CN117724902A - Nonvolatile data redundancy method in security system design - Google Patents
Nonvolatile data redundancy method in security system design Download PDFInfo
- Publication number
- CN117724902A CN117724902A CN202311790287.8A CN202311790287A CN117724902A CN 117724902 A CN117724902 A CN 117724902A CN 202311790287 A CN202311790287 A CN 202311790287A CN 117724902 A CN117724902 A CN 117724902A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- valid
- nonvolatile
- area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000013461 design Methods 0.000 title claims abstract description 19
- 238000012937 correction Methods 0.000 claims abstract description 7
- 238000001514 detection method Methods 0.000 claims abstract description 6
- 238000010276 construction Methods 0.000 claims description 6
- 238000005192 partition Methods 0.000 claims description 6
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000013500 data storage Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 abstract description 2
- 230000008447 perception Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000005670 electromagnetic radiation Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000008672 reprogramming Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Abstract
The invention belongs to the technical field of nonvolatile data storage, and particularly relates to a nonvolatile data redundancy method in a security system design, which comprises the following steps: using toggle writing: two different memory blocks are arranged in the Flash memory, and two areas A and B are respectively allocated in the two memory blocks to store the same data; using a checksum: after each writing of data, calculating the checksum of the data and storing the checksum together; when the data is read, calculating the checksum again and comparing the checksum with the stored checksum to detect whether the data has errors or not; using a file system: a simple file system can be used to manage the Flash memory; increase detection and correction: the ECC is adopted for detection and correction, so that the accuracy of data and the service life of the Flash memory can be improved; compared with the prior art, the invention achieves the function of the NVM by operating the Flash memory through software, and reduces the hardware cost and the system complexity compared with the external eeprom.
Description
Technical Field
The invention relates to the technical field of nonvolatile data storage, in particular to a nonvolatile data redundancy method in a security system design.
Background
In the design of the safety system, in order to protect the functional failure caused by the random failure of the hardware, different design methods are used from the common electronic products, the design methods have recommended method lists in functional safety standards such as IEC61508 and ISO26262, and different design methods can be applied according to different components of the electronic system.
Obviously, the writing speed of the analog EEprom is far faster than that of the plug-in EEprom (with a data transmission mechanism); secondly, the plug-in EEPROM can realize data writing without erasing; while simulating EEProm requires pre-write erase, power failures and other anomalies (e.g., resets) that may interrupt the erase process need to be accounted for in designing Flash memory management software because Flash program and erase operations are quite long.
The wear balancing algorithm monitors and evenly distributes the use frequency of the flash page writing and erasing operation; before the wear balancing algorithm is not adopted, the page use frequency is not the same; for example, some data may be updated frequently (e.g., DTCs) and some data may not be updated frequently (e.g., VIN codes, etc.), it is apparent that Flash storing DTCs may be erased frequently and that the DID's may be stored for a long time or may be modified little.
The wear leveling algorithm is to solve the contradiction and ensure that all available erasing times of all pages of the flash are utilized. The wear leveling algorithm increases the life of the analog EEPROM and, knowing the required size and target number of uses of the analog EEPROM, calculates the Flash size for that purpose.
The method provided by the invention is mainly applied to hardware redundancy, information redundancy and software redundancy.
Disclosure of Invention
In view of the shortcomings of the prior art, an object of the present invention is to provide a method for redundancy of nonvolatile data in a security system design, which solves the above-mentioned technical problems.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a method of nonvolatile data redundancy in a security system design, comprising:
using toggle writing: two different memory blocks are arranged in the Flash memory, and two areas A and B are respectively allocated in the two memory blocks to store the same data; when writing new data, firstly writing in an area A and then writing in an area B; when reading data, firstly reading the area A, and if the data in the area A is wrong, reading the area B;
using a checksum: after each writing of data, calculating the checksum of the data and storing the checksum together; when the data is read, calculating the checksum again and comparing the checksum with the stored checksum to detect whether the data has errors or not;
using a file system: a simple file system can be used to manage the Flash memory;
increase detection and correction: the ECC is adopted for detection and correction, so that the accuracy of data and the service life of the Flash memory can be improved.
Further, a storage-based file system is constructed in FLASH memory, the file system can provide a series of record documents, and one or more variables are stored in each record document; each record document also contains an identifier, and the identifier provides the size of the record content and whether the content is valid or invalid;
the FLASH blocks are set as nonvolatile storage blocks, and an effective block is selected from the FLASH blocks, and the data file is stored in the effective block; for updating the data, the data document is stored in the next valid block; when reading a data, returning the data which has the index and is written in latest and has the matched state mark;
when one valid block is full, all valid data documents in the valid block are backed up to a new memory block of the other nonvolatile memory by software; this new memory block becomes a valid data block, the previous valid block being erased; during the memory block exchange, the obsolete data file is cleared and the new valid data block is applied to the next data update.
Further, the data in the FLASH memory is divided into a data area and a perception data area, the data area is used for storing variables and programs, and the perception data area contains all management information and index data related to the data;
the sensing data in the sensing data area is removed in a data status area for recovering error and maintenance related data, an ID area for identifying the data contained in the data attribute construction, and a range area for determining the size of the data portion data.
Further, before adding a new word in the valid block, the software of the nonvolatile memory block is located at the first erased position of the memory;
the data is written continuously into the effective block, the rest position of the memory is erased, and the data writing process comprises the following steps:
s1, writing invalid data state identification,
s2, write address and size range, and other data write ECC,
s3, writing the rest data,
s4, writing the effective data state identification.
Further, updating the data written into the FLASH memory, and adding the updated data to the data list; when addressing a data attribute construct with an address, the last data to match an ID is the most recently updated data.
Further, when a software program requests to read the data, the program of the nonvolatile memory block must be located on the data: the software program supports data ID, the program of the nonvolatile memory block compares the ID of each data through the data list, and the program of the nonvolatile memory block returns the last data document matched with the ID; starting from the first data in the memory block, the data table is compared one by one according to the following steps:
a1, checking the data state identification by the program of the nonvolatile memory block,
a2, checking the ID of the data by the program of the nonvolatile memory block,
a3, the range size of the program read data of the nonvolatile memory block and the address of the next data are calculated by using the range size,
a4, the program of the nonvolatile memory block moves to the next data, and the loop execution is repeated from the step A1.
Further, after adding and updating some data, there is not enough erased space in the valid data block to perform the update or add data operation, at which stage the program of the nonvolatile memory block performs a data block swap by copying valid data from the valid data block into the alternate data block.
Further, after the replacement data block is selected, the software reads the content of the valid data block and copies the ID of the latest data to the replacement data block; the replacement data block is marked as a valid data block corresponding to a subsequent data access and the software erases and verifies the last valid data block in preparation for the next operation.
Further, for each recorded data, one data is recorded in a data block of a different partition; writing update data in two data blocks whenever the data needs to be updated; when writing update data in one of the data blocks, the data copied from the other data block can still be read.
Furthermore, the file system can adopt a FAT file system, is easy to realize, and can meet the requirement of the automotive electronics field on simple and easy operation of the data structure.
By adopting the technical scheme, the invention has the beneficial effects that:
1. the invention provides a Flash memory which achieves the function of NVM through software operation, and reduces hardware cost and system complexity compared with external eporom.
2. The NVM space can be distributed to the area A and the area B through reasonably planning Flash memory blocks by software, so that the flexibility of the system is improved.
Drawings
FIG. 1 is a diagram of a 4-byte ECC data attribute configuration in an embodiment of the present invention.
FIG. 2 is a diagram of a 4-byte ECC data attribute configuration in accordance with an embodiment of the present invention.
FIG. 3 is a data table of an effective memory block write data attribute construction in accordance with an embodiment of the present invention.
Fig. 4 is a schematic flow chart of continuous access according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
And constructing a file system based on storage in the FLASH memory. This file system may provide a series of records documents, each record holding one or more variables. Each record also contains an identification that provides the size of the recorded content as valid or invalid.
FLASH blocks set as nonvolatile memory blocks, and a valid block is selected from the FLASH blocks, and the data document is stored in the valid block. To update the data, the data document is stored in the next valid block. When reading a data, the data with index and the latest written with matched state mark is returned.
When this valid block is full, all valid data documents in this valid block are software backed up to another new block of nonvolatile storage. This new block becomes a valid block and the previous valid block is erased. During this block exchange, the obsolete data document is purged and the new valid data block is applied to the next data update.
1. Data attribute construction
Regarding the FLASH memory byte distribution pattern, the icons shown in FIGS. 1 and 2 show two types of data constructs for this layout. The data is largely divided into two parts: a data area for storing variables and programs; the perception data area contains all management information and index data related to the data. These perceptual data are removed in the following additional areas:
a data status field, which typically applies recovery errors and maintenance related data.
An ID field, which typically applies to identify the data contained in the data attribute construct.
A range area, which area is typically applied to determine the size of the data portion.
The length of the ID area and the range area may vary, but the data status area must be adapted to a specific condition. The additional area may add sense data, but the non-volatile memory block scheme can only use the listed three areas.
2. ECC and data attribute construction
ECC-error correction codes are commonly used to monitor and correct memory for exposure to electromagnetic radiation. And reprogramming the status flag bit constructed by the data attribute according to the status of the data. Normally, the FLASH memory is written, and the FLASH memory must be erased first, but the status flag bit of the modified data attribute structure may not be erased.
3. Adding and updating attribute constructs
The software of the nonvolatile memory block is located at the first erase of the memory before a new word is added to the valid block. Data is written continuously into this active block and the remaining locations of the memory are erased.
The data writing process comprises the following steps:
s1, writing invalid data state identification
S2, write address and size range, and other data write ECC
S3, writing the rest data
S4, writing effective data state identification
The multiple design operations ensure correctness, wherein valid and invalid data state identifications are selected according to ECC rules. The following table gives the suggested values for the data state identifiers;
| Status | 4 byte ECC range | 8 byte ECC range |
| $empty | 0xFFFF_FFFF | 0xFFFF_FFFF_FFFF_FFFF |
| $invalid | 0x0000_FFFF | 0x0000_0000_FFFF_FFFF |
| $valid | 0x0000_0000 | 0x0000_0000_0000_0000 |
Updating the data which has been written into the FLASH memory, and adding the updated data to the data list. When addressing a data attribute construct with an address, the last data to match an ID is the most recently updated data.
As shown in fig. 3, an example is shown: the active memory block contains several written data attribute constructs. In this example, the device is restarted when the second data is added. When the second data is not fully added, the data state identification is $invalid.
4. Read data attribute construction
When the main software program requires reading of such data, the program of the nonvolatile memory block must be located on this data. The main program supports data IDs and the program of the nonvolatile memory block compares the IDs of each data through the data list. The program of the nonvolatile memory block returns the last data document that matches the ID.
Starting from the first data in the data block, the data table is compared one by one according to the following steps:
a1, checking the data state identification by the program of the nonvolatile memory block.
A2, checking the ID of the data by the program of the nonvolatile memory block.
A3, the range size of the program read data of the nonvolatile memory block and the address of the next data are calculated by using the range size.
A4, the program of the nonvolatile memory block moves to the next data, and the loop execution is repeated from the step A1.
5. Exchanging data blocks
After some data is added and updated, there is insufficient erased space in the valid data block to perform the update or add data operation. At this stage, the program of the nonvolatile memory block performs a data block exchange by copying valid data from the valid data block into the substitute data block.
At any time the software erases the block, the software then verifies the block, and the data of the erased block is set to 1. Some of the verified erased blocks may be used as replacement blocks in a block swap operation.
After the replacement data block is selected, the software reads the contents of the valid data block and copies the ID of this latest data into the replacement data block. This replacement data block is marked as a valid data block corresponding to a subsequent data access, etc., and the software erases and verifies the last valid data block in preparation for the next operation.
At the beginning of the data block, there is a data block identification status of one or 2 bytes. Data block status identification area
The same identification status area as the data is used. There are four data block status identifications:
(1) $ erased-all erased blocks have a default value of 1.
(2) Verifiable-erased data block.
(3) Copy-is used as a replacement data block in a data block exchange.
(4) The $ active-data block is used as the valid data block.
The following table gives suggested values for the status identification of the data block
| Status | 4 byte test reference, 8 bit group | 8 byte test reference, 16 bit group |
| $erased | 0xFFFF_FFFF | 0xFFFF_FFFF_FFFF_FFFF |
| $verified | 0x00FF_FFFF | 0x0000_FFFF_FFFF_FFFF |
| $copy | 0x0000_FFFF | 0x0000_0000_FFFF_FFFF |
| $active | 0x0000_0000 | 0x0000_0000_0000_FFFF |
The following table shows the data block state changes during the data block exchange operation at different stages.
| Stage(s) | Status of data A | Status of data B | Operation of |
| A | $active | $verified | Valid data block a and verification of the initial state of erased data block B |
| B | $active | $verified→$copy | The software sets the state of data block B to $copy, indicating that the data block exchange operation is to begin |
| C | $active | $copy | Software copies data in data block A to data block B |
| D | $active | $copy→$active | Software end copy data, software set data block B is a new valid data block |
| E | $active→$erased | $active | Software erase data block A |
| F | $erased→$verified | $active | Software core real numberWhether the data block A is completely erased or not, and setting the state of the data block A to be $verify |
6. Continuous read access
For each recorded data, one data is recorded in a data block of a different partition. The nonvolatile memory block software writes the update data in two data blocks whenever the data needs to be updated. When software writes updated data in one of the data blocks, the data copied from the other data block can still be read.
The two data blocks from each partition serve to ensure a nonvolatile copy of each data block at any time. One of the data blocks is used as a valid data block and the other is used as a replacement data block for the swap data block operation.
As shown in fig. 4, it is assumed that an additional data block C (Update 1) exists in the same partition as data block a, and data block D, B is within one partition. When A, B data blocks are full, the data blocks are exchanged to corresponding C, D respectively. The data block exchange is performed in a loop, so that when data block a is exchanged to C (Update 1), the data in data block B can still be read. Similarly, when data block A, B is converted, the data in data block C can be read as data block B, D is converted.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the invention, but one skilled in the art can make common changes and substitutions within the scope of the technical solution of the present invention.
Claims (10)
1. A method of nonvolatile data redundancy in a security system design, comprising:
using toggle writing: two different memory blocks are arranged in the Flash memory, and two areas A and B are respectively allocated in the two memory blocks to store the same data; when writing new data, firstly writing in an area A and then writing in an area B; when reading data, firstly reading the area A, and if the data in the area A is wrong, reading the area B;
using a checksum: after each writing of data, calculating the checksum of the data and storing the checksum together; when the data is read, calculating the checksum again and comparing the checksum with the stored checksum to detect whether the data has errors or not;
using a file system: a simple file system can be used to manage the Flash memory;
increase detection and correction: the ECC is adopted for detection and correction, so that the accuracy of data and the service life of the Flash memory can be improved.
2. A method of nonvolatile data redundancy in a security system design as in claim 1, wherein a storage-based file system is constructed in FLASH memory, the file system providing a series of records, each record storing one or more variables; each record document also contains an identifier, and the identifier provides the size of the record content and whether the content is valid or invalid;
the FLASH blocks are set as nonvolatile storage blocks, and an effective block is selected from the FLASH blocks, and the data file is stored in the effective block; for updating the data, the data document is stored in the next valid block; when reading a data, returning the data which has the index and is written in latest and has the matched state mark;
when one valid block is full, all valid data documents in the valid block are backed up to a new memory block of the other nonvolatile memory by software; this new memory block becomes a valid data block, the previous valid block being erased; during the memory block exchange, the obsolete data file is cleared and the new valid data block is applied to the next data update.
3. The method for redundancy of nonvolatile data in a security system according to claim 1, wherein the data in said FLASH memory is divided into a data area and a sense data area, the data area is used for storing variables and programs, and the sense data area contains all management information and index data related to the data;
the sensing data in the sensing data area is removed in a data state area, an ID area and a range area, the data state area is used for recovering error and maintenance related data, the ID area is used for identifying the data contained in the data attribute construction, and the range area is used for determining the size of data of the data part.
4. A method of nonvolatile data redundancy in a security system design as claimed in claim 3, wherein the software of the nonvolatile memory block is located at the first erase location of the memory before a new word is added to the valid block;
the data is written continuously into the effective block, the rest position of the memory is erased, and the data writing process comprises the following steps:
s1, writing invalid data state identification,
s2, write address and size range, and other data write ECC,
s3, writing the rest data,
s4, writing the effective data state identification.
5. A method of nonvolatile data redundancy in a security system design as in claim 4, wherein the data already written to FLASH memory is updated and the updated data is added to the list of data; when addressing a data attribute construct with an address, the last data to match an ID is the most recently updated data.
6. The method of claim 5, wherein when the software program requests to read the data, the program of the nonvolatile memory block must be located on the data: the software program supports data ID, the program of the nonvolatile memory block compares the ID of each data through the data list, and the program of the nonvolatile memory block returns the last data document matched with the ID; starting from the first data in the memory block, the data table is compared one by one according to the following steps:
a1, checking the data state identification by the program of the nonvolatile memory block,
a2, checking the ID of the data by the program of the nonvolatile memory block,
a3, the range size of the program read data of the nonvolatile memory block and the address of the next data are calculated by using the range size,
a4, the program of the nonvolatile memory block moves to the next data, and the loop execution is repeated from the step A1.
7. A method of nonvolatile data redundancy in a security system design as claimed in claim 6, wherein after adding and updating some data there is insufficient erased space in the valid data block to perform the update or add data operation, at which stage the program of the nonvolatile memory block performs data block exchange by copying valid data from the valid data block into the alternate data block.
8. A method of nonvolatile data redundancy in a security system design as in claim 7, wherein after the replacement data block is selected, the software reads the contents of the valid data block and copies the ID of the most current data into the replacement data block; the replacement data block is marked as a valid data block corresponding to a subsequent data access and the software erases and verifies the last valid data block in preparation for the next operation.
9. A method of nonvolatile data redundancy in a security system design as in claim 8, wherein for each recorded data, one data is recorded in a data block of a different partition; writing update data in two data blocks whenever the data needs to be updated; when writing update data in one of the data blocks, the data copied from the other data block can still be read.
10. A method of nonvolatile data redundancy in a security system design according to claim 2, wherein the file system is a FAT file system, which is easy to implement and capable of meeting the requirements of the automotive electronics field for simple and easy operation of the data structure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311790287.8A CN117724902A (en) | 2023-12-25 | 2023-12-25 | Nonvolatile data redundancy method in security system design |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311790287.8A CN117724902A (en) | 2023-12-25 | 2023-12-25 | Nonvolatile data redundancy method in security system design |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117724902A true CN117724902A (en) | 2024-03-19 |
Family
ID=90201425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311790287.8A Pending CN117724902A (en) | 2023-12-25 | 2023-12-25 | Nonvolatile data redundancy method in security system design |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117724902A (en) |
-
2023
- 2023-12-25 CN CN202311790287.8A patent/CN117724902A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6865658B2 (en) | Nonvolatile data management system using data segments and link information | |
| US6381176B1 (en) | Method of driving remapping in flash memory and flash memory architecture suitable therefor | |
| US5479637A (en) | Method and device for updating information elements in a memory | |
| KR100849446B1 (en) | Storage device, memory managing apparatus, memory managing method, and computer-readable recording medium | |
| CN101401076B (en) | Method and apparatus for using a one-time or few-time programmable memory with a host device designed for erasable/rewriteable memory | |
| US6560703B1 (en) | Redundant updatable self-booting firmware | |
| US20090265403A1 (en) | File system | |
| EP0615184A2 (en) | Nonvolatile memory | |
| CA2021274C (en) | Non-volatile memory usage | |
| US6839798B1 (en) | Flash memory capable of storing frequently rewritten data | |
| US6516400B1 (en) | Data storage, data processing system and method | |
| KR20040014971A (en) | Non-volatile memory control method | |
| JP3472008B2 (en) | Flash memory management method | |
| JP3576625B2 (en) | Data management method for flash memory card and data processing device using the data management method | |
| CN111966287B (en) | Data storage method, electronic device and storage medium | |
| US20070136510A1 (en) | Storage device, memory managing device, memory managing method, and program | |
| TWI394170B (en) | Link table recovery method | |
| CN111459708B (en) | Bad block processing method and device | |
| JP2009064238A (en) | Memory system | |
| CN112558868A (en) | Method, device and equipment for storing configuration data | |
| CN117724902A (en) | Nonvolatile data redundancy method in security system design | |
| CN107257281B (en) | Method, apparatus and computer readable storage medium for NOR F L ASH storage key record | |
| JP3675375B2 (en) | Nonvolatile memory and data rewriting method of nonvolatile memory | |
| KR102072351B1 (en) | Method for managing a flash memory | |
| JP4866114B2 (en) | MEMORY CONTROLLER, NONVOLATILE MEMORY DEVICE, NONVOLATILE MEMORY SYSTEM, AND MEMORY CONTROL METHOD |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |