A self-checking multiprocessor system for train-borne operation
Since the construction of the first electronic computer, forty years ago, reliability has been an important consideration in the minds of computer designers. However, the available technology limited early efforts at fault-tolerance, error-checking and fault recovery. The early valve and discrete transistor machines tended to be large and heavy, unsuitable for applications such as on-board automatic train control, even with no error detection and safety systems. With improvements in component technology, vehicle-borne control electronics has become a practical reality, but until the emergence of large scale integrated circuits (LSI) constraints on fault detection systems remained. The review sections of this thesis trace the development of high-reliability computing techniques, in particular those applied to vehicle control. Control designs are becoming more ambitious, and as microprocessors rival minicomputers for speed and instruction set power, multiprocessing at low cost is easily attainable. In this atmosphere of cheap computer power, the British Rail Automatic Train Operation (ERATO) project was born. Seven microprocessor systems were to run three programs to effect (almost) driverless train control and more. The research for this thesis involved examining the alternative methods for tackling the problems of safety and availability in a train-borne system. The design and development of a multiprocessing module, Cyclone I will be described. Cyclone I contains three l6 bit microprocessors and three program stores and runs as a compact self-checking multiprocessor. When fully developed, the design will be suitable not only for train systems, but for other applications requiring a high confidence level in the output control signals.