On-Line Repair of a Fault Tolerant Computer

The problem that is addressed in this paper is that of repairing a fault tolerant control computer without disturbing its function. It is becoming increasingly common to employ fault tolerant systems for critical control applications. These occur in the oil, chemical, primary metals, electric power and many other industries. The central idea in using such systems is that adequate reliability can only be achieved in a system that is designed to tolerate the occurrence of a fault. However, in all such systems, there is a limit to the number of faults that can be tolerated and therefore, when a fault occurs, it is first necessary to detect that fact. Following this, it is necessary to repair the system. We address particularly this last issue and we consider techniques for repairing faults while the control system is still operating. We assume that the control system is associated with a process that is highly critical and that in addition, there are strong operational or economic reasons why the process cannot be stopped to effect repair of the control system. We further assume that, during repair, the control system should not produce any disturbance of the process, or in control terminology, the repair should not produce a "bump" in an output.