IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0237834
(2002-09-09)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- Honeywell International, Inc.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
24 |
초록
▼
A common design framework for input and output signal validation, arbitration, and fault reporting for real-time controllers includes a method of validating redundant input and output signals and arbitrating between the redundant input and output signals by determining a fault severity level for eac
A common design framework for input and output signal validation, arbitration, and fault reporting for real-time controllers includes a method of validating redundant input and output signals and arbitrating between the redundant input and output signals by determining a fault severity level for each of the redundant input and output signals, and determining a signal to transmit for further processing based at least in part on the determined fault severity levels.
대표청구항
▼
I claim: 1. In a system including a controller coupled to receive at least two redundant input signals, a method of validating the redundant input signals and arbitrating between the redundant input signals, comprising: determining a fault severity level for each of the redundant input signals; and
I claim: 1. In a system including a controller coupled to receive at least two redundant input signals, a method of validating the redundant input signals and arbitrating between the redundant input signals, comprising: determining a fault severity level for each of the redundant input signals; and determining a signal value to transmit for further processing by the controller based at least in part on the determined fault severity level of each of the redundant input signals; determining a health status level for the determined signal value; and transmitting the determined health status level with the determined signal value for further processing. 2. The method of claim 1, wherein the step of determining the fault severity level for each of the redundant input signals comprises: determining whether a particular fault is associated with the input signal; and determining a fault persistence time period for the particular fault, wherein the fault persistence time period corresponds to a time period that the particular fault persists. 3. The method of claim 2, Thither comprising: assigning a maximum fault severity level to the input signal if the fault persistence time period is at least a first predetermined time period; and assigning an intermediate fault severity level to the input signal if the particular fault is present and the fault persistence time period is less than the first predetermined time period. 4. The method of claim 2, wherein the step of determining whether a particular fault is associated with the input signal comprises: analyzing built-in-test (BIT) data associated with the input signal; comparing each of the redundant input signals with one another; and determining whether a fault exists in a data bus transmitting the input signal. 5. The method of claim 2, further comprising: determining an operational state of the system; and selectively enabling and disabling the particular fault based at least in part on the determined system operational state. 6. The method of claim 2, wherein the system further includes a fault manager, and wherein the method further comprises: determining an operational state of the system; and selectively inhibiting the particular fault from being logged in the fault manager based at least in part on the determined system operational state. 7. The method of claim 3, further comprising: determining whether the particular fault is no longer present; determining a fault reset time period for the particular fault, wherein the fault reset time corresponds to a time that the particular fault is no longer present; and assigning a minimal fault severity level to the input signal if the fault reset time period is at least a second predetermined time period. 8. The method of claim 7, further comprising: counting a number of times that the fault severity level assigned to the input signal transitions from the maximum severity level to the minimum severity level; and inhibiting transition from the maximum fault severity level to the minimum fault severity level when the counted number of times is at least a first predetermined number. 9. The method of claim 8, further comprising: determining an operational state of the system; and determining a value of the first predetermined number based at least in part on the determined system operational state. 10. The method of claim 1, wherein the determined signal value is based on a value of at least one of the redundant input signals. 11. The method of claim 1, further comprising: determining a signal source of the determined signal value. 12. The method of claim 11, further comprising: transmitting the determined signal source with the determined signal value for further processing. 13. The method of claim 1, wherein the further processing of the determined signal value includes a filtering process. 14. The method of claim 1, wherein a deterministic truth table is used to determine the signal value. 15. The method of claim 1, wherein at least one of the redundant input signals is a synthesized input signal. 16. In a system including a controller having at least two redundant output drivers coupled to receive a control signal, a method of validating the redundant output drivers and arbitrating between the redundant output drivers, comprising: determining a fault severity level for each of the redundant output drivers; and selecting one of the redundant output drivers to receive the control signal by the controller based at least in part on the determined fault severity level of each of the redundant output drivers. 17. The method of claim 16, wherein the step of determining the fault severity level for each of the redundant output drivers comprises: determining whether a particular fault is associated with the output driver; and determining a fault persistence time period for the particular fault, wherein the fault persistence time period corresponds to a time period that the particular fault persists. 18. The method of claim 17, further comprising: assigning a maximum fault severity level to the output driver if the fault persistence time period is at least a first predetermined time period; and assigning an intermediate fault severity level to the output driver if the particular fault is present and the fault persistence time period is less than the first predetermined time period. 19. The method of claim 18, further comprising: determining whether the particular fault is no longer present; determining a fault reset time period for the particular fault wherein the fault reset time corresponds to a time that the particular fault is no longer present; and assigning a minimal fault severity level to the output driver if the fault reset time period is at least a second predetermined time period. 20. The method of claim 19, further comprising: counting a number of times that the fault severity level assigned to the output driver transitions from the maximum severity level to the minimum severity level; and inhibiting transition from the maximum fault severity level to the minimum fault severity level when the counted number of times is at least a first predetermined number. 21. The method of claim 20, further comprising: determining an operational state of the system; and determining a value of the first predetermined number based at least in part on the determined system operational state. 22. The method of claim 17, wherein the step of determining whether a particular fault is associated with the output driver comprises: analyzing built-in-test (BIT) data associated with the output driver; performing system level tests; and determining whether a fault exists in a data bus transmitting the control signal. 23. The method of claim 17, further comprising: determining an operational state of the system; and selectively enabling and disabling the particular fault based at least in part on the determined system operational state. 24. The method of claim 17, wherein the system further includes a fault manager, and wherein the method further comprises: determining an operational state of the system; and selectively inhibiting the particular fault from being logged in the fault manager based at least in part on the determined system operational state. 25. The method of claim 16, further comprising: determining a driver health status level for the selected output driver. 26. The method of claim 25, further comprising: transmitting the determined driver health status level for further processing. 27. The method of claim 16, further comprising: filtering the control signal. 28. The method of claim 16, wherein a deterministic truth table is used to select the output driver. 29. In a system including a controller coupled to receive at least two redundant input signals and having at least two redundant output drivers coupled to receive a control signal, a method of validating and arbitrating between the redundant input signals and validating and arbitrating between the redundant output drivers, the method comprising: determining a fault severity level for each of the redundant input signals; determining a signal value to transmit for further processing by the controller based at least in part on the determined fault severity level of each of the redundant input signals; determining a fault severity level for each of the redundant output drivers; and selecting one of the redundant output drivers to receive the processed signal value from the controller based at least in part on the determined fault severity level of each of the redundant output drivers. 30. A system for validating redundant input signals and arbitrating between the redundant input signals, comprising: at least two inputs each coupled to receive one of the redundant input signals; fault severity level determination means for receiving at least each redundant input signal and determining a fault severity level for each based at least in part thereon; signal value determination means for receiving the determined fault severity level and determining a signal value based at least in part thereon; a controller coupled to receive the determined signal value from the signal value determination means; and health status level determination means for receiving the determined fault severity level and supplying a health status level of the determined signal value to the controller. 31. The system of claim 30, wherein the fault severity level determination means comprises one each of the following for each of the redundant input signals: fault determination means for determining whether a particular fault is associated with the input signal; and fault persistence means for determining a fault persistence time period for the particular fault, wherein the fault persistence time period corresponds to a time period that the particular fault persists. 32. The system of claim 31, further comprising: fault persistence time determination means for determining a time period that a particular fault exists; severity level assignment means for: (i) assigning a maximum fault severity level to the input signal if the fault persistence time period is at least a first predetermined time period and (ii) assigning an intermediate fault severity level to the input signal if the particular fault is present and the fault persistence time period is less than the first predetermined time period. 33. The system of claim 32, further comprising: fault reset determination means for determining whether the particular fault is no longer present; and fault reset time period determination means for determining a fault reset time period for the particular fault, wherein the fault reset time corresponds to a time that the particular fault is no longer present, and wherein the severity level assignment means assigns a minimal fault severity level to the input signal if the fault reset time period is at least a second predetermined time period. 34. The system of claim 33, further comprising: transition counting means for counting a number of times that the fault severity level assigned to the input signal transitions from the maximum severity level to the minimum severity level; and transition inhibiting means for inhibiting the transition from the maximum fault severity level to the minimum fault severity level when the counted number of times is at least a first predetermined number. 35. The system of claim 34, further comprising: fault reset inhibit determination means for receiving at least one signal representative of an operational state of the system and determining a value of the first predetermined number based at least in part on the system operational state signal. 36. The system of claim 31, further comprising: built-in-test analyzing means for analyzing built-in-test (BIT) data associated with the input signal; input signal comparison means fox comparing each of the redundant input signals with one another; and bus fault determination means for determining whether a fault exists in a data bus transmitting the input signal. 37. The system of claim 31, further comprising: fault enabling means for receiving at least one signal representative of an operational state of the system and selectively enabling and disabling the particular fault based at least in part on the system operational state signal. 38. The system of claim 31, further comprising: fault management means for logging each of the particular faults; and fault masking means for receiving at least one signal representative of an operational state of the system and selectively inhibiting the particular fault from being logged in the fault manager based at least in part on the system operational state signal. 39. The system of claim 30, wherein the determined signal value is based on a value of at least one of the redundant input signals. 40. The system of claim 30, further comprising: signal source determining means for determining a source of the determined signal value and supplying the determined signal source to the controller. 41. The system of claim 30, further comprising: filtering means for receiving and filtering the determined signal value and transmitting the filtered determined signal value to the controller. 42. The method of claim 30, Thither comprising: input signal synthesizing means for supplying a synthesized signal as one of the redundant input signals. 43. A system for validating redundant output drivers coupled to a controller and arbitrating between the redundant output drivers, comprising: a controller operable to supply a control signal to at least one of the redundant output drivers; fault severity Level determination means for determining a fault severity level for each of the redundant output drivers; and driver selection means for receiving the determined fault severity level and selecting an output driver based at least in part thereon. 44. The system of claim 43, wherein the fault severity level determination means comprises one each of the following for each of the redundant drivers: fault determination means for determining whether a particular fault is associated with the output driver; and fault persistence means for determining a fault persistence time period for the particular fault wherein the fault persistence time period corresponds to a time period that the particular fault persists. 45. The system of claim 44, further comprising: fault persistence time determination means for determining a time period that a particular fault exists; and severity level assignment means for: (i) assigning a maximum fault severity level to the output driver if the fault persistence time period is at least a first predetermined time period and (ii) assigning an intermediate fault severity level to the output driver if the particular fault is present and the fault persistence time period is less than the first predetermined time period. 46. The system of claim 45, further comprising: fault reset determination means for determining whether the particular fault is no longer present; and fault reset time period determination means for determining a fault reset time period for the particular fault, wherein the fault reset time corresponds to a time that the particular fault is no longer present, and wherein the severity level assignment means assigns a minimal fault severity level to the output driver if the fault reset time period is at least a second predetermined time period. 47. The system of claim 46, further comprising: transition counting means for counting a number of times tat the fault severity level assigned to the output driver transitions from the maximum severity level to the minimum severity level; and transition inhibiting means for inhibiting the transition from the maximum fault severity level to the minimum fault se-verity level when the counted number of times at least a first predetermined number. 48. The system of claim 47, further comprising: fault reset inhibit determination means for receiving at least one signal representative of an operational state of the system and determining a value of the first predetermined number based at least in part on the system operational state signal. 49. The system of claim 44, further comprising: built-in-test analyzing means for analyzing built-in-test (BIT) data associated with the output driver; system level test means for conducting simulated tests of each of the redundant output drivers; and bus fault determination means for determining whether a fault exists in a data bus transmitting the BIT data. 50. The system of claim 44, further comprising: fault enabling means for receiving at least one signal representative of an operational state of the system and selectively enabling and disabling the particular fault based at least in part on the system operational state signal. 51. The system of claim 44, further comprising: fault management means for logging each of the particular faults; and fault masking means for receiving at least one signal representative of an operational state of the system and selectively inhibiting the particular fault from being logged in the fault manager based at least in part on the system operational state signal. 52. The system of claim 43, further comprising: health status level determination means for receiving the determined fault severity level and supplying a health status level of the determined output driver to the controller. 53. A system for validating redundant input signals and redundant output drivers and arbitrating between the redundant input signals and the redundant output drivers, comprising: at least two inputs each coupled to receive one of the redundant input signals; input fault severity level determination means for receiving at least each redundant input signal and determining an input fault severity level for each based at least in part thereon; signal value determination means for receiving the determined input fault severity level and determining a signal value based at least in part thereon; a controller coupled to receive the determined signal value from the signal value determination means and operable to supply a control signal to at least one of the redundant output drivers; driver fault severity level determination means for determining a driver fault severity level for each of the redundant output drivers; and driver selection means for receiving the determined fault severity level and selecting an output driver based at least in part thereon. 54. In a system including a controller coupled to receive at least two redundant input signals, a method of validating the redundant input signals and arbitrating between the redundant input signals, comprising: determining a fault severity level for each of the redundant input signals; determining a signal value to transmit for further processing by the controller based at least in part on the determined fault severity level of each of the redundant input signals; determining a signal source of the determined signal value; and transmitting the determined signal source with the determined signal value for further processing. 55. A system for validating redundant input signals and arbitrating between the redundant input signals, comprising: at least two inputs each coupled to receive one of the redundant input signals; fault severity level determination means for receiving at least each redundant input signal and determining a fault severity level for each based at least in part thereon; signal value determination means for receiving the determined fault severity level and determining a signal value based at least in part thereon; a controller coupled to receive the determined signal value from the signal value determination means; and signal source determining means for determining a source of the determined signal value and supplying the determined signal source to the controller.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.