1. Field of the Invention
This invention relates generally to software fault recovery and, more particularly, to a method for recovering from a stack-overflow and stack-underflow fault in a software system which restores corrupted memory regions, terminates the faulty or corrupted task, and estimates the output and next state of the faulty or corrupted task.
2. Discussion of the Related Art
Modern vehicles feature automatic systems which control many aspects of the vehicles' performance. These systems use software which is becoming increasingly sophisticated and complex, with some vehicles containing systems which include tens of millions of lines of code. Given the complexity of the software, the short time for an automotive manufacturer to bring a vehicle to market, and the wide range of conditions in which a vehicle can be operated, there are bound to be occasional faults experienced by the software.
A common type of fault is the stack-overflow or stack-underflow (collectively, “stack-overflow/underflow” or “stack corruption”) fault. In a stack-overflow/underflow fault, a program attempts to write data to a portion of a memory stack outside the prescribed range—either above the origin of the stack (underflow) or beyond the maximum extent of the stack (overflow). Stack-overflow/underflow faults usually result in a corruption of some system data and/or some portion of stack memory. Although detection techniques for stack-overflow/underflow faults are well known, recovery techniques have been unsatisfactory. In typical software systems, the response to a stack-overflow/underflow fault is to either restart all software programs or restart the processor hardware itself. Because many embedded automotive systems run in real time, they cannot afford to be inoperative for the relatively long time it takes for a hardware or software restart.
There is a need for a stack-overflow/underflow fault recovery technique which does not require a hardware or software restart, yet which is efficient enough in terms of memory and processor usage to be viable in the highly resource-constrained automotive environment.