1. Field of the Invention
The present invention relates to a computer system having non-volatile memory for storing sequences of instructions for execution by a processor in the computer system, and more particularly to fault-tolerance techniques for in-circuit programming to update and modify sequences of instructions stored in non-volatile memory.
2. Related Art
Integrated circuit microcontrollers have been developed which include arrays of non-volatile memory on an integrated circuit for storing sequences of instructions to be executed by a microcontroller. The sequences of instructions are stored in read-only memory (ROM), which must be programmed during manufacture of a device, and cannot be updated. The sequences of instructions can also be stored in an EPROM array. However, this approach requires special hardware to program the EPROM array before the device is placed in a circuit. In yet other systems, EEPROM memory is used for storing instructions. EEPROM has the advantage that it can be programmed much more quickly than EPROM, and can be modified on the fly. In yet another approach, flash memory is used to store instructions. This allows for higher density and higher speed reprogramming of the non-volatile memory. When a device combines a reprogrammable non-volatile memory, such as EEPROM or a flash memory, with a microcontroller, the device can be reprogrammed while it is in a circuit, allowing for in-circuit programming based on interactive algorithms.
The ability to interactively download instruction and data to a remote device can be very valuable in a network environment. For example, a company can service a customer's equipment without requiring the customer to bring the equipment to a service center. Rather, the company can execute diagnostic functions using the in-circuit programming capability of the customer's equipment across a communication channel such as the Internet or telephone lines. In this way, software fixes can be downloaded to a customer's equipment, and the equipment can be reenabled with corrected or updated code.
Reliability can become a problem during in-circuit programming. The in-circuit programming process can take up to ten minutes, during which time there may be data transmission errors or recording errors. These errors can be especially troubling if the code which performs the communication with the outside world (handshaking code) is itself modified during the in-circuit programming process. If this code gets corrupted, the in-circuit programming module may be left without any way of resetting itself or communicating with the outside world.
What is needed is a method for providing fault-tolerance during in-circuit programming which can recover from an error during the in-circuit programming process, even if the code used by the in-circuit programming process to communicate with the outside world is improperly programmed.