Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method of Runtime Validation of Code Execution Algorithms for Critical Instruction Branches

IP.com Disclosure Number: IPCOM000032690D
Original Publication Date: 2004-Nov-10
Included in the Prior Art Database: 2004-Nov-10
Document File: 4 page(s) / 45K

Publishing Venue

IBM

Abstract

In systems that operate with redundant management functions, such as a storage system with multiple enclosure management processor functions, a high reliability and availability solution is implemented in a way that requires the cooperative interaction between said enclosure management functions before critical tasks are executed. If one of the enclosure management processors fails then the capability to perform this cross check/verification is no longer available. If the critical task still needs to be executed then the enclosure management function is exposed to the failures that the cross-check/verification was designed to prevent from inadvertently occurring. As a measure of providing a similar level of cross checking/verification of the validity of request for the critical task to be executed, the single management function algorithms can be designed and implemented such that there is always a checkpoint within the algorithm that requires the enclosure management processor to independently verify that a valid request exists to perform the critical task

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 4

Method of Runtime Validation of Code Execution Algorithms for Critical Instruction Branches

Disclosed is a method and system for systems that operate with redundant management functions, such as a storage system with multiple enclosure management processor functions, a high reliability and availability solution is implemented in a way that requires the cooperative interaction between said enclosure management functions before critical tasks are executed. For example a critical task such as turning off power to the enclosure, would require the two enclosure management processors to cross-check/verify that they both have received valid power off requests from the system prior to turning off the power supplies. If one of the enclosure management processors fails then the capability to perform this cross check/verification is no longer available. If the critical task still needs to be executed then the enclosure management function is exposed to the failures that the cross-check/verification was designed to prevent from inadvertently occurring. As a measure of providing a similar level of cross checking/verification of the validity of request for the critical task to be executed, the single management function algorithms can be designed and implemented such that there is always a checkpoint within the algorithm that requires the enclosure management processor to independently verify that a valid request exists to perform the critical task. In the code path that executes the critical task a step that requires the management processor to read the status of a bit that is independently controlled by the system indicating the status of the request for the critical task. The state of the independently controlled bit must satisfy the conditions that the enclosure management processor should see for a valid request to execute the critical task or the code loop is aborted and an error should be posted to the system.

In the figure below, during normal operation, both SES0 and SES1 can communicate to each other via the paths interconnecting them in blue. As a measure of security for any command to power down a power supply SES0 & SES1 communicate with each other to make sure that they each have seen the request from the SMP to power off a power supply. As an added layer of protection to keep one SES from independently turning off a power supply, for a command to shutdown a power supply during dual SES operation, by convention in Power Supply 0, SES0 owns responsibility for controlling the state of bit 0 & bit 1 and SES1 owns responsibility for controlling the state of bit 2. So for a critical task such as turning off power, it requires both SES 0 and SES 1 set their respective control bits appropriately to turn off Power Supply 0.

1

Page 2 of 4

SMP

SMP

SES 0

SES 1

 Power Supply 0

 Power Supply 1

Pwr Control Bits Bit 0 1 2 On 1 0 0 Off 0 1 1

Pwr Control Bits Bit 0 1 2 On 1 0 0 Off 0 1 1

In the case where the sys...