Digital control systems are often used in a manner similar to analog control systems, in which applications they emulate the continuous loop operations of analog systems by utilizing rapidly sampling sensors and then recomputing the desired output commands and changing the outputs to new positions. If such operation can be performed sufficiently rapidly relative to the dynamics of the system which is being controlled, the overall control operation appears to be of a continuous nature. However, redundant systems can easily develop relatively excessive time delays, much in the way that non-redundant digital control systems develop such delays in pipe-line structures. Thus, an overall transport delay occurs in a redundant system due to the latency from the moment the value becomes available for transmission at one end of the overall redundant link to the point at which that value becomes available to the computation process at the receiving end of the link. Accordingly, redundant systems tend to be handicapped by these time delays and other problems associated with interchannel communication.
Previous redundant, real-time digital control systems have utilized asynchronous operation among the redundant channels. Such asynchronous digital control provides advantages over analog systems because of the increased stability of the digital system and the reliability of the digital value equivalents which are utilized. Further such systems provide the increased flexibility which "software" encoding of algorithms produces over hard-wired analog systems. Asynchronous systems, however, have serious fault diagnosis and equalization problems and the updating, or sampling, rates which are used are forced to be extremely high, thereby substantially burdening the interchannel communications and channel computation operations. Further, when the output of one digital element is fed to the input of another, no effort is made to synchronize the update rates of the digital computation frames and the worst case data arrival conditions can occur. That is, the output of one system arrives so that it is just missed by the input sampling of the next stage, for example. Moreover, the sampling rates of the asynchronous components can tend to beat against one another resulting in a variation in transport delays which action develops a "jitter" resembling noise which has a specified frequency component. Attempts to solve such problems by increasing the already high sampling rates may produce rates which are much greater than necessary in a unified system without asynchronous operation. A totally asynchronous system tends to require increased costs of design and manufacture and less flexibility in its operation. Further such systems give rise to threshold problems, error detection problems and cross-channel equalization problems which are relatively complex and unwieldy to handle.
Solutions to such problems have been suggested by utilizing redundant, real-time control systems which operate in a "frame synchronous" manner. That is, redundant elements execute exactly the same time frame computations with each of the separate time frame computations being fed by identical inputs. Such operation requires that the interaction between frames be relatively tightly controlled so that they begin and end at the same time in each of the redundant channels. Interchannel communications and interaction can then be bounded in their behaviors. An advantage of frame synchronization is that, if each redundant version can be made to operate on identical inputs, then, because of the nature of digital computation, the outputs generated under such circumstances will be identical. Any disagreement among the channels is an indication of a fault. Since the channels cannot diverge without a fault, cross-channel equalization problems are eliminated and thresholding problems can be more easily handled. Further the problems of transport delay and jitter are greatly reduced by using frame synchronization.
However, in frame synchronous operations the transfer of data items into and out of data transfer queues among the various channels must be carefully planned and synchronized with the frame, or subframe, rates and with the underlying control computations. Data must be appropriately tagged as to its meaning before transmission so as to insure proper unscrambling of such data at the receiving end. It is typical for the exchange links in frame synchronous systems to become bottlenecked and saturated, thereby requiring continual redesign until the end of the overall design and development process. As a result, the finally designed system may be somewhat awkward to program and may require strange solutions to generic redundancy problems.
A more "tightly synchronous" system can be used to improve upon either asynchronous or frame synchronous redundant systems. In such systems, all the channels operate in accordance with the same time base, either by using a single clock for supplying such identical time base to each of the channels or by utilizing a form of fault-tolerant clock system so that once system synchronization is achieved it is automatically maintained. Such tight synchronism can be utilized to provide dedicated near-zero latency data exchanges between the channels so that custom hardware can be designed to perform such exchanges with maximum efficiency. Because of the tight time synchronization which is used, the problem of programming the system is reduced to the logical equivalent of programming a single channel, while at the same time providing the necessary channel redundancy and separations. Because each of the channels execute the same program, the overall software design complexity is considerably reduced over that needed in either frame synchronous or asynchronous systems. Each channel is forced to execute identical instructions at exactly the same time. It is not necessary to tag the data as to its content since every channel is implicitely aware of the data content. Accordingly, only the data bits themselves need be transmitted with no additional data bits required for identification thereof. Further, no complex message protocol is required since each channel knows exactly when a data word is expected and where to put it. Since each channel operates simultaneously with each of the other channels, no channels need wait for another channel to catch up or fear that it has fallen behind any of the other channels. Hence, there is no waste in time for synchronization with respect to each data exchange.
In a frame synchronous system, it is not unlikely that each channel would have to execute a large number of instructions for every data value which is exchanged between the channels. In contrast, in a tightly synchronous system, the equivalent number of instructions required is reduced dramatically by as high as an order of magnitude.
Tightly synchronized systems suggested in the prior art are of the master/slave configuration, where only a single one of the multiple channels operates as a master processor and all other channels operate as slave processors. In such systems, communications occurred only from the master to the slave channels and the input/output (I/O) devices related to each channel must always be identified. The flexibility of such systems is limited because two-way communication among all channels is not possible.