Fault tolerant computer system with provision for handling external events

US 5,363,503 A
Filed: 01/22/1992
Issued: 11/08/1994
Est. Priority Date: 01/22/1992
Status: Expired due to Term

First Claim

Patent Images

1. In a fault tolerant computer system including a data processor providing at least one task which performs a persistent action and wherein said task is subject to receiving one or more external signals whose time of occurrence may affect the performance of said task, a method comprising:

providing a backup task external to said data processor for backing up said one task,transmitting messages to said one task;

storing messages transmitted to said one task;

also storing external event data indicative of each external event type and its occurrence relationship to a predetermined primary task event;

transmitting at least certain ones of the stored messages to said backup task subsequently to said storing messages in a manner such that at least those particular messages which have been processed by said one task are transmitted to said backup task prior to performance of said persistent action;

also transmitting said external event data and said occurrence relationship to said backup task prior to performance of said persistent action;

said one task continuing to process messages transmitted thereto so long as the aforementioned transmitting of messages and external event data to said backup task is met; and

in the event of failure of said one task, causing said backup task to process said messages transmitted thereto while using said external event data and said occurrence relationship transmitted thereto to redeliver each external signal to said backup task at a time such that said backup task will properly recover.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fault tolerant computer system employing primary tasks and corresponding backup tasks. The system operates to provide fault tolerant operation even where uncontrolled external events may occur whose time of occurrence may affect task performance. For this purpose, external event data is stored for each external event occurring during performance of a primary task which indicates the event type and the relationship between the occurrence of the external event and the occurrence of a predetermined primary task event, such as a memory access operation. This external event data is sent to each respective backup task along with messages transmitted to the respective primary task. In the event a primary task fails, the backup task will replay the failed primary task by processing these transmitted messages while using the transmitted external event data to redeliver each external signal to the backup task at an appropriate time which will assure that the backup task properly recovers the primary task.

50 Citations

View as Search Results

24 Claims

1. In a fault tolerant computer system including a data processor providing at least one task which performs a persistent action and wherein said task is subject to receiving one or more external signals whose time of occurrence may affect the performance of said task, a method comprising:
- providing a backup task external to said data processor for backing up said one task,transmitting messages to said one task;
  
  storing messages transmitted to said one task;
  
  also storing external event data indicative of each external event type and its occurrence relationship to a predetermined primary task event;
  
  transmitting at least certain ones of the stored messages to said backup task subsequently to said storing messages in a manner such that at least those particular messages which have been processed by said one task are transmitted to said backup task prior to performance of said persistent action;
  
  also transmitting said external event data and said occurrence relationship to said backup task prior to performance of said persistent action;
  
  said one task continuing to process messages transmitted thereto so long as the aforementioned transmitting of messages and external event data to said backup task is met; and
  
  in the event of failure of said one task, causing said backup task to process said messages transmitted thereto while using said external event data and said occurrence relationship transmitted thereto to redeliver each external signal to said backup task at a time such that said backup task will properly recover.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18, 19, 20)
- - 2. The method of claim 1, wherein the steps of storing include storing external event data and messages in a queue of said data processor, and wherein the steps of transmitting include transmitting external data and processed messages in said queue to said backup task prior to performing said persistent action.
  - 3. The method of claim 2, including counting messages processed by said one task.
  - 4. The method of claim 3, including providing for the performance of a second task, and transmitting and storing a message from said one task to said second task.
  - 5. The method of claim 4, including transmitting to said backup task the stored message transmitted from said one task to said second task prior to performance of said persistent operation if it has been processed by said second task.
  - 6. The method of claim 5, including said backup task providing a count of the number of messages transmitted by said one task.
  - 7. The method of claim 6, wherein during processing by said backup task said count is used to determine when a message is to be transmitted by said backup task.
  - 8. The method of claim 5, wherein said count is used by said backup task during replay to determine when the corresponding external event is to be delivered.
  - 9. The method of claim 1, wherein said one task has a plurality of states and wherein said method includes performing a checkpointing operation between said one task and said backup task after at least a plurality of messages have been transmitted to said one task, said checkpointing operation including storing checkpointing data corresponding to the state of said one task at the time of said performing, and transmitting said checkpointing data to said backup task at a time which is no later than required by the transmitting of processed messages to said backup task, said checkpointing data causing said backup task to be brought to the state of said one task at the time of checkpointing.
  - 10. The method of claim 9, wherein said checkpointing data includes a count of the number of messages processed by said one task since its start or last checkpointing, and wherein said backup task uses said count for discarding a corresponding number of said messages sent thereto.
  - 18. The method of claim 1, 2, 11 or 12, wherein said primary tasks sequentially process messages transmitted thereto, wherein said storing of transmitted messages is in a queue which stores transmitted messages in the order of their transmission, wherein external event data is stored in said queue in occurrence order, wherein said queue also stores a checkpointing indication at a position indicative of the time of performance of said checkpointing operation, wherein the performance of a persistent action is indicated in said queue by storing a persistent action indication in said queue based on its occurrence with respect to the most recently processed message, and wherein said particular messages and external event data are transmitted to said backup tasks prior to the performance of said persistent action if earlier in said queue than said persistent action indication, and wherein said checkpointing data is also transmitted to the respective backup if earlier than the position of said persistent action indication.
  - 19. The method of claim 1, 2, 11 or 12, wherein said predetermined primary task event is a memory access operation.
  - 20. The method of claim 1, 2, 11 or 12, wherein said predetermined primary task event occurs a plurality of times during performance of said primary task, and wherein said external event data includes for each external event a count related to the number of times said predetermined primary event occurred from a reference point prior to occurrence of the external event.

11. In a fault tolerant computer system including a data processor providing a plurality of primary tasks, at least one of said primary tasks performing a persistent action, and wherein each primary task is subject to receiving one or more external signals whose time of occurrence may affect the performance of its respective task, a method comprising:
- providing a corresponding plurality of interconnected backup tasks external to said data processor for backing up said plurality of primary tasks;
  
  transmitting messages between said primary tasks for processing thereby;
  
  storing the transmitted messages;
  
  also storing external event data indicative of each external event type and its occurrence relationship to a predetermined primary task event;
  
  each primary task processing the messages transmitted thereto;
  
  transmitting at least particular ones of the stored messages to said backup tasks subsequently to said storing messages in a manner such that there is transmitted to said backup tasks, prior to the performance of a persistent action, at least those messages required for said backup tasks to recover from a failure of said data processor;
  
  also transmitting said external event data and said occurrence relationship to respective backup tasks prior to performance of said persistent action;
  
  said primary tasks continuing to process messages transmitted thereto so long as the aforementioned transmitting of messages and external event data to said backup tasks is met; and
  
  recovering from said failure by causing said backup tasks to process the messages and external event data transmitted thereto, each occurrence relationship being used during said recovering to determine when its respective external event is to occur, whereby proper recovery is achieved.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 21, 22, 23, 24)
- - 12. The method of claim 11, wherein said particular messages are chosen such that said backup tasks and other parts of said system will agree on a particular state of each primary task prior to said failure which need not be the actual state thereof at the time of failure.
  - 13. The method of claim 12, wherein said primary tasks sequentially process messages transmitted thereto, and wherein said those messages comprise at least the most recently processed message and all earlier messages transmitted by said primary tasks.
  - 14. The method of claim 13, wherein said primary tasks sequentially process messages transmitted thereto, wherein said storing of transmitted messages is in a queue which stores transmitted messages in the order of their transmission, wherein external event data is stored in said queue in occurrence order, wherein the performance of a persistent action is indicated in said queue by storing a persistent action indication no earlier than that of the most recently processed message, and wherein said particular messages and external event data are transmitted to said backup tasks prior to the performance of said persistent action based on said persistent action indication in said queue.
  - 15. The method of claim 12, wherein said recovering includes causing said backup tasks to process the messages and external event data transmitted thereto in a manner which will result in each backup task arriving at its respective particular state.
  - 16. The method of claim 12, including performing a checkpointing operation between a primary task and its respective backup task after at least a plurality of messages have been transmitted to said primary task, said checkpointing operation including storing checkpointing data corresponding to the state of the primary task, and transmitting said checkpointing data to the respective backup task subsequently to said storing and at a time no later than required for said backup tasks to recover from failure of said data processor using the messages transmitted thereto from their respective primary tasks, said checkpointing data causing the backup task to which it is transmitted to be brought to the same state as its respective primary task at the time of checkpointing.
  - 17. The method of claim 16, wherein said checkpointing data includes a count of the number of messages processed by the primary task since its start or last checkpointing, and wherein the respective backup task uses said count for discarding a corresponding number of messages.
  - 21. The method of claim 11, wherein said particular messages and said external event data are transmitted to said backup tasks such that each backup task receives each message of said particular messages which was transmitted to its respective primary task and also receives external event data corresponding to each external event occurring for its respective primary task.
  - 22. The method of claim 21, wherein said particular messages are transmitted to said backup tasks such that each backup task also receives each message of said particular messages which was transmitted by its respective primary task.
  - 23. The method of claim 22, including each backup task providing a count of the number of messages received which were transmitted by its respective primary task.
  - 24. The method of claim 23, wherein each backup processor uses said count during said recovering to determine when a message is to be transmitted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Gleeson, Barry J.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Decady, Albert

Application Number

US07/824,134
Time in Patent Office

1,021 Days
Field of Search

371/9.1, 371/12, 371/68.3, 371/8.1, 371/11.1, 395/575, 364/285.2, 364/285.3
US Class Current

714/10
CPC Class Codes

G06F 11/1658   Data re-synchronization of ...

G06F 11/2028   eliminating a faulty proces...

G06F 11/2041   with more than one idle spa...

G06F 2201/86   Event-based monitoring

Fault tolerant computer system with provision for handling external events

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Fault tolerant computer system with provision for handling external events

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links