Triple-modular redundancy(TMR), a well-known methodology for improving the reliability of computer systems, has been used for onboard control computers in many safety-critical space applications. In this paper, a ligh...Triple-modular redundancy(TMR), a well-known methodology for improving the reliability of computer systems, has been used for onboard control computers in many safety-critical space applications. In this paper, a lightweight data-voting strategy for TMR control computer is proposed, in which an additional straightforward input voting stage is added, so that determination of the maximum admissible deviation for output matching, as required by traditional strategies, can be avoided. The lightweight strategy is a practical data-voting solution for the TMR control computer that exploits the characteristics of the data of the control computer. The addition of input voting, in both the value and time domains, can ensure that the outputs of non-faulty machines are exactly equal, and the bitwise output matching of the TMR control computer can be performed. The new data-voting strategy has been optimized according to the actual application conditions in spacecraft control systems, and has been adopted for the TMR control computer of the Chang’e-5 Return Spacecraft. The results of the ground experiments and successful on-orbit application have demonstrated the advantages of the new data-voting strategy for TMR control computer.展开更多
文摘Triple-modular redundancy(TMR), a well-known methodology for improving the reliability of computer systems, has been used for onboard control computers in many safety-critical space applications. In this paper, a lightweight data-voting strategy for TMR control computer is proposed, in which an additional straightforward input voting stage is added, so that determination of the maximum admissible deviation for output matching, as required by traditional strategies, can be avoided. The lightweight strategy is a practical data-voting solution for the TMR control computer that exploits the characteristics of the data of the control computer. The addition of input voting, in both the value and time domains, can ensure that the outputs of non-faulty machines are exactly equal, and the bitwise output matching of the TMR control computer can be performed. The new data-voting strategy has been optimized according to the actual application conditions in spacecraft control systems, and has been adopted for the TMR control computer of the Chang’e-5 Return Spacecraft. The results of the ground experiments and successful on-orbit application have demonstrated the advantages of the new data-voting strategy for TMR control computer.
