1. Technical Field
The invention disclosed broadly relates to computer architectures, and more particularly relates to real time control system architectures which include fail safe features.
2. Background Art
Real time control applications such as process control in a factory environment, scheduling traffic in transportation networks or scheduling and controlling operations in broadcast communications networks, require a high reliability for the controlling processor. The prior art has provided high reliability systems by employing redundant processors in a fail safe configuration wherein a first processor is the primary or active processor which provides actual control commands to the system being controlled and the system further includes a second or standby processor which monitors the operation of the active processor and is ready to take over primary operations in the event that a failure is detected in the active processor. This technique is called hot standby redundant processing. A typical prior art approach to monitoring the active processor in a hot standby redundant processing system is by the use of a shared disk drive between the active processor and the standby processor. The active processor will periodically write a status word onto the shared disk drive and the standby processor will read the status information and interpret whether the primary continues to operate as intended. The standby will not take over the active status unless it determines from the status information on the shared disk drive that the active processor is malfunctioning. One problem with this prior art approach to a hot standby redundant operation is the seek time necessary to write the information onto the disk drive by the active processor and then to read the information from the disk drive by the standby processor. This time interval may be long enough to interfere with the smooth switchover which may be required in some applications when the standby processor takes over the active operation.
Another feature which is desirable in a real time control system is the capability of adapting to unscheduled changes such as responding to emergency situations in a process control application or responding to unscheduled broadcast events such as a news flash in a broadcast network control application. A typical prior art approach to real time adaptation in a hot standby redundant processor system would have the control sequence in the active processor altered by the real time information change but no change would be made to the standby. In such an architecture, when the standby later detects a fault in the active processor's operation, the standby would have to go through a data load interval to load the most recent data into its own respective memory before it could take over and resume the operation currently being controlled by the abdicating active processor. This would impose still further delay in the switchover time for the takeover by the standby in a prior art hot standby architecture.
Additional features which are required in a real time control system for the sequential scheduling of events, is the ability to frame accurate schedule execution. Prior art systems have been unable to meet this requirement where relatively short hot standby takeover intervals are required. Another feature of real time control systems which must control complex networks of machines is the ability to expand the number and kinds of slave machines connected and under control of the real time processors. Rapidly changing the configuration of prior art real time control systems has been a significant problem requiring a lengthy reprogramming in order to expand existing systems.