Method and device for fault-tolerant, time-controlled real-time communication

摘要

The aim of the present invention is that of establishing a fault-tolerant global time in a fault-tolerant communication system of a distributed real-time system. For this purpose, a fault-tolerant message switching unit is provided, which is composed of four independent switching units. These four independent switching units jointly establish a fault-tolerant time. The terminal systems are connected to a fault-tolerant message switching unit via two independent fail-silent communication channels, so that the clock synchronization and network connections are preserved, even if a part of the fault-tolerant switching unit or of a communication channel fails.

主权项

1. A method for fault-tolerant clock synchronization and for fault-tolerant time-triggered real-time communication using a number of terminal systems and one or more fault-tolerant switches, which are respectively connected via at least two communication channels, characterized in that each fault-tolerant switch contains a first switch pair and a second switch pair, wherein the first switch pair contains a first switch and a second switch and the second switch pair contains a third switch and a fourth switch, and wherein each of the first through fourth switches are connected to the remaining three switches via a communication channel, and the first through fourth switches establish an internal global fault-tolerant timebase having a known precision (P) via the communication channel using a known message-based internal fault-tolerant synchronization algorithm, and wherein each of a plurality of terminal systems is connected to the first switch pair via a first comparator associated with a particular terminal system and to the second switch pair via a second comparator associated with the particular terminal system, said method comprising:
receiving a copy of a message transmitted by a first terminal system via a first communication channel in the first switch pair wherein the first comparator associated with the first terminal system in the first switch pair transmits a copy of the message to the first switch via a first communication channel and a copy of the message to the second switch via a second communication channel in the first switch pair; receiving a copy of the message the second switch pair via the second communication channel wherein the second comparator associated with the first terminal system in the second switch pair transmits a copy of the message to the third switch via a first communication channel and a copy of the message to the fourth switch via a second communication channel in the second switch pair; wherein the first through fourth switches switch the copy of the message; transmitting a copy of the message from each of the first switch and the second switch to a first comparator associated with a second terminal system via second and third communication channels; transmitting a copy of the message from each of the third and fourth switches to a second comparator associated with the second terminal system via third and fourth communication channels; opening a time window having a duration, D, in each of the comparators associated with the second terminal system immediately after a temporally first copy of the message arrives; determining whether a temporally second copy of the message arrives in each of the comparators associated with the second the interval D; discarding the temporally first message if the temporally second copy of the message does not arrive during the interval; comparing the temporally first and second messages bit by bit in a comparator associated with the second terminal system in response to the temporally second message arriving during interval, D, in the comparator; interrupting the transmission of the copy of the message by a comparator associated with the second terminal system if the comparator detects a bit error between the temporally first and second messages; transmitting the copy of the message from a comparator associated with the second terminal system to the second terminal system via a communication channel if all of the bits are identical in the temporally first and second messages wherein two checked copies of the message arrive at the second terminal system in the fault-free case and, if one of the first and second switch pairs is faulty or detects an error and discards the message, a correct message still arrives at the second terminal system; and periodically transmitting two synchronization messages generated in a fault-tolerant switch to all connected terminal systems, wherein a first synchronization message is transmitted by the first switch pair and a second synchronization message is transmitted by the second switch pair, and wherein the time at which a synchronization message arrives at a particular terminal system corresponds to the time contained in the data field of the synchronization message.