CN105093979A - Fail-safe processing apparatus - Google Patents

Fail-safe processing apparatus Download PDF

Info

Publication number
CN105093979A
CN105093979A CN201510260992.6A CN201510260992A CN105093979A CN 105093979 A CN105093979 A CN 105093979A CN 201510260992 A CN201510260992 A CN 201510260992A CN 105093979 A CN105093979 A CN 105093979A
Authority
CN
China
Prior art keywords
operational part
power supply
failure safe
data
output data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510260992.6A
Other languages
Chinese (zh)
Other versions
CN105093979B (en
Inventor
加藤翔平
作山秀夫
柴田直树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Publication of CN105093979A publication Critical patent/CN105093979A/en
Application granted granted Critical
Publication of CN105093979B publication Critical patent/CN105093979B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1608Error detection by comparing the output signals of redundant hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • G06F11/182Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits based on mutual exchange of the output between redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1633Error detection by comparing the output of redundant processing systems using mutual exchange of the output between the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2015Redundant power supplies

Abstract

A fail-safe processing apparatus has a plurality of calculation units 12 & 13 having a function to simultaneously perform the same calculation and mutually monitor the output data. An output control unit 16 has a function to temporarily store the output data for each of the calculation units and output the stored data for each of the calculation units according to an instruction from one of the plurality of calculation units. A plurality of power supplies are provided for each of the calculation units, wherein one of the plurality of power supplies supplies power not only to the associated calculation unit but also to the output control unit. At least one of the power supplies may have a different power capacity from the others. Each of the calculation units may have a function to send a reset signal to the other calculation units. If the mutually monitored data in unmatched each of the plurality of calculation units may send the reset signal and when the reset signal is received each of the plurality of calculation units may stop their own calculations. The output data is temporarily stored in a buffer in the output control unit.

Description

Failure safe arithmetic processing apparatus
Technical field
The present invention relates to and a kind ofly in inside, there is multiple operational part requiring what the field of high security used, adopt the safe arithmetic processing apparatus of multiple system failure ensureing the failsafe configuration that its operation result is consistent.
Background technology
The field of high security is required in railway signaling safety system, power house etc., operational part multiplex comes with reference to its result by the system of carrying out calculation process, if consistent, continue normal action, if inconsistent, perform a series of control thus transfer to safe state as system.
Therefore, need to get rid of the reason that multiple operational part carries out the output of identical mistake simultaneously.As one of its reason, there is the interim variation in voltage of power supply.In patent documentation 1 and patent documentation 2, to multiple operational part supply power individually.The probability that the fault of identical type occurs power supply is simultaneously low, therefore, it is possible to reduce because the fault operational part of power supply carries out the probability of the output of identical mistake simultaneously.
But when the power supply of supply separately produces same variation in voltage simultaneously, operational part exports the data of identical mistake simultaneously, may cannot detect that the data ground of mistake externally exports thus in output control part.In patent documentation 1, the CPU of folk prescription is also connected with the power supply of the opposing party the power supply monitoring this opposing party, and in addition, in documents 2, the CPU of both sides monitors that respective power supply exports mutually, detects the interim variation of multiple power supply thus.But when there is interim variation in voltage in the supply, likely CPU can not receive the data of the operational stop instruction such as the reset ground output error from power monitoring portion.
Patent documentation 1: Japanese Unexamined Patent Publication 2002-116921 publication
Patent documentation 2: Japanese Unexamined Patent Publication 6-298105 publication
Summary of the invention
The object of the invention is to, in failure safe arithmetic processing apparatus, even if there occurs interim variation in voltage in the power supply supplied to multiple arithmetic processing section, also can get rid of the possibility of the operation result of output error.
The present invention is in order to solve above-mentioned problem, any one power supply in multiple power supplys of electric power is separately supplied except to except the operational part supply electric power of correspondence for the multiple operational parts forming failure safe arithmetic processing apparatus, also to the circuit part supply electric power beyond the operational part of formation failure safe arithmetic processing apparatus, or any one power supply in above-mentioned multiple power supply is made to become the power supply capacity different from other power supply.
According to the present invention, even if when there occurs interim variation in voltage in the supply, because the timing of the impact being subject to variation in voltage in each operational part there are differences, the situation that each operational part above-mentioned exports the operation result of identical mistake simultaneously can be got rid of.
Accompanying drawing explanation
Fig. 1 is the structural drawing of the failure safe arithmetic processing apparatus of embodiment 1.
Fig. 2 is by the equivalent circuit figure after the circuit reduction beyond the operational part of embodiment 1 by resistance and capacitive component.
Fig. 3 is variation in voltage in each operational part when representing the variation of input voltage in embodiment 1, clock and export the figure of passage of time of data.
Fig. 4 is the structural drawing of the failure safe arithmetic processing apparatus of embodiment 2.
Fig. 5 is the structural drawing of the failure safe arithmetic processing apparatus of embodiment 3.
Symbol description
11,41,51 failure safe arithmetic processing apparatus; 12 operational part A; 13 operational part B; 14 power supply A; 15,45 power supply B; 16 output control parts; 17 impact dampers; 18 other circuit; 52 operational part C; 54 power supply C; 20A system power supply; 21A system power source voltage; The resistance components R of the load beyond 22A system operations portion a; The capacitive component C of 23A circuit system entirety a; The voltage in 24A system operations portion; 25B system power supply; 26B system power source voltage; The resistance components R of the load beyond 27B system operations portion b; The capacitive component C of 28B circuit system entirety b; The voltage in 29B system operations portion; 30 power supply input variations; Variation in voltage in 31A system operations portion; 32A system operations portion's action lower threshold voltage; 33A system operations portion Action clock; 34A system operations portion exports data; The output data of the mistake in 35A system operations portion; Variation in voltage in 36B system operations portion; 37B system operations portion's action lower threshold voltage; 38B system operations portion Action clock; 39B system operations portion exports data; The output data of the mistake in 40B system operations portion.
Embodiment
Below, as embodiments of the present invention, in order embodiment 1 ~ embodiment 3 is described.
(embodiment 1)
About embodiments of the invention 1, be described with reference to Fig. 1 ~ Fig. 3.
Embodiment 1 is the failure safe arithmetic processing apparatus as multiplicated system, to have the operational part that two are carried out identical computing simultaneously, and possesses two with the situation based on the duplex system structure of the power supply of capacity.Fig. 1 is the structural drawing of the failure safe arithmetic processing apparatus of embodiment 1.
Failure safe arithmetic processing apparatus 11 is for the operational part to output data demand fail safe.In the construction shown in fig. 1, in order to assure fail safe, there are these two operational parts of operational part A (12) and operational part B (13).From failure safe arithmetic processing apparatus 11 export data based on the data calculated by operational part A (12) and operational part B (13).
The data exported from operational part A (12) and operational part B (13) are temporarily preserved in (temporarily storing) impact damper 17 in output control part (16).Operational part A (12) and operational part B (13) monitors respective output data mutually, confirms that mutual output data are equal.When confirming mutual output data consistent, according to the data of preserving in the impact damper 17 that the instruction of operational part A (12) exports in output control part 16.When at least any one party in the output data when both sides have problems mutual Data Data inconsistent, do not export data from impact damper 17.In addition, operational part A (12) and operational part B (13) has function subject side (to method, system) being sent to the reset signal for stopping computing, when creating the problems such as mutual output data are inconsistent, subject side is resetted.
The probability that operational part A (12) and operational part B (13) both sides break down simultaneously is very low, consists of the failure safe arithmetic processing apparatus that can carry out failure safe output such method.
But, when there is the failure cause of identical type for operational part A (12) and operational part B (13) simultaneously, there is the danger exporting same rub-out signal from the operational part of both sides.So, even if operational part A (12) and operational part B (13) carries out the mutual supervision exporting data, also likely this mistake cannot be detected, thus the signal of externally output error.
Therefore, in failure safe arithmetic processing apparatus, as mentioned above, need the failure cause doing one's utmost to get rid of identical type simultaneously, fully suppress the probability of externally output error signal.
As the failure cause of identical type while above-mentioned, exemplify the power supply supplied to operational part A (12) and operational part B (13).When operational part A (12) and operational part B (13) accepts electric power supply from public power, when there is interim exception in public power, operational part A (12) and operational part B (13) may export the data of identical mistake simultaneously.
Therefore, from power supply A (14), electric power supply is carried out for operational part A (12), from power supply B (15), electric power supply is carried out for operational part 13 (B).The probability that power supply A (14) and power supply B (15) both sides produce the fault of identical type is simultaneously very low, so be separated by the power supply that will supply to operational part A (12) and operational part B (13), the operational part that can reduce both sides produces the probability of the fault of identical type simultaneously.
But, when there occurs variation in voltage in power supply A (14) and power supply B (15) simultaneously, for equal, export the interim abnormal voltage of same levels in the size (comprising operational part A (12) and operational part B (13)) of the load for each power supply simultaneously.Thus, the possibility simultaneously producing abnormality of the same race in operational part A (12) and operational part B (13) is appeared at.Now, operational part A (12) and operational part B (13), even if carry out the mutual supervision of respective output data, also likely cannot detect the mistake exporting data, thus the data of externally output error.
Therefore, in embodiment 1, even if there is above-mentioned abnormity of power supply, in order to the data preventing operational part A (12) and operational part B (13) from exporting identical mistake simultaneously, as shown in Figure 1 the load be connected with power supply is taken measures.As this measure, circuit beyond from any one power supply A (14) or power supply B (15) to operational part A (12) and operational part B (13) (such as, output control part 16, other circuit 18) supply power, make the size band of load variant thus consciously.
In order to illustrate, represent the equivalent circuit figure after the operational part A (12) in Fig. 1 and the circuit beyond operational part B (13) (output control part 16, other circuit 18) being simplified by resistance and capacitive component in fig. 2.
(A) of Fig. 2 is the equivalent circuit of A circuit system, and A system power supply 20 is equivalent to the power supply A (14) of Fig. 1.The resistance components R of the load beyond operational part A (12) a22 are made up of the substrate of failure safe arithmetic processing apparatus 11 and the resistance components of circuit.The capacitive component C of A circuit system entirety a23 are made up of from the substrate of failure safe arithmetic processing apparatus 11 of the voltage of A system power supply 20 and the capacitive component of circuit the capacitive component comprised in A system power supply 20 self and being supplied to beyond the operational part A (12).In addition, the input voltage applied to operational part A (12) is equivalent to the input voltage E in A system operations portion cPU_A24.
(B) of Fig. 2 is the equivalent circuit of B circuit system, and B system power supply 25 is equivalent to the power supply B (15) of Fig. 1.The resistance components R of the load beyond operational part B (13) b28 are made up of the substrate of failure safe arithmetic processing apparatus 11 and the resistance components of circuit.The capacitive component C of B circuit system entirety b28 are made up of from the substrate of failure safe arithmetic processing apparatus 11 of the voltage of B system power supply 25 and the capacitive component of circuit the capacitive component comprised in B system power supply 26 self and being supplied to beyond the operational part B (13).In addition, the input voltage applied to operational part B (13) is equivalent to the input voltage E in B system operations portion cPU_B29.
As shown in Figure 1, the circuit be connected with the power supply A (14) of A system is compared to the circuit be connected with power supply B (15), and circuit number is few, in addition, the IC etc. used in output control part 16 with other circuit 17 is the load be connected side by side with circuit, so R a> R b.Represent A system power source voltage E now in figure 3 in_A21 and B system power source voltage in_Bthe input voltage Ecpu in A system operations portion during 26 variation _ A24 and the input voltage Ecpu in B system operations portion _ Bthe variation of 29, clock and export the relation of data.
By the A system power source voltage E of the variation in voltage 30, Fig. 2 of the power supply shown in Fig. 3 in_A21 and B system power source voltage E in_B26 also together change.Therefore, the input voltage Ecpu in the A system operations portion of Fig. 2 _ A24 produce the input voltage variation 31 in the A system operations portion of Fig. 3, similarly, and the input voltage Ecpu in the B system operations portion of Fig. 2 _ B29 produce the input voltage variation 36 in the B system operations portion of Fig. 3.
At this, produce the variation in voltage 30 of power supply, from V 1to V 2the input voltage Ecpu in A system operations portion during voltage drop _ A24 and the input voltage Ecpu in B system operations portion _ Bthe variation of 29 is represented by following formula.
E CPU_A=V 2×{1-exp(-t/R AC A)}+V 1×exp(-t/R AC A)
E CPU_B=V 2×{1-exp(-t/R BC B)}+V 1×exp(-t/R BC B)
Generally, about operational part, even if carry out designing when making its variation in voltage in generation about 10% and also do not carry out misoperation, so the action lower threshold voltage 32 in the A system operations portion of Fig. 3 and the action lower threshold voltage 37 in B system operations portion to be set to specified 10%.In addition, minimum value when being declined due to above-mentioned variation in voltage by each input voltage in A system operations portion and B system operations portion is set to V 2, make this minimum value V 2lower than the action lower threshold 32 in A system operations portion and the action lower threshold 37 in B system operations portion.
So, when occurring to decline from power supply input variation 30 to the variation in voltage 31 in A system operations portion lower than the time Δ t of the action lower threshold voltage 32 in A system operations portion aand when occurring to decline from power supply input variation 30 to the variation in voltage 36 in B system operations portion lower than the time Δ t of the action lower threshold voltage 37 in B system operations portion brepresented by following relational expression.
0.9V 1=V 2×{1-exp(-Δt A/R AC A)}+V 1×exp(-Δt A/R AC A)
0.9V 1=V 2×{1-exp(-Δt B/R BC B)}+V 1×exp(-Δt B/R BC B)
When obtaining Δ t according to these relational expressions aand Δ t btime, become following.
Δt A=-R AC Aln{(0.9V 1-V 2)/(V 1-V 2)}
Δt B=-R BC Bln{(0.9V 1-V 2)/(V 1-V 2)}
In addition, when the frequency of the Action clock 33 and 38 of each operational part of A system and B system is set to f [Hz], the length of data 1 bit becomes 1/f [s].More than beginning bit offset 1 bit in order to the output data 40 of the mistake in the beginning bit of the output data 35 of the mistake in the output data 34 in A system operations portion and the output data 39 in B system operations portion, the conditional that demand fulfillment is shown below.
Δt B-Δt A=-R BC Bln{(0.9V 1-V 2)/(V 1-V 2)}+R AC Aln{(0.9V 1-V 2)/(V 1-V 2)}>1/f
According to above-mentioned conditional, design A system and the respective resistance components of B circuit system and capacitive component (load beyond each operational part of A system and B system), make it meet following relational expression.
R AC A-R BC B>1/[f×ln{(0.9V 1-V 2)/(V 1-V 2)}]
In addition, in order to reach above-mentioned relation formula effectively, the load with operational part A (12) and operational part B (13) same degree can be connected to any one power supply (in FIG power supply A (14) or power supply B (15)).
In the failure safe arithmetic processing apparatus 11 shown in Fig. 1, operational part A (12) and operational part B (13) carries out same computing.Then, output control part 17 confirm in the output data 34 from operational part A (12) and the output data 39 from operational part (13) at least any one has no problem.So, as shown in Figure 4, when the input voltage change from power supply, even if if the output data 39 in the output data 34 in A system operations portion and B system operations portion differ 1 bit, because mutually monitoring respective output by operational part A (12) and operational part B (13), the mistake exporting data can be detected.
Therefore, it is possible to provide one can not export the failure safe arithmetic processing apparatus of the data exported from operational part A (12) and operational part B (13) mistakenly from output control part 16.
(embodiment 2)
The feature of embodiments of the invention 2 is, respectively to forming in each power supply unit of each operational part supply electric power of failure safe arithmetic processing apparatus, makes its power supply capacity have difference.Represent that in the failure safe arithmetic processing apparatus (Fig. 1) in dual system, power supply unit is the figure of the structure of different power supply capacitys as embodiment 2, Fig. 4.
Such as, power supply B (45) uses the power supply that power supply capacity is larger than power supply A (14).Thus, even if when there occurs variation in voltage in power supply A (14) and power supply B (45) simultaneously, owing to making power supply capacity have difference, can prevent operational part A (12) and operational part B (13) from exporting identical misdata simultaneously.
(embodiment 3)
Embodiments of the invention 3 are for the embodiment of triplex system as the failure safe arithmetic processing apparatus of multiplicated system.Fig. 5 is the figure of the structure of the failure safe arithmetic processing apparatus representing the triplex system having added power supply C (54) and operational part C (52).Operational part C (52) carries out same computing with operational part A (12) and operational part (B) 13 simultaneously.In addition, operational part A (12), operational part B (13) and operational part C (52) have and mutually monitor output respectively, and carry out the function of the other side's system reset.
In the structure shown in Fig. 5, power supply C (54), except supplying except electric power to operational part C (52), also carries out electric power supply to output control part 16 and other circuit 18.Thus, compared with load when power supply A (14) and power supply B (115) carries out electric power supply to each operational part (12) and operational part (13) carries out the load of electric power supply with power supply C (54), varying in size of load.Certainly, power supply C (54) can be replaced, by power supply A (14) or power supply B (15), electric power supply be carried out to output control part 16 and other circuit 18.
Therefore, even if when variation in voltage all occurs three power supplys simultaneously, the data of operational part A (12), operational part B (13) and operational part C (52) output error simultaneously can be prevented.

Claims (6)

1. a failure safe arithmetic unit, is characterized in that, possesses:
Multiple operational part, it has and carries out same computing simultaneously, and mutually monitors the function exporting data;
Output control part, it has the interim output data storing each described operational part, externally exports the function of the output data of each operational part of described interim storage according to the instruction from any one operational part in described multiple operational part;
To multiple power supplys that each described operational part is arranged,
Any one power supply in described multiple power supply except also supplying electric power to described output control part except the described operational part supply electric power of correspondence.
2. failure safe arithmetic unit according to claim 1, is characterized in that,
In described multiple power supply, make at least one power supply be the power supply capacity different from other power supply.
3. failure safe arithmetic unit according to claim 1 and 2, is characterized in that,
Any one in described multiple operational part, when the described output data consistent mutually monitored, sends described instruction to described output control part.
4. the failure safe arithmetic unit according to any one in claims 1 to 3, is characterized in that,
Described multiple operational part has the function other described multiple operational parts being sent to reset signal respectively.
5. failure safe arithmetic unit according to claim 4, is characterized in that,
Described multiple operational part when the described output data mutually monitored are inconsistent, sends described reset signal respectively.
6. the failure safe arithmetic unit according to claim 4 or 5, is characterized in that,
Described multiple operational part stops self computing respectively when receiving described reset signal.
CN201510260992.6A 2014-05-23 2015-05-21 Failure safe arithmetic processing apparatus Active CN105093979B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014106919A JP6600128B2 (en) 2014-05-23 2014-05-23 Arithmetic processing unit
JP2014-106919 2014-05-23

Publications (2)

Publication Number Publication Date
CN105093979A true CN105093979A (en) 2015-11-25
CN105093979B CN105093979B (en) 2017-11-28

Family

ID=53333722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510260992.6A Active CN105093979B (en) 2014-05-23 2015-05-21 Failure safe arithmetic processing apparatus

Country Status (4)

Country Link
JP (1) JP6600128B2 (en)
CN (1) CN105093979B (en)
DE (1) DE102015208989A1 (en)
GB (1) GB2526917B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110890884A (en) * 2018-09-10 2020-03-17 台湾积体电路制造股份有限公司 Fail-safe circuit, integrated circuit device, and method of controlling node of circuit

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06298105A (en) * 1993-04-15 1994-10-25 Nippondenso Co Ltd Rear wheel steering device control system
JP2001183490A (en) * 1999-12-22 2001-07-06 Hitachi Ltd Reactor core flow control system
JP2002116921A (en) * 2000-10-06 2002-04-19 Matsushita Electric Ind Co Ltd Auxiliary device for central processing unit
CN101946222A (en) * 2008-02-15 2011-01-12 苹果公司 Power source having a parallel cell topology
CN101996110A (en) * 2010-11-17 2011-03-30 中国航空工业集团公司第六三一研究所 Three-redundancy fault-tolerant computer platform based on modular structure
WO2011068177A1 (en) * 2009-12-02 2011-06-09 日本電気株式会社 Redundant computation system and redundant computation method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04149743A (en) * 1990-10-15 1992-05-22 Mitsubishi Electric Corp Driving system for data processor
JP2011198205A (en) * 2010-03-23 2011-10-06 Railway Technical Research Institute Redundant system control system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06298105A (en) * 1993-04-15 1994-10-25 Nippondenso Co Ltd Rear wheel steering device control system
JP2001183490A (en) * 1999-12-22 2001-07-06 Hitachi Ltd Reactor core flow control system
JP2002116921A (en) * 2000-10-06 2002-04-19 Matsushita Electric Ind Co Ltd Auxiliary device for central processing unit
CN101946222A (en) * 2008-02-15 2011-01-12 苹果公司 Power source having a parallel cell topology
WO2011068177A1 (en) * 2009-12-02 2011-06-09 日本電気株式会社 Redundant computation system and redundant computation method
CN101996110A (en) * 2010-11-17 2011-03-30 中国航空工业集团公司第六三一研究所 Three-redundancy fault-tolerant computer platform based on modular structure

Also Published As

Publication number Publication date
DE102015208989A1 (en) 2015-11-26
JP6600128B2 (en) 2019-10-30
CN105093979B (en) 2017-11-28
GB2526917A (en) 2015-12-09
JP2015222520A (en) 2015-12-10
GB2526917B (en) 2016-09-07
GB201506268D0 (en) 2015-05-27

Similar Documents

Publication Publication Date Title
US10229016B2 (en) Redundant computer system utilizing comparison diagnostics and voting techniques
CN105808394A (en) Server self-healing method and device
KR20160136298A (en) Power adapter, terminal, and method for processing exception of charging loop
CN107957692B (en) Controller redundancy method, device and system
US10054646B2 (en) High reliability power supply configuration and testing
CN105204431B (en) Four remaining signal monitoring means of votings and equipment
JP2014202581A (en) Battery monitor system and identification information setting method
US20160004241A1 (en) Control device
CN104101831A (en) Relay failure detection system
CN105182961B (en) Four remaining signal monitoring means of votings and equipment
CN103235591A (en) Online fault injection method on basis of combination of hardware fault injection and software fault injection
KR101560497B1 (en) Method for controlling reset of lockstep replicated processor cores and lockstep system using the same
CN104977907A (en) Direct Connect Algorithm
KR20160003549A (en) Communication abnormality detecting apparatus, communication abnormality detecting method and program
JP5202582B2 (en) Electrical device and diagnostic method for electrical device
KR101593829B1 (en) PLC data log module with backup function
CN105093979A (en) Fail-safe processing apparatus
US9651931B2 (en) Industrial control system with integrated circuit elements partitioned for functional safety and employing watchdog timing circuits
KR101581309B1 (en) Airplane Electronic Device for Interlocking Failure Detection and Elimination of Each Board Unit
CN107528730B (en) Multiple redundancy method, multiple redundancy server and system
JP2012090193A (en) Failure prediction system and communication module using the same
KR101448013B1 (en) Fault-tolerant apparatus and method in multi-computer for Unmanned Aerial Vehicle
JP2016103110A (en) Multiplexing control device
CN209821633U (en) CCR-FARs structure of oil field control system
EP3296874B1 (en) Apparatus and associated method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant