Design And Implementation Of A New Database Update Mechanism For Safety-critical Computer System

There is high safety and reliability requirement in the area of aerospace, rail transportation, military and energy fields. Safety critical computer is a device of high reliability and safety and is widely used in those areas.A safety critical computer is made up of three modules and it votes input/output among different modules to guarantee safety of the system. But database can’t be voted directly like other data because when database is updating there are large amounts of data transferred in a short time and we cannot vote so many data in such a short time. The traditional way is different modules update database separately and each module verify its own database to guarantee safety. But as part of safety critical computer function, database net-update must meet the requirement of safety, that is to say database must be voted. So we have to find a way to transform database which is of a few dozen megabytes to something that is of several tens of bytes. This small packet of a few dozen megabytes is called database status. During the database net update process, the net-update task outputs database status at set time intervals, database status indicates the database condition, database statuses from three modules are voted and the output will be taken as the total condition of database by system. Based on this mechanism, we can guarantee safety of database net-update.2oo3(two out of three) safety critical computer is one kind of safety critical computer which is made up of three modules. This paper first introduces hardware architecture of2oo3safety critical computer, then analyses the system requirements of database update system based on the hardware architecture. preliminary design and detailed design are also introduced based on the system requirements. Protocols used during the database updating process are also introduced.The safety and reliability of this database update mechanism must be checked. In this paper a Markov model is built to calculate the safety and reliability of this mechanism. Then we test the mechanism in large numbers of possbile failures that may occur during database update with the method of fault injection. The result shows that this mechanism meets the safety requirement of safety critical computer.Finally, a summary is given for the whole thesis, and some suggestion about research direction is proposed.