Content deleted Content added
Citation bot (talk | contribs) Alter: url, template type, title. URLs might have been internationalized/anonymized. Add: isbn. Correct ISBN10 to ISBN13. | You can use this bot yourself. Report bugs here. | Suggested by AManWithNoPlan | All pages linked from cached copy of User:AManWithNoPlan/sandbox2 | via #UCB_webform_linked 349/6325 |
Citation bot (talk | contribs) Added publisher. | Use this bot. Report bugs. | Suggested by Spinixster | Category:Classes of computers | #UCB_Category 9/91 |
||
| (6 intermediate revisions by 6 users not shown) | |||
Line 1:
{{Short description|Fault-tolerant computer system}}
{{otheruses|Lockstep (disambiguation)}}
{{More references|date=September 2014}}
Line 6 ⟶ 7:
| title = Fault-Tolerant Real-Time Systems: The Problem of Replica Determinism
| year = 1996 | accessdate = 2014-09-08
| author = Stefan Poledna |
| isbn = 9780585295800
}}</ref> The [[Redundancy (engineering)|redundancy]] (duplication) allows error detection and error correction: the output from lockstep operations can be compared to determine if there has been a fault if there are at least two systems ([[dual modular redundancy]] DMR), and the error can be automatically corrected if there are at least three systems ([[triple modular redundancy]] TMR), via majority vote. The term "[[lockstep]]" originates from army usage, where it refers to synchronized walking, in which marchers walk as closely together as physically practical.
To run in lockstep, each system is set up to progress from one well-defined state to the next well-defined state. When a new set of inputs reaches the system, it processes them, generates new outputs and updates its state. This set of changes (new inputs, new outputs, new state) is considered to define that step, and must be treated as an atomic transaction; in other words, either all of it happens, or none of it happens, but not something in between. Sometimes a timeshift (delay) is set between systems, which increases the detection probability of errors induced by external influences (e.g. [[voltage spike]]s, [[ionizing radiation]], or [[in situ]] [[reverse engineering]]).
Line 27 ⟶ 28:
| author = Thomas Willhalm | publisher = [[Intel]]
}}</ref><ref name="hp-proliant-guidelines">{{cite web
| url =
| title = Best Practice Guidelines for ProLiant Servers with the Intel Xeon 5500 processor series Engineering Whitepaper, 1st Edition
| date = May 2009 | accessdate = 2014-09-09
Line 47 ⟶ 48:
Where the computing systems are duplicated, but both actively process each step, it is difficult to arbitrate between them if their outputs differ at the end of a step. For this reason, it is common practice to run DMR systems as "master/slave" configurations with the slave as a "hot-standby" to the master, rather than in lockstep. Since there is no advantage in having the slave unit actively process each step, a common method of working is for the master to copy its state at the end of each step's processing to the slave. Should the master fail at some point, the slave is ready to continue from the previous known good step.
While either the lockstep or the DMR approach (when combined with some means of detecting errors in the master) can provide redundancy against hardware failure in the master, they do not protect against software
== Triple modular redundancy ==
Line 56 ⟶ 57:
== See also ==
* [[Master-checker]]
* [[NonStop (server computers)]]
* [[Stratus VOS]]
| |||