Architectural Principles for Safety - Critical Real - Time Applications

This paper addresses the general area of computer architectures for safety-critical real-time applications. The maximum acceptable probability of failure for these applications ranges from about I O 4 to 1Oi0 per hour depending on whether it is a military or civil application. Typical examples include commercial and military aircraf fly-by-wire, full authority engine control, satellite and launch vehicle control, ground transport vehicles, etc. Realtime response requirements for these applications are also very demanding, with correct control inputs required every 10 to 100 ms, depending on the application. These dual goals of ultrahigh reliability and real-time response necessitate computer systems that are quite different from other dependable systems in their architecture, design and development methodology, validation and verification, and operational philosophy. This paper highlights these differences by describing each of these aspects of safetycritical systems. Architectural principles and techniques to address these unique requirements are described.