Fault-tolerant failsafe computer system using COTS components

US 9,665,447 B2
Filed: 12/26/2013
Issued: 05/30/2017
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a safety relevant component that generates a data packet in response to receiving a request to perform a task and that communicates the data packet;

a first fail-safe chassis (FSC) that;

continuously generates a first chassis health signal;

determines whether the data packet is valid; and

selectively determines whether to de-assert the first chassis health signal based on the determination;

a second FSC that;

continuously generates a second chassis health signal;

determines whether a copy of the data packet is valid; and

selectively determines whether to de-assert the second chassis health signal based on the determination; and

a safety relay box module that determines whether to instruct the first FSC to operate in a predetermined mode based on the first chassis health signal and the second chassis health signal.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a safety relevant component that generates a data packet in response to receiving a request to perform a task and that communicates the data packet. The system further includes a first fail-safe chassis (FSC) that continuously generates a first chassis health signal, that determines whether the data packet is valid, and that selectively determines whether to de-assert the first chassis health signal based on the determination. The system also includes a second FSC that continuously generates a second chassis health signal, that determines whether a copy of the data packet is valid, and that selectively determines whether to de-assert the second chassis health signal based on the determination. The system further includes a safety relay box module that determines whether to instruct the first FSC to operate in a predetermined mode based on the first chassis health signal and the second chassis health signal.

3 Citations

20 Claims

1. A system comprising:
- a safety relevant component that generates a data packet in response to receiving a request to perform a task and that communicates the data packet;
  
  a first fail-safe chassis (FSC) that;
  
  continuously generates a first chassis health signal;
  
  determines whether the data packet is valid; and
  
  selectively determines whether to de-assert the first chassis health signal based on the determination;
  
  a second FSC that;
  
  continuously generates a second chassis health signal;
  
  determines whether a copy of the data packet is valid; and
  
  selectively determines whether to de-assert the second chassis health signal based on the determination; and
  
  a safety relay box module that determines whether to instruct the first FSC to operate in a predetermined mode based on the first chassis health signal and the second chassis health signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the first FSC includes a first master CPU that receives a first copy of the data packet and a first checker CPU that receives a second copy of the data packet.
  - 3. The system of claim 2 wherein the first master CPU determines whether the requested task is a safety-relevant task based on a value stored in a mask register.
  - 4. The system of claim 3 wherein the first master CPU communicates, in response to the determination that the requested task is a safety-relevant task, the first copy of the data packet to the first checker CPU and wherein the first checker CPU communicates, in response to the determination that the requested task is a safety-relevant task, the second copy of the data packet to the first master CPU.
  - 5. The system of claim 4 wherein the first master CPU generates a first fault signal based on a first comparison between the first copy of the data packet and the second copy of the data packet and wherein the first checker CPU generates a second fault signal based on a second comparison between the second copy of the data packet and the first copy of the data packet.
  - 6. The system of claim 5 wherein the first FSC instructs the safety relevant component to perform the task based on the first fault signal and the second fault signal.
  - 7. The system of claim 1 wherein the first FSC determines a first status of a first mask register and wherein the second FSC determines a second status of a second mask register.
  - 8. The system of claim 7 wherein the safety relay box module instructs the first FSC to operate in the predetermined mode based on the first chassis health signal, the second chassis health signal, the first status, and the second status.
  - 9. The system of claim 7 wherein the safety relay box module determines whether to instruct the first FSC to operate in a safe state based on the first chassis health signal and the first status.
  - 10. The system of claim 9 wherein the second FSC determines whether to operate in the predetermine mode based on the safety relay box module instructing the first FSC to operate in the safe state.

11. A method comprising:
- generating a data packet in response to receiving a request to perform a task;
  
  communicating the data packet;
  
  continuously generating a first chassis health signal;
  
  determining whether the data packet is valid;
  
  selectively determining whether to de-assert the first health chassis signal based on the determination;
  
  continuously generating a second chassis health signal;
  
  determining whether a copy of the data packet is valid;
  
  selectively determining whether to de-assert the second health chassis signal based on the determination; and
  
  determining whether to instruct a first FSC to operate in a predetermined mode based on the first chassis health signal and the second chassis health signal.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 further comprising receiving a first copy of the data packet and receiving a second copy of the data packet.
  - 13. The method of claim 12 further comprising determining whether the requested task is a safety-relevant task based on a value stored in a mask register.
  - 14. The method of claim 13 further comprising communicating, in response to the determination that the requested task is a safety-relevant task, the first copy of the data packet to and communicating, in response to the determination that the requested task is a safety-relevant task, the second copy of the data packet.
  - 15. The method of claim 14 further comprising generating a first fault signal based on a first comparison between the first copy of the data packet and the second copy of the data packet and generating a second fault signal based on a second comparison between the second copy of the data packet and the first copy of the data packet.
  - 16. The method of claim 15 further comprising instructing the safety relevant component to perform the task based on the first fault signal and the second fault signal.
  - 17. The method of claim 12 further comprising determining a first status of a first mask register determining a second status of a second mask register.
  - 18. The method of claim 17 further comprising instructing a first FSC to operate in the predetermined mode based on the first chassis health signal, the second chassis health signal, the first status, and the second status.
  - 19. The method of claim 17 further comprising determining whether to instruct the first FSC to operate in a safe state based on the first chassis health signal and the first status.
  - 20. The method of claim 19 further comprising determining whether a second FSC will operate in the predetermine mode based on the first FSC to operating in the safe state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SMART Embedded Computing, Inc. (Smart Global Holdings Incorporated)
Original Assignee
Artesyn Embedded Computing Inc. (Smart Global Holdings Incorporated)
Inventors
Cornes, Martin Peter John, Vaananen, Pasi Jukka Petteri, Jiang, Liu
Primary Examiner(s)
BUTLER, SARAI E

Application Number

US14/140,686
Publication Number

US 20150169427A1
Time in Patent Office

1,251 Days
Field of Search

714 471
US Class Current
CPC Class Codes

G06F 11/1637 using additional compare fu...

G06F 11/165 with continued operation af...

Fault-tolerant failsafe computer system using COTS components

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

3 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Fault-tolerant failsafe computer system using COTS components

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others