1. Field of the Invention
The invention relates chiefly to memory cards and especially to cards comprising both a non-volatile electrically programmable memory (EPROM or EEPROM) and a microprocessor to manage the information elements contained in the memory. However, the invention can be applied more generally to any system for the non-volatile storage of data elements.
The invention will be explained first of all with reference to memory cards and this will be followed by an explanation of the consequences that can be drawn therefrom more generally for other systems of memory management.
By its nature, the memory card should be capable of fulfilling its operational function under possibly harsh conditions. Certain components contain devices that enable the detection of the physical pressures and stresses to which the chip in the card is subjected. However, no means have been found until now to protect the card completely if it is pulled out of the reader during an operation for writing information elements in the card.
2. Description of the Prior Art
One way of obtaining this protection is to resume the interrupted operation when the voltage is turned on again. This implies, firstly, the ability to detect the fact that the card has been pulled out and, secondly, the ability to reconstitute the information elements that have not been written because the card was pulled out.
The systems that enable this to be done are based on a principle of protection of the critical sections of the writing sequences. The sequencing of a writing operation is controlled by the microprocessor, and certain steps of the program carried out by the microprocessor are considered to be critical steps. At each entry into a critical section, this entry is reported by positioning a "logic lock" in a determined logic state. The lock is a non-volatile memory element whose high or low state defines a locked or unlocked state. At the exit from the critical section of the program, the lock is put back into its unlocked initial state. It is the reading of this lock, which is physically fixed when the memory ceases to be supplied with power, that makes it possible, when the card is powered again, to know that the writing has been abnormally interrupted (for example because the card had been pulled out) precisely at a time when the critical section of the program was being carried out.
If it is desired to proceed in this way, then the writing of an information element INF at an address A of the memory can take place in two phases:
the information element INF and the address A are written in a zone Z of the non-volatile memory; the zone Z keeps these data elements temporarily; PA1 the information element INF is written definitively at the address A. PA1 first of all to propose a solution for reducing the risks related to the intensive use of a temporary memory zone for memory cards in which the card operating system provides for a two-step writing operation with a critical section and a lock; PA1 but, more generally, also to increase the possibilities of management of the non-volatile memories, whether or not it is for memory cards. PA1 it comprises a two-phase operation of writing in the memory, the first phase comprising a storage, in a non-volatile memory, of a back-up information element (I) and the storage, in a non-volatile memory, of a locking information element indicating that the first phase has been carried out, and the second phase comprising the definitive writing of the information element (INF), and then the erasure of the locking information element, PA1 the back-up information element (I) is stored, during the first phase, at a variable location in the non-volatile memory, this location being defined by the operating system as a function of the blocks available in the memory at the time of this storage.
The second step is considered to be a critical section: the lock is therefore placed in the "locked" state at the start of this step, and then it is unlocked at the end of the step if the entire procedure has been carried out properly.
If the procedure has been carried out properly, the contents of the zone Z are released, and the zone Z will be used again in a subsequent writing operation.
If the card has been pulled out during the critical section, then the lock is in the locked state when the card is again under power. The initialization procedure provides for an obligatory examination of the state of the lock. If it is in the locked state, the conclusion drawn therefrom is that the second step has to be carried out again. This is possible since the information INF and the address A have been kept in the non-volatile memory in the zone Z.
The frequency of use of the card can be very great. There is then a risk of intensive use of the temporary saving zone Z. The memory element that is used as a lock is also used intensively. For the EEPROM memories especially, intensive use may lead to the deterioration of the reliability of the stored information. To reduce this risk, two zones Z1 and Z2 may be used alternately. However, the lock is still constituted by the same memory element and gets used many times.
The aims of the invention are:
Indeed, the idea that has been developed, according to the invention, to achieve the first aim has consequences that are far more broad-ranging.
According to a first aspect, it is provided in the invention that the information saved in order to carry out a critical section will be placed at a variable position in the memory, defined by the operating system as a function of the spaces that are unoccupied or vacant when this saving is done. The location at which the saved information is stored will therefore not always be the same zone Z; it will be a random zone of the non-volatile memory.
According to a second aspect, it is provided in the invention that the lock will be placed at a variable position in the memory, defined by the operating system as a function of the spaces available when the critical section is being carried out. It will be noted that this idea is particularly unexpected: indeed, the procedure of turning the voltage on again provides for verifying the existence of a lock, which is clearly more difficult if the lock is not always at the same place and especially if its location in the memory is not known.
According to a third aspect, it is provided in the invention that the operating system of the non-volatile memory will work with a table for the allocation of available memory blocks, and with two different allocation strategies: a normal strategy and an emergency strategy for certain information elements (in the case of the saving of information elements for the performance of a critical section, it is these information elements that will be stored according to the emergency strategy), the difference between the two strategies being such that an exploration of the allocation table makes it possible to rediscover the location of an information element that has been stored according to the emergency strategy.
It can be seen that, on this third point, the invention can generally be applied to any system for the management of a non-volatile memory. Indeed, in usual operating systems (especially for the mass storage units of computers), there is generally only one strategy designed for the allocation of available blocks. This is, for example, a strategy of searching for an available space that has a sufficient size and of writing the information elements starting from the first block of this space.
The emergency strategy may consist, according to the invention, in allocating a space that begins at the second unoccupied block following an occupied block (the latter preferably being the last occupied block of the table), consequently leaving one unoccupied block between two groups of occupied blocks.
The locating of this isolated, unoccupied block will indicate that the information stored in the following blocks has been stored according to the emergency strategy. It will therefore generally give an indication of the nature of the information stored.