors; sensing for a fault event occurring in the primary software affecting a majority of the processors (12); sensing for an externally initiated event represented by a backup software transfer command signal; providing a nonmaskable interrupt request in response to one of said sensed events; completing whatever instruction is being executed in the primary software when the nonmaskable interrupt request is provided, and then acknowledging the nonmaskable interrupt request; and disabling the primary software and executing the backup software in response to the nonmaskable interrupt request so as to maintain control over the device with the backup software associated with the at least one processor. - View Dependent Claims (2, 3)
-
-
4. In a computer system (10) having at least two identical processors (12) and controlling a device (24), a method of providing control over the device comprising:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software directing the operation of the processors to control the device during normal operation; installing backup software, dissimilar from the primary software, in an isolated portion (20) of memory (16) associated with at least one of the processors (12), said backup software capable of directing the operation of the processor(s) to control the device in the event of a sensed fault in the primary software affecting all processors; enabling a nonmaskable interrupt request circuit; sensing the fault in the primary software affecting all processors; providing a nonmaskable interrupt request in response to the sensed fault; completing whatever instruction is being executed in the primary software when the nonmaskable interrupt request is provided, and then acknowledging the nonmaskable interrupt request; and disabling the primary software and executing the backup software in response to the nonmaskable interrupt request so as to maintain control over the device with the backup software associated with the at least one processor.
-
-
5. In a computer system (10) having a plurality of identical processors (12) and controlling a device (24), a method of providing control over the device comprising:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software directing the operation of the processors to control the device during normal operation; installing backup software, dissimilar from the primary software, in an isolated portion (20) of memory (16) associated with at least one of the processors (12), said backup software capable of directing the operation of the processors(s) to control the device in the event of a sensed fault in the primary software affecting a majority of the processors; sensing a first to occur fault in the primary software affecting any one or more of the processors; providing a transfer enable signal for a selected period after sensing said fault in said one or more of the processors; sensing said fault in the primary software affecting a majority of the processors and providing a transfer signal for so long as said fault persists; providing a nonmaskable interrupt request in response to the sensed fault only if said transfer signal occurs concurrently with said enable signal; completing whatever instruction is being executed in the primary software when the nonmaskable interrupt request is provided, and then acknowledging the nonmaskable interrupt request; and disabling the primary software and executing the backup software in response to the nonmaskable interrupt request so as to maintain control over the device with the backup software associated with the at least one processor.
-
-
6. A method of providing control over a device (24) by means of a computer system (10) having a plurality of identical processors (12), comprising the steps of:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software in each channel'"'"'s memory (18) for directing the operating of its associated processor to control the device; installing backup software, dissimilar from said primary software, in a portion (20) of said memory (16) in at least one of the processors (12), said backup software protected by hardware (80) from access by said primary software, said backup software for directing the operation of the processor(s) to control the device (24) in the event of a sensed fault in said primary software affecting the processors; sensing, by means of a window timer, a fault in said primary software affecting the processors (12) and providing a fault signal indicative thereof; and disabling, in response to said fault signal, said primary software and activating said backup software so as to maintain control over the device (24) with said backup software.
-
-
7. A method of providing control over a device (24) by means of a computer system (10) having a plurality of identical processors (12), comprising the steps of:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software in each channel'"'"'s memory (18) for directing the operating of its associated processor to control the device; installing backup software, dissimilar from said primary software, in a portion (20) of said memory (16) in at least one of the processors (12), said backup software protected by hardware (80) from access by said primary software, said backup software for directing the operation of the processor(s) to control the device (24) in the event of a sensed fault in said primary software affecting the processors; sensing, by means of hardware (22), for a fault event occurring in the primary software affecting a majority of the processors (12) and sensing for an externally initiated event represented by a backup software transfer command signal and providing said fault signal in response to one of said sensed events; and disabling in response to said fault signal, said primary software and activating said backup software so as to maintain control over the device (24) with said backup software.
-
-
8. A method of providing control over a device (24) by means of a computer system (10) having a plurality of identical processors (12), comprising the steps of:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software in each channel'"'"'s memory (18) for directing the operating of its associated processor to control the device; installing backup software, dissimilar from said primary software, in a portion (20) of said memory (16) in at least one of the processors (12), said backup software protected by hardware (80) from access by said primary software, said backup software for directing the operation of the processor(s) to control the device (24) in the event of a sensed fault in said primary software affecting the processors; sensing by means of hardware (22), a fault in said primary software affecting the processors (12) and providing a fault signal in the form of a nonmaskable interrupt signal in response to the sensing of said fault in said primary software affecting the processors and wherein said step of disabling comprises the step of jam transferring to said backup software in response to said nonmaskable interrupt signal; and disabling, in response to said fault signal, said primary software and activating said backup software so as to maintain control over the device (24) with said backup software.
-
-
9. A method of providing control over a device (24) by means of a computer system (10) having a plurality of identical processors (12), comprising the steps of:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software in each channel'"'"'s memory (18) for directing the operating of its associated processor to control the device; installing backup software, dissimilar from said primary software, in a portion (20) of said memory (16) in at least one of the processors (12), said backup software protected by hardware (80) from access by said primary software, said backup software for directing the operation of the processor(s) to control the device (24) in the event of a sensed fault in said primary software affecting the processors; sensing, by means of hardware (22), a first to occur fault in the primary software affecting any one or more of the processors (12) and providing a transfer enable signal for a selected period after sensing said first fault event and providing a transfer request in response to n-1 fault event if said n-1 fault event; and disabling, in response to said fault signal, said primary software and activating said backup software so as to maintain control over the device (24) with said backup software.
-
-
10. A method of providing control over a device (24) by means of a computer system (10) having a plurality of identical processors (12), comprising the steps of:
-
installing identical primary software in a portion (18) of memory (16) associated with each processor (12), said primary software in each channel'"'"'s memory (18) for directing the operating of its associated processor to control the device; installing backup software, dissimilar from said primary software, in a portion (20) of said memory (16) in at least one of the processors (12), said backup software protected by hardware (80) from access by said primary software, said backup software for directing the operation of the processor(s) to control the device (24) in the event of a sensed fault in said primary software affecting the processors; sensing, by means of hardware (22) a fault in said primary software affecting the processors (12) and providing a fault signal indicative thereof; and disabling, in response to said fault signal, said primary software and activating said backup software so as to maintain control over the device (24) with said backup software; wherein said backup software (20) in each channel are operated synchronously and said device (24) is controlled by means of synchronized command signals to control transients.
-
Specification