The invention relates to the control of access to system resources in a computer system.
A problem that the present invention addresses is the control of access to resources in a computer system in the event of an error related to the resource to be accessed. The resource can be, for example, a memory location or a block of memory, a memory device, a peripheral device, etc. The error can be as a result of a failure of the resource itself, or a failure along the communication path from the processor to the resource or faulty programming of an application program or of an operating system. In the event of an error, a trap can be taken by the processor to process the fault. Where multiple accesses are attempted to the same resource, multiple traps will be taken. The result of this is that an increasing amount of processor time can be absorbed in processing the fault.
U.S. Pat. No. 5,627,965 describes a fault tolerant computer system including a central processor sub-system and a plurality of other subsystems, the subsystems being connected via a main data transfer bus. The central processor subsystem comprises three central processor modules. Each central processor module (or CPUset) includes a central processing unit (CPU) connected to a private bus, a first bus interface connecting the private bus to a shared bus, and a second bus interface connecting the shared bus to the main bus. The CPUsets are connected over respective private buses to a shared bus. Connected to the shared bus is a slot response memory. The slot response memory includes locations corresponding to respective slots for subsystems on the main bus. According to column 15 of U.S. Pat. No. 5,627,965, where a subsystem in a slot is functioning correctly, a location in the slot response memory corresponding to that slot will contain xe2x80x980xe2x80x99 data and the slot response register will not interfere with data transfers on the main bus. Where the subsystem in a slot becomes defective or absent from the system, then the location in the slot response memory corresponding to that slot is set to xe2x80x981xe2x80x99 and all subsequent attempts to access the defective or absent subsystem will result in artificial termination of the data transfer attempt.
PCT application PCT/US99/12605 is directed to a bridge for a fault tolerant computer system, which bridge connects I/O buses of first and second processing sets to a common I/O device bus. A resource control mechanism in the bridge provides an interface for exchanging signals with one or more resource slots of the device bus, each of the resource slots being capable of communicating with a system resource. The resource control mechanism in the bridge also includes a register associated with each system resource, the register having switchable indicia that indicate an operating state of the associated system resource. The control mechanism is operable in use to direct signals to and/or from respective system resources of the computer system.
The prior arrangements for resource access control as described above have required the provision of a specific system configuration to achieve this, and particularly in the context of a fault tolerant computing system. As a result, such resource access control arrangements are not generally applicable to more conventional computer systems.
An aim of the present invention is to provide an improved approach to resource access control that is applicable to many types of computer systems.
Particular and preferred aspects of the invention are set out in the accompanying independent and dependent claims. Combinations of features from the dependent claims may be combined with features of the independent claims as appropriate and not merely as explicitly set out in the claims.
In one aspect, the invention provides a resource access control mechanism for a computer system including at least one central processing unit. The resource access control mechanism includes an address translation mechanism for mapping a received address to a resource. A trap handler handles a trap in the event of a faulty resource access being detected. The trap handler is operable to instigate a diversion for subsequent access attempts to the resource. The address translation mechanism is responsive to instigation of a diversion by the trap handler to effect the diversion for subsequent attempts to access the resource.
In an embodiment of the invention, therefore, a trap handler, which can be arranged in a conventional manner to process an exception in the event of a first faulty access to a resource, can instigate a diversion in an address translation mechanism. In this manner, subsequent access attempts to the same resource will result in the access attempt being diverted to a valid (but different) resource. As the system will already be treating the resource as faulty, the fact that the access attempt goes to a resource other than that intended will not cause any further problems, but it will mean that the processor does not have to process another exception for a faulty resource access.
The diversion can be instigated by the trap handler identifying an alternative resource address to the address translation mechanism. The diversion can then be effected by the address translation mechanism replacing a resource address held in an address translation entry for the resource with the alternative resource address.
Alternatively, the trap handler can instigate the diversion by simply signaling the address translation mechanism to effect the diversion.
The address translation mechanism can then react in various ways.
For example, the address translation mechanism can be arranged to replace the usual address translation with an alternative one from some predefined register or memory address.
Alternatively, the address translation mechanism can be arranged to set a divert flag in a translation entry of the address translation. The address translation mechanism can then be arranged to respond to a received address relating to an address translation entry having a divert flag that is set to use an alternative address to that held in the address translation entry (e.g., in some register or memory address). As a further alternative, the address translation mechanism can be arranged to respond to a received address relating to an address translation entry having a divert flag that is set to modify an address held in the address translation entry.
If desired, the diversion can be arranged to direct subsequent accesses to a fake response generator operable to generate a faked response to the resource access.
Alternatively, the diversion could point to a predefined memory portion (either directly or indirectly) whereby a response can be provided from a conventional memory controller.
The address translation mechanism can include a translation look-aside buffer, and can form part of a memory management unit. The resource concerned could be one or more of at least one memory location, a peripheral device, or a subsystem.
Another aspect of the invention provides a computer system comprising at least one processor that includes at least one central processing unit, memory, at least one peripheral device and a resource access control mechanism as set out above.
The computer system can be operable to identify an initial faulty access to a resource. It can be further operable in response to the initial indication of a faulty resource access to cause the resource access controller to set a fake response indication for a corresponding translation entry for said faulty resource access.
A further aspect of the invention provides a method of managing processor access to resources in a computer system. The method includes:
handling a trap in the event of an initial faulty access attempt to a resource being detected;
defining a diversion for subsequent access attempts to the same resource; and diverting subsequent access attempts to the resource diversion.
The invention also provides a computer program forming a trap handler for a computer system as set out above. The computer program comprises computer code operable to respond to faulty resource access by processing an exception and instigating a diversion in an address translation mechanism for subsequent access attempts to the resource.
The computer program can be in the form of program code carried by a carrier medium. The carrier medium could be a storage medium or a transmission medium, for example.
An embodiment of the invention can find applicability to computing systems including one or more processors, whether the computing systems are designed specifically to be fault tolerant or whether the computing systems are designed for more general use.