Fault tolerant data (control) systems are used e.g. for aviation applications requiring very high integrity. Conventional fault tolerant aviation control systems are based on point-to-point communication between computer/s, sensor/s and actuator/s.
Problems associated with conventional aviation fault tolerant control systems relate to weight, complexity, data processing availability and cost.
The article “REDUNDANCY MANAGEMENT IN DISTRIBUTED FLIGHT CONTROL SYSTEMS: EXPERIENCE AND SIMULATIONS”, by K. Ahlstrom et. al, published by IEEE 2002, describes a fault tolerant real time control system for aviation applications which comprises control nodes designed with high degree of embedded fault detection. A simulation of the system is based on the assumption that all nodes send data (to the bus) strictly in their timeslots due to the fact that a bus guard in each node protects the bus from “babbling idiot” faults. A drawback with this design is that nodes actually functioning correctly may be blocked to transmit to the bus because of a malfunctioning bus guard.
The article “An Analysable Bus-Guardian for Event-Triggered Communication” by I. Brooster & A. Burns, published by IEEE, 24:th IEEE International Real-Time Systems Symposium, describes various bus-guardian strategies/architectures. One such strategy/architecture has a guardian as a completely separate node connected directly to a (TDMA) bus. Using only information from the bus, the guardian node monitors transmissions on the bus and detects babbling nodes. The guardian node is arranged to affect (shut down) a babbling node using a direct link to the babbling node. A problem with this strategy/architecture is that the guardian is only able to detect a babbling node after it has transmitted an incorrect message onto the bus.
A general problem with fault tolerant TDMA bus data systems is the babbling idiot problem, i.e. that a node transmits on the bus in a time slot not being dedicated to that node.