Flexible Bus Media Redundancy

DETIThis paper proposes a flexible approach to bus media redundancy in Controller Area Network (CAN) fieldbuses, both to improve the bandwidth by transmitting different traffic in different channels or to promote redundancy by transmitting the same message in more than one channel. Specifically the proposed solution is discussed in the context of Flexible Time-Triggered protocol over CAN (FTTCAN) and inherits the online scheduling flexibility of FTTCAN, enabling on-the-fly modifications of the traffic conveyed in the replicated buses. Flexible bus media redundancy is useful to fulfill application requirements in terms of additional bandwidth or to react to bus failures leading the system to a degraded operational mode, without compromising safety. The arguments for and against flexible bus media redundancy in the context of FTT-CAN are also discussed in detail

Flexible management of bandwidth and redundancy in fieldbuses

Doutoramento em Engenharia ElectrotécnicaOs sistemas distribuídos embarcados (Distributed Embedded Systems – DES) têm sido usados ao longo dos últimos anos em muitos domínios de aplicação, da robótica, ao controlo de processos industriais passando pela aviónica e pelas aplicações veiculares, esperando-se que esta tendência continue nos próximos anos. A confiança no funcionamento é uma propriedade importante nestes domínios de aplicação, visto que os serviços têm de ser executados em tempo útil e de forma previsível, caso contrário, podem ocorrer danos económicos ou a vida de seres humanos poderá ser posta em causa. Na fase de projecto destes sistemas é impossível prever todos os cenários de falhas devido ao não determinismo do ambiente envolvente, sendo necessária a inclusão de mecanismos de tolerância a falhas. Adicionalmente, algumas destas aplicações requerem muita largura de banda, que também poderá ser usada para a evolução dos sistemas, adicionandolhes novas funcionalidades. A flexibilidade de um sistema é uma propriedade importante, pois permite a sua adaptação às condições e requisitos envolventes, contribuindo também para a simplicidade de manutenção e reparação. Adicionalmente, nos sistemas embarcados, a flexibilidade também é importante por potenciar uma melhor utilização dos, muitas vezes escassos, recursos existentes. Uma forma evidente de aumentar a largura de banda e a tolerância a falhas dos sistemas embarcados distribuídos é a replicação dos barramentos do sistema. Algumas soluções existentes, quer comerciais quer académicas, propõem a replicação dos barramentos para aumento da largura de banda ou para aumento da tolerância a falhas. No entanto e quase invariavelmente, o propósito é apenas um, sendo raras as soluções que disponibilizam uma maior largura de banda e um aumento da tolerância a falhas. Um destes raros exemplos é o FlexRay, com a limitação de apenas ser permitido o uso de dois barramentos. Esta tese apresentada e discute uma proposta para usar a replicação de barramentos de uma forma flexível com o objectivo duplo de aumentar a largura de banda e a tolerância a falhas. A flexibilidade dos protocolos propostos também permite a gestão dinâmica da topologia da rede, sendo o número de barramentos apenas limitado pelo hardware/software. As propostas desta tese foram validadas recorrendo ao barramento de campo CAN – Controller Area Network, escolhido devido à sua grande implantação no mercado. Mais especificamente, as soluções propostas foram implementadas e validadas usando um paradigma que combina flexibilidade com comunicações event-triggered e time-triggered: o FTT – Flexible Time- Triggered. No entanto, uma generalização para CAN nativo é também apresentada e discutida. A inclusão de mecanismos de replicação do barramento impõe a alteração dos antigos protocolos de replicação e substituição do nó mestre, bem como a definição de novos protocolos para esta finalidade. Este trabalho tira partido da arquitectura centralizada e da replicação do nó mestre para suportar de forma eficiente e flexível a replicação de barramentos. Em caso de ocorrência de uma falta num barramento (ou barramentos) que poderia provocar uma falha no sistema, os protocolos e componentes propostos nesta tese fazem com que o sistema reaja, mudando para um modo de funcionamento degradado. As mensagens que estavam a ser transmitidas nos barramentos onde ocorreu a falta são reencaminhadas para os outros barramentos. A replicação do nó mestre baseia-se numa estratégia líder-seguidores (leaderfollowers), onde o líder (leader) controla todo o sistema enquanto os seguidores (followers) servem como nós de reserva. Se um erro ocorrer no nó líder, um dos nós seguidores passará a controlar o sistema de uma forma transparente e mantendo as mesmas funcionalidades. As propostas desta tese foram também generalizadas para CAN nativo, tendo sido para tal propostos dois componentes adicionais. É, desta forma possível ter as mesmas capacidades de tolerância a falhas ao nível dos barramentos juntamente com a gestão dinâmica da topologia de rede. Todas as propostas desta tese foram implementadas e avaliadas. Uma implementação inicial, apenas com um barramento foi avaliada recorrendo a uma aplicação real, uma equipa de futebol robótico onde o protocolo FTT-CAN foi usado no controlo de movimento e da odometria. A avaliação do sistema com múltiplos barramentos foi feita numa plataforma de teste em laboratório. Para tal foi desenvolvido um sistema de injecção de faltas que permite impor faltas nos barramentos e nos nós mestre, e um sistema de medida de atrasos destinado a medir o tempo de resposta após a ocorrência de uma falta.Distributed embedded systems (DES) have been widely used in the last few decades in several application domains, from robotics, industrial process control, avionics and automotive. In fact, it is expectable that this trend will continue in the next years. In some of these application fields the dependability requirements are very important since the fail to provide services in a timely and predictable manner may cause important economic losses or even put humans in risk. In the design phase it is impossible to predict all the possible scenarios of faults, due to the non deterministic behaviour of the surrounding environment. In that way, the fault tolerance mechanisms must be included in the distributed embedded system to prevent failures occurrence. Also, many application domains require a high available bandwidth to perform the desired functions, or to turn possible the scaling with the addition of new features. The flexibility of a system also plays an important role, since it improves the capability to adapt to the surrounding world, and to the simplicity of the repair and maintenance. The flexibility improves the efficiency of all the system by providing a way to efficiently manage the available resources. This is very important in embedded systems due to the limited resources often available. A natural way to improve the bandwidth and the fault tolerance in distributed systems is to use replicated buses. Commercial and academic solutions propose the use of replicated fieldbuses for a single purpose only, either to improve the fault tolerance or to improve the available bandwidth, being the first the most common. One illustrative exception is FlexRay where the bus replica can be used to improve the bandwidth of the overall system, besides enabling redundant communications. However, only one bus replica can be used. In this thesis, a flexible bus replication scheme to improve both the dependability and the throughput of fieldbuses is presented and studied. It can be applied to any number of replicated buses, provided the required hardware support is available. The flexible use of the replicated buses can achieve an also flexible management of the network topology. This claim has been validated using the Controller Area Network (CAN) fieldbus, which has been chosen because it is widely spread in millions of systems. In fact, the proposed solution uses a paradigm that combines flexibility, time and event triggered communication, that is the Flexible Time- Triggered over CAN network (FTT-CAN). However, a generalization to native CAN is also presented and studied. The inclusion of bus replication in FTT-CAN imposes not only new mechanisms but also changes of the mechanisms associated with the master replication, which has been already studied in previous research work. In this work, these mechanisms were combined and take advantage of the centralized architecture and of the redundant masters to support an efficient and flexible bus replication. When considering the system operation, if a fault in the bus (or buses) occurs, and the consequent error leads to a system failure, the system reacts, switching to a degraded mode, where the message flows that were transmitted in the faulty bus (or buses) change to the non-faulty ones. The central node replication uses a leader-follower strategy, where the leader controls the system while the followers serve as backups. If an error occurs in the leader, a backup will take the system control maintaining the system with the same functionalities. The system has been generalized for native CAN, using two additional components that provide the same fault tolerance capabilities at the bus level, and also enable the dynamic management of the network topology. All the referred proposals were implemented and assessed in the scope of this work. The single bus version of FTT-CAN was assessed using a real application, a robotic soccer team, which has obtained excellent results in international competitions. There, the FTT-CAN based embedded system has been applied in the low level control, where, mainly it is responsible for the motion control and odometry. For the case of the multiple buses system, the assessment was performed in a laboratory test bed. For this, a fault injector was developed in order to impose faults in the buses and in the central nodes. To measure the time reaction of the system, a special hardware has been developed: a delay measurement system. It is able to measure delays between two important time marks for posterior offline analysis of the obtained values

Spartan Daily, October 12, 1978

Volume 71, Issue 28https://scholarworks.sjsu.edu/spartandaily/6387/thumbnail.jp

Historical Exploration - Learning Lessons from the Past to Inform the Future

This report examines a number of exploration campaigns that have taken place during the last 700 years, and considers them from a risk perspective. The explorations are those led by Christopher Columbus, Sir Walter Raleigh, John Franklin, Sir Ernest Shackleton, the Company of Scotland to Darien and the Apollo project undertaken by NASA. To provide a wider context for investigating the selected exploration campaigns, we seek ways of finding analogies at mission, programmatic and strategic levels and thereby to develop common themes. Ultimately, the purpose of the study is to understand how risk has shaped past explorations, in order to learn lessons for the future. From this, we begin to identify and develop tools for assessing strategic risk in future explorations. Figure 0.1 (see Page 6) summarizes the key inputs used to shape the study, the process and the results, and provides a graphical overview of the methodology used in the project. The first step was to identify the potential cases that could be assessed and to create criteria for selection. These criteria were collaboratively developed through discussion with a Business Historian. From this, six cases were identified as meeting our key criteria. Preliminary analysis of two of the cases allowed us to develop an evaluation framework that was used across all six cases to ensure consistency. This framework was revised and developed further as all six cases were analyzed. A narrative and summary statistics were created for each exploration case studied, in addition to a method for visualizing the important dimensions that capture major events. These Risk Experience Diagrams illustrate how the realizations of events, linked to different types of risks, have influenced the historical development of each exploration campaign. From these diagrams, we can begin to compare risks across each of the cases using a common framework. In addition, exploration risks were classified in terms of mission, program and strategic risks. From this, a Venn diagram and Belief Network were developed to identify how different exploration risks interacted. These diagrams allow us to quickly view the key risk drivers and their interactions in each of the historical cases. By looking at the context in which individual missions take place we have been able to observe the dynamics within an exploration campaign, and gain an understanding of how these interact with influences from stakeholders and competitors. A qualitative model has been created to capture how these factors interact, and are further challenged by unwanted events such as mission failures and competitor successes. This Dynamic Systemic Risk Model is generic and applies broadly to all the exploration ventures studied. This model is an amalgamation of a System Dynamics model, hence incorporating the natural feedback loops within each exploration mission, and a risk model, in order to ensure that the unforeseen events that may occur can be incorporated into the modeling. Finally, an overview is given of the motivational drivers and summaries are presented of the overall costs borne in each exploration venture. An important observation is that all the cases - with the exception of Apollo - were failures in terms of meeting their original objectives. However, despite this, several were strategic successes and indeed changed goals as needed in an entrepreneurial way. The Risk Experience Diagrams developed for each case were used to quantitatively assess which risks were realized most often during our case studies and to draw comparisons at mission, program and strategic levels. In addition, using the Risk Experience Diagrams and the narrative of each case, specific lessons for future exploration were identified. There are three key conclusions to this study: Analyses of historical cases have shown that there exists a set of generic risk classes. This set of risk classes cover mission, program and strategic levels, and includes all the risks encountered in the cases studied. At mission level these are Leadership Decisions, Internal Events and External Events; at program level these are Lack of Learning, Resourcing and Mission Failure; at Strategic Level they are Programmatic Failure, Stakeholder Perception and Goal Change. In addition there are two further risks that impact at all levels: Self-Interest of Actors, and False Model. There is no reason to believe that these risk classes will not be applicable to future exploration and colonization campaigns. We have deliberately selected a range of different exploration and colonization campaigns, taking place between the 15th Century and the 20th Century. The generic risk framework is able to describe the significant types of risk for these missions. Furthermore, many of these risks relate to how human beings interact and learn lessons to guide their future behavior. Although we are better schooled than our forebears and are technically further advanced, there is no reason to think we are fundamentally better at identifying, prioritizing and controlling these classes of risk. Modern risk modeling techniques are capable of addressing mission and program risk but are not as well suited to strategic risk. We have observed that strategic risks are prevalent throughout historic exploration and colonization campaigns. However, systematic approaches do not exist at the moment to analyze such risks. A risk-informed approach to understanding what happened in the past helps us guard against the danger of assuming that those events were inevitable, and highlights those chance events that produced the history that the world experienced. In turn, it allows us to learn more clearly from the past about the way our modern risk modeling techniques might help us to manage the future - and also bring to light those areas where they may not. This study has been retrospective. Based on this analysis, the potential for developing the work in a prospective way by applying the risk models to future campaigns is discussed. Follow on work from this study will focus on creating a portfolio of tools for assessing strategic and programmatic risk

Dynamic topology management unit for a fieldbus

Mestrado em Engenharia Electrónica e TelecomunicaçõesA redundância, mudança de topologia, detecção e isolamento de falhas pode aumentar a fiabilidade de um barramento de campo, como o Controller Area Network – CAN. A Dynamic Topology Management (DTM) em CAN faz uso da redundância e da detecção e contenção de falhas. Esta solução possui duas entidades fundamentais: a Unidade de Gestão de Topologia (Topology Management Unit – TMU) e a Unidade de Comutação de Rede (Network Switch Unit – NSU). A TMU é responsável pela gestão dos meios de comunicação e pelo acesso de cada NSU a pelo menos um meio de comunicação. A própria TMU possui redundância, havendo sempre uma TMU master e pelo menos uma TMU slave num sistema DTM em CAN. Um dos pontos fulcrais nesta rede é a necessidade da TMU Slave possuir os mesmos dados que a TMU Master. Isto implica a existência de um método que garanta a consistência de dados replicados. Quando ocorre um sincronismo dos dados entre o slave e o master, o mecanismo de consistência de dados replicados deverá ocupar os canais de comunicação o menos possível. Neste trabalho a arquitectura interna da TMU é analisada e é apresentada uma proposta para uma implementação em FPGA. Vários problemas relacionados com a gestão dos canais de comunicação são levantados e solucionados. O principal tema desta dissertação é o estudo de um módulo interno da TMU que executa um mecanismo de consistência de dados replicados. Um algoritmo de pesquisa em árvore em conjunto com o cálculo de CRC de porções de informação é utilizado para comparar dados entre o TMU master e slave. Esta técnica demonstra a eficiência em termos de taxa de ocupação dos canais de comunicação quando comparado com a técnica de reenvio de todos os dados. A implementação em FPGA deste módulo, denominado Distributable Table Content Consistency Checker – DT3C, demonstra a viabilidade da solução em hardware. A simulação, em Matlab, do algoritmo de pesquisa em árvore permite verificar as vantagens e limites. ABSTRACT: The dependability of a fieldbus such as the Controller Area Network can be improved by adapting redundancy, improving its topology, detecting and isolating failures. The Dynamic Topology Management (DTM) in CAN is a solution that makes extensive use of redundancy and also of failure detection and isolation. This solution is composed by two main elements: The Topology Management Unit – TMU and the Network Switch Unit – NSU. The TMU is responsible for managing the redundant communication medium and guaranteeing the access of each NSU to at least one communication medium. There is also redundancy at the TMU level, which signifies that there is always one TMU master and at least one TMU slave. One of the key points in this network is the ability of the TMU slave to have the exact same data as the TMU master. This implies that there must be a rigorous consistency scheme of replicated data. Moreover, the consistency scheme should occupy as less as possible the communication medium when a synchronization between the TMU master and TMU slave is scheduled. I analyze and propose a TMU internal architecture for FPGA based implementation. Various issues related to the redundancy management of the communication medium are analyzed. The main focus of this work is a simple replicated data consistency mechanism module that is present inside the TMU. A tree search algorithm combined with cyclic redundancy check calculations of portions of data is used to compare data between the TMU slave and master. This technique proves to be bandwidth efficient when compared to the option of resending all the data from the TMU master to the slave. The implementation in FPGA of this module, denominated Distributable Table Content Consistency Checker - DT3C, demonstrates that the proposed solution is achievable in hardware. Furthermore, a Matlab simulation of the tree search algorithm reveals the efficiency and limitations of the DT3

Controller Area Network

Controller Area Network (CAN) is a popular and very well-known bus system, both in academia and in industry. CAN protocol was introduced in the mid eighties by Robert Bosch GmbH [7] and it was internationally standardized in 1993 as ISO 11898-1 [24]. It was initially designed to distributed automotive control systems, as a single digital bus to replace traditional point-to-point cables that were growing in complexity, weight and cost with the introduction of new electrical and electronic systems. Nowadays CAN is still used extensively in automotive applications, with an excess of 400 million CAN enabled microcontrollers manufactured each year [14]. The widespread and successful use of CAN in the automotive industry, the low cost asso- ciated with high volume production of controllers and CAN's inherent technical merit, have driven to CAN adoption in other application domains such as: industrial communications, medical equipment, machine tool, robotics and in distributed embedded systems in general. CAN provides two layers of the stack of the Open Systems Interconnection (OSI) reference model: the physical layer and the data link layer. Optionally, it could also provide an additional application layer, not included on the CAN standard. Notice that CAN physical layer was not dened in Bosch original specication, only the data link layer was dened. However, the CAN ISO specication lled this gap and the physical layer was then fully specied. CAN is a message-oriented transmission protocol, i.e., it denes message contents rather than nodes and node addresses. Every message has an associated message identier, which is unique within the whole network, dening both the content and the priority of the message. Transmission rates are dened up to 1 Mbps. The large installed base of CAN nodes with low failure rates over almost two decades, led to the use of CAN in some critical applications such as Anti-locking Brake Systems (ABS) and Electronic Stability Program (ESP) in cars. In parallel with the wide dissemination of CAN in industry, the academia also devoted a large eort to CAN analysis and research, making CAN one of the must studied eldbuses. That is why a large number of books or book chapters describing CAN were published. The rst CAN book, written in French by D. Paret, was published in 1997 and presents the CAN basics [32]. More implementation oriented approaches, including CAN node implementation and application examples, can be found in Lorenz [28] and in Etschberger [16], while more compact descriptions of CAN can be found in [11] and in some chapters of [31]. Despite its success story, CAN application designers would be happier if CAN could be made faster, cover longer distances, be more deterministic and more dependable [34]. Over the years, several protocols based in CAN were presented, taking advantage of some CAN properties and trying to improve some known CAN drawbacks. This chapter, besides presenting an overview of CAN, describes also some other relevant higher level protocols based on CAN, such as CANopen [13], DeviceNet [6], FTT-CAN [1] and TTCAN [25]

Desenvolvimento de componentes para sistemas de segurança crítica

Mestrado em Engenharia Electrónica e TelecomunicaçõesHoje em dia é muito frequente a utilização de sistemas de controlo em aplicações de segurança crítica, por exemplo nos aviões, automóveis, etc. Um sistema de segurança crítica é assim designado porque em caso de falha pode resultar em grandes prejuízos monetários ou, no pior cenário, em perdas de vidas humanas. Este tipo de sistemas têm que ser robustos e tolerantes a falhas para falhar o mínimo possível e de uma forma segura. É também necessário que estes sistemas atendam a requisitos temporais para garantir o seu correcto funcionamento, sendo por isso designados de sistemas temporeal. Quando tais sistemas são distribuídos, como em redes de sensores, actuadores e controladores interligados por barramentos de campo, a comunicação desempenha um papel importante no comportamento temporal. Tem-se assistido nos últimos anos a um incremento da investigação e desenvolvimento da área de sistemas de segurança crítica. Têm vindo a ser criados alguns standards nesta área, sendo actualmente muito utilizado o CAN – Controller Area Network. No DETI tem-se realizado muita investigação em torno do CAN, tendo-se recentemente trabalhado em sistemas que permitem introduzir redundância e maior largura de banda no barramento sem modificação dos módulos a ele ligados. Os sistemas x-by-wire são um exemplo de sistemas de segurança crítica utilizados nos automóveis onde a questão da largura de banda é muito importante. Esta dissertação é uma continuação desse trabalho, onde se pretende implementar na prática um sistema que introduza estas características a um barramento CAN. As principais contribuições originais desta dissertação são o desenvolvimento de alguns dos componentes projectados no trabalho de investigação em curso, nomeadamente um gestor de topologia e um comutador. Estes componentes permitem adicionar barramentos redundantes e gerir de uma forma dinâmica a topologia numa rede CAN. Para tal foram utilizadas FPGAs – Field Programmable Gate Arrays, um processador da Xilinx e algum hardware desenvolvido no DETI, o CLAN e o respectivo controlador que permite a sua interface com microprocessadores. A prototipagem em FPGAs facilitou e simplificou a tarefa de simulação da lógica necessária à implementação, tanto do gestor de topologia como do comutador. ABSTRACT: Nowadays, the use of control systems in critical security applications is very common, for instance in airplanes, automobiles, etc. It is called critical security application because in case any fault occurs, it can cause huge monetary damages or, in the worst scenario, it can cause the death of human lives. This type of system must be strong and fault tolerant in order to fail the least as possible and in a secure and safe way. It is also necessary that these systems answer to time requirements so that they can guarantee their proper performance, being therefore known as real-time systems. Whenever these systems are distributed, as in sensor networks, activators and controllers interconnected by fieldbuses, communication assumes an important role in time behavior. In the past few years we have been watching to an increase in the critical security systems research and development area. Some standards have been created in this field, being CAN - Controller Area Network one of the most used in the present. In DETI, plenty of research has been made about CAN, and recently important work has been done in systems that allow the introduction of redundancy and greater bandwidth in the bus without modifying the modules which are attached to it. The systems x-by-wire are just an example of critical security systems which are used in cars, and where the matter of bandwidth is actually very important. This dissertation is therefore a continuation of that work that has been developed so far, which aims to implement, in practice, a system that is able to introduce these features in a CAN bus. The most original and more important contributions of this dissertation are the development of some of the components projected in this work of ongoing research, namely a topology manager and a commuter. These components allow to attach redundant buses and to manage, in a dynamic kind of way, a topology in a CAN network. In order to achieve it, there have been used FPGAs – Field Programmable Gate Arrays, a processor from Xilinx and some hardware which had been developed in DETI, CLAN and the corresponding controller that allows its interface with microprocessors. The prototyping in FPGAs has facilitated and simplified the task of simulating the logic that was necessary to the implementation, whether from the topology manager whether from the commuter

Annotated Bibliography of Films in Automation, Data Processing, and Computer Science

With the rapid development of computer science and the expanding use of computers in all facets of American life, there has been made available a wide range of instructional and informational films on automation, data processing, and computer science. Here is the first annotated bibliography of these and related films, gathered from industrial, institutional, and other sources. This bibliography annotates 244 films, alphabetically arranged by title, with a detailed subject index. Information is also provided concerning the intended audience, rental-purchase data, ordering procedures, and such specifications as running time and film size.https://uknowledge.uky.edu/upk_computer_science/1000/thumbnail.jp

Don’t Give Up Section 101, Don’t Ever Give Up

In an era of tremendous and rapid technological advancement, coupled with the massive influence patents have on the global economy, determining the specific categories of inventions eligible for patent protection is of great importance. The statute governing patent eligible subject matter, 35 U.S.C. § 101, has unfortunately fallen steadily into a morass, wherein a great number of judicial philosophies as to the proper role and scope of § 101 occupy the statutes jurisprudence. This frustrates the utilitarian purpose of the patent system as research companies are uncertain whether certain categories of inventions will maintain their eligibly for patent protection. Because § 101 jurisprudence has fallen into chaos a natural reaction is to avoid the statute. This article explores how two competing theories of § 101 have emerged: the functional philosophy and the jurisdictional philosophy. This Comment argues that the proper role of § 101 is that of threshold inquiry, in line with the jurisdictional viewpoint under a legal and policy rationale. Calls to remove § 101 altogether overlook the important role the statute plays. It is an important safety net for the public—serving as a moral gatekeeper covering patents that pass muster under the other patentability requirements, but still represent a moral and utilitarian conundrum

Don’t Give Up Section 101, Don’t Ever Give Up

In an era of tremendous and rapid technological advancement, coupled with the massive influence patents have on the global economy, determining the specific categories of inventions eligible for patent protection is of great importance. The statute governing patent eligible subject matter, 35 U.S.C. § 101, has unfortunately fallen steadily into a morass, wherein a great number of judicial philosophies as to the proper role and scope of § 101 occupy the statutes jurisprudence. This frustrates the utilitarian purpose of the patent system as research companies are uncertain whether certain categories of inventions will maintain their eligibly for patent protection. Because § 101 jurisprudence has fallen into chaos a natural reaction is to avoid the statute. This article explores how two competing theories of § 101 have emerged: the functional philosophy and the jurisdictional philosophy. This Comment argues that the proper role of § 101 is that of threshold inquiry, in line with the jurisdictional viewpoint under a legal and policy rationale. Calls to remove § 101 altogether overlook the important role the statute plays. It is an important safety net for the public—serving as a moral gatekeeper covering patents that pass muster under the other patentability requirements, but still represent a moral and utilitarian conundrum