Method for fault recognition in a system of systems

US 9,575,859 B2
Filed: 02/20/2013
Issued: 02/21/2017
Est. Priority Date: 02/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method for fault recognition in a distributed real-time computer system comprising fault containment units (FCUs), more particularly a fault-tolerant system of systems (SoS), which has a global timebase, characterised in thatthe fault containment units communicate by means of messages via at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel,and wherein a processing fault containment unit (VFCU) does not transmit any of its results that are influenced by one or more of the received messages to the environment of the processing fault containment unit or use the received messages for changing the inner state of the processing fault containment unit before the commitment times associated with the received messages, where the environment of the processing fault containment unit includes all receivers of messages from the processing fault containment unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for fault recognition in a distributed real-time computer system comprising fault containment units (FCUs), which has a global timebase, wherein the fault containment units communicate by means of messages via at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel, and wherein a processing fault containment unit (VFCU) does not transmit or use any of its results that are influenced by one or more of the received messages to the environment of the processing fault containment unit or before the commitment times associated with the received messages.

9 Citations

View as Search Results

18 Claims

1. A method for fault recognition in a distributed real-time computer system comprising fault containment units (FCUs), more particularly a fault-tolerant system of systems (SoS), which has a global timebase, characterised in thatthe fault containment units communicate by means of messages via at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel,and wherein a processing fault containment unit (VFCU) does not transmit any of its results that are influenced by one or more of the received messages to the environment of the processing fault containment unit or use the received messages for changing the inner state of the processing fault containment unit before the commitment times associated with the received messages, where the environment of the processing fault containment unit includes all receivers of messages from the processing fault containment unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, characterised in that the commitment time associated with a message is contained in the message.
  - 3. The method according to claim 1, characterised in that the commitment time associated with a message is derived from a time-controlled time schedule, determined a priori, of the fault containment units.
  - 4. The method according to claim 1, characterised in that a distinction is made between processing fault containment units (VFCUs) and monitor fault containment units (MFCUs), wherein the message distribution unit relays one or more messages of a sensor fault containment unit (SFCU) to one or more designated processing fault containment units and additionally to one or more monitor fault containment units, and wherein a monitor fault containment unit examines the content of the received messages and, if a fault is determined in a message, transmits a fault message to the one or more designated processing fault containment units before the commitment time associated with the message, such that the one or more designated processing fault containment units can reject all results influenced by the faulty message before the commitment time.
  - 5. The method according to claim 1, characterised in that, in a cyclically operating real-time computer system, in particular a cyclically operating system of systems, a designated processing fault containment unit replaces a result that is rejected in a cycle due to a fault with the result of the previous cycle.
  - 6. The method according to claim 1, characterised in that a multiplicity of fault containment units, which may take over sensor data, form messages in a cycle that have the same commitment time, wherein some or all of these messages are transmitted via one or more message distribution units to one or more processing fault containment units and to one or more monitor fault containment units, and wherein the processing fault containment units do not transmit any results that are influenced by one of these messages to the environment of a processing fault containment unit or use them for changing the inner state of a processing fault containment unit before the commitment time associated with the messages.
  - 7. The method according to claim 1, characterised in that the distribution unit relays received messages immediately to the monitor fault containment unit, but delays the relay of the messages to the processing fault containment units until the commitment time, wherein, in the case of a recognised fault, the monitor fault containment units transmit a fault message to the distribution unit before the commitment time, such that the distribution unit can reject the faulty messages and does not relay them to the processing fault containment units.
  - 8. The method according to claim 1, characterised in that the processing fault containment unit receiving a fault message decides, following analysis of the description of the fault contained in the fault message, whether the results will be transmitted in this cycle to the environment of the processing fault containment unit or will be used to permanently change the inner state of the processing fault containment unit.

9. A message distribution unit for conveying messages in a distributed real-time computer system, more particularly a fault-tolerant system of systems (SoS), which comprises fault containment units (FCUs) and which has a global timebase, wherein the fault containment units communicate by means of messages via the at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel, characterised in thatthe message distribution unit is designed to copy an incoming message and to transmit a copy of the message immediately to a monitor fault containment unit and to delay a second copy of the message until a commitment time associated with the message before the second copy of the message is transmitted from the message distribution unit to the following processing fault containment units.
- View Dependent Claims (10, 11)
- - 10. The message distribution unit according to claim 9, characterised in that the commitment time associated with a message is contained in the message.
  - 11. The message distribution unit according to claim 9, characterised in that the commitment time associated with a message is derived from a time-controlled time schedule, determined a priori, of the fault containment units.

12. A distributed real-time computer system, more particularly a fault-tolerant system of systems (SoS), which comprises fault containment units (FCUs) and which has a global timebase, comprising at least one message distribution unit for conveying messages, wherein the fault containment units communicate by means of messages via the at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel, characterised in thatthe message distribution unit is designed to copy an incoming message and to transmit a copy of the message immediately to a monitor fault containment unit and to delay a second copy of the message until a commitment time associated with the message before the second copy of the message is transmitted from the message distribution unit to the following processing fault containment unit.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The real-time computer system according to claim 12, characterised in that a distinction is made between processing fault containment units (VFCUs) and monitor fault containment units (MFCUs), wherein the message distribution unit relays one or more messages of a sensor fault containment unit (SFCU) to one or more designated processing fault containment units and additionally to one or more monitor fault containment units, and wherein a monitor fault containment unit examines the content of the received messages and, if a fault is determined in a message, transmits a fault message to the one or more designated processing fault containment units before the commitment time associated with the message, such that the one or more designated processing fault containment units can reject all results influenced by the faulty message before the commitment time.
  - 14. The real-time computer system according to claim 12, characterised in that, in a cyclically operating real-time computer system, in particular a cyclically operating system of systems, a designated processing fault containment unit advantageously replaces a result that is rejected in a cycle due to a fault with the result of the previous cycle.
  - 15. The real-time computer system according to claim 12, characterised in that a multiplicity of fault containment units, which may take over sensor data, form messages in a cycle that have the same commitment time, wherein some or all of these messages are transmitted via one or more message distribution units to one or more processing fault containment units and to one or more monitor fault containment units, and wherein the processing fault containment units do not transmit any results that are influenced by one of these messages to the environment of a processing fault containment unit or use them for changing the inner state of a processing fault containment unit before the commitment time associated with the messages.
  - 16. The real-time computer system according to claim 12, characterised in that the message distribution unit relays received messages immediately to the monitor fault containment unit, but delays the relay of the messages to the processing fault containment units until the commitment time, wherein, in the case of a recognised fault, the monitor fault containment units transmit a fault message to the distribution unit before the commitment time, such that the distribution unit can reject the faulty messages and does not relay them to the processing fault containment units.
  - 17. The real-time computer system according to claim 12, characterised in that the processing fault containment unit receiving a fault message decides, following analysis of the description of the fault contained in the fault message, whether the results will be transmitted in this cycle to the environment of the processing fault containment unit or will be used to permanently change the inner state of the processing fault containment unit.
  - 18. The real-time computer system according to claim 12, characterised in that the monitor fault containment unit checks the content of the message immediately and transmits a fault message to the message distribution unit in the case of a fault recognition before the commitment time, and the message distribution unit rejects a faulty message before the faulty message is transmitted by the switching unit to the designated processing fault containment unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TTTech Computertechnik AG
Original Assignee
FTS Computertechnik GmbH
Inventors
Poledna, Stefan
Primary Examiner(s)
Maskulinski, Michael
Assistant Examiner(s)
Amoroso, Anthony J

Application Number

US14/380,048
Publication Number

US 20150012779A1
Time in Patent Office

1,462 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0784   Routing of error reports, e...

G06F 11/1629   Error detection by comparin...

G06F 11/2294   by remote test

G06F 2201/805   Real-time

Method for fault recognition in a system of systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for fault recognition in a system of systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links