Development of a fault tolerant computer system for the HERMES space shuttle

The authors present the full tolerant computer system that has been developed and tested by Matra Marconi Space in the framework of European space shuttle HERMES project. This system has been designed to cope with high safety and reliability requirements (FO/FS) and less than 10/sup -6/ (for the probability of a catastrophic event induced by a system failure). The system is composed of four tightly synchronized computers running in parallel, with each computer broadcasting its input and output data towards the other computers implementing a fault masking concept based on a bit-to-bit vote. The authors present the major requirements and the rationale that led to the actual architecture. A detailed technical description of the system is provided, addressing functional, hardware, and software aspects. Information about the development activities is given, and the results and lessons learned are discussed.