Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1998-11-06
2001-12-25
Iqbal, Nadeem (Department: 2184)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C712S032000
Reexamination Certificate
active
06334194
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to fault tolerant computers, in particular, those comprising plural (two or more) operation controllers.
This application is based on Patent Application No. Hei 9-306074 filed in Japan, the contents of which are incorporated herein by reference.
2. Description of the Related Art
A conventional computer system as shown in
FIG. 4
is known, which comprises plural operation controllers, and in which even if one of the operation controllers is damaged, operations can be restarted or continued. Such a system is called a “fault tolerant computer system” using the multiprocessor method. When one of the operation controllers as constituent of the computer system is damaged, outputs from all operation controllers are compared and the damaged controller is detected according to a majority decision system or the like. Then, the output of the detected damaged controller is masked or the damaged controller is separated from the system.
Japanese Patent Application, First Publication, No. Hei 1-288928 discloses an example of such a computer system, in which outputs from plural subsystems are collected to a single judgment circuit and these outputs from these subsystems are compared, and also with diagnostic information, a correct output is detected and output.
On the other hand, Japanese Patent Application, First Publication, No. Hei 6-149605 discloses a judging method which essentially uses distributed processing without using a single judgment circuit. The system according to this method does not use an intensive judgment circuit as used in the above system of No. Hei 1-288928, and thus is known as a fault tolerant computer system having tolerance even for a fault of a judgment circuit itself.
The above-described conventional fault tolerant computers have the following problems.
The first problem is that each operator as a constituent of the parallel processing system must have equal operation control functions and capabilities in conventional techniques, which causes an increase of the size, power consumption, and the weight of the system.
The above problem relating to the fault tolerant computer using a parallel structure is due to a situation in that outputs of plural operation controllers are compared and an operation controller having a transient or permanent fault is identified so as to output data which is regarded to be the most accurate to outside the operation controller. To realize such a circumstance, plural operation controllers for performing similar operational and control processes, that is, substantially equal operation controllers are necessary.
The second problem is that a system having at least a triplet structure is necessary for realizing real-time identification of an operation controller having a transient or permanent fault in conventional techniques. It causes an increase of the size, power consumption, and the weight of the system.
This is because regarding a structure including plural operation controllers, when one of them is damaged, at least a triplet structure is necessary for identifying the damaged operation controller. In contrast, with a doublet structure, real-time identification of a damaged operation controller is impossible when one of the operation controllers is damaged.
The third problem is that it is impossible in conventional techniques to dynamically perform switching between (i) an arrangement having plural operation controllers which are simultaneously operated and (ii) a stand-by redundant arrangement in which only one operation controller is operated and the other operation controllers are not operated at the same time.
The reason is that a judgment section or examination and diagnosis section for identifying a fault operation controller and for separating it from the system does not normally operate unless it always receives plural inputs.
The fourth problem is that it is also impossible in conventional techniques to dynamically perform switching between (i) an arrangement having plural operation controllers which become simultaneously operable so as to make these operation controllers perform the same operational control for realizing a multiplexed system, and (ii) an arrangement for distributed processing in which some operation controllers perform different control operations so as to distribute functions and by which operational control capability as a system is improved and damage at a single point destroying all functions is prevented.
The reason is also that a judgment section or examination and diagnosis section for identifying a fault operation controller and for separating it from the system does not normally operate unless it always receives plural inputs.
SUMMARY OF THE INVENTION
Regarding a fault tolerant computer comprising plural operation controllers, an object of the present invention is to make it possible to judge and separate a damaged element by using a double-redundant structure without using a triple (or greater)-redundant structure, and to decrease the number of necessary modules, the size, the weight, the power consumption of the system and to simplify the circuit and system arrangement so as to improve the properties and capabilities of the system.
Another object of the present invention is to make it possible to dynamically perform switching between the stand-by redundant arrangement and the simultaneous operation arrangement with respect to plural operation controllers.
Further another object of the present invention is to realize an arrangement which has no necessity to satisfy a condition that plural operation controllers are equal and of the same kind, and to minimize the structure for satisfying necessary reliability so as to decrease the size, the weight, and the power consumption of the system, and further to make it possible to dynamically change the arrangement and to distribute functions so as to improve reliability.
Therefore, the present invention provides a fault tolerant computer comprising plural operation controllers, wherein when one of the operation controllers is damaged, the damaged operation controller is identified and separated from the system of the fault tolerant computer, and the fault tolerant computer has a double-redundant structure including two of the operation controllers, and has diagnosis means for obtaining additional diagnosis information for identifying and separating the damaged operation controller when one of the two operation controllers is damaged.
The fault tolerant computer may further comprise two judgment sections corresponding to each operation controller in the double-redundant structure, each judgment section for comparing an output from the operation controller connected to the present judgment section with an output from the operation controller connected to the other judgment section, wherein one judgment section receives a signal indicating a comparison result from the other judgment section, and collates this signal and a comparison result obtained in the present judgment section with reference to the diagnosis information so as to judge whether the output from the operation controller connected to the present judgment section is correct.
It is possible that each operation controller outputs diagnosis information into the diagnosis means before this operation controller outputs an output, and if disagreement is detected in the collation of the judgment section, then according to the input diagnosis information, it is judged whether the output from the operation controller connected to the present judgment section is correct.
It is also possible that if disagreement is detected in the collation of the judgment section, then the output from the operation controller connected to the present judgment section is input into the diagnosis means and recalculations are performed in both operation controllers, and outputs obtained by the recalculations and the output before the recalculations are compared for judging whether the output from the operation controller connected to the pre
Foley & Lardner
Iqbal Nadeem
NEC Corporation
LandOfFree
Fault tolerant computer employing double-redundant structure does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Fault tolerant computer employing double-redundant structure, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Fault tolerant computer employing double-redundant structure will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2578444