WO1985002925A1 - Computer controlled systems - Google Patents

Computer controlled systems Download PDF

Info

Publication number
WO1985002925A1
WO1985002925A1 PCT/GB1984/000445 GB8400445W WO8502925A1 WO 1985002925 A1 WO1985002925 A1 WO 1985002925A1 GB 8400445 W GB8400445 W GB 8400445W WO 8502925 A1 WO8502925 A1 WO 8502925A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
information
data
bit
bits
Prior art date
Application number
PCT/GB1984/000445
Other languages
French (fr)
Inventor
Göran Anders Henrik HEMDAL
Original Assignee
Hemdal Goeran Anders Henrik
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hemdal Goeran Anders Henrik filed Critical Hemdal Goeran Anders Henrik
Publication of WO1985002925A1 publication Critical patent/WO1985002925A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1012Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1048Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using arrangements adapted for a specific error detection or correction feature
    • G06F11/106Correcting systematically all correctable errors, i.e. scrubbing

Definitions

  • the invention relates to computer controlled systems and is particularly concerned with arrangements for improving memory securing and reliability of computer controlled systems.
  • the invention is applicable for example to a standard CPU.such as represented by Motorola MC 68000. INTEL 1APX 286, etc. and the memory accessed from this CPU, for instance to be included in a Master Control Unit.
  • the invention allows memory faults and spurious errors to be detected before a memory element is accessed by a normally executed instruction, thereby enabling preventive fault elimination.
  • the invention also allows a certain type of variable dynamic transposition of memory contents, thereby making meaningful interpretation of the memory contents impossible without knowledge of the correct key.
  • Each computer has at least one associated memory where information may be stored in binary form.
  • Figure 1 shows a typical computer consisting of a Central Processing unit (CPU) and a connected memory (M).
  • the memory is addressed via an Address Bus (ABUS) containing k address bits.
  • ABUS Address Bus
  • the memory itself contains 2k memory words, each one containing N information bits.
  • ADEC Address Bus Decoder
  • R Real Control Signal
  • DBUS Data Bus
  • the normal way of detecting and in certain cases, correcting spurious inadvertent errors is by providing redundancy in some form.
  • the N information bits in a memory word are therefore grouped into data bits which carry the actual information and redundancy bits, which are used only for error detection purposes as illustrated by Figure 2.
  • the redundancy bits may also be used for error correction purposes.
  • parity checking The simplest method of error detection by means of redundancy bits is the well known parity checking method, where a single redundancy bit, the so called parity bit is used.
  • the parity of a complete memory word is specified as odd or even. depending on whether the number of bits containing a one is odd or even. All memory words are thereby specified to have the same parity (i.e. either odd or even) when no error exists.
  • the parity bit can always be set so that, independently of the parity of the data bits, even parity for the total memory word is achieved. Any spurious single bit error or, in general, any odd number of bit errors will now show up as a parity error.
  • the parity bit may thus be used to detect spurious errors, but it cannot be used to localise or correct the errors, because any odd number of bit errors gives the same error indication. Also, parity checking does not give any error indication for an even number of bit errors.
  • the fault detection capability may be increased, even to the extent to obtain fault correction capabilities in certain cases. This is for instance the case with so called "Hamming" codes where multiple errors may be detected and single errors corrected.
  • the fault detection and -correction capability may be even more increased by increasing the number of redundancy bits to the same number as the data bits (duplication) .
  • errors may be found by means of a bit-by-bit comparison as illustrated in Figure 4, where comparison is indicated by 0.
  • SUBSTITUTE SHEET is obtained for the original data bits, assuming even parity. Thus the data bits are in error and the actual value should be taken from the redundancy bits. However, if an even number of bits are in error, then no parity indication will be obtained or even, if an odd number of bits are in error among the data bits and an odd number of bits are in error among the redundancy bits, thereby making the total number of errors even, both sides will indicate a parity error.
  • One class of error is the multiple bit error, where the pit pattern formed by the faulty bits happen to conform to a valid bit pattern. An example of this is the even number of bit errors by parity checking,
  • a second class of undetected errors is the "stuck" bit error where the actual value of the bit happens to be the value to bit isd "stuck" in. In this case the error will not be detected before the bit value is actually changed.
  • a scheme which might be utilized to detect "stuck" memory bits is to use a "refresh" routine, which cyclically scans through the memory, word by word and for each word reads the contents of the word, inverts these contents and writes them back, reads the contents a second time and rewrites the original contents into the memory word, the two read contents may now be compared whereby each bit of the first content must be different from the corresponding bit value of the second content. Any equality on the bit level indicates a "stuck" bit.
  • this method requires that the memory is locked for reading from any other process to prevent the temporarily inverted value from being read by anybody else than the "refresh” function, which significantly will increase the waiting times on the memory and thereby unacceptably reduce the performance of the total system.
  • the invention aims to improve the capability for off-line detection without introducing the drawbacks described above. Simultaneously the invention also offers a means of coding the information in memory so that this information cannot readily be interpreted without the aid of the invention.
  • Figure 5 illustrates the basic principle of the invention.
  • Each information word is associated with a number (M) of data bits, a number (P) of redundancy bits and a single Control Bit.
  • the information and redundancy bits have their conventional functions. The number of information and redundancy bits is not dependent on the invention.
  • the Control Bit determines how the information in memory is to be interpreted, so that one of the possible values of the Control Bit causes the information to be interpreted directly as is, while the opposite value cause the information to be inverted before interpretation. In the following it is assumed that the value "0" of the Control bit controls the direct interpretation.
  • the Control Bit In order for the use of the Control Bit to be meaningful, the Control Bit must be able to vary, preferably in a random or semi-random fashion.
  • One way of achieving this effect is to connect the Control Bit to a third gate G3, which inverts the Control Bit value each time the associated memory word is read. Hence, if the Control Bit is zero and the memory word is read, then the Control Bit is changed into a one. If now a new value is written into the memory word then the value will be physically written into the memory in inverted form, because the Control Bit now has the value "1". Writing of information into the memory has no effect on the value of the Control Bit.
  • FIG. 7 shows a possible realisation of the invention by means of a Master Control Unit (MCU) inserted between the Memory (M) and the CPU.
  • MCU Master Control Unit
  • Each physical memory word in the memory M contains its own data bits, redundancy bits and a single control bit according to the principle described with the aid of Figure 5.
  • the MCU contains three registers, a Data Bit Register (DBR), a Redundancy Bit Register (RBR) and a Control Bit Register (CBR) for temporary buffering of the data bits, the redundancy bits and the control bit respectively.
  • DBR Data Bit Register
  • RBR Redundancy Bit Register
  • CBR Control Bit Register
  • the MCU On recognizing the Read signal (R) the MCU asserts a Read Signal of its own to the memory (M), whereby the contents of the identified word (information bits D Q - D are transferred from the memory (M) to the MCU via the secondary data bus (DBUS2). On reception of the information the MCU buffers the
  • the CPU When information is to be written into the memory, then the CPU asserts the address in the same way as for reading, asserts the information bits to be written ( D ⁇ D N _ ⁇ ) on t ⁇ e Data Bus (DBUS) and asserts a Write (W) signal to the MCU.
  • the MCU On reception of this Write Signal the MCU first buffers the data bits into the DBR register and the redundancy bits into the RBR register. The CBR register is unaffected by this transfer. If, however, the current contents in CBR is a 1", then the information in DBR and RBR is again inverted by means of the gates G2R and G2D. No inversion occurs if CBR contains a "0". Finally the current contents of the three buffer registers CBR, RBR and DBR are transferred to the indicated word in the memory M as a result of the MCU asserting its own Write signal (W) to the memory.
  • W Write
  • this new refresh routine does not need to lock the memory for readout at any time during the refresh cycle, because the logic information read out from the memory will be the same regardless of whether it is physically stored in direct or in inverted form.
  • This new refresh routine is as such not the subject of the invention although the invention does form the basis of the refresh routine.
  • Figure 8 shows a different possible realisation of the invention.
  • the memory M is assumed to contain only data and redundancy bits within the control bits physically - ⁇ u -
  • CBM Control Bit Memory
  • FIG 8 has the advantage that it offers a simple means of encryption of the information held in the memory M, because the contents of the memory M cannot now be interpreted without the knowledge and existence of the key held in the CBM, provided that the redundancy bits in the memory are not dependent on the value of the associated control bit(s).
  • Figure 9 shows a possible arrangement for the utilisation of this additional capabaility of the invention.
  • an extra control signal (C) is used between the CPU and the MCU.
  • This control signal may be realised by any conventionally available technique, i.e. a direct signal, a code etc.
  • the Control Bit Memory is partitioned into two parts, one part (CBM) consisting of a read/write memory while the second part (10 ROM) consists of a read only memory.
  • Both the CBM and the 10 ROM part are accessed by means of the Address Decoder ADEC2.
  • the CBM part is, in Figure 9, associated with the memory addresses ) - (q - 1) and the 10 ROM part with the memory addresses q - 2k—1.
  • the addresses associated with the 10 ROM part are not critical for the invention, i.e. these addresses may specify any contiguous address range.
  • the part of the memory M accessed through the address codes associated with the 10 ROM is designated as the 10 BUFFER.
  • This 10 BUFFER and the associated 10 ROM are used as follows.
  • the 10 ROM contains a fixed bit pattern, which bit pattern is known to the manufacturer of the computer system, and which bit pattern may be different for each individual computer installation. Any software delivered by a manufacturer to a particular customer, for instance held on a diskette as shown in Figure 9, will contain the physical values of the data and redundancy bits for each memory word, assuming the actual values of the control bits held in the 10 ROM.
  • the CPU When loading the software on such a diskette by means of a suitable 10 Device (IODEV), then the CPU will transfer the information from the diskette to consecutive words of the 10 BUFFER area in the memory M by asserting the associated addresses on the Address Bus. When writing each word into the memory M the CPU asserts both the W and the C control signals. Assertion of the C signal causes the contents of the 10 ROM to be ignored, thereby ensuring that the contents of the diskette is directly transferred to the memory. When the entire contents of the diskette are transferred to the 10 BUFFER, or, if the software of the diskette exceeds the 10 BUFFER capacity, when the 10 buffer is full, the contents of the 10 buffer are now transferred to any convenient area in the memory M, this time without assertion of the control signal C. This ensures that the information will be correctly interpreted. After this transfer the 10 BUFFER is again available for transfer of the next part of the contents of the diskette as and when required.
  • IODEV 10 Device
  • this security feature does postulate that the assertion of the control signal C for any and all transfer of binary information to and from any external devices cannot by bypassed. This in turn required the existence of hardware priviledge levels in the CPUs, which already is a standard feature of most modern CPUs. It is finally to be noted that, although the basic principle of the invention utilises the logic operation inversion, it is by no means restricted to inversion only. Any other suitable type of logic or arithmetic operation may be used, for instance different types of permutation of the memory contents.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Detection And Correction Of Errors (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Storage Device Security (AREA)

Abstract

A computer system having a central processing unit, a memory for storage of information in binary form in a plurality of data elements and a master control unit for performing arithmetic/logical operations on information transferred between the central processor unit and the memory. At least certain of the data elements of the memory have means for repeatedly inverting the information stored therein to enable the integrity of the data element to be checked. In order to allow that inversion to continue whilst normal writing to and reading of information from the data element continues, the data element has an additional control digit which is inverted or written in regular form with the main data stored on the element to indicate to the device writing information to or reading information from the data element whether the element is in its regular or inverted form.

Description

"COMPUTER CONTROLLED SYSTEMS"
The invention relates to computer controlled systems and is particularly concerned with arrangements for improving memory securing and reliability of computer controlled systems. The invention is applicable for example to a standard CPU.such as represented by Motorola MC 68000. INTEL 1APX 286, etc. and the memory accessed from this CPU, for instance to be included in a Master Control Unit. The invention allows memory faults and spurious errors to be detected before a memory element is accessed by a normally executed instruction, thereby enabling preventive fault elimination. The invention also allows a certain type of variable dynamic transposition of memory contents, thereby making meaningful interpretation of the memory contents impossible without knowledge of the correct key. Each computer has at least one associated memory where information may be stored in binary form. This is illustrated by Figure 1, which shows a typical computer consisting of a Central Processing unit (CPU) and a connected memory (M). The memory is addressed via an Address Bus (ABUS) containing k address bits. The memory itself contains 2k memory words, each one containing N information bits.
The CPU may order information to be read from a particular memory word, whereby the address to the actual word (= a unique combination of the k address bits) is asserted on the Address Bus and the corresponding memory word thereby indicated via the Address Bus Decoder (ADEC). When the Real Control Signal (R) is asserted, then the N information bits are read out to the Data Bus (DBUS), from where the 0
- 2 -
information now is available for further processing by the CPU. When writing information into the memory the CPU asserts the address on the Address Bus in the samer way as for reading, but in this case also the information to be written on the Data Bus (DBUS). When the CPU now asserts the Write Control Signal (W), then the information from the Data Bus is written into the memory word indicated by the decoded address asserted on the Address Bus. The information stored by the memory word is subject to errors and faults. One possible type of error is for instance errors caused by spurious alpha particles, i.e. an alpha particle may, in certain cases, cause a bit to switch from 0 to 1 or vice versa in modern semiconductor memories. Another type of error is the case where bits get "stuck" in the "0" or "1" position. A third type is errors caused by transient voltage or current peaks. Common for all these errors is that ttiey are either spurious unintentional changes of values stored in a memory or lack of change when a deliberately specified change is ordered.
The normal way of detecting and in certain cases, correcting spurious inadvertent errors is by providing redundancy in some form. The N information bits in a memory word are therefore grouped into data bits which carry the actual information and redundancy bits, which are used only for error detection purposes as illustrated by Figure 2. In certain cases the redundancy bits may also be used for error correction purposes.
The simplest method of error detection by means of redundancy bits is the well known parity checking method, where a single redundancy bit, the so called parity bit is used. The parity of a complete memory word is specified as odd or even. depending on whether the number of bits containing a one is odd or even. All memory words are thereby specified to have the same parity (i.e. either odd or even) when no error exists. Thus, if for instance even parity is assumed as shown by Figure 3, the parity bit can always be set so that, independently of the parity of the data bits, even parity for the total memory word is achieved. Any spurious single bit error or, in general, any odd number of bit errors will now show up as a parity error. The parity bit may thus be used to detect spurious errors, but it cannot be used to localise or correct the errors, because any odd number of bit errors gives the same error indication. Also, parity checking does not give any error indication for an even number of bit errors.
By increasing the number of redundancy bits, the fault detection capability may be increased, even to the extent to obtain fault correction capabilities in certain cases. This is for instance the case with so called "Hamming" codes where multiple errors may be detected and single errors corrected. The fault detection and -correction capability may be even more increased by increasing the number of redundancy bits to the same number as the data bits (duplication) . In this case errors may be found by means of a bit-by-bit comparison as illustrated in Figure 4, where comparison is indicated by 0. However, when an error actually occurs, there still remains the problem of determining which of the duplicated bits, the actual data bit or the associated redundancy bit, is in error. This problem may be resolved by the addition of a parity bit, equally duplicated, making the actual number of redundancy bits = (the number of data bits) + 2. As shown in Figure 4 a parity error
SUBSTITUTE SHEET is obtained for the original data bits, assuming even parity. Thus the data bits are in error and the actual value should be taken from the redundancy bits. However, if an even number of bits are in error, then no parity indication will be obtained or even, if an odd number of bits are in error among the data bits and an odd number of bits are in error among the redundancy bits, thereby making the total number of errors even, both sides will indicate a parity error.
By increasing the number of redundancy bits still more, for instance by having twice (triplication) or more the number of redundancy bits than data bits, a fault may now be found by a mismatch and eliminated by majority logic.
Certain classes of data error are nevertheless such, that they may slip undetected through all such error detection schemes. One class of error is the multiple bit error, where the pit pattern formed by the faulty bits happen to conform to a valid bit pattern. An example of this is the even number of bit errors by parity checking, A second class of undetected errors is the "stuck" bit error where the actual value of the bit happens to be the value to bit isd "stuck" in. In this case the error will not be detected before the bit value is actually changed. Howsever, if, for instance, parity checking is employed, the error will not be detected when the value is written into the memory, but only when the memory word containing the error is subsequently read (providing a single or an odd number of bits are in error), thus necessitating an immediate error processing.
Certain schemes do exist for off-line error detection. It is for instance possible to form
"multidimensional" check sums of the contents of a
SUB memory whereby "multidimensional" means that each memory word participates in a least two separately and independently calculated check sums. Any bit in error may thereby be immediately pinpointed. Such check sums are not usable for automatic error correction purposes because for every single bit error, there exists at least one multiple bit error pattern, which gives exactly the same check sum error. Secondly check sums are only feasible when the check summed information is fixed, because the overhead of repeated recalculation of the check sum for every change would otherwise be prohibitive.
A scheme which might be utilized to detect "stuck" memory bits is to use a "refresh" routine, which cyclically scans through the memory, word by word and for each word reads the contents of the word, inverts these contents and writes them back, reads the contents a second time and rewrites the original contents into the memory word, the two read contents may now be compared whereby each bit of the first content must be different from the corresponding bit value of the second content. Any equality on the bit level indicates a "stuck" bit. Unfortunately, this method requires that the memory is locked for reading from any other process to prevent the temporarily inverted value from being read by anybody else than the "refresh" function, which significantly will increase the waiting times on the memory and thereby unacceptably reduce the performance of the total system.
The invention aims to improve the capability for off-line detection without introducing the drawbacks described above. Simultaneously the invention also offers a means of coding the information in memory so that this information cannot readily be interpreted without the aid of the invention.
The invention will be described in detail by the aid of Figures 5 - 9. Figure 5 illustrates the basic principle of the invention. Each information word is associated with a number (M) of data bits, a number (P) of redundancy bits and a single Control Bit. The information and redundancy bits have their conventional functions. The number of information and redundancy bits is not dependent on the invention. The Control Bit determines how the information in memory is to be interpreted, so that one of the possible values of the Control Bit causes the information to be interpreted directly as is, while the opposite value cause the information to be inverted before interpretation. In the following it is assumed that the value "0" of the Control bit controls the direct interpretation. Correct interpretation can now be ensured by means of the two gates Gl and G2 in the path of the information flow as illustrated by Figure 5. Both of these gates are enabled by the Control bit, i.e. the gate Gl is enabled when the Control Bit contains a "O" and gate G2 is enabled when the Control bit contains a "one". Hence only the data and redundancy bits participate in the actual information transfer, both when reading from and writing to a memory word. Figure 6 illustrates the effect of this arrangement. Every value may be physically stored either directly or in inverted form. Regardless of which form in which the information is stored, the value transferred through the arrangement of the gates Gl and G2 to the Data Bus (DBUS) will represent the actual value when the information is read from the memory. When the information is written from the Bata Bus to a memory word, then the actual value of the Control Bit is used to determine whether the information is to be stored in direct or in inverted form.
In order for the use of the Control Bit to be meaningful, the Control Bit must be able to vary, preferably in a random or semi-random fashion. One way of achieving this effect is to connect the Control Bit to a third gate G3, which inverts the Control Bit value each time the associated memory word is read. Hence, if the Control Bit is zero and the memory word is read, then the Control Bit is changed into a one. If now a new value is written into the memory word then the value will be physically written into the memory in inverted form, because the Control Bit now has the value "1". Writing of information into the memory has no effect on the value of the Control Bit.
Figure 7 shows a possible realisation of the invention by means of a Master Control Unit (MCU) inserted between the Memory (M) and the CPU. Each physical memory word in the memory M contains its own data bits, redundancy bits and a single control bit according to the principle described with the aid of Figure 5. The MCU contains three registers, a Data Bit Register (DBR), a Redundancy Bit Register (RBR) and a Control Bit Register (CBR) for temporary buffering of the data bits, the redundancy bits and the control bit respectively. When information is to be read from the memory M to the CPU, then the CPU asserts the address bits AQ - A. , on the address bus and a Read signal (R) to the MCU. On recognizing the Read signal (R) the MCU asserts a Read Signal of its own to the memory (M), whereby the contents of the identified word (information bits DQ - D are transferred from the memory (M) to the MCU via the secondary data bus (DBUS2). On reception of the information the MCU buffers the
SUBSTITUTESHEET data bits of this information in the register DBR, the redundancy bits in the register RBR and the control bit in the CBR register. If the control bit in the CBR register contains a "1" then the two inverting gates G2R and G2D are enabled, whereby the information in RBR and DBR is inverted. Finally the contents of RBR and DBR is transferred onto the Data Bus (DBUS) to the CPU. When the control bit is "0" no inversion is required, i.e. the contents of DBR and RBR are directly transferred to the Data Bus (DBUS) in this case. It should be evident that in this case no separate gate corresponding to Gl in Figure 5 is required due to the existence of the buffer registers RBR and DBR. When information is to be written into the memory, then the CPU asserts the address in the same way as for reading, asserts the information bits to be written (Dø~D N_ι ) on tϊιe Data Bus (DBUS) and asserts a Write (W) signal to the MCU. On reception of this Write Signal the MCU first buffers the data bits into the DBR register and the redundancy bits into the RBR register. The CBR register is unaffected by this transfer. If, however, the current contents in CBR is a 1", then the information in DBR and RBR is again inverted by means of the gates G2R and G2D. No inversion occurs if CBR contains a "0". Finally the current contents of the three buffer registers CBR, RBR and DBR are transferred to the indicated word in the memory M as a result of the MCU asserting its own Write signal (W) to the memory.
In the arrangement according to Figure 7 the content of the CRB register does not participate in the information transfer between the CPU and the MCU. In order to ensure a pseudo-random distribution of the control bits in memory the content of the CBR register is again inverted each time information is read from the memory. With this arrangement the existence of bits "stuck" in the "0" or the "1" position may now easily be found by using a concurrent refresh routine, which reads the contents of each memory word, writes it back and thereafter reads it once more. The two readouts can now be directly compared, whereby any "stuck" bits will show up as a mismatch between the two read values. Unlike the previously mentioned "refresh" routine, this new refresh routine does not need to lock the memory for readout at any time during the refresh cycle, because the logic information read out from the memory will be the same regardless of whether it is physically stored in direct or in inverted form. This new refresh routine is as such not the subject of the invention although the invention does form the basis of the refresh routine.
In the arrangement according to Figure 7 the data and redundancy bits are shown to be buffered by means of two separate registers DBR and RBR. This is merely meant as an illustration to indicate that the data and redundancy bits are individually and separately treated. An arrangement where the the two registers DBR and RBR are merged into a single register and the two gates G2D and G2R merged into a single gate is equally feasible.
It is also to be noted that the principle of the invention is equally valid for read/write and read only memories. The difference between these is principally that writing of information to a read only memory is not possible.
Figure 8 shows a different possible realisation of the invention. In this case the memory M is assumed to contain only data and redundancy bits within the control bits physically - ιu -
located in a separate Control Bit Memory (CBM) within the MCU. This arrangement now requires the existence of an Address Decoder (ADEC2) for the CBM, so that when the CPU asserts an address on the Address Bus (ABUS), then both a memory word in the memory M and its associated control bit within the CMB of the MCU are indicated. In this case the arrangement directly follows the basic principle according to Figure 5. Note that the gate G3 now controls the inversion of the appropriate control bit in the CBM by each read operation.
The arrangement in Figure 8 has the advantage that it offers a simple means of encryption of the information held in the memory M, because the contents of the memory M cannot now be interpreted without the knowledge and existence of the key held in the CBM, provided that the redundancy bits in the memory are not dependent on the value of the associated control bit(s). Figure 9 shows a possible arrangement for the utilisation of this additional capabaility of the invention. In this case an extra control signal (C) is used between the CPU and the MCU. This control signal may be realised by any conventionally available technique, i.e. a direct signal, a code etc. The Control Bit Memory is partitioned into two parts, one part (CBM) consisting of a read/write memory while the second part (10 ROM) consists of a read only memory. Both the CBM and the 10 ROM part are accessed by means of the Address Decoder ADEC2. The CBM part is, in Figure 9, associated with the memory addresses ) - (q - 1) and the 10 ROM part with the memory addresses q - 2k—1.
The addresses associated with the 10 ROM part are not critical for the invention, i.e. these addresses may specify any contiguous address range.
TITUTE SHEET Depending on the actual address asserted on the Address Bus (ABUS) either the CBM or the 10 ROM part will be used to control the gates Gl and G2 according to the general principle of the invention. The 10 ROM control of the gates Gl and G2 is gated through a gate G4, which is controlled by the control signal C from the CPU so that assertion of the control signal C forces the output of the gate G4 to "0", thereby enabling the gate Gl independently of the actual value stored in the 10 ROM.
The part of the memory M accessed through the address codes associated with the 10 ROM is designated as the 10 BUFFER. This 10 BUFFER and the associated 10 ROM are used as follows. The 10 ROM contains a fixed bit pattern, which bit pattern is known to the manufacturer of the computer system, and which bit pattern may be different for each individual computer installation. Any software delivered by a manufacturer to a particular customer, for instance held on a diskette as shown in Figure 9, will contain the physical values of the data and redundancy bits for each memory word, assuming the actual values of the control bits held in the 10 ROM. When loading the software on such a diskette by means of a suitable 10 Device (IODEV), then the CPU will transfer the information from the diskette to consecutive words of the 10 BUFFER area in the memory M by asserting the associated addresses on the Address Bus. When writing each word into the memory M the CPU asserts both the W and the C control signals. Assertion of the C signal causes the contents of the 10 ROM to be ignored, thereby ensuring that the contents of the diskette is directly transferred to the memory. When the entire contents of the diskette are transferred to the 10 BUFFER, or, if the software of the diskette exceeds the 10 BUFFER capacity, when the 10 buffer is full, the contents of the 10 buffer are now transferred to any convenient area in the memory M, this time without assertion of the control signal C. This ensures that the information will be correctly interpreted. After this transfer the 10 BUFFER is again available for transfer of the next part of the contents of the diskette as and when required.
When the contents of the memory are to be output on a diskette, then these contents are first transferred to the 10 BUFFER without assertion of the control signal C, thereby utilising the 10 ROM to control the physical inversion of the actual values. For the subsequent transfer of the contents of the 10 BUFFER to the actual 10 medium, for instance a diskette, the control signal C is again asserted, thereby suppressing the control bits in the 10 ROM and forcing the actual values in the 10 BUFFER to be output on the diskette. It should now be evident that the contents of this diskette may be freely read back in to the same computer system, on which it was produced. It cannot, however, be interpreted by any other computer system, unless that computer system has an 10 ROM containing an identical bit pattern as the first one. It is to be noted that this security feature does postulate that the assertion of the control signal C for any and all transfer of binary information to and from any external devices cannot by bypassed. This in turn required the existence of hardware priviledge levels in the CPUs, which already is a standard feature of most modern CPUs. It is finally to be noted that, although the basic principle of the invention utilises the logic operation inversion, it is by no means restricted to inversion only. Any other suitable type of logic or arithmetic operation may be used, for instance different types of permutation of the memory contents.
SUBSTITUTESHEET

Claims

,„„„„. 02925- 14 -C1AIMS :
1. A computer system having a central processor unit, a memory for the storage of information in binary form in a plurality of data elements, and a master control unit for performing arithmetic/logic operations on information transferred between the central processor unit and the memory, means to invert information written to at least certain of the data elements to enable functioning of the data elements to be checked and means associated with each such data element to indicate whether the data element is in regular or inverted form to the master control unit/central processor unit accessing the data element.
2. A computer system as claimed in claim 1 wherein means are provided for repeatedly inverting the information held on the data element for checking of the functioning of the data element.
3. A computer system as claimed in claim 3 wherein means are provided for repeatedly inverting the data elements in a random manner.
4. A computer system as claimed in any of the preceding claims v/herein the data element is an element of read/write memory.
5. A computer system as claimed in any of claims 1 to 3 wherein the data element is an element of read only memory.
6. A computer system as claimed in any of the preceding claims wherein the means associated with the computer element for indicating the state of the element comprises a control unit associated with each memory word so that for one of the two possible values of the control bit the associated operation is carried out on the information of the memory word, whereas for the opposite value of the control bit, said operation is not carried out.
7. A computer systemn as claimed in claim 6 Wherein means are provided for alternating said selective control between said two values for each read /write operation to the memory element.
SUBSTITUTE SHEET
PCT/GB1984/000445 1983-12-21 1984-12-20 Computer controlled systems WO1985002925A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB08333984A GB2158622A (en) 1983-12-21 1983-12-21 Computer controlled systems
GB8333984 1983-12-21

Publications (1)

Publication Number Publication Date
WO1985002925A1 true WO1985002925A1 (en) 1985-07-04

Family

ID=10553610

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1984/000445 WO1985002925A1 (en) 1983-12-21 1984-12-20 Computer controlled systems

Country Status (5)

Country Link
EP (1) EP0165986A1 (en)
AU (1) AU3788185A (en)
GB (1) GB2158622A (en)
IT (1) IT1177492B (en)
WO (1) WO1985002925A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5699509A (en) * 1995-06-07 1997-12-16 Abbott Laboratories Method and system for using inverted data to detect corrupt data
CN107077430B (en) * 2014-10-24 2020-06-30 索尼公司 Memory controller, memory system, and memory controller control method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3768071A (en) * 1972-01-24 1973-10-23 Ibm Compensation for defective storage positions
US4075466A (en) * 1975-09-16 1978-02-21 Telefonaktiebolaget L M Ericsson Method of and arrangement for detecting faults in a memory device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE2036517B2 (en) * 1970-07-23 1972-10-19 Ibm Deutschland Gmbh, 7000 Stuttgart PROCEDURE FOR OPERATING A DEFECTIVE MEMORY ELEMENT CONTAINING A MEMORY FOR PROGRAM-CONTROLLED ELECTRONIC DATA PROCESSING SYSTEMS
GB1344474A (en) * 1971-03-04 1974-01-23 Plessey Co Ltd Fault detection and handling arrangements for use in data proces sing systems
GB2099616A (en) * 1981-06-03 1982-12-08 Jpm Automatic Machines Ltd Improvements relating to microprocessor units
US4525599A (en) * 1982-05-21 1985-06-25 General Computer Corporation Software protection methods and apparatus
GB2122777A (en) * 1982-06-16 1984-01-18 Open Computer Services Limited Software protection apparatus and method
EP0097621A1 (en) * 1982-06-21 1984-01-04 SPL Software Protect AG Method for disguising digital information, and device for performing the same
EP0114522A3 (en) * 1982-12-27 1986-12-30 Synertek Inc. Rom protection device
GB8302096D0 (en) * 1983-01-26 1983-03-02 Int Computers Ltd Software protection in computer systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3768071A (en) * 1972-01-24 1973-10-23 Ibm Compensation for defective storage positions
US4075466A (en) * 1975-09-16 1978-02-21 Telefonaktiebolaget L M Ericsson Method of and arrangement for detecting faults in a memory device

Also Published As

Publication number Publication date
AU3788185A (en) 1985-07-12
EP0165986A1 (en) 1986-01-02
IT1177492B (en) 1987-08-26
IT8424167A0 (en) 1984-12-21
GB2158622A (en) 1985-11-13
GB8333984D0 (en) 1984-02-01

Similar Documents

Publication Publication Date Title
JP4071940B2 (en) Shared error correction for memory design
US6009548A (en) Error correcting code retrofit method and apparatus for multiple memory configurations
US4319356A (en) Self-correcting memory system
US5384788A (en) Apparatus and method for optimal error correcting code to parity conversion
EP0540450A1 (en) ECC function with self-contained high performance partial write or read/modify/write and parity look-ahead interface scheme
JPH0743678B2 (en) Fault-tolerant memory system
EP0265639A2 (en) ECC circuit failure verifier
US20070033512A1 (en) Method and apparatus for detecting communication errors on a bus
EP0186719A1 (en) Device for correcting errors in memories
US4926426A (en) Error correction check during write cycles
US4942575A (en) Error connection device for parity protected memory systems
JPS6255180B2 (en)
US3898443A (en) Memory fault correction system
US4103823A (en) Parity checking scheme for detecting word line failure in multiple byte arrays
US5598422A (en) Digital computer having an error correction code (ECC) system with comparator integrated into re-encoder
JPH0594377A (en) Parity detecting circuit
US4905242A (en) Pipelined error detection and correction apparatus with programmable address trap
US3794819A (en) Error correction method and apparatus
JPH0743677B2 (en) Fault-tolerant memory system
WO1985002925A1 (en) Computer controlled systems
US5835511A (en) Method and mechanism for checking integrity of byte enable signals
US5128947A (en) Self-checking memory cell array apparatus
JPH0816483A (en) Control system for memory device
JPS63257854A (en) Lru memory fault detecting circuit
JPH06214890A (en) Computer

Legal Events

Date Code Title Description
AK Designated states

Designated state(s): AU BR FI JP KR NO SU US

AL Designated countries for regional patents

Designated state(s): AT BE CH DE FR GB LU NL SE