Data processing: generic control systems or specific application – Generic control system – apparatus or process – Having protection or reliability feature
Reexamination Certificate
1998-04-07
2001-03-13
Grant, William (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Having protection or reliability feature
C700S002000, C700S082000, C700S080000, C700S081000, C700S111000, C710S120000, C701S071000
Reexamination Certificate
active
06201997
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a microprocessor system for safety-critical control systems, including two synchronously operated central units or CPUs which receive the same input data and process the same program, equipped with read-only memories (ROM) and random-access memories (RAM), and memory locations for test data and test data generators, and also including comparators which check the output data of the central units and issue disconnecting signals in the event of non-correlation.
Safety-critical control systems are, for example, automotive vehicle control systems which intervene into braking operations. Among these control systems, especially wheel-lock control systems or anti-lock systems (ABS) and traction slip control systems (TCS, etc.) are very important and available on the market in many versions. Driving stability control systems (DSC, ASMS), suspension control systems, etc., are also critical in terms of safety because they are based on brake management, and their malfunction may impair the driving stability of the vehicle in other ways. Therefore, it is imperative to constantly monitor the operability of such systems in order to disconnect the control when an error occurs, or to switch the control over in a condition which jeopardizes safety less.
German patent No. 32 34 637 discloses an example of a circuit arrangement or a microprocessor system for controlling and monitoring an anti-lock vehicle brake system. In this patent, the input data are sent in parallel to two identically programmed microcomputers where they are processed synchronously. The output signals and intermediate signals of the two microcomputers are checked for correlation by redundant comparators. In the event of non-correlation of the signals, disconnection of the control is effected by a circuit which also has a redundant design. In this known circuit, one of the two microcomputers is used to produce braking pressure control signals, while the other one is used to produce the test signals. Thus, two complete microcomputers, including the associated read-only memories and random-access memories, are required in the symmetrically designed microprocessor system.
In another prior art system, based on which the circuit described in German patent application No. 41 37 124 is configured, the input data are also sent in parallel to two microcomputers, only one of which, however, performs the complete complicated signal processing operation. The second microcomputer is mainly used for monitoring, so that the input signals, after being conditioned and time derivatives being produced, etc., can be further processed by way of simplified control algorithms and a simplified control philosophy. The simplified data processing is sufficient to produce signals which permit indications of the proper operation of the system by comparison with the signals processed in the more sophisticated microcomputer. The use of a test microcomputer of a reduced capacity permits diminishing the expenditure in manufacture compared to a system having two complete, sophisticated microcomputers of identical capacity.
German patent application No. 43 41 082 also discloses a microprocessor system of the previously mentioned type. However, the system is especially intended for use in the control system of an anti-lock brake system. The prior art microprocessor system, which can be mounted on one single chip, includes two central units, or CPUs, in which the input data are processed in parallel. The read-only memories and the random-access memories, to which both central units are connected, comprise additional memory locations for test data, each having a generator to produce test data. The output signals of one of the two central units are further processed for producing the control signals, and the other central unit, i.e. the ‘passive’ one, is only used to monitor the ‘active’ central unit. The expenditure in manufacture is considerably reduced, without deteriorating the error detection ability, by eliminating the need for a double provision of the memories in this system and by accepting a relatively small extension of the memories to store the test data.
Also, an object of the present invention is to develop a microprocessor system which detects and signals malfunctions of the system with the extremely high degree of probability and reliability which is required for safety-critical applications. Additionally, a comparatively low expenditure in manufacture should be sufficient for a microprocessor system of this type.
SUMMARY OF THE INVENTION
It has been found that this object can be achieved by a system in which the central units, or CPUs, are connected to the read-only memories and the random-access memories and to input and output units by way of separate bus systems, and that the bus systems are connected or coupled one to the other by driver stages which enable both central units to jointly read and process the data, including the test data and commands, present or available in the two bus systems. The input and output data of the two central units, including the test data and commands, present on the two bus systems, are checked for correlation by the comparator(s) of the system of the present invention.
The microprocessor system of the present invention is based on the use of two equal, fully redundantly operated processor cores or central units which together process redundantly the data supplied by way of two separate bus systems. Subsequently, the input and output signals of both central units are compared for correlation by way of a simple hardware comparator to which a second comparator is connected in parallel for reasons of safety. The memories of the system of the present invention are provided only one time. There are only provided additional memory locations for test data existing in the form of parity bits, for example.
In a preferred aspect of the present invention, a complete microprocessor comprising a central unit, read-only and random-access memories, input and output stage, is connected to one of the two bus systems. The second bus system, instead of the read-only and random-access memories, is directly connected only to corresponding memory locations for test data. The driver stages coupling the two bus systems, however, enable both central units to read all necessary data furnished by the useful data memories, the test data memories and the input stages. The microprocessor system of the present invention is thereby given a particularly straightforward structure which favors accommodating all components on one single chip.
Further features, advantages and possible applications can be seen in the following description of an embodiment making reference to the accompanying drawing.
REFERENCES:
patent: 3978327 (1976-08-01), Huber
patent: 4049957 (1977-09-01), Kera et al.
patent: 4636874 (1987-01-01), Hoogendoorn et al.
patent: 4961067 (1990-10-01), Suzuki
patent: 5029071 (1991-07-01), Kinoshita
patent: 5067071 (1991-11-01), Schanin et al.
patent: 5088027 (1992-02-01), Tanagawa et al.
patent: 5193175 (1993-03-01), Cutts, Jr. et al.
patent: 5420883 (1995-05-01), Swensen et al.
patent: 5551047 (1996-08-01), Mori et al.
patent: 5625276 (1997-04-01), Scott et al.
patent: 5734695 (1998-03-01), Seesing et al.
patent: 5777874 (1998-07-01), Flood et al.
patent: 5778203 (1998-07-01), Birkedahl et al.
patent: 5786996 (1998-07-01), Vitkus et al.
patent: 5862502 (1999-01-01), Giers
patent: 5880954 (1999-03-01), Thomson et al.
patent: 5933347 (1999-08-01), Cook et al.
patent: 5993039 (1999-11-01), Crill
patent: 5996046 (1999-11-01), Yagisawa et al.
patent: 5997167 (1999-12-01), Crater et al.
patent: 6004019 (1999-12-01), Suita et al.
patent: 6038684 (2000-03-01), Liddell et al.
patent: 6044207 (2000-03-01), Pecone et al.
patent: 6049855 (2000-04-01), Jeddeloh
patent: 6067595 (2000-05-01), Lindenstruth
patent: 6073190 (2000-06-01), Rooney
patent: 6073194 (2000-06-01), Lowe
patent: 6125419 (2000-09-01), Umemura et al.
patent: 3225455 (1984-01-01), None
patent: 3234637 (1984-03-01), Non
Calcano Ivan
Grant William
ITT Manufacturing Enterprises Inc.
Rader Fishman & Grauer PLL
LandOfFree
Microprocessor system for safety-critical control systems does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Microprocessor system for safety-critical control systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Microprocessor system for safety-critical control systems will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2464474