• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.12
• /
• pp.2891-2898
• /
• 2014

It is feasible to develop a fault tolerant system through module level redundancy on the Integrated Modular Avionics (IMA). However, its great implementation complexity is one of important challenges when asynchronous hardware environment is naturally assumed. To solve this problem, Physically Asynchronous Logically Synchronous (PALS) on IMA has been proposed. But, it has adaptation problem by not addressing specific architecture for IMA system. In the paper, we propose how to synchronize the input data on the IMA system under primary/secondary redundancy architecture by referring to existing PALS. In the proposed scheme, we introduce window frame by considering rate monotonic scheduling and analyze the adequate the synchronization time. Finally, we verify the feasibility of the proposed design pattern through the systematic experiments.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.62 no.1
• /
• pp.109-119
• /
• 2013

This paper presents the design of the Safety Programmable Logic Controller (SPLC) used in the Nuclear Power Plants, an analysis of a reliability for the SPLC using a markov model. The architecture of the SPLC is designed to have the multiple modular redundancy composed of the Dual Modular Redundancy(DMR) and the Triple Modular Redundancy(TMR). The operating system of the SPLC is designed to have the non-preemptive state based scheduler and the supervisory task managing the sequential scheduling, timing of tasks, diagnostic and security. The data communication of the SPLC is designed to have the deterministic state based protocol, and is designed to satisfy the effective transmission capacity of 20Mbps. Using Markov model, the reliability of SPLC is analyzed, and assessed. To have the reasonable reliability such as the mean time to failure (MTTF) more than 10,000 hours, the failure rate of each SPLC module should be less than $2{\times}10^{-5}$/hour. When the fault coverage factor (FCF) is increased by 0.1, the MTTF is improved by about 4 months, thus to enhance the MTTF effectively, it is needed that the diagnostic ability of each SPLC module should be strengthened. Also as the result of comparison the SPLC and the existing safety grade PLCs, the reliability and MTTF of SPLC is up to 1.6-times and up to 22,000 hours better than the existing PLCs.

• Journal of Satellite, Information and Communications
• /
• v.9 no.3
• /
• pp.33-40
• /
• 2014

One of the most important requirements for the Ethernet-based automobile is the reliability. In order to achieve this goal, we propose using the High-availability Seamless Redundancy (HSR) protocol (IEC 62439-3 clause 5) in these networks. The HSR protocol provides duplicated frame copies for each sent frame, which means that the destination node will receive at least one copy in case the second copy is lost due to a failure. In other words, there will be no network stoppage even if failure occurs. Moreover, the destination node will receive at least one frame copy with zero-recovery time (seamless) and it will not need to wait to receive the other copy if the first one is lost, which occurs it in the Ethernet standard, as a result of reconfiguration of the network paths. However, the main drawback of the HSR protocol is the unnecessary redundant traffic that is caused by the duplicated frames. Several solutions, including QR, VRing, RURT, and DVP, have already been proposed to improve the traffic performance of the HSR protocol. In this paper, we propose three automobile network topologies. each of which has pros and cons depending on the automobile requirements. Then we applied the HSR protocol with and without the QR and VRing approaches to each scenario. The comparison among these topologies depend on the traffic performance result for each of them. The QR and VRing approaches give a better traffic reduction percentage, ranging from 48% to 75% compared to the standard HSR protocol. Therefore they could limit the redundant traffic in automobile networks when the HSR protocol is used instead of the Ethernet network, which does not provide any seamless recovery if a failure occurs.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.48 no.6
• /
• pp.735-746
• /
• 1999

We design the robust and inherently fault tolerant decetralized$$H^infty$$ filter for the multisensor state estimation problem when there are insufficient priori informations on the statistical properties of external disturbances. For developing the proposed algorithm, an alternative form of suboptimal$$H^infty$$ filter equations are formulated by applying an alternative form of Kalman filter equations to the indefinite inner product space state model of suboptimal$$H^infty$$ filtering problems. The decentralized$$H^infty$$ filter that consists of local and central fusion filters can be designed effciently using the proposed alternative$$H^infty$$ filiter gain equations. The proposed decentralized$$H^infty$$ filter is robust against un-known external disturbances since it bounds the maximum energy gain from the external disturbances to the estimation errors under the prescribed level$$r^2$$ in both local and central fusion filters and is also fault tolerant due to its inherent redundancy. In addition, the central fusion equations between the global and local data can reduce the unnecessary calculation burden effectively. Computer simulations are made to ceritfy the robustness and fault tolerance of the proposed algorithm.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.34 no.3
• /
• pp.74-80
• /
• 2006

This paper deals with the control and fault monitoring of a DDV hydraulic actuation system. A hydraulic servo system has a nonlinear dynamics of an orifice flow through a valve spool. A full nonlinear model for a DDV actuation system is driven, and linearized to a simple model which is convenient for a control loop and fault monitor design. A top level requirement on the performance and safety for the actuation system is introduced. A control system and fault monitoring structure which can meet these requirements are discussed. A simulation package for a DDV actuation system which has a triplex redundant structure is developed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.23 no.5
• /
• pp.1149-1159
• /
• 1998

This paper presents the Controllable Self-Checking(CSC) Checker at which can be used the Fault-Tolerant System with the redundancy. According to the critical level of output(of system), especially, it can be instructed the time if it has to check the output or not. We adop the deterministic test, performed on-line, to detect the faults with a minimal test set. The results show the Parity 2-rail checker(P-TRC) which is designed much simpler than the checker has the higher fault coverage than the existent checker.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.9
• /
• pp.1373-1378
• /
• 2017

This paper presents a basic ECU(Electronic Control Unit) hardware development procedure for the functional safety of in-vehicle network systems. We consider complete hardware redundancy as a safety mechanism for in-vehicle communication network under the assumption of the wired network failure such as disconnection of a CAN bus. An ESC (Electronic Stability Control) system is selected as an item and the required ASIL(Automotive Safety Integrity Level) for this item is assigned by performing the HARA(Hazard Analysis and Risk Assessment). The basic hardware architecture of the ESC system is designed with a microcontroller, passive components, and communication transceivers. The required ASIL for ESC system is shown to be satisfied with the designed safety mechanism by calculation of hardware architecture metrics such as the SPFM(Single Point Fault Metric) and the LFM(Latent Fault Metric).

• Journal of Power Electronics
• /
• v.16 no.4
• /
• pp.1426-1437
• /
• 2016

In different industrial and mission oriented applications, redundant or standby semiconductor systems can be implemented to improve the reliability of power electronics equipment. The proper structure for implementation can be one of the redundant or standby structures for series or parallel switches. This selection is determined according to the type and failure rate of the fault. In this paper, the reliability and the mean time to failure (MTTF) for each of the series and parallel configurations in two redundant and standby structures of semiconductor switches have been studied based on different failure rates. The Markov model is used for reliability and MTTF equation acquisitions. According to the different values for the reliability of the series and parallel structures during SC and OC faults, a comprehensive comparison between each of the series and parallel structures for different failure rates will be made. According to the type of fault and the structure of the switches, the reliability of the switches in the redundant structure is higher than that in the other structures. Furthermore, the performance of the proposed series and parallel structures of switches during SC and OC faults, results in an improvement in the reliability of the boost dc/dc converter. These studies aid in choosing a configuration to improve the reliability of power electronics equipment depending on the specifications of the implemented devices.

• Journal of Institute of Control, Robotics and Systems
• /
• v.20 no.6
• /
• pp.689-694
• /
• 2014

An SPLC (Safety Programmable Logic Controller) must be designed to meet the highest safety standards, IEEE 1E, and should guarantee a level of fault-tolerance and high-reliability that ensures complete error-free operation. In order to satisfy these criteria, I/O modules, communication modules, processor modules and bus modules of the SPLC have been configured in triple or dual modular redundancy. The redundant modules receive the same data to determine the final data by the voting logic. Currently, the processor of each rx module performs the voting by deciding on the final data. It is the intent of this paper to prove the improvement on the current system, and develop a voting system for multiple data on a system bus level. The new system bus protocol is implemented based on a TCN-MVB that is a deterministic network consisting of a master-slave structure. The test result shows that the suggested system is better than the present system in view of its high utilization and improved performance of data exchange and voting.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.11-19
• /
• 2022

In this paper, we propose a fault tolerant embedded system using memory redundancy on the full-virtualization based virtual machine monitor. The proposed virtual machine monitor first virtualizes main memory of embedded system utilizing efficient shadow page table scheme so that the embedded system runs as a virtual machine on the virtual machine monitor. The virtual machine monitor makes the backup of the embedded system run as another virtual machine by copying memory contents of the embedded system into memory space of backup system according to predefined schedules. When an error occurs in the target virtual machine, the corresponding standby virtual machine takes the role of target virtual machine and continues its operation. Performance evaluation studies show that such backups and switches of virtual machines are performed with minor performance degradation.