A fail-silent node is a self-checking node composed of a number of conventional fail-uncontrolled processors that work together to provide the following fail-controlled behavior: the node either functions correctly or stops functioning after an internal failure is detected. In a software implemented fail-silent node, the non-faulty processors of the node need to execute message order and comparison protocols to keep in step and check each other respectively. In this paper we present a Petri net model for a software implemented fail-silent node specification. Formal analysis by means of occurrence graph is also shown.
展开▼