multicore processing

Go To Last Post
36 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello Can anybody give me an overview of multi core processing using avr(8 bit).

i belive the
- both the processors should be running on same external clock

- both have same code executing at any given time

but there must be lot of other issues which i cannot think of right now like memory management, switching the control from one micro to another !!!

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

what if i put two processors in parallel

i.e pin 1 of processor A is connected to pin 1 of processor B and so on

load both the processors with same code
what could be the potential issues in this type of an arrangement?

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Smoke :D

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

What would be the BENEFIT of such an arrangement in Harvard architecture processors? You won't get the job done in half the time this way.

Cliff

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

my idea was to have secure applications

i don't want to get the job done in half the time but the job should be done at all the costs

i believe the probability of doing the job goes very high

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Are you talking about an app triggered by realtime events or some theoretical computing job just occupying the AVR core?

It's certainly true that in things like car ABS and aircraft control system there is this kind of multi-way redundancy

Cliff

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Cliff

I am trying to improve the reliability of my application

Do you have any idea how dose such a thing works in principal

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Pray tell, what's your application and how is it not reliable? Does it fail alot?

BTW: Should one processor fail (for insance there's LOG 1 on A and 0 on B) they'd either reset or have an undefined state on the pin.

There are pointy haired bald people.
Time flies when you have a bad prescaler selected.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Just a thought:

Quote:

- both the processors should be running on same external clock
Then if the clock fails, both processors fail.
Quote:

- both have same code executing at any given time
Then if there is a bug in your code, you can be assured it will show up on both processors.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Someguy22 wrote:
Quote:

- both have same code executing at any given time
Then if there is a bug in your code, you can be assured it will show up on both processors.

I think it's in the Airbus where they contract out the design of the critical control systems to three different teams and then the systems work on a majority voting principle - maybe someone here knows more about this?

A google for "airbus safety critical control systems voting" seems to hit lots of interesting sounding things!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Sure, redundant systems are more reliable, but what, if the system fails, that decides, which result/s is/are correct?
Use proper HW and SW design with one single MCU (watchdog-resets, never trigger it inside interrupt-service-routines; use a lot of cap's - search this forum you will find a lot of posts referring how to contact VCC, GND, AVCC,...).
In case of maximum reliability, the redundand units operate with different controllers (because one family might fail under certain circumstances and another not), the software written in different languages and even the use of different algorithms.
If you build something for space: ask the right people, if you bild something else: forget about redundancy.

/Martin.

Last Edited: Wed. Apr 4, 2007 - 01:30 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

systems may fail ones in a while but failure even in that case in not acceptable. try to think of medical equipments or high end systems like airbus or ABS or airbag or engine control

device may fail but the whole system should continue to work in such a case with a warning to the user that reliability of system has gone down

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Airbag control has a mechanical acceleration switch that normaly blocks the voltage to the firing unit. Maybe such a (electro-)mechanical override or warning would be easier and more reliable.

/Martin.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kapilsinghi,

But just a minute - weren't you the person asking in another thread how to do the simplest of button parsing a minute ago and who was using the watchdog to break out of a loop?? Isn't this just another case of using a sledgehammer to crack a nut?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Reliable systems need redundant power supplies and communication busses as well as multiple processors. Good example: shuttle's 3 main general purpose computers all run the same program and vote... there are several 'degraded mode' scenarios where one or two main gpcs can drop off line... at some point a 4th background computer running a separate program written by a different company can take over. Wonder if the 1st company would get any more programming jobs if the thing flew off into the weeds with their program in control?

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

cliff
yes i was asking that question as this simple piece of code can create problems when we do the testing under load conditions and works absolute fine for hours and days without load

so if we change the conditions u don't know what will go wrong

i understand their is a while loop stuck but it is exactly meant for catching such conditions, like false trigging

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AVRs have the watchdog reset.... I guess you keep feeding him sleeping pills every pass of the program to keep him asleep. If you stop, he wakes up and barks and this causes a reset.

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

perfect solution but how reliable is our solution when we stop feeding him the pills and when it is barking (reset)

these solutions are there but they can be problems in certain cases!

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hate to say the obious, but there's no such thing as a 100% secure system.

There are pointy haired bald people.
Time flies when you have a bad prescaler selected.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

daqq wrote:
Hate to say the obious, but there's no such thing as a 100% secure system.

As Airbus Industries found out at the Paris air show !

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:
yes i was asking that question as this simple piece of code can create problems when we do the testing under load conditions and works absolute fine for hours and days without load so if we change the conditions u don't know what will go wrong

But if this is the case, won't the second processor fail at the same time as the first? It sounds to me like the problem is in your circuit or software. Fix that first. Without that, redundancy isn't going to help.

Regards,
Steve A.

The Board helps those that help themselves.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thats why nasa had a different company write their backup program to the same spec.... a fatal bug in the foreground processors would all hit at the same time...

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

bobgardner wrote:
Thats why nasa had a different company write their backup program to the same spec.... a fatal bug in the foreground processors would all hit at the same time...

What if the error was in the spec ? :lol:

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Like the spec said 'with these inputs, compute this result', and both programs did the same wrong thing? Didnt James T Kirk outsmart some uppity android that way by giving him some paradox to chew on and he went into a loop and went apeshit? Like 'Everything I say is a lie' and he started thinking and thinking about it... what could possibly go wrong? go wrong? go wrong? go wrong?

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I once visited a company that designs reliable systems.
(For example door-locks for elevators.)
Its incredible how well they do it. I posed a lot
of questions of the kind "what if...".
They could answer all of them and considered my
"problems" as the simple ones !

I believe a lot of knowledge and experience is
necessary, and the companys having the knowledge
protect it well.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I qoute a wise man's words:

Current programming is a struggle between the programmer, to create better, more idiotproof software and the Universe, trying to create better idiots. So far, the Universe is winning...

There are pointy haired bald people.
Time flies when you have a bad prescaler selected.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The original poster doesnt really say what he is after but there are two distinct areas involved,safety critical systems and multiply redundant systems.They are both typicaly used in systems where if the control system fails then people die and things crash and burn,airbus is a good example and they do indeed use a system of triply redundant control systems and majority voting where the output of the control system is the majority vote of three independant systems which are performing the same tasks but have been designed by three different groups.
safety critical systems are slightly different for example, the controller which controls my gas fired central heating boiler is a single controller but is designed that if it fails then it fails in a known and safe manner, and the firmware is written in such a manner that there is no failure mode which can cause the boiler to fill my house with gas and then fire the ignition circuit.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Unfortunately, in terms of reliablility, programmed systems aren't considered reliable enough. There was a good article written about this in Circuit Cellar many years ago. The basis of reliability is statistics - you want to reduce the possibility of failure to an improbable amount. Where something is inherently unreliable (like a microprocessor) you need redundancy to reduce the likelihood of a critical failure.

As for what is a critical failure - you have to define that yourself. basically you want to detect any possible failure and 'fail safe'. I am doing a design at the moment that could cause injury or death if it fails critically, however I have various forms of redundacy that will detect a failure on the various relays etc. If I detect a failure, I fail safe by reporting and error and doing nothing. My circuit consists of a number of relays that control motors. One main power relay is controlled by the operator and another by my micro. My micro can exercise the other relays and by measuring currents and voltages I can determine if each relay is operational. By doing this I can detect a single failure - it would take a number of concurrent failures to create a dangerous situation. By doing all of this you can statistically demonstrate the likelihood of failure is very small.

Sometimes a failure is just not wanted - in many can injection systems there are 'limp home modes' - the ignition system is usually mechanically set up so the engine will run with say 10degrees of advance - the electronic overide this and provide the advance that is necessary at the time but there is circuitry around the processor that detects the processor failure and defaults to the mechanically set advance. Similarly for the fuel injectors, the old Delco box has an array of resistors that crudely set the amount of fuel based on rpm- again there is dedicated electronics outside of the processor to do this. For the most part the processor works and all is well, but if it does fail,there is a mechanism to take over.

Simply adding two resistors to a switch and some comparator logic you have improved the reliability of detecting a correct switch operation. You can also detect if the wire is open circuit,closed circuit or whether the switch is open or closed.

I would suggest you read the Euro standard on machine saefty - they also cover programmed devices like computers and PLCs. The number escapes me at the monet - a little Googling will yield results.

The term 'multicore' refers to multiple execution units on the one die. What you proposed is multi-processor. Do some Googling to find out the fundamental differences. You can't simply put two cous in parallel - what happens if one cpu wants to output a '1' and the other outputs a '0' on a port pin - the outcome isn't what you want.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Kartman wrote:
Similarly for the fuel injectors, the old Delco box has an array of resistors that crudely set the amount of fuel based on rpm- again there is dedicated electronics outside of the processor to do this. For the most part the processor works and all is well, but if it does fail,there is a mechanism to take over.

It's rare, but sometimes, I can see my Ford Fiesta's control unit reset, or at least I think that's what happens: the LCD turns fully black like when starting the engine, and then recovers the values. This is fast, maybe 1/2s or less.
I don't detect any difference in the driving nor on the engine sound, which has made me think why. I guess you've just answer why :)

Embedded Dreams
One day, knowledge will replace money.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

A good part of the question, here, is whether the OP has an actual application that requires very high reliability or the OP is just unhappy about the way code responds to a bouncing switch and wants something "more reliable.

In the first case, as pointed out by Kartman and others, high reliability design is a craft, all of its own. Few of us on this list, if any, have any experience in this area and if anybody did, I'd bet that they would be very quiet right now.

If it is the second case, then the OP has to understand that there are software processes that are less reliable for dealing with mechanical peripherals and better ones need to be selected and used. "High reliability" design is not a substitute for careful or skillful programming!

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:
A good part of the question, here, is whether the OP has an actual application that requires very high reliability or the OP is just unhappy about the way code responds to a bouncing switch and wants something "more reliable.

I have a scary feeling it's a combination of those...

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kapilsinghi wrote:
my idea was to have secure applications

i don't want to get the job done in half the time but the job should be done at all the costs

i believe the probability of doing the job goes very high

Be careful, you should not use this kind of designs for "life supporting" or "critical for life" applications.

kapilsinghi wrote:
systems may fail ones in a while but failure even in that case in not acceptable. try to think of medical equipments or high end systems like airbus or ABS or airbag or engine control

device may fail but the whole system should continue to work in such a case with a warning to the user that reliability of system has gone down

Parallelism is not the answer in these situations. Backup support is. And there is a great difference between them.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

the proble is not of debouncing of switches but of unreliable system

Regards, Kapil +) ISP lines on MEGA128 NOT mapped on SPI +) Tiny4/5/9/10, Isolate Reset line from ISP before connecting it to +12V

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Define "unreliable"

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

And Audi, for the engine throttle.

Amusing, these automobile advertisements "bragging" that their new car is drive-by-wire.

"A software program is fully debugged only when it is no longer useful"

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Now Steve... mechanical throttles had failure mechanisms and mean time to failure... throttle sticking usually has dramatic results if the driver freaks out and doesnt shut it off or stand on the brakes. How many operations on a throttle cable? 1 million? Ought to be able to design an electronic system to any specified MTBF if you believe in that sort of stuff....

Imagecraft compiler user