Task-scheduling strategies for reliable TMR controllers using task grouping and assignment

Real-time computers are often used in embedded, life-critical applications where high reliability is important. A common approach to make such systems dependable is to vote on redundant processors executing multiple copies of the same task. The most popular redundant structure is triple modular redundancy (TMR). The processors that make up such systems are subject not only to independently occurring permanent and transient faults, but to correlated transient faults, such as electromagnetic interference (EMI) caused by the operating environment. This paper proposes two new scheduling strategies for TMR computer-controllers. Both strategies can tolerate correlated faults as well as independent faults. These strategies, TMR-R (TMR with rotated task group) and TMR-Q (TMR with quintuple computation), are developed using task grouping and assignment. To evaluate the reliability of these strategies, a discrete-time Markov model for control systems is devised. Reliability equations for the TMR-R and TMR-Q are derived from state transitions of sampling intervals based on the Markov model. The reliability of these TMR is proved by comparing them with a conventional TMR, using numerical analysis. These proposed strategies are anticipated to be useful for control systems operating in harsh environments, such as controllers of airplanes or nuclear power plants