Digital computers are utilized to implement complex banking and business systems as well as in the control of industrial processes. The digital computer is also finding wide spread usage in the control of vehicles such as aircraft, spacecraft, marine and land vehicles. For example, in present day automatic flight control systems for commercial and military transports, the digital computer is supplanting the analog computer of prior art technology.
Present day digital computers are comprised of hundreds of thousand of discrete semi-conductor or integrated circuit bi-stable elements generically denoted as latches. A latch is a high speed electronic device that can rapidly switch between two stable states in response to relatively low amplitude, high speed signals. Latch circuits are utilized to construct most of the internal hardware of a digital computer such as the logic arrays, the memories, the registers, the control circuits, the counters, the arithmetic and logic unit and the like.
As a consequence, digital computers are subject to disturbances which may upset the digital circuitry but not cause permanent physical damage. For instance, since present day digital computers operate at nanosecond and sub-nanosecond speeds, rapidly changing electronic signals normally flow through the computer circuits. Such signals radiate electromagnetic fields that couple to circuits in the vicinity thereof These signals can not only set desired latches into desired states, but can also set other latches into undesired states. An erroneously set latch can unacceptably compromise the data processed by the computer or can completely disrupt the data processing flow thereof. Functional error modes without component damage in digital computer based systems is denoted as digital system upset of soft fault.
Digital system upset can also result from spurious electromagnetic signals, such as those caused by lighting, that can be induced on the internal electrical cables throughout the aircraft. Such transient spurious signals can propagate to internal digital circuitry setting latches into erroneous states. Additionally, power surges, radar pulses, static discharges, cosmic radiation, atmospheric neutrons, radiation from nuclear weapon detonation, etc. may also result in digital system upset. When subject to such conditions, electrical transients are induced on system lines and data buses or energy is deposited within sensitive regions of a semi-conductor device resulting in logic state changes that prevent the system from performing as intended after the transient. Additionally, transient energy can penetrate into the random access memory (RAM) area of the computer and scramble the data stored therein. Since electromagnetic transients can be induced on wiring throughout an aerospace vehicle, reliability functions based on the use of redundant electronic equipment can also be compromised.
A digital computer is susceptible to complete disruption if an incorrect result is stored in any of the memory elements associated with this complex "sequential machine". These upsets could be a contributor to the number of unconfirmed removals and adversely affect the MTBF/MTBRU ratio of the computer. Safety-critical digital avionics computer applications such as fly-by-wire or autoland cannot tolerate system upset due to transient conditions such as electromagnetic interference (EMI), inherent noise, lightning, electromagnetic pulses (EMP), high intensity radiated fields (HIRF), transient radiation effects on electronics (TREE), cosmic radiation or atmospheric neutrons. Safety-critical digital computers must be able to tolerate such transient upsets without affecting the performance of the critical application.
As newer digital technologies are introduced, the amount of energy necessary to change the state of a latch/memory element is rapidly dropping, thereby making these elements more susceptible to upset due to EMI, lightning, EMP, HIRF, TREE, cosmic radiation or atmospheric neutrons.
Prior safety critical digital computers use high speed latch circuits to provide the volatile random access memory (RAM) areas needed for dynamic data and read only memory (ROM) areas in which the application program resides. The hardened memory described in this document provides an area where dynamic data can be stored with an arbitrarily high degree of non-volatility. The degree of non-volatility could be set as a result of various constraints (e.g. type of system dynamics, cost, weight and volume). The data targeted for the hardened memory would be that which is critical for the dynamic restoration, of a digital computer, to the operational state/status prior to the occurrence of a soft fault such that there are no adverse effects on safety critical functions it may provide.