Method and apparatus for high assurance computing using virtual machines on general purpose computing resources
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/455
출원번호
US-0659604
(2000-09-11)
발명자
/ 주소
Greve, David A.
출원인 / 주소
Rockwell Collins
인용정보
피인용 횟수 :
11인용 특허 :
6
초록▼
A system and method for enhancing the integrity of an avionics system which uses a pair dissimilar general purpose microprocessors, each running a virtual machine, compiled for its respective processor, from a common original source file; the virtual machines running on a subset of the instructions
A system and method for enhancing the integrity of an avionics system which uses a pair dissimilar general purpose microprocessors, each running a virtual machine, compiled for its respective processor, from a common original source file; the virtual machines running on a subset of the instructions for each microprocessor and thereby avoiding conditions known or likely to result in defects; the virtual machines running a single or identical avionics program and then voting the results of this simultaneous redundant execution to arrive at an enhanced assurance level; providing written claims to the FAA that an enhanced assurance level is achieved.
대표청구항▼
1. A computing system comprising:a first general purpose microprocessor further comprising a first set of native processor instructions; a first random access memory coupled to said first general purpose microprocessor; a first virtual machine disposed in ROM, and executed by said first general purp
1. A computing system comprising:a first general purpose microprocessor further comprising a first set of native processor instructions; a first random access memory coupled to said first general purpose microprocessor; a first virtual machine disposed in ROM, and executed by said first general purpose microprocessor, a first predetermined subset of said first set of native processor instructions, wherein instructions in said first predetermined subset are more likely to result in defects, in operation of said first general purpose processor when executed, than would a remaining subset of said first set of native processor instructions; a first implementation subset, which includes said first set of native processor instructions, except for said first predetermined subset; said first implementation subset is used by said first virtual machine; said first implementation subset does not include instructions for performing checks for potential erred execution of non-virtual machine application software; and, said first virtual machine has received a certification by the FAA, in response to a written claim of an improved assurance level, based, at least in part, upon a reduction in contents of said first implementation subset in relation to said first set of native instructions of said first microprocessor. 2. A system of claim 1 further comprising:a first FAA certified avionics application running on said first virtual machine. 3. A system of claim 2 further comprising:a second general purpose microprocessor which is dissimilar with respect to said first general purpose microprocessor; a second virtual machine executed by said second general purpose microprocessor; and, means for synchronizing and voting outputs of said first general purpose microprocessor and said second general purpose microprocessor. 4. A system of claim 3 wherein said second virtual machine executes said first FAA certified avionics application.5. A system of claim 4 wherein said second virtual machine utilizes a second implementation subset, and said second virtual machine has received a certification by the FAA, in response to a written claim of an improved assurance level, based, at least in part, upon testing of said second implementation subset.6. A system of claim 5 wherein said first and said second virtual machine are distinct compiled versions of an identical original virtual machine code.7. A system of claim 6 wherein information is simultaneously provided to said first and said second general purpose microprocessors, via a single source of information.8. A system of claim 7 wherein outputs of said first and second microprocessors have reduced temporal drift with respect to each other as a result of simultaneous receipt of information to be processed therein.9. A system of claim 8 wherein said means for synchronizing and voting outputs is a programmable logic device.10. A system of claim 9 wherein said means for synchronizing and voting outputs is a programmable logic device without functions therein for interfacing with more than one compiled avionics application program.11. A computing system comprising:first means for processing a first native instruction set; second means for processing a second native instruction set, wherein said second native instruction set is dissimilar with respect to said first native instruction set; a first virtual machine operating on said first means for processing and generating first virtual machine outputs; a second virtual machine operating on said second means for processing and generating second virtual machine outputs; said first virtual machine and said second virtual machine being independently compiled applications originating from a single source application; a first application being executed simultaneously by said first virtual machine and said second virtual machine, without performing checks on errors caused by said first application and without distinguishing between safe and unsafe instructions for an instruction set of said first virtual machine; and means for voting said first virtual machine outputs and said second virtual machine outputs to arrive at final outputs which have a higher assurance level, with respect to said first virtual machine outputs and said second virtual machine outputs when examined independently. 12. A system of claim 11 further comprising means for simultaneously providing information to be processed, to said first and said second virtual machines.13. A system of claim 12 further comprising a shared memory which is not independently accessible from first means for processing and said second means for processing.14. A system of claim 13 wherein said means for voting is disposed between said shared memory and said first and said second means for processing.15. A system of claim 14 wherein said first means for processing is a first general purpose microprocessor.16. A system of claim 15 wherein said first and said second virtual machines have been certified by an FAA official.17. A system of claim 16 wherein said first and said second virtual machines each utilize instruction subsets which are less inclusive than said first native instruction set and said second native instruction set, respectively.18. A system of claim 17 wherein a written claim of higher assurance has been made to said FAA official, where the written claim has a component thereof which relies upon a reduction in content of one of said implementation subsets in comparison to a content of said first native instruction set.19. A method for generating assurance information comprising the steps of:providing a first general purpose microprocessor, for use on an aircraft, with a first virtual machine operating thereon; providing a second general purpose microprocessor for use on an aircraft, with a second virtual machine operating thereon; refraining from distinguishing between safe and unsafe instructions of said first virtual machine; refraining from distinguishing between safe and unsafe instructions of said second virtual machine; making a written claim to an FAA official, claiming that said first virtual machine operating on said first general purpose microprocessor results in an increased assurance level; running an avionics application on said first and said second virtual machines and generating first and second outputs respectively, without performing checks for potential errors in said avionics application; voting said first and said second outputs to arrive at assurance enhanced outputs with respect to said first and second outputs when examined independently; making a claim to said FAA official that said assurance enhanced outputs have a higher assurance level than said first outputs; and, receiving a determination from said FAA official that said assurance enhanced outputs exceed predetermined assurance criteria. 20. A method of claim 19 wherein said avionics application is a flight management system application.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (6)
Young ; Jr. James A., Integration of aime augmentation into GNSS products.
Gee John K. ; Greve David A. ; Hardin David S. ; Kamin Raymond A. ; Hiratzka T. Douglas ; Mass Allen P. ; Masters Michael H. ; Mykris Nick M., Real time processor optimized for executing JAVA programs.
Smith, II, William David; Diekema, Jon Marc; Edmison, Joshua Nathaniel; Ahmed, Safayet Nizam Uddin, Controlling total number of instructions executed to a desired number after iterations of monitoring for successively less number of instructions until a predetermined time period elapse.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.