FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the thought of putting two processors in parallel sharing all but one pin. And only one is active at a time depending on the state of the one pin at reset?

KiptonM
Lead

‎2022-10-19 06:31 PM

I have a system that needs to run for years. But is in a place where it cannot be maintained.

The desire is to have two processors, one running, and one in backup. The second can be powered down, or powered up, but in lowest power sleep mode. If a processor failure is detected, the processors are reset, and based on the state of one pin (or some NV Memory) the other processor starts running, and the one that failed is in the power down state or low power state.

I am searching for ideas. It has to be very low power and the simpler the better.

How would you do this?

The one that is active runs normally. The one that is sleeping has all pins in an input state. I do not know if that works with power off, so we could go with power on, set the pins to inputs, then go to lowest power state.

Labels:
0 Kudos
5 REPLIES 5
JPeac.1
Senior

‎2022-10-19 11:11 PM

The initial problem will be that the standby IC does not tri-state its pins, so there's the problem of parasitic currents at multiple points. This can be a serious problem for oscillator pins with high-gain amplifiers, like the STM32 XTAL connections for HSE and LSE. If the second IC is powered up the problem is compounded by pins driving the same signals high and low.

Now you can isolate the two processors with tri-state buffers, but then you run into the classic race problem: what happens if both CPUs decide the other has failed? This is an old problem, dating back to the 1970s when clustering and non-stop/lock step systems became popular. You will need a 2 of 3 type voting system to decide which processor takes over.

An "input state" is not the same as high impedance tri-stating on a common bus. And not all pins can be configured for input only.

You might want to look at "R" series ARM controllers, which are targeted for the type of high-reliability application you describe. For some ideas look at how critical systems (braking, steering) are implemented in automotive systems.

Jack Peacock

0 Kudos
itsrabbit
Associate II

‎2022-10-19 11:35 PM

After first processor's failure, if the second one fails too, will the system try to get back using first processor or will it be shutting down at all?

0 Kudos
waclawek.jan
Guru

‎2022-10-20 02:42 AM

As with any unusual idea, the first question to answer is, why?

Once a processor fails, it means it may do anyting, Including throwing some random states to pins, doesn't it?

JW

0 Kudos
KiptonM
Lead

‎2022-11-15 07:45 AM

Yes it can. This is for a cube satellite. So once it is launched we cannot physically touch it.

The idea is to recognize the error quickly and reset. The error can occur from a radiation event.

If the event is transitory then I hope a reset or power cycle can clear it, If not and the processor is damaged, then the other processor takes over.

I do not know if a watchdog timer is good enough to detect the processor is not acting right.

Thanks for the questions.

Kip

0 Kudos
KiptonM
Lead

‎2022-11-15 07:51 AM

It looks like TI has a radiation resistant processor for this application the TMS370LS0914. It has two processors at right angles to each other (in the same package) running the same code, one a couple of clocks behind the other.

TMS570LS0914 data sheet, product information and support | TI.com

This may be the way to go.

0 Kudos
Top