Systems which are totally reliant upon digital processors to maintain stable operation demand very high levels of integrity. Hitherto this has necessitated Quadruplex hardware with majority voting. Software failures may be covered by N-version software, with conflict of results again resolved by majority voting. Such systems generally can fail down to two channels still operating. The system described uses the principle of temporal Separation to achieve the necessary high level of hardware integrity by using a Triplex system, but one which can cope with failures down to single processor level. Software failures are met by using Duplex software with Reversal Checking which allows failure down to one software channel. The paper describes the basic configuration of the system, and demonstrates its operation for a second-order control law algorithm. Modelling of the system failure models by a Markov model produces an expression for the reliability of an N-tuple by M-tuple hardware/software system such as the one described.
