The present invention relates generally to programmed digital signal processing systems, and more particularly, to a system for detecting a fault in the program execution of the processing system.
Program execution fault monitors, commonly referred to as "deadman" switches, are commonly used in programmed digital signal processing systems to detect a fault in the execution of a program. As shown in the simple block diagram schematic of FIG. 1, the processing system, in executing its program, generates a trigger signal 12 which is monitored by the fault monitor 14. As long as the trigger signal 12 is timely generated, the fault monitor 14 assumes the program execution is performed as desired. However, lack of generation of the trigger signal 12 causes the fault monitor 14 to generate a fault signal 16 which is indicative of a faulty condition in the execution of the program by the processing system 10.
Conventionally, the fault monitor 14 may include a capacitor which is, for example, repeatedly discharged by the generation of the trigger signal 12 at times corresponding to the execution of a program portion of the processing system's program and allowed to charge when that program portion is not being executed. Should the program portion which generates the trigger signal 12 fail to be executed in a timely manner, the capacitor will become charged above a predetermined level thus rendering a fault indication. Other types of fault monitors may include a relay, for example, which remains energized as a result of the timely generation of trigger signals 12 and becomes deenergized upon lack of trigger signal generation, indicating a faulty condition in the program execution.
More sophisticated fault monitoring systems may include circuitry to generate a reset signal 18 each time a faulty condition is manifested. This reset signal may emulate a trigger signal to suspend the fault signal generation and concurrently, reset the program execution to an initial state. Accordingly, the sequential generation of the fault signal and reset signal will cycle continuously if the lack of trigger signal generation is sustained.
Moreover, present programmed digital signal processing systems normally include program portions which may be either periodically executed or conditionally executed. The functional flow chart of FIG. 2 illustrates a program for a processing system including a main program and an interrupt program which is executed upon receiving an interrupt signal. The main program portion may be executed periodically. Referring to FIG. 2, the block 20 depicts the execution of the instructions in the main program portion and the flow line 22 depicts a periodic execution thereof. Concurrently with the execution of the main program portion 20, the processing system may include a functional decisional loop, depicted by the decisional block 24, waiting for either a hardware or a software interrupt. When an interrupt signal occurs, the execution of the main program is suspended and the interrupt program portion depicted by the block 26 is executed. Thereafter, the execution of the main program portion 20 is continued by executing the next instruction thereof.
A problem arises in determining where to insert the instructions for generating the trigger signal. If the trigger signal generation is conducted by the interrupt program portion 26, it will only indicate proper execution thereof, i.e., keep the fault monitor from generating a fault signal. Therefore, a "hang-up" in the execution of the main program portion 20 will not be monitored by the fault monitor 14. Similarly, if the trigger signal generation is conducted by the main program portion 20, then a problem with execution of the interrupt program portion 26 will not be observed by the fault monitor 14.
The present invention proposes to overcome the aforementioned drawbacks and provide additional features to ensure the viability of the program execution fault monitoring operation of the programmed digital processing system.