The present invention relates to an exclusive control method for a computer system, more particularly, a method of giving the right to one single task for exclusively using one of shared resources which are shared by a number of tasks (or processes), and to a computer system employing the exclusive control method.
In a variety of application apparatuses having embedded microcomputers, a real time multitask system is used for processing a number of tasks. In such multitask system, in the case where plural tasks use one resource (shared resource such as a hard disk drive), state of the resource (storing contents when the resource is a hard disk drive) is destroyed by accessing from plural tasks without control. It is thus necessary for the multitask system to exclusively control over the access of the plural tasks to one resource, more specifically, to give a right to one of the plural tasks for exclusively using the resource at one time.
A conventional multitask system includes an exclusive control module termed "semaphore" for carrying out the foregoing exclusive control. The term, semaphore, stands for a railroad device which sends signals using its arms. The semaphore used in a computer system remains held in its reset state by an Operating System (OS) when the resource is used by none of the tasks. When one of the task intends to access the resource, it has to receive a right of exclusive use from the OS and the semaphore is turned to the set state.
While the semaphore for a particular resource is set, the access of the other tasks to the resource is inhibited by the OS.
The conventional exclusive control method for a computer system using the semaphore is now explained referring to the schematic diagram of FIG. 1. The example is designed in that when a task A intends to access a resource X, a P operation (for obtaining the semaphore; a V operation for returning) has to be carried out to a semaphore S corresponding to the resource X.
FIG. 1 illustrates steps of allowing the task A to reach an access function for the resource X, operating the P operation for the semaphore S, and carrying out the access to the resource X. It is now assumed that while the task A is turned to sleeping by any reason such as standby for the accessing resource during the access of the task A to the resource X, a task B runs and reaches the access function for the resource X. The task B then starts operating the P operation for the semaphore S. However, since the semaphore S has been already obtained by the task A (P operation), the task B is turned to sleeping with the P operation for the semaphore S till the semaphore S is returned by the task A (V operation).
These steps conform a procedure incorporating the conventional exclusive control method for a computer system with the semaphore. It should be understood that when the semaphore S is returned by the task A (V operation), it allows the task B to carry out to obtain the semaphore S (P operation) for access to the resource X.
The steps are explained with an existing computer system in more detail. For example, the conventional exclusive control method is executed in the computer system which has an arrangement shown in the block diagram of FIG. 2.
As shown in FIG. 2, the computer system comprises substantially a CPU 11, a main memory (RAM) 12, a hard disk drive (HDD) 13, a camera 14, a microphone 15, and a direct main memory access controller (DMAC) 16, etc. connected to each other by a bus 10. The bus 10 is connected to the camera 14 via a video buffer 140 for buffering video data, the microphone 15 via an audio buffer 150 for buffering audio data, and the HDD 13 via a hard disk (HD) controller 130 for controlling the HDD 13. The HDD 13 is accessed by the DMAC 16 (for writing and reading data).
It is assumed that the access to the HDD 13 in the computer system is carried out by a plurality of tasks (A, B, and so on). The task A carries out processing for writing a video data produced and taken by the camera 14 into the HDD 13, and the task B carries out processing for writing an audio data produced and taken by the microphone 15 into the HDD 13, according to a multitask processing. The other tasks than the two tasks A and B such as a task for accessing the video buffer 140 coupled to the camera 14 and a task for accessing the audio buffer 150 coupled to the microphone 15 are included. Since the resources such as the HDD 13, the camera 14, and the microphone 15 are accessed by two or more tasks including the tasks A and B, the exclusive control using the semaphore has to be conducted.
FIG. 3 is a flow chart showing a procedure of the task A in which the audio data taken by the camera 14 is transferred to the main memory 12 and written into the HDD 13 using the DMAC 16.
The task A remains in its sleeping state until the video buffer 140 is fully written with the video data from the camera 14 (Step S11). When the video buffer 140 has fully been written, it enables an interrupt from the video buffer 140 and a wake up instruction is issued to the task A by the interrupt handler, thereby waking up the task A. As the task A is waken up, it performs the P operation for a semaphore X to exclusively control the video buffer 140 (Step S12) and obtains the right for accessing the video buffer 140.
As the task A has obtained the right for accessing the video buffer 140, the video data is transferred from the video buffer 140 to the main memory 12 (Step S13) and the V operation for the semaphore X is carried out to release the right by accessing the video buffer 140 by the task A (Step S14). It is then judged whether or not the main memory 12 has received one block (unit for transfer to the HDD 13) of the video data (Step S15). Until the main memory 12 is written with one block of the video data ("NO" at Step S15), the Step S11 through the Step S11 are repeated.
When it is judged that the main memory 12 has received one block of the video data ("YES" at Step S15), the task A performs the P operation for a semaphore Y to exclusively control the HDD 13 (Step S16), and obtains the right for accessing the HDD 13.
As the task A obtains the right for accessing the HDD 13, a DMA transfer for transferring the video data from the main memory 12 to the HDD 13 is set (Step S17). Then, the video data is transferred by the DMAC 16 from the main memory 12 to the HDD 13 while the task A remains at its sleeping state until the transfer is completed (Step S18). After the DMA transfer is finished, an interrupt for the task A is carried out to issue a wake up instruction to the task A by the interrupt handler, thereby waking up the task A. As the task A has been waken up, it starts the V operation for the semaphore Y (Step S19) and releases the right for the HDD 13. The procedure is then returned back to Step S11.
FIG. 4 shows a flow chart of procedure of the task B where the audio data taken by the microphone 15 is transferred to the main memory 12 and written into the HDD 13 using the DMAC 16.
The task B remains in its sleeping state until the audio buffer 150 is fully written with the audio data taken by the microphone 15 (Step S21). When the audio buffer 150 has fully been written, an interrupt from the audio duffer 150 is carried out to issue a wake up instruction to the task B by the interrupt handler, thereby waking up the task B. As the task B is waken up, it performs the P operation for a semaphore Z for exclusively controlling the audio buffer 150 (Step S22) and obtains the right for accessing the audio buffer 150.
As the task B has obtained the right for accessing the audio buffer 150, the audio data is transferred from the audio buffer 150 to the main memory 12 (Step S23) and the V operation for the semaphore Z is carried out to release the right of the accessing of the audio buffer 150 by the task B (Step S24). It is then judged whether or not the main memory 12 has received one block (unit for transfer to the HDD 13) of the audio data (Step S25). Until the main memory 12 is written with one block of the audio data ("NO" at Step S25), the Step S21 through the Step S24 are repeated.
When it is judged that the main memory 12 has received one block of the audio data ("YES" at Step S25), the task B performs the P operation for the semaphore Y to exclusively control the HDD 13 (Step S26), and obtains the right for accessing the HDD 13.
As the task B obtains the right for accessing the HDD 13, a DMA transfer for transferring the audio data from the main memory 12 to the HDD 13 is set (Step S27). Then, the audio data is transferred by the DMAC 16 from the main memory 12 to the HDD 13 while the task B remains at its sleeping state until the transfer is completed (Step S28). After the DMA transfer is finished, an interrupt for the task B is carried out to issue a wake up instruction to the task B by the interrupt handler, thereby waking up the task B. As the task B has been waken up, it starts the V operation for the semaphore Y (Step S29) and releases the right for accessing the HDD 13. The procedure is then returned back to Step S21.
In that manner, the video data taken from the camera 14 and the audio data taken from the microphone 15 are temporarily stored in their respective buffers and stored in the HDD 13 through multitask processing of the tasks A and B. However, when the task A is abnormally terminated during its execution by any reason, the following process will be different depending on whether it happens during the access to the video buffer 140 or the access to the HDD 13. When the task A is abnormally terminated during the access to the video buffer 140, resetting of the video buffer 140 is needed. When the task A is abnormally terminated during the access to the HDD 13, stopping the DMA transfer and resetting of the HD controller 130 are needed.
Similarly, when the task B is abnormally terminated during its execution by any reason, the following process will be different depending on whether it happens during the access to the audio buffer 150 or the access to the HDD 13. When the task B is abnormally terminated during the access to the audio buffer 150, the resetting of the audio buffer 150 is needed. When the task B is abnormally terminated during the access to the HDD 13, stopping the DMA transfer and resetting of the HD controller 130 are needed.
In addition, while one task obtains a semaphore (P operation) and is accessing the corresponding resource, the other tasks stay in their sleeping state as standing by for the returning of the semaphore (V operation). This causes the entire system to be maintained in an unfavorable condition.
A variety of modifications have been proposed for overcoming the foregoing problems. For example, a first method for inhibiting the termination of the task which has obtained semaphore (as depicted in VxWorks 5.0 Reference Manual 1-352 issued by Wind Rever System). The method may be advantageous in inhibiting the condition of standing by for returning of the semaphore but produce a counteraction due to no completion of the task which should be terminated finished. It is however unknown how the counteraction affects the entire system itself. In other words, any possible critical damage to the system will hardly be identified and avoided.
A second modification is proposed in which when the task obtaining a semaphore is abnormally terminated, the system or namely its OS forces the task to release the semaphore (as depicted in the same VxWorks 5.0 Reference Manual 1-352 issued by Wind Rever System). In this method, however, when the release of the semaphore is executed by not grasping the current status of the resource related to the semaphore, there is possibility to generate unexpected fault by releasing the semaphore.
A third modification is known using exception handlers. While a group of the exception handlers are defined to corresponding events which may cause the task to he abnormally terminated. Each exception handler is described so as to release the semaphore after clearing up the access for the resource by the task to be terminated with monitoring state of the resources (as depicted in .mu.ITRON 3.0 Standard Handhook, pp. 304 to 307).
However, according to the third method, it is necessary to identify the resource handled by the task when the task is abnormally terminated for carrying out a proper post-termination of operation. Also, the more the number of the resources to be processed by the task, the harder the resource which is processed by the task at the time of termination will he identified. For the purpose, an extra program may be needed for operating a flag for ease of the judgement. This makes the program of the task more intricate. The procedure for abnormal termination will also be less simplified. As the programs become bulky in size, their maintenance will be troublesome.
The third method may be less burdened from the above problems in case that the exception handler can accurately be described. It is however common that the exception handlers are roughly defined to their corresponding events, such as bus error and issue of forced termination, which may quite the task. This is not compatible with an elaborate operation for access of any of the multiple tasks to a definite one of the resources. In the third method depicted in .mu.ITRON 3.0 Standard Handbook, one exception handler is defined to one definite event throughout the system.
It is also possible with another OS that one exception handler is defined to one cause for each task. For accurately describing the exception handler, such the situation shown in FIG. 1 has to be also defined by the exception handler. More specifically, a system is feasible in that the exception handlers are defined to more detailed events; e.g. the task A is abnormally terminated when it reaches a particular location in the operation function for the resource X. In practice, realizing the system to which exception handlers for such detailed events are registered is too complex to practically use. It is hence accepted to use the exception handlers defined to major events provided by the conventional OS.
As explained above, the conventional methods fail to release the semaphores definitely and safely with the use of appropriate exception handler.