Today's aircraft are provided with a number of control systems, these control systems requires an independent backup system in order to secure that no single faults (systematically or randomly occurring faults) can cause a system failure. Traditional backup system often tries to solve two problems at the same time, i.e. both to take care of the systematic faults, and to take care of randomly occurring faults, whereby the system can operate independently if the fault is a randomly generated fault or a systematically generated fault. The systematic faults will always occur when certain criteria are fulfilled during the execution of a program, such as receiving certain input data. Traditional calculations of fault probabilities and MTBF (mean time between failures) are based on the probability of randomly generated faults.
The document Murugesan S. “Dependable Software through fault tolerance” discloses the general technical background of eliminating errors and handling faults in software. The Murugesan document discloses the design diversity and N-version programming which concerns the running of different variants of the program to establish a consensus on a correct output.
The document WO, A1, 02073505 relates to real time computing systems for recovering after a single event upset, i.e. a randomly occurring fault. The system switches between two programs when an error occurs in the memory of one of the programs.
The document by Hecht M. et al. “A distributed fault tolerant architecture for nuclear reactor and other critical process control applications” relates to a fault tolerant system comprising a supervisor node that supervises over an active node and a shadow node. The system switches node when an error occurs in the system.
The document “System structure for software fault tolerance” Randell Brian, discloses a fault tolerant system based on recovery blocks from a cache. The system uses multiple recovery blocks wherein different alternatives are evaluated each time a function is executed. The system is a software program that in a robust manner structures the program to deal with faults but the program is not undependable.
The main problem with backup systems of today is that they increase the weight and the cost of the computing systems as well as reduce the availability of the system. The object of the present invention is to solve this problem without reducing the safety of the systems. Neither of the above mentioned documents relates to divide the backup system into two parts according to the present invention and thereby reducing the amount of hardware in the backup system of today.