探索未知的宇宙深處一直是人類渴望達到的夢想。要實現這夢想，首先便是要有一適當的交通工具，但是礙於技術、人力和成本等眾多因素，使得這夢想看似遙不可及。近年來發現可以利用太陽風產生的巨大能量來推動太陽風帆前進，此種交通工具不僅建置成本低而且還不需燃料的供給即可飛行，使許多科學家趨之若鶩。然外太空是個瞬息萬變的環境，任何意外皆有可能使得太陽風帆故障而無法達到目的地，因此需要監控系統來確保太陽風帆的運作功能正常，但是，監控系統亦有可能損壞，例如：異物撞到監控攝影機使其角度偏移而無法正常監控或是能源供應不足使監控系統斷電和硬體老化或損壞；因此，如何讓太陽風帆監控系統持續保持正常運作是件重要的議題，所以本研究針對上述狀況進行設計與模擬。
本研究在太陽風帆監控系統中加入硬體冗餘技術和雙熱機備份技術，藉由彼此監督的方式，當主要運算的機器發生故障，備用機器可主動在短時間之內接手運作，使監控系統正常運作不中斷；本系統採用雙攝影機監控風帆擺動的軌跡，利用影像處理技術來分析太陽風帆的運作情形、軟體容錯機制(N-Version Programming)來驗證其正確性和自我療癒功能來偵測攝影機狀況並修正之。實驗結果指出影像處理可以有效過濾雜質影響，自我療癒功能可使因外力介入而歪斜的攝影機回復到可監視太陽風帆的位置，當監控系統影像處理裝置發生損壞時，另一備用裝置可以短時間內接手運作。所以綜合上述實驗結果，本系統可使太陽風帆監控系統擁有足夠的安全性和可靠度。

Mankind has always dreamt of exploring the unknown universe. To fulfil such a dream requires an appropriate transportation method. To date, hope for this dream to come true is still in the darkness because of limitations on technology, manpower, and costs. Fortunately, a light comes through when the unmanned solar sail vehicles, powered by solar wind, appear in recent years. This invention not only lowers costs but also requires no fuel for the vehicles to move, which easily solves the long distance cruising problem and draws hugely attentions from astronautic scientists. However, any accidents can lead to malfunction or course deviation of a solar sail due to the capricious nature in the outer space. For example, a monitoring camera in the solar sail might be hit by foreign material and, because of angle offset, becomes useless for the control system. Or, insufficient supply of solar energy causes the control system hardware out of function or even broken. To monitor and control a solar sail thus requires a robust self-contained system that is energy efficient and fault-tolerant because a solar sail is nearly impossible to come down for repairs.
This study designs and implements a solar sail fault-tolerant monitoring system that comprises redundant hardware and software using hot standby and N-version programming technology. The control hardware contains two identical embedded systems, one called the master and the other slave. By monitoring each other, when the master is experiencing any problem, the slave machine can take over all the tasks in a short time. In the system simulations, two cameras are responsible for monitoring a solar sail’s swings, and the control software uses image processing results to calculate and, if necessarily, activate a self-healing process to restore these cameras’ correct positions. To certain the correctness of the calculations, the control software uses N-version programming fault-tolerant methodology using results from three different perspective of image processings. The experiment results show that when a camera is hit by foreign matters, the self-healing function can effectively restore its position for supervising the solar sail. Experiments also confirm that the hand over between the master and the slave control hardware can be seamlessly done in a short time without compromising the functions of monitoring. The control system is proved to be robust, self-contained, and fault-tolerant.

Bechta Dugan, J., & Lyu, M. R. (1994). System reliability analysis of an N-version programming application. Reliability, IEEE Transactions on, 43(4), 513-519.
Chen, C. H., Ting, Y., Lu, W. B., & Wang, G. K. (2003, October). Recovery mechanism design for hot standby computer system. In Systems, Man and Cybernetics, 2003. IEEE International Conference on (Vol. 3, pp. 3027-3031). IEEE.
Chen, J., Sang, N., & Xiong, G. Z., (2007). Design and Implementation of a Fault-Tolerance Real-Time Computer Architecture. Journal of University of Electronic Science and Technology of China. 36(5), 846-849.
Chen, L., & Avizienis, A. (1978, June). N-Version Programming: A fault-tolerance approach to reliability of software operation. In Proc. 8th IEEE Int. Symp on Fault-Tolerant Computing (FTCS-8) (pp. 3-9).
Dabney, R. W., Etzkorn, L., & Cox, G. W. (2008). A fault-tolerant approach to test control utilizing dual-redundant processors. Advances in Engineering Software, 39(5), 371-383.
Elmendorf, W. R., “Fault-Tolerant Programming,” Proceedings of FTCS-2, Newton, MA, 1972, pp. 79–83.
Ersöz, S. D. (2005). Fault Tolerant Computing Based on Diversity. Retrieved June, m Boğaziçi University, Institute for Computer Engineering Web site: http://www2.cmpe.boun.edu.tr/courses/cmpe516/spring2006/Seda%20Demirag.ppt
Horning, J. J., Lauer, H. C., Melliar-Smith, P. M., & Randell, B. (1974). A program structure for error detection and recovery (pp. 171-187). Springer Berlin Heidelberg.
Hoseini, S. H., & Poshtan, J. (2007, November). Fault tolerant control applied on an inverted pendulum by using extended Kalman filter. In Intelligent and Advanced Systems, 2007. ICIAS 2007. International Conference on (pp. 945-948). IEEE.
Huang, Y. R., Juang, J. N., Hung, C. H., & Wilkie, W. K. (2014). Dynamics of a Coupled Pendulum Model of a Heliogyro Membrane Blade. In Advances in Solar Sailing (pp. 687-704). Springer Berlin Heidelberg.
Keromytis, A. D. (2003). The case for self-healing software. Columbia University.
Knight, J. C., & Leveson, N. G. (1986). An experimental evaluation of the assumption of independence in multiversion programming. Software Engineering, IEEE Transactions on, (1), 96-109.
Kontron. (2009). PITX-SP Datasheet. Retrieved from http://www.kontron.com/products/boards-and-mezzanines/embedded-sbc/pitx-25-sbc/pitx-sp.html
Kontron. (2009). PITX-SP Users Guide. Retrieved from http://www.kontron.com/downloads/manual/ktd-s0002-i_pitx-sp_usersguide.pdf?product=88730
Kontron. (2011). KTQM67 Datasheet. Retrieved from http://www.kontron.com/products/boards-and-mezzanines/embedded-motherboards/mini-itx-motherboards/ktqm67-mitx.html
Kontron. (2011). KTQM67 Users Guide. Retrieved from http://www.rtsoft.ru/upload/pdfcat/KTD-N0819-I_KTQM67_Users_Guide.pdf
Levitin, G. (2004). Reliability and performance analysis for fault-tolerant programs consisting of versions with different characteristics. Reliability Engineering & System Safety, 86(1), 75-81.
Niemann, H., & Stoustrup, J. (2005). Passive fault tolerant control of a double inverted pendulum—a case study. Control engineering practice, 13(8), 1047-1059.
Randell, B., & Xu, J. (1995). The evolution of the recovery block concept. Software Fault Tolerance, 3, 1-22.
Sagan, S. D. (2004). Learning from normal accidents. Organization & environment, 17(1), 15-19.
Sklaroff, J. R. (1976). Redundancy management technique for space shuttle computers. IBM Journal of Research and Development, 20(1), 20-28.
Teng, X., & Pham, H. (2002). A software-reliability growth model for n-version programming systems. Reliability, IEEE Transactions on, 51(3), 311-321.
Wattanapongskorn, N., & Coit, D. W. (2007). Fault-tolerant embedded system design and optimization considering reliability estimation uncertainty. Reliability Engineering & System Safety, 92(4), 395-407.
Wilkie, W. K., Warren, J. E., Horta, L. G., Lyle, K. H., Juang, J. N., Littell, J. D., & Heaton, A. F. (2014). Heliogyro Solar Sail Research at NASA. In Advances in Solar Sailing (pp. 631-650). Springer Berlin Heidelberg.
Winglee, R. M., Slough, J., Ziemba, T., & Goodson, A. (2000). Mini‐magnetospheric plasma propulsion: Tapping the energy of the solar wind for spacecraft propulsion. Journal of Geophysical Research: Space Physics, 105, 21067-21077.
Zeng, C., & Zhao, Y. L. (2013). Design of dual hot standby with monitoring system of power supply module. Electrical Measurement and Instrumentation, 50(10), 124-128.
Zhang, K. C., & Cui, G. (2010). Dual-unit Hot-standby Fault-tolerance Design of Real-time Embedded System. China, Sixth Chinese Test Conference Proceedings.
鄭武昇(2003), 「主從式容錯架構之檔案系統備份設計」,中原大學機械工程學系碩士論文。