Siehe mein Buch: Sichere und fehlertolerante Steuerungen
TI Evaluation of some fault-tolerant methods in microcontroller dyads
for safe and high available control of electrical drives by fault injection.
AU Hocenski, Z.; Martinovic, G. (Elektrotehnicki Fakultet, Osijek,
Slovakia)
SO Proceedings 9th EDPE. 9th International Conference Electrical Drives
and Power Electronics
Zagreb, Croatia: KoREMA, 1996. p.184-7 of 303 pp. 11 refs.
Conference: Dubrovnik, Croatia, 9-11 Oct 1996
Sponsor(s): Ministr. Sci. & Technol.; Eur. Power Electron. & Drives
Assoc.; IEEE Croatia Sect
ISBN: 963-6037-19-X
DT Conference Article
TC Practical
AB The microcontroller dyad is presented in this work.
It has two operating modes: highly available mode and fail-safe
mode. The evaluation of used fault tolerant methods is done by
experiments using the fault injection method. The fault injection
system is based on a personal computer, which controls the execution
of the experiment and collects the results. The activity of the bus
signals is used in calculation of the probability of the fault
occurrence. The fault detection coverage is evaluated using the
registered number of faults and the probability of the fault
occurrence.
TI Fast self-recovering controllers.
AU Hertwig, A.; Hellebrand, S.; Wunderlich, H.-J. (Comput. Archit.
Lab., Stuttgart Univ., Germany)
SO Proceedings. 16th IEEE VLSI Test Symposium (Cat. No.98TB100231)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1998. p.296-302
of xxxv+472 pp. 19 refs.
Conference: Monterey, CA, USA, 26-30 April 1998
Sponsor(s): IEEE Comput. Soc. Test Technol. Tech. Committee; IEEE
Philadelphia Sect
ISBN: 0-8186-8436-4
DT Conference Article
TC Practical; Experimental
AB A fast fault-tolerant controller structure is presented which is
capable of recovering from transient faults by performing a rollback
operation in hardware. The proposed fault-tolerant controller
structure utilizes the rollback hardware also for system mode and
this way achieves performance improvements of more than 50% compared
to controller structures made fault tolerant by conventional
techniques, while the hardware overhead is often negligible. The
proposed approach is compatible with state-of-the-art methods for
FSM decomposition, state encoding and logic synthesis.
TI Simulation of a component-oriented voter library for dependable
control applications.
AU Latif-Shabgahi, G.; Bass, J.M.; Bennett, S. (Dept. of Autom. Control
& Syst. Eng., Sheffield Univ., UK)
SO Proceedings. 24th EUROMICRO Conference (Cat. No.98EX204)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1998. p.372-8
vol.1 of 2 vol. liv+1075 pp. 11 refs.
Conference: Vasteras, Sweden, 25-27 Aug 1998
Sponsor(s): Sun Microsyst.; ENATOR; ABB Network Partner; Ericsson;
ABB Generation; K K Stiftelsen; ABB Ind. Syst.; Malardalens Hogskola
Price: CCCC 1089-6503/98/$10.00
ISBN: 0-8186-8646-4
TC Practical
AB In many industrial applications,
arbitration between redundant subsystems using voting algorithms is
popular. Many voting strategies implemented in hardware or software
have been proposed, of which majority and median voters have been
widely used in real applications. Detailed analysis of voters shows
that they can be considered as a combination of independent
components, each performing a specific function. The simulation of a
component oriented model of voters is addressed.The
paper presents the simulation results of a novel component oriented
voter, the smoothing voter, which combines the safety properties of
the majority voter with the advantages of mid value selection
strategy. This work presents a first step toward the automatic
insertion and implementation of voting algorithms using a software
design environment.
TI Timely fault tolerance in responsive systems for
distributed control.
AU Snedsbol, R.; Lonn, H. (Dept. of Comput. Eng., Chalmers Univ. of
Technol., Goteborg, Sweden)
SO Intelligent Autonomous Control in Aerospace. A Proceedings volume
from the IFAC Conference
Editor(s): Liu Liangdong
Oxford, UK: Pergamon, 1997. p.349-54 of x+400 pp. 8 refs.
Conference: Beijing, China, 14-16 Aug 1995
Sponsor(s): IFAC; IEEE
ISBN: 0-08-042373-6
TC Practical; Theoretical
AB Discusses error handling and agreement problems in a small
safety-critical distributed control system. Fault tolerance
mechanisms are designed to have a response time that matches the
dynamics of the controlled object. These are implemented as a part
of the communication system with a minimal message overhead.
TI Monitoring functional integrity in fault tolerant aircraft
control computers for critical applications.
AU Belcastro, C.M. (NASA Langley Res. Center, Hampton, VA, USA);
Fischl, R.
SO Proceedings of the 13th World Congress, International Federation of
Automatic Control. Vol.O. Power Plants and Systems, Computer Control
Editor(s): Gertler, J.J.; Cruz, J.B., Jr.; Peshkin, M.; Kummel, M.;
Welfonder, E.; Motus, L.; MacLeod, I.; De La Puente, J.; Verbruggen,
H.B.; Fleming, P.
Oxford, UK: Pergamon, 1997. p.273-8 of xi+500 pp. 6 refs.
Conference: San Francisco, CA, USA, 30 June-5 July 1996
ISBN: 0-08-042923-8
TC Application; Practical; Theoretical
AB Verifying integrity of control computers in adverse operating
environments is a key issue in the development, certification, and
operation of critical control systems. The paper considers the
problem of applying distributed detection techniques and decision
fusion to monitoring the integrity of fault tolerant redundant
control computers. A monitoring strategy is presented and
demonstrated from glideslope engaged until flare using a detailed
simulation of a quad-redundant longitudinal control system for the
B737 Autoland.
TI Online system upgrade on CENTUM CS FCSs.
AU Ito, H.; Nishida, J.; Ohsako, S.; Yajima, H. (Ind. Autom. Syst. Bus.
Div., Yokogawa Electr. Corp., Japan)
SO Yokogawa Technical Report (English Edition) (June 1998)
no.25, p.13-16. 1 refs.
Published by: Yokogawa Electric Corp
CODEN: YTREEO ISSN: 0911-8977
SICI: 0911-8977(199806)25L.13:OSUC;1-7
DT Journal
TC Application; Practical
CY Japan
LA English
AB We have developed the online system upgrade function for CENTUM CS
FCSs (Field Control Stations). The control function only requires the system to
pause for two seconds for upgrading. In conjunction with the
existing online application data modification function, this
function increases the maintainability and availability of DCSs
(distributed control systems).
TI Reliability modeling of hard real-time systems.
AU Kim, H. (Dept. of Electr. Eng., Yonsei Univ., Seoul, South Korea);
White, A.L.; Shin, K.G.
SO Digest of Papers. Twenty-Eighth Annual International Symposium on
Fault-Tolerant Computing (Cat. No.98CB36224)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1998. p.304-13 of
xx+470 pp. 13 refs.
Conference: Munich, Germany, 23-25 June 1998
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; IFIP WG 10.4 on Dependable Comput. & Fault Tolerance
Price: CCCC 0731-3071/98/$10.00
ISBN: 0-8186-8470-4
DT Conference Article
TC Theoretical
CY United States
LA English
AB A hard real-time control system, such as a fly-by-wire system, fails
catastrophically (e.g., lose stability) if its control input is not
updated by its digital controller computer within a certain time
limit called the hard deadline. To assess and validate system
reliability by using a semi-Markov model that explicitly contains
the deadline information, we propose a path-space approach deriving
the upper and lower bounds of the probability of system failure.
TI Application of dynamic reconfiguration in the design of
fault tolerant production systems.
AU Matos, G. (Siemens Corp. Res. Inc., Princeton, NJ, USA); White, E.
SO Proceedings. Fourth International Conference on Configurable
Distributed Systems (Cat. No.98EX159)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1998. p.2-9 of
viii+233 pp. 6 refs.
Conference: Annapolis, MA, USA, 4-6 May 1998
Sponsor(s): Univ. Maryland Inst. Adv. Comput. Studies
Price: CCCC 0 8186 8451 8/98/$10.00
ISBN: 0-8186-8451-8
DT Conference Article
TC Practical
CY United States
LA English
AB We show how fault tolerance can be achieved in production
systems with multiple identical devices using dynamic
reconfiguration. Our method is based on the automated
synchronization of independently designed components that makes them
consistent with receptive safety properties. Automated
synchronization allows us to design the components as independent
controllers for individual devices and to integrate the system by
combining the components and asserting their interaction constraints
in the form of receptive safety properties. Receptive safety
properties specify the interaction between the functional components
and can become inactive when a failure of a referenced component
occurs.
TI Reliability analysis of microcomputer circuit modules and computer
based control systems important to safety of
nuclear power plants.
AU Khobare, S.K.; Shrikhande, S.V.; Chandra, U.; Govindarajan, G.
(Remote Control Div., Bhabha Atomic Res. Centre, Mumbai, India)
SO Reliability Engineering & System Safety (Feb. 1998)
vol.59, no.2, p.253-8. 14 refs.
Doc. No.: S0951-8320(97)00151-8
Published by: Elsevier
Price: CCCC 0951-8320/98/$19.00
CODEN: RESSEP ISSN: 0951-8320
SICI: 0951-8320(199802)59:2L.253:RAMC;1-9
DT Journal
TC Theoretical
CY United Kingdom
LA English
AB Computer-based safety related control and instrumentation (C&I)
systems are being employed in Indian nuclear power plants (NPPs).
These systems are designed around a standardized family of
microcomputer based circuit modules, which are qualified to the
stringent requirements of the nuclear industry. Reliability analysis
of standardized microcomputer circuit modules, used in
safety-related C&I systems, were carried out using an analysis
package based on the methodology and database of MIL-STD-217-F1.
The estimated failure rate values of standardized
microcomputer circuit modules will be useful, for reliability
assessment of various other safety related C&I systems developed
around these modules, for ongoing and future Indian NPPs.
TI MEADEP and its applications in evaluating dependability for air
traffic control systems.
AU Dong Tang; Hecht, M. (SoHaR Inc., Beverly Hills, CA, USA); Handal,
J.; Czekalski, L.
SO Annual Reliability and Maintainability Symposium 1998 Proceedings.
International Symposium on Product Quality and Integrity (Cat.
No.98CH36161)
New York, NY, USA: IEEE, 1998. p.195-201 of xvi+433 pp. 15
refs.
Conference: Anaheim, CA, USA, 19-22 Jan 1998
Sponsor(s): IEEE
Price: CCCC 0 7803 4362 X/98/$10.00
ISBN: 0-7803-4362-X
DT Conference Article
TC Application; Practical
CY United States
LA English
AB MEADEP (measure dependability) is a user-friendly dependability
evaluation tool for measurement-based analysis of computing systems
including both hardware and software. Use of the tool on failure data
from measurements can provide quantitative assessments of
dependability for critical systems, while greatly reducing
requirements for specialized skills in data processing, analysis,
and modeling from the user.
TI Practical approach for the evaluation of safety related programmable
electronics.
AU Hietikko, M. (VTT Manuf. Technol., Tampere, Finland); Tiusanen, R.
SO SAFECOMP 95. 14th International Conference on Computer Safety,
Reliability and Security
Editor(s): Rabe, G.
Berlin, Germany: Springer-Verlag, 1995. p.467-73 of
xii+516 pp. 6 refs.
Conference: Belgirate, Italy, 11-13 Oct 1995
Sponsor(s): Eur. Workshop on Ind. Comput. Syst. Tech. Committee 7;
Eur. Commission-Joint Res. Centre-Inst. Styst. Eng. & Informatics;
et al
ISBN: 3-540-19962-4
DT Conference Article
TC Theoretical
CY Germany, Federal Republic of
LA English
AB The goal of
our study was to find a practical way for the identification and
analysis of safety critical hardware and software faults and for the
assessment of the safety measures related to these faults. We
describe the identification of faults in three safety related PE
systems by using a combination of analysis methods.
TI Mission management system for an autonomous underwater vehicle.
AU Madsen, H.O. (Maridan ApS, Horsholm, Denmark)
SO Proceedings. 4th IFAC Conference on Manoeuvring and Control of
Marine Craft. MCMC '97
Editor(s): Vukic, Z.; Roberts, G.N.
Zagreb, Croatia: KoREMA-Croatian Soc. Commun. Comput. Electron.
Meas. & Control, 1997. p.31-5 of 179 pp. 9 refs.
Conference: Brijuni, Croatia, 10-12 Sept 1997
ISBN: 953-6037-22-X
DT Conference Article
TC Practical; Experimental
CY Croatia
LA English
AB The unmanned, autonomous underwater vehicle (AUV) MARTIN has been
developed for offshore applications, such as cable and pipeline
inspections, environmental surveys and seabed mapping. The vehicle
is equipped with a distributed control system consisting of 20
microcontroller based local nodes for the hardware interface and up
to four industrial PCs running OS9000 for high level control. The
nodes are connected by a CAN bus. The CAN bus is furthermore
connected to the operator's PC and control box on-board the mother
ship through a radio link or an acoustic modem. The long range and
high precision survey demands require an extensive diagnosis system
and a fault tolerant control system. The distributed, multiprocessor
control system is designed modular and reconfigurable. The overall
control is managed by a mission management system, consisting of a
diagnosis system, mission executor, vehicle support system and
mission control.
TI Behavior of a computer based interlocking system under transient
hardware faults.
AU Romano, L.; Kalbarczyk, Z.; Iyer, R.K. (Center for Reliable & High
Performance Comput., Illinois Univ., Urbana, IL, USA); Mazzeo, A.;
Mazzocca, N.
SO Proceedings. Pacific Rim International Symposium on Fault-Tolerant
Systems (Cat. No.97TB100202)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1997. p.174-9 of
xii+243 pp. 6 refs.
Conference: Taipei, Taiwan, 15-16 Dec 1997
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; Nat. Taiwan Univ.; Nat. Sci. Council, Taiwan; Ministr.
Educ., Taiwan; Inst. Inf. & Comput. Machinery, Taiwan
Price: CCCC 0 8186 8212 4/97/$10.00
ISBN: 0-8186-8212-4
DT Conference Article
TC Theoretical
CY United States
LA English
AB The paper addresses the safety analysis and evaluation of a hard
real-time, interlocking, railway control system. The major objective
is to demonstrate an efficient methodology capable of capturing
crucial system dependability characteristics while allowing
meaningful results to be obtained within a reasonable time. The
evaluation is done by simulating the execution of the control
software under transient hardware faults.
TI Engineering oriented dependability evaluation: MEADEP and its
applications.
AU Tang, D.; Hecht, M.; Agron, J.; Miller, A.; Hecht, H. (SoHaR Inc.,
Beverly Hills, CA, USA)
SO Proceedings. Pacific Rim International Symposium on Fault-Tolerant
Systems (Cat. No.97TB100202)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1997. p.85-90 of
xii+243 pp. 16 refs.
Conference: Taipei, Taiwan, 15-16 Dec 1997
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; Nat. Taiwan Univ.; Nat. Sci. Council, Taiwan; Ministr.
Educ., Taiwan; Inst. Inf. & Comput. Machinery, Taiwan
Price: CCCC 0 8186 8212 4/97/$10.00
ISBN: 0-8186-8212-4
DT Conference Article
TC Application; Practical
CY United States
LA English
AB Use of the MEADEP tool on
failure data from measurements can provide objective evaluations of
dependability for critical systems, while greatly reducing
requirements for specialized skills in data processing, analysis,
and modeling from the user. MEADEP has been applied to evaluate
availability for two air traffic control systems based on
operational failure data and results produced by MEADEP have
provided valuable feedback to the project management of these
critical systems. MEADEP has also been used to analyze a nuclear
power plant safety model, based on the Eagle 21 architecture and its
early field failure data, and results of sensitivity analysis on the
model are discussed.
TI An embedded fail-safe interlocking system.
AU Bin Pei (Signal Dept., China Railway Signal & Commun. Co., Beijing,
China); Yinghua Ming
SO Proceedings. Pacific Rim International Symposium on Fault-Tolerant
Systems (Cat. No.97TB100202)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1997. p.22-7 of
xii+243 pp. 7 refs.
Conference: Taipei, Taiwan, 15-16 Dec 1997
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; Nat. Taiwan Univ.; Nat. Sci. Council, Taiwan; Ministr.
Educ., Taiwan; Inst. Inf. & Comput. Machinery, Taiwan
Price: CCCC 0 8186 8212 4/97/$10.00
ISBN: 0-8186-8212-4
DT Conference Article
TC Practical
CY United States
LA English
AB The paper presents a fail-safe railway interlocking system embedded
in an Area Control Center (ACC) system. The host of the system is a
TANDEM NONSTOP HIMALAYA K200 computer. The fault tolerant computer
aims at high safety, reliability and availability. In addition, the
dispatcher management system, device supervision system, and train
control system are integrated in the host computer to ensure high
performance. Tens of stations can be controlled by the system
concurrently. The paper also presents some measures in the software
used to ensure safety of the interlocking system. These measures
have been verified by practical applications in old versions of the
interlocking system.
TI A framework for modelling dependable real-time distributed systems.
AU Yeong-Jia Chen; Mosse, D.; Shi-Kuo Chang (Dept. of Comput. Sci.,
Pittsburgh Univ., PA, USA)
SO International Journal of Systems Science (Nov. 1997)
vol.28, no.11, p.1025-43. 20 refs.
Published by: Taylor & Francis
Price: CCCC 0020-7721/97/$12.00
CODEN: IJSYA9 ISSN: 0020-7721
SICI: 0020-7721(199711)28:11L.1025:FMDR;1-O
DT Journal
TC Practical; Theoretical
CY United Kingdom
LA English
AB A systematic way to introduce fault-tolerant and time-dependent
properties into a complex software system is presented. The approach
is based on an extended Petri net model, called the G-Net, enhanced
with a deterministic timing scheme. In the timed G-Net (TGN) model,
exception handling and timing mechanisms are used to introduce
fault-tolerant and real-time properties. The basic idea is to use
basic building blocks with timing properties to allow objects to
treat a timing error by raising an exception and triggering some
corrective actions. We use examples
to show that a simplified real-time distributed air traffic control
system can be modelled effectively using the SMO model.
ny 1, Methode, Eval/Bau, Verteilte Sys,
TI Dependability evaluation of fault tolerant architectures
in distributed industrial control systems.
AU Campelo, J.C.; Rodriguez, F.; Serrano, J.J.; Gil, P.J. (Valencia
Univ., Spain)
SO Proceedings. 1997 IEEE International Workshop on Factory
Communication Systems. WFCS'97 (Cat. No.97TH8313)
Editor(s): Fuertes, J.M.; Juanole, G.
New York, NY, USA: IEEE, 1997. p.193-200 of xiv+390 pp. 14
refs.
Conference: Barcelona, Spain, 1-3 Oct 1997
Sponsor(s): IEEE Ind. Electron. Soc.; Univ. Polytech. Catalunya
Price: CCCC 0 7803 4182 1/97/$10.00
ISBN: 0-7803-4182-1
DT Conference Article
TC Practical
CY United States
LA English
AB We study different fault tolerant architectures
for the nodes of these systems and present three different
alternatives in order to develop fault tolerant nodes. Moreover, in
order to evaluate their dependability we present theoretical models
of each one, based on Markov chains, and the results obtained
(reliability and safety).
TI A fault-tolerant communication architecture for real-time
control systems.
AU Hilmer, H.; Kochs, H.-D. (Dept. of Comput. Sci., Duisburg Univ.,
Germany); Dittmar, E.
SO Proceedings. 1997 IEEE International Workshop on Factory
Communication Systems. WFCS'97 (Cat. No.97TH8313)
Editor(s): Fuertes, J.M.; Juanole, G.
New York, NY, USA: IEEE, 1997. p.111-18 of xiv+390 pp. 7
refs.
Conference: Barcelona, Spain, 1-3 Oct 1997
Sponsor(s): IEEE Ind. Electron. Soc.; Univ. Polytech. Catalunya
Price: CCCC 0 7803 4182 1/97/$10.00
ISBN: 0-7803-4182-1
DT Conference Article
TC Practical
CY United States
LA English
AB Modern distributed computer control systems have to provide both
highly reliable and hard real-time communication. To meet these
requirements, a communication protocol adapted to the
characteristics of data to be transferred has to be chosen.
Concerning high reliability, additional measures have to be taken,
since current protocols of the field-bus domain do not provide
sufficient fault tolerance capabilities, especially with regard to
fault detection and redundancy management. The article introduces a
system architecture and fault-tolerant protocol mechanisms based on
the communication protocol CAN. The system is suitable for
large-scale control systems, which have to cope with both
periodically and spontaneously occurring data.
TI Specification and verification of real-time systems using ACSR-VP.
AU Sung-Mook Lim; Jin-Young Choi (Dept. of Comput. Sci. & Eng., Korea
Univ., Seoul, South Korea)
SO Proceedings. Fourth International Workshop on Real-Time Computing
Systems and Applications (Cat. No.97TB100160)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1997. p.135-42 of
xi+285 pp. 14 refs.
Conference: Taipei, Taiwan, 27-29 Oct 1997
Sponsor(s): Inst. Inf. Sci., Acad. Sinica, ROC; Chung-Shan Inst.;
Inst. Inf. Ind.; Ind. Technol. Res. Inst.; Inst. Inf. & Comput.
Machinery; Minst. Educ.; Nat. Chung-Chen Univ.; Nat. Sci. Council;
Telecommun. Lab.; IEEE Comput. Soc. Tech. Committee on Real-Time
Comput
Price: CCCC 0 8186 8073 3/97/$10.00
ISBN: 0-8186-8073-3
DT Conference Article
TC Practical
CY United States
LA English
AB When one
designs a real-time system, methods to guarantee the correctness of
the system are needed before the implementation of the system. We
specify a scheduling algorithm of real-time systems called priority
ceiling protocol using ACSR-VP and perform schedulability analysis
on real-time systems by checking for a bisimulation relation.
TI Design of dependable control systems using a
component based approach.
AU Blanke, M. (Dept. of Control Eng., Aalborg Univ., Denmark)
SO On-Line Fault Detection and Supervision in the Chemical Process
Industries 1995. A Postprint Volume from the IFAC Workshop
Editor(s): Morris, A.J.; Martin, E.B.
Oxford, UK: Pergamon, 1996. p.167-74 of vii+237 pp. 22
refs.
Conference: Newcastle upon Tyne, UK, 12-13 June 1995
Sponsor(s): IFAC
ISBN: 0-08-042607-7
DT Conference Article
TC Practical; Theoretical
CY United Kingdom
LA English
AB Design of fault handling in control systems is discussed and a
consistent method for design is presented. It is based on analysis
of component fault modes and their effects. Automated analysis
provides decision tables for fault handling. Mathematical models for
fault detection and isolation are obtained from bond-graph models of
components and subsystems. The outcome is a methodology for
engineering design which presents the propagation of component
faults and shows where fault handling should be applied to stop
migration of a fault. The result is a way to obtain significantly
improved dependability with simple means.
TI Distributed control of a multiple tethered mobile robot system for
highway maintenance and construction.
AU Xin Feng; Velinsky, S.A. (Adv. Highway Maintenance & Construction
Technol., California Univ., Davis, CA, USA)
SO Microcomputers in Civil Engineering (Nov. 1997) vol.12,
no.6, p.383-92. 8 refs.
Published by: Blackwell Publishers
Price: CCCC 0885-9507/97/$6.00+.15
CODEN: MCENE7 ISSN: 0885-9507
SICI: 0885-9507(199711)12:6L.383:DCMT;1-S
DT Journal
TC Practical
CY United States
LA English
AB The development of a distributed control system for a multiple
mobile robot system is described. The mobile robots considered have
been termed tethered mobile robots (TMRs). The TMRs are
differentially steered, wheeled mobile robots tethered to a support
vehicle, and they have been designed for automating highway
maintenance and construction. The control system consists of a
network of a host computer and several real-time dynamic controllers.
The system's fault-tolerance is achieved
from a distributed architecture and overall condition monitoring.
TI System stress tests ensure the availability of electronic
interlockings [rail traffic control].
AU Birtel, P.
SO Signal und Draht (June 1997) vol.89, no.6, p.12-16. 2
refs.
Published by: Tetzlaff Verlag
CODEN: SIGDAN ISSN: 0037-4997
SICI: 0037-4997(199706)89:6L.12:SSTE;1-1
DT Journal
TC Application; Practical
CY Germany, Federal Republic of
LA German
AB Interlocking schemes must not only be safe but also
offer high availability. The growing size of electronic interlocking
schemes with configurations of up to 120 computers makes special
demands on the system software. This paper describes how
installation-specific stress tests are carried out at a systems test
centre in order to test the dynamic processes in large computer
configurations.
TI Intelligent control systems for fault
-tolerant manipulators.
AU Tosunoglu, S. (Dept. of Mech. Eng., Florida Int. Univ., Miami, FL,
USA)
SO Recent Advances in Mechatronics. Proceedings of International
Conference on Recent Advances in Mechatronics, ICRAM '95
Editor(s): Kaynak, O.; Ozkan, M.; Bekiroglu, N.; Tunay, I.
Istanbul, Turkey: Bogazici Univ, 1995. p.356-62 vol.1 of 2
vol. xvii+1177 pp. 14 refs. Availability: Bogazici University,
Electrical and Electronics Engineering, Bebek 80815, Istanbul,
Turkey
Conference: Istanbul, Turkey, 14-16 Aug 1995
ISBN: 975-518-063-X
DT Conference Article
TC Theoretical
CY Turkey
LA English
AB This work presents the general
architecture of an intelligent controller system developed for
fault-tolerant manipulators. When a failure is detected in a robotic
system, the intelligent controller makes decisions for the
reallocation of resources, and announces the new task assignments to
recover the system from failure as gracefully as possible. A
different controller design is usually required for the recovery
process. An intelligent controller adjusts the system model, selects
the most appropriate control method, and completes the design for
post-failure portion of the operation.
TI Recent trends in train traffic control systems.
AU Kawaguchi, K. (Omika Works, Hitachi Ltd., Japan); Komaki, T.;
Yamada, T.; Fukushima, T.
SO Hitachi Review (April 1997) vol.46, no.2, p.85-8. 5 refs.
Published by: Hitachi
CODEN: HITAAQ ISSN: 0018-277X
SICI: 0018-277X(199704)46:2L.85:RTTT;1-A
DT Journal
TC Application; New Development; Practical
CY Japan
LA English
AB Train traffic control systems, which track the train positions on
the lines and automatically control traffic signals according to a
train schedule, contribute to both the on-time running of trains and
a reduction in the load on dispatchers. Recently the range of
automation in such systems has increased and automatic control of
shunting trains within train yards is now also done, in addition to
control of trains running on the main lines.
These functions support quick recovery from schedule
delays.
Fault tolerant control computers are the nucleus of the computer
system, realizing high reliability and ease of maintenance with the
system continuing to run even during hardware breakdowns. An
autonomous decentralized network realizes high reliability through a
double transmission route and system flexibility is improved.
TI Experimental evaluation of computer-based railway control
systems.
AU Amendola, A.M.; Impagliazzo, L.; Marmo, P.; Poli, F. (Ansald-Cris,
Napoli, Italy)
SO Digest of Papers. Twenty-Seventh Annual International Symposium on
Fault-Tolerant Computing (Cat. No.97CB36054)
Los Alamitos, CA, USA: IEEE Comput. Soc, 1997. p.380-4 of
xvii+396 pp. 12 refs.
Conference: Seattle, WA, USA, 24-27 June 1997
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; IFIP WG 10.4 on Dependable Comput. & Fault Tolerance;
Boeing Company; Microsoft Corp.; Tandem; Allied Signal; Univ.
Washington; Purdue Univ.; Univ. Essesn
Price: CCCC 0731-3071/97/$10.00
ISBN: 0-8186-7831-3
DT Conference Article
TC Practical; Experimental
CY United States
LA English
AB The methodological framework for LIVE is summarized. LIVE
integrates fault injection and software testing techniques to
achieve an accurate and nonintrusive analysis of a system prototype.
Such evaluation is needed to ensure full compliance with the new
dependability standards emerging for railway apparatus. The test
results of a trial application are presented. These results
highlight the importance of the quality of the test set and its
influence on the final evaluation of system dependability.
TI Fault tolerance in a distributed control
system for combined cycle power plants.
AU Ramirez Valenzuela, C.E.; Delgadillo Valencia, M.A. (Departamento de
Instrum. y Control, Temixco, Mexico)
SO Control of Power Plants and Power Systems (SIPOWER'95). A
Proceedings volume from the IFAC Symposium
Editor(s): Canales-Ruiz, R.
Oxford, UK: Pergamon, 1996. p.231-5 of xi+542 pp. 8 refs.
Conference: Cancun, Mexico, 6-8 Dec 1995
Sponsor(s): IFAC
ISBN: 0-08-042362-0
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB This paper presents how a fault tolerant scheme (FTS) for the
controllers of a power plant distributed control system is selected.
A dual-redundant configuration was chosen based on a dependability
analysis. The defined FTS is described in terms of the four phases
of fault-tolerance. A combination of stand-by and a synchronous
scheme is considered. The FTS resulted in a cost-effective solution
in order to increase the control system reliability because two main
reasons: the hardware configuration do not require special elements,
and the FTS takes advantage of the manual tracking algorithm to make
the FTS software simple.
TI The fault-tolerant measurement and control
system based on the multi-microcomputers.
AU Hui Zhang (Hefei Univ. of Technol., China)
SO Proceedings of the IEEE International Conference on Industrial
Technology (ICIT'96) (Cat. No.96TH8151)
New York, NY, USA: IEEE, 1996. p.439-41 of xvi+884 pp. 4
refs.
Conference: Shanghai, China, 2-6 Dec 1996
Sponsor(s): IEEE Ind. Electron. Soc.; Soc. Instrum. & Control Eng.
(Japan); Tongji Univ.; IEEE Robotics & Autom. Soc.; IEEE Beijing
Sect.; IEEE power Electron. Soc.; Shanghai Jiaotong Univ.; Nat.
Natural Sci. Found. China; State Educ. Commission of China
ISBN: 0-7803-3104-4
DT Conference Article
TC Practical
CY United States
LA English
AB In this paper, the hardware structure design used in normal industry
measurement and control system of multimicrocomputer is discussed,
and multimicrocomputer system's error processing, voted algorithm,
system reconfiguration methods are presented. These methods will
make the reliability of measurement and control systems more high.
Finally an example is shown in this paper to illustrate the way in
the system design.
TI Fault-tolerant control-a case study of the Orsted
satellite.
AU Bogh, S.A.; Blanke, M. (Dept. of Control Eng., Aalborg Univ.,
Denmark)
SO IEE Colloquium on Fault Diagnosis in Process Systems (Digest
No.1997/174)
London, UK: IEE, 1997. p.11/1-13 of 74 pp. 35 refs.
Conference: London, UK, 21 April 1997
Sponsor(s): IEE
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB This paper presents the design strategy used to develop a supervisor
for the attitude control system of the Danish Orsted satellite. The
main topic is handling of faults arising in on-board
instrumentation, i.e. how to detect faults and how to prevent
propagation into failures with potential mission loss as a
consequence. Formal methods are used to ensure complete coverage of
all potential fault types and to guarantee that the design criteria
are met in the final implementation.
TI Rapid prototyping of a sensor fault tolerant traction
control system.
AU Bennett, S.M.; Patton, R.J. (Dept. of Electron. Eng., Hull Univ.,
UK); Daley, S.
SO IEE Colloquium on Fault Diagnosis in Process Systems (Digest
No.1997/174)
London, UK: IEE, 1997. p.2/1-6 of 74 pp. 23 refs.
Conference: London, UK, 21 April 1997
Sponsor(s): IEE
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB The problem of sensor faults on an AC-drive system for an electric
train is considered. Intermittent disconnections of these sensors
produces severe transient errors in the estimator in the control
loop if not heavily filtered to suppress these errors which will
degrade performance. This paper shows that model based techniques
can be applied for achieving reliable tolerance of intermittent
disconnections without degrading performance.
This paper goes beyond simulation to show how
such a system can be verified in hardware.
TI System wide joint position sensor fault tolerance in robot
systems using Cartesian accelerometers.
AU Aldridge, H.A.; Juang, J.-N. (NASA Langley Res. Center, Hampton, VA,
USA)
SO Proceedings of the SPIE - The International Society for Optical
Engineering (1996) vol.2905, p.92-100. 17 refs.
Published by: SPIE-Int. Soc. Opt. Eng
CODEN: PSISDG ISSN: 0277-786X
SICI: 0277-786X(1996)2905L.92:SWJP;1-8
Conference: Sensor Fusion and Distributed Robotic Agents. Boston,
MA, USA, 21-22 Nov 1996
Sponsor(s): SPIE
DT Conference Article; Journal
TC Practical; Experimental
CY United States
LA English
AB This paper presents a method to obtain
position information from Cartesian accelerometers without
integration. Depending on the number and location of the
accclerometers, the proposed system can tolerate the loss of
multiple position sensors. A solution technique suitable for
real-time implementation is presented. Simulations were conducted
using five triaxial accelerometers to recover from the loss of up to
four joint position sensors on a 7-degree-of-freedom robot moving in
general 3D space.
TI Building distributed scalable dependable real-time systems.
AU Ravindran, B.; Welch, L.R. (Dept. of Comput. Sci. Eng., Texas Univ.,
Arlington, TX, USA); Kelling, C.
SO Proceedings. International Conference and Workshop on Engineering of
Computer-Based Systems (Cat. No.97TB100105)
Editor(s): Rozenblit, J.; Ewing, T.; Schulz, S.
Los Alamitos, CA, USA: IEEE Computer. Soc. Press, 1997.
p.452-9 of xv+508 pp. 8 refs.
Conference: Monterey, CA, USA, 24-28 March 1997
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Eng. Comput.-Based
Syst.; Univ. Arizona
Price: CCCC 0 8186 7889 5/97/$10.00
ISBN: 0-8186-7889-5
DT Conference Article
TC Practical
CY United States
LA English
AB This paper describes an on-going effort in constructing a platform
for developing distributed, embedded, real-time control systems
which have high dependability and scalability requirements. Complex,
embedded real-time control systems typically have a very large grain
task model upon which hard and soft timing constraints are
simultaneously imposed. Often, such systems are required to function
in extremely hostile and unpredictable environments. This demands
large dependability and availability in a continuous manner We
describe a new paradigm to build such systems which is based on the
notion of paths-the granularity at which the notion of time is
expressed in software.
TI Dynamic fault tree analysis for digital fly-by-wire flight
control system.
AU Yao Yiping; Yang Xiaojun; Li Peiqiong (Dept. of Autom. Control,
Beijing Univ. of Aeronaut. & Astronaut., China)
SO 15th DASC. AIAA/IEEE Digital Avionics Systems Conference (Cat.
No.96CH35959)
New York, NY, USA: IEEE, 1996. p.479-84 of 504 pp. 5 refs.
Conference: Atlanta, GA, USA, 27-31 Oct 1996
Price: CCCC 0 7803 3385 3/96/$5.00
ISBN: 0-7803-3385-3
DT Conference Article
TC Practical; Theoretical
CY United States
LA English
AB Digital Fly-By-Wire (FBW) Flight Control System (FCS) is designed to
achieve high level of reliability, frequently employ high level of
redundancy. Dynamic redundancy employed in FEW system can realize
complex fault and error diagnosis, recovery and reconfiguration. It
is very difficult to analyze the reliability of the FEW system by
traditional methods, such as Fault Tree Analysis (FTA) or Network
Analysis. This paper describes dynamic fault-tree modeling
techniques for handling these difficulties and provides a Markov
Chain generation modeling method for coverting Dynamic Fault Tree to
Markov Chain. The software failure of the FBW system can also be
considered in the model. An example of a quadruple FEW redundant
system and a Markov State Transition Chain software package (MSTCP)
are given.
TI An integrated fault-tolerant control and diagnostics
system for nuclear power plants.
AU Eryurek, E. (Fisher-Rosemount, Eden Prairie, MN, USA); Upadhyaya,
B.R.
SO Proceedings of the Topical Meeting on Computer-Based Human Support
Systems: Technology, Methods, and Future
La Grange, IL, USA: ANS, 1995. p.267-74 of viii+529 pp. 5
refs.
Conference: Philadelphia, PA, USA, 25-29 June 1995
Sponsor(s): ANS
ISBN: 0-89448-197-5
DT Conference Article
TC Practical
CY United States
LA English
AB The paper describes the design and implementation of a control
system that integrates various modules into one large computer-aided
system. The digital technology enables one to implement this new
feature in the software domain. The use of computational
intelligence such as fuzzy logic, neural networks and adaptive
control algorithms, have broadened the relevance of developing
robust and reliable control systems for nuclear power plants. The
integration of these control algorithms with validation and
monitoring modules will further enhance the availability and safety
of systems in the presence of degrading measurements, controller
anomalies, and unanticipated transients.
TI An error model for computer control systems.
AU Bass, J.M.; Fleming, P.J. (Sheffield Univ., UK); Tyrrell, A.M.
SO UKACC International Conference on Control '96 (Conf. Publ. No.427)
London, UK: IEE, 1996. p.353-8 vol.1 of 2 vol.
xxxxiii+1489 pp. 11 refs.
Conference: Exeter, UK, 2-5 Sept 1996
ISBN: 0-85296-666-0
DT Conference Article
TC Application; Practical
CY United Kingdom
LA English
AB This paper presents an error model that is intended to allow the
dependability of computer control systems, with fault tolerant
mechanisms included, to be evaluated. The model allows error
'surfaces' to be defined for a given application, and used to define
an error region that will give a measure of error coverage. The
paper applies the model to an illustrative example to show how it
might be used in an autopilot.
TI Adaptable fault tolerance for distributed process control
using exclusively standard components.
AU Bohne, J.; Gronberg, R. (Res. & Technol., Daimler-Benz AG, Berlin,
Germany)
SO Dependable Computing - EDCC-2. Second European Dependable Computing
Conference Proceedings
Editor(s): Hlawiczka, A.; Silva, J.G.; Simoncini, L.
Berlin, Germany: Springer-Verlag, 1996. p.21-34 of xvi+440
pp. 14 refs.
Conference: Taormina, Italy, 2-4 Oct 1996
ISBN: 3-540-61772-8
DT Conference Article
TC Practical
CY Germany, Federal Republic of
LA English
AB Describes an adaptable fault tolerance architecture for distributed
process control which uses exclusively standard hardware, standard
system software and standard protocols. It offers a quick and
low-cost solution to provide non-safety-critical technical
facilities and plants with continuous service; thereby, a maximum of
practicability for the application engineers is achieved. The
architecture is composed from well-known fault tolerance methods
under the constraints of real-time requirements.
Because of the transparency of the fault
tolerance, each functional part of the process control, which is
represented by an application task, can be implemented without
regard to non-determinism and executing hosts.
It can be expected by a
fault-tolerant system that reconfiguration following a fault is done
automatically. The present system does more: it reintegrates
repaired hosts automatically and re-establishes the redundant
operation while the entire system is working.
TI Disk array subsystem with non-stop operation.
AU Nozawa, M.; Takamatsu, H.; Shimada, A.
SO Hitachi Review (Oct. 1996) vol.45, no.5, p.261-6. 2 refs.
Published by: Hitachi
CODEN: HITAAQ ISSN: 0018-277X
SICI: 0018-277X(199610)45:5L.261:DASW;1-9
DT Journal
TC Practical; Product Review
CY Japan
LA English
AB To meet continuous operation
needs, we have developed a disk array subsystem, the H-6591/H-6595,
as the primary storage subsystem of the Hitachi M Parallel Series.
As the disk subsystem for our large-scale computers, the
H-6591/H-6595 employs the redundant array of independent disks
(RAID) 5 technology for the first time. It can support
24-hour/365-day non-stop operation by its control system redundancy
(including duplex) and non-disruptive maintenance capabilities.
TI Correct and robust decision systems for high complexity critical
control systems.
AU Browne, J.C.; Emerson, E.A.; Gouda, M.; Miranker, D.; Mok, A.;
Chodrow, S.; Wang, R.-H.; Tsou, D.; Obermeyer, L. (Dept. of Comput.
Sci., Texas Univ., Austin, TX, USA)
SO Proceedings of the Third International Workshop on Responsive
Computer Systems
Austin, TX, USA: Univ. Texas at Austin, 1993. p.65-74 of
v+239 pp. 33 refs.
Conference: Lincoln, NH, USA, 29 Sept-1 Oct 1993
Sponsor(s): U.S. Office of Naval Res.; IEEE Comput. Soc
DT Conference Article
TC Application; Practical
CY United States
LA English
AB This paper provides an overview of a methodology for the development
of correct and robust decision systems for high-complexity critical
control systems and an application of this methodology. This
methodology incorporates state-based programming analyses, fault
tolerance for both transient and resource loss errors and has the
potential for parallel implementation. The technical foundation for
the new paradigm for design and implementation of correct and robust
decision systems for high complexity critical control systems is
presented. An experimental application is presented. It is apparent
from the preliminary experimental applications of the methodology
that further development of the fundamental principles are
necessary.
TI The application of fault tolerance controls to Unmanned Air Vehicles.
AU Vos, D.W.; Motazed, B. (Aurora Flight Sci. Corp., Manassas, VA, USA)
SO Proceedings of the SPIE - The International Society for Optical
Engineering (1996) vol.2738, p.69-75. 7 refs.
Published by: SPIE-Int. Soc. Opt. Eng
Price: CCCC 0 8194 2119 7/96/$6.00
CODEN: PSISDG ISSN: 0277-786X
SICI: 0277-786X(1996)2738L.69:AFTC;1-1
Conference: Navigation and Control Technologies for Unmanned
Systems. Orlando, FL, USA, 8-9 April 1996
Sponsor(s): SPIE
DT Conference Article; Journal
TC Practical
CY United States
LA English
AB Autonomous unmanned systems require provisions for fault detection
and recovery. Multiply-redundant schemes typically used in aerospace
applications are prohibitively expensive and inappropriate solution
for unmanned systems where low cost and small size are critical.
Aurora Flight Sciences is developing alternative low-cost,
fault-tolerant control (FTC) capabilities, incorporating failure
detection and isolation, and control reconfiguring algorithms into
aircraft flight control systems. A "monitoring observer", or failure
detection filter, predicts the future aircraft state based on prior
control inputs and measurements, and interprets discrepancies
between the output of the two systems. The FTC detects and isolates
the onset of a sensor or actuator failure in real-time, and
automatically reconfigures the control laws to maintain full control
authority. This methodology is unique in providing a compact and
elegant FTC solution to dynamic systems with nonlinear parameter
dependence, such as high-altitude UAVs (Unmanned Air Vehicles) and
UUVs (Unmanned Undersea Vehicles), where the dynamic behaviour
varies strongly with speed (i.e., dynamic pressure) and density.
TI A practical method for creating plant diagnostics applications.
AU Karsal, C.; Padalkar, S.; Franke, H.; Sztipanovits, J. (Dept. of
Electr. & Comput. Eng., Vanderbilt Univ., Nashville, TN, USA);
Decaria, F.
SO Integrated Computer-Aided Engineering (1996) vol.3, no.4,
p.291-304. 23 refs.
Published by: Wiley
Price: CCCC 1069-2509/96/040291-14
CODEN: ICAEEI ISSN: 1069-2509
SICI: 1069-2509(1996)3:4L.291:PMCP;1-M
DT Journal
TC Practical
CY United States
LA English
AB The approach presented is available as
part of IPCS (Intelligent Process Control System), which is a model
based environment for generating monitoring, control, simulation,
and diagnostics applications for large scale, continuous process
plants. IPCS has been used to generate practical real time
diagnostic and recovery applications in chemical and cogenerator
plants.
TI Safety computations in integrated circuits.
AU Dufour, J.-L. (RAMS Dept., Matra Transp. Int., Montrouge, France)
SO Proceedings. 14th IEEE VLSI Test Symposium (Cat. No.96TB100043)
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1996.
p.169-72 of xxix+510 pp. 4 refs.
Conference: Princeton, NJ, USA, 28 April-1 May 1996
Sponsor(s): IEEE Comput. Soc. Tech Committee on Test Technol.; IEEE
Philadelphia Sect
Price: CCCC 0 8186 7304 4/96/$05.00
ISBN: 0-8186-7304-4
DT Conference Article
TC Application; Practical; Theoretical
CY United States
LA English
AB In order to ensure the safety of software-based railway control
systems, MATRA TRANSPORT has developed at the beginning of the
eighties an "informational redundancy" technique associating
arithmetic coding and signature checking, with the adequate
environment interfaces (generally fail-safe devices). Compared to
traditional redundancy, the "coded processor" has the advantage of a
rigorous mathematical safety demonstration, independent of the
reliability of the underlying hardware, but there is an important
cost to pay in terms of execution speed. A
new generation has been designed, replacing the software code
calculations and the discrete numeric components used in coded input
acquisition/coded output command by ASICs. Our experience shows that
it is possible to perform safe computations in an ASIC, and even
that in some cases ASICs are more adaptable to the safety
constraints than software computations.
TI System dependability evaluation via a fault list
generation algorithm.
AU Smith, D.T.; Johnson, B.W. (Dept. of Electr. Eng., Virginia Univ.,
Charlottesville, VA, USA); Profeta, J.A., III
SO IEEE Transactions on Computers (Aug. 1996) vol.45, no.8,
p.974-9. 19 refs.
Published by: IEEE
Price: CCCC 0018-9340/96/$05.00
CODEN: ITCOB4 ISSN: 0018-9340
SICI: 0018-9340(199608)45:8L.974:SDEF;1-P
DT Journal
TC Practical
CY United States
LA English
AB The size and complexity of modern dependable computing systems has
significantly compromised the ability to accurately measure system
dependability attributes such as fault coverage and fault latency.
Fault injection is one approach for the evaluation of dependability
metrics. Unfortunately, fault injection techniques are difficult to
apply because the size of the fault set is essentially infinite.
The primary objective of this research effort was the development and
implementation of algorithms which generate a fault set which fully
exercises the fault detection and fault processing aspects of the
system. The end result is a deterministic, automated method for
accurately evaluating complex dependable computing systems using
fault injection.
TI Railway real-time control systems-modeling of
dynamic redundant systems reliability.
AU Christov, C.; Stoytcheva, N. (Higher Mil. Sch. of Transp., Sofia,
Bulgaria)
SO Second International Scientific Conference. Modern Supply Systems
and Drives for Electric Traction. Conference Proceedings
Warsaw, Poland: Warsaw Univ. Technol, 1995. p.42-7 of
xiv+304 pp. 9 refs. Availability: Warsaw University of Technology,
El. Traction Group, 00-661 Warsaw, Plac Politechniki 1, Poland
Conference: Warsaw, Poland, 5-7 Oct 1995
Sponsor(s): Ministr. Educ. Naradowej; Komitet Badan Naukowych; IEE;
et al
DT Conference Article
TC Theoretical
CY Poland
LA English
AB This article considers some practical interesting cases when the
reserve railway control subsystem can be held in cold and hot
redundancy of the primary subsystem. The problem is to research and
model the system availability if the reliability parameters of the
system units are known.
TI Communication architectures for distributed computer control
systems.
AU Dieterle, W.; Kochs, H.-D. (Dept. of Comput. Sci., Duisburg Univ.,
Germany); Dittmar, E.
SO Distributed Computer Control Systems 1994. (DCCS'94). IFAC Workshop
(Postprint Volume)
Editor(s): de la Puente, J.A.; Rodd, M.G.
Oxford, UK: Pergamon, 1995. p.7-12 of vii+183 pp. 11 refs.
Conference: Toledo, Spain, 28-30 Sept 1994
Sponsor(s): IFAC
ISBN: 0-08-042237-3
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB The use of distributed computer control systems (DCCS) demands high
reliability, sufficient real-time behaviour and increasingly
economical systems. The last demand requires the use of cheap
standard components, whenever possible. The article discusses the
realization of DCCS with respect to these constraints. Problems due
to conventional use of standardized communication protocols in
distributed control systems in general and highly-reliable systems
in particular are shown. Multicast communication concepts are
presented as solutions, using standardized protocols in a problem
specific way.
TI Self-checking and fail-safe LSIs by intra-chip redundancy.
AU Kanekawa, N. (Res. Lab., Hitachi Ltd., Japan); Nohmi, M.; Satoh, Y.;
Satoh, H.
SO Proceedings of the Twenty-Sixth International Symposium on
Fault-Tolerant Computing. Digest of Papers (Cat. No.96CB35969)
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1996.
p.426-30 of xxvi+442 pp. 8 refs.
Conference: Sendai, Japan, 25-27 June 1996
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; IEICE Tech. Group on Fault-Tolerant Syst.; IFIP WG 10.4 on
Dependable Comput. & Fault Tolerance; IEEE, Tokyo Sect.; Inf.
Process. Soc. Japan; IEE Japan; Soc. Instrum. & Control Eng. Japan;
Reliability Eng. Assoc. Japan
Price: CCCC 0731-3071/96/$5.00
ISBN: 0-8186-7261-7
DT Conference Article
TC Practical
CY United States
LA English
AB Self checking comparators within the self checking LSI
chips monitor the operation of redundant functional blocks to ensure
the functionality of the LSIs. Spatial diversity and time diversity
minimize correlated faults among redundant functional blocks, which
may reduce fault detection coverage because of coincident faults.
This approach allows advantage to be taken of the merits of today's
most advanced LSI technologies.
TI Architecture of the Texas A&M Autonomous Underwater Vehicle
Controller.
AU Barnett, D.; McClaran, S.; Nelson, E.; McDermott, M.; Williams, G.
(Dept. of Comput. Sci., Texas A&M Univ., College Station, TX, USA)
SO Proceedings of the 1996 Symposium on Autonomous Underwater Vehicle
Technology (Cat. No.96CH35900)
New York, NY, USA: IEEE, 1996. p.231-7 of 492 pp. 5 refs.
Conference: Monterey, CA, USA, 2-6 June 1996
Sponsor(s): Oceanic Eng. Soc. IEEE
Price: CCCC 0 7803 3185 0/96/$5.00
ISBN: 0-7803-3185-0
DT Conference Article
TC Practical; Experimental
CY United States
LA English
AB Presents the software and hardware architectures of the autonomous
underwater vehicle controller (AUVC) developed at Texas A&M
University. It is a controller for a long range, highly reliable
UUV. Capabilities include mission planning/replanning, path
planning, energy management, collision avoidance, threat detection
and evasion, failure diagnosis and recovery, radio communication,
navigation, and recovery from its internal faults. In its first
version, functions were partitioned among eighteen loosely coupled
processes. Rule-based systems performed mission management and fault
diagnosis, while algorithmic control systems were used for
lower-level control. The original AUVC software was designed for a
network of sixteen processors in planar-2 configuration, with
redundant communication paths. A software component provided
reliable distributed computing.
TI Fault tolerance in distributed safety systems.
AU Gruber, T.; Kuhn, W.; Thuswald, M.; Staffel, G. (Bereich Ind.
Messtech. & Inf., Osterreichisches Forschungszentrum Seibersdorf,
Austria)
SO Elektrotechnik und Informationstechnik (1996) vol.113,
no.5, p.348-51. 8 refs.
Published by: Springer-Verlag
CODEN: EIEIEE ISSN: 0932-383X
SICI: 0932-383X(1996)113:5L.348:FTDS;1-E
DT Journal
TC Application; Practical
CY Austria
LA German
AB The practical
implementation of fault tolerant systems is described, on the basis of two examples
of industry cooperation in the areas of railway safety engineering
and security control systems technology.
TI Autonomous attitude determination and control
system for the OErsted satellite.
AU Bak, T.; Wisniewski, R.; Blanke, M. (Dept. of Control Eng., Aalborg
Univ., Denmark)
SO 1996 IEEE Aerospace Applications Conference. Proceedings (Cat.
No.96CH35904)
New York, NY, USA: IEEE, 1996. p.173-86 vol.2 of 4 vol.
(xx+428+440+424+512) pp. 15 refs.
Conference: Aspen, CO, USA, 3-10 Feb 1996
Sponsor(s): IEEE Aerosp. & Electron. Syst. Soc
Price: CCCC 0 7803 3196 6/96/$5.00
ISBN: 0-7803-3196-6
DT Conference Article
TC Application; Practical
CY United States
LA English
AB The entire control
and attitude determination system of the OErsted Satellite
has the ability to reconfigure in
real time, based on mission phase and contingency operation
requirements. Attitude determination embraces three different
strategies, dependent on the availability of attitude sensors.
Possible sensor faults are detected and a control system supervisor
autonomously reconfigures attitude determination. Estimated
satellite attitude and angular velocity are used in the attitude
controller. Control tasks vary with the mission phase.
The salient feature of this system is fault tolerant
autonomous operation with a minimum of hardware redundancy.
TI An on-line expert system-based fault-tolerant
control system.
AU Wei Liu (Dept. of Autom., Tangshan Inst. of Technol., Hebei, China)
SO Expert Systems with Applications (1996) vol.11, no.1,
p.59-64. 15 refs.
Doc. No.: S0957-4174(96)00006-1
Published by: Elsevier
Price: CCCC 0957-4174/96/$15.00+0.00
CODEN: ESAPEH ISSN: 0957-4174
SICI: 0957-4174(1996)11:1L.59:LESB;1-G
DT Journal
TC Practical
CY United Kingdom
LA English
AB Expert systems or artificial
intelligence have been used successfully in fault diagnosis of the
dynamic systems and their suitability for fault-tolerant control
problems has also been demonstrated. In this paper an online expert
system-based fault-tolerant control system (ESFTC) is considered
which allows reconfiguration of the controller in feedback process
systems during sensor or actuator failures or misoperation. It forms
an online expert system, which consists of an analytical problem
solution, a process knowledge base, a knowledge acquisition part and
an inference mechanism.
TI On the nature of deadlines [real time control systems].
AU Magalhaes, A.P. (Fac. de Engenharia, Porto Univ., Portugal); Rela,
M.Z.; Silva, J.G.
SO Microprocessors and Microsystems (April 1996) vol.20,
no.2, p.79-88. 28 refs.
Published by: Elsevier
Price: CCCC 0141-9331/96/$15.00
CODEN: MIMID5 ISSN: 0141-9331
SICI: 0141-9331(199604)20:2L.79:NDRT;1-8
DT Journal
TC Theoretical
CY United Kingdom
LA English
AB This article discusses the timeliness of real-time control services
as seen by control engineering and real-time scientific communities,
arguing that computer-controllers must be designed to meet nominal
deadlines that, under special circumstances, can be missed as long
as hard deadlines are still met It develops a unified approach
for establishing the nominal and the hard deadline of a
time-critical control service.
TI Design of a distributed fault-tolerant computer architecture applied to
the traffic control system IVMS.
AU Duschnig, E.; Weiss, R. (Inst. fuer Technische Inf., Graz Univ. of
Technol., Austria)
SO Proceedings. Second International Symposium on Parallel
Architectures, Algorithms, and Networks (I-SPAN '96) (Cat.
No.96TB100044)
Editor(s): Li, G.-J.; Hsu, D.F.; Horiguchi, S.; Maggs, B.
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1996.
p.341-4 of xiii+567 pp. 11 refs.
Conference: Beijing, China, 12-14 June 1996
Sponsor(s): Chinese Nat. Res. Center for Intelligent Comput. Syst.;
IEEE Comput. Soc.; IEEE Comput. Soc. Tech. Committee on Parallel
Process.; Steering Committee of the Chinese Nat. Hi-Tech Programme;
Inf. Process. Soc. Japan; Chinese Comput. Federation; IEICE Inf. &
Syst. Soc
Price: CCCC 1087-4089/96/$5.00
ISBN: 0-8186-7460-1
DT Conference Article
TC Application; Practical
CY United States
LA English
AB This paper presents the design of a fault-tolerant computer
architecture for the traffic control system IVMS (Intelligent
Variable Message Sign). In this project, IVMS stations with
point-to-point communication links are to be installed along
highways so as to control the traffic flow, yielding homogeneity.
The principal design goal is to achieve high system availability at
foul cost; the availability is calculated by Markov models.
We have found that a
distributed IVMS system based on simplex computers without static
redundancy, is the most interesting architecture, because it allows
degradation.
TI Upset detection for closed-loop laboratory HIRF testing of
fault tolerant aircraft control computers.
AU Belcastro, C.M. (NASA Langley Res. Center, Hampton, VA, USA);
Fischl, R.
SO 14th DASC Digital Avionics Systems Conference AIAA/IEEE (Cat.
No.95CH35873)
New York, NY, USA: IEEE, 1995. p.438-47 of 516 pp. 6 refs.
Conference: Cambridge, MA, USA, 5-9 Nov 1995
Price: CCCC 0 7803 3050 1/95/$4.00
ISBN: 0-7803-3050-1
DT Conference Article
TC Practical; Theoretical; Experimental
CY United States
LA English
AB Verifying integrity of the
control computer in adverse operating environments is a key issue in
the development, certification, and operation of critical control
systems. This paper considers the problem of applying distributed
detection techniques and decision fusion to monitoring the integrity
of fault tolerant redundant control computers. A strategy is
presented for monitoring a dynamic stochastic system for
malfunctions or upsets during closed-loop laboratory testing for
upset susceptibility due to HIRF.
TI Formalising human error resistance and human error tolerance.
AU Dearden, A.; Harrison, M. (Dept. of Comput. Sci., York Univ., UK)
SO Proceedings. Fifth International Conference on Human-Machine
Interaction and Artificial Intelligence in Aerospace. From
Operations to Design: Closing the Loop
Toulouse, France: Eur. Inst. Cognitive Sci. & Eng.-EURISCO,
1995. p.275-95 of 318 pp. 16 refs.
Conference: Toulouse, France, 27-29 Sept 1995
DT Conference Article
TC Theoretical
CY France
LA English
AB A key aim of human-machine interface design for aircraft control
systems is to prevent pilot errors from jeopardising the safety of
the aircraft. In terms of safety engineering designers should seek
designs that minimise the risk of human error. To achieve this
designers should aim to produce designs for control systems that
minimise the probability of human errors occurring, and that
minimise the adverse consequences when such errors do occur. We show
how, by using formal mathematical models as design representations
for aircraft control systems, properties that contribute to the
reduction of the risk from human error can be verified at an early
stage of the design process.
TI 777 Flight Controls validation process.
AU Buus, H.; McLees, R.; Orgun, M.; Pasztor, E.; Schultz, L. (Boeing
Commercial Airplanes, Seattle, WA, USA)
SO 14th DASC Digital Avionics Systems Conference AIAA/IEEE (Cat.
No.95CH35873)
New York, NY, USA: IEEE, 1995. p.394-402 of 516 pp. 0
refs.
Conference: Cambridge, MA, USA, 5-9 Nov 1995
Price: CCCC 0 7803 3050 1/95/$4.00
ISBN: 0-7803-3050-1
DT Conference Article
TC Practical
CY United States
LA English
AB The 777 airplane is the first Boeing commercial transport airplane
to use a full fly-by-wire Flight Control System. The Primary Flight
Control System (PFCS) provides manual airplane control and envelope
protection in all axes using conventional pilot controls and control
surfaces. Stability augmentation is provided in the pitch and yaw
axes. The Autopilot and Flight Director System (AFDS) provides
steering guidance for manual flight as well as automatic control of
the airplane from takeoff to landing roll-out. The autopilot
function of the AFDS provides low weather minimum operation down to
CAT IIIB minimums. This paper will summarize the 777 Flight Controls
validation process for the Primary Flight Control System and
Autopilot Flight Director System. The validation process includes
the development of the systems requirements to be validated, the
methods by which validation is accomplished, the allocation of
requirements to the most appropriate validation method, the means by
which traceability of this process is maintained, the problem
tracking system feedback to the process, and the organizational
management of the process.
TI Developing integrated hardware-software reliability models:
difficulties and issues [for digital avionics].
AU Boyd, M.A. (Comput. Sci. Div., NASA Ames Res. Center, Moffett Field,
CA, USA); Monahan, C.M.
SO 14th DASC Digital Avionics Systems Conference AIAA/IEEE (Cat.
No.95CH35873)
New York, NY, USA: IEEE, 1995. p.193-8 of 516 pp. 25 refs.
Conference: Cambridge, MA, USA, 5-9 Nov 1995
Price: CCCC 0 7803 3050 1/95/$4.00
ISBN: 0-7803-3050-1
DT Conference Article
TC Theoretical
CY United States
LA English
AB The development of integrated hardware-software system reliability
models is very difficult. This paper discusses some of the
differences between hardware and software reliability modeling which
make integrating them together so hard. It also discusses issues
that are unique to each and common to both, and lists open problems
that need to resolved.
TI Reliability issues for design and test of complex integrated
circuits [in avionic systems].
AU Harrison, L.H. (Galaxy Sci. Corp., Egg Harbor Towship, NJ, USA);
Saraceni, P.J., Jr.
SO 14th DASC Digital Avionics Systems Conference AIAA/IEEE (Cat.
No.95CH35873)
New York, NY, USA: IEEE, 1995. p.173-7 of 516 pp. 4 refs.
Conference: Cambridge, MA, USA, 5-9 Nov 1995
Price: CCCC 0 7803 3050 1/95/$4.00
ISBN: 0-7803-3050-1
DT Conference Article
TC Practical
CY United States
LA English
AB This paper introduces the topic, Complex Integrated
Circuits, along with some of the certification risks associated with
this technology. This work is a partial summary of a technical
report prepared for the FAA Technical Center's Airport and Aircraft
Safety R&D Branch, Flight Safety Research Section. This paper seeks
to highlight some of the problems associated with complex digital
hardware used in digital flight control and avionic systems.
TI Fault tolerant techniques for a water turbine runner
control system.
AU Yidong Feng; Guangqiong Zhang (Inst. for Fluid Power Transmission &
Control, Zhejiang Univ., Hangzhou, China)
SO Proceedings of the IASTED International Conference Reliability
Engineering and Its Applications
Editor(s): Pham, H.
Anaheim, CA, USA: IASTED-ACTA Press, 1994. p.33-6 of 54
pp. 5 refs.
Conference: Honolulu, HI, USA, 15-17 Aug 1994
Sponsor(s): IASTED
ISBN: 0-88986-192-7
DT Conference Article
TC Practical; Theoretical
CY United States
LA English
AB A new hydro-turbine runner control system (HRCS) has been developed
to replace the conventional HRCS, which is constructed with
mechanical components. The new HRCS is based on the dual STD bus
computers and the proportional electrohydraulic valves are
characterized with highly reliable fault tolerance. In this system,
the fault tolerant techniques such as redundancy, fault detection,
recombination, etc. have been applied successfully to achieve high
reliability. The hardware structure, fault detection techniques,
system rearrangement ability and reliability analysis are described
in this paper.
TI The Development Framework: work in progress towards a real-time
control system design environment.
AU Hajji, M.S.; Bass, J.M.; Browne, A.R.; Schroder, P. (Dept. of Autom.
Control & Syst. Eng., Sheffield Univ., UK); Croll, P.R.; Fleming,
P.J.
SO IEE Colloquium on Advances in Computer-Aided Control System Design
(Digest No.96/061)
London, UK: IEE, 1996. p.4/1-3 of 40 pp. 10 refs.
Conference: London, UK, 14 March 1996
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB This paper describes work in progress on two extensions to the
environment of a Development Framework for the design of control
system software; hybrid system design and design of dependable
systems. The Development Framework automatically converts a control
engineering specification into a parallel implementation. Hybrid
control systems are a combination of real-time control law and
discrete-state logic. The Framework can be adapted so that it may
handle discrete events such as mode switching. A statechart tool,
Statemate [i-Logix95], is used to specify and model discrete-state
components.
TI A distributed safety-critical system for real-time train control.
AU Ghosh, A.K.; Rana, V.; Johnson, B.W. (Dept. of Electr. Eng.,
Virginia Univ., Charlottesville, VA, USA); Profeta, J.A., III
SO Proceedings of the 1995 IEEE IECON. 21st International Conference on
Industrial Electronics, Control, and Instrumentation (Cat.
No.95CH35868)
New York, NY, USA: IEEE, 1995. p.760-7 vol.2 of 2 vol.
(xlv+xxx+1651) pp. 16 refs.
Conference: Orlando, FL, USA, 6-10 Nov 1995
Sponsor(s): Ind. Electron. Soc. IEEE; Soc. Instrum. & Control Eng.
Japan
Price: CCCC 0 7803 3026 9/95/$4.00
ISBN: 0-7803-3026-9
DT Conference Article
TC Application; Practical
CY United States
LA English
AB An architecture and methodology for executing a train control
application in an ultra-safe manner is presented in this paper.
Prior work in advanced train control systems are summarized along
with their assumptions and drawbacks. A flexible architecture that
allows fault-tolerant and fail-safe operation is presented for a
distributed control system. A safety assurance technique which
detects errors in software and hardware for simplex systems is
presented in this paper.
TI Mechanisms of operating systems supporting fault-tolerance
of multicomputer control systems.
AU Mamedli, E.M.; Sobolev, N.A. (Inst. of Control Sci., Acad. of Sci.,
Moscow, Russia)
SO Automation and Remote Control (Aug. 1995) vol.56, no.8, pt.1,
p.1065-105. 108 refs.
Published by: Consultants Bureau
Price: CCCC 0005-1179/95/5608-1065$12.50
CODEN: AURCAT ISSN: 0005-1179
SICI (Trl): 0005-1179(199508)56:8:1L.1065:MOSS;1-Z
Translation of: Avtomatika i Telemekhanika (Aug. 1995)
vol.56, no.8, p.3-63. 108 refs.
CODEN: AVTEAI ISSN: 0005-2310
SICI: 0005-2310(199508)56:8L.3;1-O
DT Journal; Translation Abstracted
TC Bibliography; Practical; Theoretical
CY Russian Federation; United States
LA English
AB Relationships between the methods for control and recovery of
computations in fault-tolerant multicomputer control systems are
formulated. The impact on fault-tolerance of resource allocation
(determinate or random) within the computer system and of particular
realization of synchronous interaction between computers executing
copies of applications is determined. The design of efficient
facilities for control of computations in systems with determinate
and random resource allocation is shown to be of a dual nature. Any
attempt to realize a general-purpose operating system adjustable to
a particular real-time environment is shown, to result inevitably in
lower fault-tolerance.
TI Hardware and software fault tolerance using fail-silent
virtual duplex systems.
AU Echtle, K.; Lovric, T. (Fachbereich Inf., Dortmund Univ., Germany)
SO Fault-Tolerant Parallel and Distributed Systems (Cat. No.94TH0628-8)
Editor(s): Pradhan, D.; Avresky, D.
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1995.
p.10-17 of xv+285 pp. 17 refs.
Conference: College Station, TX, USA, 12-14 June 1994
Price: CCCC 0 8186 6807 5/95/$4.00
ISBN: 0-8186-6807-5
DT Conference Article
TC Practical
CY United States
LA English
AB Safety-critical systems must detect and tolerate hardware and
software faults. The multiple virtual duplex system, the new scheme
we propose for application in distributed control systems,
efficiently covers both objectives. It comprises design and
systematic diversity, time redundancy and a minimal amount of nodes.
As a building block we use the virtual duplex system, which executes
diverse variants of the software sequentially on a single node. For
large control systems we offer two protocol types: the communication
overhead can be kept low by a simple protocol, or can be slightly
increased to enable a pipeline, leading to a drastic reduction in
the required time.
TI The design and implementation of multiprocessor-based fault
-tolerant cell controller for FMS.
AU Xiao Gang; Dou Wenhua (Dept. of Comput. Sci., Changsha Inst. of
Technol., Changsha, China)
SO Proceedings of the SPIE - The International Society for Optical
Engineering (1995) vol.2620, p.387-92. 10 refs.
Published by: SPIE-Int. Soc. Opt. Eng
Price: CCCC 0 8194 2012 3/95/$6.00
CODEN: PSISDG ISSN: 0277-786X
SICI: 0277-786X(1995)2620L.387:DIMB;1-0
Conference: International Conference on Intelligent Manufacturing.
Wuhan, China, 14-17 June 1995
Sponsor(s): Nat. Natural Sci. Found.; Huazhong Univ. Sci. &
Technol.; SPIE; K.C. Wong Educ. Found
DT Conference Article; Journal
TC Practical
CY United States
LA English
AB Flexible manufacturing system (FMS) provides many benefits such as:
increased machine utilisation, increased productivity, reduced
labour, reduced lead time, consistent product quality and so on, but
the complexity of the manufacturing control system makes it
unreliable. Multiprocessor systems provide high performance and very
good environments for fault tolerance and monitoring, so the
reliability of the control system for FMS can be greatly improved.
YH-MCS is a multiprocessor based cell controller for FMS based on
transputers and PCs implemented in China. The paper describes its
characteristics and implementation issues on architecture, fault
tolerance and fault location.
TI Evolving fault tolerant systems.
AU Thompson, A. (Sussex Univ., Brighton, UK)
SO First International Conference on 'Genetic Algorithms in Engineering
Systems: Innovations and Applications' GALESIA (Conf. Publ. No.414)
London, UK: IEE, 1995. p.524-9 of xvi+548 pp. 11 refs.
Conference: Sheffield, UK, 12-14 Sept 1995
Sponsor(s): IEE
DT Conference Article
TC Theoretical
CY United Kingdom
LA English
AB The conventional mechanism used to gain fault tolerance is
redundancy. In contrast, the paper suggests that artificial
evolution can be used to produce systems that are inherently
insensitive to faults, with fault tolerance becoming part of the
task specification. The possible techniques are investigated, and
the study is grounded in a real world evolved electronic control
system for a robot.
TI Low cost fault tolerant distributed control for
fly-by-light systems.
AU Morrison, B.D.; Robillard, M.N. (Equipment Div., Raytheon Co.,
Marlborough, MA, USA)
SO Proceedings of the SPIE - The International Society for Optical
Engineering (1994) vol.2295, p.46-51. 1 refs.
Price: CCCC 0 8194 1619 3/94/$6.00
CODEN: PSISDG ISSN: 0277-786X
Conference: Fly-by-Light. San Diego, CA, USA, 27-28 July 1994
Sponsor(s): SPIE
DT Conference Article; Journal
TC Practical
CY United States
LA English
AB Distributed intelligence, fault tolerance, and fiber optic
technology hold significant promise when applied to complex
sensor/actuator systems such as those found in primary and secondary
flight control systems. This paper outlines the theory of operation
and configuration of a fault tolerant distributed control system
jointly developed by Raytheon Company and Beech Aircraft
Corporation. The system's benefits accrue from the union of fiber
optic performance advantages with the low cost of fault-tolerant
distributed sensing and control techniques. The initial
configuration comprises low-cost fault-tolerant computers which
control, monitor and display the functions of two JT15D-5 engines
and their thrust reversers across redundant fiber networks. Pilot
inputs are transmitted digitally over a redundant fiber optic
network using a distributed fault-tolerant processing architecture.
In the distributed control-by-light (CBL) system, low-cost
intelligent nodes are placed at the site of the sensors, actuators,
control inputs, feedback devices, and displays across the entire
aircraft.
TI Implementation of a digital reactor control and protection system.
AU Heyck, H. (Paul Scherrer Inst., Villigen, Switzerland)
SO Advanced Control and Instrumentation Systems in Nuclear Power
Plants. Design, Verification and Validation. IAEA/IWG/ATWR & NPPCI
Technical Committee Meeting (VTT-SYMP-147)
Editor(s): Haapanen, P.
Espoo, Finland: Tech. Res. Centre of Finland, 1995.
p.223-34 of 578 pp. 4 refs.
Conference: Espoo, Finland, 20-23 June 1994
DT Conference Article
TC Practical
CY Finland
LA English
AB The instrumentation and control and the reactor protection system
(RPS) of PSI's swimming pool reactor SAPHIR is retrofitted with a
functionally and geographically distributed digital system, on the
basis of a currently available system for power plants (PROCONTROL
P13/42 from ABB). The integration of the reactor protection
functions into the operational control system, not practised in the
past, offers advantages compared to the conventional separation
between protection and control systems, such as the use of the same
type of hardware and software for maintenance, automatic testing and
troubleshooting.
TI Dependability assessment using binary decision diagrams (BDDs).
AU Doyle, S.A. (Dept. of Comput. Sci., Duke Univ., Durham, NC, USA);
Dugan, J.B.
SO Twenty-Fifth International Symposium on Fault-Tolerant Computing.
Digest of Papers (Cat. No.95CB35823)
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1995.
p.249-58 of xxiii+547 pp. 15 refs.
Conference: Pasadena, CA, USA, 27-30 June 1995
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Fault-Tolerant
Comput.; LAAS-CNRS, France; Univ. Illinois at Urbana-Champaign;
Univ. California at Los Angeles; Jep Propulsion Lab.; IFIP WG 10.4
Price: CCCC 0731-3071/95/$4.00
ISBN: 0-8186-7079-7
DT Conference Article
TC Theoretical
CY United States
LA English
AB Presents the DREDD (Dependability and Risk Evaluation using Decision
Diagrams) algorithm which incorporates coverage modeling into a BDD
solution of a combinatorial model. BDDs, which do not use cutsets to
generate system unreliability, can be used to find exact solutions
for extremely large systems. The DREDD algorithm takes advantage of
the efficiency of the BDD solution approach and increases the
accuracy of a combinatorial model by including consideration of
imperfect coverage. The usefulness of combinatorial models, long
appreciated for their logical structure and concise representational
form, is extended to include many fault-tolerant systems previously
thought to require more complicated analysis techniques in order to
include coverage modeling. In this paper, the DREDD approach is
presented and applied to the analysis of two sample systems, the F18
flight control system and a fault-tolerant multistage
interconnection network.
TI Design and analysis of a fault-tolerant supervisory
control station using dual computers.
AU Yan-Chang Chen; Tai-Jee Pan (Dept. of Comput. Sci. & Eng., Tatung
Inst. of Technol., Taipei, Taiwan)
SO 1994 International Computer Symposium Conference Proceedings
Hsinchu, Taiwan: Nat. Chiao Tung Univ, 1994. p.25-30 vol.1
of 2 vol. xvi+1310 pp. 11 refs.
Conference: Hsinchu, Taiwan, 12-15 Dec 1994
Sponsor(s): Ministr. Educ.; Comput. Soc
DT Conference Article
TC Practical
CY Taiwan, Province of China
LA English
AB Presents the design of a redundant supervisory control station using
networked computers. The design focuses on the development of a
model that represents the interaction between the master and the
standby computers; this interaction ensures continuing operation and
facilitates a recovery process in case of system failure. The design
system is analyzed by Petri-net theory to verify non-stop execution
ability.
TI Comparing control systems reliability-
architecture, diagnostics, and common cause.
AU Bukowski, J.V. (Dept. of Electr. Eng., Villanova Univ., PA, USA);
Goble, W.M.
SO Proceedings of the Industrial Computing Conference. ICS/94
Research Triangle Park, NC, USA: ISA, 1994. p.399-407 of
xiii+410 pp. 7 refs.
Conference: Anaheim, CA, USA, 23-28 Oct 1994
Price: CCCC 1058-8655/94/399-407/$0+.50pp
DT Conference Article
TC Practical
CY United States
LA English
AB Several aspects
of system design are critical to high reliability/high safety
systems. The primary aspects are online diagnostic coverage,
susceptibility to common cause stress, and system architecture. This
paper compares three control system architectures and shows how
reliability and safety vary with diagnostics and common cause
susceptibility.
TI Scheduling strategies for periodic tasks to avoid timing
faults in critical control systems.
AU Chetto, H. (Nantes Univ., France); Silly, M.
SO Automatic Control. World Congress 1993. Proceedings of the 12th
Triennial World Congress of the International Federation of
Automatic Control. Vol.2. Robust Control, Design and Software
Editor(s): Goodwin, G.C.; Evans, R.J.
Oxford, UK: Pergamon, 1994. p.725-8 of xviii+848 pp. 7
refs.
Conference: Sydney, NSW, Australia, 18-23 July 1993
Sponsor(s): IFAC; IMACS; IFIP; IFORS; Int. Meas. Confederation
ISBN: 0-08-042213-6
DT Conference Article
TC Practical; Theoretical
CY United Kingdom
LA English
AB A key issue in the design of a real-time system is to determine an
appropriate fault-tolerant mechanism so that the occurrence of any
erroneous state does not result in a timing failure (i.e. deadline
missing). In this paper, the deadline mechanism, which is a
variation of the recovery block scheme is used to support timing and
software fault-tolerance. We show how it can be easily implemented
in a uniprocessor machine through an scheduling strategy which
provides predictability and adaptivity.
TI A proposal for error-tolerating codes.
AU Matsubara, T.; Koga, Y. (Dept. of Comput. Sci., Nat. Defense Acad.,
Yokosuka, Japan)
SO Digest of Papers FTCS-23 The Twenty-Third International Symposium on
Fault-Tolerant Computing
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, Aug. 1993.
p.130-6 of xxii+685 pp. 3 refs.
Conference: Toulouse, France, 22-24 June 1993
Sponsor(s): IEEE
Price: CCCC 0731-3071/93/$3.00
ISBN: 0-8186-3680-7
DT Conference Article
TC Application; Practical
CY United States
LA English
AB An extended concept of error-tolerating codes is presented and some
examples of error-tolerating codes are introduced. An erroneous
codeword of the proposed error-tolerating code may occur in the
codespace; however, in this case, the erroneous codeword is required
to be in a defined neighborhood of the original codeword. When no
error is detected in a word, the word may differ from the original
codeword, but it is trustworthy and can be used in a system without
any error-correction or error-recovery procedures. An
error-tolerating code is presented as an example. This code can be
used for to implement analog-to-digital converting devices which are
useful for dependable high-speed real-time control systems.
TI The reliability assessment of the control and instrumentation
systems for Sizewell B.
AU Orme, S.
SO Thermal Reactor Safety Assessment. Proceedings of the Conference
London, UK: British Nucl. Energy Soc, 1994. p.1-8 of 264
pp. 4 refs.
Conference: Manchester, UK, 23-26 May 1994
Sponsor(s): ANS; Atomic Energy Soc. Japan; British Nucl. Forum; Eur.
Nucl. Soc.; et al
ISBN: 0-7277-1993-9
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB The Control and Instrumentation (C and I) systems for a nuclear
power station must be shown to meet the system requirements set down
for them at the beginning of the design phase. These system
requirements include the targets for the reliability to be achieved
by the systems. It is necessary to show that the systems meet the
reliability targets in order to support the assumptions made in the
station safety analysis. The purpose of this paper is to describe
the work that has been performed by the various organisations to
assess the hardware reliability of some of the key C and I systems
for Sizewell B.
TI Built-in diagnostics for advanced power management.
AU Darty, M. (McDonnell Douglas Aerosp., Huntsville, AL, USA); Li Pi
Su; Bosco, C.
SO Conference Proceedings. AUTOTESTCON '94. IEEE Systems Readiness
Technology Conference. 'Cost Effective Support Into the Next
Century' (Cat. No.94CH3436-3)
New York, NY, USA: IEEE, 1994. p.399-407 of xxxv+763 pp. 2
refs.
Conference: Anaheim, CA, USA, 20-22 Sept 1994
Sponsor(s): IEEE Instrum. & Meas. Soc.; IEEE Aerosp. & Electron.
Syst. Soc.; IEEE Los Angeles Council
Price: CCCC 0 7803 1910 9/94/$3.00
ISBN: 0-7803-1910-9
DT Conference Article
TC Practical
CY United States
LA English
AB The Army's Diagnostic Analysis and Repair Tool Set (DARTS) is an
advanced software product used to perform automated fault
diagnostics that results in reduced logistics costs, decreased
downtime and enhanced mission performance. DARTS enabled automated,
knowledge based fault diagnostics to be embedded in the Advanced
Modular Power Control System (AMPCS). AMPCS is an integrated
hardware and software product for aerospace power management. DARTS
was used in a concurrent engineering design environment as a
computer aided engineering tool to optimize the fault detection and
fault isolation characteristics of the AMPCS prototype design.
TI Dynamic reallocation of processes and system dimensioning in
fault-tolerant control systems.
AU Piuri, V. (Dept. of Electron. & Inf., Politecnico di Milano, Italy)
SO Conference Record IMTC/93
New York, NY, USA: IEEE, May 1993. p.752-7 of xxvi + 793
pp. 11 refs.
Conference: Irvine, CA, USA, 18-20 May 1993
Sponsor(s): IEEE
Price: CCCC 0-7803-1229-5/93/$3.00
ISBN: 0-7803-1229-5
DT Conference Article
TC Practical; Experimental
CY United States
LA English
AB The author considers the problem of the dynamic
reallocation of the computation, so that a higher number of faults
can be tolerated, possibly with degraded performance and
functionalities at low costs. The computation is modeled by using
concurrent communicating processes, while the hardware structure
considers multiprocessor distributed systems. The stochastic
evaluation of the software performance is concerned with the
capabilities of dealing with external events within a given maximum
time. The hardware dimensioning is optimized at the same time as the
software allocation. Redundant hardware resources are introduced to
take into account the additional requirements of the spare
processes.
TI The design of fault tolerant, high-performance
control systems.
AU Tyrrell, A.M. (Dept. of Electron., York Univ., UK)
SO IEE Colloquium on 'High Performance Computing for Advanced Control'
(Digest No.1994/241)
London, UK: IEE, 1994. p.5/1-4 of 36 pp. 6 refs.
Conference: London, UK, 8 Dec 1994
Sponsor(s): IEE
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB There are a number of additional
difficulties when designing fault-tolerance into parallel systems
compared with the design of sequential systems. In addition to the
problems associated with single processor system design, such as
error detection and system recovery, parallel system designs must
also consider error confinement, communication faults, distributed
placement of fault-tolerant mechanisms and coordination of error
detection and system recovery. The complexity of parallel and
distributed systems puts considerable emphasis on a system designer
if systems are to be resilient to faults
The paper considers work performed that is
designed to deal with some of these problems in an attempt to make
parallel and distributed systems both efficient and
fault-tolerant-the goal for designing all such systems.
TI EPICS communication loss management.
AU Hill, J.O. (Los Alamos Nat. Lab., NM, USA)
SO Nuclear Instruments & Methods in Physics Research, Section A
(Accelerators, Spectrometers, Detectors and Associated Equipment)
(15 Dec. 1994) vol.352, no.1-2, p.218-20. 2 refs.
Price: CCCC 0168-9002/94/$07.00
CODEN: NIMAER ISSN: 0168-9002
Conference: Third International Conference on Accelerator and Large
Experimental Physics Control Systems. Berlin, Germany, 18-23 Oct
1993
DT Conference Article; Journal
TC Practical
CY Netherlands
LA English
AB A robust
distributed control system should properly respond to temporary loss
of communication with any portion of the system. This temporary loss
could be caused by hardware or software failures or it could be
caused by reconfiguring or rebooting other portions of the system.
For the Experimental Physics and Industrial Control System we have
handled these temporary outages consistently and reliably. This
capability makes it possible for distributed functions such as loop
closure, sequencing, archiving, or operator consoles to take proper
action at the beginning and end of the loss of communication with
another part of the system. The control system continues to function
in a degraded mode while some of its subsystems are not responding
and resumes normal operation once a subsystem is restored.
TI A solution to an automotive control system
benchmark.
AU Kopetz, H. (Wien Univ., Austria)
SO Proceedings. Real-Time Systems Symposium (Cat. No.94CH35728)
Los Alamitos, CA, USA: IEEE Comput. Soc. Press, 1994.
p.154-8 of x+299 pp. 11 refs.
Conference: San Juan, Puerto Rico, 7-9 Dec 1994
Sponsor(s): IEEE Comput. Soc. Tech. Committee on Real-Time Syst
Price: CCCC 1052-8725/94/$04.00
ISBN: 0-8186-6600-5
DT Conference Article
TC Practical
CY United States
LA English
AB The Society of Automotive Engineers (SAE) has recently published a
set of requirements and a control benchmark which is able to compare
the effectiveness of new protocol proposals for safety-critical
automotive systems. This paper presents a solution to this benchmark
problem that is based on the Time Triggered Protocol (TTP). TTP
integrates all services required for the implementation of
fault-tolerant hard real-time systems, while trying to minimize the
bandwidth requirements.
TI Fault tolerance in supervisory control
systems: a knowledge-based approach.
AU Askounis, D.T.; Assimakopoulos, V.; Psarras, J. (Dept. of Electr.
Eng., Nat. Tech. Univ. of Athens, Greece)
SO Journal of Intelligent Manufacturing (Oct. 1994) vol.5,
no.5, p.323-31. 13 refs.
CODEN: JIMNEM ISSN: 0956-5515
DT Journal
TC Theoretical
CY United Kingdom
LA English
AB Existing fault tolerance
approaches, wherever used, deal mainly with hardware faults.
Nevertheless, the vast majority of contemporary system failures are
software related. This paper introduces a knowledge-based approach
to handling software related faults occurring in supervisory control
systems. These systems are event driven and use data, stored in
complex databases, to react to events coming from different kinds of
devices by identifying, scheduling, initiating and monitoring
operations. Failure of part of the supervisory control system's
software to behave rationally when unexpected events occur is called
an application fault. The approach introduced in this paper is based
on a supervisory control system reference model which reveals the
set of all possible application faults together with the major
functions of the recovery processes associated with each fault, and
leads to a high-level knowledge-based system architecture capable of
handling every fault-related condition. This system is called PROFIT
(Intelligent PROduction systems Fault Tolerance) and consists of
three main components: the fault diagnosis module, the instant fault
correction module and the learning module, co-ordinated by a PROFIT
meta-level module.
TI A fuzzy logic supervisor for reconfigurable flight control
systems.
AU Copeland, R.P.; Rattan, K.S. (Dept. of Electr. Eng., Wright State
Univ., Dayton, OH, USA)
SO Proceedings of the IEEE 1994 National Aerospace and Electronics
Conference NAECON 1994 (Cat. No.94CH3431-4)
New York, NY, USA: IEEE, 1994. p.579-86 vol.1 of 2 vol.
xviii+1346 pp. 10 refs.
Conference: Dayton, OH, USA, 23-27 May 1994
Sponsor(s): Dayton Sect. IEEE; Aerosp. & Electron. Syst. Soc. IEEE
Price: CCCC CH3431-4/94/0000-0579$1.00
ISBN: 0-7803-1893-5
DT Conference Article
TC Practical; Theoretical; Experimental
CY United States
LA English
AB The design of a fuzzy logic supervisor for a reconfigurable flight
control law is described in this paper. The objective of the
supervisor is to maintain the original performance of the aircraft
after effector failure by adjusting the gains of the existing
control law. In this design the pitch axis control of the unmanned
research vehicle was selected as the test platform. The set of fuzzy
rules obtained ensures the even distribution of control authority to
the remaining healthy effecters. A comparison of the reconfigured
aircraft response with and without the fuzzy logic supervisor is
presented. Simulation results show an improvement in the
reconfigured response using a fuzzy logic supervisor.
TI Failure sensitivity and robustness in reconfigurable
flight control systems.
AU Wu, N.E.; Tijian Chen (Binghamton Univ., NY, USA)
SO Proceedings of the IEEE 1994 National Aerospace and Electronics
Conference NAECON 1994 (Cat. No.94CH3431-4)
New York, NY, USA: IEEE, 1994. p.548-55 vol.1 of 2 vol.
xviii+1346 pp. 22 refs.
Conference: Dayton, OH, USA, 23-27 May 1994
Sponsor(s): Dayton Sect. IEEE; Aerosp. & Electron. Syst. Soc. IEEE
Price: CCCC CH3431-4/94/0000-0548$1.00
ISBN: 0-7803-1893-5
DT Conference Article
TC Theoretical
CY United States
LA English
AB This paper is concerned with the design of reconfigurable flight
control systems furnished with aerodynamic redundancy. Our focus is
directed towards dealing with the aircraft surface impairment such
as locked, float, or missing surfaces. We propose a control design
criterion that facilitates the detection of failures without
compromising the required performance robustness. Details are
carried out for the design of the pitch axis controller of an
experimental highly maneuverable aircraft, where redundancy in the
control authority is provided by both the elevens and the canards.
The design effort is
focused on the selection of controllers that can differentiate their
effects on failures that require a control reconfiguration from the
effects on other uncertainties that do not require a control
reconfiguration.
TI Conceptual design of test aides for flight critical control
systems.
AU Houchard, J.H. (Frontier Technol. Inc., Beavercreek, OH, USA)
SO Proceedings of the IEEE 1994 National Aerospace and Electronics
Conference NAECON 1994 (Cat. No.94CH3431-4)
New York, NY, USA: IEEE, 1994. p.911-18 vol.2 of 2 vol.
xviii+1346 pp. 0 refs.
Conference: Dayton, OH, USA, 23-27 May 1994
Sponsor(s): Dayton Sect. IEEE; Aerosp. & Electron. Syst. Soc. IEEE
Price: CCCC CH3431-4/94/0000-0911$1.00
ISBN: 0-7803-1893-5
DT Conference Article
TC Practical
CY United States
LA English
AB This paper describes the conceptual design of a suite of tools that
will aid and/or automate various aspects of the control system
verification and validation process. The suite provides for the
definition of system data, generation of test procedures, and
semi-automated test execution and evaluation. One element of this
long-range vision, the Test Procedure Generator, is in the early
stages of development under NASA's Small Business Innovative
Research program. The TPG supports testing at the component,
subsystem and complete system levels. It accepts system design data,
including component and interface layout, as well as detailed
component behavioral specifications defined using functional block
diagrams.
TI Dependable computing for railway control systems.
AU Mongardi, G. (ANSALDO Transport, Genova, Italy)
SO Dependable Computing for Critical Applications 3
Editor(s): Landwher, C.E.; Randell, B.; Simoncini, L.
Wien, Austria: Springer-Verlag, 1993. p.255-77 of xii+381
pp. 13 refs.
Conference: Mondello, Italy, 14-16 Sept 1992
Sponsor(s): IFIP
ISBN: 3-211-82481-2
DT Conference Article
TC Practical
CY Austria
LA English
AB The paper deals with a dependable microprocessor system applied to
control equipment and train movements in a railway station. First,
application general requirements are outlined and basic principles
and adopted techniques for dependability are shown; hardware and
software vital architecture are described. Then some details about
application specific features are given, in order to present a
suitable software verification and validation environment and to
explain procedures and tools for system design. Some hints about
first installations and relevant results are also given.
TI Control reconfiguration in the presence of software failures.
AU Bodson, M. (Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ.,
Pittsburgh, PA, USA); Lehoczky, J.; Rajkumar, R.; Sha, L.; Soh, D.;
Smith, M.; Stephan, J.
SO Proceedings of the 32nd IEEE Conference on Decision and Control
(Cat. No.93CH3307-6)
New York, NY, USA: IEEE, 1993. p.2284-9 vol.3 of 4 vol.
66+3898 pp. 14 refs.
Conference: San Antonio, TX, USA, 15-17 Dec 1993
Sponsor(s): IEEE Control Syst. Soc
Price: CCCC 0191-2216/93/$3.00
ISBN: 0-7803-1298-8
DT Conference Article
TC Practical; Theoretical
CY United States
LA English
AB In this paper, we discuss a special approach for software fault
tolerance in control applications. A full-function,
high-performance, but complex control system is complemented by an
error-free implementation of a highly reliable control system of
lower functionality. When the correctness of the high-performance
controller is in doubt, the reliable control system takes over the
execution of the task. An innovative feature of the approach is the
disparity between the two control systems, which is used to exploit
the relative advantages of the simple/reliable vs.
complex/high-performance systems. Another innovative feature is the
fault detection mechanism, which is based on measures of performance
and of safety of the control system.
TI Design of fault-tolerant distributed control systems.
AU Piuri, V. (Dept. of Electron. & Inf., Politecnico di Milano, Italy)
SO IEEE Transactions on Instrumentation and Measurement (April
1994) vol.43, no.2, p.257-64. 11 refs.
Price: CCCC 0018-9456/94/$4.00
CODEN: IEIMAO ISSN: 0018-9456
Conference: 10th Annual IEEE Instrumentation and Measurement
Technology Conference - IMTC '93. Irvine, CA, USA, 18-20 May 1993
DT Conference Article; Journal
TC Theoretical; Experimental
CY United States
LA English
AB In this paper, hardware dimensioning, the optimum allocation of the
computation, and the fault-tolerance issues are afforded
contemporaneously, with specific attention to the design of
dedicated distributed control systems. A single optimization frame
is defined to identify a globally optimum solution with respect to
these conflicting goals.
TI Reliability analysis of the X-29A flight control
system software.
AU Davis, G.J. (NASA Ames Res. Center, Moffett Field, CA, USA); Earls,
M.R.; Patterson-Hine, F.A.
SO Journal of Computer and Software Engineering (1993) vol.1,
no.4, p.325-48. 8 refs.
CODEN: JCOSE5 ISSN: 1069-5451
DT Journal
TC Application; Practical
CY United States
LA English
AB Software reliability measurements of safety-critical software
systems are not well understood. In particular, a significant part
of the testing of flight control software for high performance
aircraft is performed in full-up systems tests, so the applicability
of models developed for pure software systems is unknown. In this
study, data from flight tests of the X-29A forward-swept wing
aircraft, performed at NASA's Dryden Flight Research Facility, are
analyzed with the Statistical Modeling and Estimation of Reliability
Functions for Software (SMERFS) modeling package. Results from this
analysis are presented following a description of the data
collection and documentation process utilized by the X-29 program.
These results are used to assess the applicability of these models
and their prediction capabilities in a flight test environment.
TI Fault tolerant design for field control stations.
AU Matsuda, T.; Sogo, S.; Sano, H.; Hamaza, M.
SO Yokogawa Technical Report (English Edition) (May 1994)
no.18, p.10-13. 0 refs.
CODEN: YTREEO ISSN: 0911-8977
DT Journal
TC Practical
CY Japan
LA English
AB This paper describes the fault-tolerant design of the duplexed
(dual-redundant) field control station in the CENTUM CS system. The
design features enhanced error detection functions, and minimal
interruption to control when switching between active and standby
processors.
TI VOTRICS: a highly predictable fault tolerant system
architecture.
AU Appel, B. (ELIN Res. Centre, Alcatel Austria AG, Wien, Austria)
SO Real Time Computing. Proceedings of the NATO Advanced Study
Institute
Editor(s): Halang, W.A.; Stoyenko, A.D.
Berlin, Germany: Springer-Verlag, 1994. p.630-1 of
xxii+762 pp. 0 refs.
Conference: Sint Maarten, Dutch Antilles, 5-17 Oct 1992
ISBN: 3-540-57558-8
DT Conference Article
TC Practical
CY Germany
LA English
AB VOTRICS is it fault-tolerant system architecture intended to provide
a variety of control systems with high availability and reliability.
VOTRICS provides message-passing services between actively
replicated components. Event-triggered applications in loosely- as
well as tightly-coupled computer systems are supported.
TI The impact of real-time on the fault-tolerant distributed
RDC-System.
AU Bonn, G. (Fraunhofer-Inst. fur Inf.- und Datenverarbeitung,
Karlsruhe, Germany)
SO Real Time Computing. Proceedings of the NATO Advanced Study
Institute
Editor(s): Halang, W.A.; Stoyenko, A.D.
Berlin, Germany: Springer-Verlag, 1994. p.536-8 of
xxii+762 pp. 0 refs.
Conference: Sint Maarten, Dutch Antilles, 5-17 Oct 1992
ISBN: 3-540-57558-8
DT Conference Article
TC Application; Practical
CY Germany
LA English
AB The RDC-System (Really Distributed Computer Control System)
developed by IITB has been successfully applied in many industrial
automation projects. It provides distributed fault-tolerance and is
based on a redundant fibre optical network. The application programs
are highly real-time sensitive and are written in PEARL with
extensions for distribution and fault-tolerance support. This paper
gives a short outline of the main characteristics of RDC with
respect to real-time, fault-tolerance and distribution, and
summarizes some lessons learnt from the multiple industrial
applications in steel production and car manufacturing.
TI Safety licensing and formal correctness of high integrity embedded
systems.
AU Cullyer, J. (Dept. of Eng., Warwick Univ., Coventry, UK)
SO Real Time Computing. Proceedings of the NATO Advanced Study
Institute
Editor(s): Halang, W.A.; Stoyenko, A.D.
Berlin, Germany: Springer-Verlag, 1994. p.161-85 of
xxii+762 pp. 22 refs.
Conference: Sint Maarten, Dutch Antilles, 5-17 Oct 1992
ISBN: 3-540-57558-8
DT Conference Article
TC Theoretical
CY Germany
LA English
AB This paper describes techniques for applying formal mathematical
methods to the specification and design of high integrity embedded
control systems which are implemented using microprocessors and
real-time software. The techniques
described in this paper are intended to provide a practical route
for the development of highly critical systems. By combining
the specification language Higher Order Logic (HOL) with the
disciplined use of annotated subsets of the computer programming
languages such as Ada, a framework has been developed for the
development of the operational software for practical
safety-critical equipment.
TI Dependable flight control system using data
diversity with error recovery.
AU Christmansson, J.; Kalbarczyk, Z.; Torin, J. (Lab. for Dependable
Computing, Chalmers Univ. of Technol., Goteborg, Sweden)
SO Computer Systems Science and Engineering (April 1994)
vol.9, no.2, p.142-50. 18 refs.
CODEN: CSSEEI ISSN: 0267-6192
Conference: Pacific Rim Fault Tolerant Computing (PRFTC) Conference.
Melbourne, Vic., Australia, 16-17 Dec 1993
DT Conference Article; Journal
TC Practical
CY United Kingdom
LA English
AB Presents a method for the tolerance of software design faults in a
flight control system, based on a distributed periodic system in
which the processing is performed in nodes. Tasks should be
allocated and executed in parallel on different hardware channels
with the same copy of programs (no design diversity), although under
slightly different conditions (data diversity). A simulation-based
fault injection experiment demonstrated that the proposed approach
can considerably improve the fault tolerance capabilities of a
system as compared with the traditional design.
TI A prototype framework of tools for the design of real-time distributed control software.
AU Bass, J.M.; Browne, A.R.; Croll, P.R.; Fleming, P.J. (Sheffield
Univ., UK)
SO International Conference on Control '94 (Conf. Publ. No.389)
London, UK: IEE, 1994. p.922-7 vol.2 of 2 vol. xl+1594 pp.
11 refs.
Conference: Coventry, UK, 21-24 March 1994
ISBN: 0-85296-611-3
DT Conference Article
TC Practical
CY United Kingdom
LA English
AB A prototype framework of software tools for the design of
distributed real-time control system software is described here. The
tools provide a highly transparent transformation from a
specification to an implementation. The specification is in a
familiar control engineering notation and can be simulated to ensure
correct functional behaviour. The translation to an executable form
is made via a software engineering model of the system. Two
optimisations that can be performed on the software engineering
model to improve the reliability and performance of the distributed
system under development are described.
As an example the framework is used to implement a
linearised continuous-time roll-yaw-pitch autopilot and airframe
model.
TI Simulation modeling for long duration spacecraft control systems.
AU Boyd, M.A. (Div. of Inf. Sci., NASA Ames Res. Center, Moffett Field,
CA, USA); Bavuso, S.J.
SO Annual Reliability and Maintainability Symposium. 1993 Proceedings
(Cat. No.93CH3257-3)
New York, NY, USA: IEEE, 1993. p.106-13 of xx+103 pp. 20
refs.
Conference: Atlanta, GA, USA, 26-28 Jan 1993
Sponsor(s): IEEE; AIAA; IES; SAE; SRE; IIE; SOLE; American Soc.
Quality Control; Syst. Safety Soc
Price: CCCC 0149-144X/93/$3.00
ISBN: 0-7803-0943-X
DT Conference Article
TC Application
CY United States
LA English
AB The authors describe the use of simulation and contrast it with
analytical solution techniques for evaluation of analytical
reliability models. They discuss the role of importance sampling in
simulation of models of this type. They demonstrate the use of the
simulator tool by applying it to a fault-tolerant hypercube
multiprocessor intended for spacecraft designed for long-duration
missions. The reliability analysis is used to highlight the
advantages and disadvantages offered by simulation compared with
analytical solution of Markovian and non-Markovian reliability
models. Results show a substantial improvement indicating
that a candidate architecture that would otherwise be considered
inadequate could provide acceptable reliability after all.
TI Fault-tolerant realization of a fuzzy control system.
AU Ito, H.; Matsubara, T.; Kurokawa, T.; Koga, Y. (Dept. of Comput.
Sci., Nat. Defense Acad., Yokosuka, Japan)
SO Systems and Computers in Japan (1993) vol.24, no.10,
p.28-36. 7 refs.
Price: CCCC 0882-1666/93/0010-0028
CODEN: SCJAEP ISSN: 0882-1666
DT Journal
TC Practical
CY United States
LA English
AB Fuzzy systems are generally considered to be fault-tolerant.
However, as yet, there has been no distinct study on the fault
tolerance of fuzzy control systems. In this paper, the effect of
errors by fuzzy control systems on output is examined using
simulations, and it is proved that the result cannot be ignored.
Also, a fault-detection method for errors is proposed, as fault
detection functions are not applied at present to fuzzy control
systems.
TI Reliability evaluation of fly-by-wire computer systems.
AU Dugan, J.B.; Van Buren, R. (Dept. of Comput. Sci. & Electr. Eng.,
Duke Univ., Durham, NC, USA)
SO Journal of Systems and Software (April 1994) vol.25, no.1,
p.109-20. 23 refs.
Price: CCCC 0164-1212/94/$7.00
CODEN: JSSODM ISSN: 0164-1212
DT Journal
TC Practical; Theoretical
CY United States
LA English
AB In this
article, a combination of fault trees and Markov models are used to
provide an integrated analysis of a portion of the flight control
systems used on the Airbus A310 and A320 aircraft. The goal of the
analysis is to determine the reliability of each system, that is,
the time-dependent probability of producing an acceptable result. An
unacceptable output can be the result of hardware or software faults
that are not tolerated by the level of redundancy provided.
TI Dependable flight control system by data
diversity and self-checking components.
AU Christmansson, J.; Kalbarczyk, Z.; Torin, J. (Lab. for Dependable
Comput., Chalmers Univ. of Technol., Goteborg, Sweden)
SO Microprocessing & Microprogramming (April 1994) vol.40,
no.2-3, p.207-22. 21 refs.
Price: CCCC 0165-6074/94/$7.00
CODEN: MMICDT ISSN: 0165-6074
DT Journal
TC Practical; Theoretical
CY Netherlands
LA English
AB Proposes a principle for the tolerance of software design faults in
a Flight Control System. The system is considered on two levels: (i)
the entire system in which N-copy programming is applied, and (ii)
the individual Guidance and Navigation Computer (GNC), which is a
self-checking component. The performances of data diversity (N-copy
programming) and the traditional design without diversity (multiple
computation) were compared in an experiment using fault injection
with a method based on mutation testing. The best performances for
N-copy programming and multiple computation were 95.5% and 66.6%
correct results, respectively. However, the reliability improvement
introduced by the N-copy programming is application-specific. The
N-copy programming alone is not likely to fulfil the safety
requirements and therefore each GNC of the flight control system is
regarded as a self-checking component. A pessimistic and an
optimistic analytical estimation of the enhancement introduced to
each GNC by the self-checking component showed that the MTTF (Mean
Time To Failure) increased by two times and nine times,
respectively.
TI Survivable LANs for distributed control systems.
AU Cooling, J.E. (Dept. of Electron. & Electr. Eng., Loughborough Univ.
of Technol., UK)
SO Computer Communications (May 1994) vol.17, no.5, p.317-31.
34 refs.
Price: CCCC 0140-3664/94/050317-15$10.00
CODEN: COCOD7 ISSN: 0140-3664
DT Journal
TC Practical
CY United Kingdom
LA English
AB This paper discusses the need for, and methods of achieving,
survivability in distributed control system networks. It is
applicable to areas such as avionics, marine systems and industrial
plants. Basic survival strategies are discussed in the context of
specific network topologies, with emphasis on system design aspects.
The strengths and weaknesses of the various approaches are
discussed, together with the requirements and constraints of
practical systems. Based on these, a general template for a
survivable LAN is defined, accompanied by a set of recommendations
for implementing specific survivability features.
TI Design of a transputer-based fault tolerant
control system using analytical redundancy.
AU Sinha, P.K.; Zhou, F.B.; Mutib, K. (Dept. of Eng., Reading Univ.,
UK)
SO Transputer Applications and Systems '93. Proceedings of the 1993
World Transputer Congress
Editor(s): Grebe, R.; Hektor, J.; Hilton, S.C.; Jane, M.R.; Welch,
P.H.
Amsterdam, Netherlands: IOS Press, 1993. p.134-41 of 1317
pp. 6 refs.
Conference: Aachen, Germany, 20-22 Sept 1993
DT Conference Article
TC Experimental
CY Netherlands
LA English
AB This paper presents some new experimental results on fault detection and isolation
(FDI) using a
transputer-controlled electromagnetic suspension system, which is a
nonlinear system that is unstable in open-loop. It requires at least
air gap (position) feedback for stability. To provide an adequate
level of damping, vertical velocity feedback is also included.
Because of the need for feedback for stability, the reliability of
the sensor (instrument) operation is critical. However, for
operational reasons, it is not practical to have multiple redundancy
and voting techniques. Use of analytical redundancy provides an
ideal basis for the improvement of the operational reliability of
all sensors (typically air gap sensors and vertical accelerometers).
TI A fault-masking and transient-recovery model for digital
flight-control systems.
AU Rushby, J. (Comput. Sci. Lab., SRI Int., Menlo Park, CA, USA)
SO Formal techniques in real-time and fault-tolerant systems
Editor(s): Vytopil, J.
Norwell, MA, USA: Kluwer Academic Publishers, 1993.
p.109-36 of xi+208 pp. 26 refs.
ISBN: 0-7923-9332-5
DT Book Article
TC Theoretical
CY United States
LA English
AB The author presents a formal model for fault-masking and
transient-recovery among the replicated computers of digital
flight-control systems. He establishes conditions under which
majority voting causes the same commands to be sent to the actuators
as those that would be sent by a single computer that suffers no
failures. The model and its analysis have been subjected to formal
specification and mechanically checked verification using the EHDM
system.
TI Triple redundant control becomes more affordable.
AU Blickley, G.J. (Control Eng., Hoofddorp, Netherlands)
SO Control Engineering (Sept. 1993) vol.40, no.10, p.95-6. 0
refs.
CODEN: CENGAX ISSN: 0010-8049
DT Journal
TC Practical
CY United States
LA English
AB Triconex Corp. has found
the following markets that can bear the overhead of a TMR
configuration: emergency shutdown
systems; burner management systems; turbine control systems; and
critical process control loops. The article discusses various
technical developments in such systems, and in particular system
integrity diagnostics and communication capabilities.
TI Reliable control of chemical processes with a supervisory
knowledge-based system.
AU Basila, M.R.; Cinar, A. (Dept. of Chem. Eng., Illinois Inst. of
Technol., Chicago, IL, USA)
SO Dynamics and Control of Chemical Reactors Distillation Columns and
Batch Processes (DYCORD+'92). Selected Papers from the 3rd IFAC
Symposium
Editor(s): Balchen, J.G.
Oxford, UK: Pergamon Press, 1993. p.155-60 of xii+371 pp.
22 refs.
Conference: College Park, MD, USA, 26-29 April 1992
Sponsor(s): IFAC
ISBN: 0-08-041711-6
DT Conference Article
TC Application
CY United Kingdom
LA English
AB The application of a supervisory knowledge-based system (KBS) to
provide fault tolerant control of a chemical reaction process is
examined. The supervisory KBS is capable of monitoring the process
to detect process and control system faults of deteriorating control
system performance due to changes in the process behavior or
operating conditions. If a fault or untoward change in performance
is detected, the KBS formulates and implements the necessary
corrective action. The paper focuses on two important types of
remedial action: control loop tuning and automatic restructuring of
the control system configuration.
TI Performance evaluation of rollback-recovery techniques in computer
programs.
AU Ranganathan, A.; Upadhyaya, S.J. (State Univ. of New York, Buffalo,
NY, USA)
SO IEEE Transactions on Reliability (June 1993) vol.42, no.2,
p.220-6. 23 refs.
Price: CCCC 0018-9529/93/$3.00
CODEN: IERQAD ISSN: 0018-9529
DT Journal
TC Theoretical
CY United States
LA English
AB Rollback in process control systems is generally
constrained by deadlines, thereby requiring a dynamic insertion of
rollback points. This is in contrast to rollback recovery in
database systems in which rollback points are inserted at
equidistant intervals. A simple model based on a semi-Markov process
is developed to study the performance of rollback recovery
strategies.
TI Formal verification of algorithms for critical systems.
AU Rushby, J.M. (SRI Int., Menlo Park, CA, USA); von Henke, F.
SO IEEE Transactions on Software Engineering (Jan. 1993)
vol.19, no.1, p.13-23. 36 refs.
Price: CCCC 0098-5589/93/$03.00
CODEN: IESEDJ ISSN: 0098-5589
DT Journal
TC Practical
CY United States
LA English
AB The authors describe their experience with formal, machine-checked
verification of algorithms for critical applications, concentrating
on a Byzantine fault-tolerant algorithm for synchronizing the clocks
in the replicated computers of a digital flight control system. The
problems encountered in unsynchronized systems and the necessity,
and criticality, of fault-tolerant synchronization are described. An
overview of one such algorithm and of the arguments for its
correctness are given. A verification of the algorithm performed
using the authors' EHDM system for formal specification and
verification is described. The errors found in the published
analysis of the algorithm and benefits derived from the verification
are indicated. Based on their experience, the authors derive some
key requirements for a formal specification and verification system
adequate to the task of verifying algorithms of the type considered.
TI Operational failure experience of fault-tolerant
digital control systems.
AU Paula, H.M.; Roberts, M.W. (JBF Associates Inc., Knoxville, TN,
USA); Battle, R.E.
SO Reliability Engineering & System Safety (1993) vol.39,
no.3, p.273-89. 15 refs.
Price: CCCC 0951-8320/93/$06.00
CODEN: RESSEP ISSN: 0951-8320
DT Journal
TC Practical
CY United Kingdom
LA English
AB The authors discuss the
reliability performance of Fault-tolerant digital control systems
(F-T DCSs), including a presentation of
actual failure experience from 20 different computer system
installations. Particular emphasis is given to identifying major
contributors to system unreliability and comparing different types
of F-T DCS architectures.
See my Home Page (Sergio Montenegro)
