| 摘要 |
A microprocessor system for safety-critical control operations includes three central units which are located jointly on one chip and execute the same program. Further, there is provision of read-only memories and random-access memories, input and output units, and comparators which check the output signals of the central units for correlation. The central units are interconnected by way of bus systems and bypasses which enable the central units to jointly read and execute the existing data and commands according to the same program. The memory capacity of the read-only and the random-access memories in total amounts to at least 200% compared to the memory required for a non-redundant system. The memory locations are distributed among the three systems, for example, in a ratio of 100:50:50. The central units are extended by redundant periphery components to provide two complete control signal circuits and are interconnected so that, in case of a failure, the faulty central unit can be identified by a majority decision, and a change-over to an emergency operation mode can take place.
|
