JP2849780B2 - Computer system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer system that automatically restarts when a fault occurs and its operation is stopped.
On Temu.

[0002]

2. Description of the Related Art When configuring a computer system, measures are taken to cope with a failure such as a hardware failure or a program runaway. For example, in order to prevent a delay in processing due to the suspension of operation, the same computer system is provided as a spare in addition to the normally operating computer system, and when a failure occurs, the operation is immediately switched to the spare computer system. There is. In addition, when the suspension of operation is not a problem, a single computer system having no spare computer system is used. Here, the single computer system (hereinafter simply referred to as a computer system) will be described as an example.

FIG. 2 shows a configuration diagram of a conventional computer system. In the figure, a computer system 1 includes a system control device 2 for controlling and managing the entire system, an operator conversation device 3 and a processing device 5 connected to the system control device 2.

[0004] The system control device 2 is composed of a processor or the like for monitoring whether the processing device 5 is activated and whether or not the operation thereof is performed normally. The operator conversation device 3 is a terminal device that includes a keyboard, a display, and the like that are operated by an operator, and that inputs various commands to the system control device 2 and the like. Processing device 5
Is for actually performing data operation and the like, and comprises a processor 6, a main storage device 7, and a disk device (secondary storage device) 8. Each unit is connected by a common bus 4. The processor 6 controls and manages each unit constituting the processing device 5. The main storage device 7
It comprises a RAM and the like for storing programs and data necessary for the operation of the processor 6. The disk device 8 stores data using a recording medium such as a hard disk, and is provided with a magnetic disk 9.

In the computer system 1 having the above configuration,
A boot program for starting the processor 6 is stored in the system control device 2 in advance. The magnetic disk 9 of the disk device 8 stores an initial program for loading a basic program that controls the operation of the system.

[0006] When a start instruction is input from the operator conversation device 3 to the system control device 2, the system control device 2 transfers the boot program to the main storage device 7 via the common bus 4. Further, it issues a start instruction to the processor 6. Upon receiving this activation instruction, the processor 6 executes the boot program stored in the main storage device 7, and then reads the initial program from the disk device 8 and stores it in the main storage device 7. Further, the initial program is executed, and the activation of the basic program for controlling system operation and operation is completed. The start of the computer system 1 is completed by the above procedure.

[0007] On the other hand, the processor 6 issues a reset instruction of a monitoring timer provided in the system control device 2 at a constant cycle to notify the system control device 2 that the operation is normal. If the timer reset instruction is not issued and the monitoring timer performs a predetermined count, the system control device 2 determines that a failure such as a program runaway of the processor 6 has occurred, and forcibly stops the operation of the processor 6. To stop. Further, the processor 6 includes the processing device 5
When it recognizes that a hardware failure has occurred in each of the constituent elements, it stops its operation by itself. In this case, since the system control device 2 is not interrupted, the system control device 2 can recognize that the processor 6 has stopped (occurrence of a failure).

When the system control device 2 recognizes that the processor 6 has stopped, the system control device 2 communicates through the operator conversation device 3 or the like.
Notify the operator of the failure. When the operator recognizes that a failure has occurred in the computer system 1 and the operation has been stopped, the operator investigates the cause of the failure and then restarts, that is, inputs a startup instruction using the operator conversation device 3. Become.

If the operation stop time is limited and the cause of the failure can be canceled by resetting the processor 6 or the like, the operator issues an instruction to reset the processor 6 from the operator conversation device 3. input. At this time, in order to analyze the cause of the failure later, the processor 6 itself triggers the reset instruction of the processor 6 to reset the failure at the time of the failure stored in the internal register indicating the state of the processor 6 at present. The history of the input / output commands stored in the control unit of the disk device 8 such as the address of the execution program and the value of the operation, the input / output execution status and the value of the hardware abnormality of the disk device 8 are stored in the main storage device 7. A process of copying status information including checkpoint data indicating the progress of the process , data of the execution process of the program, and the like to the main storage device 7 is performed.

The operator inputs an instruction to execute a transfer program for storing the status information copied to the main storage device 7 in the disk device 8 from the operator conversation device 3 and then issues a system restart instruction. Based on the status information copied to the disk device 8, a maintenance operator later analyzes a failure of the computer system 1.

As a method of automatically restarting the computer system 1 which is operated unattended without an operator or the like, the processor 6 detects a failure and stops its operation. At that time, the processor 6 itself may refer to the fixed address of the main storage device 7 and restart unconditionally, that is, perform an operation based on the initial program or the like already stored in the main storage device 7.

[0012]

However, in the case of the computer system 1 which is operated unattended, if the computer system 1 is restarted unconditionally after the operation is stopped, the situation information at the time of failure occurrence cannot be saved. Had occurred. Also,
In the computer system 1 that saves the status information indicating the state of the processor 6 when the operation is stopped and then starts again, there is a problem that an operator must be always present and various operations must be performed. Furthermore, there is a method of duplicating a computer system and continuing operation with another system while investigating a system in which a failure has occurred. However, it costs about twice as much to prepare two identical systems. Had occurred.

The present invention has been made in view of the above points, and there is no need to construct a duplex system. If a failure occurs, the operation is immediately restarted (restarted) without operator intervention. The present invention provides a computer system capable of performing a failure analysis later.

[0014]

SUMMARY OF THE INVENTION The present invention is directed to a preset
Processor for executing predetermined processing, and the processor
Processing device provided with a secondary storage device for storing information referred to by
And a system for detecting and recovering from a fault in the processing unit.
System control device, wherein the system control device is
Fault detecting means for detecting a fault in the processing device;
Failure information indicating the status of the storage device is stored in the secondary storage device
First storage for storing a copy instruction flag for giving an instruction
Storage means and a restart instruction for restarting the processor.
Second storage means for storing an operation instruction flag;
When the operation of the storage device is started, the duplicate
Set the copy instruction flag and the restart instruction flag respectively.
Flag setting means for setting the
The first and second storage means in response to detection of harm occurrence
The copy instruction flag and the restart instruction flag stored in
The status of the lag is read and the copy instruction flag is set.
The fault information is stored in the secondary storage device
Processing and resetting the copy instruction flag,
If the restart instruction flag is set,
Restart processing for restarting the processor and the restart instruction
Characterized by having means for resetting the flag
Computer system.

[0015]

The first and second storage means are provided in the system controller.
Provided by the flag setting means when the operation of the processing device is started.
A copy instruction flag in the first storage means;
To set the restart instruction flag respectively. Of processing equipment
If a failure occurs during operation, flag processing and resetting means
Indicates that the copy instruction flag is set in the first storage means.
And copying the status information to the secondary storage device.

[0016] Further, the flag processing / resetting means is provided in the second
Check that the restart instruction flag is set in the storage
Check and restart the processor. And the flag processing
And resetting means for resetting the first and second storage means.
Do Therefore, if a failure occurs again in the processing unit,
If this is the case, copy the status information and restart the processor.
Is not done.

[0017]

1 is a block diagram showing a computer system according to the present invention. In the figure, a computer system 1 includes a system control device 2 for controlling and controlling the entire system, an operator conversation device 3 connected to the system control device 2, and a common bus, in the same manner as described above with reference to FIG. And a processing device 5 connected thereto via the control unit 4. Note that the same parts as those in FIG. 2 are denoted by the same reference numerals, and redundant description will be omitted. The system control device 2 includes a failure detection unit 21, a restart execution unit 22, an operation selection setting unit 23, and a ROM 24 storing a boot program.

The fault detecting means 21 detects a fault in the processing device 5;
For example, it detects runaway or operation stop of the program of the processor 6, and includes a monitoring timer (for example, a watchdog timer). When the failure detecting means 21 detects a failure, the restart executing means 22 issues a restart instruction to the processor 6 and instructs the storage of status information to the magnetic disk 9 based on the contents indicated by the operation selection setting means 23. ,
Then, the contents of the operation selection setting means 23 are changed.

The operation selection setting means 23 includes a first flag (copy instruction flag) indicating whether or not the status information is stored on the magnetic disk 9 and whether or not to restart the processor 6 (processing device 5). The second flag (restart instruction flag) indicates whether or not the restart flag has been set. The first and second flags are normally set, and allow the restart execution means 22 to store the status information on the magnetic disk 9 and restart the processor 6. Note that the restart execution means 22 resets the first flag when storing the status information.

Here, the operation selection setting means 23 will be described in detail with reference to FIG. FIG. 3 is a configuration diagram of the operation selection setting means 23. As shown in the figure, the operation selection setting means includes OR gates OR1 to OR4 and flip-flops F1 and F2. The inputs of the OR gates OR1 and OR3 include the operator conversation device 3,
Input signals IN1, IN2, I output from the processor 6
N6 and IN7 are input. OR gate OR2, O
The input of R4 includes the input signal I output from the operator conversation device 3, the processor 6, and the restart execution means 22.
N3 to IN5 and input signals IN8 to IN10 are input.

The output of the OR gate OR1 is the set signal S
The output signal of the OR gate OR2 is input to the reset terminal R of the flip-flop F1 as the reset signal RS1. Similarly, the output of the OR gate OR3 is output to the set terminal S of the flip-flop F2 as the set signal SS2.
The output signal of the OR gate OR4 is input to the reset terminal R of the flip-flop F2 as a reset signal RS2.

The output signal (copy instruction flag OUT1) output from the output terminal Q of the flip-flop F1 is recognized by the restart executing means 22 as the copy instruction flag described above. Similarly, the output terminal Q of the flip-flop F2
Output signal (restart instruction flag OUT2)
Is recognized by the restart executing means 22 as the restart instruction flag described above.

In the operation selection setting means 23 having the above configuration, when the system control device 2 is started up, all of the input signals IN1 to IN10 are set to low level, and the flip-flops F1 and F2 are reset. That is, the copy instruction flag OUT1 and the restart instruction flag OU
Both T2 are reset (low level). In this state, for example, when setting the copy instruction flag OUT1 and restart instruction flag OUT2, set the input signal IN1 or the input signal IN2, the input signal IN6 or input signal IN7 to a high level (enabled).

The flip-flops F1 and F2 receive the inputs of the set terminal S and the reset terminal R (perform the operation by inputting the clock pulse), and reflect the input to the output terminal Q. In this case, the set terminal S of the flip-flops F1 and F2 is at a high level and the reset terminal R is at a low level, so that the output terminal Q is set at a high level. Thereafter, each input signal set to the high level is set to the low level again at a predetermined timing at which the reception of the flip-flops F1 and F2 is completed. At this time, the output terminals Q of the flip-flops F1 and F2 maintain the state of receiving the input first.

Next, when resetting the copy instruction flag OUT1 and the restart instruction flag OUT2, the input signal IN
One of the input signals IN8 to IN10 and any one of the input signals IN8 to IN10 are set to a high level. Flip-flop F1,
When F2 receives the input of the set terminal S and the reset terminal R, respectively, it sets the output terminal Q to the low level because the set terminal S is at the low level and the reset terminal R is at the high level. Thereafter, each input signal set to the high level is set to the low level again at a predetermined timing at which the reception of the flip-flops F1 and F2 is completed.

The operation of the restart execution means 22 will now be described with reference to FIG. FIG. 4 shows the restart execution unit 22.
4 is an operation flowchart of FIG. The copy instruction flag O
It is assumed that both the UT1 and the restart instruction flag OUT2 are set.

When the failure detecting means 21 detects a failure in the processing device 5, the restart executing means 22 executes the operation selection setting means 23.
Is read, and it is determined whether or not it is set, that is, whether or not the content is "1" (step S1). If the result is YES, the restart execution means 22 resets the copy instruction flag OUT1,
That is, the input signal IN5 is made valid (step S2), and the status information copying program is started to copy the status information by the processor 6, that is, store it on the magnetic disk 9 (step S3).

The restart execution means 22 determines whether the copying of the status information by the processor 6 has been completed (step S4). If the result of step S4 is YES, the restart instruction flag OUT2 of the operation selection setting means 23 is read, and it is determined whether or not it is set, that is, whether or not the content is "1" (step S5). This result is YE
In the case of S, the restart execution means 22 outputs the restart instruction flag O
The UT 2 is reset, that is, the input signal IN10 is made valid (step S6), and a restart process such as resetting of the processor 6 is executed (step S7), and the process ends.
If the result of step S1 is NO, the process proceeds to step S5, and if the result of step S4 is NO, step S5 is performed again.
4 are performed.

Next, the operation of the computer system 1 will be described with reference to FIGS. First, FIG. 5 is a first timing chart according to the present invention. Here, it is assumed that the processor 6 automatically sets the copy instruction flag OUT1 and the restart instruction flag OUT2 only once based on the boot program 24.

First, at timing T1, the processing device 5
Is started, the processor 6 executes an IPL (Initial Program Loader) process for loading the boot program 24 from the system control device 2 into the main storage device 7. When the IPL processing is completed at the timing T2, the computer system 1 starts normal operation.
When a predetermined time has elapsed after the start of this operation, the processor 6 sets the input signals IN2 and IN7 to valid,
Copy instruction flag OUT1 and restart instruction flag OUT2
Is set.

Thereafter, when a failure occurs in the processing device 5 at the timing T3, the processing device 5 stops its operation and waits for an instruction from the system control device 2.
The failure detection means 21 of the system control device 2
When the failure is detected, the restart execution means 22 is started.

The restart execution means 22 includes a copy instruction flag O
When reading UT1 and recognizing the set state,
The input signal IN5 is made valid, and the copy instruction flag OUT1 is reset. At timing T4, the status information is copied. When the copying of the status information is completed, the restart execution means 22 reads the restart instruction flag OUT2, and when recognizing the set state, the input signal IN10.
Is enabled, the restart instruction flag OUT2 is reset, and at timing T5, the processing device 5 is started up again, and the process is terminated.

After the execution of the IPL process, the processing device 5 starts operation at timing T6. Note that, when a failure occurs once and the restart is performed, the processor 6 does not set the copy instruction flag OUT1 and the restart instruction flag OUT2, and keeps the reset state. Therefore, even if a failure occurs again at the timing T7, the restart execution unit 22 waits for the operator's response without copying the status information and performing the restart.

FIG. 6 is a second timing chart according to the present invention. Here, it is assumed that the operator's conversation device 3 is operated to set the copy instruction flag OUT1 and the restart instruction flag OUT2. First, timing T1
1, when the processing device 5 is started up, the processor 6 loads the IPL (Initia) which loads the boot program 24 from the system control device 2 to the main storage device 7.
lProgram Loader) processing.

When the IPL processing is completed at timing T12, the computer system 1 starts normal operation. During this operation, the operator's conversation device 3 is operated,
The input signals IN1 and IN6 of the operation selection setting means 23 are set to be valid, and the copy instruction flag OUT1 and the restart instruction flag OUT2 are set.

Thereafter, when a failure occurs in the processing device 5 at the timing T13, the processing device 5 stops its operation and waits for an instruction from the system control device 2. Upon detecting a failure in the processing device 5, the failure detection unit 21 of the system control device 2 activates the restart execution unit 22.

The restart execution means 22 includes a copy instruction flag O
When reading UT1 and recognizing the set state,
The input signal IN5 is made valid, and the copy instruction flag OUT1 is reset. At timing T14, the status information is copied. When the copying of the status information is completed, the restart execution means 22 reads the restart instruction flag OUT2, and when the set state is recognized, the input signal IN
10, the restart instruction flag OUT2 is reset, the processing device 5 is started up again at timing T15, and the fact that a failure has occurred in the operator conversation device 3 is notified, and the process is terminated.

After the execution of the IPL process, the processing device 5 starts operation at timing T16. During the operation of the processing device 5, the operator conversation device 3 sets the copy instruction flag OUT1 and the restart instruction flag OUT2 again. If a failure occurs again at timing T17, copying and restarting of the status information at timing T18 are performed again, and
, And operation start at timing T20. As described above, when the restart is permitted a plurality of times, the status information is not copied at the time of the second and subsequent restarts or is copied to a different area on the magnetic disk 9 so that the failure which occurred first may be performed. The situation in which the situation information is lost can be avoided.

When the status information is stored in a different area on the magnetic disk 9 (for example, an area change due to a file name change), the restart execution means 22 is provided with a counter for counting the number of times a failure has occurred. Then, when a failure occurs and the status information is copied, the restart execution unit 22
Is a magnetic disk 9 using a counter value as a parameter.
The status information is recorded in the upper predetermined area. Further, the restart executing means 22 counts up the counter every time the status information is copied. Therefore, the parameters change sequentially, and the area on the magnetic disk 9 can be changed without overlapping.

[0040]

According to the computer system of the present invention having the above configuration,
Then , if a failure occurs in the processing unit, save the status information used to understand the content of the failure and restart the processing unit.
Perform a restart based on the flag that was set to start,
After that, to save the status information and prevent restart ,
Because the resetting is set to reset , even in an unattended system, failure analysis work and the like can be performed later, and furthermore, since the failures occur continuously, the situation information based on the first failure is destroyed. Eliminate the risk of

[Brief description of the drawings]

FIG. 1 is a block diagram of a computer system according to the present invention.

FIG. 2 is a configuration diagram of a conventional computer system.

FIG. 3 is a configuration diagram of an operation selection setting unit.

FIG. 4 is an operation flowchart of a restart execution unit.

FIG. 5 is a first timing chart according to the present invention.

FIG. 6 is a second timing chart according to the present invention.

[Explanation of symbols]

 2 System control device 3 Operator conversation device 5 Processing device 6 Processor 7 Main storage device 8 Disk device 21 Failure detection means 22 Restart execution means 23 Operation selection setting means

Claims (1)

(57) [Claims] 1. A processor that executes a predetermined process that is set in advance, a processing device that includes a secondary storage device that stores information referred to by the processor, and a system that detects and recovers from a failure in the processing device. and a control unit, the system control equipment, the process and the failure detection means for detecting a failure of the apparatus, said processing said secondary storage device failure information indicating the state of the device
Stores a copy instruction flag for giving an instruction to store in
A first storage unit, and a restart instruction flag for instructing a restart of the processor.
Second storage means for storing the first and second storage means when the operation of the processing apparatus is started.
The column indicates the copy instruction flag and the restart instruction flag.
A flag setting means for setting each of them; and
The copy instruction file stored in the first and second storage means.
Read the status of the lag and the restart instruction flag,
If the copy instruction flag is set, the failure information
For storing in the secondary storage device and the copy instruction file.
Reset the lag and set the restart instruction flag.
Restart the processor if it has been
For performing dynamic processing and resetting the restart instruction flag
A computer system comprising: