A critical system program provides the operation and control of a system, the failure of one or more portions of which may have highly undesirable consequences. Critical systems are used in a wide variety of areas, such as automotive and aircraft safety and control systems, aerospace navigation systems, power plant and power grid management systems, water supply and treatment systems, biomedical monitoring and control systems, business critical systems such as process controls and database systems, to name but a few. In any of these critical systems, the failure of one or more components of the system can result in serious consequences, from the loss of business data to the loss of human life.
Failures in a critical system can come in many forms. For example, a critical system can suffer the failure of a sensor, where the sensor either provides false data or provides no data. In either case, the false data can produce erroneous decisions related to the functions of the critical system, thereby increasing the risk of catastrophe. In another example, a critical system can suffer from the failure of a processing unit, either as a minor failure where the processing unit miscalculates a result which again leads to erroneous decisions, or as a major failure where the processing unit altogether ceases operation, thereby leaving the critical system completely non-operable. In yet another example, a critical system can suffer a critical software failure either due to software bugs or insufficient validation and quality control, or due to corruption of the software through storage or transmission errors.
A critical system can employ various techniques to detect failures and errors. In particular, a critical system can employ dedicated redundant hardware components, such as additional or backup sensors, so that the failure of a single hardware component does not result in the complete loss or corruption of the data. Also, a critical system can employ redundant processing resources, such as parallel processing systems, that either operate on independent data or that operate on the same data. In either case, the processing resources compare the results of the parallel processing paths to verify each calculation and ensure the safety of the critical system. Further, a critical system can operate to mitigate the impact of detected errors and failures. In particular, a critical system can include robust error handling, decision and risk logic, or the like, to ensure that, when an error is detected, the critical system nevertheless does not experience a catastrophic failure.
However the cost of a robust critical system can be prohibitive, both in terms of capital cost for the redundant components of the critical system, and in terms of the development and validation time to ensure the robustness and failure mitigation capabilities of the critical system. Thus there remains a need for a more cost-effective solution for making and developing critical systems.
The use of the same reference symbols in different drawings indicates similar or identical items.