JP2016206865A - Device for making storage areas of multiplexed computer match - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a multiplex system configured with an active system and a standby system with which it is possible to shorten a recovery time in the standby system even when a difference in necessary memory area for data is large.SOLUTION: Having a synchronization process for making external input contents and the contents of events occurring inside a computer match between an active system and a standby system, the multiplex system chooses whether to copy a difference in data from the active system to the standby system or copy input data to a task to the standby system and replay the task at high speed using the input data in the standby system on the basis of the amount of a difference in data to be matched in order to shorten a multiplex system recovery time and the ratio of a task execution time from the start of task processing till a specific processing point where a task state can be ascertained to a time until next task processing starts.SELECTED DRAWING: Figure 13

Description

  The present invention relates to a data matching apparatus between an active system and a standby system in a multiplexing system.

  The multiplexing system includes an active computer that executes a task and a standby computer that takes over the task when the active system is monitored and an abnormality is detected. A series of processes in which the standby system takes over work when an abnormality occurs in the active system is called a system switching process. Since this system switching time is directly related to the system downtime, a technique for shortening the system switching time has been developed.

  Its surface technology is a synchronous system control technology that executes tasks while matching the processing of the active and standby systems. Since both the active system and the standby system perform the same processing, even if an abnormality occurs in the active system, almost no processing is required for the standby computer to take over the work of the active system. On the other hand, a synchronization target between multiple systems is a behavior of a task that executes a business. In many synchronization systems, schedule synchronization is performed in the OS layer. In the case of synchronization implementation in the OS layer, it is highly versatile in that it does not identify tasks that need to be synchronized, but implementation of schedule synchronization that requires synchronization at the scheduler level is complicated and processing overhead required for synchronization is large. . Therefore, in recent years, the synchronization system implementation in the middle layer has attracted attention.

  In particular, in a control system in which tasks that require synchronous processing can be identified and the order of the tasks can be controlled in the middle layer, external inputs that affect task behavior and internal inputs for timers and signal events that occur in the OS layer A synchronization system can be easily implemented as long as synchronization can be guaranteed.

  On the other hand, in a multiplexed system, in addition to the system switching time, a multiplexed system recovery time for recovering a computer in which an abnormality has occurred and returning it to the multiplexed system configuration is also an indispensable element for ensuring high system reliability. In particular, a duplex system consisting of only one active system and one standby system is a system that allows only one occurrence of an abnormality, so as much as possible to ensure high availability and high reliability. It is necessary to quickly restore a multiple system by starting up a spare computer. In the multi-system recovery process, it is necessary to make the internal state of the task of the active system, for example, the shared resource, the memory, the communication socket, etc., coincide with the internal state of the task of the recovery destination computer. It is difficult to achieve general-purpose task internal state matching processing, and in many systems, a task model is adopted in which all current task states are written in the shared memory when a specific processing point with shared memory is reached. It is solved by that. In the case of the task model, the task status matching process of the active system to the recovery destination required for the recovery of the multiple system is realized by transferring the shared memory in which all the task statuses are written. By copying the contents of the transferred shared memory to the memory of the computer at the recovery destination, the state of the task executed on the active computer can be restored and resynchronized with the state of the active system. However, when the shared memory is large, the restoration process cannot be completed by one transfer, and a plurality of transfer processes are required. When multiple transfers occur, the active task performs the business process again during the transfer process and reaches a specific processing point.

  At that time, the task state in the shared memory being transferred is different from the current task state of the active system. This different content is called a difference from the shared memory during the transfer process. When the transfer process is completed, the difference of the shared memory generated during the transfer process is transferred next. When the difference has converged to the amount required for one transfer, the multiple system recovery process can be terminated.

  In Patent Document 1, as a multi-system restoration process, a certain period is waited, the task finishes processing within the period and the time when the next period waits is set as the specific processing point described above, and difference creation and transfer within the period are performed. Describes the task status matching means.

JP2009-217505

  In the method of Patent Document 1, the memory area difference of the data to be matched is transferred and the multiple system recovery is performed. However, depending on the task, the memory area may be updated. In this case, the amount of difference to be transferred increases and it takes time to recover the multiplex system.

  It has a synchronization process that matches the input that affects task behavior, for example, the contents of external input and the contents of events that occur inside the computer, between the active system and the standby system. The recovery means is selected based on the amount of difference between the data and the ratio of the task execution time from the start of task processing to the specific processing point where the task state can be determined and the time until the start of processing of the next task. If the ratio of the time until the start of processing of the next task is larger than the task execution time up to the specified processing point, a log of input to the task to be matched between the active system and the standby system by the synchronous processing is created in the active system And a high-speed replay means for transferring to the restoration destination computer and restoring it by the task of the restoration destination computer. High-speed replay reads the input data from the input log transferred from the active system, gives it as input data to the recovery target computer task, replays (reproduces or restores) the processing of the active system, and matches the task status of the active system It is a method to make it. The replay process shortens the time to catch up with the status of the active task by eliminating the waiting time from the specific processing point existing in the active task to the start of processing of the next task.

  According to the present invention, the difference transfer means for data to be matched between the active system and the standby system (or the multiple system recovery destination) in the multi-system recovery, and the input log that affects the task behavior are transferred from the active system to the standby system. A means for transferring and high-speed replaying in the standby system can be selected, and even when the data difference is large, it is possible to shorten the multiplex system recovery time.

The hardware block diagram in the typical embodiment of this invention. The software program block diagram in typical embodiment of this invention. Task management table diagram in a representative embodiment of the present invention Timer management table diagram in a representative embodiment of the present invention Signal management table diagram in an exemplary embodiment of the present invention Area management table diagram in a representative embodiment of the present invention Synchronous data management table diagram in a representative embodiment of the present invention Matching data management table diagram in a representative embodiment of the present invention Task processing and timing diagram in an exemplary embodiment of the invention The input synchronous processing flow figure between an active system and a standby system in typical embodiment of this invention. FIG. 5 is a flowchart of a multi-system restoration process between the active system and the standby system in a representative embodiment of the present invention. The high-speed replay process flowchart in typical embodiment of this invention. FIG. 6 is an input synchronization log creation flowchart in a representative embodiment of the present invention. FIG. 5 is a flowchart of input synchronous log transfer processing and standby high-speed replay processing in a representative embodiment of the present invention. The difference transfer processing flow figure in typical embodiment of this invention. The difference creation process flow figure in typical embodiment of this invention. The processing flowchart of the processing time determination part in typical embodiment of this invention. Process flow diagram of operation percent calculation unit in a representative embodiment of the present invention The processing flow figure of the storage area difference calculation part in typical embodiment of this invention

  FIG. 1 shows an example of a hardware configuration for configuring a multiplex system according to the present invention, which includes at least one active computer 10 and at least one standby computer 20. Each computer includes at least an arithmetic device 11 that executes a software program including an OS, a storage device 12 that stores the program and data necessary for the execution, and 13 of the communication device 1 that transmits and receives data between multiple systems. Prepare. Here, the storage device 12 is, for example, a RAM or a hard disk. Moreover, 13 of the communication apparatus 1 is a LAN adapter etc., for example.

  The active computer 10 and the standby computer 20 communicate with each other by the communication device 1 13, and the communication device 1 13 is connected by the internal network 31. The active computer 10 and the standby computer 20 have a symmetric configuration including a software program including an OS. The active computer 10 and the standby computer 20 are connected to the external network 32 by the communication device 2 14, and the external network 32 is configured by, for example, a network switch, etc., and data with an external computer connected to the external network 32 Send and receive.

  FIG. 2 is a configuration diagram of a software program according to an embodiment for carrying out the present invention. It is stored in the storage device 12 and executed by the arithmetic device 11.

  In this embodiment, the target of data matching between the active computer 10 and the standby computer 20 is managed by an area management table (to be described later) in which the task 81 records the task processing result and the internal state of the task 81. Memory or disk block. There is at least one task 81, and the execution order is set in advance. Therefore, if the external input from the external network 32 and internal events such as timer events and signals generated in the computer are synchronized between the active computer 10 and the standby computer 20, the processing result and internal state of the task 81 are both It is possible to agree in the system. Hereinafter, the configuration of the software program for realizing the present invention will be described.

  This configuration is mainly composed of four layers. The OS layer, the middle layer composed of the data matching middle 51, the communication middle 61, and the task management middle 71, the task layer of the task 81 that performs specific processing using the functions of the middle layer, and the processing of the middle layer and the task layer It consists of a management table layer that records results and status. The OS 41 is software having a schedule function, a timer function, a software signal (hereinafter, signal) function, and a function of controlling the arithmetic device 11, the storage device 12, and the communication device 13, and includes, for example, Linux (registered trademark). The data matching middle 51 is a software program that realizes data matching between the multiple systems of the active computer 10 and the standby computer 20, and utilizes the functions of the OS 41 described above, and a synchronous data management table 52 described later. Is sent to the standby computer 11 to realize data matching. Also, it has a matching data management table 53, an operation percentage calculation unit 54, a storage area difference calculation unit 55, and a processing time determination unit 56, which will be described later, and if a failure occurs in the active computer 10 or the standby computer 20, a failure occurs. The data matching is realized by matching the processing state of the task 81 of the selected computer with the state of the task 81 of the active computer.

  The communication middle 61 delivers the data received from the communication device 2 to the task and performs processing for transmitting data from the task to the external network 32 by the communication device 2. The task management middle 71 includes APIs that provide tasks with functions for starting and stopping tasks, setting timers, allocating memory in a storage area shared with other tasks, and transmitting signals to other tasks. The API functions of the task management middle 71 are realized by utilizing the functions provided by the OS 41. At least one task exists, and a specific process is realized using an API provided by the task management middle 71. In addition, in a system that repeatedly performs the same processing at a constant cycle such as a control system, there are cases where a plurality of tasks are grouped into one group and operate sequentially in a predetermined order to perform a target processing. Many. Sequential operation is often realized by activating the next task to be run when a task is completed, and the OS function may be used. A function for realizing the processing may be provided.

  The periodic operation of the task is generated by setting a process start timer. The timer setting may utilize the function of the OS, or may provide a function for realizing the API sequential processing by the task management middle 71. The task management middle 71 is set as each value of various management tables to be described later by calling an API from the task. The contents (or values) of the various management tables are set as the data contents of the synchronous data management table 52.

FIGS. 3A to 3D are diagrams of the management table of the task management middle 71. FIG.
First, the task management table 72 shown in FIG. Task execution information is stored in the task management table by the task management middle 71. The task identifier is information for identifying the recorded task.

  The IPC identifier is information for specifying an IPC resource used for starting and stopping a task. The task management middle 71 is received from the task and stored in the task management table. Examples of IPC resources include POSIX semaphores and message boxes.

  The IPC resource is used by the task management middle 71 to start and stop other tasks in order to realize the sequential processing of the tasks.

  The area identifier is information for identifying a storage area used by a task, and may be a memory or a disk. This is information that the task management middle assigns a necessary area using the functions of the OS and dynamically assigns and registers the task management middle to identify the area when the task is activated. This identifier is used to specify an area management table 75 (to be described later) in which detailed information on the area is recorded.

The start / end is information for identifying the first task that operates first and the last task that operates last in one cycle in a periodic task composed of at least one task.
The task management middle 71 provides an information setting function for specifying the head task and the tail task. An external setting file dedicated to information registration may be prepared and registered by reading the external setting file as an initial process of the task management middle 71.
An identifier “S” is set for the head task and “E” is set for the tail task. For other tasks, it is set to “0”.

  FIG. 3B is a diagram of the timer management table 73. Some tasks are started at a predetermined time by a timer. For example, when there is a process performed every day at 09:00 or when there is a process performed every 50 ms, the following information is registered via the task management middle 71. The registration time and cycle are registered in the OS, and when the OS fires a timer, the task management middle 71 receives the timer event and notifies the task of registration.

  The task identifier is information for identifying a registered task and corresponds to the OS PID. This is information for the task management middle 71 to determine an event notification destination when a timer event is received.

  The timer identifier is information for identifying the timer contents of a start time and an interval described later registered by the task.

  The start time is the first firing time information of the timer. In this embodiment, the setting is up to hours, minutes, and milliseconds.

  The interval is information on a time interval for periodically firing the timer. In this embodiment, it is set with a granularity of milliseconds.

  FIG. 3C is a diagram of the signal management table 74. The task registers a signal to be transmitted to another task in the signal management table 74 via the task management middle 71. The task management middle 71 executes the registered signal using the OS41 signal function, for example, kill.

  The task identifier is information for identifying the transmission source application at the signal registration source.

  The signal identifier is information for identifying the signal registered by the task.

  The signal content is signal information of the OS used by the task management middle 71. For example, the POSIX siginfo structure.

FIG. 3D is a diagram of the area management table 75. The task management middle 71 secures a predetermined storage area in advance, and the task requests the management middle 71 to allocate an area in a predetermined size unit.
In this embodiment, the data is to be matched between the active computer 10 and the standby computer 20 in the storage area managed by the task management middle 71.
The following information is registered from the task via the task management middle 71.

The area identifier is information provided by the task management middle 71 to identify the allocated storage area. After the assignment, the task management middle 71 has a start address which is address information of the storage area assigned to the task management table 72, and
Write the size, which is information about the size of the area requested by the task.

  4A and 4B are management table diagrams of the data matching middle 51. FIG.

  FIG. 4 (a) is a synchronization data management table showing the data contents for synchronization performed between the active computer 10 and the standby computer 20. The active computer transmits the input data from the external network 32 and the event occurrence state inside the computer to the standby computer through the internal network 31 as synchronization data. The contents of the table will be described below.

  STATUS indicates the status of the synchronization process. START indicates a synchronization start state and END indicates a synchronization end state.

  SIZE indicates the total size of data set in the synchronous data management table.

  The data source identifier identifies data to be synchronized and includes input data from an external network and an event inside the computer. Data sources of input data include a communication middle 61, a task management table 72, a timer management table 73, a signal management table 74, and the like.

  Data is data contents to be synchronized, and contents provided by each data source are set. For example, in the case of the communication middle 61 of the data source, input data (IN_001) necessary for input synchronization processing of FIG. 6 described later, in the case of the task management table 72, IPC identifier information (IPC_3) of the task management table 72, timer management table In the case of 73, the task management middle 71 registered in the timer management table 73 receives timer information (TR1) of the timer event received from the OS, and in the case of the signal management table 74, the task registered in the timer management table 74. The signal information (SIG_1) of the signal event received by the management middle 71 from the OS is set.

  The size is the size of each data.

  The logical clock is information indicating the generation order of data set in the table. The larger the value, the slower the generation order.

  The generation time is data generation time information. An integer representing the time since 1970 in milliseconds.

  FIG. 4B is a matching data management table showing data management information transmitted from the active computer 10 to the standby computer 20 for data matching performed between the active computer 10 and the standby computer 20. If a failure occurs in the active computer 10 or standby computer 20, the processing status of the computer to be restored and the active computer 10 is restored when the standby computer is replaced or the multiple system is restored by restarting the failed computer In order to make these data consistent, information for managing data transmitted from the active computer 10 to the recovery target computer is set. Hereinafter, the table contents will be described.

  The coincidence data identifier indicates a data type used for matching the processing states of the active computer 10 and the recovery target computer. LOG is the contents of the internal events notified from the OS processed by the task management middle 61 and the input data processed by the active computer recorded in the synchronization table management table 52 from the start of processing of the first task to the end of processing of the rear task It is. DIFF indicates difference information between the contents of the storage area of the area management table 75 immediately before the head task processes and the contents of the storage area of the area management table 75 after the end task processing is completed. The LOG and DIFF creation processing will be described in detail in the input synchronization log creation processing 503 and the difference creation processing 903, respectively.

  The number of data indicates the number of created LOG and DIFF. The initial setting is 0. Management information manages the storage address and data size of LOG and DIFF. The save destination address indicates the address of the storage area where LOG and DIFF are saved. The size indicates the data size of LOG and DIFF.

  FIG. 5 is an outline of task processing and timing, and the operation timing and related parameters of the software program related to the synchronization processing will be described.

  A cycle (T) 92 is a task operation cycle. This period is obtained by determining the head task from the start / end information of the task management table 72 and reading the timer interval information of the corresponding task from the timer management table 73 in the data matching middle 51.

  P93 indicates the total processing time of the task group of tasks composed of at least one. The start task is determined from the start / end information of the task management table 72, and the tail task is determined from the start / end information of the task management table based on the processing cycle start time calculated by reading the timer interval information of the corresponding task from the timer management table 73. This shows the time until the time when the process is completed.

  Q94 indicates the period waiting time. Indicates the waiting time from the processing end time of the tail task to the start of processing of the head task.

  INQ_T95 indicates a time during which the communication middle 61 buffers input data from the external network 32. This is the time from the task group processing start time to the input synchronous communication processing start described later.

  ST96 is a time required for the active computer 10 to transmit synchronous data to the standby computer 20. This is the time obtained by dividing the size of the synchronous data management table 52 by the communication bandwidth of the internal network 31. The data matching middle 51 controls the time for starting the synchronous processing communication so that the synchronous processing communication ends from the value of ST 96 until just before the processing start time of the task group.

  The AP control process and event process 97 process a timer or signal event generated from the OS 41 during task group processing by the task management middle and notify the task group. Further, the data matching middle 51 is notified. By this notification, the data matching middle 51 can set event information generated inside the computer in the synchronous data management table.

  Hereinafter, the input synchronization process and the multiple system restoration process of the data matching middle 51 will be described.

  FIG. 6 shows a synchronization process of the data matching middle 51 regarding the input data from the external network 32 between the active computer 10 and the standby computer 20. Hereinafter, each processing step will be described.

  Step 101 is the initial setting. Performs initial processing to start task processing, such as initialization of middle layer software programs and task registration. In step 102, the data matching middle 51 waits for an event from the task management middle 71. In step 103, it is determined whether the notification event from the task management middle 71 is the end of processing of the tail task. The notification event includes a timer event set in step 107 described later. In the case of a timer event, processing in step 111 described later is performed. In step 104, if the processing of the tail task is ended in step 103 (Y), the processing end time T1 is acquired. In step 105, the identifier of the head task is read from the start / end information of the task management table 72, and the next processing start time T2 of the head task is calculated from the timer interval information of the timer management table 73. Step 106 compares the synchronous communication processing time ST with the period waiting time Q calculated from the difference between T2 and T1.

In step 107, if ST is smaller than Q (Y), a synchronous communication processing start timer is set in OS41. The timer firing time is the difference between Q and ST. By delaying the start of synchronous communication processing in this way, the amount of input data buffered by the communication middle 61 can be increased. If possible, by increasing the amount of input data processed in one synchronous communication process, overhead generated in synchronous communication can be reduced and system responsiveness can be improved. Then, the process returns to step 102.
In step 111, when ST is not smaller than Q (N), synchronous communication processing for synchronizing input data is performed. First, 1 is added to the logical clock LC managed in the data matching middle.

  In step 112, the input data buffered by the communication middle 61 is set in the synchronous data management table 52. There may be one or more input data. The data identifier of the table is communication middle, the data is input data, the size is the size of the data, the logical clock added in step 111 is set as the logical clock, and the current time is set as the generation time. In step 113, the synchronous data management table 52 set in step 112 is transmitted to the standby computer 20. Also, START is set in STATUS of the synchronization data management table 52 to indicate the start of input synchronization.

  Step 114 waits for an input synchronization completion notification from the standby computer 20. In step 115, STATUS of the synchronization data management table 52 is set to END indicating the end of input synchronization, and the process returns to step 102.

  On the other hand, the standby computer 20 performs the following processing for step 113. Step 201 receives synchronization data from the active computer 10. In step 202, input data information is read from the synchronization data, and consistency processing with the buffered input data of the communication middle 61 of the standby computer 20 is performed. For example, there is a process of rearranging the buffered input data of the communication middle 61 of the standby computer 20 in order of the serial numbers of the input data from the received synchronous data. The data matching middle of the standby computer 20 notifies the communication middle 61 of the input processing start, and the communication middle 61 passes the input data to the task of the standby computer. Thereby, the task starts processing. As described above, since the former active computer 10 and the standby computer 20 have the same software program structure and operate the task 81 in the same processing order, the same input data is transferred to the task, so that the task The processing result and the internal state can be matched. In step 203, input synchronization completion is transmitted to the active computer 10.

  FIG. 7 shows the flow of processing for recovering the failed computer when a failure occurs in the active computer 10 or the standby computer 20. Step 301 waits for a recovery request from the standby computer 20 that requires failure recovery. Step 302 waits for the end of processing of the tail task 81 when there is a recovery request from the standby computer 20. The restoration process is performed using the time of the period waiting time Q94 so that the process of the task 81 of the active computer 10 is not affected.

  Step 303 copies all the contents of the storage area of the area management table 75 to the memory. In step 304, the copied memory is transferred to the standby computer 20. In consideration of reducing overhead of the transfer process, a child process dedicated to the transfer process may be generated and executed by the core of another arithmetic device 11 on which the task is executed. In step 305, high-speed replay preprocessing described later is performed. In the present embodiment, an example in which a high-speed replay process to be described later is performed by generating a child process and using the above-described another core. In this case, in this step, a pre-processing start notification is sent to the child process of the high-speed replay processing. The pre-processing start notification uses an interprocess communication mechanism such as UNIX (registered trademark) DOMAIN.

  In step 306, differential transfer pre-processing described later is performed. In the present embodiment, a differential transfer process described later is an example in which a child process is generated and executed by the another core. In this case, in this step, a pre-process start notification is sent to the child process of the differential transfer process. Step 307 waits for the copy completion reception of the memory transmitted in step 304. The copy of the transmission memory is executed by the standby computer 20, and the copy completion is communicated to the active computer 10. Details will be described later.

  In step 308, when the memory copy completion is received, the recovery means for the contents of the storage area changed during the total time RD311 of the cycle T92 processed by the task of the active computer 10 from step 304 to step 307 is selected and restored. The processing time determination unit 56 that performs processing is called. Selection of recovery means and recovery processing by the processing time determination unit 56 will be described later.

  On the other hand, standby computer 20 performs the following processing for step 301. In step 401, as the initial setting process, the standby computer 20 performs an initial process for starting a task process such as initialization of a middle layer software program and registration of a task, as in step 101. In step 402, the processing result and the internal state of the active computer 10 are matched with the task 81, and a recovery request is transmitted to the active computer 10 in order to recover the multiplexed system. The processing from step 301 is performed in the active computer 10 by request transmission. Step 403 waits for reception of memory contents for memory copy. Step 404 reads the storage area information from the area management table 75 and confirms the copy destination of the received memory contents.

  Step 405 copies the received memory to the read area. In step 406, the memory copy completion is transmitted to the active computer 10. In step 407, a recovery process event is received from the recovery process selected in step 308, and the recovery process is performed. Details will be described later.

FIG. 8 shows the fast replay process. Step 501 waits for a processing request. As processing requests, there is a request for high-speed replay pre-processing from step 305 and an input synchronous log transfer request to be described later when high-speed replay is selected as a recovery means in step 308. In step 502, it is determined whether the request for the high-speed replay preprocessing from step 305 is required. In step 503, in the case of a request for high-speed replay preprocessing (Y), input synchronization log creation processing is performed. In this embodiment, considering the overhead of the input synchronization log creation process, a child process dedicated to the input synchronization log creation process is generated and executed by another core of the arithmetic device 11 on which the task is executed.
The input synchronization log is composed of a log of the synchronous data management table set by the input synchronization process shown in FIG. 6 and a log of internal events of the computer. Details of the process will be described later. In step 511, in the case of an input synchronization log transfer request (N), input synchronization log transfer processing is performed. Details of the process will be described later.

  FIG. 9 shows the input synchronization log creation processing in step 503. Step 601 determines whether an input synchronization log creation end notification has been received. In step 602, when the input log creation completion communication is received (Y), the input synchronization log creation is terminated. Step 611 waits for the end of the input synchronous communication process (ST) in FIG. 6 when the input log creation end communication has not been received (N). The end determination is made by reading the STATUS information in the synchronization management table 52 and determining whether the synchronization is complete. If the STATUS information is END, it is determined that the synchronization is completed, and the process proceeds to step 612.

  Step 612 copies the contents of the synchronous data management table 52 and creates a new instance of the synchronous data management table 52 on the memory. As a result of copying, the input data from the external network 32 is set in the synchronization data management table 52 of the new instance at the present time. In step 613, 1 is added to the internal logical clock LC of the data matching middle 51, the current time is acquired, and the information is set in the logical clock and generation time information of the newly created synchronous data management table 52.

  Step 614 waits for notification of a timer or signal generation event from the task management middle 71. At the time of multi-system recovery, not only the input data by copying the contents of the synchronous data management table 52 but also the contents of occurrence of timer events and signal events that affect the processing of the task 81 that processes the input data can be used as internal inputs. The state of the task 81 of the standby computer 20 can be replayed with the contents of the input log of the active computer 10. Step 615 determines whether there is an event notification from the task management middle 71. If there is an event notification in step 616 (Y), 1 is added to the internal logical clock LC of the data matching middle 51 to obtain the current time. In step 617, when the event is a timer, the data source information of the synchronous data management table 52 is set in 73, and the timer identifier set in the timer identifier, for example, TR1, is set as data from the timer management table 73 as data. Also, the size TR_SIZE of the data is set to the size. In addition, the logical clock and the current time acquired in step 616 are set as the generation time. If the event is a signal, similar processing is performed using the previous signal management table 74. Next, the set data size is added to the SIZE information in the synchronous data management table 52.

  In step 621, if there is no event notification (N), it is determined by the notification from the task management middle 71 whether the processing of the tail task is completed. If the determination is N, the process returns to step 614 to wait for event notification. If the determination is Y, go to step 622.

  In step 622, the address information of the memory created in step 612 is set in the storage address of the management information of the matching data identifier LOG in the matching data management table of FIG. 4 (b), and the synchronization copied on the memory The size information of the data management table 52 is set to the size of the management information. Also, 1 is added to the number of data in the LOG. Next, the process returns to step 601. At this step, the synchronization data management table 52 of the new instance is input to the input synchronization log of the processing cycle R + n times, such as the Rth and R + 1 times processed by the task from step 304. Saved.

  FIG. 10 shows the transfer of the input synchronization log created in FIG. 9 and the high-speed replay processing of the standby computer 20. First, the input synchronization log transfer process in step 511 will be described. Step 701 transfers all input synchronization logs created in FIG. Similarly to step 304, transfer may be performed using a child process dedicated to transfer processing that is executed in the core of another arithmetic device 11 that is being executed by the task 81.

  Step 702 waits for a replay processing completion notification from the standby computer 20. Step 703 determines whether there is an input synchronization log that needs to be transferred. This is to determine whether there is an input synchronization log created during the replay completion waiting in step 702. If it exists (Y), the process returns to step 701. In step 711, if there is no input synchronization log to be transferred (N), an input synchronization log creation end notification is sent to the processing in step 503 in FIG. Step 712 ends the input synchronization log transfer process.

  On the other hand, the standby computer 20 performs the following processing for step 701. In step 801, the input synchronization log transferred from the active computer 10 is received and the contents of the log are read. Step 802 repeats the following steps for the number of received input synchronization logs. In step 803, when processing for the number of logs is completed (Y), a replay end notification is transmitted to the active computer 10. In step 811, all the input data 61 is read from the data source information of the synchronous data management table 52 from the received input synchronization log, and the input data is transferred to the communication middle 61 of the standby computer 20.

  The data matching middle 51 of the standby computer 20 notifies the communication middle 61 of input processing start, and the communication middle 61 passes the input data to the task of the standby computer. Thereby, the task starts processing. As described above, since the former active computer 10 and the standby computer 20 have the same software program structure and operate the task 81 in the same processing order, the same input data is transferred to the task, so that the task The processing result and the internal state can be matched. Instead of the input data transmitted from the data matching middle 51 of the active computer 10 in step 113 shown in the input synchronization processing of FIG. 6, in this step, the standby computer 20 takes out from the input log received in the step 801. The input synchronization is realized by passing the input data to the communication middle 61.

  In step 812, for the received input synchronization log, the timer event of the timer management table described in the data source identifier of the synchronous data management table 52 and the signal event log in the signal management table described in the data source identifier are converted to the logical clock LC. Sort in ascending order of values. Also, the event log generation relative time is calculated for the occurrence time information that is the set time of the data (IN_001) set in the communication middle described in the data source identifier of the synchronous data management table 52, and the standby system Set timer event in OS41 of computer 20. In step 813, it is determined whether the timer event set in step 812 or the end event of the trailing task of the standby computer 20.

  Step 814 determines whether the timer event has been set. If the event is an end event of the tail task (N), the process returns to step 811 to start the top task. In other words, the high-speed replay process reduces the time for catching up with the task status of the active computer 10 by omitting the periodic waiting time Q94 as indicated by 821. The degree of shortening is proportional to the ratio of the periodic waiting time Q94 to the processing time P93 of the task 81. Details will be described in the recovery means selection process of FIG. If step 815 is a set timer event (Y), the timer / signal event is notified to the task management middle 71 of the standby computer 20. As shown in the AP control processing and event processing 97 in FIG. 5, the data matching middle 51 performs the processing of the OS 41 that performs timer / signal event notification in the active computer 10 in this processing.

  FIG. 11 shows differential transfer processing which is another multiplex system recovery means. Step 901 waits for a processing request. As processing requests, there are a request for differential transfer pre-processing from step 306 and a differential transfer request when differential transfer is selected as a recovery means in step 308. In step 902, it is determined whether the request for differential transfer preprocessing from step 306 is required. In step 903, if the processing request is a difference transfer pre-process (Y), a difference creation process is performed. As in step 304, considering the overhead of the difference creation process, a child process dedicated to the difference creation process may be generated and executed by the core of another arithmetic device 11 on which the task is executed. Details will be described later.

  In step 912, in the case of a difference transfer request (N), it is determined whether there is a transferable difference created in step 903. If there is a difference in step 912 (Y), the process proceeds to step 913. If not (N), the process proceeds to the end of difference creation in step 921. In step 913, the difference created in step 903 is transferred to the standby computer 20. As in step 304, considering the overhead of the transfer process, a child process dedicated to the transfer process may be generated and executed by the core of another arithmetic device 11 on which the task 81 is executing.

  Step 914 waits for a differential copy completion notification from the standby computer 20. The standby computer 20 copies the difference transmitted by the active computer 10 and notifies the active computer 10 of the completion of the differential copy. When the differential copy completion notification is received, the process returns to step 911. In step 921, a difference creation completion notification is sent to the processing in step 903, and the process returns to step 901.

  FIG. 12 shows the difference creation process in step 903. Step 1001 determines whether or not a difference creation end notification has been received. In step 1002, when the end notification is received (Y), the difference creating process is ended. If the end notification is not received in step 1011 (N), it is determined whether or not the storage area update monitoring flag transmitted in step 304 is ON. In step 1012, when the storage area update monitoring flag is ON (Y), it is confirmed whether the processing end of the tail task 81 has been executed. If the process has not been completed, the process returns to step 1001.

  Step 1013 checks for storage area updates. For example, if the storage area is the memory and the OS 41 is Linux (registered trademark), the middle layer can be checked by checking the file contents of / proc / pid / pagemap. Step 1014 copies the contents when the storage area is updated. In this step, the processing difference from the step 304 to the R-th and R + 1-th processing and the processing cycle R + n-th processing difference is saved in the memory as a difference .glb as 1031. If the storage area is a memory, it is recorded in units of pages, and a plurality of differences .glb having a page unit size, for example, 4 KB are created. The number of differences.glb is an integer obtained by dividing the size of the changed storage area by the page unit. Therefore, depending on the processing of the task 81, there is a possibility that a difference .glb of the amount of the total size of the data matching target area is created. If the amount of the difference exceeds a certain amount, the recovery time may be longer in the multiplex system recovery by differential transfer, and the recovery may not be possible. Therefore, it is necessary to make a determination to switch to the restoration processing by high-speed replay in FIG. This determination will be described in the recovery means selection process in FIG.

  Step 1015 updates the DIFF information of the matched data identifier in the matched data management table 53 of FIG. 4 (b). First, the memory address of the difference created in step 1014 is set as the storage address of the DIFF management information of the matching data identifier in the matching data management table 53, and the size of the difference is set as the size of the management information. Next, 1 is added to the number of data in the matched data management table 53.

  In step 1016, when the differential copy is completed, the monitoring flag for updating the storage area is turned OFF. Also, the storage area change monitoring process is reset. For example, if the storage area is memory and the OS 41 is Linux, update monitoring can be cleared even in the middle layer by setting the file contents of / proc / pid / clear_refs. The update during the task processing time P93 in FIG. 5 is checked by the above steps, and a difference is created at the task waiting time Q94. Next, the process returns to step 1001.

  FIG. 13 shows recovery means selection processing based on the recovery processing time performed by the processing time determination unit 56. Step 1101 calls the operation percent calculation unit 54 to calculate [Q / P] of the ratio of the period waiting time Q to the execution time P within one period of the period T in FIG. Step 1102 calls the storage area difference calculation unit 55 to calculate [N / Δ] of the ratio of the bandwidth (N) that is the transfer amount of the internal network to the total difference amount (Δ) of 1031. In step 1103, [Q / P] calculated in step 1101 is compared with the amount obtained by subtracting 1 (period) from [N / Δ] calculated in step 1102 ([N / Δ] −1).

  In step 1104, if [Q / P] is large, an input synchronous log transfer request is transmitted to step 501 as high-speed replay processing request processing, and multiplex system recovery by high-speed replay is performed. In step 1105, if [Q / P] is not large, a differential transfer request is transmitted to step 901, and multiplex system recovery by differential transfer is performed.

  The basis for the judgment in step 1103 will be described below. First, related terms are summarized.

M [byte]: Total amount of storage area subject to data matching
N [byte / sec]: Transfer amount of the internal network 31. Band
T [sec]: Task execution cycle time in Figure 5
P [seconds]: Total task execution time within the period in Figure 5
Q [seconds]: Waiting time until the next task in the cycle of FIG. 5 Δ [byte]: The following properties can be derived by parameters greater than the total amount of storage area differences required for 1031 multiple system recovery.
L1. The number of cycles that the task 81 of the active computer 10 can execute in the time (RD of 311) for transferring the total amount of the storage area to be matched to the standby computer 20 is as follows.

Number of cycles = M / N x 1 / T
L2. In the high-speed replay processing of FIG. 10, the time (αT) until the standby computer 20 catches up with the processing of the active computer 10 can be calculated by the following formula.

αT = (M / N × 1 / T) / [Q / P]
L3. The time (αT) until the standby computer 20 catches up with the processing of the active computer 10 in the differential transfer processing of FIG. 11 can be calculated by the following formula.

αT = (M / N × 1 / T) / ([N / Δ] −1)
L3-1. Conditions for convergence of the multiple system recovery processing time by the differential transfer processing in FIG. 11 are as follows.

[N / Δ]> one cycle time
L4. From L2 and L3, it is necessary to select a means to shorten the time (αT) until catching up with the processing of the active computer 10 in order to shorten the time required to recover the multiple system. / Δ] -1) is compared, and if the one with a larger value is selected, αT becomes smaller, so that the multiplex system recovery time can be shortened.
FIG. 14 shows the processing of the operation ratio calculation unit.

  In step 1201, timer interval information set by the head task 81 is acquired from the timer management table 73 and set to t1.

  In step 1202, the generation time of the data source identifier 61 of the synchronous data management table 52, which is the content of the input log created in the input synchronization creation processing 503, is read and set as t2 as the processing start time of the first task 81. First, the log of the data source identifier 61 is created after the input synchronization process in the input synchronization log creation process of FIG. In addition, since the start task processing is started after the input synchronization processing in FIG. 6 is completed, the start task processing start time can be used. However, as described above, the task start time can be calculated by the calculation method P in FIG. 5, and the calculation method is not limited to the present embodiment.

  In step 1203, the generation time of IPC_3 used at the end of the tail task is read from the data source identifier 72 of the synchronous data management table 52, and the end time t3 of the tail task is set.

  In step 1204, a task group processing time P is calculated from the difference between t2 set in step 1202 and t3 set in step 1203.

  In step 1205, t2 set in step 1202 is added to t1 set in step 1201, and the time when the head task starts processing next is calculated. Also, the waiting time Q of the task group is calculated from the difference between the calculated time and t3 set in step 1203.

In step 1206, the ratio of the task group waiting time Q calculated in step 1205 to the task group processing time P calculated in step 1204 is calculated.
FIG. 15 shows the processing of the storage area difference calculation unit.

  In step 1301, the number of data of the matched data identifier DIFF in the matched data management table 53 is read.

  Step 1302 calculates the total size of the management information of the matching data identifier DIFF in the matching data management table 53 for the number of data, and calculates the total amount Δ of the storage area differences created between the RDs in FIG. .

  In step 1303, the bandwidth of the internal network is acquired, and a ratio N / Δ with respect to the total amount Δ of the difference calculated in step 1302 is calculated.

DESCRIPTION OF SYMBOLS 10 ... Active computer, 11 ... Arithmetic unit, 12 ... Storage device, 13 ... Communication device 1, 14 ... Communication device 2, 20 ... Standby computer, 31 ... LAN for connecting between active computer and standby computer, 32 ... external network connecting active computer and standby computer to external computer, 41 ... OS, 51 ... data matching middle, 52 ... synchronized data management table, 53 ... matched data management table, 54 ... operational percent calculation unit, 55 ... Storage area difference calculation unit, 56 ... Processing time determination unit, 61 ... Communication middle, 71 ... Task management middle, 72 ... Task management table, 73 ... Timer management table, 74 ... Signal management table, 75 ... Area management table, 81 ... task, 91 ... task processing and timing overview, 92 ... cycle, 93 ... execution time P, 94 ... cycle waiting time Q, 95 ... external input buffering time INQ_T, 96 ... input synchronous communication processing time ST, 97 ... task Control processing and event processing

Claims (5)

A storage area matching device for a multiplexed computer composed of an active computer that periodically executes a program and a standby computer prepared for switching to an active computer from the active computer,
An operation rate calculation unit for obtaining an execution time rate of the program in the cycle of the active computer;
A storage area difference calculation unit for obtaining a difference between the storage area of the active computer and the storage area of the standby computer generated by the operation of the program;
Based on the execution time ratio of the program received from the operation ratio calculator and the difference data amount between the storage area of the active computer and the storage area of the standby computer received from the storage area difference calculator. The storage area of the standby system computer is made to match the storage area of the active system computer by executing processing that is not being executed by the standby system computer, or the storage area of the active system computer and the storage of the standby system computer. Processing time judgment to select whether to match the storage area of the standby computer with the storage area of the active computer by sending the difference data of the area from the active computer to the standby computer and reflecting it in the storage area of the standby computer A storage area matching device for a multiplexed computer.   The processing time determination unit obtains the transfer time of data to be sent from the active computer to the standby computer based on the speed of the communication path connecting the active computer and the standby computer, and executes on the active computer based on the determined transfer time. Either the standby computer executes processing that is not being executed by the standby computer, or the difference data between the storage area of the active computer and the storage area of the standby computer is sent from the active computer to the standby computer. 2. The storage area matching apparatus for a multiplexing computer according to claim 1, wherein whether to be reflected in the storage area is selected. A processing storage unit for storing the input data and output data of the program;
When the processing time determination unit is executed by the active computer and the processing not executed by the standby computer is executed by the standby computer, the program is executed by the standby computer using the input data and output data stored in the processing storage unit. 3. The storage area matching apparatus for a multiplexed computer according to claim 2, wherein the storage area of the standby computer is made to coincide with the storage area of the active computer by executing.   In a multiplexed computer system consisting of an active computer and a standby computer that periodically execute programs, the input data processed by the active computer is buffered, and the buffered input data is processed by the program of the active computer And transmitting to the standby computer during the idle time until the program processing of the next cycle starts, and executing the program of the standby computer corresponding to the program using the input data received by the standby computer A data matching device for a multiplexed computer, characterized in that the storage area of the standby computer is matched with the storage area of the active computer.   If the time to send the buffered input data to the standby computer is less than the idle time of the active computer, the time to send the input data to the standby computer without sending the buffered input data to the standby computer 5. The data matching apparatus for a multiplexed computer according to claim 4, wherein when the free time is exceeded, input data that can be transmitted in the free time is transmitted to the standby computer.

Images