Wenping Zhang,Dehong Xu,Hao Wang

DOI: https://doi.org/10.1109/jestpe.2018.2844092

IF: 5.462

2018-01-01

IEEE Journal of Emerging and Selected Topics in Power Electronics

Abstract:Field experiences have demonstrated that semiconductor devices are vulnerable to failures, which challenges the reliability of power conversion systems. One of the most effective methods to enhance system reliability is fault-tolerant techniques. Presently, the parallel redundant converter approach is considered as one of the most effective fault-tolerant methods. However, there are some issues regarding parallel converter systems, such as surge currents that nonfaulty converters experience after faults, fault-isolation time, and load voltage distortion. To address these issues, this paper investigates the fault analysis and fault-tolerant design regarding parallel inverter systems. The stage analysis for the parallel inverter systems in the case of insulated-gate bipolar transistor short-circuit failures is performed first. Then, the surge current and the corresponding fault-isolation duration are explored. Furthermore, a mathematical model is built to address these two issues, and a fault-tolerant design to suppress surge current is presented. Finally, the experimental results are provided.

PANG Mao,ZHOU Xiao-jun,HU Hong-wei,MENG Qing-hua

DOI: https://doi.org/10.3969/j.issn.1004-1699.2006.02.066

2006-01-01

Abstract:Software development based on modular method can improve the reuse rate of the code, but the possibility increases that the same faults occur in each system. In order to improve the reliability of software, Fault-tolerant is applied to the development of test and control system software based on modular method. According to the characteristic of these systems, the method of fault-avoiding and fault-tolerant is discussed from four aspects: data, operation, hardware and software. The application in the software of the driving-axle synthesis performance test bed that we developed indicates that it can raise the reuse rate of the code, reduce the development period, and also improve the reliability of the software obviously.

JianHui Jiang,YingHua Min,ChengLian Peng

DOI: https://doi.org/10.1007/bf02948884

2003-01-01

Abstract:Fault-tolerant systems have found wide applications in military, industrial and commercial areas. Most of these systems are constructed by multiple-modular redundancy or error control coding techniques. They need some fault-tolerant specific components (such as voter, switcher, encoder, or decoder) to implement error-detecting or error-correcting functions. However, the problem of error detection, location or correction for fault-tolerance specific components themselves has not been solved properly so far. Thus, the dependability of a whole fault-tolerant system will be greatly affected. This paper presents a theory of robust fault-masking digital circuits for characterizing fault-tolerant systems with the ability of concurrent error location and a new scheme of dual-modular redundant systems with partially robust fault-masking property. A basic robust fault-masking circuit is composed of a basic functional circuit and an error-locating corrector. Such a circuit not only has the ability of concurrent error correction, but also has the ability of concurrent error location. According to this circuit model, for a partially robust fault-masking dual-modular redundant system, two redundant modules based on alternating-complementary logic consist of the basic functional circuit. An error-correction specific circuit named as alternating-complementary corrector is used as the error-locating corrector. The performance (such as hardware complexity, time delay) of the scheme is analyzed.

HU Pengfei,JIANG Daozhuo,ZHOU Yuebin,LIN Zhiyong,LIANG Yiqiao,GUO Jie

DOI: https://doi.org/10.7500/aeps201301158

2013-01-01

Abstract:Sub-module fault types of modular multilevel converters(MMCs) are explained,including insulated gate bipolar translator(IGBT) module fault,fault of capacitor in DC link and control signal.Advantages and disadvantages of three redundancy fault-tolerated schemes of sub-module are analyzed.One scheme with sub-modules in hot standby is adopted,which has small impact on MMC.The drawback of this scheme is DC currents fluctuation presenting when MMC operates under unsymmetrical condition.Thus,based on derived basic math model of MMC under redundancy operation condition and yielded arm-energy math expressions,a redundancy fault-tolerated control strategy based on energy balance of arms is proposed to suppress the fluctuation of DC currents.A 61 voltage-level MMC simulation model is set up in PSCAD/EMTDC.Simulation results verify the validation of the proposed redundancy fault-tolerated control strategy.

JH Jiang,YH Min,CL Peng

DOI: https://doi.org/10.1109/icasic.2001.982627

2001-01-01

Abstract:Multiple-modular redundancy has found many applications in fault-tolerant systems with high reliability and safety requirements. Concurrent error detection or correction circuits and fail-safe I/O circuits (such as decoders, comparators, and voters) named as error-control specific circuits (ECSCs) play very important roles in these fault-tolerant systems and other highly available commercial systems. Recently, they are used in some ASICs design. In high level synthesis and ASIC design, these ECSCs can be provided in the types of standard or semi-custom cells. This paper presents several new VHDL models of ECSCs for hardware redundant systems with the capability of concurrent error location. All models proposed are verified by simulation using Active-VHDL. The hardware complexity and propagation delays of these models are given

Tao HUANG,Xiang-xian CHEN,Hai HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.18.085

2011-01-01

Abstract:This paper designs a safety computer system based on 2 out of 3 redundant structure.The system consists of CPU modules,communi-cation modules and I/O modules.For the data communications between modules the triple modular CPU bus with synchronizing and voting functions,redundant Controller Area Network(CAN) bus and redundant Ethernet are applied.The 2 out of 3 hardware voter by using dynamic plus is implemented in the system outputs.Test result shows that the implemented prototype of 2 out of 3 safety computer system meet the expected goal design.

Sufyan Samara,Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1007/978-3-642-15234-4_11

2010-01-01

Abstract:This paper presents a novel flexible, dependable, and reliable operating system design for distributed reconfigurable system on chip. The dependability and reliability are achieved by integrating online model checking technique. Each OS service has different implementations which are further partitioned into small blocks. This operating system design allows the OS service to be adapted at runtime according to the given resource requirements and response time. Such adaptable services may be required by real time safety-critical applications. The flexibility introduced in executing adaptable OS services also gives rise to a potential safety problem. Thus, online model checking is integrated to the operating system so as to improve the dependability, reliability, and fault tolerance of these adaptable OS services.

Pengfei Hu,Daozhuo Jiang,Yuebin Zhou,Yiqiao Liang,Jie Guo,Zhiyong Lin

DOI: https://doi.org/10.1109/tpel.2013.2284919

IF: 5.967

2013-01-01

IEEE Transactions on Power Electronics

Abstract:The modular multilevel converter (MMC) is a newly introduced switch-mode converter topology with the potential for high-voltage and high-power applications. This paper focuses on the design and control methods for fault-tolerant operation using redundant submodules (SMs), which is one of the most important features in the MMC topology. By comparing three design schemes of redundant SMs, the most economic and reliable scheme is identified. In addition, a mathematical model of the MMC with arms containing different numbers of SMs is developed. Based on the identified scheme and mathematical model, an energy-balancing control strategy is proposed to keep the MMC operating normally under SM fault conditions. Finally, time-domain simulations of a 61-level MMC system are performed, using the PSCAD/EMTDC software, while experiments are carried out on a 41-level MMC prototype. The simulation and experimental results validate the design scheme, mathematical model, and proposed energy-balancing control strategy.

Wang Shuai,Ji Yindong,Dong Wei,Yang Shiyuan

DOI: https://doi.org/10.1016/s1007-0214(07)70095-0

2007-01-01

Tsinghua Science & Technology

Abstract:This paper presents a fault-tolerant computer system. It is designed as a double 2-out-of-2 architecture based on component redundant technique. Also, a quantitative probabilistic model is presented for evaluating the reliability, availability, maintainability and safety （RAMS） of this architecture. Hierarchical modeling method and Markov modeling method are used in RAMS analysis to evaluate the system characteristics. The double 2-out-of-2 system is compared with the other two systems, all voting triple modular redundancy （AVTMR） system and dual-duplex system. According to the result, the double 2-out-of-2 system has the highest dependability. Especially, the system can satisfy the safety integrity level （SIL） 4, which means the system’s probability of catastrophic failure less than or equal to 10-8 per hour, therefore, it can be applied to life critical systems such as high-speed railway systems.

CHEN Xiang-xian,GUO Qing,HUANG Hai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.15.073

2012-01-01

Abstract:This paper designs a new dual-duplex safety-critical computer system used in the rail transport system including I/O module,CPU module and switch module.In the I/O module,the dynamic circuit design can make it achieve safe input and output data.In the CPU module,this paper presents a synchronization vote program based on Ethernet communication.In the switch module,it implements seamless switch by loop control.It is shown through functional and safety test that the dual-duplex safety-critical computer system can meet the needs of computer platform with high reliability and security.

Hanfei Chen,Jingxiang Dong,Youxian Sun

DOI: https://doi.org/10.1109/wcica.2004.1342251

2004-01-01

Abstract:Design of ultra-reliable real-time fault-tolerant multiprocessor systems is complexity and time-consumed. Previous systems mainly rely on special hardware and special operating systems. Current commercial real time operating systems can't satisfy the requirement of ultra-reliable systems, we present the approach to the design of fault-tolerant operating system, which based on COTS software and hardware. By introducing the redundant mechanism on multiprocessor systems into the COTS operating system's kernel, our fault-tolerant operating system completely supports the ultra-reliable real time application.

Zhiyong Zeng,Chong Zhu,Stefan M. Goetz

DOI: https://doi.org/10.1109/tpel.2024.3350186

IF: 5.967

2024-02-20

IEEE Transactions on Power Electronics

Abstract:This letter proposes a fault-tolerant multiparallel converter with adaptive hardware reconfiguration. The proposed topology maximizes open-switches' fault tolerance with minimal hardware redundancy, efficiently covering a broad spectrum of potential fault scenarios. Another pivotal feature of the proposed topology is its adaptive hardware reconfiguration capability in the event of an insulated gate bipolar transistor failure. Significantly, this adaptability is achieved without additional control circuits, simplifying the overall control complexity. The proposed topology achieves a more harmonic balance with minimal hardware redundancy, maximal fault coverage, and minimum control complexities. Finally, the prototype of the proposed fault-tolerant topology has been constructed. This prototype and the proposed postfault control strategies have been thoroughly validated through experimental investigations, demonstrating their effectiveness and resilience.

engineering, electrical & electronic

Xiao-rang LIAN,Dao-zhuo JIANG

DOI: https://doi.org/10.3969/j.issn.1674-3415.2012.16.014

2012-01-01

Abstract:This paper presents a novel static synchronous compensator (STATCOM) topology based on modular multilevel converter (MMC). The model has a high degree of modularity and good reliability, and is convenient for maintenance and capacity extension, which is a typological structure with high development potential. Considering quite large amount of sub-modules (SMs) used in MMC topology, attention is drawn on the reliability of operation. Based on the analysis of existed fault-tolerant design for H-bridge converters, a novel fault-tolerant control strategy suitable for MMC-based STATCOM is proposed. According to the proposed strategy, all redundant SMs are set in hot stand-by state, once fault occurs, redundant SMs will rapidly take place of the faulted SMs, thus ensures the STATCOM under normal condition. Furthermore, according to the number of faulted SMs, multi-objective control strategy is adopted, which greatly expends the operating range of STATCOM. At the end of this paper, the validation of proposed strategy is evaluated in Matlab/Simulink environment. The reported results confirm the feasibility of the proposed fault-tolerant design. This work is supported by National High Technology Research and Development Program of China (No. 2008AA05Z213).

Yuebin Zhou,Daozhuo Jiang,Pengfei Hu,Jie Guo,Yiqiao Liang,Zhiyong Lin

DOI: https://doi.org/10.1109/tpel.2013.2278338

IF: 5.967

2014-01-01

IEEE Transactions on Power Electronics

Abstract:This paper introduces a modular multilevel converter (MMC) based prototype for investigating the control of large-scale MMCs. The prototype contains 264 submodules (SMs) totally, which are designed in such a way that they can be rearranged between the half-bridge model and full-bridge model conveniently. Therefore, the characteristics of various typologies based on voltage-sourced converters can be studied. Meanwhile, a novel control system for large-scale MMCs is proposed, which is characterized for modular design and excellent expansibility. The designed control system is composed of one central control unit and several arm control units, while each arm control unit is composed of several valve-group control units. Besides, a new voltage-balancing method composed of internal voltage balance and external voltage balance is proposed to balance the SM voltages. Finally, experiments on a three-phase dc/ac MMC are carried out to verify the prototype and the control system, as well as the new voltage-balancing method. The results show that the proposed control system is feasible and the new voltage-balancing method is valid.

Rui Gong,Wei Chen,Fang Liu,Kui Dai,Zhiying Wang

DOI: https://doi.org/10.1109/DFT.2006.44

2006-01-01

Abstract:Two modified Triple Modular Redundancy (TMR) structures based on asynchronous circuit technique are proposed in this paper. Double Modular Redundancy (DMR) structure uses asynchronous C element to output and keep the correct value of two redundant storage cells. Temporal Spatial Triple Modular Redundancy structure with DCTREG (TSTMR-D) uses explicit separated master and slave latch structure of de-synchronous pipeline. Three soft error tolerant 8051 cores with DMR, TMR and TSTMR-D respectively are implemented in SMIC 0.35ìm process. Fault injection experiments are also included. The experiment results indicate that DMR structure has a relatively low overhead on both area and latency than TMR, while tolerances SEUs in sequential logic. TSTMR-D structure can tolerance soft errors in both sequential logic and combinational logic with reasonable area and latency overhead.

ZHANG Yang,WANG You-ren,ZHANG Zhai

DOI: https://doi.org/10.3969/j.issn.1008-1402.2010.01.002

2010-01-01

Abstract:A new method for designing fault-tolerant digital circuits to reduce the failure rate of nanoscale circuits based on interwoven redundancy and the asymmetric of two kinds of binary errors,using a modular approach to design circuits.With multiplier as an example,this paper conducted a simulation experiment using the new method.The results show that it is better than the traditional fault-tolerant design methods.The new method is especially suitable for nano-circuits because it won't increase the system delay without detection module and voter,and its resource consumption is far less than that of traditional methods.

AN Peng,SHAO Beibei,ZHANG Jian

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.11.001

2009-01-01

Abstract:The standby-state switching time impacts system performance of quadruple modular redundancy structures. The paper describes a parallel structure for a quadruple modular redundancy system, and analyzes the reliability and security. The high-reliability computing platform design uses PowerPC serial processors, two sets of state evaluations based on field programmable gate array (FPGA) in a dual-core system and embedded software-core Nios Ⅱ. The use of competitive output at the output module gives seamless switching. Tests show that the entire system provides excellent real-time reliability for use in all kinds of systems demanding reliability and safety.

Yan Li,Yufeng Li,Han Jie,Jianhao Hu,Fan Yang,Xuan Zeng,Bruce Cockburn,Jie Chen

DOI: https://doi.org/10.1109/tvlsi.2018.2819896

2018-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Triple-modular redundancy (TMR), which consists of three identical modules and a voting circuit, is a common architecture for soft-error tolerance. However, the original TMR suffers from two major drawbacks: the large area overhead and the vulnerability of the voter. In order to overcome these drawbacks, we propose a new complementary dual-modular redundancy (CDMR) scheme for mitigating the effect of soft errors. Inspired by the Markov random field (MRF) theory, a two-stage voting system is implemented in CDMR, including a first-stage optimal MRF structure and a second-stage high-performance merging unit. The CDMR scheme can reduce the voting circuit area by 20% while saving the area of one redundant module, achieving at least 26% error-rate reduction at an ultralow supply voltage of 0.25 V with 8.33% faster timing compared to previous voter designs.

Zhi Geng,Yong Yang,Yang Xiao,Wenqiang Xie

DOI: https://doi.org/10.1109/tpwrd.2024.3414301

IF: 4.825

2024-07-26

IEEE Transactions on Power Delivery

Abstract:The fault-tolerant operation for the submodule (SM) faults is an important issue in the reliability and sustainability of modular multilevel converters (MMCs). Aiming to overcome the defects of heavy losses, complex algorithms and initiation interferences in the existing methods, a fault-tolerant scheme based on the novel SM is proposed in this paper. The proposed cold and hot mixed SM (CHSM) contains two ordinary SMs, one of which operates and the other is reserved. In normal operation, the capacitor of the reserved SM can be charged by the operating SM. Based on that, there will be no extra operating loss in the normal mode of the CHSM and no charging interference when the CHSM initiates the fault-tolerant mode. In the postfault case, only the switching signals for the CHSM are adjusted to realize the fault tolerance. No complex algorithm is needed, which simplifies the fault-tolerant scheme. Moreover, with CHSMs, the fault-tolerant capability of MMC can further be improved. The performance analysis presents the superiorities of the MMC with the CHSMs in detail. Then, the operation of the CHSM and the effectiveness of the fault-tolerant scheme for MMC are verified by the hardware- in-loop experimental results.

engineering, electrical & electronic

Wenbin Yao,Dongsheng Wang,Weimin Zheng

DOI: https://doi.org/10.1007/978-3-540-30102-8_12

2004-01-01

Abstract:The microprocessor is a crucial component of a reliable system. With improvement in semiconductor manufacturing, more and more transistors may be integrated into a single chip with increased potential detriment to dependability. Fault-tolerant single-chip multiprocessors offer an ideal architecture for achieving high availability while maintaining high performance. The design of a fault-tolerant single-chip multiprocessor is described - from hardware redundancy to software support and firmware information strategies. The design aims at masking the influences of errors and automatically correcting system states, which differs from traditional approaches which mainly target errors in the memory and I/O subsystems. Dynamic recovery and reconfiguration are also described to provide adequate protection from catastrophic failure of the system.