Developing Mars lander software

Xinok xinok at live.com
Wed Feb 19 15:36:15 PST 2014 

On Wednesday, 19 February 2014 at 05:53:55 UTC, Tolga Cakiroglu 
wrote:
> On Wednesday, 19 February 2014 at 01:09:43 UTC, Xinok wrote:
>> On Wednesday, 19 February 2014 at 00:16:03 UTC, Tolga 
>> Cakiroglu wrote:
>>>
>>> TL;DR the link though, how are they detecting that a CPU 
>>> fails? An information must be passes outside of CPU to do 
>>> this. The only solution comes to my mind is that main CPU 
>>> changes a variable on an external memory at every step, and 
>>> back up CPU checks it continuously to catch a failure 
>>> immediately. But this would require about 50% of CPU's power 
>>> already.
>>>
>>> While thinking about this kind of back up systems, knowing 
>>> and reading that some people are really doing is really great.
>>>
>>
>> I'm assuming this has something to do with it:
>> https://en.wikipedia.org/wiki/Heartbeat_%28computing%29
>>
>> In clustered servers, the active node sends a continuous 
>> signal indicating it's still alive. This signal is referred to 
>> as a heartbeat. There's a standby node waiting to take over 
>> should it stop receiving this signal.
>
> I think only knowing that it has failed is not enough. Because 
> the process is landing, and other CPU should know where the 
> process is left. With that heatbeat signal, only option is that 
> all sensor information must be sent both CPUs continuously and 
> sensor values should be enough about what next step to be 
> taken. Then I think it can continue the process flawlessly.

I don't have experience with, or much knowledge of, these kinds 
of systems; I'm merely aware of the concepts. The process of one 
system taking over when another system fails is called failover 
[1]. Depending on the requirements, the system could be designed 
so the standby node continues from the last successful state of 
the failed node [2].

To quote the page on Wikipedia [2], "Most importantly, the 
application must store as much of its state on non-volatile 
shared storage as possible. Equally important is the ability to 
restart on another node at the last state before failure using 
the saved state from the shared storage."

I would consider it likely that both systems run in conjunction, 
but the primary system is in control and the backup system merely 
"observes", ready to take over in an instant as soon as it no 
longer detects a heartbeat.

[1] https://en.wikipedia.org/wiki/Failover
[2] 
https://en.wikipedia.org/wiki/High-availability_cluster#Application_design_requirements

More information about the Digitalmars-d mailing list