Electrical computers and digital processing systems: memory – Storage accessing and control – Shared memory area
Reexamination Certificate
2000-06-16
2002-10-22
Elmore, Reba I. (Department: 2187)
Electrical computers and digital processing systems: memory
Storage accessing and control
Shared memory area
C711S163000
Reexamination Certificate
active
06470430
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATION
This application claims the priority of German patent Application No. 19927657.9-32 filed Jun. 17, 1999, which is incorporated herein by reference.
BACKGROUND OF THE INVENTION
The invention relates to a method for partitioning and monitoring software controlled electronic equipment comprising a processor, at least one read only memory (ROM), at least one read and access memory (RAM) and one monitoring unit.
Flexibility, efficiency and costs are the reason why more and more processes are monitored with the aid of software-controlled electronic equipment. As a rule, electronic equipment of this type is controlled with the aid of microprocessors. The invention introduced herein is designed to increase the reliability of these systems and, at the same time, reduce the expenditure for development. For this, the processor is monitored, thereby ensuring a robust partitioning. The aforementioned processor monitoring controls the memory access and ensures that the processing times for the program sections and program modules are observed.
Known processes from prior art are controlled by flexible, generally software-based electronic equipment. Controls of this type have the advantage of offering extremely high efficiency with respect to control and regulation. These controls in principle always have the same basic structure, consisting of sensing devices, digital processor-controlled information processing and actuators, and can be used for almost all processes, even if handling them is complicated. The actual processing component assumes the specific adaptation to the respective process. As a rule, this adaptation occurs with the aid of control software capable of controlling complex processes. With respect to the software, complex processes require comprehensive software structures, which in many cases are also complex. These are configured to react in accordance with the different process states, to observe the times and to make available sufficient reaction alternatives. The more complex applications and software become, the more difficult it is to create an error-free software. Error-free software is a requirement that plays an important role for security-relevant applications, in particular for the respective electronic equipment. Lengthy development times with extensive and long-lasting test phases result in high costs. The disadvantage is that even after completing all tests, there is no one hundred percent assurance that the software does not still contain hidden errors. Hidden errors are the rule and not the exception. A further disadvantage is that the effects of hidden errors cannot be predicted.
It is possible to react in different ways to this problem. One way consists of setting up a tool chain of error-free tools, which are capable of automatically generating complex problems from requirements. The extensive code created in the process is a disadvantage, not only with respect to its effects on the storage costs, but because fast real-time systems cannot be realized in this way or only with increased expenditure for extremely fast hardware.
Thus it is the object of the invention is to prevent the uncontrolled propagation of software errors and to allow completely independent processes or program modules to run in a microprocessor. In particular, the aim is to prevent a mutual influencing caused by faulty memory access and to take steps to ensure that the independent program modules do not influence each other with respect to time.
SUMMARY OF THE INVENTION
The above object generally is achieved according to the invention by a method for partitioning and monitoring soft-ware controlled electronic equipment comprising a processor, at least one read only memory (ROM), at least one read and access memory (RAM) and one monitoring unit wherein the monitoring unit divides the memories (ROM, RAM) into individual memory areas (module
1
, module
2
to module n) by use of a permanently stored allocation table, and assigns these areas permanently to individual program modules, which cannot be influenced by an operating program module, even in case of an error.
The invention builds on the fact that small units are easier to control than large ones. The complexity of small units is limited, which facilitates the overview and transparence. Small units have fewer states and can therefore be tested with less expenditure. However, this is true only if they do not influence each other negatively. The logic behind this is that the sum of all possible states of individual units is lower than the combination of all states. For example, if a system composed of four units with respectively four independent states is considered, 16 test cases are obtained. If the test cases were dependent on each other or could mutually influence each other, this would result in 256 test cases. A division of complex processes into small, independent modules is therefore advantageous.
According to the invention, this problem is solved through a partitioning of memory and time. The memory units are partitioned with the aid of a monitoring unit and an allocation table. For this, the total process is program-technologically divided into individual smaller modules. The individual modules themselves are independent programs or sub-programs. A predetermined, fixed memory area or address space is allocated to each individual module. The allocation of memory area or address space occurs with the aid of an allocation table. For this, previously determined memory boundaries or address boundaries, to which the respective program module must have access, are stored permanently in an allocation table. The areas for code memory, data memory and, if necessary, also the periphery are specified. Permanently stored means that the memory boundaries are not specified as variable, in contrast to prior art, and therefore cannot be changed by running programs, for example, communication software. Permanently stored means that the allocation table is stored in a hardware-type realized memory in such a way that application programs can no longer change the allocation table. The stored memory boundaries cannot be influenced by an operating program module, not even if an error occurs. During an orderly program flow, a monitoring unit ensures that the partitioning is maintained, which is specified in the allocation table by the memory boundaries. If a program module claims an address outside of the memory boundaries fixed in the allocation table, the monitoring unit will diagnose this as error. One basic rule for error detection is that each program module is authorized to access only those areas, which are released for the program module. As far as the data memory and the periphery are concerned, it is true that all memory areas can be read by each program module. However, a write enable applies only to those memory areas, which are allocated to the individual program modules in the allocation table. Each module thus can read all data for the total process, but can effect changes through rewriting only in those areas, which are allocated to it. In the following, the robust partitioning according to the invention is understood to refer to the permanent storage of memory boundaries in a hardware-type allocation table and the fixed allocation of these memory areas to individually enabled program modules.
In addition to the partitioning of the memory and the connected independence in handling the memory, the invention also comprises a monitoring of the time-independence of the individual program modules. This applies in particular to deterministic processes. The time partitioning also occurs with the aid of the allocation table, in which the specified times are permanently stored. As a result, the time monitoring also cannot be influenced by the operating program, not even if an error occurs. If a program is composed of several modules and a result must definitely be made available after a specified time period, it must be ensured that all program modules with their processing times adhere to specified t
Fischer Kerstin
Seyer Reinhard
Daimler-Chrysler AG
Elmore Reba I.
Kunitz Norman N.
Venable
LandOfFree
Partitioning and monitoring of software-controlled system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Partitioning and monitoring of software-controlled system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Partitioning and monitoring of software-controlled system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2953282