A fault-tolerant/fail-safe command and control system for automated vehicles

Redundancy and fault-tolerant computer technology are being applied to the development of a command and control system for automated vehicles. An ultrareliable command and control system is described which meets the availability and safety requirements for an automated transit system. The technology presented is applicable to a wide variety of computer-based controls where safety is involved or where interruption of the control process cannot be tolerated. High-performance computer-based controls are being developed by OTIS-TTD and Del Rey Systems to control the operation of automated transit systems. The command and control system will allow economical, flexible, personalized service while operating a large number of closely spaced (short headway) vehicles. The requirements for flexible service and short headway operation preclude the use of traditional failsafe design practices and components. To achieve the required performance, reliability, and safety, redundancy and fault-tolerant computer techniques are used. This paper describes how the reliability requirements for command and control systems are achieved through the application of fault tolerant computing. Three alternative computer architectures are described. Reliability analyses have been performed for each candidate architecture, and the results are presented. Based on the reliability analyses, a triple redundant computer is selected. Automatic failure detection and recovery is accomplished by software, thus allowing off-the-shelf hardware to be used.