JP6944799B2 - Information processing device - Google Patents

Description

The present invention relates to an information processing device such as a tablet terminal used in a field such as a railway field where high safety is required.

In the field of railways, for example, in the maintenance work of railway equipment, various information support may be provided to the staff using a tablet terminal. In such a case, if the tablet terminal operates abnormally and the staff does not notice the abnormal operation, not only will it be difficult to continue the work, but also the safety of the staff, the safety of the train, or the stable operation of the train may be hindered. There is.
In order to prevent such a situation, conventionally, measures may be taken to have two tablet terminals possessed by a staff member and have them perform the same processing. According to this measure, when one tablet terminal operates abnormally, there is a difference in the operation of the two tablet terminals. Therefore, the clerk can notice the abnormal operation by comparing these. If the staff can notice the abnormal operation, the staff can shift to the operation to realize the fail-safe, such as ensuring the safety of the work.

Patent Document 1 proposes a technique in which a user can quickly notice an abnormality in a terminal device by using one terminal device. In the terminal device of Patent Document 1, information processing is performed twice in one terminal device, and the display of the double processing result is alternately output in a time division manner. As a result, if there is an abnormal operation in one of the information processing, a difference occurs in the alternate display output, and the user can quickly notice the abnormal operation.

Japanese Unexamined Patent Publication No. 6-161791

In a configuration in which two tablet terminals that execute the same process are used to support the staff, it is easy to detect abnormal operation of the tablet terminals, but the staff must have two identical tablet terminals. Occurs. Further, when inputting some information to the tablet terminals, the complexity of having to input the same information to the two tablet terminals arises.

On the other hand, the technique of Patent Document 1 can obtain the same effect as possessing two terminal devices that execute the same processing by performing double information processing in one terminal device. Are expected. However, when information processing is performed twice by one terminal device, specifically, two information processing modules are operated by parallel processing on one OS (Operating System). The abnormality that occurs in the terminal device may be caused by the abnormal operation of the OS, and in this case, the abnormal operation spreads to both of the two information processing modules. Then, if an abnormal operation occurs in both of the two information processing modules and there is no difference in the display output between the two, it becomes difficult for the user to notice the abnormal operation. For example, when two information processing modules are stopped due to an abnormality in the OS and both display outputs are not updated, the same display output is continued and it is difficult for the user to notice the abnormal operation.

Further, in the technique of Patent Document 1, the software operating in the terminal device has a mixture of a portion that performs double information processing and a portion that does not perform double information processing such as input processing, data transmission processing, and data reception processing. (See FIG. 1 of Patent Document 1). Therefore, even if there is an existing application program (hereinafter abbreviated as "application") and it is attempted to correspond to the technique of Patent Document 1, single processing and double processing are separated and these are separated. It is necessary to modify the program to be appropriately associated. That is, the technique of Patent Document 1 has a problem that even if there is an existing application, many modifications of the application are required, and it is difficult to divert the existing application.

An object of the present invention is to provide an information processing device capable of detecting an abnormal operation of an application inside the information processing device with high reliability. Another object of the present invention is to provide an information processing apparatus capable of detecting an abnormal operation by diverting the existing application with a small amount of modification when there is an existing application.

In order to achieve the above object, the present invention
Hardware including central processing unit, memory and display device,
A virtualization unit that manages a plurality of logical partitions including a first logical partition and a second logical partition in which the hardware resources are divided into a plurality of partitions, and a virtualization unit.
A virtual machine in which the user application is run via the guest OS and runs in the first logical partition,
An arithmetic collation module that operates in the second logical partition and collates the processing of the collation target in the user application.
With
The user application includes a collation request code for designating the process to be collated.
When the process of the collation target is executed, the virtual machine obtains the collation request, the specific information that identifies the process of the collation target, and the result of the process of the collation target based on the collation request code. It has a function to send from the OS to the virtualization unit.
Based on the collation request received from the virtualization unit, the arithmetic collation module executes a collation process specified by the specific information and corresponding to the process of the collation target, and the result of the collation process and the collation process are described. It is an information processing apparatus characterized in that it collates with the result of processing of a collation target.

According to this configuration, the guest OS and the user application run on the virtual machine operating in the first logical partition among the plurality of logical partitions. Further, the arithmetic collation module operating in the second logical partition performs collation processing corresponding to the processing of the collation target based on the collation request code included in the user application, and collates the results of these processes. This collation detects if the user application is behaving abnormally. Further, according to the above configuration, even if an abnormal operation occurs in the user application due to an abnormality in the guest OS, the abnormality in the guest OS does not spread to the arithmetic matching module, so that the abnormal operation in the user application can be detected. .. Then, by detecting this abnormal operation, the information processing device or the user can be made to perform a process for realizing fail-safe.
Further, according to the above configuration, by including the collation request code for designating the collation target process in the user application, the arithmetic collation module can be made to collate the collation target process. Therefore, if there is an existing user application that runs on the guest OS, the user application can be diverted to support the collation process of the arithmetic collation module by making only a few modifications such as adding a collation request code. be able to.

Here, the information processing apparatus according to the present invention further includes an arithmetic program storage unit in which a plurality of types of arithmetic programs are readable and stored by the arithmetic collation module.
The arithmetic collation module may be configured to execute the collation process using the arithmetic program specified by the specific information from among a plurality of types of arithmetic programs stored in the arithmetic program storage unit.
According to this configuration, by providing a plurality of types of arithmetic programs in advance, it is possible to perform collation processing corresponding to various collation target processes. Further, since the arithmetic program that executes the same type of collation processing can be shared, the area for storing the arithmetic program can be reduced.

Further, the collation process may have a configuration having an algorithm different from that of the collation target process.
According to this configuration, the arithmetic collation module collates whether or not an abnormal operation has occurred by using an algorithm different from the processing of the collation target. Therefore, even if the processing of the collation target causes an abnormal operation due to the algorithm. This abnormal operation can be detected.

Further, the information processing apparatus according to the present invention is provided with a notification module that operates in the second logical partition and notifies an abnormality by using the hardware when the collation result by the arithmetic collation module is abnormal. May be good.
According to this configuration, when an abnormal operation occurs in the user application, the user is notified of the abnormality, and the user can be made to perform an operation for realizing fail-safe. Further, since the notification module operates in the second logical partition different from the first logical partition in which the user application is executed, even if there is an abnormal operation caused by the guest OS, it is not affected by this abnormal operation. Abnormality can be notified.

Further, the information processing apparatus according to the present invention may further include an operation confirmation module that operates in the second logical partition and repeatedly confirms the operation of the user application.
According to this configuration, the operation confirmation module can detect an abnormal operation that causes the user application to stop and deal with it. Further, since the operation check module operates in the second logical partition different from the first logical partition in which the user application is executed, even if there is an abnormal operation caused by the guest OS, it is not affected by this abnormal operation. You can check the operation of the user application.

According to the present invention, abnormal operation of an application can be detected with high reliability inside an information processing apparatus. Further, according to the present invention, when there is an existing application, the existing application can be diverted with a small amount of modification to cope with the detection process of abnormal operation.

It is a block diagram which shows the information processing apparatus which concerns on embodiment of this invention. It is a block diagram which shows the logical structure of the information processing apparatus which concerns on embodiment of this invention. The collation request code included in the user application is described, (A) is a diagram showing an example of an existing processing code, and (B) is a diagram showing an example of a processing code to which a collation request code is added. It is a flowchart explaining the procedure of the process of FIG. 3B. It is a sequence diagram which shows an example of the flow at the time of a normal operation collation processing. It is a sequence diagram which shows an example of the flow at the time of abnormality of arithmetic collation processing. It is a flowchart which shows an example of the procedure of the arithmetic collation processing executed by the arithmetic collation module. It is a sequence diagram which shows an example of the flow of operation confirmation processing. It is a flowchart which shows an example of the message processing of the user application which responds to the inquiry of the operation confirmation processing.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a configuration diagram showing an information processing device according to an embodiment of the present invention. FIG. 2 is a configuration diagram showing a logical structure of the information processing apparatus according to the embodiment of the present invention.
The information processing device 1 according to the embodiment of the present invention is, for example, a tablet terminal, and as shown in FIG. 1, a CPU (Central Processing Unit) 11, a non-volatile memory 12, a memory 16, and a display device 17 , The touch panel 18 and the communication device 19. The display device 17 is a device capable of displaying an image such as a liquid crystal display. The touch panel 18 is an input device provided on the display device 17 and capable of inputting information on close positions by bringing a finger or a digital pen close to each other.

The non-volatile memory 12 stores a virtualization OS program 13 for constructing a virtualized environment, and is further provided with a virtual machine storage unit 14 and a monitoring partition storage unit 15. The guest OS program 32a and the user application 31 are stored in the virtual machine storage unit 14. The monitoring software 41 is stored in the monitoring partition storage unit 15, and an arithmetic program storage unit 415a is further provided.

<Virtualization system configuration>
When the information processing device 1 is started, the CPU 11 first executes the virtualization OS program 13. As a result, as shown in FIG. 2, the virtualization unit 24, the virtualization unit interface 52, the service software 51, the virtual machine 33, and the highly reliable application interface 42 are realized. Hereinafter, the application interface will be referred to as "API".

The virtualization unit 24 constructs a plurality of logical partitions in which the hardware resource 25 is time-divisioned or divided into a plurality of areas, and manages these. The plurality of logical partitions include a guest partition (corresponding to the first logical partition) 21, a monitoring partition 22 (corresponding to the second logical partition), and a system partition 23. In addition, the virtualization unit 24 transmits / receives data between the partitions. The guest partition 21 and the monitoring partition 22 can send and receive data via the virtualization unit 24, and are independent of each other. Therefore, even if an information processing abnormality occurs in the guest partition 21, the abnormality does not easily spread to the information processing of the monitoring partition 22.

The virtualization unit interface 52 is a subsystem having an API for connecting the service software 51 with the virtualization unit 24 or the hardware resource 25. The service software 51 provides various services used by the virtualization unit 24 for managing the virtualized environment.

The virtual machine 33 is software that operates on the guest partition 21 and simulates the hardware resource 25 to connect the guest OS 32 and the hardware resource 25. The virtual machine 33 behaves like one information processing device, so that the guest OS 32 operates on the virtual machine 33. The virtual machine 33 includes a functional module for communicating with the virtualization unit 24 in addition to the hardware resource 25 assigned to the guest partition 21. By installing a driver for driving this functional module, the guest OS 32 can communicate with the virtualization unit 24 via the functional module.

The highly reliable API 42 is a subsystem having a highly reliable API for connecting the software on the monitoring partition 22 with the virtualization unit 24 or the hardware resource 25. As a highly reliable API, for example, POSIX (Portable operating system interface) can be adopted.

<Guest partition>
In the guest partition 21, the divided resources of the CPU 11 execute the guest OS program 32a of the virtual machine storage unit 14. As a result, as shown in FIG. 2, the guest OS 32 operates on the virtual machine 33. Further, the divided resources of the CPU 11 execute the user application 31 of the virtual machine storage unit 14 in the guest OS 32. As a result, the user application 31 operates on the guest OS 32. The user application 31 in FIG. 2 represents the state of a process expanded in the memory 16 and executed by the CPU 11.

The guest OS 32 is, for example, an OS for a general tablet terminal. The guest OS 32 recognizes the virtual machine 33 as if it were one physical machine, and operates in the same manner as when operating on one physical machine. Further, the guest OS 32 incorporates a driver of a function module for transmitting / receiving data to / from the virtualization unit 24, whereby data can be transmitted / received between the guest OS 32 and the virtualization unit 24.
The user application 31 is, for example, support software that supports maintenance work of railway equipment. The user application 31 operates on the virtual machine 33 in the same manner as it operates on one physical machine. However, if the user application 31 has a code for transmitting data to the virtualization unit 24, the user application 31 can transmit data to the virtualization unit 24 via the functional module of the guest OS 32.

<Monitoring partition>
In the monitoring partition 22, the divided resources of the CPU 11 execute the monitoring software 41 of the monitoring partition storage unit 15. As a result, the monitoring software 41 operates on the highly reliable API 42. The monitoring software 41 in FIG. 2 shows the state of the process expanded in the memory 16 and executed by the CPU 11.
The monitoring software 41 mainly monitors the operation of the user application 31 and notifies an abnormality. As shown in FIG. 2, the monitoring software 41 includes a keep-alive module 411, a notification module 412, a diagnostic module 413, a logging module 414, an arithmetic collation module 415, and a health monitor module 416. The keep-alive module 411 corresponds to an example of the operation confirmation module according to the present invention.

The keep-alive module 411 repeatedly communicates with the application on the guest partition 21 to check the operation of the application.
The diagnostic module 413 performs hardware diagnostic processing during the startup and operation of the information processing device 1.
The logging module 414 communicates with the guest OS 32 on the virtual machine 33, and collects and saves access logs and operation logs such as communication by the user application.

The notification module 412 notifies the user by, for example, the output of the display device 17. The monitoring partition 22 is allocated the resources of the display device 17 with a higher priority than the guest partition 21. As a result, even when the image is output from the guest partition 21 to the display device 17, the notification module 412 can output the image to the display device 17 so as to overwrite the image. When the information processing device 1 has a notification device such as a vibration device or an indicator lamp, the notification module 412 may adopt a configuration in which these notification devices are operated to perform notification.

The arithmetic collation module 415 collates whether or not the processing of the collation target specified on the user application 31 has been performed normally. The arithmetic collation module 415 performs a process corresponding to the process of the collation target of the user application 31 (hereinafter, referred to as “collation process”), and collates the process result of the user application 31 with its own process result. And judge whether it is normal or abnormal. The collation process is an algorithm different from the collation target process of the user application 31, and is created so as to perform the same process as the collation target process and return the same result. It is more preferable that the collation process is created by using an algorithm having a higher robustness than the process to be collated. A plurality of types of arithmetic programs that realize the collation processing are prepared corresponding to the processing of the plurality of types of collation targets, and are stored in the arithmetic program storage unit 415a. The arithmetic collation module 415 can read an arithmetic program from the arithmetic program storage unit 415a and execute it.

The condition monitoring module 416 performs a predetermined operation according to an exception or a timeout that occurs in the monitoring partition 22. For example, the arithmetic collation module 415 calls exception handling when an abnormality is detected, and the condition monitoring module 416 outputs an abnormality occurrence display request to the notification module 412 based on this call.

<Verification request code>
Subsequently, a method of adding a collation request code to the user application 31 and designating the process to be collated will be described in order to perform the arithmetic collation process. The arithmetic collation process is a process in which the arithmetic collation module 415 collates whether or not an abnormal operation has occurred in the user application 31. The method of adding the collation request code described here is only an example and does not limit the present invention.
3A and 3B are diagrams for explaining a verification request code included in a user application, FIG. 3A shows an example of an existing processing code, and FIG. 3B shows a processing code to which a verification request code is added. An example is shown. FIG. 4 is a flowchart illustrating the procedure of the process of FIG. 3 (B).

A collation request code 50 for designating a process to be collated is added to the user application 31 in advance. To add the verification request code 50, for example, as shown in FIGS. 3A and 3B, the function "func_D" defined in the user application 31 is changed to the function "func_D.inspect" with the verification request. Do it by doing something like that. Here, the function does not mean a function in mathematics, but means a function in a programming language, and refers to a unit of processing programmed to perform a predetermined processing with an argument as an input.

The function with the collation request is predefined in the user application 31. In the function with the collation request, in addition to the processing of the original function, a process of outputting the collation request to the virtualization unit 24 and a process of waiting for a normal collation result are added. These processes are added after performing the original function process and before returning the result of the function. A specific example will be described with reference to the flowchart of FIG. In the case of this specific example, the function “func_D.inspect” with the collation request in FIG. 3 (B) includes the process of the original function “func_D” (step S5), the process of outputting the collation request (step S6), and the process. It is a process including a process of waiting for a collation result (step S7). The collation request output to the virtualization unit 24 includes an index number representing the original function, a parameter value as an argument of the function, and a result obtained by the original function. Of these, the index number and the parameter value correspond to specific information that specifies the process to be collated.

The definition of the function with the collation request is limited to the case where the arithmetic program corresponding to the original function is stored in the arithmetic program storage unit 415a in advance. Conversely, if the types of arithmetic programs stored in the arithmetic program storage unit 415a are increased, functions with matching requests are defined for many types of functions in the user application 31, and many in the user application 31. It is possible to perform collation processing for the processing of.
A plurality of types of arithmetic programs are stored in the arithmetic program storage unit 415a in association with the index number. The arithmetic program identified by an arbitrary index number is created so as to perform the same processing as the function in the user application 31 identified by the same index number.

In the arithmetic collation process, the result of the collation target process is collated with the result of the collation process to inspect the occurrence of abnormal operation. Therefore, when a function is adopted as the processing to be collated, it is preferable to adopt a function in which the result (return value) of the function reflects the processing in the function and can take many different values.
Further, the arithmetic collation module 415 needs to perform the same processing as the collation target processing by the arithmetic program and calculate the same result. Therefore, the process to be collated needs to be a process that can be executed from the monitoring partition 22 in the same manner as the user application 31. As such a process, for example, an arithmetic process of the CPU 11, a process of reading data from a non-exclusive area on the memory 16, a predetermined data reception process using the communication device 19, and the like can be adopted. Further, a set of processes in which such process steps are combined can be adopted.

<Calculation collation processing>
Subsequently, the entire flow of the arithmetic collation process will be described with reference to the sequence diagram and the flowchart.
FIG. 5 is a sequence diagram showing an example of the normal flow of arithmetic collation processing. FIG. 6 is a sequence diagram showing an example of the flow when the arithmetic collation process is abnormal. FIG. 7 is a flowchart showing an example of the procedure of the arithmetic collation processing executed by the arithmetic collation module.

As shown in FIGS. 5 and 6, it is assumed that the CPU 11 shifts the processing to the processing of the function with the collation request of the user application 31 (referred to as "information processing P1") while the information processing apparatus 1 is operating. For example, the process of "processing_A" in FIG. 3B corresponds to the case where the CPU 11 shifts to the process of the function "func_D.inspect (L1, M1)" with a collation request. Further, in the case of the flowchart of FIG. 4, it corresponds to the case where the CPU 11 shifts the processing to the information processing with the collation request (steps S5 to S9) after the processing of steps S1 to S4 without the collation request.

In the information processing P1 with the collation request, first, the process of the original function is executed in the process of the user application 31 (step S5), and then the collation request is output to the virtualization unit 24 via the guest OS 32. (Step S6). The collation request includes an index number for identifying the type of function, parameters that are arguments of the function, and the result of the function.
As shown in FIGS. 5 and 6, the collation request is sent from the virtualization unit 24 to the arithmetic collation module 415. As shown in FIG. 7, the arithmetic collation module 415 always waits for a collation request (step S11), and executes the collation process P2 (steps S12 to S15) when there is a collation request.

In the collation process P2, first, the arithmetic collation module 415 inputs a collation request (step S12), and reads the arithmetic program corresponding to the index number from the arithmetic program storage unit 415a (step S13). Further, the arithmetic collation module 415 executes an arithmetic program with parameters as arguments (step S14), obtains a result, and collates the result of the arithmetic program with the result of the function included in the collation request (step S15). If both results match, a normal collation result is obtained, and if both results do not match, an abnormal collation result is obtained.

As shown in FIG. 5, when the collation result is normal, the arithmetic collation module 415 returns the normal collation result to the process of the user application 31 via the virtualization unit 24 and the guest OS 32 (step S16). In the process of the user application 31, after the CPU 11 outputs the collation request, it waits until the collation result is returned (step S7 in FIG. 4), and the CPU 11 continues the subsequent information processing P3 based on the normal collation result. (Steps S8 and S9).

On the other hand, as shown in FIG. 6, when the collation result is abnormal, the arithmetic collation module 415 returns the abnormal collation result to the process of the user application 31 via the virtualization unit 24 and the guest OS 32 (step S17). .. In the process of the user application 31, if the collation result is waiting (step S7) and the collation result of the abnormality is returned, the subsequent information processing is interrupted.

Further, when the collation result is abnormal, the arithmetic collation module 415 generates an exception according to the collation result of the abnormality (step S18), whereby the exception processing is executed in the status monitoring module 416 and the abnormality is displayed to the notification module 412. A request is made. Based on this request, the notification module 412 causes the display device 17 to output a display of the collation abnormality. At this time, even if the image by the user application 31 is output to the display device 17, the image of the notification module 412 is overwritten and a display indicating a collation abnormality is output to the display device 17.

According to such an arithmetic collation process, by adding a collation request to a plurality of processes on the user application 31, abnormal operation is caused by the arithmetic collation module 415 in many processes during the execution of the user application 31. A check is made to see if it has occurred. Then, when the collation result is abnormal, the display device 17 is displayed to notify the abnormality. Therefore, for example, even if a person in charge of maintenance work of railway equipment executes the work by executing the user application 31 that supports the maintenance work on one information processing device 1, an abnormality occurs in the user application 31. If you do, you can quickly notice this anomaly. The clerk can then take the necessary steps to ensure fail-safe.

Further, depending on the virtual environment, the arithmetic collation module 415 is executed in the monitoring partition 22 different from the guest partition 21 in which the user application 31 is executed. Therefore, even if an abnormal operation occurs in the user application due to the abnormality of the guest OS 32, the abnormality of the guest OS 32 does not spread to the arithmetic collation module 415. Therefore, the arithmetic collation module 415 can detect the abnormal operation of the user application 31 with high reliability.

Further, in the above arithmetic collation process, the arithmetic collation module 415 can be made to collate the process by including the collation request code for designating the process to be collated in the user application 31. Therefore, if there is an existing user application running on the guest OS 32, the existing user application can be diverted and the matching process by the arithmetic matching module 415 can be performed by making only a small modification such as adding a matching request code. Can be made to correspond to.

<Operation check processing>
Next, the operation confirmation process executed by the keep-alive module 411 of the monitoring software 41 will be described. In the above-mentioned arithmetic collation process, a collation request is output from the process of the user application 31 and collation is performed. Therefore, it is difficult to detect an abnormal operation in which the user application 31 is interrupted in the middle only by the arithmetic collation process. Therefore, in order to promptly detect such an abnormal operation, the information processing device 1 is provided with a function of performing an operation confirmation process.

FIG. 8 is a sequence diagram showing an example of the flow of the operation confirmation process.
The operation confirmation process is mainly executed by the keep-alive module 411. In the operation check process, the keep-alive module 411 periodically inquires to the process of the user application 31. The inquiry is sent via the virtualization unit 24 and the guest OS 32. In the process of the user application 31, the CPU 11 responds to an inquiry if there is no interruption of operation such as a freeze. The response is returned to the keep-alive module 411 via the guest OS 32 and the virtualization unit 24. The keep-alive module 411 performs time measurement P5 until a response is returned after the inquiry, and determines that the response is normal if there is a response within a predetermined time. If the determination is normal, the keep-alive module 411 continues the periodic inquiry.

On the other hand, as in the time measurement P6 of FIG. 8, if there is no response within a predetermined time after the inquiry, the keep-alive module 411 determines that it is abnormal and requests the virtualization unit 24 to stop the guest partition. Further, a display request is made to the notification module 412. As a result, the virtualization unit 24 stops allocating the hardware resource to the guest partition 21, and the operation of the guest OS 32 and the user application 31 is interrupted. Further, display data is output from the notification module 412 to the display device 17, and a display notifying the abnormality such as "application abnormality" is output from the display device 17. At this time, even if the image by the user application 31 is output to the display device 17, the image of the notification module 412 is overwritten and a display indicating a collation abnormality is output to the display device 17.

In the operation confirmation process, in the process of the user application 31, the CPU 11 performs a process of responding to an inquiry input via the virtualization unit 24. Such processing is usually not included in existing applications running on the guest OS of the physical machine. Therefore, when the user application 31 is created by diverting the existing application, it is necessary to modify the existing application to correspond to the operation confirmation process.

The guest OS 32 includes a mechanism called a message queue for transmitting a message from hardware (for example, input information of the touch panel 18) or a message from another process to an application process. Further, the application running on the guest OS 32 includes message processing corresponding to the message queue. The message queue is a mechanism that collects multiple messages sent to the application and accumulates them in order. Message processing is a process that reads messages in order from the message queue and distributes them to the processes corresponding to the messages. be.

In the operation confirmation process of the present embodiment, the inquiry is made via the message queue of the guest OS 32. That is, when an inquiry is sent from the virtualization unit 24, the virtual machine 33 sends this inquiry as a message to the message queue of the guest OS 32. Further, the response is performed by using the message processing of the user application 31.
FIG. 9 is a flowchart showing an example of message processing of a user application that responds to an inquiry for operation confirmation processing.

As shown in FIG. 9, a process (step S22) for determining whether or not the message is an inquiry for the operation confirmation process is added to the message process of the user application 31. Further, a process (step S23) of sending a response to the virtualization unit 24 via the guest OS 32 in the case of an inquiry is added. As the process of reading messages in order from the message queue (step S21) and the process of discriminating other messages and processing according to other messages (steps S24 to S24n, S25 to S25n), existing ones are diverted.
With such a configuration of the virtual machine 33 and the user application 31, the operation confirmation process shown in FIG. 8 is realized.

According to the operation confirmation process described above, when an abnormality occurs in which the user application 31 freezes and stops the operation, such an abnormality is promptly detected and the display device 17 is subjected to the abnormal operation. It is possible to output a display notifying the occurrence. Therefore, the person in charge of using the information processing device 1 can promptly notice the occurrence of the abnormal operation and take measures to realize fail-safe. Further, the keep-alive module 411 is executed in the monitoring partition 22 different from the guest partition 21 in which the user application 31 operates. Therefore, for example, even if the user application 31 is stopped due to an abnormality in the guest OS 32, the abnormality in the guest OS 32 does not spread to the keep-alive module 411. Therefore, the operation check of the user application 31 can be performed with high reliability.

Although each embodiment of the present invention has been described above, the present invention is not limited to the above-described embodiment. For example, in the above embodiment, the monitoring software 41 has been described by taking as an example a configuration in which the notification module 412 notifies the user of the information processing apparatus 1 of an abnormality when an operation abnormality of the user application 31 is confirmed. However, the monitoring software 41 may be provided with a function module that performs processing for realizing fail-safe, and the monitoring software 41 may adopt a configuration that drives the above-mentioned function module when an operation abnormality is confirmed. .. Further, in the above embodiment, the function included in the user application 31 is shown as an example of the processing to be collated, but the form is not limited to the function, and a series of processing steps in the user application 31 is used as the processing to be collated. The specified configuration may be adopted. Further, it has been explained that in the above embodiment, the processing of the collation target of the user application 31 and the collation processing executed by the arithmetic collation module 415 have different algorithms. However, these may be configured to have the same algorithm. Further, the virtualization unit may be a hypervisor type or a host OS type. In addition, the details shown in the embodiments can be appropriately changed without departing from the spirit of the invention.

1 Information processing device 11 CPU
12 Non-volatile memory 13 Virtualization OS program 14 Virtual machine storage 15 Monitoring partition storage 16 Memory 17 Display device 18 Touch panel 19 Communication device 21 Guest partition (first logical partition)
22 Monitoring partition (second logical partition)
23 System partition 25 Hardware resources 31 User application 32 Guest OS
33 Virtual machine 32a Guest OS program 41 Monitoring software 42 Highly reliable application interface 51 Service software 52 Virtualization unit interface 411 Keep alive module (operation check module)
412 Notification module 413 Diagnosis module 414 Logging module 415 Arithmetic verification module 415a Arithmetic program storage unit 416 Condition monitoring module

Claims (5)

Hardware including central processing unit, memory and display device,
A virtualization unit that manages a plurality of logical partitions including a first logical partition and a second logical partition in which the hardware resources are divided into a plurality of partitions, and a virtualization unit.
A virtual machine in which the user application is run via the guest OS and runs in the first logical partition,
An arithmetic collation module that operates in the second logical partition and collates the processing of the collation target in the user application.
With
The user application includes a collation request code for designating the process to be collated.
When the process of the collation target is executed, the virtual machine obtains the collation request, the specific information that identifies the process of the collation target, and the result of the process of the collation target based on the collation request code. It has a function to send from the OS to the virtualization unit.
Based on the collation request received from the virtualization unit, the arithmetic collation module executes a collation process specified by the specific information and corresponding to the process of the collation target, and the result of the collation process and the collation process are described. An information processing device characterized in that it collates with the result of processing to be collated. Further, an arithmetic program storage unit in which a plurality of types of arithmetic programs are readable by the arithmetic collation module is provided.
The operation collation module is characterized in that the collation process is executed by using the operation program specified by the specific information from among a plurality of types of operation programs stored in the operation program storage unit. The information processing device described. The information processing apparatus according to claim 1 or 2, wherein the collation process has an algorithm different from that of the collation target process. Claims 1 to 3 include a notification module that operates in the second logical partition and notifies the abnormality by using the hardware when the result of the collation by the arithmetic collation module is abnormal. The information processing apparatus according to any one of the above. The information processing apparatus according to any one of claims 1 to 4, further comprising an operation confirmation module that operates in the second logical partition and repeatedly confirms the operation of the user application.

Images