Multi-unit computer apparatus frequently employ individual computers, or computer sub-systems, which may be microcomputers or the like, in which the individual computer apparatus units provide time marker signals. The individual computer units are connected by data lines and/or control lines.
Computer units are used frequently for rapid processing of substantial quantities of data in the shortest possible time. Such computer-monitored data are frequently used for controlling and monitoring processes in various fields of technology or to derive a group of data or the results of processing of a group of data from a substantial file or data inputs. To provide for reliability, a plurality of computer apparatus units are connected to carry out a common task and to permit data exchange between the respective computer apparatus units.
One field of application for multiple computer apparatus units is the control of safety systems in automotive vehicles, such as brake antilock systems or passive passenger restraint systems, such as airbags or seat belt restraint and locking systems. Other fields of application are control of ignition, fuel injection, and complex navigation systems. The requirement for processing a substantial quantity of data, which may be processed either in a redundant mode, or independently, to permit increased data handling capability arises, for example, in a passive passenger restraint system, since the signals derived from impact sensors are a curve which includes maxima and minima, usually referred to as a crash curve. The trigger time to fire, for example, a gas cartridge or an airbag, must be precisely determined, for example, by experiments. Similarly, the operating time of a passive restraint system, such as a seat belt tightening or tensioning system, must be determined.
In impact safety systems, it is of utmost importance that data are processed as rapidly as possible since the processed data must trigger the passenger restraint system rapidly after sensing an impact. This very short period of time requires analysis of the crash curve in minimum time, and thus, processing of a multiple of data rapidly.
Well-known arrangements to control multi-computer apparatus systems are not always sufficient when the system is to control safety equipment. This can be demonstrated as an example using a passive passenger restraint system in an automotive vehicle, for instance, an airbag.
In an airbag passenger restraint system, passengers are to be protected against collision with interior components of the vehicle upon collision of the vehicle with an obstruction, which may be another vehicle. Airbags are triggered in that, shortly after the vehicle experiences a collision, an electrically ignited gas cartridge emits gas into the airbag so rapidly that an air cushion is placed between the passengers and the interior components of the vehicle.
Airbag protective systems, or other systems, are triggered by continuously sensing acceleration and deceleration of the vehicle and processing the sensed information. When the vehicle encounters an obstruction, these values are represented by the crash curve. The triggered instant for the gas cartridge, or for locking a belt restraint system, or for operation of some other system then must occur at the precise instant of time which can be determimed by experiments. The requirement of reliable response of the restraint system is, however, equally as important as the reliable protection against erroneous or inadvertent triggering. Otherwise, if an airbag would suddenly explode under normal operation, the visibility of the roadway for driving would be impaired. The surprise presence of the airbag might, additionally, cause the driver to react such that an accident might occur merely because the gas bag or restraint system has operated without any reason therefor.
Multi-unit computer systems, as frequently used, are not always capable of preventing erroneous triggering. In the same instant in which, in case of malfunction, an erroneous triggering would be indicated, it would be too late to prevent firing of the gas cartridge. It would have been irreversibly fired, and the gas filling of the airbag could no longer be prevented.
The foregoing is merely an example; there are many instances also in the field of machine tools and the like, chemical and other processes which are not concerned with safety as such, where a malfunction, which simulates, or indicates a specific condition, could cause extensive damage.
Multi-unit computer systems operate either asynchronously or are synchronized by external synchronizing or monitoring systems. If the system operates asynchronously, data necessary for data exchange between the various computer units or system components are stored in a buffer memory of the computer, also referred to as a "mailbox", in which they are retained until the computer has finished its then operating computation cycle and has found time to evaluate the data which are stored in the mailbox. This arrangement may, however, result in substantial delay in exchange of data between the computer units or components.
When using external synchronization circuits, additional circuit components are required, resulting in increased space requirements which makes application of a multi-component computer system difficult or impossible under some conditions, which are particularly bothersome in case of automotive applications where space for any control equipment is at a premium.