Validation of kernel-based TMR in an autonomous guided vehicle

The triple modular redundant (TMR) architecture is based on the triplication of application modules To mask faults, copies of modules are mapped on processing units, capable of direct communication. In the approach used in this paper, each processing unit (or a processor) mapping a module, is equipped with a kernel. This kernel allows it to mask faults via an agreement protocol involving the two other processors (mapping the two other copies). Faults are masked, under user requests, through kernel primitives. Robot movements are observed when its path following controller is mapped on a TMR architecture. The output of the velocity controller is then submitted to an agreement. The study of resulted robot movements shows that single faults are efficiently masked. There is no perceptible difference among the robot behaviors, when using or not using fault-masking kernel, unless when processors faults occur.