GB2259161A - System recovery - Google Patents

System recovery Download PDF

Info

Publication number
GB2259161A
GB2259161A GB9118291A GB9118291A GB2259161A GB 2259161 A GB2259161 A GB 2259161A GB 9118291 A GB9118291 A GB 9118291A GB 9118291 A GB9118291 A GB 9118291A GB 2259161 A GB2259161 A GB 2259161A
Authority
GB
United Kingdom
Prior art keywords
interrupt
control means
system reset
generated
invalid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9118291A
Other versions
GB9118291D0 (en
GB2259161B (en
Inventor
Nissim Farhuma
Doron Green
Orna Kamin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Israel Ltd
Original Assignee
Motorola Israel Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Israel Ltd filed Critical Motorola Israel Ltd
Priority to GB9118291A priority Critical patent/GB2259161B/en
Publication of GB9118291D0 publication Critical patent/GB9118291D0/en
Publication of GB2259161A publication Critical patent/GB2259161A/en
Application granted granted Critical
Publication of GB2259161B publication Critical patent/GB2259161B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0745Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in an input/output transactions management context
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1417Boot up procedures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Retry When Errors Occur (AREA)

Abstract

A software-initiated system reset 10 is generated in response to invalid interrupts generated within a system which comprises control means for maintaining system control, and at least one device external to and under the control of the control means. An assessment as to the validity of an interrupt generated within the system is made, 14, whereupon the system reset is actuated, 15-19, 21-24, in response to an invalid interrupt and a software generated system reset signal is provided for the external device. Moreover, the actuation of the system reset causes the external device to be reset together with the control means. The invention alleviates problems, caused by inappropriate accessing of normally-unused interrupt vectors, due e.g. to noise spikes, RF transmissions and hardware or software failures. <IMAGE>

Description

Svstem Recovery.
Background to the Invention.
This invention relates, in general, to an interrupt handling protocol within a computer and is particularly, but not exclusively, applicable to a synchronised reset of a system in response to spurious interrupt requests.
Summarv of the Prior Art.
An operational computer or microcontroller is often coupled to several peripheral devices to form a system. These devices typically include shift registers, external memories and slave microprocessors.
Under normal operation, the computer or microcontroller generates interrupt vectors within its program in response to either software code or received interrupt requests from these external peripherals.
These interrupt vectors act as pointers towards specific areas of program code which deal with each interrupt request. There are, however, only isolated instances when the necessity arises to utilise every interrupt vector within the computer or microcontroller.
Under system operating conditions, spurious interrupt vectors are generated by, amongst other things, noise spikes, radio frequency (RF) transmissions and hardware or software failures.
These spurious vectors correspond to unused interrupt vectors and, as a consequence, respectively cause the termination or malfunction of a program or the system. In order to alleviate the problems caused by this inappropriate accessing of unused interrupt vectors, the system RESET interrupt vector is, in most cases, assigned to these locations. Unfortunately, when a system RESET interrupt vector is initiated, prior art methods do not take account of the general system operating parameters. For example, default assignments, essential for legitimate program operation of internal computer or microcontroller registers, may not be established.In the case of the MC68HC-11 microprocessor, manufactured by Motorola Inc., the internal -registers will be set at a value determined by the system RESET interrupt instead of the value determined by the default assignment and, as a consequence, a program malfunction will occur.
Additional disadvantages within the prior art manifest themselves in different forms. First, a system RESET interrupt may not reset external hardware associated with the computer or microcontroller. This has the consequence that overall system synchronisation is likely be affected. Second, the computer or microcontroller is unable to identify the source of spurious interrupts, and therefore has limited diagnostic capabilities. Third, when the system contains a slave microprocessor, the slave microprocessor remains unaware of the fact that a system RESET interrupt has occurred. This lack of communication inevitably leads to conflict between the microprocessors.
It can clearly be appreciated that there is a requirement for a system which clearly identifies an illegal or spurious interrupt and which can react accordingly.
Summary of the Invention.
This invention addresses at least some of the disadvantages set out in the prior art described above. In accordance with the present invention, there is provided a method for generating a software initiated system reset in response to invalid interrupts generated within the system. The system comprises control means for maintaining system control, and at least one device external to and under the control of said control means. An assessment as to the validity of an interrupt generated within the system is made, whereupon the system reset is actuated in response to an invalid interrupt and a software generated system reset signal is provided for the external device.Moreover, the actuation of the system reset causes the external device to be reset together with the control means A preferred embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings.
Brief Description of the Drawings.
Fig. 1 illustrates a preferred embodiment of a flow diagram of an interrupt handling routine in accordance with the invention.
Detailed Description of the Preferred Embodiment.
Fig. 1 illustrates an interrupt handling protocol for a microprocessor, such as the MC68HC-l 1 manufactured by Motorola Inc. The protocol is based around the activation of a hardware RESET port of the microprocessor and is implemented by means such as an internal watchdog timer time-out or a clock monitor fail.
At system initialisation, a total system reset is performed and each unused interrupt vector is uniquely assigned a specific address relating to a servicing and diagnostics routine for the spurious and invalid accessing thereof 10. After this start-up routine, software within the microprocessor is activated 11. At some time later, a valid or spurious (invalid) interrupt vector 12, corresponding to an address of a service routine, is respectively generated by either: (i) software code or received interrupt requests from an external peripheral, such as a shift register; or (ii) a microprocessor malfunction brought about by the mechanisms as described in the prior art. The software within the microprocessor performs a jump 13 to the service routine designated by the address stored at the interrupt vector.Upon accessing the service routine, the program immediately identifies the routine as being valid or invalid 14 . If the address generated is found to represent a valid routine, the routine is activated 20 and the software program returns to the software execution loop 11. However, if the generated address is found to be false, a diagnostics and full system reset loop is initiated.
Code located at an address generated by a spurious (invalid) interrupt vector specifically identifies its point of origin. In addition, since each generated address is unique to each valid or spurious (invalid) interrupt, the program immediately Tecognises whether or not a watchdog timer time-out (COP Failure) has been generated 15. In the case of a spurious (invalid) interrupt, a diagnostics flag may be raised 16 to indicate the originating location thereof. In order that the system and its associated peripherals are simultaneously reset through a software initiated regime, a watchdog timer time-out must now be initiated. This is achieved by clearing the interrupt enable flag 17 and then generating a delay loop 18. The interrupt enable flag is cleared by a software initiated reset of the flag.Furthermore, it is this delay loop which then causes the COP Failure. This delay loop may, for example, be achieved by remaining within a loop contained at the interrupt address or by jumping to another pre-assigned interrupt vector and remaining therein.
If a watchdog timer time-out is registered by the software, an entire system reset, including the setting of the default assignments of any external peripherals, is initiated automatically by the hardware RESET port 21. The system reset is activated by, for example, a reset pin, such as pin 17 on the MC68HC-11. The software determines whether a diagnostics flag has been raised to indicate a spurious (invalid) interrupt 22. If a diagnostics flag has not previously been set, the flag for a COP failure is raised 23 The software subsequently jumps to the RESET routine 24, at which point system initialisation 10 begins again.
By once again considering the MC68HC-ll as a typical example, an internal watchdog timer circuit (termed the computer operating properly or COP Failure timer) is enabled by a NOCOP bit in the CONFIG register. A COP Failure is registered if the program code fails to write contiguous hexadecimal instructions $55 and $AA to the COPRST -register within a time interval smaller than the COP timer period. These reset instructions are implemented by either a program segment within a major software program loop/execution or by an interrupt routine which is independent of the main program loop. The reset instruction would, under normal operating conditions, be activated by the internal software timers of an 8MHz MC68HC-1 1 at typical time periods of approximately toms, although it should be apparent to one skilled in the art that this period is subject to the desired operating frequency of the chip and can therefore vary.
It can clearly be appreciated that an invention so designed and described would produce the novel advantages of a microprocessor based system with enhanced diagnostic properties and an interrupt handling protocol capable of identifying illegal or spurious interrupts. Furthermore, the invention allows for the synchronised reset of the microprocessor based system in general.
It will, of course, be understood that the above description has been given by way of example only, and that modifications of detail, such as the the application of the invention to other microprocessors employing identical or similar methodologies to that of COP Failure, can be made within the scope of the invention.

Claims (11)

Claims.
1. A method of generating a software initiated system reset in response to invalid interrupts generated within the system, the system comprising: control means for maintaining system control; and at least one device external to and under the control of the control means; wherein the method comprising the steps of: assessing the validity of an interrupt generated within said system (14); actuating the system reset (15-19, 21-24) in response to an invalid interrupt and providing a software generated system reset signal to the external device, whereby the external device is reset together with the control means (10).
2. A method of of generating a system reset in accordance with claim 1, wherein the step of actuating the synchronised system reset further comprises the steps of: uniquely assigning a specific address within the control means to interrupt vectors within said control means, wherein said address contains a diagnostics indicator for identifying the interrupt vector from which an invalid accessing instruction emanated (16).
3. A method of of generating a system reset in accordance with claim 2, wherein the step of actuating the synchronised system reset further comprises the steps of: remaining at said address, generated by an invalid interrupt, for a predetermined time period greater than that required by the control means to initiate a time-out (18).
4. A method of of generating a system reset in accordance with claim 3, wherein the control means identifies whether an invalid interrupt has been generated in response to a time-out.
5. A method of of generating a system reset in accordance with claim 4, wherein the control means interrogates itself to identify whether a diagnostics indicator has been previously raised and, if false, raises a time-out diagnostics indicator.
6. A method of of generating a system reset in accordance with claim 2, wherein the predetermined time period is typically within the range of lOms to 1 second.
7. A method of of generating a system reset in accordance with any one of the preceding claims, wherein the invalid interrupt is generated externally to said control means.
8. A method of of generating a system reset in accordance with any one of the preceding claims, wherein the control means is a microprocessor.
9. A method of generating a system reset in response to invalid interrupts, generated within the system, as substantially described herein and with reference to Figure 1.
10. A microprocessor system comprising: control means for maintaining system control, said control means having means for generating interrupts to interrupt system control and system reset means for resetting system control; and at least one device external to and under the control of the control means; means for assessing the validity of an interrupt generated within said system (14); means for actuating the system reset (15-19, 21-24) in response to an invalid interrupt and means for providing a software generated system reset signal to the external device in the event of an invalid interrupt, whereby the external device is reset together with the control means (10).
11. A system according to claim 10, wherein the means for assessing the validity of an interrupt comprises means for assigning addresses to interrupt vectors and means for identifying the address corresponding to a generated interrupt vector as a valid or invalid address.
GB9118291A 1991-08-24 1991-08-24 System recovery Expired - Fee Related GB2259161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9118291A GB2259161B (en) 1991-08-24 1991-08-24 System recovery

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9118291A GB2259161B (en) 1991-08-24 1991-08-24 System recovery

Publications (3)

Publication Number Publication Date
GB9118291D0 GB9118291D0 (en) 1991-10-09
GB2259161A true GB2259161A (en) 1993-03-03
GB2259161B GB2259161B (en) 1995-05-10

Family

ID=10700476

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9118291A Expired - Fee Related GB2259161B (en) 1991-08-24 1991-08-24 System recovery

Country Status (1)

Country Link
GB (1) GB2259161B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5634130A (en) * 1993-09-20 1997-05-27 International Business Machines Corporation Method and apparatus for spurious interrupt detection in a data processing system
US5701495A (en) * 1993-09-20 1997-12-23 International Business Machines Corporation Scalable system interrupt structure for a multi-processing system
DE10238547A1 (en) * 2002-08-22 2004-03-04 Bayerische Motoren Werke Ag Control system for fault correction in vehicle electronic units or sub-networks, interrupts energy feed to electronic unit(s) if it detects faulty function or unit failure, restarts after defined time

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3755787A (en) * 1972-04-26 1973-08-28 Bendix Corp System for providing interrupts in a numerical control system
EP0199221A1 (en) * 1985-04-26 1986-10-29 International Business Machines Corporation Noise resistant interrupt circuits

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3755787A (en) * 1972-04-26 1973-08-28 Bendix Corp System for providing interrupts in a numerical control system
EP0199221A1 (en) * 1985-04-26 1986-10-29 International Business Machines Corporation Noise resistant interrupt circuits

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5634130A (en) * 1993-09-20 1997-05-27 International Business Machines Corporation Method and apparatus for spurious interrupt detection in a data processing system
US5701495A (en) * 1993-09-20 1997-12-23 International Business Machines Corporation Scalable system interrupt structure for a multi-processing system
DE10238547A1 (en) * 2002-08-22 2004-03-04 Bayerische Motoren Werke Ag Control system for fault correction in vehicle electronic units or sub-networks, interrupts energy feed to electronic unit(s) if it detects faulty function or unit failure, restarts after defined time

Also Published As

Publication number Publication date
GB9118291D0 (en) 1991-10-09
GB2259161B (en) 1995-05-10

Similar Documents

Publication Publication Date Title
US5564040A (en) Method and apparatus for providing a server function in a logically partitioned hardware machine
KR100729793B1 (en) Smm loader and execution mechanism for component software for multiple architectures
EP0818736A2 (en) System for assigning boot strap processor in symmetric multiprocessor computer with watchdog reset
KR100620216B1 (en) Network Enhanced BIOS Enabling Remote Management of a Computer Without a Functioning Operating System
US20020099974A1 (en) Dual basic input/output system for a computer
US20050210222A1 (en) Optimized ordering of firmware modules
JP2002526860A (en) Apparatus and method for emulating I / O instructions for a correct processor and servicing a software SMI in a multiprocessor environment
JPH05242057A (en) Method for starting multi-processor system
KR960003409B1 (en) Ic circuit timer
JP2008117401A (en) System and method to determine healthy group of processors and associated firmware for booting system
US5063496A (en) Signaling attempted transfer to protected entry point bios routine
US4716586A (en) State sequence dependent read only memory
US6963970B2 (en) System and method for executing a fast reset of a computer system
JP3765201B2 (en) Computer system
JPH06242987A (en) Method and equipment for making host computer execute succession of normal processing of microprocessor in computer unit
US6725294B1 (en) Installation and access of a device handler for a peripheral device in a computer
GB2259161A (en) System recovery
US20030065875A1 (en) Reserved ROM space for storage of operating system drivers
US7275132B2 (en) Computing machine with hard stop-tolerant disk file management system
Cisco Troubleshooting the SNA View Mainframe Application
US6948095B2 (en) Methods and apparatus for dynamically loading a file on a target computer system
KR100803822B1 (en) Multithread System Loader for the mobile communication system
JPH1131068A (en) Reset vector switching method and information processor using the switching method
US6834357B2 (en) Establishing a pointer at a valid address location that is representative of a valid entry point of a communication routine
US6789211B2 (en) Storing in a reserved memory location data indicative of a stack location which stores the entry point of a dynamically loaded file

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20000824