In environments where the resources computing time, communication bandwidth and memory are scarce, and where in addition, writing to persistent memory is much more expensive than writing to temporary memory, and where finally no assumptions about the integrity of the communications infrastructure can be made, new problems appear. The initial setting where these assumptions hold true, are smartcards that are to be updated after they have been issued to the customer.
A transition from one consistent memory system state to another may involve updates of several memory cells of persistent memory. These updates should be performed atomically, that means either all memory cells are updated or none of them. The atomicity of several memory updates is supported by the so called “transaction model” in which the system can designate the beginning of an atomic set of updates by issuing the begin-of-transaction command. This command may be given explicitly or even implicitly, i.e. be contained in the atomic set command itself. For instance primitive commands, like the data types “byte” and “short” have to be atomically updated and their mere appearance may already serve as begin-of-transaction command. After this point, each persistent memory cell is updated only conditionally by a transaction support system. That means that a memory cell appears to be updated and reading that memory cell returns its latest conditional value, but the update is not yet committed, i.e. guaranteed to remain as such visible in a subsequent start of the system. To commit all performed updates, the transaction-commit command is used. When this operation returns, all updates are guaranteed to be written to the persistent memory. If power is lost or some other system failure occurs prior to the completion of the transaction-commit operation, all conditional updates are discarded.
The implementation of the transaction model is generally based on maintaining a transaction buffer, part of which is in the persistent memory. There are two different modes of operation of the transaction support system. The one is to maintain in the transaction buffer information allowing restoration of the original state of the memory cells updated in a transaction. Before updating a memory cell in a transaction for the first time, the transaction support system stores in the transaction buffer the address of the memory cell and the previous data value of that memory cell. This information allows to roll-back to that old value in case of failure. If power is lost during a transaction, the data stored in the transaction buffer is used to recreate the old system state when power supply is established again.
An alternative approach is to write to the transaction buffer the conditional values of updated memory cells and their address/location instead of the old values. The memory cells themselves keep their old values. When a value is read, the transaction support system first inspects the transaction buffer; if a conditional value of the selected memory cell is in the transaction buffer, this value is returned. If this technique is used, no action is required in case of failure since the persistent system memory is unchanged before the transactions commits. The transaction-commit operation writes the values stored in the transaction buffer to their destinations.
Memory systems such as smart cards may be equipped with different types of persistent read/write memory, some of which (such as EEPROM) exhibit the behavior of so-called “weak cells”. These weak cells are created when, during writing the memory cells, the smart card is removed from the smart card reader and therefore cannot fully complete the write operation before being cut off from its power supply. In the following, this is called a “weak write”. After reboot, the weak memory cell then may not only return any value but even different values at different times, e.g., if read more than once. This may seriously harm the functionality of the smart card.
In a resource-constrained environment, such as a smartcard, the reliability and lifetime of the transaction buffer is an important parameter. Especially here, the goal of the transaction support system is to make most effective use of the transaction buffer thus allowing transactions performing higher number of updates to be executed within one transaction. Writing persistent memory is time-consuming compared to reading and influences the lifetime of the persistent memory. Another goal is hence to reduce the number of expensive write-operations to persistent storage needed for transaction support.
It is an object of the invention to provide improved solutions for transactional writing of data values into persistent memories.
It is a further object of the invention to provide improved solutions for transactional writing of data values into persistent memories that can reduce the adverse effect of weak writes.