GB2328299A - Data processing system for ensuring data consistency - Google Patents

Data processing system for ensuring data consistency Download PDF

Info

Publication number
GB2328299A
GB2328299A GB9814645A GB9814645A GB2328299A GB 2328299 A GB2328299 A GB 2328299A GB 9814645 A GB9814645 A GB 9814645A GB 9814645 A GB9814645 A GB 9814645A GB 2328299 A GB2328299 A GB 2328299A
Authority
GB
United Kingdom
Prior art keywords
task
facility
data
variables
interruption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9814645A
Other versions
GB2328299B (en
GB9814645D0 (en
Inventor
Ole See
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of GB9814645D0 publication Critical patent/GB9814645D0/en
Publication of GB2328299A publication Critical patent/GB2328299A/en
Application granted granted Critical
Publication of GB2328299B publication Critical patent/GB2328299B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/461Saving or restoring of program or task context

Abstract

The system provides a data-processing device having a first facility for executing a first data processing using global variables V1, V2, by means of a processor facility, a second facility for executing a second data processing by means of the processor facility which is configured in such a way that, at the start, it creates local copies GLK1, GLK2 of the global variables used by the first facility, and can be interrupted during the copying process by the first facility, a status indication flag F set by the second facility during the copying process and readable by the first facility for indicating when the copying process is active, the first facility being configured in such a way that, before the end of a respective interruption of the second facility, it checks whether the status indication flag is set and, if so, overwrites the local copy in the form of the global variable with its current value.

Description

Data-processing device and method
PRIOR ART
2328299 The present invention relates to a data-processing device and a corresponding data-processing method.
Although it is applicable to any data-processing devices, the present invention and also the problems underlying it are explained in relation to a data-processing device which is situated on board a motor vehicle and which is used to network various control appliances comprising sensor devices and actuator devices, for example the real-time-capable serial bus system referred to as "controller area networV (CAN).
A control appliance may be considered for setting an engine parameter, such as, for example, the fuel injection quantity. In said control appliance, various tasks or application programs which use the timeslicing method of a processor run in the operating system. In this connection, the computing time of the processor is divided up among all the tasks. Each task is allotted a share of the computer output cyclically or according to certain priorities. The switching back and forth between the tasks takes place, as a rule, at such high speed that the interruptions and restarts are not perceptible externally. All the data which are utilized by a plurality of tasks are defined as global variables.
If data are calculated in a task A which are further processed in another task B, data consistency must be ensured even if the task B can be interrupted at any time by the task A. In other words, before the termination of task B, its current data set must not change although the task A already provides fresh data after the interruption.
2 - For the purpose of more-detailed illustration of the problems, the following case of rotational speed control in an engine control appliance may be considered.
The engine control appliance calculates the manipulated variable of the rotational speed controller. The engine control appliance receives the rotational speed setpoint value to be controlled and also the operating mode, i.e. the controller response (e.g. proportional component, differential component, integral component etc.) via the CAN bus of the vehicle control appliance every 10 ms. The control parameters (control parameter set), i.e. the parameter set for the control module, are, however, calculated every 50 ms in the engine control appliance. Consequently it is clear that the engine control appliance must not accept any fresh data from the vehicle control appliance before the end of its respective processing time of 50 ms although the vehicle control appliance provides in principle such fresh data every 10 ms.
At present there are three approaches to ensuring data consistency 'm the prior art.
The first approach envisages the creation of local copies of the data calculated in the task having the higher priority at the start of the task having the lower priority.
A disadvantage of this procedure is that the data consistency is no longer ensured if the task of lower priority is interrupted during the actual copying process of the task of higher priority. After all, in this case, when the task of lower priority is continued after terminating the interruption, the copies already created are no longer refreshed, but the copying process is continued at the point of the interruption. After termination of the copying process, there is therefore inconsistency between the data copied first and last.
The second approach envisages the creation of local copies of the data as in the case of the first approach. During the copying process, however, any interruption 3 or interrupt is blocked so that the task having higher priority cannot "disturb" the task having lower priority.
However, this approach has the disadvantage that the interrupt blocking time can be exceeded during copying relatively large data sets, for example structures, which may result in a restart on the part of the operating system. This response is undesirable since it may paralyse the entire system, for example, in the case of engine control appliances, it may result in failures in the fuel injection or even in engine stoppage.
The third approach provides for the application of a "shared memory" or jointly used memory. This is a region in the working memory which is managed by the operating system and into which all the tasks can in principle write data or out of which all the tasks can in principle read data if the operating system allows it. To protect the data consistency in the case mentioned, the task of higher priority can write into the shared memory again only if the task of lower priority has produced its local copies. That is to say, during the production of the local copies by the task having lower priority, access of the task havmg higher priority to the "shared memory" is forbidden.
This approach has the disadvantage that the shared memory has to be managed by the operating system, which results in an increased complexity, that is to say a greater intervention into the operating system.
In the case of the above, known approaches, the fact that they either have no adequate data protection and/or require a high complexity has been found to be disadvantageous.
ADVANTAGES OF THE INVENTION

Claims (1)

  1. The data processing device according to the invention having the features
    of Claim 1 and the corresponding data processing method in accordance with Claim 6 have the advantage over the known approaches to a solution that they ensure a good data consistency using simple means, i.e. without high equipment complexity or programming complexity.
    The data consistency is ensured even in the case of data which are closely related to one another and have therefore to be fin-ther processed under identical conditions, i.e. must not originate from two different cycles of the first data processing.
    The problems associated with the interrupt blocking are eliminated and the intervention into the system is also low and takes place locally and not at operating system level.
    The idea underlying the present invention is that a first task or application program having higher priority sets certain global variables which are used by a second task having lower priority. In the second task, a global flag, or a status indicator, which can be read by the first task is set during a data copying process. In the event of interruption of this data copying process by the first task, the state of the flag Mi the first task is checked before the end of the interruption and if it is set, this is viewed as an indication of a possible alteration of data already read. Accordingly, the first task either overvm'tes with their current values only the altered variables or all the variables which are used by the second task locally and which are likewise defined globally for this purpose. The local copies are created at the beginning of the second task having lower priority, that is to say before any further processing of the data to be copied. The local copies are overwritten, if necessary, at the end of the first task having higher priority, that is to say, at the earliest after all the modifications of the global variables used by the second task have been concluded.
    - 5 The subclaims contain advantageous developments and improvements of the dataprocessing device specified in Claim 1 or of the data-processing method specified in Claim 6.
    In accordance with a preferred development, the first facility is assigned a first higher priority and the second facility is assigned a second, lower priority in regard to the use of the processor facility.
    In accordance with a further preferred development the first facility is assigned a first, shorter time period and the second facility is assigned a second, longer time period in regard to the use of the processor facility.
    In accordance with a further preferred development, the second facility is configured so that at the end of a respective interruption, it continues at the point of the interruption. This is advantageous if as little time as possible is to be lost in performing the second data processing.
    In accordance with a further preferred development, the first facility comprises a determining facility for determinmig which local copy or local copies the second facility uses. This has the advantage that only certain altered variables which are determined by the first data processing and are used in the second data processing have to be refreshed.
    DRAWINGS Exemplary embodiments of the invention are shown in the drawings and described in greater detail in the description below.
    In the drawings:
    Figure 1 shows a time flowchart for a first task A and a second task B when the first task A interrupts the second task B after the copying process, in accordance with a first exemplary embodiment of the invention; Figure 2 shows a time flowchart for a first task A and a second task B when the first task A interrupts the second task B during the copying process, in accordance with the first exemplary embodiment of the invention; Figure 3 shows a diagrammatic representation of dataprocessmig steps in a first task A in accordance with an exemplary embodiment of the invention; and Figure 4 shows a diagrammatic representation of data-processing steps mi a second task B in accordance with the second exemplary embodiment of the invention.
    DESCRIPTION OF THE EXEMPLARY EMBODIMENTS Figure 1 shows a time flowchart for a first task A and a second task B when the first task A interrupts the second task B after the copying process, in accordance with a first exemplary embodiment of the invenfion.
    In Figure 11 tP t.l, t3, t4and t, denote a respective consecutive first to fifth time instant on the vertical time axis. A I, A2, A3 and A4 denote respective program blocks of a task or user program A having a first higher priority. B 1, B2, B3, B4 and B5 denote respective program blocks of a task or user program B having a second lower priority. In this connection, program blocks denote a part of the entire program.
    7 Tasks A and B are both processed according to the time-slicing method making allowance for their priority on the same processor facility. In particular, the task A calculates variables V I and V2 which the task B needs for its part. In this connection, it should be noted that, for reasons of data consistency during a cycle, the task B is allowed to use only a related data pair for V I and V2.
    The processing starts at time instant t, with the programming block AI of the task which, inter alia, comprises the calculation of the data of the global variables I and V2. In this connection, global variable means that at least the task B also has an access to said variables.
    At the time instant t, the time slice of the task A has expired and the task B starts the program block B 1 in which a flag F is set to logic " 1 ", said flag F embodying the status indication facility according to the invention. The flag F thus indicates the start and the progress of the copying process.
    In task B, local copies of the variables V I and V2, namely GLK I as a copy of V I in B2 and GLK2 as a copy of V2 in B3, are then produced in the program blocks B2 and B3.
    It should be expressly pointed out that the variables GLK I, GLK2 and F are likewise global variables, that is to say at least the task A also has access to them.
    In the program block B4, the flag F I's set to logic "0" in order to indicate the end of the copying operation.
    At the time instant t, the time slice of the task B has expired and the task A is restarted with the program block A2 which, inter alia, comprises the recalculation of the data of the global variables V I and V2.
    8 - In the subsequent program block A3, which comes in sequence after all the recalculations of the variables V I, V2 needed by the task B, the task A checks whether the flag F is set or not. Since, in the present case, the task B has been interrupted after the copying process, the flag F is at logic T".
    Since the task A has consequently been informed that the task B possesses the required related copies GLK I and GLK2 and these were not altered by task A, no further steps are necessary and the task A terminates with the program block A4 at the time instant t, The task B then continues with the program block B5, which terminates the task B or runs until the next interruption by the task A. However, neither the first interruption described nor any further interruption endangers the data consistency m task B. Figure 2 shows a time flowchart for a first task A and a second task B when the first task A interrupts the second task B during the copying process, in accordance with the first exemplary embodiment of the invention.
    In Figure 2, tI, t, t.,,', t,' and t, denote a respective consecutive first to fifth time instant on the vertical time axis. AI, A2, A3 and A4' denote respective program blocks of a task or user program A, and B 1, B2, B3, B4 and B5 denote respective program blocks of a task or user program B. In this connection, the unprimed reference symbols correspond to the components explained in Figure 1.
    As at time instant t, above, the processing starts at the programming block AI of the task A which, inter alia, comprises the calculation of the data of the global variables V 1 and V2.
    9 - At the time instant t2, the time slice of the task A has expired and the task B starts the program block B 1, in which the flag F is set to logic " 1 " and thus indicates the start and the progress of the copying operation.
    In the task B, a local copy GLK I of the variable V I is produced in the program block B2. At the time instantt3', the time slice of the task B is interrupted by the task A and the task A continues with the program block A2 which comprises, inter alia, the recalculation of the data of the global variables V I and V2.
    In the subsequent program block A3, which comes in sequence after all the recalculations of the variables V 1, V2 needed by the task B, the task A checks whether the flag F is set or not. Since, in the present case, the task B has been interrupted during the copying process, the flag F is at logic " 1 ".
    The task A is consequently informed that the task B does not possess the required related copies GLK I and GLK2 and further steps are necessary to ensure the data consistency.
    For this purpose, the task A executes the program block M, in which the copying process is executed for the task B, namely a copy of V I is created in GLK I and a copy of V2 is created in GLK2.
    In this connection, it should be generally remarked that the task A has in principle to update only those copies whose corresponding variable it has altered. In the case of fairly large data sets this can be utilized for time saving purposes.
    At the time instantt4', the time slice of the task A has expired and the latter terminates.
    The task B is then continued at the point at which it was previously interrupted and produces a local copy GLK2 of the variable V2 in the program block B3. In the program block B4, the flag F is then set to logic "0" in order to indicate the end of the copying process.
    The task B is then continued with the program block B5 which concludes the task B or runs until the next interruption by the task A. However, neither the first interruption described nor any further interruption endangers the data consistency in the task B. In particular, any further interruption of the task B by the task A results in the situation described in connection with Figure 1.
    Figure 3 shows a diagrammatic representation of data-processing steps in a first task A in accordance with the second exemplary embodiment of the invention.
    The task A occupies a fixed time slice of 10 ms. In the steps S 1 and S2, the data are calculated for the global variables V I and V2, which are also used by the task B. In the broken-line region, any other dataprocessing steps take place.
    At the end of the task A, the copying process of V 1 into GLK 1 and of V2 into GLK2 for the task B is repeated in the steps S4 to S7, if necessary, i.e. if the flag F is logic ', 1 ', Figure 4 shows a diagrammatic representation of data-processing steps in a second task B in accordance with the second exemplary embodiment of the invention.
    The task B occupies a fixed time slice of 50 ms. In the steps S 1' to S4', global variables V I and V2 which are used by the task B are copied into the global variables GLKI and GLK2, respectively. It is only during this copying process that the flag F is logic " 1 ", in order to indicate, in the event of an interruption by 11 - the task A, the need for measures to avoid data inconsistency. In the broken-line area, any other data-processing steps take place.
    At the end of the task B in step SY, the local copies GLK I and/or GLK2 are flu-ther processed, the present invention ensuring that, in a cycle of the task B, calculation is always carried out with one and the same consistent variable pair.
    Although the present invention was described by reference to a preferred exemplary embodiment, it is not restricted thereto, but can be modified in a wide variety of ways.
    In particular, the two facilities for executing the data processing and the status indication facility can be implemented not only in software, but, of course, also in hardware.
    Furthermore, in the above exemplary embodiment, two variables V I and V2 were used jointly by the task A and task B. The invention is, however, applicable to any desired nurnber of jointly used variables. In this connection, the term variable is generally to be understood in the sense of variable quantity.
    In addition, the present invention is applicable not only to the coordination of two tasks with one flag, but to a plurality of tasks which in each case use a flag pairwise.
    The assignment of various time periods to different tasks is not obligatory. A 50 ms task is activated every 50 ms and a 10 ms task every 10 ms. That means only that a 50 ms task is allowed to last a maximum of 50 ms and a 10 ms task a maximum of 10 ms so that the respective task itself does not overreach itself and consequently trigger a restart of the operating system. This does not mean, however, that the time duration has to be 50 ms long or 10 ms long, respectively.
    Data-processing device and method LIST OF REFERENCE SYMBOLS:
    tl 1 t-21 t31 t41 tS time instants t31, t4f AI - A4, A4' program blocks B1 - B5 VI, V2 global variables GLK I, GLK2 global variables for local copies F flag SI-S7 pro steps of task A S F- SY program steps of task B CLAIMS 1. Data-processing device comprising: a first facility for executing a first data processing using one or more global variables by means of a processor facility; a second facility for executing a second data processing by means of the processor facility which is configured in such a way that it creates at the start at least one local copy in the form of a global variable of at least one of the global variables used by the first facility and can be interrupted during the copying operation by the first facility; a status indication facility which is set by the second facility during the copying process and can be read by the first facility for indicating the active copying C process; wherein the first facility is configured in such a way that, before the end of a respective interruption of the second facility, it checks whether the status indication facility is set and, if so, overwrites the at least one local copy in the form of the global variable with its current value.
    7 Data-processing device according to Claim 1, characterized in that the first facility is assigned a first, higher priority and the second facility is assigned a second, lower priority in regard to the use of the processor facility.
    14 3. Data-processing device according to Claim 1 or 2, characterized in that the first facility is assigned a first, shorter time period and the second facility is assigned a second, longer time period in regard to the use of the processor facility.
    4. Data-processing device according to one of the preceding claims, characterized in that the second facility is configured so that, at the end of a respective interruption, it continues at the point of the interruption.
    5. Data-processmig device according to one of the preceding claims, characterized in that the first facility comprises a determining facility for determining which local copy or local copies the second facility uses.
    6 Data-processmg method comprising the following steps:
    execution of a first data processing usmg one or more global variables by means of a processor facility; execution of a second data processing by means of the processor facility which creates, at the start, at least one local copy in the form of a global variable of at least one of the global variables used by the first facility and which can be interrupted during the copying process by the first data processing; indication of the active copying process of the second data processing in a manner readable by the first data processing; and checking in the first data processing whether the indication is set before the end of a respective interruption of the second data processing and, if so, overwriting of the at least one local copy in the form of the global variable with its current value.
    - 7. Data-processing method according to Claim 6, characterized by the following steps:
    assignment of a first, higher priority to the first facility processor facility; and in regard to the use of the assignment of a second, lower priority of the second facility in regard to the use of the processor facility.
    8.
    Data-processing method according to Claim 6 or 7, characterized by the following steps:
    assignment of a first, shorter time period to the first facility in regard to the use of the processor facility; and assignment of a second, longer time period to the second facility in regard to the use of the processor facility.
    9.
    Data-processing method according to Claim 6, 7 or 8, characterized by the following step:
    continuation with the second data processing at the end of a respective interruption at the point of the interruption.
    10.
    Data-processing method according to one of Claims 6 to 9, characterized by the following step:
    determination in the first data processing of which local copy or local copies the second facility uses.
    16 - 11. Any of the data processing devices substantially as hereinbefore described with reference to the accompanying drawings.
    12. Any of the data processing methods substantially as hereinbefore described with reference to the accompanying drawings.
GB9814645A 1997-07-07 1998-07-06 Data-processing device and method Expired - Fee Related GB2328299B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE1997128971 DE19728971C2 (en) 1997-07-07 1997-07-07 Data processing device and method

Publications (3)

Publication Number Publication Date
GB9814645D0 GB9814645D0 (en) 1998-09-02
GB2328299A true GB2328299A (en) 1999-02-17
GB2328299B GB2328299B (en) 1999-07-07

Family

ID=7834902

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9814645A Expired - Fee Related GB2328299B (en) 1997-07-07 1998-07-06 Data-processing device and method

Country Status (3)

Country Link
DE (1) DE19728971C2 (en)
FR (1) FR2765700B1 (en)
GB (1) GB2328299B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000074346A1 (en) * 1999-05-28 2000-12-07 Sony Electronics Inc. System and method for context switching in an electronic network
US9996401B2 (en) 2012-12-14 2018-06-12 Huawei Technologies Co., Ltd. Task processing method and virtual machine

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004017050A1 (en) * 2004-04-07 2005-10-27 Robert Bosch Gmbh Data consistency in data processing systems
DE102005051673A1 (en) * 2005-10-28 2007-05-03 Vector Informatik Gmbh Measuring device and measuring method for the detection of ECU variables

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4875159A (en) * 1987-12-22 1989-10-17 Amdahl Corporation Version management system using plural control fields for synchronizing two versions of files in a multiprocessor system
US5513349A (en) * 1994-03-24 1996-04-30 International Business Machines Corporation System and method for safing of asynchronous interrupts

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0365728B1 (en) * 1988-10-28 1993-12-29 International Business Machines Corporation Resource access for a multiprocessing computer system
US5255387A (en) * 1990-04-27 1993-10-19 International Business Machines Corporation Method and apparatus for concurrency control of shared data updates and queries

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4875159A (en) * 1987-12-22 1989-10-17 Amdahl Corporation Version management system using plural control fields for synchronizing two versions of files in a multiprocessor system
US5513349A (en) * 1994-03-24 1996-04-30 International Business Machines Corporation System and method for safing of asynchronous interrupts

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000074346A1 (en) * 1999-05-28 2000-12-07 Sony Electronics Inc. System and method for context switching in an electronic network
US6519265B1 (en) 1999-05-28 2003-02-11 Sony Corporation System and method for context switching in an electronic network
US9996401B2 (en) 2012-12-14 2018-06-12 Huawei Technologies Co., Ltd. Task processing method and virtual machine

Also Published As

Publication number Publication date
GB2328299B (en) 1999-07-07
DE19728971C2 (en) 2003-10-09
FR2765700B1 (en) 2000-10-06
GB9814645D0 (en) 1998-09-02
FR2765700A1 (en) 1999-01-08
DE19728971A1 (en) 1999-01-14

Similar Documents

Publication Publication Date Title
US6167425A (en) System for implementing a real time control program in a non-real time operating system using interrupts and enabling a deterministic time charing between the control program and the operating system
CN101713970B (en) Method and systems for restarting a flight control system
JP3921447B2 (en) Security method to control errors and control / command-type multitasking applications in deterministic real time
US20020161818A1 (en) Thread control system and method in a computer system
US7168075B1 (en) Automation device and updating method
JP4241462B2 (en) Control unit and microcomputer
JP2001014220A (en) Partition division and monitoring method for electronic device to be software-controlled
US5974346A (en) Method for controlling technical processes
JPH04133102A (en) Programmable controller and its control method
JP2015067107A (en) Vehicle control device
JPH08503802A (en) Microcomputer
GB2328299A (en) Data processing system for ensuring data consistency
KR102235142B1 (en) Handling time intensive instructions
US8555285B2 (en) Executing a general-purpose operating system as a task under the control of a real-time operating system
JP2001318807A (en) Method and device for controlling task switching
EP1248192B1 (en) Processing execution apparatus having data reference limiting function
US6374335B1 (en) Data loading process
CN107179980B (en) Method for monitoring a computing system and corresponding computing system
JPH04266141A (en) Stack overflow detection system
JPH05324569A (en) Interruption control system
WO1995034905A1 (en) Computer system with peripheral control functions integrated into host cpu
JP2676034B2 (en) Device for reducing the effect of processor blocking
JP2017204286A (en) Vehicle control device
US20230418658A1 (en) Computer System and Method for Executing an Automotive Customer Function
JP3617445B2 (en) Information processing device

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20070706