The present invention relates to a fault tolerant computer controlled system as it can e.g. be used for controlling a vehicle or other critical device.
As computer systems gain increasing significance in many applications of human life, their reliability becomes more and more important because a failure may have dire consequences, including injury or casualties. Example of such computer systems are vehicle guidance or control systems, such as train guidance or aircraft control systems, as well as medical systems.
Typical “mean times between failure” of electronic computers are in the order of 10 4 hours, which is unacceptably high for critical applications. Hence, it has been common practice to use several computers in a parallel, redundant operation in order to increase reliability.
Conventional redundant systems generally use a plurality of computers, which act as data sources in a network. The network consists of a plurality of communication links, each of which connects one computer with a data receiver, such as an actuator for a flap in an aircraft. The computers generate data items containing commands for the flap's operation. The flap receives all data items and combines them for generating an error tolerant data item, e.g. by determining a median value.
This type of system is unable to transmit data items upon failure of a communication link. To overcome this, it has been suggested to interconnect the computers using additional communication links. In case a communication link between a given computer and a data receiver is found to fail, the data items from the given computer are re-routed to other computers and an alternative communication link. As systems of this type may contain a large number of computers and receivers and even a larger number of communication links, the required steps for re-routing the data items upon failure of a communication link may become fairly complex. Also, analysis and testing of the system for all possible failures and re-routing configurations becomes very complicated and expensive if not impossible.