ARCHITECTURAL PRINCIPLES FOR SAFETY-CRITICAL REAL-TIME APPLICATIONS

This paper addresses the general area of computer architectures for safety-critical real-time applications. The maximum acceptable probability of failure for these applications ranges from about 10(-4) to 10(-10) per hour depending on whether it is a military or civil application. Typical examples include commercial and military aircraft-fly-by-wire, full authority engine control, satellite and launch vehicle control, ground transport vehicles, etc. Real-time response requirements for these applications are also very demanding, with correct central inputs required every 10 to 100 ms, depending on the application. These dual goals of ultrahigh reliability and real-time response necessitate computer systems that are quite different from other dependable systems in their architecture, design and development methodology, validation and verification, and operational philosophy. This paper highlights these differences by describing each of these aspects of safety-critical systems. Architectural principles and techniques to address these unique requirements are described.