1. Field of the Art
This invention relates to computer control systems, and more particularly to fail-operational, fail-safe multi-computer control systems.
2. Description of the Prior Art
The concepts of self test, redundancy, cross-check verification between various sources of information and the like are all well known in the art. Particularly, with the advent of complex digital computer systems which are implementable in relatively compact form, the full utilization of these techniques has been approached in a variety of different configurations utilizing all sorts of philosophies.
An example of such a system is illustrated in Eccles U.S. Pat. No. 4,032,757, which employs a pair of separate "lanes" or channels, and does much comparing by two separate computers of the events occurring in the two channels. The problem with this sort of a system is that should one computer be itself faulty, and in the process of checking the other, non-faulty computer, decide that the other computer cannot be relied upon, the faulty computer can provide predominance in the further control of the system, whatever it may be. Obviously, in the case of control systems for operating aircraft, critical industrial processes, high-rise elevators and the like, such results could lead to serious injury or death. Similarly, there are many process control systems in which a failure on the part thereof to properly maintain control could result in violent reactions, gross waste of valuable raw products, and the like.
A further problem with super-safe, self checking computers, and more particularly with computers which check each other or otherwise compare results before use, is the need for real-time instantaneous control of the system itself. The inter-computer communication, internal data moves and calculations have frequently consumed too much time to permit checked utilization of up-to-date data and instantaneous control of critical systems.