In a conventional manner, with reference to FIG. 1, a flight computer comprises a main printed circuit card CP and two auxiliary printed circuit cards CA1, CA2. In a traditional manner, each main card CP and auxiliary card CA1, CA2 comprises a processor PP1, PA1, PA2 adapted for carrying out functional tasks defined in a program PROG communicated to the main card CP and interpreted by the processor PP1 of the main card CP.
The processors PP1, PA1, PA2 of the various cards CP, CA1, CA2 are linked by communication links L1, L2, for example, communication buses. By way of example, each auxiliary card CA1, CA2 comprises an auxiliary processor PA1, PA2 one of the functions of which consists in managing the input and output data of the computer. Hereinafter, the input/output data are designated I/O data. For example, the auxiliary processor PA1, PA2 of the auxiliary card CA1, CA2 reads data arising from the aircraft and dispatches orders to devices of the aircraft. The reading of data and the emission of orders are examples of functional tasks carried out by the auxiliary processor PA1, PA2 of the auxiliary card CA1, CA2.
Stated otherwise, the main processor PP1 of the main card CP interprets the functional tasks of the program and communicates some of them, via the communication links L1, L2, to the auxiliary processors PA1, PA2 of the auxiliary cards CA1, CA2 so that these latter carry out a reading of data or issue an order.
In a conventional manner, the functional tasks of the program PROG are sequenced and must be carried out in a determined order. To allow ordered execution of the tasks of the program PROG, the main card CP possesses a clock which makes it possible to synchronize the execution of the tasks. Instructions of the functional tasks are thereafter communicated to an auxiliary processor PA1, PA2 of one of the auxiliary cards.
To ensure the reliability of the computer, it is necessary to have means for checking the coordination of the execution of the tasks of the main processor PP1 with those of the auxiliary processors PA1, PA2. In practice, the clock of the auxiliary processors PA1, PA2 is substantially faster than that of the main processor PP1, given that the auxiliary cards CA1, CA2 must be highly reactive to monitor the inputs/outputs. Stated otherwise, the main processor PP1 and the auxiliary processor PA1 are asynchronous.
To allow the coordination of asynchronous processors, the prior art discloses a DMA (for “Direct Memory Access”) method between a main processor PP1 and an auxiliary processor PA1, PA2 which makes it possible to verify that the two processors PP1, PA1 or PP1, PA2 communicate in a coordinated manner.
This DMA link allows reciprocal monitoring of the asynchronous processors but remains complex to implement since it must, on the one hand, ensure that the main processor PP1 is healthy and on the other hand, that the auxiliary processor PA1 or PA2 is healthy. Such synchronization means are difficult to implement and are no longer appropriate to current specifications, thereby constituting a first drawback.
Furthermore, having regard to the number of functional tasks to be executed by the main card CP of the computer, it has been proposed to resort to a main card CP comprising two main processors PP1, PP2 which are linked together by a main communication link LP in such a way that the functional tasks are executed in a distributed manner between the two main processors PP1 and PP2 while making it possible to carry out several tasks in parallel. Furthermore, each main processor PP1, PP2 is linked to the auxiliary processors PA1, PA2 by an auxiliary communication link L11, L12, L21, L22 as illustrated in FIG. 2.
Thus, for a program PROG comprising sequenced functional tasks S1, S2 and S3, the tasks S1 and S3 can be carried out by the first main processor PP1 while the task S2 is carried out by the second main processor PP2. It follows that it is necessary to synchronize the operation of the two main processors PP1, PP2 so as to detect in an immediate manner a possible malfunction of one of the main processors PP1, PP2 or of the main communication link LP.
Indeed, in the absence of synchronization, the malfunction can only be observed late by a coherence checking device, thereby exhibiting a drawback. Furthermore, to coordinate the two main processors PP1, PP2, a DMA link according to the prior art cannot be implemented since it is adapted only for asynchronous operations.
An immediate solution for carrying out the coordination would consist in having a main processor PP1 control the second main processor PP2 according to the “master-slave” principle. Nonetheless, the reliability of such a solution is not satisfactory, given that a malfunction of the “master” processor would give rise directly to a malfunction of the “slave” processor.
Hence, there exists a need to ensure the coordination of the tasks executed by an onboard system comprising a plurality of processors so as to monitor in a reliable manner and be able to toggle to an onboard backup system in a reactive manner in case of malfunction.