JPRS ID: 8720 USSR REPORT CYBERNETICS, COMPUTERS AND AUTOMATION TECHNOLOGY

APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 18 OCTOKR 1979 AUTt1MRt I CN TECHM)LOG1 (FdUQ 3/"),- iOF i APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/48: CIA-RDP82-00850R000100144429-8 F()K ()FFI('IA1, t1SF: ()NI.Y JPRS L/8720 18 October 1979 - USSR Report _ CYBERNETICS, COMPUTERS AND AUTOMATION TECHNOLOGY (FOUO 3/79) - F~IS FOREIGN BROADCAST INFORMATlON SERVICE " FOR OFFICIAL USE ONLY IL r- APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 NOTE JPRS publications contain information primarily from foreign newspapers, periodi_cals and baoks, but also from news agency _ transmissions and broadcasts. Materials from foreign-language r sources are translated; those from English-language sources are transcribed or reprinted, with rhe original phrasing and other characreristics retained. _ Headlines, editorial reports, and material enclosed in brackets r are supplied by JPRS. Processing indicators such as [Text] _ or [ExcerptJ in the first line of each item, or following the - last line of a brief, indicate how the original informa.tion was L processed. Where no processing indicator is given, the infor- - _ mation was summarized or extracted. - Unfamiliar names rendered phonetically or transliterated are enclosed in parentheses. Words or names preceded by a ques- - tion mark and enclosed in parentheses were tiot clear in the - original but have been supplied as appropriate in context. Other unattributed parenthetical notes within the body of an item originate with the source. Times within items are as _ given by source. The contents of this publication in no way represent the poli- cies, views or attitudes of the U.S. Government. _ For further information on report content call (703) 351-2938 (economic); 3468 (political, sociological, military); 2726 (life sciences); 2725 (physical sciences). COPYRIGHT LAWS AND REGULATIONS GOVERNING OWNERSHIP OF MATERIALS REPRODUCED HEREIN REQUIRE THt?T DISSEMINATION OF THIS PUBLICATION BE RESTRICTED FOR OFFICIAL USE OiNLY. - APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 _ r'ux ur�r'iL;lA, u5t UNLY , JPR5 _/8720 18 October 1979 - USSR REPORT CYBERNETICS, COMPUTERS AND - . AUTOMATION TECHNOLOGY (FCUO 3/79) This serial publication contains articles, abstracts of articles and news - iCems from USSR scientific and technical journals on the specific subjects reflected in the table of contents. Photoduplications of for2ign-language sources may be obtained from the - Photoduplication Service, Library of :.ongress, k-_-:shington, D. C. 20540. Requests should provide adequate identificatior:both as to the source and - the individual article(s) desired. CONTENTS PAGE Control Machines and Their Utili:;ation (R.P. Stroganov; UPRAVLYAYUSHCHIYE MASHINY I IKH FRIMENENIYE, 1978) 1 - a- [TII - USSR - 21C S&T FOUOJ - a- FOR OFFICIAL USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 FOR OFFICIAL USE ONLY ~ unc 681.32 (0.75) CONTROL MACHINES AND THEIR UTILIZATION Moscow UPRAVLYAYIISHCHIYE MASIiINY I IKH PRIMENENIYE in Russian 1978 PP 179-231 [Table of Contents and Chapters 5 and 6 from the book by R.P. Stroganov, Tzdatel'stvo Vysshaya Shkola] _ [Text] TABLE OF CONTENTS ~ Page - Foreword 3 Chapter 1. Contsol Computers (IIVM) in Autc.matic and Auto- mated Control 3ystems 5 1.1, Purpose and Area of IItilizatiora of UVM's 5 1.2. Classification of WM's 7 ]..3. Strncture and Special Features of UVM Design 10 1.~~. Uaki Operating Modes 18 1.5. Pu'rpose and Structure of UVM Softvara 24 Chapter 2. Fundamentals of the Algorithmization of Control Processes in systems With WM's 29 2.1. Algorithms: Basic Concepta and Definitions 29 : 2.2. Ways oP Writing Algorithms 31 _ 2.3. Algorithms for Dats Collection and Direct Digital = Control 35 - 2,4. Algorithms for Processing Information and Determin- b~ectthe ) PgPameters of a Process or Plant (Controlled 44 2.5. Bases for Constructing Optimal Control Algorithms 61 Chqnter 3. Programming/Algorithms for Control and Monitor- ing 84 3.1. Programming: Basic Concapts and DePinitions; Auto- mation of Programming 84 ' 3.2. Special Features of Programming Problems for WM's 90 1 FOR OFFICIAL USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02108: CIA-RDP82-00850R000100100029-8 FOR OFFICIAL USE ONLY Page 3.4. Programming Languages for Control Problems 97 3,. . Problem-Oriented Programming Languages for Problems in Controlling Production Processes 102 3.5. Special Features of the Debugging of Algorithms and Programs for UVM's 113 Chapter 4. Selecting a UVM for the Implementation oP Given Algorithms 123 = 4.1. Formulating the Problem of Selecting a IIYM; Evalua- - tion Criteria 123 4.2. Technical Characteristics of [1VM's 129 _ 4.3. Determiniag the Volume of the Computational Work 133 - 4.4. Estimating the Size oP the Memory Needed ta Imple- ment a Given Set of Algorithms 145 4.,5, Determining the Word Length for Information Repre- sentation in the UVM 152 , 4.6. Effect of Instruction Format on the Technical Char- acteristics of UVM's 162 4.7. Determining the Solution Time of Problems 166 4.8. Procedures for 3electing a UVM 171 Chapter 5. Ways of Increasing the Reliability oY WM's 179 5.1. Reliability: Basic Concepts and Definitions; Ways of Guaranteeing Reliability 179 5.2. Determining the Required Degree of Tteliabilitq of a WM 181 5�3� Procedures for Redundancy in WM's and Operating =Modes of Redundant Systems 184 _ 5.4. Use of Automatic Monitoring Methods to Increase the � Operational Reliability oP WM's 193 5�5. Effect of Reliability Indices on the Structure of an Automatic Control System With a UVM 203 Chapter 6. Modern UVM's and Trends in Their Development 209 6.1. Principles of the Construction of Modern WM's and _ - a Brief Description of Them 209 6.2. Soviet Modular Hardware Systems 212 6.3. Mini-WM's - 218 6.4. Basic Trends in the DevelQpment of WM's 226 Appendices 1-8. 232 - Bibliographq 260 2 FOR OFFICIr~:. USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02108: CIA-RDP82-00850R000100100029-8 FCiR OFrICIAL USE ONLY " CHAPTER 5. WAYS OF INCREASING THF RELIABILITY OF UVM'S - 5.1. Reliability: Basic Concepts and Definitions; Ways of - ~ Guaranteeing Reliability Reliability is the capability of a system (element) of carrying out its assigned functions under certain operating conditions. - - No technical device possesses absolute reliability, so failures - and malfunctions are possible when it is in operation. A fail- - ure is a disruption of normal operation during which the system - (element) completely or partially loses its ability to perform - its assigned functions. A malfunction is a self-eliminating ' failure caused by the effect of different types of interference and internal noise on the system. - - ?'ae different types of reliability are: equipment functional and operational. The equipment reliability of a iJ3M character- izes its ability to carry out its assigned functions and takes _ equipment failures into consideration. The ttiuictional relia- bility of a WM is determined by the probability of the WM's correct performance of its funetions under conditions of fail- ures and malfunctions. This reliability is determined not only by tho degree of perfection of the tNM's equipment realization, - but also hy the characteristics of the monitoring systems thet - are used. The operational reliability of a WM is determined both by the degree of perfection of the equipment and the moni- = toring system and the suitability for repair of trne deQice in . question. It is possible to distinguish the followiag Mays of increasing the reliability of WM's (or aay techn3cal device): 1) improve the quality of the mannfacturing process and the principles of the construction oP the system's elements; 2) improve the structure and introduce redundancy; 3) improve reliability dur- iag the operating process. = The first two ffiethods of improving reliability are used during the process of planning and manufacturing both the elements and 3 FOR OFFICIEu. USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 FGR OFrICIAL USE ONLY the system as a whole. As a result, the system achieves a cer- tain ievel of reliability. The third method basically coasists of insuring the level of reliability achieved as the result of the development and production of the technical system. - The basis for insuring the reliability of any complex systen is the use of reliable elements to manufacture the systea. The elements' reliability is arbitrarily evaluated by the intensity of failures ~el� Let us discuss the requirements for the intensfty of element failure that are made on modern, complicated information pro- - cessing systems, in Mhich category IIVM's are included. If we take the total number of elements in such systems to be = 1�106 and require that the av rage tiffie of failureless - operation To be at least 1�104-1�10~ hours (1-10 years), an ap- proximate estimate of the intensity of element failure caa be obtained in the follcwing manner. _ The average time of failureless operation is CO h 00 T-- t d'` clt = t d(I _~'(r)) ~lt tdP t ~ -.1 ~tr ~tt - V ( 0 0 0 where q(t) = probability of failure. - Integrating (5-1) by parts, we obtain N = 7'O = --tP (t) JIi -f- I P (t) rlt. (5-2) Let us assume that over the course of time T0, Ae1 = constant. In this case, the probability of failureless operation is gov- erned by an eaponential lav; that is, - P (t) For such a law, lim e"elt =0s since the rate of decrease of . Pit) is greater than the rate of increase of t. Considering what has been said, (5-2) can be rritten in the fors ' w To = P (t) df. _0 . Systems xith Te1 = constant, for which the operation.al failure of one element Ieads to the operational failure of the enti*e - system, are characterized by W - 70 = ~ e-"eiaee'ctt. . 0 4 FOR OFFICIr,L USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 - FO1: OFrICiAi. USE ONLY For nel = 1�106 and TO sup >,,1�104-1�105 hours~ ~,f 1� 10-10 - 1� 10-" failures/hr. The technology and principles of element construction, existing at the present time make it possible to obtain indices of reli- ability with respect ta Pailure intensity that are one or two orders less than this value. In some cases, therefore, it is impossible to satisfy the requirements for operatio:ial relia- bility of a system without using structural methods to increase it. The structura.l methods provide for: 1) the use of ogtimally reliable structures (those that insure performance of the given functions With minimal system compleaity); 2) the introduction of redundancy into the system's structure in cases where the optimum structure does not guarantee the required reliability index value. In control systems that contain UVM's and are used for general industrial purposes, it is possible to raise = the reliability level basically because of the introduction of redundancy into the system's structnre through redundancy of _ individual units or the rnachine as a whole. - Along with the structural methods, it is possible to increase reliability by improving the reliability characteristics of a - UVM through the use of improved monitoring methods, improved maintenance, and the use of automatic methQds for searching for ~ malfunctions. The developers of control systems based on eaisting WM's have at their disposal only structural and operational methods for increasing reliability, since the introduction of equipment changes in a computer's design on an operational basis is, as a rule, extremely undesirable. The methods of redundancy and program monitoring are ths ones most widely used in such sps- tems. - 5.2. Determining the Required Degree of Reliability oP a UVM Before evaluating the possibilities of using different redun- dancy and program monitoring methods to increase the reliabili- ty of UVM operation, let us discuss the required level of reli- ability of a UVM as an element of a specific contxol system. The level of UVM reliability cannot be chosen arbitrarily. It depends on the level oi" reliability of the other parts of the system. As the requirements for UVM reliability become more ' rigorous, its cost incresses and at the same time it may prove to be the case that the resuiting reliability of the system as a whole is limited by either the object of control, or the sen- sors, or the communication chaanels. 5 FOR OFFICIl,L USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 FOR OFrICIAL USE ONLY ' The probabilitp of system failure for the case where the fail- . ure of one of its parts results in the failure of the system as - g whole is . rs _ 9` M = 1 - tRl P; (t), (5-3) - where Pi(t) = probabilfty of Pailureless operation of the i-th part of the system over some period of time. _ If we separate the probability of failureless operation P2 of = the control unit, then for some fixed t it is possible to write (5-3) as q` = 1 - P,P.,, _ wher2 Pi = probab3lity of failureless operation of the object. The dependence of qc on Pl and _ e~I P2 ~sually has the form sFown o,, in ignre 5.1. iP, =G,d i With the exception oP cases , i - ~ ~ 1P,=0,9 1 where the operati.onal failure o,rl ---~`--rt---1=---t ot' the control unit can entail ;f; = 0,9951 injuries to humans, require- - _e-~n,s,; n,~ ~ men~s for WM reliability should not exceed a certain F igure 5-1. Dependence of level. Since an inerease in a probability of failure of a system's relfability is inevit- system on the operational ably related to an increase in reliability of the computer its cost, techniques for deter- and the controlled object. mining the neeessary level of ~i UVM re?iability should be based on optimization of the system relative to the criterion of min- ' imwn expenditures for the given limitations. The complete expenses C for a system can be defined in the gorm C= C~a -;-C,-I-Ccs, where C~ , Co = capital as~d operatirig expenses respectively; Cls = lolses arising as the result of unreliability of the sys- tem. Capital eapenses contain tuo com onents: 1) Ccpll which-does - not depend on roliability, and 2~ Ccp2, which is a function of reliability; ths ' is ~ . CCP _ C'Pi C~P,,. _ The CcP2 component can be evaluated by the formula [1Q] _ cCO . = Cq:j (qK~q). (5-4) 6 FOR OFFICIr~;. USE ONLY ~ APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02148: CIA-RDP82-44850R000100104429-8 FOR OFrICIAL USE ONLY _ where C = the component of capital expenses that depend on _ the relmility in the existing (known) system (computgr); qkny q= probabil3tq of failure in the existing (known) system and the one being developed, respectively; d= a coefficient that; is determined eaperimeatallp. - From (5-4) it follows that if q-*0, then the additional capital expenses C~ 2..j~; that is, theq increase eatraordinarily ; rapidly as ~he requirements for the spstem's operational relia- - bility are raised. - The operating egpenses can be CC, ((,'~P - where Ceni C: cmt = costs of als, respectWel,, eapended to time; t= time uf operation of 3ef ined in the f orm. i_ CmP _I_ C,.t ) t' the energy, manpower and materi- operate the syst,em per unit of the system. Losses from spstem failure Cls over time ic are determined bp - the average cost of tb.e losses incurrecl for one failure C o and _ the mathematical expectation of the number of failures M(R0]; - that is, - . Qs ' cavr1' ~ rrr~ it being thQ case that 0a, =-,~;ln~oi c;, where ci = cost of losses M - for the i-th failure of the system (machinei. ` - In the first approaimation, a stream df failures in a system _ _ can be regarded as the simplest and distributed according to - Poisson's law. For such a stream, the probabiZity of the oc- y currence of m failures in tlme t is !f (l~ e`�, = m. = where a=~ct and ac = intensity of system failures. - If the probability of failure is low, which is equivalent to a _ _ lox value for a, then - q!f;== 1iir, -;-e--u=z~ a - For Poisson's law the mathematical eapectation of the number of J'ailures is MR0] = a=~ct, so (5-5) can be written as _ Ch = CAV9 (t)� - : 7 - FOR OrFICIr~:. L'SE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 FUR OFrICIAL USE ONLY cl I cq solution, we obtain Fcr a given value of t, q(�t) _ . ` = q=Act and Cls -,-,Cavq � Thus g the total expenses for the sys- tem are C- Ccp: T Ccpa (qKn c])j C,-i- LAva� (J-v) The dependence of expenses C on the legel of reliability P= = 1- q is shown in Figure 5-2. The system's optimwm level of reliability can be determined by solving the equation dC/dq = = 0 for q. As a result of the q'' _ ('CIP3q4) ,rcav ) OT P'~ where = optimum value of the probability of failureless op- eration of the system. The optimum level of sqstem reliability can also be determined , on the bas is of the conditions for producing the maximum gain. The specif3c values of P* will, naturally, depend on the cri- terion that is used. Knowing the optimum level of system reliability, as well as iche reliability levels of its component parts (in addition to the UVM), it is also possible to determine the reqnired optimum level of WM reliability: P:;uvnj f'"In pi� tcuvni 5.3. Procedures for Redundancy in i]VM's and Operating Modes of Redundant Systems - Redundancy is based on the principle of using excess elements - that are not functionally required Por normal operation but are - intended only to replace the basic elements in case they fail. Depending on the way the reserve elements are connected, we - distinguish total, separate and mi.zed redundancy. Total redun- dancy *neans redundancy of the entire system as a whole. Sepa- - rate redundancy cansists of redundancy of individusl elements of the system. Mixed redundancy means redundancy of both indi- vidual elements and of the entire system. 8 FOR OFFICIrJ_, USE ONLY. , APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 Figure 5-2. T oward determin- ing the optimum level of WM reliability in a control system. APPROVED FOR RELEASE: 2007102/08: CIA-RDP82-00850R000100100029-8 FOR OFrICIAL USE ONLY Thanks to its simplicitys total redundancy is the variety that p is used most widelp. In control systems with WM's, total re- _ dundancy is most frequently realized by duplication of the bas- = ic computer with an analogous reserve unit. Depending on the way the reserve element is hooked up, redun- dancy can be either permanent or by replaceffient. a For permanent redundancy, the reserve computer is connected to the basic one whenever the latter is operating and is in the same operatin,g mode. Permanent redundancy is used in cases where even a brief interruption in a sqstem's operation cannot be alloved. With this redundancy method, failure of one of the - computers shonid not affect the systea's capability to continue . performing its functional assignmentg. The advantages of per- manent redundsncy a.re the sinplicity of its organizat3on and the lack of work interruptions9 which are inevitable whea com- _ puters are switched; the disadvantages are the increasRd drain on the reserve computer's service life and the necessity of in- suring the system�s abilitp tc function when the permanently - connected reserve computer suffers operational failure. - For redandancy by replacement, the computer that fails is first _ disconnected and an analogous reserve computer is then connect- ed. The computer that failed can be disconnected and the nex one connected either manually or automa.tically. The basic ad- vantages of redundancy by replacement are preservatian of the reserve equipment's service life, since it can be kept under a light load or none at all; the possibility of using a single computer to back up control units of several monotypical systemg with WM's, since the probability of simultaneous oper- ational failure of several computers is very lov; the lack of any need to correct the operating mode and the parameters of the inpnt and output circuits to which t2ie camputer,is connect- ed. The disadvaatages are the necessity of including switching units with low probabilities of failure in the design of the system; the organization of a developed system for monitosing and indicating irregularities; redundancy not only of the equipment, but also of the information xithout rrhich the re- - serve WM cannot operate when it is connected to the system. The presence ofadditional switching devices with limited reli- ability lowers the overall reliability of the standby system slightly, while the need for redundancy of both equipment and information makes the algorithm for interaction of the operat- ing and reserve camputers coasiderably more complicated. Pos- s ible var"iants for the organization of computer interaction when redundancy by replacement is utilized will be discussed below. 9 FOR OFFICIr',L USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02148: CIA-RDP82-00850R040140100029-8 FOR OFFICIAL USE ONI.Y ' Redu.ndancy by replacement is used to 3ack up systams with WM's only when some interruption in the operation of the control - unit is allowecl; thi.G interruption is needed in order to switch = the computers from the operating mode into the reserve mode or to search for and eliminate defects, and vice verga. ~ Regardless of the type of redundancy, its organization requires the inclusion in the system of additional equipment that in- - - sure3 thQ functioning of the computer complsx formed as the re- _ ' sult of the redundancy. The amount of additional equipment de-. pends on the redundancq method used. It is most signif icant - for redundancy by replacement. As a rule, this equipment is - not mass-produced, but requires special development. ' PermanEnt redundancy, organized in the form of total redundancy by duplication of the comput- 1 2~) ers, assumes complete "equality _ + ~ ~ of rights" of the operating - computers. For this redundailcy " i ycr,;, ~3)y~ 'r~ method, there is no separation of computers into basic and re- gerne categories. Both comput-- - - L-- erz realize identical fvnction- - al algorithms. As a rule, all machine assemblies process- _ or, auailiary storage9 communi- cation links with the con- - ~obzeKmy ~5) trolled object are duplicat- Figure 5-3. Block diagram of ed. IInits for monitoring the _ a system consisting of two results of the computation pro- computers connected in tb.e cess are used as additional de- _ permanent redundaneq mode. vices that are included in such - Key: a system. Figure 5-3 is a 1. Computer camp].ex VK block diagram of a system con- - 2. WM sisting of two computers oper- - 3. Communication unit US ating in the permanent redun- - 4. Computer interface de- dancy mode. - vice USpM - 5. To controlled object The system cons ists of computer - complex VK and communication unit US. The US contains computer interface devices USpMl and ' - USpM29 with the help of which the WM's input and output cir- - cuits are ltnl:ed. In eacii of the system's computers, the same problem is solved - independentlp, using the same data. In order to eliminate the effect of external noise, each of the computers usually utiliz- _ es an asynchronous operating mode. The results of the solution _ are compared, for which purpose the interface devices USpMl and - 10 - FOR OFFIC U,L USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02148: CIA-RDP82-00850R040140100029-8 FUR OFrICIAL USE ONLY 2~ USpM2 are used. When the re- - ~D sults coincide, they are sent ' - g'~~yQ~ out into external circuits 3 q/7~;' ~ - (5)(6) nnc(6) 9) along which they go (for exam- - a"; j~ ro~~~ t~ ~ ple ) to the controlled object. _ The system's functioning in ~r / nnoj J thjS ~lOde i8 called aperation r!N;l. 1(7) ~d.H~ CPPM ~ in the gr~l , ~ qnchronous dnplex (2) 12) `r^(~(16), mode. If the results do not coincide, actions are performed Figure 5-4. Temporal diagram to determine in which vf the = of the operation of a redun- computers there was a.f'silure dant system using the perala- or malfunction. As arule, a = nent redundancy method, malfunction is detected by the - Key: method of repeated computation, _ 1. Start using the same initiml data. 2. Duplex operating mode If a failure occurs, dfagnostia ` DRR tests are run to determf.ne - 3. Failure of UVM1 xhich computer failed and the - WM point at w'iiich the defect ap- 5. Initial start subprogram peared. During the time when ~ PNP the computer that failed is be- 6. Functional problem solu- ing repaired, the systen oper- ~ tion program PRFZ ates without it. This mode of _ 7. Repeated problem solu- system operation is called the - tion subprogram PPRZ simplea mode. Figure 5-4 is a 8. Diagnostic problem solu- temporal diagram of the opera- - tion subprogram PRDZ tion of a redur;idant system con- 9. Computer disconnect sub- sisting of tWO computers and program POM that realizes the operating _ 10. Repair mode described above. After = 11. Malfunction the command "Start" is re- _ 12. Correct ceived, initial start sub- - 13. Failure program PNP is turned on in 1~+. Incorrect each computer, whereupon it 15. WM2 correct checks to see that the comput- 16. S implex operating mode er's units are in good working - SRR order and that the computer is _ ready to function. This same subprogram prepares the computer to solve functional problems. Functfonal problem solution program PRFZ is turned on after a signal that the computer's units are ready to function is re- _ - ceived -Prom the PNP. When a signal that t,he computer is maI- - functioning is received, repeated problem solution subprogram ~ PPRZ is turned on. If the malfunction was a random one, prob- lem solution continues after repeated solution cf the entire problem or part of it. Duplex operating mode DRR is realized t ' in the system. If a failure occurred in the system, diagnostic problem solution subprogram PRDZ is turned on in each computer. - Which of the computers is out of order is determined on the 11 FOR OFFICIt~:. USE ONLY 4 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/48: CIA-RDP82-00850R000100144429-8 FOR OFrICIAL USE ONLY basis of the functioning of the diagnostic programs. Computer _ disconnect subprogram POM disconnects the defective computer fram the system so it can be repaired, while the computer that is in good working orderbegins to operate and continuea solv- ing functional problems in the simplea mode. The operational reliability of a redundant system of this type - can be evaluated in the following manner. The WM's belong to the class of extended-use, multipie -action, repairable systems. In such systemsg as is well known, along with sudden failures and malfunctions it is possible for gradual failures to occur, - and the manifestation of such failures in multielement systems - is extremely complicated. As a rule, in a WM there are pro- visians for periodic preventive maintenance during rrhich ele- ments in a'tcritical" state are detected. ~hese elements are replaced wfth new ones, as a resnlt of which the evaluation of WM reliability is usually limited to a discussion of sudden . failures only. Considering the remarks previously made relative to the nature of a stream of failures, let the operational reliability of an unmanitored computer be described by the following relation- ship: PC(1) _ ~�~rCXp j-�f~- 0~� (5-7) Let us designate the degree of multiplicity of redundance (the _ number of reserve deeices) as mred, while the probability of failureless operation of a unit with a backup is Pred(t)� In the first approximation, the probability of failureless opera- - tion of a repairable system that is backed up with an equiva- lent reserve can be evaluated with the forrmula P,~taM = 1 - - P" (f)I Rta4 -E-;, (5_8) where Plred(t) = probability of failureless operation of a backed-up unit, using permanent redundancy. Let it be required that a uecessary level of reliabilitp P3 of the backed-up system be insured; that is, that P111d (t)'. 1-1.1. (5-9) Let Plred (t ) = P3- Substitutixig the value of Pe(t) from (5-8) into (5-7) and tak- - ing (5-9) into consideration, after making the transformation we obtain t, P,) (l TreP '/o(5'10) - 12 FOR OFFICIr',;, liSE UNLY " APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FOR OFrICIAL USE ONLY If we expand e"tIT0 into a series and take the first two terms of this series into consideration, the allowable valus of the ave.rage time of failureless operation To of a computer can be _ eealuated in the folloxing manner: 7o z- l' rep ~,mreii.~~ lrzP � 15~1.1~ A more accurate value of Tp can be obtaiaed by solving equation (5-10) graphically. In order to do this, we introduce the fol- lowiag definitions [10 = f'N.) I r ~i 4o-- 0,9 C t1(To) ~ , 0,3 ~ f? (Ta) 0,7 ' ~ i 0,6 � ~ fi (7o) 0,5 T01 . Tol To Figure 5-5. Toward determin- ing the average time of - failureless operation. system goes aut of operation, dancy drops substantially. ~ Figure 5-5 depicts the graphic solution of transcendental equation (5-10) for two values oP P2(Tp), it bein the case that f~ CTO) > f2 (Tol.. The formulas for evaluating the reliability of a backed-up sps- tem that were presented above are correct onlq for a system in which a part that fails is repaired immediately after the failure occurs. !f it is not done until after the entire the effectiveness of the redun- In order to deal xith elements that fail immediately aPter theq stop functioning' it is necessary to have special indicators, the installation of which is not always possible. As ras men- tioned earlier, periodic preventive correction of a system's . reliable properties is used for the purpose of increasing the effectiveness of system redundancy. In connection with this, the preventive maintenance period Tpro should be less than the average time of failureless operation of one of the J-th sub- - < Ttems into which the sqstem is divided [411; that is$ Tpro < Oj' Redundancy by replacement assuffies that the computers are cate- gorized as basic and reserve. Under normal conditions, only the basic computer operates. It carries out all the system's fvnctional problem solutian algorithms and communicates xith - the eaternal equipment (the data transmission equipment) and _ the devices for depicting information on the operator's con- sole. The reserve computer can be in one of the following - modes: a) turned off (cold, unmonitored reserve), b) waiting = 13 - FOR OFFICIA:, USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FOR OFrICIliL USE ONLY ~ (hot, unmonitored reserve), c) check monitoring (the hot, moni- - tored mode), d) duplicated storage of the most important infor- mation produced by the basic computer's operation. In order to reduce time losses at the reserve nnit's input, the - last two modes are those primarily used in control systems. - Let us ciiscuss the realization methods and the special operat- ing features of a backed-up system cperating with duplicated storage of the most important information. This mode 3nsures _ the most rapid engagement oP the reserve unit. In order to insure continuity of control in'case of failure - ~ of th as c o e b i c mputer, certain s{ 04 n information must always be 3~ present in the reserve unit. Ctrr ~ Q+ This information is kept in its , internal storage and reflects the course of the computational, FigLire 5-6. Structural dia- process at the given moment graLq. of duplicated system the bas3c results of the caicu- with redundancy by replace- lations, the state of the con- _ ment. trolled object(s), the con'crol Key: decisions that were made earli- 1. WM er and are important from the 2. Ynput viewpoint oi' continued opera- 3. P~ tion, and the technical st~~te _ 4. Circuits for exchanging of the individual units that - information between com- make up tlle con'crol syste*n. In , puters general form, Figure' 5-6 is a 5. Po t structural diagram of a dupli- 6. Output cated system with redundancp bp replacement. The special fea- ture of this system is the presence of switching devices at the input P~ and the output Pout, as well as in the circuits for eachanging information between computers POI. When thfs redundancy method is used, the requirements for reli- ability of the switching devices are eatremely rigorous, since the failure of any one of them causes the entire system to fail. - If, in the first approximation, we ignore failures of the back- ; up information switching devices, the prabability of failure- , less operation oP a backed-up system with redundancy by re- , placement can be determined in the following manner: P?rul (t) - Pin (t) Pou{ (l) {1 - [1 -Pe ~f~~IRrtJ+~1(5-12) 1 where Pi(t), Po t(t) = probability of failureless operation of _ the switc~es at the system's input and output. 14 FOR OrFICIA,'.. USE UiVLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FGR OFFICIAL USE ONLY As for the c~s,~ of permanent redundancy, let P2 r d(t) - P and Pe(t) = Kre- /10. Substituting these values of ~2 red(t) Ind Pe(t) into (5_12), We can determine the average time of fail- - ureless o ,,peration of a single computer: 7. ^ t+T _ � ~ nlfal'~ i %1 r`p fy11'in (t) ~',,,ut (0) ! � ( 5~13 ~ For a duplicated systemt tnred = 1, so that T o~ r 1 T r~~----- 7' ~ y"1-P3lltin (r) ~'~uC rtP . _ These formulas as was the case for permanent redundancy are correct for systems with re-establishment of the reliabili- - - ty properties of the system's elements either immediately after a failure occurs or during preventive maimtenance. An essential feature of the organization of redundancy by re- - placement for systems consisting of tWO or more computers is the necessity of exchanging back-up informatian between the = basic and reserve computers. This feature causes the operating - programs of each of the computers in the complex to be con- .structured in such a manner that in addition to solving the basic funetional problems, performance of the follrn+ring opera- tions is insured: 1) initial input of the information into the reserve WM's memory and the starting of its program in the - _ check monitoring mode; 2) eachange of data on the state of the basic and reserve computers' equipment during operation; 3) - periodic foraarding of back-up information from the main com- - ~ puter's memory to that of the reserve one; 4) switching of the - WM s when an irregularity arises in the basic computer or on command of the operator; 5) swf.tching back from the reserve WM to the basic one when the irregularity is eliminated without, for all practical purposes, interrupting the continuitp of con- trol. Depending on the state of the reserve computer, the following = modes are distinguished: 1) duplea, When the basic and reserve - computers are both in good working order and are both turned on; 2) duty, when one of the computers ia turned off or under- going repair. Let us discus,s the priraciples of the program realtzation of the dunlex and duty operating modes of the redundant system. It is possible to realize the dupleg mode either by simultane- ously starting two computers that are in good working order and were not previously in operation, or by connecting the reserne FOR OFFICIi�'.. USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FO". OFrICIAL USE ONLY ynaPKCtiaru (7) 4pearonr Gc~an9HaR 8 Figure 5-7; Temporal diagram of engagement of tWo - computers iit the duplex mode of oueration. Key: - l. Start g, 2. Basic 9, 3. PNPtial start subprogram 10. - 4. Reserve computer initial 11. load subprogram PNZR 5. Duty mode 12, _ 6. Intercomputer eachange 13. supervision subprogram DMO Reserve Loading Information checking and correction KI Reserve computer readiness check FK Readp signal SGR Pp~ecial start subprogram computer to the already functioning basic one. Depending on _ the original state of the computers, the duplea mode organiza- tion algorithms will be substantially diiferent. Simultaneous starting of the two computers is carried out in the following menner. The available compnters are designated ~ as basic and reserve. The operation of the basic computer be- _ gins with the running of initial start subprogram PNP1 (Figure 5-7), which enters all the iaitial information in the comput- er's internal memory and turns on special reserve computer ini- - tial load snbprogram PNZR. With the help of this subprogram all the initial information is shared with the reserve compuZ- er's internal memory. After loading, the reserve computer is , ready for operation and is turned on by special start sub- - program PPR. The functions of this subprogram include checking - and correctiag the information receved from the basic computer _ (KI), checkin~ the good xorking order of the reserve computer's equipment (FK , ard issuing the results of this check (readi- ness for operation or lack of it of the reserve computer). After receiving ready signal SGR, the basic computer's opera- tion is iaterrupted and intercomputer exchange supervision sub- prograw DMO is turned on. The end of this subprogram's opera- tions signals the completion of the system's convers3on to the duplex mode. 16 FOR OFFICIti;, USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FOR OFFICIAL USF ONLY TMIf/J661 5 FeWqpHb165 ~ peMUnr pe.~~rua, nemu~r .4,1 11 ~6) 111H3P' (4) 1,4M[I (9) �y3 14) 4y114e1r`1b10( 7) pexruM ( A) t , .,y.......,~,,,.,,. 7 IIi7P ) Pe,ri�uM ~ Figure 5-8. Temporal diagram of connection of resP-rve computer. Key : 112,4-13. See Figure 5-7 14. Reserve computer initial s tart subprogram PIQPR Figure 5-7 is a temporal diagram of the conversion of the com- puters into the duplea mode of operation. A reserve computer is connected to an already operating basic computer in the folloxing manner. IIpon receiving a"Start" signal, reserve computer initial start subprogram FNPR is turned on. This subprogram clears the reserve computer's in- ternal memory and registers, makes the initial adjustment of its subordinate peripheral equipment, and issues an inquiry about connecting it.to the basic camputer. When this inquiry is received, the implementation of the functional programs by the basic computer is interrupted and the intercomputer ea- change supervision subgrogram is turned on. This subprogram prepares the PNZR to forward information to the reserve. comput- er. In ord.er that the transferred inf'ormation not be Qbsolete, the basic compnter operates in the duty mode for some t:ime be- fore the reserve computer is loaded. After the inPormation is forwarded, the working sequence of the basic and reserve com- puters is analogous to the one described earlier. Figure 5-8 is a temporal diagram of the conneation of the reserve cornputer. The exchange of information between the computers includes: 1) an exchange of interaction signa.ls over special trunks; 2) the forwarding of numerical information to one of the compiiters. The interaction signals are preparatory signals that insure the _ synchronization of the operation of the basic and reserve com- puters before the forwarding of the numerical information. The du*y mode is realized most frequently when an irregularity arises in one of the computers. Let us eaamine the complex's operation when an irregularity ap- pears in one of the computers. In this situation, it is 17 FOR OFFICIr,:. USE ONLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 i FOR OFFICIAL USE ONLY ~(f/IAfKCNbIU ,QUOZHOC/11U4'ECKUB kmKUF1 /RCC/A5/ ~ s Q . ~ i X 16 ) b 7) v HAT a 6) vI E . Pe3ea9HOa f R 1 1 n1('1 A) t Q~n~'r,crrsu ~h' l1,'; 19 ~eA'yPysie pehue! t7 ~ pemutir ( NP (ocNaBHaR nar. 2~OcZ rnf ~ Figure 5-9. Temporal diagram of process of switching computers from duplex to duty mode. Key : 21 6-8, 109 13. See Figure 5-7 18. Computer switching sub- 15. Diagnostic tests program PM 16. Defect signal 19. Mode change subprogram IR 17. Disconnect signal 20. Basic program necessary to disconnect the basic computer and shift the re- serve computer to t,he duty mode for the implementation of the functional programs. The computer that is out of order must be sw3tched to the defect search mode with tlae help oY diagnostic programs or shut down so that a manual search for the irregu- larity can be made. A defect signal received from the monitor- ing units over the interaction signal transmission trtuZks caus- es the reserve computer's operation to be interrupted and turns on intercomputer exchange supervision subprogram DMO. This program, in turn, on reservs computer monitoring subprogram FK, which checks the readiness for operation of that computer's units, and then computer switching subprogram PM. This sub- program issues a signal to change the defective computer into the defect search mode and tnrns on mode change subprogram IR, which switches the reserve computer into the duty mode for the implementation of the control system's functional programs us- ing the available reserve information. Figure 5-9 is a tempor- al diagram of the process of switching the computers from the duplex to the duty mode. Since the complex is conposed of identical machinesg redundancy by replacement can be organized by the mixed redundancy method as well as by total redundancy. For eaample, peripheral gear redundancy can be organized along with computer redundancy. In order to do this, the gear must be fitted with a monitoring system. When a defect fs detected in the paripheral gear oP one of the computers, it is suYficient to switch only the per- ipheral gear instead of the entire computer. Figure 5-10 is a temporal diagram of the process of switching the peripheral gear when a defect is discovered in the basic computer's per- ipheral gear. As a result of this saitching, the basic 18 FOR OFFICIAL USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FOR OFrICIAL USE ONLY npatpuMMa Q20 . ocno9iraA i ~ ~ QMO, ( 6 ) (2) 'Nl(uU0�hJrbY.b~;! XCY,:;i.it 2 5 / Figure 5-10. Temporal diagram of grocess of switching - Ke peripheral gear. Y, ' 2, 6-8t 119 20. See Figures 22. Peripheral gear defect sig- 5-7 an4 5-9 nal 21. Switching of peripheral 23. In good working order gear 24. Readp _ 25. Funetional monitoring computer will operate through the reserve computer's coupling - unit. The basic computer's nonworking*peripheral gear is dis- - connected and a search is made Por the defects in these units. _ ,.4. Use of Automatic Monitoring Methods to Increase the Opera- - tional Reliabilitq of WM's, The equipment redundancy methods discussed in Section 5.3,in- crease the probability of failureless operation af a control system. In order to increase the probability of receiving cor- rect information at the control.system�s output9 various meth- ods oP monitoring its.operation are used. A set of facilities for automaticAllp monitoring the course of the computational process and the equipment's fitness for oper- ation is called a monitoring system. WM monitoring systems are given the tasks of automatically de- tecting equipment malfunctions and failures with a minimum time lag relative to the moment of appearance of such defects; cor- recting errors caused by random malfunctions or eliminating _ whatever effect they have; determining the point of failure in the coffiputer. In control systems, in many cases malfunctions _ in the operation of the control unit are as unallowable as failures, so increasing the reliability of the computation re- _ sults is especially impbrtant for WM's. The classification of the existing automatic monitoring methods that are used in WM's is shown in Figure 5-11. Regardless of 18-a FOR OFFICIA:. USE UNLY APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 APPROVED FOR RELEASE: 2007/02/08: CIA-RDP82-00850R000100100029-8 FOR OFFICIAL USE ONLY ABmomamuvecav KoxmpQen pnba,nal yBM _ . n r.z,1aNHN;HU(2~ annap0lI1X611( HOMbUNUpOg~N,v~:i(1}~ _ l1'ECIIiG,bf 0po~QQMA;HO- . louuecrruu ( 6 ) . - . npaBppn4h'pie ~ nemod 171ecm4 S:L.L dhuao?o cvem,7 � duue1tx ecK ,~emod KoNmPvnb.a~ ix IIk'CI116r ~Q coomNameHUU u 11) ' Ch161UD6b.X OBE OK h"0.'Ilnp04bHb12 ) ` MmUalibHbC 3;7~p4U anz~pumM