JP2012128743A - Detection method of stack overflow - Google Patents

Abstract

PROBLEM TO BE SOLVED: To surely detect stack overflow.SOLUTION: At a start-up, watchdog keys KY1 and KY2 are stored in a watchdog key area a11 which is a boundary area between a stack area a1 and a work area a2, and each time when performing a reset operation of a watchdog timer 105, the watchdog keys KY1 and KY2 are read out from the watchdog key area a11 to be utilized for the reset operation. When stack overflow occurs, the watchdog keys KY1 and KY2 in the watchdog key area a11 are written over and the predetermined reset operation cannot be performed, so a reset signal is output to a CPU main body 101 and a micro computer is stopped. Thus, by using a function of the watchdog timer 105, stack overflow detection and corresponding processing at detection of stack overflow are performed.

Description

  The present invention relates to a stack overflow detection method.

  Conventionally, for example, in a drive unit that drives a motor such as a Megatorque Motor (registered trademark), the drive of the motor is controlled by operating software on a microcomputer. At this time, the microcomputer stores each control variable or the like in a built-in RAM (Random Access Memory), but uses the remaining part of the RAM as a stack area. This stack area is also used as a temporary data storage area during software execution or an area for storing a return address in a subroutine or interrupt process.

  Here, the stack area is arranged adjacent to the normal work memory area. At this time, there is no problem if there is enough free space in these stack areas, but if there is insufficient free space in the stack area, the work memory area adjacent to the stack area is also used as the stack area. Data stored in the work memory area may be destroyed.

  Further, due to a code defect or a compiler defect, data may be written beyond the memory area secured as the stack area, and the data in the work memory area may be destroyed. When the data in the work memory area is destroyed in this way, there is a possibility that a malfunction may occur such as an unexpected operation of a software program that performs processing using the data in the work memory area.

  Therefore, a method for detecting the overflow of the stack area has been proposed in the past. For example, a known value is written at the end of the stack area, and it is confirmed that the known value does not change periodically. A method of detecting a stack overflow (see, for example, Patent Document 1) or a method of detecting a stack overflow by monitoring a stack size (a preset stack usage amount) at the head of a task dispatcher (For example, refer patent document 2) etc. are proposed.

JP 2003-22181 A JP-A-2-293939

  However, as described above, in the method in which a known value is written at the end of the stack area and this known value is periodically monitored, the process of periodically monitoring the known value and an abnormality are detected. The corresponding process is executed by software. Similarly, even in the method of monitoring the stack size at the head of the task dispatcher, the processing for monitoring the stack size and the processing for prohibiting the operation of the watchdog timer reset processing unit when an abnormality is detected are executed by software. ing.

As described above, in the method of interposing software in the detection of the stack area overflow and the stop operation at the time of abnormality, for example, the microcomputer enters an infinite loop due to the stack overflow and executes the process for detecting the overflow. As a result, there is a possibility that stack overflow cannot be detected. Therefore, a more reliable stack overflow detection method has been desired.
Accordingly, the present invention has been made paying attention to the above-mentioned conventional unsolved problems, and an object thereof is to provide a stack overflow detection method capable of further improving the reliability of detection of stack overflow. It is said.

  In order to achieve the above object, a stack overflow detection method according to claim 1 of the present invention comprises a storage means having a stack area and a work area adjacent to the stack area, and data to the stack area is provided. A stack overflow detection method in a microcomputer that performs a predetermined process by writing and when the microcomputer performs a reset operation using a preset watchdog timer key and times out or A watchdog timer for executing a predetermined abnormal process for the microcomputer when a predetermined reset operation using a watchdog timer key is not performed, and at startup, the stack area and the work area; The watchdog timer in the boundary area Stores over, each time when performing the reset operation, is characterized by performing the reset operation from the boundary area by reading the watchdog timer key.

Note that when the predetermined reset operation using the watchdog timer key is not performed, for example, an operation using a key other than the watchdog timer key or a different procedure instead of a predetermined procedure set in advance. The time when an operation different from the predetermined reset operation is performed, such as when the operation is performed.
The stack overflow detection method according to claim 2 also stores a watchdog timer key in one or more areas of the work area, and the watchdog timer of the boundary area and the one or more areas. A key reading area is sequentially switched, and the watchdog timer key is read from the area to perform the reset operation.

According to a third aspect of the present invention, there is provided a stack overflow detection method in which first and second watchdog timer keys are set as the watchdog timer key, and the reset operation is performed by setting the first watchdog timer key to a predetermined value. It is an operation to write the second watchdog timer key to the write area after writing to the write area.
Furthermore, the stack overflow detection method according to claim 4 is characterized in that the microcomputer is a microcomputer for actuator drive control.
Furthermore, the stack overflow detection method according to claim 5 is characterized in that the microcomputer is a microcomputer for motor drive control.

  According to the present invention, the watchdog timer key is stored in the boundary area between the stack area and the work area, and the watchdog timer key stored in the boundary area is read each time the watchdog timer is reset. Using this, a reset operation is performed, and if a stack overflow occurs, the watchdog timer key is rewritten, so the reset operation is not performed normally, and the microcomputer performs a predetermined abnormality process. In order to execute the processing at the time of abnormality for the microcomputer by using the fact that it is performed, the detection of stack overflow and the response at the time of detection of stack overflow should be performed more reliably than when performing only by software processing Can do.

It is a block diagram which shows an example of a motor system. It is a block diagram which shows the structure of DSP in FIG. It is an example of the area | region figure of RAM in FIG. It is a flowchart which shows an example of the process sequence of CPU. It is an example of the area | region figure of RAM in other embodiment of this invention. It is an example of the area | region figure of RAM in other embodiment of this invention.

Embodiments of the present invention will be described below.
FIG. 1 shows an application of the stack overflow detection method according to the present invention to a motor system that drives, for example, a transport device using a direct drive motor such as a mega torque motor.
In FIG. 1, 1 is a motor such as a megatorque motor in which a resolver is incorporated in a motor core, 2 is a drive unit that drives and controls the motor 1, and 3 is a host device such as a programmable controller that outputs a command signal such as a motor rotation command to the drive unit 2. It is.

The drive unit 2 includes a control unit 21 and a power amplifier unit 22. The control unit 21 includes a DSP 21a configured by a microcomputer or the like and an I / O unit 21b that performs input / output processing between the host device 3 and the DSP 21a passes through the I / O unit 21b. And a data input / output, a motor rotation command is input from the host device 3, a three-phase resolver position detection signal φABC from a resolver (not shown) is input, and based on this, the rotational angle position of the motor 1 is detected, A motor current command value for rotating the motor 1 is generated according to the position detection result and the motor rotation command from the host device 3. The power amplifier unit 22 generates a three-phase UVW motor drive current corresponding to the motor drive current command value from the control unit 21 and outputs it to the motor 1.
Here, the megatorque motor as the motor 1 is a direct drive motor with a built-in high-resolution detector and capable of high-speed and high-accuracy positioning. For example, Megatorque Motor PS Series / PN series manufactured by NSK Ltd. Can be applied.

As shown in FIG. 2, the DSP 21 a includes a CPU main body 101, a counter 102, a RAM (storage means) 103, a ROM 104, and a watch dog timer (WDT) 105. As this DSP 21a, for example, TMS320F2812 which is a DSP (Digital Signal Processors) of Texas Instruments can be applied.
The watchdog timer 105 has a watchdog counter (not shown). When the reset operation is performed, the watchdog counter is reset, and when the watchdog counter exceeds its maximum value, the CPU body 101 is reset. A reset signal is output to the CPU main body 101 to stop the operation of the CPU main body 101.

  The reset operation of the watchdog timer is performed after the first watchdog key (watchdog timer key) KY1 having a preset key code is written in a predetermined watchdog key write area 105a composed of a register or the like. When a second watchdog key (watchdog timer key) KY2 having a preset key code is written in the watchdog key write area 105a, that is, the first watchdog key KY1 and the second watchdog When the dog key KY2 is written in this order, it is determined that the reset operation of the watch dog timer 105 has been performed, and the watch dog counter is reset.

  When an incorrect key different from the first watchdog key KY1 or the second watchdog key KY2 is written in the watchdog key writing area 105a, the first watchdog key KY1, or Even if the second watchdog key KY2 is written, if these are not written in the order of the first watchdog key KY1 and the second watchdog key KY2, the CPU body 101 is immediately reset. Reset signal is output to the CPU main body 101 to stop the operation of the CPU main body 101.

  The ROM 104 stores various information such as a processing program for controlling the drive of the motor 1 and various control constants, and also includes a first watchdog key KY1 and a second watchdog key KY1 for resetting the watchdog timer 105. The watchdog key KY2 is stored. In the RAM 103, as shown in FIG. 3, a temporary data storage area during software execution, or a stack area a1 used as an area for storing a return address in a subroutine or interrupt processing, and the software temporarily A work area a2 to be used is formed, and the stack area a1 and the work area a2 are provided adjacent to each other.

  The size of the stack area a1 is determined in advance by the programmer estimating the stack size. Further, in the RAM 103 according to the present invention, a watchdog key area a11 is formed at the boundary between the stack area a1 and the work area a2. In the watchdog key area a11, the first watchdog key KY1 and the second watchdog key KY2 are written.

  The CPU main body 101 reads out the processing program and various control constants stored in the ROM 104 and writes them in the work area a2 at the time of activation, and the first watchdog key KY1 and the second watchdog key KY2. Is written in the watch dog key area a11 formed at the boundary between the stack area a1 and the work area a2. Note that the watchdog key area a11 may be provided at the boundary between the stack area a1 and the work area a2, or may be provided at the boundary between the work area a2 and the stack area a1.

  Thereafter, the first watchdog key KY1 and the second watchdog key KY2 stored in the watchdog key area a11 are read, and the watchdog key is written periodically at a timing when the watchdog timer does not time out. The first watchdog key KY1 and the second watchdog key KY2 are written in the area 105a in this order to perform a reset operation.

  In the present embodiment, the writing of the first watchdog key KY1 is performed in synchronization with the execution cycle of the drive control process of the motor 1 executed at a fixed cycle by the drive unit 2, and at the timing before the drive control process is started. Then, the drive control process is executed. After the end of the drive control, the second watchdog key KY2 is written following the drive control.

Next, the operation of the above embodiment will be described.
When activated, the DSP 21 a first executes initial processing, reads out the drive control processing program of the motor 1 and various control constants necessary for this drive control processing program from the ROM 104, and writes them in the work area a 2 of the RAM 103. Further, the first watchdog key KY1 and the second watchdog key KY2 stored in the ROM 104 are written in the watchdog key area a11 of the RAM 103.

  Thereafter, the drive control process for the motor 1 is executed at regular intervals according to the flowchart shown in FIG. At this time, first, in step S 1, the first watch dog key KY 1 stored in the watch dog key area a 11 of the RAM 103 is read and written into the watch dog key write area 105 a of the watch dog timer 105. Next, a predetermined motor 1 drive control process is executed (step S2).

Next, the process proceeds to step S 3, where the second watch dog key KY 2 stored in the watch dog key area a 11 of the RAM 103 is read and written into the watch dog key write area 105 a of the watch dog timer 105. Thereafter, this process is executed at regular intervals.
As a result, the drive control of the motor 1 is executed in a fixed cycle, and the first watchdog key KY1 and the second watchdog key KY2 write the watchdog key 105 to the watchdog timer 105 in synchronization with the fixed cycle. The data are written in the area 105a in this order. The writing of the first watchdog key KY1 and the second watchdog key KY2 is a timing at which the counter of the watchdog timer 105 does not time out. For this reason, the watchdog timer 105 is reset at a fixed cycle when the drive control process of the motor 1 is executed.

  In this state, if the stack area a1 overflows due to an error in estimating the stack size of the stack area a1, etc., another data is stacked in the watchdog key area a11 when the stack area a1 is full. The data in the watchdog key area a11 is rewritten. That is, the first watchdog key KY1 and the second watchdog key KY2 are rewritten.

  Therefore, at the next execution timing of the drive control process for the motor 1, data corresponding to the first watchdog key KY1 and the second watchdog from the watchdog key area a11 where the data has been rewritten. Data corresponding to the key KY2 is read out and written into the watchdog key writing area 105a as the first watchdog key KY1 and the second watchdog key KY2.

In the watchdog timer 105, since the data written in the watchdog key write area 105a is not the true first watchdog key KY1 and the second watchdog key KY2, the reset operation of the watchdog timer 105 is performed. At this time, a reset signal is output to the CPU main body 101. As a result, the CPU 101 is reset and the operation stops.
For this reason, it is avoided that the drive control process of the motor 1 is executed based on erroneous data in the work area 2a in which the data is rewritten due to the overflow of the stack area 1a.

  Here, as described above, the processing accompanying the detection of the stack overflow includes the processing of writing the first watchdog key KY1 and the second watchdog key KY2 of the ROM 104 into the predetermined watchdog key area a11 of the RAM 103 at the time of startup. And a process of writing the first watchdog key KY1 and the second watchdog key KY2 stored in the watchdog key area a11 into the watchdog key write area 105a of the watchdog timer 105 at a constant cycle, and the stack. The watchdog timer 105 is used in hardware to handle overflow detection and stack overflow detection. Therefore, the reliability can be further improved as compared with the case where the stack overflow detection and the action associated with the detection of the stack overflow are performed in software.

  In particular, a direct drive motor such as a megatorque motor as the motor 1 can perform highly accurate position control, but is directly connected to an object to be driven without an indirect mechanism such as a gear box. The fluctuation directly affects the rotational speed, and in a system that requires highly accurate position control, a slight fluctuation in the rotational speed may greatly affect the system. Therefore, as described above, it is effective to improve the reliability in the detection of the stack overflow and the processing at the time of detecting the stack overflow.

  The process of writing the first watchdog key KY1 and the second watchdog key KY2 into the watchdog key write area 105a of the watchdog timer 105 is a conventional process, and the reading source is the ROM 104. Since the stack overflow detection and stack overflow detection processing are performed on the watchdog timer 105 side, the increase in the load on the CPU 101 due to the detection of the stack overflow and the response to it is activated. In some cases, the first watchdog key KY1 and the second watchdog key KY2 stored in the ROM 104 as initial processing are only written to a predetermined watchdog key area 11a of the RAM 103. Therefore, the reliability of detection of stack overflow can be improved without significantly increasing the processing load of the CPU main body 101.

In the above embodiment, as shown in FIG. 4, the writing process of the first watchdog key KY1 and the writing process of the second watchdog key KY2 are performed before and after the drive control process of the motor 1. Although the case has been described, the present invention is not limited to this.
The writing process of the first watchdog key KY1 and the writing process of the second watchdog key KY2 are executed independently of the drive control process of the motor 1 according to the time required until the watchdog timer 105 times out. It may be configured.

  In the above embodiment, the case where the reset operation is performed using the first watchdog key KY1 and the second watchdog key KY2 is described. However, it is not always necessary to provide two watchdog keys. It is also possible to perform the reset operation using only the watchdog key, and conversely, the reset operation can be performed using three or more watchdog keys.

In the above embodiment, the case where the first watchdog key KY1 and the second watchdog key KY2 are written to the watchdog key write area 105a in this order has been described. However, the present invention is not limited to this, and the write order of the watchdog keys is not limited thereto. Can also be set arbitrarily.
In the above embodiment, as shown in FIG. 3, the case where one watchdog key area a11 is provided at the boundary between the stack area a1 and the work area a2 has been described. However, the present invention is not limited to this. .

For example, as shown in FIG. 5, watchdog key areas a12 and a13 are further provided in the work area a2, and the watchdog keys in the first to third watchdog key areas a11 to a13 are read in order, The timer 105 may be reset. In FIG. 5, three watchdog key areas a11 to a13 are provided. However, two or four or more watchdog key areas may be provided.
Thus, by providing a plurality of watchdog key regions, the following effects can be obtained.

  That is, when the operating environment of the motor system is an environment in which noise is relatively easy to ride, such as an environment surrounded by electronic devices, the position of the stack pointer may change due to the noise, and therefore the stack area a1. There is a possibility that stacking to the work area a2 is performed over the watchdog key area a11 provided in FIG. In this case, since the data is not stacked on the watchdog key area a11, the first watchdog key KY1 and the second watchdog key are actually stacked despite the fact that the work area a2 is stacked. Since KY2 is not rewritten, stack overflow may not be detected.

  However, since the watchdog key area is also provided in the work area a2, even if a stack overflow occurs without stacking data in the watchdog key area a11, the stack overflow causes When data is stacked on the watchdog key area a12 or the watchdog key area a13 provided in the work area a2, the first watchdog key KY1 or the second watchdog key in the watchdog key area a12 or a13 When KY2 is rewritten, a stack overflow can be detected. For this reason, stack overflow can be detected more reliably.

When a plurality of watchdog key areas are provided as described above, the watchdog keys are read out from these areas or in an arbitrary order and written into the watchdog key writing area 105a of the watchdog timer 105. Good.
When a watchdog key area is provided in the work area a2, this watchdog key area needs to be configured not to be used as a work area.

When a plurality of watchdog key areas are provided as described above, the same watchdog key may be stored in all watchdog key areas, and different watchdog keys may be stored in all watchdog key areas. May be stored.
When the same watchdog key is stored in all the watchdog key areas, in the same manner as described above, in the watchdog timer 105, in the order of the first watchdog key KY1 and the second watchdog key KY2, a predetermined watchdog key is stored. It may be determined that the reset operation has been performed when the key writing area 105a is written.

  At this time, for example, when a reset signal is output to the CPU main body 101 in spite of the writing of the watch dog key, as the first watch dog key KY1 and the second watch dog key KY2 at this time The watchdog key area from which the data is read is stored, and by referring to the stored information, for example, in the case of the data read from the first watchdog key area a11, a stack overflow has occurred. If it is a watchdog key read from the second watchdog key area a12 or the third watchdog key area a13 set in the work area a2, it may be determined that it is necessary to consider the influence of noise. Is possible.

  On the other hand, when different watchdog keys are stored for each watchdog key area, the watchdog keys written in all the watchdog key areas are stored on the watchdog timer 105 side, and the watchdog key write area 105a is stored. When the data is written in, the configuration may be such that it is determined that the reset operation has been performed when the written data matches any of the watchdog keys stored in advance.

  At this time, for example, the history of data written in the watchdog key writing area 105a is stored at least as much as the number of watchdog key areas, and the CPU body 101 is written despite the writing of the watchdog key. When a reset signal is output, the stored information is referred to, for example, when reading the watchdog key sequentially from each watchdog key area, such as in ascending order of address. By comparing the order of the watchdog keys corresponding to this reading order with the history of the data written in the stored watchdog key write area 105a, the data in which watchdog key area is written At that time, a reset signal was output to the CPU body 101 The judges. If this is data read from the first watchdog key area a11, it is determined that a stack overflow has occurred, and is a watchdog key read from the second watchdog key area a12 or the third watchdog key area a13. In some cases, it can be determined that the influence of noise needs to be taken into account.

  Further, at this time, when two or more watchdog key areas are provided in the work area a2, at least the watchdog key area in the reading order among the watchdog key areas provided in the work area a2. Is set to a value different from the watchdog key stored in the other watchdog key area of the work area a2 and the first watchdog key area a11.

  In this way, for example, when reading the watchdog key sequentially from each watchdog key area in order from the smallest address, the reset signal is sent to the CPU main body 101 in spite of the writing of the watchdog key. When the data written in the watchdog key writing area 105a at the time one cycle before the output of the is the watchdog key stored in the last watchdog key area in the reading order in the work area a2 Since it can be determined that the watchdog key in the first watchdog key area a11 may be abnormal, it can be determined that a stack overflow has occurred. If the reading order in the work area a2 is the watchdog key in the watchdog key area excluding the last watchdog key area or the watchdog key in the first watchdog key area a11, any of the work areas a2 Since it can be determined that there is a possibility that the watchdog key in the watchdog key area is abnormal, it can be determined that it is necessary to consider the influence of noise.

  Further, the watchdog key area for reading the watchdog key does not need to be read out in order of increasing address as described above. For example, the first watchdog key area a11 and the watchdog key area of the work area a2 It is also possible to read out in any order, such as alternately reading out any one of these and switching the watchdog key area to be read out in order for the work area a2.

  In this case, for example, the history of data written in the watchdog key writing area 105a is stored at least as much as the number of watchdog key areas, and the CPU main body is written despite the writing of the watchdog key. When a reset signal is output to 101, the stored history of data written in the watchdog key writing area 105a and the watchdog key area corresponding to the preset reading order are stored. By comparing the order of the dog keys, it is sufficient to determine which watch dog key area data is timed out when the data is written.

  Further, as shown in FIG. 6, not only a watch dog key area a11 is provided at the boundary between the stack area a1 and the work area a2, but also a monitoring key composed of a preset key code is stored in the stack area a1. A monitoring key area a21 may be provided to periodically monitor that the monitoring key stored in the monitoring key area a21 does not change. The monitoring key area a21 is set at a position corresponding to, for example, an area when about 80% or 90% of the stack area a1 is written.

Thus, by providing the monitoring key area a21, it is detected that the monitoring key has been rewritten when the stack data is written to the monitoring key area a21 and the monitoring key is changed. It is possible to detect that a stack overflow may occur. Therefore, for example, when the monitoring key is rewritten as a result of monitoring with the monitoring key, the fact that the monitoring key has been rewritten is stored, so that the watchdog key area a11 is actually stored. However, it is possible to recognize that about 80% or 90% of the stack area a1 has been used. Therefore, by collecting this information, it can be used as reference information for determining the stack size in a new motor system, for example.
A plurality of monitoring key areas may be provided in the stack area.

  In the above-described embodiment, the case where the motor 1 is applied to a motor system that drives a transport device using a direct drive motor such as a mega torque motor has been described. The present invention is not limited to a drive motor, and can be applied to a motor system that transmits the rotational force of a motor to an object to be driven via an indirect mechanism such as a gear box.

  Furthermore, in the above-described embodiment, the case where the present invention is applied to the microcomputer of the motor system has been described. However, the present invention is not limited to this. For example, the present invention can also be applied to the microcomputer of the control system that drives and controls the actuator. In short, it can be applied to any microcomputer that has a storage means having a stack area and a work area adjacent to the stack area and performs predetermined processing while writing data to the stack area. .

DESCRIPTION OF SYMBOLS 1 Motor 2 Drive unit 101 CPU main body 103 RAM (memory | storage means)
104 ROM
105 Watchdog timer 105a Watchdog key write area KY1 First watchdog key (watchdog timer key)
KY2 Second watchdog key (watchdog timer key)

Claims (5)

A method for detecting a stack overflow in a microcomputer that has a storage means having a stack area and a work area adjacent to the stack area, writes data to the stack area and executes predetermined processing,
When the microcomputer is reset using a preset watchdog timer key and timed out or when a predetermined reset operation using the watchdog timer key is not performed, the microcomputer It has a watchdog timer that executes processing at a specified abnormality,
At startup, the watchdog timer key is stored in the boundary area between the stack area and the work area,
A method for detecting a stack overflow, comprising: reading the watchdog timer key from the boundary area and performing the reset operation each time the reset operation is performed. The watchdog timer key is also stored in one or more areas of the work area,
The area for reading the watchdog timer key among the boundary area and the one or more areas is sequentially switched, and the reset operation is performed by reading the watchdog timer key from the area. How to detect stack overflow. First and second watchdog timer keys are set as the watchdog timer keys,
The reset operation is an operation of writing the second watchdog timer key to the writing area after writing the first watchdog timer key to a predetermined writing area. Item 3. A method for detecting a stack overflow according to Item 2.   4. The stack overflow detection method according to claim 1, wherein the microcomputer is an actuator drive control microcomputer.   4. The stack overflow detection method according to claim 1, wherein the microcomputer is a motor drive control microcomputer.

Images