A fault-tolerant microcomputer with fail-safe outputs

Abstract

A high reliability microcomputer system is presented which can be used in applications where diagnosis and total or partial recovery capabilities are needed. The system is realized using two typical microcomputer boards, with ROM, RAM and I/O, whose address and data outputs are compared by an arbitration unit. The agreement of data and addresses corresponds, by definition, to the correct running of the system. The supply and the clock are also duplicated and a hardware procedure is implemented which allows a real-time exchange of clocks if needed. The correct operation of the arbitration unit is checked through a software procedure which causes a periodical, controlled disagreement of data and/or addresses. The correct flow of the software is verified dividing the program in parts and testing the duration of each block and the number of blocks. When a hardware or software fault is recognised, recovery procedures can start based on separate tests of both CPU boards: depending on the results of the tests the system can resume to work in a degradated way or go out-of-service. Finally the self-test capabilities of the proposed microcomputer are used to develop a fail-safe system which could find interesting applications in fields such as railways, nuclear plants, etc.