Method and apparatus for a computer system to detect program faults and permit recovery from such faults

US 5,341,497 A
Filed: 12/16/1993
Issued: 08/23/1994
Est. Priority Date: 10/16/1991
Status: Expired due to Term

First Claim

Patent Images

1. A circuit for monitoring the programmed flow of operation of a computerized system including a programmable controller for at desired times operating said system in one of a plurality of different programmed modes of operation, respectively, and within each mode of operation, in programmed sequences of operation, relative to a main program, comprising:

assignment means for assigning a unique mode toggle address from a plurality of programmable addresses for each predetermined mode of operation of said system being monitored only at the beginning of the associated mode of operation, which toggle mode address remains assigned to said mode, and to its associated said plurality of programmed sequences, respectively, so long as said mode is active;

matching means controlled only by software for both matching said predetermined mode toggle address preloaded into said monitoring circuit for the computerized system a system reset signal is generated substantially immediately after the error is detected for resetting said controller, if the error was transitory or has been removed, to reinitiate the desired mode of operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A circuit for monitoring the program flow of a computerized or microprocessed system, includes a comparator for matching a uniquely assigned address for entering a given mode of operation, with an address presented by the system controller for entering the operating mode. If the addresses do not match, in response to the detected illegal mode entry attempt, a reset signal is generated for resetting the controller to reinitiate the programmed flow of operation.

58 Citations

View as Search Results

16 Claims

1. A circuit for monitoring the programmed flow of operation of a computerized system including a programmable controller for at desired times operating said system in one of a plurality of different programmed modes of operation, respectively, and within each mode of operation, in programmed sequences of operation, relative to a main program, comprising:
- assignment means for assigning a unique mode toggle address from a plurality of programmable addresses for each predetermined mode of operation of said system being monitored only at the beginning of the associated mode of operation, which toggle mode address remains assigned to said mode, and to its associated said plurality of programmed sequences, respectively, so long as said mode is active;
  
  matching means controlled only by software for both matching said predetermined mode toggle address preloaded into said monitoring circuit for the computerized system a system reset signal is generated substantially immediately after the error is detected for resetting said controller, if the error was transitory or has been removed, to reinitiate the desired mode of operation.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The monitoring circuit of claim 1, further including:
    - counting means, upon detection of an error by said matching means, responsive to a predetermined number of system reset signals therefrom occurring within a predetermined period of time, for generating an alarm turn-on signal; and
      
      alarm means responsive to said alarm turn-on signal for indicating said computerized system has entered into an illegal sequence of operation.
  - 3. The monitoring circuit of claim 1, further including:
    - a voltage bus for connecting at least a portion of said monitoring circuit to an operating voltage; and
      
      voltage sensing means connected to said voltage bus, for generating a system reset signal to reset said controller, whenever the level of said operating voltage falls below a predetermined voltage level.
  - 4. The monitoring circuit of claim 1, wherein said matching means further includes means for matching a predetermined sequence toggle address (preloaded into said monitoring circuit for indicating a legal sequence of operation within a given mode of operation), with an address from said controller for entering the desired sequence of operation, for generating said system reset signal if the sequence toggle address does not match a sequence valid for the associated mode of operation, thereby indicating an illegal sequence.
  - 5. The monitoring circuit of claim 1, further including:
    - STROBE pulse producing means included in said matching means, for periodically producing a STROBE signal so long as said matching means detects a legal mode address, and/or a legal sequence toggle address, and for terminating said STROBE signals if an illegal address is detected; and
      
      timing means responsive to the termination of said STROBE signals for greater than a predetermined period of time, for generating said error system reset signal.

6. A circuit for monitoring the programmed flow of operation of a computerized system including a programmable controller, said controller being programmable for selectively operating said system in one of a plurality of different modes of operation at a given time, and through a plurality of programmed sequences uniquely associated with said modes of operation, respectively, said monitoring circuit comprising:
- comparator means controlled only by software for comparing a predetermined toggle address selected from a plurality of programmable addresses loaded into said circuit only at the beginning of and representing both a desired mode of operation, and the desired mode'"'"'s associated plurality of programmed sequences, respectively, for the period of time the system remains in the desired mode of operation, with an address generated by said controller in attempting to cause said system to enter said desired mode of operation, both for generating a STROBE signal if the addresses match indicating a legal entry into said desired mode of operation, and generating an error signal if the addresses do not match indicating an illegal mode entry, said comparator means also including means for comparing said predetermined address representing said desired mode with addresses generated by said controller at predetermined single or multiple points within selected ones of a plurality of said programmed sequences of said mode, for generating said STROBE signal for address match, and said error signal for address mismatches; and
  
  timer means responsive to the occurrence of an error signal in a period of time in which a STROBE signal does not occur, for substantially immediately generating a system reset signal, for resetting said controller to restart a main program of operation.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The monitoring circuit of claim 6, wherein said timer means includes means for also generating said system reset signal if STROBE pulses do not occur within a predetermined period of time.
  - 8. The monitoring circuit of claim 6, further including:
    - a voltage bus for connecting an operating voltage to at least a portion of said monitoring circuit; and
      
      said timer means including voltage sensing means responsive to the level of said operating voltage decreasing below a predetermined level for generating said system reset signal.
  - 9. The circuit of claim 6, further including:
    - counting means responsive, subsequent to the generation of an error signal by said comparator means, to the occurrence of a predetermined number of error system reset pulses over a predetermined period of time, for generating an alarm on signal; and
      
      alarm means responsive to said alarm on signal, for turning on to warn system users that said system is in a fault mode of operation.
  - 10. The monitoring circuit of claim 6, wherein said comparator means further includes means for comparing during operation of said system in a given mode of operation, an address predetermined for a given sequence of operation for the given mode with a toggle address from the actual sequence, for generating said system error signal if the addresses do not match, indicating that an illegal sequence for that mode of operation has been entered into.

11. A method for monitoring the programmed flow of operation of a computerized system including a programmable controller, said controller being programmed for selectively operating said system in a desired one of a plurality of different modes of operation at a given time, and through a plurality of programmed sequences uniquely associated with said modes of operation, respectively, said method comprising the steps of:
- A) assigning from amongst a plurality of programmable addresses a unique address for each selected mode of operation, and for use within a plurality of said programmed sequences associated with the selected mode of operation, only at the beginning of each mode of operation, which address remains unchanged as long as said system remains in a given mode of operation, and which address must be entered by said controller for accessing the associated mode of operation;
  
  B) matching controller generated access addresses to begin and continue operating in a particular mode of operation with the assigned access address for the desired mode, to determine if the addresses match for a legal access, or do not match indicating an illegal access, and for determining if at single or multiple points within selected ones of said plurality of programmed sequences, respectively, within a given mode of operation the aforesaid addresses match; and
  
  C) generating a system reset signal to reset said controller substantially immediately upon the event of determining an illegal access request by said controller for a given mode of operation.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further including the steps of:
    - D) counting, subsequent to the indication of an illegal access, the number of system reset signals occurring within a predetermined period of time; and
      
      E) turning on an alarm in the event more than a predetermined number of system reset signals are counted within the predetermined period of time.
  - 13. The method of claim 11, further including the steps of:
    - F) sensing the voltage level of an operating voltage for said system; and
      
      G) generating said system reset signals whenever said operating voltage falls below a given voltage level.
  - 14. The method of claim 11, further including the steps of:
    - H) assigning a unique toggle address for at least one toggle point within selected ones of said plurality of programmed sequences;
      
      I) reading the toggle address at each toggle point during said system operating in a given mode of operation;
      
      J) comparing each said toggle address to legal toggle addresses for identifying sequences associated with a present mode of operation; and
      
      K) generating said system reset signal if an illegal sequence has been entered relative to a present mode of operation.
  - 15. The method of claim 14, further including the steps of:
    - L) periodically generating a STROBE signal for indicating proper program flow in said controller;
      
      M) turning on a timer at the termination of each STROBE signal;
      
      N) resetting said timer upon the occurrence of each STROBE signal; and
      
      O) generating said system reset signal if a STROBE signal does not occur within a predetermined period of time as measured by said timer.

16. A method for monitoring the programmed flow of operation of a computerized system including a programmable controller, said controller being programmed for selectively operating said system in a desired one of a plurality of different modes of operation at a given time, and through a plurality of programmed sequences uniquely associated with said modes of operation, respectively, said method comprising the steps of:
- A) assigning from amongst a plurality of programmable addresses, a unique address for each mode of operation of said system at the beginning of each mode of operation, which address must be entered by said controller for accessing the associated mode of operation;
  
  B) matching a controller generated access address to begin and continue operating in a particular mode of operation with the predetermined access address for the desired mode, to determine if the addresses match for a legal access, or do not match indicating an illegal access;
  
  C) generating a system reset signal to reset said controller in the event of an illegal access request for a given mode of operation;
  
  D) counting subsequent to the indication of an illegal access, the number of system reset signals occurring within a predetermined period of time;
  
  E) turning on an alarm in the event more than a predetermined number of system reset signals are counted within the predetermined period of time;
  
  F) sensing the voltage level of an operating voltage for said system;
  
  G) generating said system reset signal whenever said operating voltage falls below a given voltage level;
  
  H) assigning a unique toggle address for at least one toggle point within a programmed sequence of selected ones of said plurality of different modes of operation;
  
  I) reading the toggle address at each toggle point during said system operating in a given mode of operation;
  
  J) comparing each said toggle address to legal toggle addresses for identifying sequences associated with a present mode of operation;
  
  K) generating said system reset signal if an illegal sequence has been entered relative to a present mode of operation;
  
  L) periodically generating a STROBE signal for indicating proper program flow in said controller;
  
  M) turning on a timer at the termination of each STROBE signal;
  
  N) resetting said timer upon the occurrence of each STROBE signal; and
  
  O) generating said system reset signal if a STROBE signal does not occur within a predetermined period of time as measured by said timer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ohmeda, Inc. (Linde Plc)
Original Assignee
Ohmeda, Inc. (Linde Plc)
Inventors
Younger, Thomas C.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
VALES, PHILLIP

Application Number

US08/168,767
Time in Patent Office

250 Days
Field of Search

371/16.3, 371/62, 371/12, 395/575, 364/267.9
US Class Current

714/51
CPC Class Codes

G06F 11/0757 by exceeding a time limit, ...

G06F 11/28 by checking the correct ord...

Method and apparatus for a computer system to detect program faults and permit recovery from such faults

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a computer system to detect program faults and permit recovery from such faults

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links