1. Field of the Invention
The present invention relates to the field of computer reliability. More specifically, it relates to the field of using separate digital logic modules to produce a majority-vote output result, such that failure of any one logic module or any two input lines will not suffice to "crash" (disable) the system.
2. General Background
Due to their speed and memory, and their ability to attend to small details, computer systems have successfully been employed as process control devices for complex hardware systems (such as the control of a large steel mill) and for multi-transaction bookkeeping operations (such as the day-to-day operations of a large bank). In general, they are faster, more flexible, and less prone to error than a system which uses human operators.
However, computer systems which are used to control critical hardware systems, or which are used to process sensitive data, may still subject their users to the risk of errors (or even system failures), since the computer itself is subject to errors and system failures. It is often necessary to take measures to protect the application system from the risk that its controlling computer will "crash" (cease operation) or that it will generate bad data. Systems which employ these measures are called "fault-tolerant" computer systems.
3. The Prior Art
A common technique used in fault-tolerant systems is to use more than one computing element ("processor"), generating results by their combined operation. An odd number such as three is usually chosen, allowing the combined result to be generated by the majority vote of individual results. Thus, if one processor generates bad results, it will be overruled by the other two and the combined result will still be correct. The combined result is called the "majority-voted output" of the three computing elements.
This method enables the system to continue operation even after one or more of its computing elements has failed, but it does not make the system completely free of failure points. In particular, separating out the computing elements of the system into several units and combining their results by majority vote still leaves the system with a single point of failure--the majority vote mechanism itself. If the voting element is implemented on a single PC board or even a single IC chip, failure of that single element will bring the entire system to a halt. Accordingly, there is a need for majority-voted output systems which are not subject to a single point of failure.
Presently available majority vote logic, due to its implementation in a single circuit, also cannot be tested during system operation. This presents the system operators with the awful choice between unduly relying on this component, or else shutting the system down for maintenance. Accordingly, there is a need for majority-voted output systems which can be modularly tested during active system operation.
4. Objects of the Invention
Therefore, it is an object of the present invention to provide an improved method and device for producing a majority-voted output result, which is not subject to a single point of failure.
It is a second object of the present invention to provide an improved method and device for producing a majority-voted output result, which can be tested while the system is in operation.
It is yet a third object of the present invention to provide an improved method and device for producing a majority-voted output result, which will accept a "don't care" input, so that it will still produce a meaningful result when not all of the input signals are valid.
These and other objects of the present invention will become clear after an examination of the drawings, and the following description.