At present, the massive embedded systems have used the monolithic integrated circuit, and such application further expansion; But since many years the people have been the monolithic integrated circuit system’s reliable question puzzled. In some request redundant reliable control system, this often becomes limits its application the primary cause.
1 monolithic integrated circuit system’s failure analysis
A monolithic integrated circuit system’s reliability is its own software and hardware with its location working conditions combined action result, therefore system’s reliability should also analyze and the design from these two aspects. Own speaking of the system, can during guarantee system each function realizes, each kind of unwanted signal which appears to the system own movement process in and comes from directly in the system exterior unwanted signal carries on effective suppression, is the decision system reliable key. Has the flaw system often only to come up from logic guarantee system function realization, but possibly appears regarding the systems operation process in the latent question considers to be short, the measure which adopts is insufficient, in the unwanted signal raids truly time, the system possibly will fall into the difficult position. Any system’s reliability is relative, can the very good work system actually have the possibility under one kind of environment under another kind of environment is very unstable. This fully explains the environment to the system reliability service importance. While aims at the systems operation environment to design system’s, should take the measure improvement systems operation as far as possible the environment, reduces the environment disturbance, but such measure is quite often limited.
2 enhance the reliable measure
Enhances the monolithic integrated circuit system reliable method and the measure are many. Generally, should act according to the concrete reliable question which the system faces, in view of causes or the influence system unreliable factor takes the different processing measure. These measures embark generally from such two goals: First, reduces as far as possible causes the system unreliable or the influence system reliable extraneous factor; Second, sharpens the system own antijamming ability as far as possible and reduces own movement the instability. For example, to suppress the filter technique which, the isolation technology, the shield technology power source’s noise and the environment unwanted signal use and so on stems from the first goal; Moreover, the watch-dog electric circuit which, the software antijamming technology, the backup technology own uses in view of the system and so on stems from the measure which the second goal adopts. And the first kind of measure often uses, its use is simple moreover the effect to be also good, but it to the system reliable enhancement is limited, in many situations cannot satisfy system’s request. The second kind of measure’s use may the further enhance system’s reliability, often widely is used in the redundant reliable system design. Below makes the further analysis on second kind of technical use’s in some related questions.
2.1 use the surveillance timer technology to enhance system’s reliability
The surveillance timer (Watchdog) technology uses now widely, the technology has been maturer, this technology’s support method are also many. At present, various processors’ Manufacturer nearly is producing built-in has the watch-dog timer’s monolithic integrated circuit product, in the market also many independent watch-dog timer chip may supply the choice. Must realize such electric circuit to be already easier, therefore how here regarding did realize this technical general detail not to make the detailed elaboration, only used may the heavy human nature question which this technology caused carry on the analysis. After using the surveillance timer technology, once the procedure runs flies, the system will be monitored the timer to reposition immediately, from the beginning again initialize the system, thus withdrawal not normal running status, but will use like this time must pay attention to the system to be possible the heavy human nature. The so-called system may the heavy human nature be possible to define like this: When a microprocessor system after is repositioning the start, because the system foreign execution operation does not start changes, or this kind of change is can tolerate, thus guarantees the overall system foreign operation the continuity and the order, is also the system final security and the reliability. Regarding a system, if its foreign control operation only with system current input state related, then this system nearly has the complete re-entry performance; On the contrary, like a system foreign output operation not only with system current input related, moreover with system’s historical condition related, when then system re-entry system’s historical condition retention or the historical condition are destroyed, then this time system foreign operation possibly completely is wrong, although such system withdrew from not the normal running status under the watch-dog timer’s function, but the re-entry condition will not be normal, then such system also can only be the morbid state system, cannot use. Therefore, regarding used the watch-dog electric circuit to enhance the reliable system, must the strict guarantee system’s reenterability.
Regarding with the historical condition related system, to guarantee that its re-entry performance, may its historical condition preservation in system’s RAM, namely in the monolithic integrated circuit system’s memory or in its expansion exterior memory, opens uses in preserving specially the historical condition the buffer. In guaranteed the system power failure in situation, these historical data when system re-entry may reuse. If cannot guarantee system’s power source be stable, but must consider that uses the battery backup power supply, guaranteed that the RAM data the security is stable; Regarding the time is not the too sensitive system, but may also use E2PROM or Flash ROM preserves the historical data.
2.2 software antijamming technology
A system possible as a result to have each kind of disturbance and the stabilizing factor presents the operation troubles. In order to solve this problem, may take some measures from the procedure design aspect. What tradition is suppresses the software filter technique which, the software redundancy design system’s unwanted signal uses frequently is this kind of model application. According to the design experience, usually may also use the software to lock the design, the procedure trap design. This kind of method mainly aims at the situation which the procedure runs flies to use. When the system occurs when under unwanted signal’s function the procedure runs flies, the procedure indicator has the possibility to point at two regions: One kind of possibility happen to changes to the procedure area other addresses to carry on the execution, one kind of possibility shifts to the procedure space blind spot carries on the execution. The so-called blind spot, i.e. there has not deposited the effective program directive. Regarding the first kind of situation, may adopt the software to lock suppresses. For example for guarantee foreign operation security, in the software locks in the design, regarding each relatively independent block in its execution before or in the execution establishes the good password to one to carry on the verification in advance, only then, when this password match case carries out truely only then effective, also when the procedure is shifts through the normal shift way, only then by on first-level procedure will establish the correct password; Otherwise, will act according to verifies wrong causes the procedure to force to have the shift, the error status will obtain processing, and rerun routine normal operation condition. May look at a following example: The supposition has three blocks which the order carries out, when each block execution carries on the verification to its hypothesis’s password.
When procedure order execution, each block can obtain the effective correct execution. Now the supposition procedure as a result of disturbs occurs runs flies, jumped procedure SUB-PR03 from the SUB-PRO1 block processing place to start to carry out, then the cryptographic check could make a mistake in the execution, the procedure will shift to the error handler carries on processing, avoided carrying on the wrong operation.
The project approach trap’s goal, is mainly to prevent the procedure to run flies the procedure blind spot to carry on the execution. In the ordinary circumstances, uses the vacant method regarding procedure code space’s outside ROM space’s processing. When solidifies the procedure, these vacant spaces all are written are 1 or all write are O, such procedure will plunge into this region to be uncontrolled. In order to catch plunges into this area the procedure, may use the procedure trap to come to realize. Below explained through the example: The supposition some system program space is 32KB, after the program compiling, the paragenesis becomes 18 KB the codes, that but also some 14 KB procedure space has not been used, may lay aside the following trap routine in this region:
NOP instruction’s how many which includes with above segment redundant cover surplus procedure space trap routine’s in each section is influential regarding the capture success ratio and the capture time. The NOP instruction laying aside’s more capture’s success ratios are higher, but spends the time is longer, the procedure out of control time is also longer; Otherwise, the situation is opposite. Because only then the procedure skips to the NOP instruction or time the LJMP instruction first byte, can catch successfully; When the procedure jumps to the LJMP instruction latter two bytes, possibly will appear carries out the result unpredictable. Procedure which catches, if jumps to time the procedure section start execution, but must consider the procedure to be possible the heavy human nature.
2.3 use the backup system to enhance the reliability
The backup system has been widely used in many important control systems, but many, in the labor controls machine or in the large-scale system uses. The backup system may act according to the concrete situation to divide into the online backup systematic and the reserve backup system. Regarding the online backup system, in system’s two CPU is at the active status, has possibility two CPU to occupy the coordinated position, also possible to occupy advocates the CPU position, but another occupies from the CPU position. In the coordinated situation, two CPU decided together the system foreign operation, any CPU will make a mistake
Causes foreign operation prohibition. Regarding one main one from the situation, often is advocates CPU to be responsible for the systems control logic realization, but is responsible from CPU to advocates the CPU active status to carry on the monitoring. When monitors advocates the CPU work exceptionally, from CPU through forcefully repositions advocates operations and so on CPU to cause to advocate CPU to restore normally, simultaneously, to guarantee that works normally from CPU, also advocates from the CPU active status the CPU monitoring; When is not normal from the CPU active status, advocates CPU also to be possible to take the measure to cause from the CPU rehabilitation, namely realizes the goal which monitors mutually. In the concrete design, main carries on the exchange of information from CPU the way to be nimble diversely. For example, uses the public memory to realize the monitoring information exchange (for example to store public information pair of mouth RAM), uses the handshake signal the method to realize the monitoring information exchange and so on.
3 enhance the system reliable integrated design method
In a concrete system design, to enhance system’s stability and the reliability, often must synthesize uses many kinds of measures to achieve satisfaction the effect, this enhances the system reliable comprehensively way that must be taken. The system is different, its concrete controlled member possible different, the movement environment will be also infinitely varied, thus it will face the main disturbance question will be different, the measure which will adopt is also different; But only takes some measure to hope that enhances system’s reliability is frequently comprehensively not realistic, but must aim at the subject matter synthesis to take many measures to enhance the reliability jointly.
4 design examples
Below gives a design example, by further explained that enhances the system reliable design some commonly used methods.
In some communication satellite system, to reduce the system chirp, requests its pretage low noise amplifier (LNA) the operating temperature maintains constant (40℃); But this amplifier in field operation’s ambient temperature scope is 140 ~ 60℃, must therefore put in this amplifier specially made in the thermostat. This thermostat should have both can make the function which the heat and can refrigerate. The system uses the resistance wire heater hotly, the refrigeration uses the semiconductor refrigeration piece to realize. In order to prevent the thermostat to cause the temperature because of the controller malfunction out of control even to damage low noise amplifier, the destruction overall system’s normal work, thermostat’s design mainly used main enhanced system’s reliability from the double CPU system. But also except for this, used like power source measure syntheses and so on monitoring technology, watch-dog technology, software trap technology, electro-optical isolation technology to enhance system’s reliability. This system’s structure diagram as shown in Figure 1.
Advocates CPU to be responsible for in the heater, the refrigeration piece and the box outside the box the temperature examination, undertakes the main control task. Advocates CPU to choose at89S52 monolithic integrated circuit, the content watch-dog timer, takes the power source monitoring circuit in addition in chip MAX707; Besides may to advocate CPU to provide the reliable reset signal, but may also examine the power failure interrupt request signal, when power failure occurs the prompt preservation field data. The heating stick use exchanges the 220V power supply, the refrigeration piece uses the 15V cocurrent voltage-stabilized source power supply. In order to prevent the high voltage heavy current to the weak electricity part disturbance, advocates CPU
Produces the control signal delivers after the electro-optical isolation to the driving circuit, enhances system’s reliability.
Chooses AT89C2051 from CPU, the primary cognizance to advocates the CPU working condition monitoring and the power source power line voltage surveillance. When the power failure phenomenon occurs, in at89C2051 voltage comparator can examine this kind of change, and by reserve battery power supply, through 485 to control and monitor console report.
Main from the CPU monitoring is mutual. Main from CPU through them between I/O mouth line handshake, each other monitors opposite party active status, and takes the corresponding handling measure, the guarantee system foreign operation security. Since through the above measure’s implementation, system’s reliability has been splendid, turns oneself in into the movement continuously stable reliable, not unknown cause halts or the out of control phenomenon occurrence, explained the system design success fully. But acts according to the former experience, if does not use the above integrated design method, such system usually continuous running 1~2 weeks later very possibly has the question.
Conclusion
This article multianalysis monolithic integrated circuit system expired the reason, discussed enhanced the system reliable measure, and proposed enhanced the system reliable integrated design method. In the low noise amplifier radiator valve’s success application, indicated that this design method is effective, system’s reliability obtained the full safeguard.
