{"title":"Fail-safe synchronization circuit for duplicated systems","authors":"E. Kolonis, M. Nicolaidis","doi":"10.1109/DFTVS.2001.966795","DOIUrl":null,"url":null,"abstract":"Actuators in safety critical systems must be driven by fail-safe signals. Under a failure in the system, such a signal must be either correct or on the safe state (e.g. red colour in traffic control lights). To achieve the fail-safe property, processors controlling such actuators use hardware and/or software redundancy (e.g. duplicated processors, software coding techniques). Each of the signals delivered by such a system must be fail-safe individually in order to drive an actuator. To create such signals, one has to use an interface that transforms the redundant signals delivered by the control processor into fail-safe signals. This can be performed by a fail-safe interface. The present work treats the case where the inputs of the interface are delivered by a duplicated system. To avoid common mode failures the two copies of the system do not share hardware resources. Thus, they use different clocks, and the two system copies are not mutually synchronized at clock cycle level. Any attempt to synchronise them will require to share some resources and will introduce common mode failures. This work proposes a circuit that transforms two copies of non-synchronised signals into synchronised signals, while at the same time preserves the safety of the system under the introduced common mode failures.","PeriodicalId":187031,"journal":{"name":"Proceedings 2001 IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2001 IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DFTVS.2001.966795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Actuators in safety critical systems must be driven by fail-safe signals. Under a failure in the system, such a signal must be either correct or on the safe state (e.g. red colour in traffic control lights). To achieve the fail-safe property, processors controlling such actuators use hardware and/or software redundancy (e.g. duplicated processors, software coding techniques). Each of the signals delivered by such a system must be fail-safe individually in order to drive an actuator. To create such signals, one has to use an interface that transforms the redundant signals delivered by the control processor into fail-safe signals. This can be performed by a fail-safe interface. The present work treats the case where the inputs of the interface are delivered by a duplicated system. To avoid common mode failures the two copies of the system do not share hardware resources. Thus, they use different clocks, and the two system copies are not mutually synchronized at clock cycle level. Any attempt to synchronise them will require to share some resources and will introduce common mode failures. This work proposes a circuit that transforms two copies of non-synchronised signals into synchronised signals, while at the same time preserves the safety of the system under the introduced common mode failures.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
