Design of a fault-tolerant parallel processor

The Charles Stark Draper Laboratory, under contract to the NASA Johnson Space Center, has developed a Fault-Tolerant Parallel Processor (FTPP) for use on the NASA X-38 experimental vehicle. Using commercial processor boards and the industry-standard VME backplane, the system is configured as a quadruplet Flight-Critical Processor (FCP) and five simplex Instrumentation Control Processors (ICPs). The FCP is Byzantine resilient for any two non-simultaneous permanent faults, and for any number of non-simultaneous recoverable faults, as long as a maximum of one other fault condition occurs during the recovery process (only two recoveries can be in progress at once). This paper focuses on some of the hardware and software design of the Fault-Tolerant System Services (FTSS) that isolate, as much as possible, the redundancy of the FCP from the application software, such as the guidance, navigation and flight control software, on the X-38 FTPP. FTSS also performs reconfiguration and recovery functions.