This invention relates to electronic systems formed of subsystems which perform different functions, and particularly to a method and system for improving the operational reliability of such electronic systems. In particular, the present invention is directed to a method and system for both monitoring and correcting the faults of electronic systems having subsystems for performing a plurality of functions.
There exist, in the prior art, numerous electronic systems, and particularly electronic control systems, which include subsystems for performing a variety of different functions. Such subsystems can often be categorized by the separate identifiable functions which they perform. In certain cases, a failure in one of the subsystems of the electronic system (i.e., a failure of the subsystem to perform it's function) causes a total system failure. While reliability theory dictates that these reliability problems can be overcome by employing redundant circuitry, space constraints often make the addition of redundant circuits impossible.
There exist in the prior art a large number of complex electronic systems which contain an automatic shutdown functionality. These are systems in which continuation of operation under certain conditions constitutes a critical failure i.e., a threat to life or in some cases property. An automatic shutdown function can fail in one of two ways: (1) it can fail to shut down the system even though a safety related limit has been exceeded (a critical failure) or (2) it can shut down the system even though no safety related limit has been exceeded (a non-valid shutdown). In view of the importance of preventing critical failures, many systems are designed so that their automatic shutdown functions are multiple, independent, and designed with a tendency toward failure mechanism (2) rather than (1). Non-valid shutdowns are therefore an important and widespread problem in the deployment of virtually all military and many other complex electronic systems.
The above-mentioned reliability limitations are particularly true for electronic systems used in certain fields, for example, weapons systems. In most weapons systems, the electronic circuits are designed in order to generate the highest performance capability possible because of the uncertainty as to the system capabilities which will be required. That is, military systems are designed to counter measures, the totality of which are unknown due to the fact that they are held secret by an adversary. In such systems, when there is a decision to be made as to whether available space will be used for redundant circuitry (i.e., reliability) or increased performance capability, it is most often decided that the performance capability should be increased. Such military type systems include torpedoes, missiles, underwater weapons, fire control systems, avionics systems, underwater detection systems, ground based radar systems, etc.
An example of a specific prior art weapons system having high performance capability is the MK 48 heavyweight torpedo manufactured by Gould Inc. This torpedo includes a number of electronic systems, each of which is composed of subsystems which peform different functions. Each of the electronic systems is designed as a functional item replacement (FIR) package, so that each FIR package can be substituted into any MK 48 torpedo and still operate properly, without adjustment. Most of the electronic design for the MK 48 torpedo was completed in the late 1960's, using operational amplifier technology to produce sophisticated homing, guidance and control systems. Although the MK 48 torpedo was designed to meet the reliability criteria demanded of military programs, it employs virtually no redundancy because of the high cost and the lack of available space. The MK 48 torpedo is, therefore, typical of military weapons systems in that it is a high performance capability system when all of its parts are operating properly. However, it is also a system in which any one of a number of single component failures can result in a total mission failure. As with other military electronic systems, the choice has been made to trade off a certain amount of reliability for increased performance capability. Ihat is, if redundant circuitry had been added to the MK 48 torpedo, this would have resulted in a torpedo with half of the performance capability of the MK 48 torpedo. The decision to opt for greater performance capability was made because, in military systems, it is considered preferable to have some systems (e.g., torpedoes) fail rather than to have all systems made useless by a counter measure or tactic which is beyond the performance capability of the system.
While the problem of determining trade-off between reliability and performance capability is particularly severe in weapons systems, it is not limited to military systems but is applicable to any electronic system where cost, configuration, and space availability are prime considerations.
There is therefore a need in the art for a method and system for improving the reliability of existing electronic systems formed of subsystems which perform different functions. That is, there is a need in the art for an easily implemented, inexpensive and non-intrusive addition to an existing system by means of which most of the non-valid shutdowns can be prevented in that system. In particular, there is a need for such a method and system which is capable of improving the reliability of the electronic system without diminishing or interfering with the performance capability of the electronic system. There is also a need for such a method and system which improves the reliability of the electronic system without adding substantially to the cost or the space requirements of the electronic system. In particular, in the field of military systems, there is a need for a method and system for improving the reliability of electronic systems formed of subsystems which perform different functions, without diminishing the performance capability of the existing military system. There is also a need for such a method and system which is capable of accurately detecting the portion of the electronic system which has failed and of storing such failure information.
There is also a need in the art for a method and system which can be incorporated into new electronic systems to improve their reliability, without hampering the performance capability of such new systems. There is a need for such a method and system which are capable of detecting and recording information relating to portions of the electronic system which fail. There is also a need for such a method and system which do not add substantial cost to the electronic system and which do not require a substantial amount of space.