公开(公告)号：US09898924B2

公开(公告)日：2018-02-20

申请号：US15445224

申请日：2017-02-28

申请人： FTS COMPUTERTECHNIK GMBH

发明人： Hermann Kopetz

IPC分类号： G08B29/00 ,  G08B29/18 ,  H04L12/24 ,  H04L29/08 ,  G06F11/26

CPC分类号： G08B29/185 ,  G06F11/261 ,  H04L12/417 ,  H04L41/0681 ,  H04L41/069 ,  H04L67/10 ,  H04L67/12

摘要： The invention relates to a method for the reliable transport of alarm messages in a distributed computer system, said computer system comprising components, in particular a plurality of components, the components being node computers, distributor units, sensors—preferably intelligent sensors—and actuators—preferably intelligent actuators—and all components having access to a global time of known precision, and the node computers, intelligent sensors and intelligent actuators exchanging messages via the distributor units. It is provided that the computer system includes intelligent alarm sensors or intelligent alarm sensors are assigned to the computer system, and an intelligent alarm sensor transmits two types of time-triggered messages, alarm messages having an alarm transport period prescribed a priori, and error detection messages having an error detection period prescribed a priori, and the time stamps for the occurrence of alarm events are included in an alarm monitoring interval, the alarm monitoring interval ending directly before the transmission of the alarm message and being at least twice as long as the alarm transport period, and an alarm message only being transmitted if at least one time stamp of an alarm event is included in the alarm message, and the current states of all alarms that are active immediately before the transmission of the error detection message are included in the periodic error detection messages.

公开(公告)号：US09787494B2

公开(公告)日：2017-10-10

申请号：US15031861

申请日：2014-10-15

申请人： FTS Computertechnik GmbH

发明人： Wilfried Steiner ,  Günther Bauer

IPC分类号： H04L12/28 ,  H04L12/40 ,  H04L12/937 ,  H04L29/12

CPC分类号： H04L12/40182 ,  H04L12/40189 ,  H04L49/254 ,  H04L61/2007 ,  H04L61/2038

摘要： The invention relates to a method for transmitting messages in a computer network, and to a computer network of this type. The computer network comprises computing nodes (101-105), said computing nodes (101-105) being interconnected via at least one star coupler (201) and/or at least one multi-hop network (1000), wherein each computing node (101-105) is connected via at least one communication line (110) to the at least one star coupler (201) and/or the at least one multi-hop network (1000), and wherein the computing nodes (101-105) exchange Ethernet messages with one another and with the at least one star coupler (201) and/or the at least one multi-hop network (1000). A set of two or more components are directly connected to one another in each case by two or more communication lines (110, 111), wherein each component in the set is either a computing node (101-105) or a star coupler (201), and sending components in the set of components send to at least two of the two or more communication lines (110, 111) at least a proportion of the Ethernet messages that are to be sent, and receiving components in the set of components then accept and/or forward at least a proportion of the Ethernet messages received via the two or more communication lines (110, 111) only if at least two identical messages are received via at least two different communication lines.

公开(公告)号：US09697096B2

公开(公告)日：2017-07-04

申请号：US14776210

申请日：2014-03-13

申请人： FTS COMPUTERTECHNIK GMBH

发明人： Hermann Kopetz

IPC分类号： G06F11/20 ,  G05B9/03 ,  B60T8/88

CPC分类号： G06F11/2028 ,  B60T8/885 ,  B60T2270/402 ,  B60T2270/406 ,  B60T2270/413 ,  G05B9/03 ,  G05B2219/2637 ,  G06F2201/86

摘要： The invention relates to a method and a device for limiting the risk of faults in a control system, in particular a safety-relevant control system, wherein a preferably intelligent actuator controller (AST), by means of the application of a weighted mean value algorithm, calculates a new control value from the two control values determined by means of diverse redundancy by two independent fault-containment units (FCUs), which new control value, in spite of the occurrence of a fault in one of the two FCUs, causes an object to be controlled by the control system to be guided into a safe state, preferably quickly.

公开(公告)号：US09575859B2

公开(公告)日：2017-02-21

申请号：US14380048

申请日：2013-02-20

申请人： FTS Computertechnik GmbH

发明人： Stefan Poledna

IPC分类号： G06F11/00 ,  G06F11/22 ,  G06F11/07 ,  G06F11/16

CPC分类号： G06F11/2294 ,  G06F11/0709 ,  G06F11/0784 ,  G06F11/1629 ,  G06F2201/805

摘要： A method for fault recognition in a distributed real-time computer system comprising fault containment units (FCUs), which has a global timebase, wherein the fault containment units communicate by means of messages via at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel, and wherein a processing fault containment unit (VFCU) does not transmit or use any of its results that are influenced by one or more of the received messages to the environment of the processing fault containment unit or before the commitment times associated with the received messages.

摘要翻译： 一种分布式实时计算机系统中的故障识别方法，包括具有全局时基的故障容纳单元（FCU），其中所述故障容纳单元通过至少一个消息分发单元通过消息进行通信，其中承诺时间为 与由故障容纳单元形成的消息相关联，并且其中接收消息的消息分发单元将所述消息中继到并行操作的一个或多个故障容纳单元，并且其中处理故障容纳单元（VFCU）不发送或使用 任何其结果受到一个或多个接收的消息影响到处理故障容纳单元的环境或在与所接收的消息相关联的承诺时间之前。

公开(公告)号：US09130661B2

公开(公告)日：2015-09-08

申请号：US14391161

申请日：2013-04-09

申请人： FTS Computertechnik GmbH

发明人： Stefan Poledna

IPC分类号： H04B1/707 ,  H04B1/7087 ,  H04L12/26 ,  H04L12/24 ,  G06F1/14 ,  H04L1/22 ,  H04J3/06

CPC分类号： H04B1/7087 ,  G06F1/14 ,  H04J3/0641 ,  H04J3/0661 ,  H04J3/0688 ,  H04L1/22 ,  H04L41/0654 ,  H04L43/106

摘要： Embodiments of the disclosed invention relate to a method for generating fail-silent synchronization messages in a distributed real-time system including a satellite receiver, a precision reference clock, a central computer, a monitor and a data block for storing configuration parameters. The satellite receiver periodically generates a time signal (S-signal) based upon time signals received from a satellite, and the reference clock periodically produces an actual time signal (R-signal) having a nominal frequency and phase identical to the frequency and phase of the S-signal. A periodic synchronization message is generated by the central computer based upon the S-signal the R-signal and parameters stored by the central computer. The monitor checks whether the transmission time contained in the synchronization message matches the actual transmission time and whether the distance between two successive synchronization messages lies within a tolerance interval; and if not, modifies the synchronization message such that the synchronization message is erroneous.

摘要翻译： 所公开的发明的实施例涉及一种用于在包括卫星接收机，精确参考时钟，中央计算机，监视器和用于存储配置参数的数据块的分布式实时系统中生成故障无声同步消息的方法。 卫星接收机基于从卫星接收的时间信号周期性地产生时间信号（S信号），并且参考时钟周期性地产生具有与频率和相位相同的标称频率和相位的实际时间信号（R信号） S信号。 由中央计算机基于S信号产生R信号和由中央计算机存储的参数来产生周期性同步消息。 监视器检查同步消息中包含的传输时间是否与实际传输时间相匹配，并且两个连续的同步消息之间的距离是否处于公差间隔内; 如果不是，则修改同步消息，使得同步消息是错误的。

公开(公告)号：US09063837B2

公开(公告)日：2015-06-23

申请号：US13639456

申请日：2011-04-07

申请人： Guenther Bauer ,  Stefan Poledna ,  Wilfried Steiner

发明人： Guenther Bauer ,  Stefan Poledna ,  Wilfried Steiner

IPC分类号： G06F1/12 ,  G06F1/14 ,  G06F11/00 ,  H04J3/06 ,  H04L12/933 ,  H04L12/931 ,  H04L12/939

CPC分类号： G06F11/004 ,  G06F1/14 ,  H04J3/0688 ,  H04L49/1523 ,  H04L49/206 ,  H04L49/552

摘要： The aim of the present invention is that of establishing a fault-tolerant global time in a fault-tolerant communication system of a distributed real-time system. For this purpose, a fault-tolerant message switching unit is provided, which is composed of four independent switching units. These four independent switching units jointly establish a fault-tolerant time. The terminal systems are connected to a fault-tolerant message switching unit via two independent fail-silent communication channels, so that the clock synchronization and network connections are preserved, even if a part of the fault-tolerant switching unit or of a communication channel fails.

摘要翻译： 本发明的目的是在分布式实时系统的容错通信系统中建立容错全球时间。 为此，提供了由四个独立的交换单元组成的容错消息交换单元。 这四个独立的交换单元共同建立了容错时间。 终端系统经由两个独立的故障无声通信信道连接到容错消息交换单元，使得即使部分容错交换单元或通信信道出现故障，也能保持时钟同步和网络连接 。

公开(公告)号：US20150098492A1

公开(公告)日：2015-04-09

申请号：US14391161

申请日：2013-04-09

申请人： FTS Computertechnik GmbH

发明人： Stefan Poledna

IPC分类号： H04B1/7087 ,  G06F1/14 ,  H04L1/22

CPC分类号： H04B1/7087 ,  G06F1/14 ,  H04J3/0641 ,  H04J3/0661 ,  H04J3/0688 ,  H04L1/22 ,  H04L41/0654 ,  H04L43/106

摘要： The invention relates to a method for generating fail-silent synchronisation messages in a distributed real-time system, wherein the method uses the following functional units: a satellite receiver (110) for receiving a time signal (S-signal) from a navigation satellite system, a precision reference clock (130), which generates an actual time signal (R-signal), a central computer (140), a monitor (120) and a data block (210) for storing configuration parameters, wherein the satellite receiver (110) periodically generates an S-signal, and wherein the reference clock (130) periodically produces an R-signal, wherein the nominal frequency and phase of the R-signal is identical to the frequency and phase of the S-signal, and wherein the difference between the nominal and actual R-signal is used in order to minimise this difference in the future, and wherein, in the normal case of the satellite receiver (110), the periodic synchronisation message (220), which is to be generated in accordance with the configuration parameters (210) by the central computer (140), is generated on the basis of the S-signal and the difference between the nominal and actual R-signal is used in order to adapt (preferably in the short term) the state and (preferably in the long term) the timing rate of the reference clock (130) to the S-signal, and wherein, in the case of an anomaly of the satellite receiver (110), the timing rate adaptation of the reference clock (120) is suspended, and wherein, in the case of a fault of the satellite receiver (110), the periodic synchronisation message (220), which is to be generated in accordance with the configuration parameters (210) by the central computer (140), is generated on the basis of the R-signal, and wherein the monitor (120) checks whether the transmission time contained in the synchronisation message matches the actual transmission time and the distance between two successive synchronisation messages (220) lies within an a priori fixed tolerance interval, and, if this is not the case, modifies the synchronisation message (220) in such a way that each receiver identifies the synchronisation message (220) as erroneous.

公开(公告)号：US20150039929A1

公开(公告)日：2015-02-05

申请号：US14379728

申请日：2013-03-19

申请人： FTS Computertechnik GmbH

发明人： Stefan Poledna

IPC分类号： G06F11/07

CPC分类号： G06F11/0793 ,  G06F11/004 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0739

摘要： The invention relates to a method for limiting the effects of software errors in a distributed real-time system in which a plurality of distributed application systems are executed simultaneously, wherein each application system forms an encapsulated software fault containment unit (SWFCU), wherein an SWFCU comprises the software of a distributed application system, said software being executed on one or more virtual computer nodes and one or more dedicated computer nodes, and exchanging messages via one or more encapsulated virtual communication systems, wherein a communication system consists of communication controllers, switching units and physical connections, and wherein the direct effects of a software error of an SWFCU remain limited to the SWFCU.

摘要翻译： 本发明涉及一种用于限制其中同时执行多个分布式应用系统的分布式实时系统中的软件错误的影响的方法，其中每个应用系统形成封装的软件故障容纳单元（SWFCU），其中，SWFCU 包括分布式应用系统的软件，所述软件在一个或多个虚拟计算机节点和一个或多个专用计算机节点上执行，以及经由一个或多个封装的虚拟通信系统交换消息，其中通信系统由通信控制器，交换 单元和物理连接，并且其中SWFCU的软件错误的直接影响仍然限于SWFCU。

公开(公告)号：US20150012779A1

公开(公告)日：2015-01-08

申请号：US14380048

申请日：2013-02-20

申请人： FTS Computertechnik GmbH

发明人： Stefan Poledna

IPC分类号： G06F11/22

CPC分类号： G06F11/2294 ,  G06F11/0709 ,  G06F11/0784 ,  G06F11/1629 ,  G06F2201/805

摘要： A method for fault recognition in a distributed real-time computer system comprising fault containment units (FCUs), which has a global timebase, wherein the fault containment units communicate by means of messages via at least one message distribution unit, wherein a commitment time is associated with a message formed by a fault containment unit, and wherein a message distribution unit that receives a message relays the message to one or more fault containment units operating in parallel, and wherein a processing fault containment unit (VFCU) does not transmit or use any of its results that are influenced by one or more of the received messages to the environment of the processing fault containment unit before the commitment times associated with the received messages.

摘要翻译： 一种分布式实时计算机系统中的故障识别方法，包括具有全局时基的故障容纳单元（FCU），其中所述故障容纳单元通过至少一个消息分发单元通过消息进行通信，其中承诺时间为 与由故障容纳单元形成的消息相关联，并且其中接收消息的消息分发单元将所述消息中继到并行操作的一个或多个故障容纳单元，并且其中处理故障容纳单元（VFCU）不发送或使用 在与接收到的消息相关联的承诺时间之前，其结果受到一个或多个接收到的处理故障容纳单元的环境的消息的影响。

公开(公告)号：US20150002187A1

公开(公告)日：2015-01-01

申请号：US14374850

申请日：2013-01-30

申请人： FTS Computertechnik GmbH

发明人： Eric Schmidt

IPC分类号： G01R31/40

CPC分类号： G01R31/40 ,  B60L3/0076 ,  G01R31/3277 ,  G01R31/343 ,  H02P3/22 ,  H02P29/0241 ,  Y02T10/642

摘要： A method for monitoring the short-circuiting switching device of a three-phase motor (3) for driving vehicles, which is fed from a DC voltage source (1) via a controlled converter (2), wherein the short-circuiting switching device (5) actuated by a control logic (6) is connected to the inputs of the motor, and the motor currents and/or motor voltages are measured, and a predetermined test pattern, which is different from the voltage/current profiles during operation, is generated with the aid of the controlled converter (2) during a test phase and is supplied to the motor (3), the short-circuiting switching device is actuated for the activation thereof, the current and/or voltage profile is detected during the test phase by opening and closing of short-circuiting contacts and, on the basis of the current and/or voltage distribution in the individual motor phases, the correct open-ing/closing of the short-circuiting contacts is detected and evaluated.

摘要翻译： 一种用于监视从直流电压源（1）通过受控转换器（2）馈送的用于驱动车辆的三相电动机（3）的短路开关装置的方法，其中短路开关装置 控制逻辑（6）启动的控制逻辑（5）被连接到电动机的输入端，并且测量电动机电流和/或电动机电压，并且与操作期间的电压/电流曲线不同的预定测试图案是 在测试阶段借助受控转换器（2）生成并提供给电动机（3），短路开关装置被激活以激活它，在测试期间检测电流和/或电压曲线 通过短路触点的断开和闭合，并且基于各个电动机相中的电流和/或电压分布，检测并评估短路触点的正确的断开/闭合。