Microprocessor system for safety-critical control systems
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/00
B60T-008/88
출원번호
US-0403115
(1998-02-18)
우선권정보
DE-0016197 (1997-04-18)
국제출원번호
PCT/EP98/00921
(1998-02-18)
국제공개번호
WO98/48326
(1998-10-29)
발명자
/ 주소
Giers, Bernhard
출원인 / 주소
Continental Teves AG & Co., OHG
대리인 / 주소
Honigman Miller Schwartz & Cohn LLP
인용정보
피인용 횟수 :
21인용 특허 :
16
초록▼
A microprocessor system for safety-critical control operations includes at least three central units which are preferably located jointly on one chip and execute the same program. Further, there is provision of read-only memories and random-access memories with additional memory locations for test d
A microprocessor system for safety-critical control operations includes at least three central units which are preferably located jointly on one chip and execute the same program. Further, there is provision of read-only memories and random-access memories with additional memory locations for test data, input and output units and comparators which check the output signals of the central units for correlation. The central units are interconnected by way of bus systems and bypasses which enable the central units to jointly read and process the existing data, including the test data and commands, according to the same program. The central units are extended by redundant periphery units into two complete control signal circuits and are interconnected in such a manner that, upon failure, the faulty central unit is identified by a majority decision and an emergency operation function is maintained.
대표청구항▼
1. Microprocessor system for safety-critical control operations, comprising:a plurality of central processing units which are connected, by way of separate bus systems, to read-only memories and random-access memories that also have memory locations for test data, wherein said plurality of central p
1. Microprocessor system for safety-critical control operations, comprising:a plurality of central processing units which are connected, by way of separate bus systems, to read-only memories and random-access memories that also have memory locations for test data, wherein said plurality of central processing units are further connected to input and output units and to comparators which check the output data or output signals of the central processing units for correlation, wherein the central processing units execute the same program and communicate with each other by way of the bus systems, and wherein the bus systems are interconnected by bypasses which enable the central processing units to jointly read and process the existing data, including the test data and commands,redundant periphery units into at least two complete control signal circuits and are interconnected in such a manner that, upon failure of a central processing unit or associated components, the faulty central unit can be identified by a majority decision in an identification stage and an emergency operation function is maintained, wherein in the emergency operation function, redundant data processing and comparison of the data processing results for correlation is maintained and non-correlation or the occurrence of differences between the data processing results or intermediate results is signaled, and wherein a delivery of output signals or control signals by the inclusion of or as a function of the faulty system or the faulty central unit is prevented. 2. Microprocessor system as claimed in claim 1, wherein each central processing unit includes a bus system, and also includes other read only and random access memory having double the memory capacity, for the redundance data, compared to the memory capacity required for a non-redundant system, further by way of the bypasses there is a connection between all central processing units and the memory locations in the write and read directions and to all input and output units. 3. Microprocessor system as claimed in claim 2, wherein the three central processing units, along with the read only and random access memories, the input and output units and the periphery units, form two complete and one incomplete data processing systems in total. 4. Microprocessor system as claimed in claim 3, wherein, at least one of said three data processing systems further includes redundance information memories. 5. Microprocessor system as claimed in claim 1, wherein the data processing results or output signals of two central units are sent to comparators for comparing. 6. Microprocessor system as claimed in claim 5, wherein the central processing units with the bus systems, the read only and random access memories, the bypasses, the input and output units, comparators and an identification stage are integrated onto one chip. 7. Microprocessor system as claimed in claim 1, wherein said system is incorporated into two or more automotive vehicle control systems consisting essentially of the group of brake-by-wire, ABS, TCS, ASMS. 8. Microprocessor system as claimed in claim 7, wherein said system is limited to maintaining the operation of selected safety functions. 9. A microprocessor system for safety-critical control operations, comprising:a first data processing system;a second data processing system;a third data processing system;a first bypass interconnecting the first and second data processing systems by a first bus and a second bus, respectively;a second bypass interconnecting the second and third data processing systems by a third bus and the second bus, respectively;a first comparator connected to the first and second buses;a second comparator connected to the second and third buses;a third comparator connected to the first and third buses; andan identification stage connected the first, second and third comparators,wherein an output signal from the third data processing system is checked for correlation with an outpu t signal from only the first and second data processing systems by the identification stage to detect a fault in one of the first, second and third data processing systems and to determine a location of the fault in one of the first, second and third data processing systems. 10. The microprocessor system for safety-critical control operations according to claim 9, wherein the first data processing system includes a first read-only memory, a first random-access memory, a first processing unit and a first input/output unit, wherein the second data processing system includes a second read-only memory, a second random-access memory, and a second processing unit, and wherein the third data processing system includes a third read-only memory, a third random-access memory, a third processing unit and a third input/output unit. 11. The microprocessor system for safety-critical control operations according to claim 10, wherein the second read-only and random-access memories store data that is redundant with respect data stored in the first and third read-only memories and the first and third random-access memories, thereby eliminating the need for a second input/output unit. 12. The microprocessor system for safety-critical control operations according to claim 10, wherein the first bypass enables the first processing unit to read data stored in the second read-only and random-access memories and permit data flow from the first processing unit and the second read-only and random-access memories to the second processing unit. 13. The microprocessor system for safety-critical control operations according to claim 10, wherein the second bypass enables the third processing unit to read data stored in the second read-only and random-access memories and permit data flow from the third processing unit and the second read-only and random-access memories to the second processing unit. 14. The microprocessor system for safety-critical control operations according to claim 9, further comprising a first peripheral connected to the first data processing system. 15. The microprocessor system for safety-critical control operations according to claim 14, further comprising a second peripheral connected to the third data processing system. 16. The microprocessor system as claimed in claim 9, wherein the system is incorporated into two or more automotive vehicle control systems consisting essentially of the group of brake-by-wire, ABS, TCS, ASMS.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (16)
Saitoh Hiroo (Fuchu JPX), Automatic train operation apparatus incorporating security function with improved reliability.
Jewett Douglas E. (Austin TX) Webster Phil (Austin TX) Aldridge Dave (Lago Vista TX) Norwood Peter C. (Austin TX) Mehta Nikhil A. (Austin TX), Fault-tolerant computer system with auto-restart after power-fall.
Jewett Douglas E. (Austin TX) Bereiter Tom (Austin TX) Vetter Brian (Austin TX) Banton Randall G. (Austin TX) Cutts ; Jr. Richard W. (Georgetown TX) Westbrook ; deceased Donald C. (late of Austin TX , Fault-tolerant computer system with online recovery and reintegration of redundant components.
Yamada Hiromichi (Hitachi JPX) Katsura Koyo (Hitachiohta JPX), Parallel processor having multi-processing units either connected or bypassed in either series or parallel by the use of.
Fennel Helmut (Bad Soden DEX) Bleckmann Hans-Wilhelm (Bad Nauheim DEX), Redundant wheel sensor signal processing in both controller and monitoring circuits.
Meyer, Bernd; Pyka, Stefan; Von Oheimb, David, Method for operating an IT system, and IT system having at least one first processing unit and one second processing unit connected to one another.
D'Angelo, Giuseppe; Anastasio, Antonio; Chalupa, Leos, Processor system employing a signal acquisition managing device and signal acquisition managing device.
Birkedahl, Byron; Wilt, Nicholas; McCready, Art; Hall, Brendan; Larson, Aaron, Scalable self-checking processing platform including processors executing both coupled and uncoupled applications within a frame.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.