WO1995006277A2 - Separately clocked processor synchronization improvement - Google Patents

Separately clocked processor synchronization improvement Download PDF

Info

Publication number
WO1995006277A2
WO1995006277A2 PCT/US1993/007872 US9307872W WO9506277A2 WO 1995006277 A2 WO1995006277 A2 WO 1995006277A2 US 9307872 W US9307872 W US 9307872W WO 9506277 A2 WO9506277 A2 WO 9506277A2
Authority
WO
WIPO (PCT)
Prior art keywords
processor
output
processing unit
central processing
tasks
Prior art date
Application number
PCT/US1993/007872
Other languages
French (fr)
Other versions
WO1995006277A3 (en
Inventor
Wayne L. Schultz
Original Assignee
Honeywell Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honeywell Inc. filed Critical Honeywell Inc.
Priority to PCT/US1993/007872 priority Critical patent/WO1995006277A2/en
Publication of WO1995006277A2 publication Critical patent/WO1995006277A2/en
Publication of WO1995006277A3 publication Critical patent/WO1995006277A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1679Temporal synchronisation or re-synchronisation of redundant processing components at clock signal level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1691Temporal synchronisation or re-synchronisation of redundant processing components using a quantum

Definitions

  • the present invention relates to processors which utilize a clock source to maintain operation and more particularly to a plurality of processors which need to be locked into a synchronous operation with each other by a clock.
  • the present invention is an improvement over copending application PCT/US92/04557 filed 2 June 1992, entitled “Interrupt Driven, Separately Clocked, Fault Tolerant Processor Synchronizaation. "
  • Some systems require that certain control functions be performed in a redundant manner to prevent faulty operation in the event of a failure in one or more of the redundant control systems.
  • the control thereof In aircraft operation it is critical that the control thereof never be lost by faulty operation of the control system, and accordingly, two, three and even four parallel control systems, each using separate sensors, information processors and control devices may be employed.
  • the multiple processors receive the same input data and are supposed to produce the same output signals unless something has gone wrong in one of the systems. To determine inconsistencies the outputs are sent to a voter where they are compared, and thus assure that the output data is consistent. This process is often impeded by the clocks in each processor not being exactly synchronized with each other.
  • voters are capable of handling minor time differences from each processor, when data is processed at slightly different times in each processor, over a period of time, the difference accumulates so that the output data from one processor will differ more and more with data from another processor until the voter cannot handle the difference and meaningful comparisons become impossible.
  • a counter is employed in each processor to count the clock cycles from the clock and to process the data in each processor according to a predetermined number of clock cycles counted.
  • the predetermined number is chosen so as to be sufficient for the processor to be able to perform the processing of a certain number of tasks.
  • the counter sends a signal to a set/reset flip flop which then commands the processor to stop processing data for a short period of time.
  • an interrupt signal from an external source resets the flip flop, and through an interrupt controller in each processor, commands all of the processors to begin processing data again.
  • the output from each processor will not be different by an amount more than the voter can handle and, accordingly, the voter receives the exact same data from each processor during each such time frame.
  • the present invention allows the use of a separate clock for each processor while assuring that the clocks produce outputs which are close enough in synchronism to provide meaningful comparisons of their outputs without requiring the use of additional hardware for this function.
  • the processors utilizing small slices of time at the end of a predetermined number of counts, referred to herein as a "frame", during which no output data is produced by the processors.
  • Each processor receives and processes exactly the same data in exactly the same frame.
  • Each clock produces a fixed number of cycles for accomplishing each task, and although the frequency of the clocks may differ from one another by as much as 200 parts per million (which could result in an error of 2 microseconds at the end of 10 millisecond frame), the voter can handle this. Thereafter, a small time slice at the end of each frame allows "catching up” and all processors start the next frame at exactly the same time. As a result, the processors are never outside of a tolerable amount of clock mistiming.
  • Figure 1 shows a block diagram of a typical microprocessor
  • Figure 2 shows a 10 millisecond frame containing three groups of tasks
  • Figure 3 shows a comparison between the handling of the same frame by a slower and a faster processor.
  • a microprocessor is shown as a block 10 containing a central processing unit 12 receiving a first input from a memory 14, a second input from an interrupt controller 16, a third input from an internal clock 18 and producing an output to a voter 20.
  • Microprocessor 10 may be one of a number N of microprocessors in a redundant control system.
  • the memory 12 provides the tasks for the CPU to perform, which may be arranged into several different groups called "partitions. " One frame of partitions can be seen in Figure 2.
  • a 10 millisecond time frame is shown containing three partitions, each of which has a small time slice just before it during which the program sets up the processors to handle the processing in the forthcoming partition.
  • each partition is assigned a fixed time (in terms of its own internal clock) sufficient to handle the tasks of that partition and, that subsequent to the last partition, there is a time period identified as the interrupt.
  • Each processor receives the same partitions from its memory and the same internal time to handle them. Assume, however, that clock 18 produces 200,000 cycles per second and that the clock of another processor produced 210,000 cycles per second. Furthermore, defining a "tick" as 1/128 of a cycle, in the 200,000 cycle clock there are 1562.5 ticks per cycle while in the 210,000 cycle clock there are 1640.6 ticks per cycle. In the present invention, the same number of ticks is assigned to each partition processed by the CPU of each processor with results which can be seen in connection with Figure 3.
  • FIG 3 the same frame containing the same three partitions is shown for the slower processor with a 20.0 MHz clock and the faster processor with a 21.0 MHz clock.
  • the frame in each processor starts off after the 100 Hz interrupt with a Kernel (the operating system) which in both processors takes 156 ticks but in processor #1 this takes 1 millisecond, but in processor #2 it takes .9 milliseconds.
  • Partition #1 uses 859 ticks in both processors, but this takes 5.5 milliseconds in Processor #1, but 5.2 milliseconds in Processor #2.
  • Partitions #2 and #3 use 234 ticks in each processor, but this takes 1.5 milliseconds in Processor #1 and 1.4 milliseconds in Processor #2.
  • an output from CPU 12 is shown connected to a "Time Slice Counter" 50 which operates to count the clock cycles and to provide an output after the correct number of ticks have occurred for the frame.
  • This output is presented to the interrupt controller 16 which then interrupts the operation of the CPU for the required time.
  • An External Interrupt signal is also presented to the interrupt controller to provide the starting interrupts for the CPU.
  • the processor may produce an output which is in slight time variance from the other processors, the time difference is in the acceptable region and the data never differs because it is not allowed to accumulate to produce uncheckable results.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)
  • Synchronisation In Digital Transmission Systems (AREA)

Abstract

Processor apparatus for control functions performed in a redundant manner utilizing separate clocks but correcting for mismatch in timing thereof by causing an interrupt of the processing through software to a 'hold' status to allow time for any lagging processors to catch up before starting a next frame of processing.

Description

SEPARATELY CLOCKED PROCESSOR SYNCHRONIZATION IMPROVEMENT
BACKGROUND OF THE INVENTION 1. Field of the Invention
The present invention relates to processors which utilize a clock source to maintain operation and more particularly to a plurality of processors which need to be locked into a synchronous operation with each other by a clock. The present invention is an improvement over copending application PCT/US92/04557 filed 2 June 1992, entitled "Interrupt Driven, Separately Clocked, Fault Tolerant Processor Synchronizaation. "
2. Description of the Prior Art
Some systems require that certain control functions be performed in a redundant manner to prevent faulty operation in the event of a failure in one or more of the redundant control systems. In aircraft operation it is critical that the control thereof never be lost by faulty operation of the control system, and accordingly, two, three and even four parallel control systems, each using separate sensors, information processors and control devices may be employed. The multiple processors receive the same input data and are supposed to produce the same output signals unless something has gone wrong in one of the systems. To determine inconsistencies the outputs are sent to a voter where they are compared, and thus assure that the output data is consistent. This process is often impeded by the clocks in each processor not being exactly synchronized with each other. Although voters are capable of handling minor time differences from each processor, when data is processed at slightly different times in each processor, over a period of time, the difference accumulates so that the output data from one processor will differ more and more with data from another processor until the voter cannot handle the difference and meaningful comparisons become impossible.
Some prior art systems utilize a single clock for all of the processors and while this may prevent the problem with synchronism, it produced the problem of the failure of the single clock. Without redundant clocks, the tolerance for failure rate, although small, is still too large for the desired safety requirements.
In the above referred to copending application, a counter is employed in each processor to count the clock cycles from the clock and to process the data in each processor according to a predetermined number of clock cycles counted. The predetermined number is chosen so as to be sufficient for the processor to be able to perform the processing of a certain number of tasks. After the predetermined number is counted, the counter sends a signal to a set/reset flip flop which then commands the processor to stop processing data for a short period of time. Subsequently, an interrupt signal from an external source resets the flip flop, and through an interrupt controller in each processor, commands all of the processors to begin processing data again. During this time frame the output from each processor will not be different by an amount more than the voter can handle and, accordingly, the voter receives the exact same data from each processor during each such time frame.
One problem with the above referred-to copending application is the fact that the processors require a flip flop to shut them down after each time frame. This is unnecessary hardware which adds to the cost and weight of the system.
SUMMARY OF THE INVENTION The present invention allows the use of a separate clock for each processor while assuring that the clocks produce outputs which are close enough in synchronism to provide meaningful comparisons of their outputs without requiring the use of additional hardware for this function. This is accomplished in the present invention by having the output of the counter go to an already existing interrupt controller in the microprocessor to cause an "interrupt" of the processing which, through software, causes the computer to revert to a "hold" status where it continues to operate until the next external interrupt sends it back to the data processing status where it left off. As before, the processors utilizing small slices of time at the end of a predetermined number of counts, referred to herein as a "frame", during which no output data is produced by the processors. This allows time for any lagging processors to catch up with the others before starting on the next frame. Each processor receives and processes exactly the same data in exactly the same frame. Each clock produces a fixed number of cycles for accomplishing each task, and although the frequency of the clocks may differ from one another by as much as 200 parts per million (which could result in an error of 2 microseconds at the end of 10 millisecond frame), the voter can handle this. Thereafter, a small time slice at the end of each frame allows "catching up" and all processors start the next frame at exactly the same time. As a result, the processors are never outside of a tolerable amount of clock mistiming.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows a block diagram of a typical microprocessor; Figure 2 shows a 10 millisecond frame containing three groups of tasks; and, Figure 3 shows a comparison between the handling of the same frame by a slower and a faster processor.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In Figure 1, a microprocessor is shown as a block 10 containing a central processing unit 12 receiving a first input from a memory 14, a second input from an interrupt controller 16, a third input from an internal clock 18 and producing an output to a voter 20. Microprocessor 10 may be one of a number N of microprocessors in a redundant control system. The memory 12 provides the tasks for the CPU to perform, which may be arranged into several different groups called "partitions. " One frame of partitions can be seen in Figure 2. In Figure 2, a 10 millisecond time frame is shown containing three partitions, each of which has a small time slice just before it during which the program sets up the processors to handle the processing in the forthcoming partition. Note that each partition is assigned a fixed time (in terms of its own internal clock) sufficient to handle the tasks of that partition and, that subsequent to the last partition, there is a time period identified as the interrupt. Each processor receives the same partitions from its memory and the same internal time to handle them. Assume, however, that clock 18 produces 200,000 cycles per second and that the clock of another processor produced 210,000 cycles per second. Furthermore, defining a "tick" as 1/128 of a cycle, in the 200,000 cycle clock there are 1562.5 ticks per cycle while in the 210,000 cycle clock there are 1640.6 ticks per cycle. In the present invention, the same number of ticks is assigned to each partition processed by the CPU of each processor with results which can be seen in connection with Figure 3.
In Figure 3, the same frame containing the same three partitions is shown for the slower processor with a 20.0 MHz clock and the faster processor with a 21.0 MHz clock. The frame in each processor starts off after the 100 Hz interrupt with a Kernel (the operating system) which in both processors takes 156 ticks but in processor #1 this takes 1 millisecond, but in processor #2 it takes .9 milliseconds. Partition #1 uses 859 ticks in both processors, but this takes 5.5 milliseconds in Processor #1, but 5.2 milliseconds in Processor #2. Partitions #2 and #3 use 234 ticks in each processor, but this takes 1.5 milliseconds in Processor #1 and 1.4 milliseconds in Processor #2. At the end of the three partitions there is a final interrupt time which is different for the two processors. In Processor #1 this is about 78 ticks for about 0.5 milliseconds, while in Processor #2 it is 234 ticks for 1.4 milliseconds. It should be noted that the loading of each partition is an example only, that the clock skew has been greatly exaggerated (actual clock speeds vary by only about 200 parts per million) and that the final interrupt time is larger than necessary. Furthermore, only two of the N processors are shown in Figure 3.
Retarning to Figure 1, an output from CPU 12 is shown connected to a "Time Slice Counter" 50 which operates to count the clock cycles and to provide an output after the correct number of ticks have occurred for the frame. This output is presented to the interrupt controller 16 which then interrupts the operation of the CPU for the required time. An External Interrupt signal is also presented to the interrupt controller to provide the starting interrupts for the CPU.
Accordingly, although the processor may produce an output which is in slight time variance from the other processors, the time difference is in the acceptable region and the data never differs because it is not allowed to accumulate to produce uncheckable results.
Many changes will occur to those skilled in the art and I do not wish to be limited to the specific disclosures used in connection with the description of the preferred embodiment. I wish only to be limited by the following claims.

Claims

I Claim:
1. A computing system comprising, in combination: a plurality of microprocessors each having a central processing unit, an interrupt controller and output, each central processor programmed to synchronously execute an identical set of tasks to produce the output; a plurality of clocks one each associated with each microprocessor for producing a plurality of timing pulses, said clocks having slightly different frequencies, each program having allotted thereto a predetermined number of pulses so that the same number of tasks are executed in each program by each processor although taking slightly different times due to the slight frequency variations; counter means associated with each microprocessor and operable to count pulses from the clock associated therewith and to produce an interrupt signal after the predetermined number of pulses; and means connecting the counter means to the interrupt controller to provide the interrupt signal thereto, the interrupt controller interrupting the processing of the central processing unit to assure that the output of each microprocessor includes the same number of performed tasks.
2. Apparatus according to claim 1 further including a voter connected to receive the output of the microprocessor.
3. Apparatus according to claim 2 further including a memory connected to the central processing unit and operable to supply the set of tasks thereto.
4. Apparatus according to claim 3 further including means for supplying an external interrupt signal to the interrupt controller to restart the processing of the central processing unit.
5. Apparatus according to claim 1 further including means for supplying an external interrupt signal to the interrupt controller to restart the processing of the central processing unit.
PCT/US1993/007872 1993-08-18 1993-08-18 Separately clocked processor synchronization improvement WO1995006277A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US1993/007872 WO1995006277A2 (en) 1993-08-18 1993-08-18 Separately clocked processor synchronization improvement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US1993/007872 WO1995006277A2 (en) 1993-08-18 1993-08-18 Separately clocked processor synchronization improvement

Publications (2)

Publication Number Publication Date
WO1995006277A2 true WO1995006277A2 (en) 1995-03-02
WO1995006277A3 WO1995006277A3 (en) 1995-06-08

Family

ID=22236871

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1993/007872 WO1995006277A2 (en) 1993-08-18 1993-08-18 Separately clocked processor synchronization improvement

Country Status (1)

Country Link
WO (1) WO1995006277A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0104490A2 (en) * 1982-09-28 1984-04-04 Fried. Krupp Gesellschaft mit beschränkter Haftung Method and device for the synchronization of a data processing system
WO1985002698A1 (en) * 1983-12-12 1985-06-20 Parallel Computers, Inc. Computer processor controller
WO1992022030A1 (en) * 1991-06-06 1992-12-10 Honeywell Inc. Interrupt driven, separately clocked, fault tolerant processor synchronization

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0104490A2 (en) * 1982-09-28 1984-04-04 Fried. Krupp Gesellschaft mit beschränkter Haftung Method and device for the synchronization of a data processing system
WO1985002698A1 (en) * 1983-12-12 1985-06-20 Parallel Computers, Inc. Computer processor controller
WO1992022030A1 (en) * 1991-06-06 1992-12-10 Honeywell Inc. Interrupt driven, separately clocked, fault tolerant processor synchronization

Also Published As

Publication number Publication date
WO1995006277A3 (en) 1995-06-08

Similar Documents

Publication Publication Date Title
US5613127A (en) Separately clocked processor synchronization improvement
US5371746A (en) Program debugging system for a distributed data processing system
US3932847A (en) Time-of-day clock synchronization among multiple processing units
JP3982353B2 (en) Fault tolerant computer apparatus, resynchronization method and resynchronization program
US4497059A (en) Multi-channel redundant processing systems
US5233615A (en) Interrupt driven, separately clocked, fault tolerant processor synchronization
US5355468A (en) System for halting synchronous digital modules
US6374364B1 (en) Fault tolerant computing system using instruction counting
US3810119A (en) Processor synchronization scheme
US4196470A (en) Method and arrangement for transfer of data information to two parallelly working computer means
US20050229035A1 (en) Method for event synchronisation, especially for processors of fault-tolerant systems
WO1995006277A2 (en) Separately clocked processor synchronization improvement
CN114020095B (en) Dual-processor lock step system based on clock alignment and synchronization
EP1223711A2 (en) Method of and apparatus for transmitting data in a distributed processor system
CN109144851A (en) Oriented mission extremely limits the redundance software debugging device and adjustment method of monitoring
JPH086800A (en) Data processor and microprocessor
US6587957B1 (en) Disk drive controller for controlling data flow therethrough by switching to secondary bus to receive clock pulses when a failure on master bus is detected
CA2411788C (en) Device and method for synchronising a system of coupled data processing facilities
JPH01267701A (en) Digital controller for controlling power
JPH0736720A (en) Duplex computer equipment
JPS59127164A (en) Multi-system synchronizing device
JP2526835B2 (en) Duplex synchronous control system of programmable controller
JPH0215320A (en) Clock mechanism control system
JPH07261814A (en) Interruption synchronizing method for dual system of pc
US6725387B1 (en) Method and apparatus for causing computer system interconnection to be in the same state each time test code is executed

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

NENP Non-entry into the national phase in:

Ref country code: CA

122 Ep: pct application non-entry in european phase