On the Design of Robust Integrators for Fail-Bounded Control System
Paper i proceeding, 2003

This paper describes the design and evaluation of a robust integrator for software-implemented control systems. The integrator is constructed as a generic component in the Simulink design tool, and can thus be used for robust implementation of a wide range of control algorithms. The integrator is designed to support the fail-bounded failure model for transient bit-flips that may occur in the CPU, main memory and I/O circuits of a control system. In particular, it allows the control system to detect and recover from bit-flips that cause data errors. Robustness is achieved by sequentially executing duplicated integrator code on the same processor to support error detection, and through the use of a recovery buffer that allows a roll-back to the previous integrator state when an error is detected. The effectiveness of the robust integrator was evaluated through fault injection experiments with a PI controller, where single bit flips were injected inside the CPU of the control system. No violations of the fail-bounded model were observed in the experiments.

Fault tolerant computer systems

Codes (symbols)

Data storage equipment

Error detection

Software engineering

Program processors

Transfer functions

Systems analysis


Jonny Vinter

Chalmers, Institutionen för datorteknik

A. Johansson

Lulea tekniska Universitet

Peter Folkesson

Chalmers, Institutionen för datorteknik

Johan Karlsson

Chalmers, Institutionen för datorteknik

Proceedings of the International Conference on Dependable Systems and Networks, San Francisco, CA; United States; 22 June 2003 through 25 June 2003; Code 62415



Data- och informationsvetenskap