Title :
Dependable systems using `VIPER´
Author_Institution :
Royal Signals & Radar Establ., Malvern, UK
Abstract :
VIPER is a 32-bit reduced instruction set microprocessor which has been specified, designed, and verified using the most formal techniques available. A complete chain of proof exists between the various gate-level designs and the functional specification. VIPERs are designed to work in pairs, to form fault-detecting computing modules with virtually 100% cover against single faults. All the comparison logic needed is built-in to the VIPER chips and is implemented in duplicated self-checking circuitry to minimise the risk that a single fault in the `voter´ might mask faults elsewhere in the system. Every node in the voting system can be tested by applying a few carefully chose inputs: 4 legal patterns and one deliberately-forced error are enough to test the whole of the 32 bit data bus comparator. With a common specification against which the chip designs have been verified in the formal, mathematical sense, a pair of VIPER chips has the property of dependable fault reporting and forms an ideal building block for reliable systems. The author discusses VIPER´s limits of verification, use for building a dependable system and in industrial systems
Keywords :
fault tolerant computing; microprocessor chips; reduced instruction set computing; 32 bit; VIPER chips; building block; common specification; comparison logic; data bus comparator; deliberately-forced error; dependable fault reporting; dependable system; duplicated self-checking circuitry; fault-detecting computing modules; formal techniques; functional specification; gate-level designs; industrial systems; legal patterns; proof; reduced instruction set microprocessor; reliable systems; verification; voter; voting system;
Conference_Titel :
Computers and Safety, 1989. A First International Conference on the Use of Programmable Electronic Systems in Safety Related Applications
Conference_Location :
Cardiff
