This invention relates to a data assurance processing system for handling passed-through information. It makes fault tolerant a computer system whose back-up process takes tasks over continually from an actual process at failure by passing through information stored in a shared memory (such as a non-volatile shared memory) from the actual process to the back-up process.
An effective way of making a computer system fault tolerant is to have two controlling processes: one for a normal operation, and the other as a back-up for continuing a controlling operation in the event of a failure of the controlling process for the normal operation.
The former controlling process is called an actual process and the latter is called a back-up process.
In case of a fault, various resource information must be passed through to switch a process from the actual process to the back-up process. A system of passing through the resource information at high speed and with surety is sought.
The resource information can be effectively passed from the actual process to the back-up process through a non-volatile shared memory such as a semiconductor external memory device, commonly accessible by the two processes.
Two methods can be considered for passing resource information through a non-volatile shared memory.
One is to pass the resource information in a batch at a crash time of the actual process.
The other is to pass the resource information sequentially when the actual process is operating.
It is possible to speed up the switching by a certain degree by passing resource information from the actual process to the back-up process through the non-volatile shared memory. However, the switching performance is affected as the volume of the resource information becomes larger.
As discussed before, the back-up process 32 must take over a dynamically changing operating environment handled by the actual process 31, when the actual process 31 is caused to fail by faults.
If the information for carrying over the operating environment is set to be passed in a batch at a crash time of the actual process 31, the performance of switching from the actual process 31 to the back-up process 32 deteriorates, because it takes time to set the operating environment based on the passed-through information.
In short, the first method, in which the resource information is passed through in a batch at the crash time of the actual process, has a problem of switching performance deterioration. This is because it takes time to transmit and set all resource information at the crash time.
The second method, in which the resource information such as the operating environment is passed through sequentially when the actual process 31 is operating, is as shown in FIG. 1.
When the operating environment for controlling the network resources is built in advance, certain conditions must be met if the second method is adopted, where the actual process 31 writes the changed operating environment information in non-volatile shared memory 30 and the back-up process 32 is notified at a certain time interval or when the volume of changed information reaches a predetermined value. Those conditions are as follows.
(1) There is no deterioration in the performance (processing step) compared with the operation of the actual process 31. That is, the actual process 31 is unaffected by the intermittent advance building of the operating environment in the back-up process 32.
(2) The same data at the same time are assured for the back-up process 32 as for the actual process 31.
The second prior art method cannot yet meet the above two conditions simultaneously, since an area of non-volatile shared memory 30 is used only as a single structure. For instance, data integrity cannot always be guaranteed when the back-up process 32 simultaneously reads the portion being written by the actual process 31. If an exclusive control such as a lock control is made to counter this, the processing of the actual process 31 can be kept waiting, and a problem of slow response may arise in an ordinary operation.