EP3338189A2 - Procédé de fonctionnement d'un processeur multicoeur - Google Patents

Procédé de fonctionnement d'un processeur multicoeur

Info

Publication number
EP3338189A2
EP3338189A2 EP16790913.4A EP16790913A EP3338189A2 EP 3338189 A2 EP3338189 A2 EP 3338189A2 EP 16790913 A EP16790913 A EP 16790913A EP 3338189 A2 EP3338189 A2 EP 3338189A2
Authority
EP
European Patent Office
Prior art keywords
distance
result
arithmetic operation
difference
cycle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16790913.4A
Other languages
German (de)
English (en)
Inventor
Michael Armbruster
Martin Bischoff
Christian Buckl
Ludger Fiege
Andreas Zirkler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP3338189A2 publication Critical patent/EP3338189A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1497Details of time redundant execution on a single processing unit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0721Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU]
    • G06F11/0724Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU] in a multiprocessor or a multi-core unit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • G06F11/0739Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function in a data processing system embedded in automotive or aircraft systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2035Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant without idle spare hardware

Definitions

  • the invention relates to a method for operating a multi-core processor according to the preamble of patent claim 1.
  • Modern and future vehicles will be equipped with a plurality of electronically controlled functions which filters with regard to their safety and availability increased Anforde ⁇ approximations to the control system of the vehicle.
  • Silent behavior achieved By providing another duplex control computer, which handles its processing in the event of a fault on the first duplex control computer, even a "fail operational" behavior can be achieved. This guaranteed by a dual-lane operation using two independently operating processors error detection probability is high
  • the invention has for its object to provide an apparatus and a method for implementing a control system with high availability and integrity, which requires less hardware and at the same time ei ⁇ ne optimal utilization of hardware resources possible.
  • an operating a multicore processor on which a preferably safe ⁇ uniform critical application is put into effect, wel ⁇ surface comprises a plurality of cyclic calculations.
  • cyclic computational operations comprises a multi-stage calculation of control variables, in which supplied to discrete points in time the control system of digitized control values calculated there synchronously and are output as a digital output signal from ⁇ .
  • a time-based work cycle is provided, which is preferably substantially smaller than a smallest time constant of an underlying control loop.
  • a distribution scheme vorzuse ⁇ hen according to the calculation of an arithmetic operation is supplied to a core of the multi-core processor.
  • the processor cores may be used a multi-core processor ⁇ for a multi-channel calculating a safe ⁇ uniform critical application, wherein the processor cores are changed in each working cycle.
  • the comparison according to the invention of at least one distance between the current result and at least one result of an arithmetic operation at least one working cycle based on a comparison scheme makes it possible to detect random errors.
  • the quality of the error detection according to the invention is somewhat below that in a known from the prior art "dual-lane operation" with a parallel-redundant multi-channel calculation.
  • the quality of the error detection can over the need egg nes lower expenses of processing power disregard, particularly where an economic Ver ⁇ realization is required for the control system.
  • the invention thus combines on ⁇ requirements to a reasonable error detection with an economic interpretation of the computing power.
  • This embodiment of the invention is particularly in an operation of two- ⁇ or multi-core processors with a two-channel calculation of the safety-critical application the agent of choice, wherein the processor cores are changed in each working cycle.
  • a comparison scheme is provided, according to which a first distance is determined from the result of an arithmetic operation which precedes a work cycle and the result of the current work cycle. This first distance exceeds a maximum value or, in other words, this is outside an expected for the first distance value, an error in ⁇ dication is output according to the invention.
  • a faulty calculation of a processor core detected in the work cycle i in which the calculated by a processor core result of the other processor core calculated result in the duty cycle i-1 to the effect that the current result of the other result has a distance which outside a predetermined maximum value or Maximum distance is.
  • the consistency check provided by the invention on the basis of the comparison scheme is not based on bit identity, as in the dual-lane operation known from the prior art.
  • the reason for this is that input data from successive working cycles are also used for arithmetic operation in successive working cycles. Since the input data from successive working cycles are usually different, the results or output data may be different by a permissible distance. For this permissible distance, a permissible maximum distance can be specified or, alternatively or additionally, a permissible distance can be calculated from the distances of the results from past working cycles. The latter calculation of an allowable distance from the distances of the results from past work cycles will be explained in the following embodiments.
  • a second distance is determined from the result of an arithmetic operation two working cycles and the result of the current working cycle; and or;
  • a third distance is determined from the result of an arithmetic operation two working cycles back and the result of an arithmetic operation one working cycle past; and or;
  • a first difference is determined from a difference between the result of the one working cycle and the result of the current working cycle; and or;
  • a second difference is determined from a difference between the result of the two working cycles and the result of the arithmetic operation one working cycle ago.
  • an error indication is issued if the second distance is less than the first distance
  • the second distance is less than the third distance
  • the first difference has a different sign from the second difference.
  • the second distance of the results calculated in the working cycles i-1 and i + 1 is less than the first distance of the results from the working cycles i and i + 1 and less than the third distance of the results from the working cycles i- 1 and i.
  • the first difference of the results of working cycles i-1 and i has a sign different from the second difference of the results of working cycles i and i + 1.
  • a fourth distance is determined from the result of an arithmetic operation three working cycles and the result of an arithmetic operation one working cycle past; and or;
  • a fifth distance is determined from the result of an arithmetic operation three working cycles back and the result of an arithmetic operation two working cycles ago; and or;
  • a third difference is determined from a difference between the result of the three working cycles and the result of the arithmetic operation two working cycles ago. According to one embodiment of the invention, an error indication is issued if
  • the second distance is less than the first distance
  • the second distance is less than the third distance
  • the fourth distance is less than the third distance
  • the fourth distance is less than the fifth distance
  • the first difference has a sign different from the third difference
  • the third difference has a sign different from the second difference.
  • a miscalculation of a processor core in the work cycle i + 2 is detected, in which the results calculated by one processor core deviate systematically from the results calculated by the other processor core.
  • the second distance of the results calculated in the duty cycles i and i + 2 is less than the first distance of the results of the duty cycles i + 1 and i + 2 and less than the third distance of the results of the duty cycles i and i +. 1
  • the fourth distance of the results calculated in the work cycles i-1 and i + 1 is less than the third distance of the results from the work cycles i and i + 1 and less than the fifth distance of the results from the work cycles i- 1 and i.
  • the first difference of the results of working cycles i and i + 1 has a sign different from the third difference of the results of working cycles i-1 and i, the third difference again being one of the second difference of the results from the working cycles i and i + 1 have different signs.
  • a comparison scheme is provided, which provides in each work cycle Be ⁇ mood of at least one distance and a comparison with previous distances and / or differences.
  • a determination of distances or differences and / or their comparison takes place only in reserved working cycles, for example in every fourth or nth working cycle.
  • an increase in the comparison cycles may also be provided if the results determined per processor core diverge and / or move in the direction of a limit value.
  • Fig. 5 he two is a schematic representation of results alternately calculated respectively Rechenoperatio ⁇ NEN discrete duty cycles with a second sampling rate, wherein the underlying arithmetic operators ⁇ tion contains an integrating control element.
  • FIGs 1 and 2 there is shown a timing diagram, on the ordinate thereof, results C2i-1, Cli, C2i + 1, Cli + 2, C2i + 3 of two alternately from one of two processor cores - with a respective corresponding reference numeral prefix Cl for a first processor core and C2 for a second processor core - computed arithmetic operations are plotted at discrete points in time.
  • the cores which process the two substantially identical computing operations cyclically, in each operating cycle i-1, i, i + 1, i + 2, i + ⁇ gewech rare. 3
  • a processor core that is not involved in the processing of the computing operation can process other tasks so that no redundant computing power is wasted.
  • errors in the processing of the arithmetic operation also affect the respective other arithmetic operation on the other processor core.
  • a first distance calculated in the working ⁇ cycles i and i + 1 results Cli and C2i + 1 is exceeded a maximum value as shown in FIG 1. In other words there is the in the cycle i + 1 calculated result C2i + 1 outside the triangular area of a maximum distance expected value.
  • cycle i + 1 The second distance in the Ar ⁇ beitszyklen i-1 and i + 1 calculated results C2i-1 and C2i + 1 is less than the first distance calculated in the working ⁇ cycles i and i + 1 results Cli and C2i + 1.
  • the fourth distance of the results C2i-1 and C2i + 1 calculated in the working cycles i-1 and i + 1 is less than the third distance of the results Cli and C2i + 1 calculated in the working cycles i and i + 1 and less than that in For the work cycles i-1 and i calculated fifth distance of the result ⁇ se Cli and C2i-1 and Cli.
  • the first difference of the results calculated in the working cycles i and i + 1 (Cli) - (C2i + 1) has a result calculated from the third difference of the working cycles i-1 and i (C2i-1) - (Cli) different sign, wherein the third difference ⁇ umum one of the second difference of calculated in the working cycles i and i + 1 results (Cli) - (C2i + 1) under defenceli ⁇ ches sign has.
  • Fig. 2 shows the first distance AI, the second distance A2, the third distance A3, the fourth distance A4 and the fifth distance A5.
  • the output data may be different by a permissible delta.
  • a permissible value may be known or calculated from the distances of the input data.
  • the advantage of the invention is a halving of the benötig ⁇ th computing power, without increasing a cycle time of a ⁇ Ap plication realized digital controller with respect to the two-channel calculation. Although this results in a reduction in the quality of the consistency check - delta consistency instead of bit identity - and a slowdown of the error response by up to two working cycles, the cycle time of the controller in error-free case is not increased compared to the two-channel calculation.
  • Fig. 3 shows a schematic representation of two respective of a first processor core Cl and a second processor core C2 shown calculated results of an arithmetic operation over time, wherein the underlying arithmetic operators ⁇ tion contains an integrating control element. While the result curve determined by the second processor core C2 essentially follows an ideal value profile ID of the arithmetic operation, the result profile determined by the first processor core C1 drifts off.
  • the output values may also be slightly different. This is permissible in the context of the delta consistency test according to the invention.
  • the integrator variables in the two processor cores can steadily increase as each processor core steadily sees a slight deviation in the same direction. This can lead to a trembling of a controlled aggregate, since the two controllers regulate more and more in opposite directions.
  • a critical situation is achieved as soon as the integrator variables a limit, for example, the value range limit of the variable Errei ⁇ chen in the controller. Now one of the controllers can no longer counteract accordingly and the control value drifts off.
  • the values of the integrators can be mutually exchanged in the processing paths .
  • a limitation of the integrator values is not critical since it, but can not lead to instability in the worst case to a Verlangsa ⁇ tion of the controller response.
  • Instabilities may occur when the input signal of the regulator is at a frequency that is the duty cycle frequency
  • Controllers should always be designed so that the sampling rate is much higher than the frequency of the controlled variables. Are proven in operation Factors of four or greater, cf. Fig. 5. For all controlled systems whose dynamics are well known, this measure can and should be used.
  • Changing the processor core in a "waltz" or similarity ⁇ Liche discontinuous change If the dynamics of the controlled system is unknown, the rhythm in which the processor core to be changed can be changed. For example, the calculation of an arithmetic operation could always be supplied twice to the first processor core C1, then once to the second processor core C2. Due to the asymmetric period duration when changing the processor cores, there can be no frequency of a controller size, which leads to the behavior described above associated with an unwanted error detection.
  • At least two processor cores of a multi-core processor are used to calculate a security-critical application using two channels.
  • the arithmetic operations are not calculated redundantly on each processor cycle in each processor cycle, but both processor cores are utilized in different work cycles with different applications.
  • a doubling of the required computing capacity is advantageously avoided.
  • the quality of the error detection according to the invention is somewhat below that in a "dual-lane operation" known from the prior art with a parallel redundant multi-channel calculation.
  • the quality of error detection may be less stringent than the requirement for less computational power, especially if the control system requires commercialization.
  • the invention thus combines requirements provides a reasonable ⁇ accordingly reliable fault detection with an economic interpretation account the processing power.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)
  • Debugging And Monitoring (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)

Abstract

Selon l'invention, au moins deux cœurs d'un processeur multicœur sont utilisés pour calculer avec deux canaux une application critique pour la sécurité. Selon l'invention, les opérations de calcul ne sont pas calculées de manière redondante au cours de chaque cycle de calcul dans les deux cœurs de processeur, mais au contraire les deux cœurs de processeur sont chargés dans différents cycles de travail avec des applications différentes. Ainsi, une duplication de la capacité de calcul nécessaire est évitée d'une manière avantageuse. Pour obtenir une surveillance mutuelle des cœurs de processeur, les opérations de calcul sont effectuées en alternance sur les deux cœurs de processeur. Les mécanismes de détection d'erreurs décrits permettent de détecter des erreurs aléatoires. La qualité de la détection d'erreurs selon l'invention est certes quelque peu en dessous d'un « fonctionnement à deux voies », connu de l'état de la technique, avec un calcul sur plusieurs canaux à redondance parallèle. La qualité de la détection d'erreurs peut toutefois rester en arrière de la puissance de calcul si on considère la nécessité de faibles coûts, en particulier lorsqu'une réalisation économe est exigée pour le système de commande. L'invention réunit ainsi des exigences, liées à une détection d'erreurs sûre, à une conception économique.
EP16790913.4A 2015-11-12 2016-10-21 Procédé de fonctionnement d'un processeur multicoeur Withdrawn EP3338189A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102015222321.3A DE102015222321A1 (de) 2015-11-12 2015-11-12 Verfahren zum Betrieb eines Mehrkernprozessors
PCT/EP2016/075381 WO2017080793A2 (fr) 2015-11-12 2016-10-21 Procédé de fonctionnement d'un processeur multicœur

Publications (1)

Publication Number Publication Date
EP3338189A2 true EP3338189A2 (fr) 2018-06-27

Family

ID=57233400

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16790913.4A Withdrawn EP3338189A2 (fr) 2015-11-12 2016-10-21 Procédé de fonctionnement d'un processeur multicoeur

Country Status (7)

Country Link
US (1) US20180322001A1 (fr)
EP (1) EP3338189A2 (fr)
JP (1) JP2019500682A (fr)
KR (1) KR20180072829A (fr)
CN (1) CN108351815A (fr)
DE (1) DE102015222321A1 (fr)
WO (1) WO2017080793A2 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7400222B2 (ja) * 2019-06-14 2023-12-19 マツダ株式会社 外部環境認識装置
JP7419157B2 (ja) * 2020-05-13 2024-01-22 株式会社日立製作所 プログラム生成装置、並列演算デバイス、及び、並列演算デバイスに並列演算を実行させるためのコンピュータプログラム
KR102403767B1 (ko) 2020-11-25 2022-05-30 현대제철 주식회사 초고강도 냉연강판 및 그 제조방법
CN114201332A (zh) * 2022-02-21 2022-03-18 岚图汽车科技有限公司 一种冗余控制方法、装置、芯片及存储介质

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7739542B2 (en) * 2004-11-26 2010-06-15 Nokia Siemens Network Gmbh & Co. Kg Process for detecting the availability of redundant communication system components
WO2008148625A1 (fr) * 2007-06-05 2008-12-11 Siemens Aktiengesellschaft Procédé et dispositif pour programmation d'une opération prévisible d'un algorithme sur un processeur multicoeur
US8112194B2 (en) * 2007-10-29 2012-02-07 GM Global Technology Operations LLC Method and apparatus for monitoring regenerative operation in a hybrid powertrain system
JP4709268B2 (ja) * 2008-11-28 2011-06-22 日立オートモティブシステムズ株式会社 車両制御用マルチコアシステムまたは内燃機関の制御装置
US9015536B1 (en) * 2011-08-31 2015-04-21 Amazon Technologies, Inc. Integration based anomaly detection service
US9081653B2 (en) * 2011-11-16 2015-07-14 Flextronics Ap, Llc Duplicated processing in vehicles
KR101332022B1 (ko) * 2011-12-29 2013-11-25 전자부품연구원 Ecu 모니터링 시스템 및 방법
JPWO2014033941A1 (ja) * 2012-09-03 2016-08-08 株式会社日立製作所 計算機システムおよび計算機システムの制御方法
JP6069104B2 (ja) * 2013-05-31 2017-01-25 富士重工業株式会社 制御装置および制御装置の異常検出方法
JP6324127B2 (ja) * 2014-03-14 2018-05-16 三菱電機株式会社 情報処理装置、情報処理方法及びプログラム

Also Published As

Publication number Publication date
KR20180072829A (ko) 2018-06-29
US20180322001A1 (en) 2018-11-08
JP2019500682A (ja) 2019-01-10
WO2017080793A3 (fr) 2017-08-17
CN108351815A (zh) 2018-07-31
DE102015222321A1 (de) 2017-05-18
WO2017080793A2 (fr) 2017-05-18

Similar Documents

Publication Publication Date Title
DE60309928T2 (de) Verfahren zur erhöhung der sicherheitsintegritätsstufe eines kontrollsystems
EP2513796B1 (fr) Procédé permettant de faire fonctionner une unité de calcul
WO2017080793A2 (fr) Procédé de fonctionnement d'un processeur multicœur
DE102011102274B4 (de) Verfahren zum Betreiben eines Sicherheitssteuergeräts
DE19509150C2 (de) Verfahren zum Steuern und Regeln von Fahrzeug-Bremsanlagen sowie Fahrzeug-Bremsanlage
DE2258917B2 (de) Regelvorrichtung mit mindestens zwei parallelen signalkanaelen
DE2722124A1 (de) Anordnung zum feststellen des prioritaetsranges in einem dv-system
DE19919504A1 (de) Triebwerksregler, Triebwerk und Verfahren zum Regeln eines Triebwerks
DE102008004205A1 (de) Schaltungsanordnung und Verfahren zur Fehlerbehandlung in Echtzeitsystemen
DE102006052757A1 (de) Automatisierungsgerät mit einer Verarbeitungseinheit und Verwendung einer Verarbeitungseinheit in einem Automatisierungsgerät
EP1615087A2 (fr) Unité de commande et de régulation
DE102007014478A1 (de) Sicherheitsgerichtete speicherprogrammierte Steuerung
EP2520989B1 (fr) Procédé de fonctionnement d'un système hautement disponible avec tolérance d'erreurs et système hautement disponible avec tolérance d'erreurs
EP2237118A1 (fr) Système de sécurité destiné à sécuriser la commande protégée contre l'erreur d'installations électriques et commande de sécurité équipée de celui-ci
EP1649373A2 (fr) Procede et dispositif pour la surveillance d'un systeme reparti
EP1366416A1 (fr) Systeme informatique tolerant aux pannes et procede d'utilisation d'un tel systeme
DE102010039607B3 (de) Verfahren zum redundanten Steuern von Prozessen eines Automatisierungssystems
EP4200727B1 (fr) Procédé et dispositif de sécurisation des accès aux variables codées dans un programme informatique
EP1461701B1 (fr) Unite commandee par un programme, comportant un dispositif de supervision
DE10233879B4 (de) Verfahren zum Steuern und Überwachen einer sicherheitskritischen Anlage, insbesondere Verkehrs-Signalanlage sowie Vorrichtung zur Durchführung des Verfahrens
EP3975017A1 (fr) Procédé d'enregistrement d'une pluralité d'événements dans des variables de tracer encodées dans un programme informatique orienté sécurité
EP1176508B1 (fr) Dispositif visant la surveillance du bon fonctionnement de composants exécutant la même action ou des actions correspondantes dans un système électrique
EP1426862B1 (fr) Synchronisation de traitement de données dans des unités de traitement redondantes d'un système de traitement de données
EP3172671B1 (fr) Procédé de traitement de données en parallèle dans un système de calcul comportant une pluralité d'unités de calcul et système de calcul comportant une pluralité d'unités de calcul
EP3588849A1 (fr) Procédé de quantification de la fiabilité d'une fonction de commande, laquelle étant fournie à l'aide d'une pluralité d'unités fonctionnelles indépendantes ainsi que dispositif de commande

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20180322

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20181017