1. Field of the Invention
The invention concerns passivating processor faults in a data processing system especially, but not exclusively, a system on board a spacecraft which is required to be highly fault tolerant in a hostile environment.
2. Description of the Prior Art
A spacecraft data processing system must meet various requirements in practice, namely high reliability (ability to overcome faults to the greatest possible degree without outside assistance), minimal mass and minimal costs.
Minimizing overall costs presupposes minimizing not only the hardware cost of the data processing system but also the requirement for supervision from the ground and the duration of potential mission outages.
Data processing systems for use in space have already been proposed and are described, for example, in "SPACE SHUTTLE AVIONICS SYSTEM"--NASA SP-504--1989--J. F. HANAWAY, R. W. MOOREHEAD and in "Study of a Unified Hardware and Software Fault Tolerant Architecture"--NASA Contractor Report 181759--January 1989--J. LALA et al. A drawback of these systems is that they use more than two units per function (a nominal unit and a redundant unit) which leads to high mass and high cost.
Other solutions such as that described in "A 6800 Coprocessor for Error Detection in Microcomputers: The PAD"--Proceedings of the IEEE, Vol. 74, No 5, May 1986, p. 723--Y. CROUZET, J. CHAVADE, have drawbacks including the use of two microprocessors that have to operate simultaneously, which leads to considerable complexity.
The invention, however, concerns a centralized data processing system, in other words one with only one processor unit in service at any given time, requiring only a very small number of "cold" redundant units (typically one unit per function) to achieve the usual levels of reliability.