In data processing systems capable of simultaneously supporting more than one user, no user-accessible mechanism is provided for powering down the processor under program control. Thus, for example, in such main frame type processors as the Digital Equipment Corporation's PDP 11/70 and the International Business Machine's System 370, no power-down instruction is provided.
Even in those systems capable of supporting only a single user, the dynamic nature of the circuitry typically used in the processor prevents the implementation of a power-down instruction. Typical of such systems are those in which the processor is a single-chip microprocessor fabricated using exclusively N-channel MOS transistors, such as the Intel 8080 or Motorola's 6800. Since the logic in these types of microprocessors is primarily dynamic rather than static, the "current" state information and the "data" stored in the processor's registers would be lost in the event of a power-down.
As MOS technology advanced to the point where large-scale integration became feasible using complementary P-channel and N-channel MOS transistors, it became possible to fabricate a microprocessor using static logic. With the introduction of Motorola's first single-chip CMOS microprocessor, the MC146805E2, the user was first given the capability to power-down the processor under program control. In this processor, the user was even given the choice of two distinct power-down levels. For example, using a "WAIT" instruction, the user could greatly reduce operating power by disabling the clock outputs provided by the on-chip oscillator while allowing the oscillator to continue operating. In contrast, using a "STOP" instruction, the user could disable the oscillator itself to save maximum operating power. In either event, the clocks/oscillator would be reenabled to restart the processor in response to either a manually generated reset signal or a peripheral generated interrupt signal. (See, copending application Ser. Nos 065,292 and 065,293.)
Although the availability of these power-down instructions was widely accepted among users and often copied by other microprocessor manufacturers, those applications requiring very high reliability had to be very carefully designed and rigorously tested to assure that the STOP instruction in particular could not be inadvertently executed in the event of a program error condition. However, it has been possible, using good programming practices and thorough debugging and testing, to utilize this type of microprocessor even in such demanding applications as heart pacemakers and other intrusive medical environments. On the other hand, the user's risks could be further reduced if some heretofore unavailable mechanism were provided to disable, either absolutely or selectively, such power-down instructions.
In U.S. Pat. No. 4,573,117, a method is taught for enabling the user of such a data processor to selectively disable the power-down instruction under program control. According to a circuit taught therein, the user stored a control code in a control register using a special instruction. As long as the code is present in the control register, the circuit prevents the data processor from disabling the oscillator. However, this method and circuit may be less than satisfactory in some high-security applications since there is no way for preventing the control code from being later cleared out of the control register. Thus, an errant program may still be able to reenable the power-down instruction and then power-down the processor.