-
公开(公告)号:US20170161116A1
公开(公告)日:2017-06-08
申请号:US15007317
申请日:2016-01-27
发明人: Hermann KOPETZ , Stefan POLEDNA
CPC分类号: G06F9/5077 , G06F9/45558 , G06F9/4887 , G06F2009/4557
摘要: The invention relates to a method for executing a real-time computer application, in particular a comprehensive real-time computer application, wherein a description of functions or of the functions of the real-time computer application is contained in an application software, or for executing an application software, which application software contains a description of functions or of the functions of the real-time computer application, in particular of the comprehensive real-time computer application, on a distributed real-time computer system, which real-time computer system comprises a multiplicity of sensors, actuators, computing nodes and distributor units, and wherein the sensors, actuators, computing nodes and distributor units have access to a global time. The application software is divided into a number of real-time software components RTSWCs, in particular into a plurality of real-time software components RTSWCs, wherein, when the real-time computer application or the application software is executed, the RTSWCs can exchange information by means of time-controlled messages, and wherein each RTSWC is allocated a time-triggered virtual machine TTVM, wherein, during a service interval SI, an operating system running on a computing node provides a TTVM realised on this computing node with protected access to the network resources and memory resources of the computing node assigned to this TTVM, and wherein, during the SI, a defined computing power for processing the RTSWCs running in the TTVM is allocated to the TTVM by the operating system of the computing node in such a way that the RTSWCs can provide a result before the end of the SI.
-
公开(公告)号:US20170192417A1
公开(公告)日:2017-07-06
申请号:US15327141
申请日:2015-07-17
发明人: Hermann KOPETZ
IPC分类号: G05B23/02
CPC分类号: G06F11/2038 , G05B19/042 , G05B23/0289 , G05B23/0294
摘要: The invention relates to a fault-tolerant, maintainable automation system comprising two central computers, a process periphery and gateway computers, wherein the central computers and the gateway computers are fail-silent FCUs and represent autonomous exchange units, and the central computers and gateway computers exchange timed status messages via communications channels, and wherein each gateway computer establishes the link to the process periphery associated with the gateway computer and saves the current status of the process periphery associated with the gateway computer, and wherein a central computer assumes the role of an active central computer and another central computer assumes the role of a passive central computer, and wherein the active central computer exerts control over the gateway computers, and wherein the active central computer transmits a sign-of-life message to the passive central computer, preferably periodically, and wherein the passive central computer acknowledges the receipt of a sign-of-life message from the active central computer in a periodic sign-of-life message and monitors it through a time-out, and wherein the passive central computer assumes the role of the active central computer if the sign-of-life messages fail to appear after the time-out, and wherein the faulty, previously active central computer autonomously attempts to restart and, following a successful restart, monitors the communications traffic within a cluster, the cluster containing the central computer, in order to ascertain the current status of the cluster, and wherein the computer assumes the role of the passive central computer and informs the now-active central computer by means of preferably periodic sign-of-life messages that it is performing the role of the passive central computer, and wherein, if the restart is unsuccessful, the faulty central computer indicates the permanent error by means of a display means.
-
3.发明申请DISTRIBUTED REAL-TIME COMPUTER SYSTEM AND METHOD FOR FORCING FAIL-SILENT BEHAVIOR OF A DISTRIBUTED REAL-TIME COMPUTER SYSTEM 审中-公开分布式实时计算机系统和分布式实时计算机系统的失败行为的方法公开(公告)号:US20160380858A1
公开(公告)日:2016-12-29
申请号:US15188029
申请日:2016-06-21
发明人: Stefan POLEDNA , Hermann KOPETZ
CPC分类号: H04L43/0847 , B60T2270/40 , G05B9/03 , G05B2219/24181 , G05B2219/24187 , G05B2219/24189 , G06F11/0709 , G06F11/1629 , H04L1/20 , H04L1/22 , H04L41/0659 , H04L67/10
摘要: The invention relates to a method for forcing fail-silent behavior of a periodically functioning, distributed real-time computer system, which real-time computer system comprises at least two redundant NSCFCUs. At the beginning of a frame, the at least two redundant NSCFCUs (110, 111) are supplied with the same input data, wherein each of the redundant NSCFCUs calculates a result, preferably by means of a deterministic algorithm, particularly from the input data, and wherein this result is packed into a CSDP with an end-to-end signature, and wherein the CSDPs of the NSCFCUs (110, 111) are transmitted to an SCFCU (130), and wherein the SCFCU (130) checks whether the bit patterns of the received CSDPs are identical, and, if disparity of the bit patterns is found, prevents further transmission of the CSDPs, particularly those CSDPs in which disparity was found. Furthermore, the invention relates to a periodically functioning, distributed real-time computer system.
摘要翻译: 本发明涉及一种用于强制周期性功能分布式实时计算机系统的故障静默行为的方法,该实时计算机系统包括至少两个冗余的NSCFCU。 在帧的开始处,向至少两个冗余NSCFCU(110,111)提供相同的输入数据,其中每个冗余NSCFCU优选地通过确定性算法,特别是来自输入数据的计算结果, 并且其中所述结果被打包到具有端到端签名的CSDP中,并且其中所述NSCFCU(110,111)的CSDP被发送到SCFCU(130),并且其中所述SCFCU(130)检查所述位 所接收的CSDP的模式是相同的,并且如果发现位模式的差异,则防止CSDP的进一步传输,特别是那些发现不一致的CSDP。 此外,本发明涉及一种周期性功能的分布式实时计算机系统。
-
4.发明申请公开(公告)号:US20170357303A1
公开(公告)日:2017-12-14
申请号:US15539509
申请日:2015-12-23
发明人: Hermann KOPETZ , Stefan POLEDNA
CPC分类号: G06F1/324 , G06F1/12 , G06F1/14 , G06F1/3234 , H04J3/0638 , H04J3/0667
摘要: The present invention relates to a method for synchronizing the clocks of the node computers of a distributed real-time system with an external time reference, such as GPS time, requiring minimal energy expenditure, and for structuring a sparse time-base. By considering the influence of changing physical environmental parameters on the period of oscillation of local oscillators, the holdover interval, according to which an external synchronization must occur, can be dynamically determined and the frequency of the energy-intensive external synchronization processes can be significantly reduced.
-
5.发明申请公开(公告)号:US20170171350A1
公开(公告)日:2017-06-15
申请号:US15377585
申请日:2016-12-13
发明人: Hermann KOPETZ
CPC分类号: H04L67/325 , H04J3/0635 , H04L12/417 , H04L12/44 , H04L43/0852
摘要: The invention concerns a method for the periodic detecting of measured values in a real-time computer system, especially a distributed real-time computer system, which real-time computer system, especially a distributed real-time computer system, comprises a plurality of sensors, especially intelligent sensors, node computers and distribution units, wherein the sensors, especially intelligent sensors, the node computers and the distribution units have access to a global time, and wherein real-time data is transported in the real-time computer system by means of time-triggered real-time messages, wherein periodically recurring global observation times (220) are established or will be established in the real-time computer system at the beginning of a frame, and wherein each node computer controlling a sensor, especially a physical sensor, puts out a trigger signal to the sensor, especially the physical sensor, at a sensor-specific trigger time (210) of the sensor controlled by the node computer, which specific trigger time (210) is calculated from the difference between the global observation time (220) minus a sensor-specific startup interval (215).
-
公开(公告)号:US20160232126A1
公开(公告)日:2016-08-11
申请号:US15019234
申请日:2016-02-09
发明人: Stefan POLEDNA , Hermann KOPETZ , Martin SCHWARZ
IPC分类号: G06F15/173 , H04L29/08
CPC分类号: G06F15/17331 , G06F12/0835 , G06F12/1081 , H04L49/103 , H04L49/35 , H04L67/10
摘要: The invention relates to a method for processing real-time data in a distribution unit of a distributed computer system, the computer system comprising a plurality of node computers and distribution units, the distribution unit containing, in addition to a switching engine (SE) and a switching memory (SM), one or more application computers each with one or more application central processing units and each with one or more application memories (AM), wherein the switching engine of the distribution unit, when it receives, at one of its ports, a message intended for an application computer, forwards this message to the addressed application computer through a direct memory access (DMA) unit that is arranged between the switching memory and the application memory of the addressed application computer and that is under the control of the switching engine. The invention also relates to an expanded distribution unit and a computer system with such expanded distribution units.
摘要翻译: 本发明涉及一种用于处理分布式计算机系统的分发单元中的实时数据的方法,所述计算机系统包括多个节点计算机和分配单元,所述分配单元除了包括切换引擎(SE)和 切换存储器(SM),一个或多个应用计算机,每个应用计算机具有一个或多个应用中央处理单元,并且每个应用计算机具有一个或多个应用存储器(AM),其中分发单元的交换引擎在接收到其中一个应用存储器 端口,用于应用计算机的消息,通过直接存储器访问(DMA)单元将该消息转发到寻址的应用计算机,所述直接存储器访问(DMA)单元布置在交换存储器和所寻址的应用计算机的应用存储器之间,并且处于 交换引擎。 本发明还涉及一种具有这种扩展分配单元的扩展分配单元和计算机系统。
-
7.发明申请公开(公告)号:US20160232046A1
公开(公告)日:2016-08-11
申请号:US15024938
申请日:2014-09-25
发明人: Hermann KOPETZ
IPC分类号: G06F11/07
CPC分类号: G06F11/076 , G06F11/0709 , G06F11/0757 , G06F11/0772 , G06F11/079
摘要: A process to detect a failure of a constituent system (110 . . . 113) in a system of systems (1) consisting of a number of constituent systems (111 . . . 113) which exchange messages through a communications system (120), in which every constituent system (111 . . . 113) has a global time with a known granularity g, and at least one constituent system creates, at periodic creation times (210, 211) determined a priori from the progression of the global time, a time-triggered life-sign message, the time of transmission (211, 221) of this life-sign message in the time-triggered communications system (120), determined a priori from the progression of the global time, is synchronized with the creation time of this life-sign message, and the time of receipt (212, 222) of this life-sign message, determined a priori from the progression of the global time, is synchronized with the timeout time point (213, 223), determined a priori from the progression of the global time, of a monitor (130) of this life-sign message monitoring the arrival of the life-sign message, wherein an error message is triggered at the timeout time point if no life-sign message has arrived at the expected time of receipt (222).
摘要翻译: 一种用于检测由通过通信系统(120)交换消息的多个组成系统(111 ... 113)组成的系统(1)系统中的组成系统(110 ... 113)的故障的过程, 其中每个组成系统(111 ... 113)具有具有已知粒度g的全局时间,并且至少一个构成系统在从全球时间的进展中先验确定的定期创建时间(210,211)中创建, 时间触发的生命符号消息,时间触发通信系统(120)中的终生签署消息的传输时间(211,221),从全局时间的进行中先验确定,与 该终身签名消息的创建时间以及从全局时间的进行先验确定的该生命符号消息的接收时间(212,222)与超时时间点(213,223)同步, 从全球时间的进展中预先确定了监视器(130) 监视生命符号消息的到达的终生签名消息,其中如果没有生命符号消息已到达预期接收时间(222),则在超时时间点触发错误消息。
-
公开(公告)号:US20160026181A1
公开(公告)日:2016-01-28
申请号:US14776109
申请日:2014-03-13
发明人: Hermann KOPETZ
CPC分类号: G05D1/0061 , B60W50/10 , B60W50/12 , B60W2050/0006 , B60W2050/0016 , B60W2050/0072 , B60W2050/0095 , B60W2600/00 , G05D1/0088 , G05D2201/0213
摘要: The invention relates to a method for allocating control in a system-of-systems, in particular a dynamic system-of-systems consisting of a physical system PS, an autonomous control system CS, a human operator HO, a monitor component MK and an actuator controller AST, or comprising a physical system PS, an autonomous control system CS, a human operator HO, a monitor component MK and an actuator controller AST, wherein the CS uses a sensor system assigned thereto to cyclically monitor surroundings and/or the physical system itself and creates an internal model of the surroundings and/or the PS on the basis of this monitoring and performs an analysis of this model in order to determine control values for the AST and a criticality index KI of the scenario in a cycle, in particular in the current cycle, and wherein the MK cyclically monitors the HO and/or the actions thereof, in particular the current actions thereof, in order to determine an engagement index EI of the HO in a cycle, in particular in the current cycle, on the basis of this monitoring, and wherein the control over the PS is allocated to the HO when EI>KI.
摘要翻译: 本发明涉及一种用于在系统系统中分配控制的方法,特别是由物理系统PS,自主控制系统CS,人类操作者HO,监视器组件MK和 执行器控制器AST,或包括物理系统PS,自主控制系统CS,人类操作者HO,监视器组件MK和致动器控制器AST,其中CS使用分配给它的传感器系统来周期性地监视环境和/或物理 系统本身,并在此监控的基础上创建了周边环境和/或PS的内部模型,并对该模型进行分析,以确定AST的控制值和一个周期中场景的临界指数KI, 特别是在当前周期中,并且其中MK循环地监视HO和/或其动作,特别是其当前动作,以便确定在一个周期内HO的参与指数EI 在本次循环的基础上,在该监测的基础上,并且其中当EI> KI时,对PS的控制被分配给HO。
-
9.发明申请公开(公告)号:US20180052453A1
公开(公告)日:2018-02-22
申请号:US15677878
申请日:2017-08-15
CPC分类号: G05B23/0245 , G05B19/042 , G05B23/0294 , G06F9/4494 , G06F11/20 , G06F11/3692 , G06F2201/805
摘要: An innovative method is provided by which a complex electronic system for controlling a safety-critical technical process, for example driving an autonomous vehicle, can be implemented. A decision is made between simple and complex software, wherein the simple software is implemented on error-tolerant hardware and wherein a plurality of different versions of the complex software are simultaneously implemented in independent fault containment units (FCU) and wherein a result that is to be transmitted to the actuators is selected by a decider from the results of the complex software that is implemented using the simple software.
-
公开(公告)号:US20170262330A1
公开(公告)日:2017-09-14
申请号:US15508924
申请日:2015-09-03
发明人: Hermann KOPETZ
IPC分类号: G06F11/07
CPC分类号: G06F11/0796 , G06F11/0739 , G06F11/1641 , G06F2201/805
摘要: The invention relates to a computer system for carrying out safety-critical applications, said computer system comprising a plurality of node computers and a communications system. Sensor data are supplied in parallel to one or more node computers, the node computers calculating an optimized result, preferably using an optimization algorithm, in order to solve a given problem, and transmitting said optimized result, preferably for checking the safety, to a node computer which is designed as an SCFCU, said SCFCU being directly connected to the actuator controller, and the SCFCU furthermore calculating from the sensor data a simple result, which preferably meets all safety requirements, and an envelope of the simple result, and the SCFCU checking whether the resulting values, particularly those relevant to safety, of the optimized result lie within the envelope of the simple result, and, if this is the case, directly forwarding the optimized result to the actuator controller, and, if this is not the case, forwarding the simple result calculated by the SCFCU directly to the actuator control.
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.017 秒)
