1. Field of the Invention
This invention generally relates to fault-tolerant and fail-safe information processing system architectures particularly useful for navigation and flight control. More specifically, the invention relates to information processing system architectures for handling information from a plurality of independent subsystems which provide information related to selected input quantities, and which the information processing system architecture includes a plurality of redundant information processors for deriving specific processor output data as a function of the selected subsystem input quantities.
2. Description of the Related Art
Fail-safe and fault-tolerant systems are frequently desired for aircraft navigation and flight control systems and other systems in which system performance error identification is critical. As is well known in the art, a fail-safe system is one in which a fault causes the system to shut down rather than continuing to function incorrectly, whereas a fault-tolerant system is one which has sufficient redundancy to remain functional even if a fault causes one part of the system to shut down. Fail-safe systems are generally used when fault tolerance is unnecessary, because a fail-safe system requires fewer components and is therefore less expensive. At the same time, fault-tolerant systems generally provide fail-safe capability when the redundancy factor is reduced below that which the output data provided by the redundant systems can no longer be cross checked or compared with other output data from other systems to validate the performance of the remaining redundant processing systems.
Fault-tolerant information processing system architectures known in the art may be unsynchronized (asynchronous processing systems), fully synchronized processing systems, and/or loosely synchronized processing systems.
For unsynchronized processing systems, redundant groups of subsystems for obtaining required information may be greater in number than necessary, and therefore may require a greater system cost. This is so since any subsystem fault in a single one group of subsystems may require the information of the one group of subsystems to be discarded. An example of this type of system is a group of inertial measuring units, where each inertial measuring unit requires three gyros and three accelerometers. A single accelerometer fault or gyro fault causes the information provided by the inertial measuring unit and corresponding information processor to be useless.
In a loosely synchronized processing system architecture, some form of a synchronous data frame processing system must be employed. This type of system may be incompatible with other types of processing architectures, and may also introduce a common link that may introduce failures into all of the groups of redundant subsystems. This is so, since such loosely synchronized processing system architectures, as well as synchronized processing system architectures, generally employ a common link in the form of a fault tolerant clock system. Although such systems may enhance reliability, they too are costly to implement.
Fault-tolerant and fail-safe information processing system architectures are of particular importance in navigation and flight control systems. Such systems are described in a publication entitled "A Fault Tolerant Data/Inertial Reference System", by Charles R. McClary, IEEE Aerospace & Electronic Systems Magazine, May 1992, Volume 7, #5, pages 19-23, and a publication entitled "Fault Tolerant Inertial Navigation System", by Kevin Vanderwerf and Knut Wefald, AIAA/IEEE Digital Avionics Systems Conference, 8th, San Jose, Calif., Oct. 17-20, 1988, pages 821-829. Both of these publications describe an inertial reference system which provides multiple processing systems for determining redundant inertial reference information including angular rotation and angular rotation rates, linear accelerations, attitude, velocity, and position.
Both of these aforesaid publications describe employment of a skewed axis redundant inertial reference system for data collection from a plurality of sensors, namely gyros and accelerometers, and subsequent processing by a plurality of redundant data processors. The skewed axis redundant inertial reference system generally employs six (6) gyros in which each gyro has an input axis which is skewed relative to all of the remaining gyros, and six (6) accelerometers in which each accelerometer has an input axis which is skewed relative to all of the remaining accelerometers. The processing system architecture for transferring the data collected by the subsystems associated with each of the sensors utilizes the principles of fault containment modular isolation as particularly taught in the aforesaid McClary publication, and also employs specific bit-by-bit voter techniques for validating the behavior of key fault containment modules or areas. However, these systems do not lend themselves to simplicity, and particularly to asynchronous operation.