Effects of system architecture on safety and reliability of multiple microprocessor control systems

Surface Transportation Systems are progressively making more use of microprocessors in vital control system applications. We have examined three types of control system architecture: duplex, triplex and dual duplex. Expressions are derived for the rate of occurrence at the system level of total failures, unsafe failures and service interruptions. We find that the duplex system has the lowest rate of occurrence of unsafe failures and of failures requiring maintenance action. Either a triplex or dual-duplex system provides orders-of-magnitude better freedom from service interruption than a duplex system, which must shut down whenever one channel fails. Sample implementations are shown for each architecture. It is shown that a duplex system can be easily expanded to a dual-duplex system and that this may be the preferable route in many cases.