Consider the problem of installing updated firmware (i.e., the latest revision) in an embedded control system. Such a control system might, for example, implement the hardware command set of a computer peripheral, such as a back-up tape drive. One such control system is of interest herein; it executes on a commercial micro-controller and occupies 16 Kbytes of address space.
The obvious act of simply replacing a ROM with one having code of a later vintage (or of replacing an entire set of ROM's with another set) may not be the best solution in many circumstances. Sockets are expensive, and are often the source of reliability problems. The removal of through-hole ROM's that have been soldered into place can be time consuming and difficult. If surface mount packaging is in use then specialized equipment is needed to replace the parts. And even with an experienced person doing the desoldering, there is always the chance that the whole board could be ruined accidentally. If actual foundry programmed-at-the-mask-level ROM's are used there is the issue of the lead time required to obtain the newer version of the parts. Finally, there is the cost of inventory. A replacement version put into service may need to be distributed to various locations. This increases the number of unused parts rendered obsolete when a revision is necessary, as well as consuming extra new parts used to "fill the pipeline". This issue of waste can be addressed by using PROM's that are "zapped" only as needed, but that does not, by itself, solve the problem of mechanical replacement.
These disadvantages may be avoided by using a PROM that has two (or some other integer number) times the addresses space required for storing the code that is the control system. For our purposes the term "address space required" is always the actual space used rounded up to the next integer power of 2. For example, a system that actually only uses 12K is treated as if it were 16K, so that the larger address spaces of interest are 32K, 64K, and so on. The multiples of the actual 12K are inconvenient, since their boundaries do not coincide with the addressing effects of additional most significant bits of addressing. For convenience, we shall designate each instance of the required address space with the term "page". The natural sequence of individual pages in the total overall address space is denoted by page numbers 0, 1, 2, . . . .
In a preferred embodiment to be described herein page zero contains an initial version of the control system which is, or which at some future time may become, susceptible to replacement by a replacement version. The initial version will already have been loaded into page zero at some time in the past. Without removing the PROM from the board to which it is attached, the replacement version is permanently loaded (zapped) into page one, after which the initial version is ignored in favor of the replacement version. A second replacement version could be loaded at a still later time into page two, after which time the versions on pages zero and one would be ignored in favor of the version on page two.
This automatic page selection is accomplished by including in each version of the control system a short section of next-page-detection code and a get next page flag that cooperate with a small page selection circuit separate from the micro-controller which executes the code of the control system. Upon the application of power the page selection circuit selects page zero and the micro-controller begins execution of the initial version. The next-page-detection code is reached very early on, and upon discovery of the existence of a non-blank next page (as indicated by the get next page flag) sends an instruction to the page selection circuit to increment the selection mechanism. A reset for the micro-controller is also generated. The process begins again, as if this next page were itself the initial page. If no further pages have been loaded execution continues upon the present page, and the desired version of the control system is executed. If there is another page, however, the increment and reset process is repeated until the last non-blank page is found. The presence of a next page can be indicated in the present page itself by the programming of a reserved bit in the (old) present page called the GNP flag (Get Next Page flag). The GNP flag on page N-1 is programmed at the same time that the replacement page (page N) is programmed.