A hazard in communications and data processing systems used in transportation controls (or other applications where safety is important) is the inadvertent use of information that is no longer correct. The probability of this hazard coming to pass is relatively high in a computer or processor based system wherein data can be stored in read/write memories. The data management techniques disclosed herein ensure appropriate management of the contents of the data memory so that inappropriate data is destroyed.
Depending on the system, inappropriateness of retaining data can occur at various times. In some systems data is intended to be used once and once only, and thereafter discarded; accordingly, in this context memory must be managed so that once the data is read it is destroyed. In other environments or contexts, the data may be retained for predetermined periods, or periods fixed dependent upon other parameters and in those contexts, data only becomes inappropriate when the specific condition is fulfilled, and accordingly, the appropriate data management techniques ensure the destruction of data only when the condition has been fulfilled.
A typical memory variety is the so-called data stack, which can be conceived of as sequential data arrangement in which data may be extracted from a fixed location only, and to ensure that capability is present, when a piece of data is extracted, each remaining piece of data is moved one memory unit closer to the predetermined location. In this context, data becomes inappropriate for use after it has been extracted and thus, appropriate data management techniques require that in the course of shifting data up and back, memory areas from which data has been extracted are operated with to ensure that extracted data no longer remains.
A further problem which may be present in processor based systems is the necessity to provide for automatic restart capability for power or noise caused failures. The prior art has provided apparatus and techniques to accomplish this function. A problem can develop, however, in the response of associated equipment to such a restart. In the worst case, if the failure is permanent, the processor is cyclically restarted. This can be interpreted by auxiliary equipment as normal functioning if the cycle is short enough and unless positive steps are taken it would be foolish to merely assume the cycle is otherwise long enough to prevent this condition. If the system output governs or contributes to safety then it is essential that repetitive restarts of a processor be recognized as such and not mistaken for normal operation.