The present invention relates to a safety critical processor and processing method for a data processing system.
A safety critical environment is one in which a computer software activity (process, functions, etc.) whose errors, such as inadvertent or unauthorized occurrences, failure to occur when required, erroneous values, or undetected hardware failures can result in a potential hazard, or loss of predictability of system outcome. A safety critical environment is necessary for safety critical computer software components wherein an inadvertent action might be directly responsible for death, injury, occupational illness, or significant operation, or where the results of a computer action would be relied on for decisions which might cause death, injury, or a significant action. A safety critical environment is a common set of standards or understandings and is addressed in military specifications, such as MIL-STD-882B, which acts in concert with software which is developed under DOD-STD-2167 and DOD-STD-2168. Additionally, the ability to review and audit the operations of a computer program, after completion of its execution, to insure compliance, becomes a part of the safety critical environment.
In U.S. Pat. No. 5,339,261, a system is disclosed for providing a safety critical environment in a data processing system which is normally not capable of providing a safety critical environment and which operates with an industry standard operating system for a personal computer. In that system, an intermediate operating shell is superimposed on a standard personal computer operating system, such as DOS, the System 7 operating system for the Macintosh, Windows, OS/2, etc., and the function of the intermediate shell is to emulate a safety critical environment for a personal computer which is normally not a safety critical system. The shell monitors the performance integrity of the system as a safety critical instrument and interacts with the operating system to watch all system functions for safety critical performance deviations and either corrects them in real time or stops the system from proceeding. The shell also has the function of interacting with application software so that the application software does not have to interact with the normal operating system. The disclosure of U.S. Pat. No. 5,339,261 is hereby incorporated by reference.
Whereas the system described in the aforementioned Patent is capable of carrying out the safety critical monitoring functions using the standard computer hardware available in a personal computer, it does so at a potential cost of processing speed.