Excavating
Patent
1995-05-01
1996-12-17
Canney, Vincent P.
Excavating
371 226, 371 72, G06F 1110
Patent
active
055861245
DESCRIPTION:
BRIEF SUMMARY
The present invention concerns a fail-safe interface which is intended either to effectively control an apparatus according to the states of binary control signals provided by a processing system, or to set the apparatus in a safe state if the interface fails to control the apparatus according to the binary signals.
A circuit is said to be fail-safe with respect to a fault set, if for each fault in the fault set and for each input of the circuit, the output of the circuit is either correct or safe.
An article of In Proc. International Symposium on Fault-Tolerant Computing by M. NICOLAIDIS, S. NORAZ, B. COURTOIS, "A Generalized Theory of Fail-safe Systems", Montreal, Canada, June 1989, provides the basic theory of fail-safe systems and proposes a strongly fail-safe interface allowing a VLSI implementation.
FIG. 1 shows a circuit proposed in the above article. Since in integrated circuits both stuck-at 1 and stuck-at 0 faults may occur with non negligible probability, the standard representation of the binary values 1 and 0 by means of high and low voltage levels cannot allow to design fail-safe systems. To avoid this problem, a frequency coding can be used. The presence of a frequency within a bandwidth about a given frequency Fe represents the non safe level (say level 1) and the absence of this frequency in the bandwidth represents the safe level (say level 0). The circuit uses a switch 10 (a MOS transistor) to disconnect each output Oi from the source of the frequency Fe each time a processing system 12 generates a signal Si corresponding to the safe state. Since a stuck-on fault of switch 10 would permanently connect the output Oi to the frequency Fe (resulting in the permanent presence of the non safe state at the output), the interface would not be fail-safe. To avoid this, a second switch 10*, controlled by a duplicate processing system 12*, is connected in series with each first switch 10 so that, in case one switch fails, the second one will disconnect the output from frequency Fe each time it is required. With this configuration, the circuit is said to be "fail-safe".
The next problem is that if a first fault occurs (e.g. stuck-on fault of one switch 10) this fault remains undetectable and a second fault can occur later (e.g. a stuck-on fault of the second switch 10*). In that case the frequency Fe is connected to the output of the interface and the strongly fail-safe property is lost. To cope with this problem, a BIST (Built-In Self Test) technique is used in order to test the interface periodically so that the occurrence of the first fault is detected before new faults occur. With this fail-safe configuration, which additionally detects faults, the circuit is said to be "strongly fail-safe".
The BIST solution has the drawback that faults are only checked periodically. If two faults occur within a period, fail-safety can be lost. Therefore, the frequency of the tests must be high to reduce the probability of the occurrence of two faults in a period. This strongly perturbs the normal operation of the interface. Furthermore, BIST circuitry can be complex, since it needs a test pattern generator and an output response compactor (e.g. signature analyzer) and its faults should also be taken into account. For instance, if the BIST circuitry is erroneously permanently activated, it can produce some waveform on the outputs of the interface. If the frequency of this waveform happens to be about Fe, unsafe values would be generated and the fail-safety can be lost.
An object of the invention is to provide a strongly fail-safe interface which does not use periodic testing.
Another object of the invention is to provide an ideally fail-safe interface, which, as soon as a single fault occurs, remains in a safe state despite the occurrence of subsequent faults.
These objects are achieved, according to the invention, by providing a fail-safe circuit branch comprising inputs for receiving at least two binary control signals; a source of a non-safe state connectable through a basic chain of elements to an output wh
REFERENCES:
patent: 3781796 (1973-12-01), Smith
patent: 4739505 (1988-04-01), Leslie
patent: 5404497 (1995-04-01), Noraz et al.
"A Generalized Theory of Fail-Safe Systems", by M. Nicolaidis et al, Digest Of Papers Of The 19th International Symposium On Fault-Tolerant Computing, FTCS-19, Jun. 20, 1989, Chicago, U.S., pp. 398-406, XP89502.
"On Error Indication for Totally Self-Checking Systems" by Takashi Nanya and Toshiaki Kawamura, IEEE Transactions on Computers, vol. C-36, No. 11, Nov. 1987.
"A Totally Self-Checking Generalized Prediction Checker And Its Use For Built-In Testing" by Eiji Fujiwara and Kohji Matsuoka, Musashino Electrical Communication Laboratory, N.T.T., Musashino-Shi, Tokyo 180, Japan, 0731-3071/85/0000/0384 1985 IEEE.
"Design of Dynamically Checked Computers" IFIP Congress, Edinburgh, 1968, Inf. Processing 68, Amsterdam, North Holland 1969, V. 2, pp. 878-883 (Unavailable at this time, will be provided in Supplemental Information Disclosure Statement).
Canney Vincent P.
Sofia Koloni Ltd.
LandOfFree
Strongly fail-safe interface based on concurrent checking does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Strongly fail-safe interface based on concurrent checking, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Strongly fail-safe interface based on concurrent checking will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1998067