[go: up one dir, main page]

CN1877471A - Task management apparatus and method for control apparatus - Google Patents

Task management apparatus and method for control apparatus Download PDF

Info

Publication number
CN1877471A
CN1877471A CNA2006100917321A CN200610091732A CN1877471A CN 1877471 A CN1877471 A CN 1877471A CN A2006100917321 A CNA2006100917321 A CN A2006100917321A CN 200610091732 A CN200610091732 A CN 200610091732A CN 1877471 A CN1877471 A CN 1877471A
Authority
CN
China
Prior art keywords
output
computing
systems
result
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006100917321A
Other languages
Chinese (zh)
Other versions
CN1877471B (en
Inventor
阪东明
小仓真
梅原敬
小林正光
长山久雄
益子直也
石川雅一
白石雅裕
小野塚明弘
遠藤浩通
山田勉
船木覚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Hitachi Information and Control Systems Inc
Original Assignee
Hitachi Ltd
Hitachi Information and Control Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2005190874A external-priority patent/JP4102814B2/en
Application filed by Hitachi Ltd, Hitachi Information and Control Systems Inc filed Critical Hitachi Ltd
Publication of CN1877471A publication Critical patent/CN1877471A/en
Application granted granted Critical
Publication of CN1877471B publication Critical patent/CN1877471B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Hardware Redundancy (AREA)

Abstract

The invention provides the task management device, input-output controlling device, information controlling device, task management method, input-output controlling method, and information controlling method of controlling device. To many processing units and common data processing object, input the result calculated with interchangeable mode, after receiving the start signal from any processing unit, output calculation indicator signal to processing unit, and one processing unit and the other processing unit have different timing. Compare the calculation effect of two processing units. The invention has the advantages of high-performance and safety.

Description

The task management device of control device and method
Technical field
The present invention relates to task management device, input-output control unit, the information control device of control device, task management method, input and output control method and the information control method of control device.
Background technology
Pursue the complicated and compound motive power that turns to of function with the technical progress of electronics and message area, in single device, the range of application of programmable electronics device broadens, and simultaneously, desired reliability also improves.
For realizing highly reliableization known to general, comprise multipleization of programmable electronics device and multipleization of a plurality of processors.
As multipleization of programmable electronics device, the structure of common system back-up system is known.By when common system detects fault, switching to back-up system, can improve availability.
On the other hand, the spy opens and discloses the technology that improves security as the programmable electronics device that uses a plurality of processors in the 2004-234144 communique.
In addition, in the high treatment facility of potential dangers such as atomic power device and chemical device, in order under the situation of contingency, to reduce influence, the active countermeasure of having taked to utilize the passive countermeasure of safeguards such as next door and having utilized safety features such as emergency braking device to operator and surrounding enviroment.Wherein, the control module of safety feature etc. is realized by electromagnetic and mechanical unit such as existing relay.But in recent years, being accompanied by with programmable logic controller (PLC) (PLC) is the technical development of the programmable control device of representative, with they increases in demand as the control module of safety control system.
IEC61508-1~7, " Functional Safety of electrical/electronic/programmable electronic safety-related systems " part1-part7 (abbreviating IEC 61508 as) is corresponding above-mentioned trend and the international standard issued, and it has stipulated to use the necessary condition under the situation of electrical/electronic/programmable electronics device in the part of safety control system.In IEC 61508,, defined SafetyIntegrity Level (SIL: safety integrity level), and stipulated the item that requires with from 1 to 4 the corresponding level of grade as the ability yardstick of safety control system.Its expression SIL is high more, and the degree that can reduce the potential danger that treatment facility has is big more.That is, mean when detecting treatment facility unusual, can how to implement the security control of stipulating reliably.
Requiring safety control is nonactive under operating condition usually, and takes place to activate immediately when unusual at treatment facility.For this reason, the viability of often carrying out self diagnosis, continuous review self is very important.In requiring the safety control system of high SIL,, must implement wide region, high-precision self diagnosis for making the probability minimization that causes system to be failure to actuate owing to nd fault.
In IEC 61508,, introduced the self-diagnosis technology of each self-application, and represented the validity of various technology with the form of diagnosis each kind of the key element parts that constitute safety control.Diagnosis is represented the ratio of detectable fault in all faults of each inscape, when adopting this diagnostic techniques.For example, utilize the RAM diagnostic techniques of putting down in writing in No. 6779128 communiques of United States Patent (USP) " abraham ", can advocate the highest 99% diagnosis.
In addition, the fault detection method as the processor of one of each inscape uses a plurality of processors to monitor that mutual output result's conforming method is effective.
As the method for a plurality of processors being carried out mutual diagnosis, each processor is carried out same control and treatment simultaneously and is confirmed that the consistent method of its output is effective.
As its representative example, as the spy open put down in writing in the flat 6-290066 communique, exemplified following method: utilize when 2 processors are carried out synchronously, also confirm the viability of processor for identical information makes the consistent method of output by making input value.
Summary of the invention
The key element of the desired reliability of programmable electronics device comprises availability and safety-type, but in the control of equipment, availability is very important, and in the protection of equipment, security is very important.Because the implementation method of these 2 key elements is runed counter to (antinomy), therefore, be difficult to satisfy simultaneously availability and security.Can partly separate being responsible for the device part of availability and the device of responsible security, still, this not only makes device maximize, and running, the repetition of upkeep operation, the complicated reliability reduction that also causes human element.
Comprise availability and security in the key element of the desired reliability of programmable electronics device.In the control of equipment, availability is very important, and in the protection of equipment, security is very important.The part that the implementation method of these 2 key elements is runed counter to is a lot.
For this reason, will be responsible for the device part of availability and the device of responsible security at present and partly separate, this is a general knowledge.Therefore, device is maximized, and running, the repetition of upkeep operation, the complicated reliability of human element that also causes reduce.
In requiring the control system of high security, such as the spy open flat 6-290066 communique (patent documentation 1) record, adopt following method: confirm the viability of processor by the output that contrasts a plurality of processors, only under the situation of unanimity, just output to back level storer and IO.
Use this method, when the action that makes each processor is regularly consistent, control input information is also checked,, export unanimity thereby make to transmit same value to each processor.
But along with controlling object complicates, processor also becomes high-performance, in the control system that is made of a plurality of processors, even if 1 clock is input to a plurality of processors, can not guarantee that the clock of exporting respectively is the same on frequency, phase place.
Like this, because in the control device that constitutes by a plurality of processors from now on, the synchronization of processor output becomes difficult, therefore, contrast in the process of viability of diagnostic processor in output, need and synchronous, the asynchronous method that irrespectively output is contrasted of the output of processor a plurality of processors.In addition,, must in a plurality of processors, carry out 1 processing, thereby the handling property of every processor is compared with common processing and has been reduced half in order between the output of processor, to compare.
On the other hand, in programmable electronic equipment, except reliabilities such as security, also require to carry out network processes at high speed or do not require the common control and treatment of between the output of processor, carrying out, to improve convenience to after this manner reliability.Particularly, carry out under the situation of control and treatment in hope at high speed or carry out in hope under the situation of the network processes of handling mass data, be necessary to cut apart the programmable electronics device that the programmable electronics device of carrying out these processing and execution require the processing of reliability.
The object of the present invention is to provide in addressing the above problem the apparatus and method of any one.Particularly, the objective of the invention is to, use a plurality of processors, take into account the minitype high-performanceization and the security of device, and realize high reliability.
The object of the present invention is to provide a kind of highly reliable programmable electronics device, wherein used a plurality of processors, taken into account the minitype high-performanceization and the security of device.
In order to achieve the above object, the present invention constitutes: for common data processing object, input is with results mutual interchangeable mode computing, at least 2 systems, receive commencing signal from one of described at least 2 systems after, to described at least 2 systems output computing indicator signal.
Perhaps constitute, for common data processing object, input is with mutual interchangeable mode computing, the result of at least 2 systems, for different data processing objects, input has been carried out result after nonidentity operation is handled by at least 2 systems, the output expression is to have carried out the nonidentity operation processing by described at least 2 systems, still carried out the switching signal that multiple arithmetic is handled in interchangeable mode, carried out by at least 2 systems at described signal indication under the situation of nonidentity operation processing, be judged as at least 1 output among the different disposal result who allows described at least 2 systems.
Perhaps constitute: for common data processing object, input is with results interchangeable mode computing, at least 2 systems, will be used for discerning the recognition data that described at least 2 systems stipulate the data processing object of system and store the 1st recognition data zone into; To be used for discerning described at least 2 systems arbitrarily the recognition data of the data processing object of another system store the 2nd recognition data zone into; To store the 1st deal with data zone into as the 1st deal with data of stipulating the result of system at least in described 2 systems; And will store in the 2nd deal with data zone as the 2nd deal with data of the result of any another system in described at least 2 systems, wherein, in described the 1st recognition data of contrast and described the 2nd recognition data, also contrast described the 1st deal with data and described the 2nd deal with data.
Or constitute: at common data processing object, input has been carried out result after multiple arithmetic is handled by at least 2 systems in interchangeable mode, at different data processing objects, input carried out result after nonidentity operation is handled by at least 2 systems, and the output expression is to have been carried out the nonidentity operation processing, or carried out the switching signal of calculation process in interchangeable mode by described at least 2 systems.
More particularly; constitute: in programmable electronics device with input-output unit, a plurality of processor and storer; have the output contrast unit of the pattern switch unit of a plurality of processors, a plurality of processors and write protected location by the storer in the zone of table regulation; the output of response pattern switch unit; output contrast unit action is stopped; when output contrast unit stops, making storer write the protected location action.
According to this structure, a plurality of processors are moved independently when stopping in output contrast unit, can improve the control operational performance, can also prevent that the mistake of output that safety is exerted an influence from writing simultaneously.And can prevent when the action of output contrast unit because the hazardous side signal that the wrong computing of processor causes is exported, thereby can improve reliability.
Constitute in addition: have timer in the pattern switch unit, the 1st timer starts according to contrast action sign on, is used to reset from the contrast action commencing signal of a plurality of processors.The 2nd timer is used to from the contrast of a plurality of processors action commencing signal and startups that reset, and, exports unusually during above setting range in the output of 2 timers.
Utilize this structure, can detect stopping of output contrast unit, thereby can improve reliability.
Constitute in addition: have the bus diagnostic unit of the bonding broken string that is used for ALCL Assembly Line Communication Link, being all over the self contained function of a plurality of processors is condition, and the beginning bus diagnostic is that the action that comparative control is handled begins condition with the normal termination of diagnosis.Thus, not only can prevent the computing misoperation of processor, and can prevent, thereby can improve reliability because the hazardous side signal that bus failure causes is exported.
This output contrast unit has: from the self contained function detection of end unit of a plurality of processors; The unit of action sign on that official hour is poor, send the contrast operation program to a plurality of processors is set; The instruction output unit that makes the execution of the next step of contrast program carry out standby; The holding unit of signal is used in maintenance from the comparison process of a plurality of processors; And be maintained at comparison process in the holding unit with the comparative control processing unit of signal, and it is condition that this output contrast unit is all over the self contained function of a plurality of processors, start program moves.The standby command of action processor of going ahead of the rest is removed to the end of output of holding unit the time.Constitute in addition, the standby command that starts after giving to deal with device is removed when the comparative control processing finishes.
Utilize this structure, can reduce the capacity that is used to keep using signal from the comparison signal processing of the action processor of going ahead of the rest.In addition, by the execution pipeline that respectively moves of computing, maintenance, comparison process is handled, can realize high speed.
Perhaps constitute: under the situation of the request that the higher relatively computing of reliability occurred, at in described a plurality of processors at least one, indication transfers to carry out the higher relatively computing of reliability from the relatively low computing of reliability, make a plurality of processors carry out identical computing, and the operation result of described a plurality of processors compared, based on described comparative result, the data that permission output is relevant with the computing of described processor.
So, minitype high-performanceization and security can be taken into account, high reliability can be realized simultaneously.
In addition, outside the safety model character reliability, can carry out network processes at high speed or not require the common control and treatment of between the output of processor, carrying out, thereby can improve convenience after this manner reliability.
Description of drawings
Fig. 1 is one-piece construction figure.
Fig. 2 is the detail view of action switch unit.
Fig. 3 is each several part action specification figure.
Fig. 4 is the structure of computer system of the present invention.
Fig. 5 is the state transition graph of the action of expression system bus interface of the present invention portion.
Fig. 6 is the state transition graph of the action of expression wrong detection unit of the present invention.
Fig. 7 is the time chart of the processing action of expression 2 processors of the present invention.
Embodiment
Next, with reference to accompanying drawing embodiments of the invention are described.
Fig. 1 represents the structure of embodiments of the invention.
The summary of one-piece construction and each several part action at first, is described.
In the figure, programmable electronics device has 2 processors.A system processor 1 and B system processor 2 are connected to external reference unit 5 via impact damper 3, impact damper 4 respectively, and external reference unit 5 is connected with input-output unit and storer.
A system processor 1 and B system processor 2 alternatively move under normal control mode and these 2 kinds of patterns of stand-alone mode by pattern switch unit 6.
When normal control mode, on A system processor 1 and B system processor 2, carry out same program.To 5 outputs of outside addressed location the time, after the consistance of having confirmed by data holding unit 7 and output contrast unit 8 from the data of A system processor 1 and B system processor 2, export.In 5 whens input, utilize data synchronisation unit 9 to A system processor 1 and B system processor 2 input identical datas from the external reference unit.Output data and input data are all via contrasting buffer unit 10 input and output to external reference unit 5.
Data holding unit 7, output contrast unit 8, lock unit 9, contrast buffer unit 10 are that the H level is if action and carries out signal output with normal control mode instruction 601 all.
When stand-alone mode, on A system processor 1 and B system processor 2, carry out different programs independently.The input and output of A system processor 1 via impact damper 3 input and output to external unit 5.Protection table 12 moves when stand-alone mode, when the address date of impact damper 3 is in the protection domain of predefined physical page address, forbids writing.Equally, the input and output of B system processor 2 to external unit, but are forbidden writing of protection domain by protection table 13 via impact damper 4 input and output.
Output switching element 14 and 15 only when the output 605 of NOT circuit 604 is the H level, will export output buffer 3 and 4 from the input signal of register 104 and 204 to.
Below, use Fig. 1 and Fig. 3 that the action details of each several part is described.
Beginning according to the indication from the operating system 101 of A system processor 1, is sent (H level) normal control mode sign on 102 (t1) to pattern switch unit 6.The pattern switch unit 6 that receives normal control mode sign on 102 is a condition (t3) to set up (t2), to set up (H level) simultaneously from the ready signal 203 of B system processor equally from the ready signal 103 of the normal control mode of A system processor, output (H level) normal control mode instruction 601 (t4).Thus, the A system processor begins normal control mode computing (t5).When normal control mode computing 105 is risen, ready signal be reset (t6).
Here, the ready signal 103 of normal control mode and 203 is that condition is output with the stand-alone mode computing end of each A system processor 1 and B system processor and the removing of cache memory.Thus, can not produce the deviation of the operation time that the difference owing to the program behavior of normal control mode before beginning causes.
Normal control mode instruction 601 is directly inputted to A system processor 1, on the other hand, has been postponed the signal 603 (t7) of setting-up time (Td) by timing circuit 602 to 2 inputs of B system processor.Thus, the B system processor begins normal control mode computing (t8).When normal control mode computing 205 is risen, ready signal be reset (t9).
By being set at 2 bus cycles of pattern switch unit 6 time delay, can when going ahead of the rest, the computing that makes the A system processor all the time will suppress for minimum owing to the caused operating delay of contrast.
Next, the contrast action of output data is described.
The output of the register 104 of A system processor 1 is written in the register 701 of data holding unit 7.When writing of register 701 finished, remove writing waiting signal 702, write again thereby can carry out to the register 104 of A system processor.
On the other hand, the write control signal W of the write control signal W of the register 204 of the 801 pairs of B system processors 2 of comparator circuit that utilize output contrast unit 8 and register 701 make consistent confirms after, export write control signal W to the register 11 that contrasts buffer unit 10.Simultaneously, remove waiting signal 802, thereby comparator circuit 803 can be exported.
Utilize 803 pairs of comparator circuits remain in the register 701, from the address signal 701 of A system processor 1 with made consistent affirmation from the address signal 204 of B system processor 2 after, to the contrast buffer unit 10 register 11 OPADD signals.Simultaneously, remove waiting signal 804, thereby comparator circuit 804 can be exported.
Utilize 805 pairs of comparator circuits remain in the register 701, from the data 701 of A system processor 1 with made consistent affirmation from the data 204 of B system processor 2 after, to the contrast buffer unit 10 register 11 outputting data signals.Simultaneously, remove waiting signal 806, thereby can carry out the writing again of register 204 of B system processor 2 from output contrast unit 8.
Next, the assign action of input data is described.The register 104 of A system processor 1 read in control signal R via the register 11 of contrast buffer unit 10 read in control signal R, be sent to external reference unit 5, address signal and data-signal are read into register 104 via register 11.
Then, register 11 is sent to the register 901 of data synchronisation unit 9.Utilize the control signal R that reads in of the register 204 that reads in control signal R and B system processor 2 of 902 pairs of registers 901 of comparator circuit to contrast, under the situation of unanimity, remove waiting signal 903.Utilize the address signal of 904 pairs of registers 901 of comparator circuit and the address signal of register 204 to contrast.Under the situation of both unanimities, remove waiting signal 905, thus gate circuit 906 actions, the data-signal of register 901 is sent to register 204.After transmitting data, waiting signal 907 is disengaged, thereby can rewrite contrast buffer unit 10.
After the computing that finishes the normal control mode of (t10), B system processor in the computing of the normal control mode that detects the A system processor finishes (t11), normal control mode instruction 601 becomes L level (t12), because AND circuit 620, normal control mode instruction 630 also becomes the L level simultaneously.Thus, beginning self contained function pattern (t14).
In the embodiment of Fig. 2, following situation is shown: in the moment (t15) that A system processor stand-alone mode computing 106 end (t14), normal control mode sign on 102 rise once more, B system processor operation independent pattern 206 continues.In this case, after detecting B system processor stand-alone mode computing 206 end (t16), begin to contrast the self diagnosis action (t17) of circuit.After the self diagnosis release, A system processor normal control mode ready 103 and B system processor normal control mode ready 203 become H level (t18).Thus, by before the normal control mode computing, carrying out the self diagnosis action of contrast circuit, has the effect of the security that can improve the contrast circuit.
Output switching element 14 and 15 is made of each gate circuit 141-144,151-154, when the reverse signal 605 of normal control mode instruction 601 is the H level, can carry out register 104 and 204 and impact damper 3 and impact damper 4 between input and output.
Protection table 12 and 13 constitutes: move when the reverse signal 605 of normal control mode instruction 601 is the H level; with reference to address signal 121 and 131; output access guard signal 122 and 132 when being in the range of physical addresses of regulation utilizes the gate circuit 123 and 133 of the negative circuit of band to prevent writing to protection domain.
Thus, in the computing when stand-alone mode, the operation result of normal control mode is protected insusceptibly.
Fig. 2 represents other embodiment of the present invention.
Utilization is by the rise detection device 606 detected set pulse signals of having imported from the normal control mode sign on 102 of the operating system 101 of A system processor 1 607, and timer 609 starts.To import AND circuit 607 from the ready signal 103 of the normal control mode of A system processor and from 203 of B system processor, and utilize this output signal 608, timer 609 resets.With output 610 input comparators 611 of timer 609, when output 610 surpasses setting range, output abnormality output 612.The startup that detects the contrast action is thus blocked.
Timer 615 is set, and this timer 615 utilizes the pulse signal by rise detection device 613 outputs of the output signal 608 of having imported AND circuit 607 to reset and startup simultaneously.
With output 616 input comparators 617 of timer 615, when output 616 surpasses setting range, output abnormality output 618.Detect the unusual of contrast execution cycle thus.
In the above embodiment, can constitute: have because the bus diagnostic unit of the bonding broken string of ALCL Assembly Line Communication Link, being all over the self contained function of a plurality of processors is condition, the beginning bus diagnostic, and the normal termination of diagnosis is that the action that comparative control is handled begins condition.Thus, not only can prevent the computing misoperation of processor, can also prevent because the hazardous side signal that bus failure causes is exported, thereby can improve reliability.
This output contrast unit has: from the self contained function detection of end unit of a plurality of processors; The unit of action sign on that official hour is poor, send the contrast operation program to a plurality of processors is set; The instruction output unit that makes the execution of the next step of contrast program carry out standby; The holding unit of signal is used in maintenance from the comparison process of a plurality of processors; And be maintained at comparison process in the holding unit with the comparative control processing unit of signal, and it is condition that this output contrast unit is all over the self contained function of a plurality of processors, start program moves.The standby command of action processor of going ahead of the rest is removed to the end of output of holding unit the time.Constitute in addition, the standby command that starts after giving to deal with device is removed when the comparative control processing finishes.
Utilize this structure, can reduce the capacity that is used to keep using signal from the comparison signal processing of the action processor of going ahead of the rest.In addition, by the execution pipeline that respectively moves of computing, maintenance, comparison process is handled, can realize high speed.
Other embodiments then are described, but when when explanation, carrying out conceptual illustration, realization has the CPU output contrast of following function: at needs in the highly reliable and high performance of control device, under the highly reliable situation of needs, a plurality of processor actions, its output is contrasted, processor is diagnosed, thus the function of the viability of affirmation processor; And processor is carried out the function of handling independently, realize that performance improves.
More particularly, be characterised in that following some.
(1) in a control device, has a plurality of processors, and have: judge whether IO that each processor will be visited expects highly reliable control result's unit; The output of more a plurality of processors is also judged consistent unit; And at least only in the output of a plurality of processors as a result under the situation of unanimity, just the permit process device is to the visit of the IO that expects highly reliable control result, carry out at independent processor under the situation of visit, it is waited for, export same output result's unit up to other processors.
The a plurality of processors that have in (2) 1 control device have: handle and carry out the unit at the different function of each processor; And the unit that is used for interrupting the processing of other processors from processor.
(3) processor of carrying out to the processing that the 1O that requires reliability exports has: use the unit that interrupts the processing in other processors, interrupt the processing of other processors, carry out the unit to the processing of the IO output that requires reliability.
(embodiment 1)
Below use accompanying drawing that embodiments of the invention are described.Structure as the control system of the present invention's the 1st embodiment is presented among Fig. 4.Here, be that 2 situation describes with regard to processor, but in the embodiment of reality, the platform number of processor without limits, the present invention is not restricted by it.
Here Shuo Ming control system is a prerequisite to be connected to memory circuitry, thereby does not express especially.
A system processor 1001 is carried out control task, B system processor 1003 executive communication tasks.In addition, A system processor 1001 and B system processor 1003 needn't be carried out synchronization action by the same phase place of same frequency.
The A system processor bus 1050 that 1001 outputs of A system processor are made of address signal, data-signal.In addition, A system processor 1001 sends bus commencing signal 1051 when bus access begins.A system interface portion 1002 continues to send A system wait signal 1052, is issued up to A system bus standby ready signal 1067 or A system break control standby ready signal 1068.Carry out under the situation of write-access at A system processor 1001, A system processor 1001 continues OPADD and data to A system processor bus 1050 during A system wait signal 1052 sends.Carry out under the situation of reading at the A system processor, A system processor 1001 is during A system wait signal 1052 sends, to A system processor bus 1050 OPADD, and sense data is waited in continuation, during 1052 cancellations of A system wait signal, the data value on the A system processor bus 1050 is taken into as readout.
The B system too, the B system processor bus 1055 that B system processor 1003 output is made of address signal, data-signal.In addition, B system processor 1003 sends bus commencing signal 1057 when bus access begins.B system interface portion 1004 continued to send B system wait signal 1056 before B system bus standby ready signal 1065 or B system break control standby ready signal 1069 is issued.Carry out under the situation of write-access at B system processor 1003, B system processor 1003 continues OPADD and data to B system processor bus 1055 during waiting signal 1057 sends.Carry out under the situation of reading at B system processor 1003, B system processor 1003 is during waiting signal 1056 sends, to B system processor bus 1055 OPADD, continue to wait for sense data, when waiting signal 1056 cancellations, the data value on the B system processor bus 1055 is taken into as readout.
A system realm judging part 1013 has the address value according to A system processor bus 1050, whether the equipment of judging current accessed is the function of highly reliable IO 1018, under the situation of the highly reliable IO 1018 of A system processor 1001 visits, send the highly reliable interrogation signal 1060 of A system.
B system realm judging part 1014 has the address value according to B system processor bus 1055, whether the equipment of judging current accessed is the function of highly reliable IO 1018, under the situation of the highly reliable IO 1018 of B system processor 1003 visits, send the highly reliable interrogation signal 1061 of B system.
Comparing section 1015 has the function that A system processor bus 1050 and B system processor bus 1055 are compared, to the address of A system processor bus 1050 and B system processor bus 1055 with write or the access type of reading, write data and compare, under the situation of unanimity, send the consistent signal 1062 of comparative result.
System bus interface portion 1016 is according to A system processor bus 1050, B system processor bus 1055, the highly reliable interrogation signal 1060 of A system, the highly reliable interrogation signal 1061 of B system, the consistent signal 1062 of comparative result, via system bus 1017, visit highly reliable IO1018, common IO 1020, network I/O 1022.
Highly reliable IO 1018 is connected to the input-output unit 1019 that requires reliability.
Common IO 1020 is connected to common reliability with regard to passable input-output unit 1021.
Network I/O 1022 is the interfaces with network 1023, is to receive at needs to handle under the situation that waits the processing of being carried out by processor, sends network and interrupts 1066, the device of the processing of expectation from processor.
Wrong detection unit 1012 has following function: according to the highly reliable interrogation signal 1060 of A system, the highly reliable interrogation signal 1061 of B system, the consistent signal 1062 of comparative result, judge that A system processor 1001 and B system processor 1003 are regular events, still break down.Be judged as under the situation about breaking down, sending Trouble Report signal 1064.
Interrupt control portion 1005 has control A system interrupt signals 1053 that gives A system processor 1001 and the function that gives the look-at-me 1054 of B system processor 1003, by being used to send the A system interrupt request register 1006 of A system interrupt signals 1053 and representing that the A system break essential factor register 1008 of interruption essential factor constitutes.In addition, also has the B system break essential factor register 1009 that essential factor is interrupted in the B system interrupt request register 1007 that is used to send B system interrupt signals 1054 and expression.
Constitute the structure that interruption can be provided to A system processor 1001, B system processor 1003 independently.In addition, A system interrupt request register 1006, A system break essential factor register 1008, B system interrupt request register 1007, B system break essential factor register 1009 constitute the structure that can conduct interviews from A system processor 1001 and B system processor 1003.
In addition, interrupt 1066 from outside input fault report signal 1064 and network.1053 transmission of A system interrupt signals are from the interruption of A system interrupt request register 1006 generations or the interruption that is taken place by Trouble Report signal 1064.Here, the interruption that is taken place by Trouble Report signal 1064 has precedence over the interruption that takes place from A system interrupt request register 1006.
1054 transmission of B system interrupt signals are from the interruption of B system interrupt request register 1007 generations or the interruption that is taken place by network interruption 1066, Trouble Report signal 1064.Here, the interruption that is taken place by Trouble Report signal 1064 has precedence over the interruption that takes place from B system interrupt request register 1007, and the interruption that takes place from B system interrupt request register 1007 has precedence over network interruption 1066.That is,, then interrupt 1066 such orders for the interruption that produces by Trouble Report signal 1064, the interruption, the network that take place from B system interrupt request register 1007 if by prioritizing.
Fig. 5 is the state transition graph of the operating state of illustrative system bus interface oral area 1016.
System bus interface portion 1016 has 4 states shown in Figure 5.
State 1200 expression idle conditions, expression A system processor 1001, B system processor 1003 all do not have the state of access of system bus 1017.
State 1201 expression A system processor Access status, the common IO 1018 of expression A system processor 1001 visits.
State 1202 expression B system processor Access status, expression B system processor 1003 accesses network IO 1022.
The state that state 1203 expression A systems and B system processor are visited highly reliable IO 1018.
The switch condition 1204 that is transformed into state 1201 from state 1200 begins to carry out under the condition that visit and the highly reliable interrogation signal 1060 of A system do not send at A system processor 1001 to be set up.
The switch condition 1206 that is transformed into state 1202 from state 1200 does not begin to carry out visit, B system processor 1003 at A system processor 1001 and begins to carry out under the condition that visit and the highly reliable interrogation signal 1061 of B system do not send and set up.
Set up under the condition that the switch condition 1208 that is transformed into state 1203 from state 1200 begins to carry out visit at A system processor 1001, the highly reliable interrogation signal 1060 of A system sends and B system processor 1003 begins to carry out visit, the highly reliable interrogation signal 1061 of B system sends and the consistent signal 1062 of comparative result sends.This condition represents that A system processor 1001, B system processor 1003 visit the same address of highly reliable IO 1018 together.
Switch condition 1205 is owing to the report that the expression visit of sending via system bus 1017 from common IO 1020 finishes is set up; Switch condition 1207 is owing to the report that the expression visit of sending via system bus 1017 from network I/O 1022 finishes is set up; Switch condition 1209 is owing to the report that the expression visit of sending via system bus 1017 from highly reliable IO 1018 finishes is set up.
Because this state exchange, system bus interface portion 1016 is according to the judged result of A system realm judging part 1013, B system realm judging part 1014, answer the request of A system processor 1001, B system processor 1003, allow being connected to any one visit in highly reliable IO1018, common IO 1020 on the system bus 1017, the network I/O 1022.Particularly, for the visit of highly reliable IO 1018, the switch condition 1208 of the same address of expression A system processor 1001, the highly reliable 1O 1018 of B system processor 1003 common access is set up.
In addition, A system bus standby ready signal 1067 sends when switch condition 1205 and switch condition 1209 establishments, and B system bus standby ready signal 1065 sends when switch condition 1207 and switch condition 1209 establishments.
Fig. 6 is the state transition graph of the action of expression wrong detection unit 1012.
State 1300 is an idle condition, the state that expression A system processor, B system processor are not visited highly reliable IO 1018.
State 1301 is the highly reliable IO 1018 of A system processor 1001 visits, exports the state of always waiting for before the output identical with the output of self processor at B system processor 1003.
State 1302 is the highly reliable IO 1018 of A system processor 1001 visits, standby before B system processor 1003 is exported the output identical with the output of self processor, but, be judged as the state of time-out error through behind the certain hour.
Visited highly reliable IO 1018 though state 1303 is A system processor 1001 and B system processor 1003, the output of each processor is inconsistent, be judged as wrong state.
State 1305 is the highly reliable IO 1018 of B system processor 1003 visits, exports the state of always waiting for before the output identical with the output of self processor at A system processor 1001.
State 1304 is the highly reliable IO 1018 of B system processor 1003 visits, waits for before A system processor 1001 is exported the output identical with the output of self processor always, but through behind the certain hour, is judged as the state of time-out error.
Switch condition 1306 is set up under the condition that the highly reliable interrogation signal 1060 of A system sends, the highly reliable interrogation signal 1061 of B system does not send.
Set up under the condition that switch condition 1307 sends at the highly reliable interrogation signal 1061 of B system, the consistent signal 1062 of comparative result sends.
Set up under the condition that switch condition 1309 sends at the highly reliable interrogation signal 1061 of B system, the consistent signal 1062 of comparative result does not send.
Switch condition 1308 is false at switch condition 1307,1309, is set up through under the condition of certain hour.
Switch condition 1316 is set up under the condition that the highly reliable interrogation signal 1061 of B system sends, the highly reliable interrogation signal 1060 of A system does not send.
Set up under the condition that switch condition 1315 sends at the highly reliable interrogation signal 1060 of A system, the consistent signal 1062 of comparative result sends.
Set up under the condition that switch condition 1312 sends at the highly reliable interrogation signal 1060 of A system, the highly reliable interrogation signal 1061 of B system sends, the consistent signal 1062 of comparative result does not send.
Switch condition 1313 is false at switch condition 1315,1312, is set up through under the condition of certain hour.
Set up under the condition that switch condition 1317 sends at the highly reliable interrogation signal 1060 of A system, the highly reliable interrogation signal 1061 of B system sends, the consistent signal 1062 of comparative result does not send.
Switch condition 1310,1311,1314 is set up all the time, this means in the next cycle after state 1302,1303,1304 conversions, to state 1300 conversions.
The Access status of wrong detection unit 1012 management A system processors 1001 and 1003 couples of highly reliable IO 1018 of B system processor, the processor of highly reliable IO 1018 being carried out visit is under the inconsistent situation of output of the processor of the output of self processor and other system, or under other processors situation about highly reliable IO 1018 not being conducted interviews within a certain period of time, be transformed into state 1302,1303,1304, sent Trouble Report signal 1064 at 1302,1303,1304 o'clock at this state.
Highly reliable IO 1018 identifies fault has taken place, and will be outputted to safe condition after Trouble Report signal 1064 is issued.Here, so-called safe condition comprises that the situation that continue to keep current output is that the situation or the state identical with the situation of having cut off power supply of safe condition is safe situation, carries out the object of control and difference with each.In addition, after breaking down, wrong detection unit 1012 uses look-at-me 1053,1054 to interrupt to A system processor 1001 and B system processor 1003 report faults.The processor that receives the fault interruption interrupts the processing of present situation rapidly, and carries out fault handling.
Fig. 7 is the time chart of expression A system processor 1001 and B system processor 1003 processing action just often.
A system processor 1001 after the processing of last control task n finishes, is carried out the initiating task that is used to start the highly reliable task of B system processor from control task 0 beginning sequential processes task.This initiating task makes B system processor 1003 take place to interrupt and finish by visiting the B system interrupt request register 1997 of interrupt control portion 1005 inside.Next, A system processor 1001 is carried out highly reliable task.This highly reliable task is carried out control to being connected to input-output unit 1019 on the highly reliable IO 1018, that require reliability.A system processor 1001 is periodically carried out from control task 0 and is begun a series of processing till the highly reliable task.
On the other hand, B system processor 1003 interrupts according to the network that takes place from network I/O 1022, handles communication task successively, has no progeny in the initiating task of carrying out owing to A system processor 1001 receives, and carries out the highly reliable task identical with the A system processor.Therefore, A system processor 1001 and B system processor 1003 are carried out same processing, thereby can ensure the output unanimity of 2 processors.B system processor 1003 interrupts 1066 according to the network that takes place from network I/O 1022 once more after highly reliable task handling finishes, handle communication task successively.B system processor 1003 is carried out visit to interrupting control part 1005 after receiving and interrupting and dispose, and removes and interrupts essential factor.
In addition, interrupt control portion 1005 is during the interruption that takes place owing to visit B system interrupt request register 1007 enters B system processor 1003, the network that shielding priority is low interrupts 1066, therefore, during B system processor 1003 is carried out highly reliable task, network interrupts 1066 and does not enter, thus Interrupt Process not.
As mentioned above, when execution is used to guarantee the processing of reliability, utilize a plurality of processors to carry out processing, more a plurality of output results, only under the situation of unanimity, carry out output, thereby improved reliability, for the processing that thinks little of reliability, a plurality of processor self contained functions, thus handling property can be improved.

Claims (29)

1. the task management device of a control device, for common data processing object, with the result by at least 2 systems' execution is input, described result is obtained with mutual interchangeable mode computing by described 2 systems at least, it is characterized in that described task management device has:
After from described at least 2 systems any one receives commencing signal, to the unit of described at least 2 systems output computing indicator signal; And to carrying out relatively, to allow the unit of output according to the result output of described commencing signal, that carry out by described at least 2 systems.
2. the task management device of control device as claimed in claim 1 is characterized in that, output signal is so that the computing of any one is carried out in the timing different with the computing of the system that is different from described system in described at least 2 systems.
3. the task management device of control device as claimed in claim 2 is characterized in that, for different data processing objects, input has been carried out result after nonidentity operation is handled by at least 2 systems.
4. the task management device of control device as claimed in claim 3 is characterized in that, is receiving after the described nonidentity operation of expression handles the signal that has finished, and output allows the signal of described interchangeable computing.
5. the task management device of control device as claimed in claim 3 is characterized in that, after receiving the signal that finished of the described interchangeable computing of expression, and the signal that output allows described nonidentity operation to handle.
6. the task management device of a control device, for common data processing object, with the result by at least 2 systems' execution is input, described result is obtained with mutual interchangeable mode computing by described 2 systems at least, for different data processing objects, with the result carried out by at least 2 systems after nonidentity operation is handled is input, it is characterized in that described task management device has:
Signal output unit, output expression are to be carried out different calculation process, or carried out the switching signal of calculation process in interchangeable mode by described at least 2 systems; And licence units, carried out by at least 2 systems under the situation that nonidentity operation handles at described signal indication, allow at least 1 among the different disposal result of described at least 2 systems of output.
7. the task management device of control device as claimed in claim 6 is characterized in that, described licence units by will with described result send here write target data and specified data compares, judge that output allows.
8. the task management device of control device as claimed in claim 7, it is characterized in that, also has the unit of by the described result of importing of sequential storage, also exporting the result of this storage in proper order, wherein, with described specified data relatively be to carry out at the described result of output in order.
9. the task management device of a control device is characterized in that, has:
The 1st recognition data zone, for common data processing object, to have carried out the result after the calculation process by at least 2 systems in interchangeable mode is input, and storage is used for discerning the recognition data that described at least 2 systems stipulate the data processing object of system; The 2nd recognition data zone, storage are used for discerning described at least 2 systems recognition data of the data processing object of another system arbitrarily; The 1st deal with data zone is used for storing the 1st deal with data of stipulating the result of system at least as described 2 systems; The 2nd deal with data zone is used for storing the 2nd deal with data as the result of any another system of described at least 2 systems; With the contrast unit, in described the 1st recognition data of contrast and described the 2nd recognition data, also contrast described the 1st deal with data and described the 2nd deal with data,
Wherein, the contrast based on described contrast unit allows data output.
10. the task management device of control device as claimed in claim 9 is characterized in that, has with respect to one at least 2 systems that carry out described calculation process, makes the delay cell of another operating delay.
11. the task management device of a control device, for common data processing object, input has been carried out the result after the calculation process by at least 2 systems in interchangeable mode, and for different data processing objects, input has been carried out result after nonidentity operation is handled by at least 2 systems, it is characterized in that described task management device has:
Signal output unit, output expression are to carry out the switching signal that calculation process was handled or carried out in interchangeable mode in nonidentity operation by described at least 2 systems.
12. the task management method of a control device, for common data processing object, input is with results mutual interchangeable mode computing, at least 2 systems, after from described at least 2 systems any one receives commencing signal, to described at least 2 systems output computing indicator signal, and to carrying out relatively, to allow output according to the result output of described commencing signal, that carry out by described at least 2 systems.
13. the task management method of a control device, for common data processing object, input is with mutual interchangeable mode computing, the result of at least 2 systems, for different data processing objects, input has been carried out the result that nonidentity operation is handled by at least 2 systems, the output expression is to carry out the switching signal that calculation process was handled or carried out in interchangeable mode in nonidentity operation by described at least 2 systems, carry out under the situation of nonidentity operation processing by at least 2 systems at described signal indication, be judged as at least 1 among the different disposal result who allows described at least 2 systems of output.
14. the task management method of a control device, for common data processing object, input is with results interchangeable mode computing, at least 2 systems, will be used for discerning the recognition data that described at least 2 systems stipulate the data processing object of system and store the 1st recognition data zone into; To be used for discerning described at least 2 systems arbitrarily the recognition data of the data processing object of another system store the 2nd recognition data zone into; To store the 1st deal with data zone into as the 1st deal with data of stipulating the result of system at least in described 2 systems; And will store the 2nd deal with data zone into as the 2nd deal with data of the result of any another system in described at least 2 systems, wherein, in described the 1st recognition data of contrast and described the 2nd recognition data, also contrast described the 1st deal with data and described the 2nd deal with data.
15. an input-output control unit is characterized in that having:
Under the situation of the request that the higher relatively computing of reliability occurs, in a plurality of processors at least one, indication transfers to carry out the higher relatively computing of reliability from the relatively low computing of reliability, so that described a plurality of processor is carried out the unit of same computing; The unit that the operation result of described a plurality of processors is compared; And, allow the unit of the output data relevant with the computing of described processor based on described comparative result.
16. input-output control unit as claimed in claim 15 is characterized in that, has: in the relatively low computing of described reliability, carry out different calculation process, and export the result's of described different calculation process unit by described a plurality of processors.
17. input-output control unit as claimed in claim 16 is characterized in that, the request of the computing that described reliability is higher relatively is from described a plurality of processors one another the Interrupt Process in described a plurality of processors.
18. input-output control unit as claimed in claim 16 is characterized in that, the higher relatively computing of described reliability is to carry out under the situation higher relatively computing of reliability, to the visit of I/O being equivalent to ask to carry out.
19. input-output control unit as claimed in claim 18 is characterized in that, whether be described be equivalent to ask to carry out the higher relatively computing of reliability, to the visit of I/O, be based on that the address that will visit judges.
20. input-output control unit as claimed in claim 19, it is characterized in that, in corresponding described a plurality of processors each, have request register and essential factor register, the content that writes based on described request register and essential factor register judges whether it is the request of the higher relatively computing of reliability.
21. input-output control unit as claimed in claim 20, it is characterized in that, based on from signal one in described a plurality of processors, the expression bus starting, an output in described a plurality of processors signal to be controlled such as carries out to bus, thereby limits described visit.
22. input-output control unit as claimed in claim 15 is characterized in that, permission is made in the unit of described permission output under the situation of the operation result unanimity of described a plurality of processors.
23. input-output control unit as claimed in claim 22 is characterized in that, output is used in reference to and is shown in the signal that described different calculation process is carried out in described consistent back.
24. input-output control unit as claimed in claim 15 is characterized in that, under the situation of the request that the higher relatively computing of described reliability occurs, is used to indicate the signal of computing interruption at least to described 1 processor output.
25. input-output control unit as claimed in claim 24, it is characterized in that, have: under the situation of carrying out the higher relatively computing of described reliability, restriction to described a plurality of processors, at the unit of the interruption of the relatively low computing of described reliability.
26. input-output control unit as claimed in claim 25 is characterized in that, has: in described a plurality of processors at least 1 at the appointed time during in do not export under the situation of operation result, be judged as unusual unit.
27. an information control device is characterized in that having:
A plurality of processors; For after receiving expression described a plurality of processors should carry out the request of the higher relatively computing of reliability, carry out identical operation by a plurality of processors, at in described a plurality of processors at least one, indication is from the relatively low computing of reliability then carry out the unit of the higher relatively computing of reliability; The unit that the operation result of described a plurality of processors is compared; And based on described comparative result, the unit of the data that permission output is relevant with the computing of described processor.
28. input and output control method, under the situation of the request that the higher relatively computing of reliability occurs, at in described a plurality of processors at least one, indication transfers to carry out the higher relatively computing of reliability from the relatively low computing of reliability, so that a plurality of processors are carried out identical computing, and the operation result of described a plurality of processors compared, based on described comparative result, the data that permission output is relevant with the computing of described processor.
29. information control method, receive a plurality of processors of expression and should carry out the request of the higher relatively computing of reliability, at at least 1 in described a plurality of processors, generation is used to indicate the signal of transferring to carry out the higher relatively computing of reliability from the relatively low computing of reliability, make a plurality of processors carry out identical computing, relatively the operation result of each processor based on described comparative result, is permitted the data that output is relevant with the computing of described processor.
CN2006100917321A 2005-06-10 2006-06-09 Task management apparatus and method for control apparatus Expired - Fee Related CN1877471B (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2005170275 2005-06-10
JP2005170275A JP2006344087A (en) 2005-06-10 2005-06-10 Task management device for controller and task management method for controller
JP2005-170275 2005-06-10
JP2005190874 2005-06-30
JP2005-190874 2005-06-30
JP2005190874A JP4102814B2 (en) 2005-06-30 2005-06-30 I / O control device, information control device, and information control method

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN2007101967958A Division CN101174135B (en) 2005-06-10 2006-06-09 Input/output control apparatus, information control apparatus and method
CN2008101300436A Division CN101329580B (en) 2005-06-10 2006-06-09 A task management control apparatus and method

Publications (2)

Publication Number Publication Date
CN1877471A true CN1877471A (en) 2006-12-13
CN1877471B CN1877471B (en) 2010-08-18

Family

ID=37509932

Family Applications (3)

Application Number Title Priority Date Filing Date
CN2007101967958A Expired - Fee Related CN101174135B (en) 2005-06-10 2006-06-09 Input/output control apparatus, information control apparatus and method
CN2008101300436A Expired - Fee Related CN101329580B (en) 2005-06-10 2006-06-09 A task management control apparatus and method
CN2006100917321A Expired - Fee Related CN1877471B (en) 2005-06-10 2006-06-09 Task management apparatus and method for control apparatus

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN2007101967958A Expired - Fee Related CN101174135B (en) 2005-06-10 2006-06-09 Input/output control apparatus, information control apparatus and method
CN2008101300436A Expired - Fee Related CN101329580B (en) 2005-06-10 2006-06-09 A task management control apparatus and method

Country Status (2)

Country Link
JP (1) JP2006344087A (en)
CN (3) CN101174135B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104281217A (en) * 2013-07-11 2015-01-14 瑞萨电子株式会社 Microcomputer
CN108628694A (en) * 2017-03-20 2018-10-09 腾讯科技(深圳)有限公司 A kind of data processing method and device based on programmable hardware
CN110914769A (en) * 2017-08-18 2020-03-24 Wago管理有限责任公司 Process control

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5367236B2 (en) * 2007-06-14 2013-12-11 株式会社東芝 Portable electronic device and IC card
JP5344936B2 (en) 2009-01-07 2013-11-20 株式会社日立製作所 Control device
CN112424753B (en) * 2018-07-18 2024-08-23 三垦电气株式会社 Multi-core system
CN113885306B (en) * 2021-09-08 2024-06-04 中国航空工业集团公司西安航空计算技术研究所 Signal output circuit supporting interchangeability under security architecture

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3424968B2 (en) * 1993-12-24 2003-07-07 三菱電機株式会社 Computer system, processor chip and fault recovery method
US6779128B1 (en) * 2000-02-18 2004-08-17 Invensys Systems, Inc. Fault-tolerant data transfer
EP1443399B1 (en) * 2003-01-23 2009-05-20 Supercomputing Systems AG Fault tolerant computer controlled system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104281217A (en) * 2013-07-11 2015-01-14 瑞萨电子株式会社 Microcomputer
CN104281217B (en) * 2013-07-11 2019-11-05 瑞萨电子株式会社 Microcomputer
CN108628694A (en) * 2017-03-20 2018-10-09 腾讯科技(深圳)有限公司 A kind of data processing method and device based on programmable hardware
CN108628694B (en) * 2017-03-20 2023-03-28 腾讯科技(深圳)有限公司 Data processing method and device based on programmable hardware
CN110914769A (en) * 2017-08-18 2020-03-24 Wago管理有限责任公司 Process control

Also Published As

Publication number Publication date
CN101174135A (en) 2008-05-07
JP2006344087A (en) 2006-12-21
CN101329580A (en) 2008-12-24
CN101174135B (en) 2010-06-09
CN1877471B (en) 2010-08-18
CN101329580B (en) 2012-02-29

Similar Documents

Publication Publication Date Title
JP5846836B2 (en) Virtual machine, virtual machine system, and virtual machine control method
CN1877471A (en) Task management apparatus and method for control apparatus
CN100423013C (en) Method and apparatus for loading a trustable operating system
US7823021B2 (en) Software process monitor
CN1251074C (en) Restarting method for computer
CN1114860C (en) Method and appts. for handling multiple level-triggered and edge-triggered interrupts
EP1855205A1 (en) Debug supporting device, and program for causing computer to execute debug processing method
CN1495611A (en) Fault-tderant computer system and its resynchronization method and program
JP2013534664A5 (en)
US10761776B2 (en) Method for handling command in conflict scenario in non-volatile memory express (NVMe) based solid-state drive (SSD) controller
CN101334746B (en) Multi-component system
CN1193281C (en) Automation equipment and update method
CN105224403A (en) A kind of interruption processing method and device
US20060271205A1 (en) Software process monitor
US8332826B2 (en) Software process monitor
EP1891527B1 (en) SOFTWARE PROCESS MONITOR for detecting and recovering from abnormal process termination
CN113010336A (en) Application processor crash field debugging method and application processor
JP4102814B2 (en) I / O control device, information control device, and information control method
CN1945542A (en) Embedded software developing method and system
EP3480700A1 (en) Electronic control device
JP2005031724A (en) Abnormality detecting device
US7788529B2 (en) Method for safely interrupting blocked work in a server
CN114880036A (en) Debugging method for debugging module for processing multi-core access in RISC-V system
KR100975228B1 (en) Microcomputer with watchdog timer
JP2023149246A (en) Memory controller, information processing apparatus, and information processing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100818

Termination date: 20210609

CF01 Termination of patent right due to non-payment of annual fee