Synchronization and Matching in Redundant Systems
IEEE Transactions on Computers
System-on-Chip Test Architectures: Nanometer Design for Testability
System-on-Chip Test Architectures: Nanometer Design for Testability
Gate-level redundancy: a new design-for reliability paradigm for nanotechnologies
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Fault-models in wireless communication: towards survivable ad hoc networks
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
A fault-tolerant interconnect mechanism for NMR nanoarchitectures
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Trust of, in, and among adaptive systems
FOCS'10 Proceedings of the 16th Monterey conference on Foundations of computer software: modeling, development, and verification of adaptive systems
Fault Resilient Real-Time Design for NoC Architectures
ICCPS '12 Proceedings of the 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems
Just an artifact: why machines are perceived as moral agents
IJCAI'11 Proceedings of the Twenty-Second international joint conference on Artificial Intelligence - Volume Volume Two
Detection and correction of silent data corruption for large-scale high-performance computing
SC '12 Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis
Optimal sequencing of warm standby elements
Computers and Industrial Engineering
| Hi-index | 0.01 |
This paper describes how a set of off-the-shelf general purpose digital computers is being managed in a redundant avionic configuration while performing flight-critical functions for the Space Shuttle. The description covers the architecture of the redundant computer set, associated redundancy design requirements, and the technique used to detect a failed computer and to identify this failure on-board to the crew. Significant redundancy management requirements consist of imposing a total failure coverage on all flight-critical functions, when more than two redundant computers are operating in flight, and a maximum failure coverage for limited storage and processing time, when only two are operating. The basic design technique consists of using dedicated redundancy management hardware and software to allow each computer to judge the "health" of the others by comparing computer outputs and to "vote" on the judgments. In formulating the design, hardware simplicity, operational flexibility, and minimum computer resource utilization were used as criteria.