top - download
⟦2c7779406⟧ Wang Wps File
Length: 89695 (0x15e5f)
Types: Wang Wps File
Notes: CECOM tilbud
Names: »1604A «
Derivation
└─⟦496afff58⟧ Bits:30006254 8" Wang WCS floppy, CR 0115A
└─ ⟦this⟧ »1604A «
WangText
…00……00……00…=…02…=
…00……00…= <…0a…<
;…0c…;…05…:…09…:…01…9…09…9…0b…9
9 8…0b…8 7…09…7…00…7…05…6…0b…6…02…6…06…5…0f…5…00…4…09…4…02…4…07…3…08…3…01…3…02…2…0a…2
2 2…05…1…86…1 …02… …02… …02… …02…
"Use or disclosure of quotation data is subject to the
restriction on the title page of this Proposal/Quotation."
PART II TECHNICAL PROPOSAL #
EDPF/PRO/001 Date: Jan. 20, 1982
EXPERIMENTAL DISTRIBUTED PROCESSING FACILITY
PART II
TECHNICAL PROPOSAL
COMMANDER…01…US Army Communications-Electronics Command
Procurement Directorate - Research Development
Attn.: DRSEL-PC-TI-SD
CECOM OFFICE BUILDING
Fort Monmouth, New Jersey 07703
REQUEST FOR QUOTATION
SOLICITATION NUMBER DAAB 07-82-Q-JO11
Prepared By:
CHRISTIAN ROVSING A/S
Ballerup, Denmark
CHRISTIAN ROVSING A/S - 1982
"This data furnished in connection with Solicitation
No. D̲A̲A̲B̲ ̲0̲7̲-̲8̲2̲-̲Q̲-̲5̲0̲1̲1̲, shall not be disclosed outside
Government and shall not be duplicated, used, or disclosed
in whole or in part for any purpose other than to evaluate
the quotation; p̲r̲o̲v̲i̲d̲e̲d̲, that if a contract is awarded
to this quoter as a result of or in connection with
the submission of this data, the Government shall have
the right to duplicate, use, or disclose the data to
the extent provided in the contract. This restriction
does not limit the Government's right to use information
contained in the data if it is obtained from another
source without restriction. The data subject to this
restriction is contained in sheets 1̲-̲1̲8̲1̲."
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
1 INTRODUCTION ..................................
6
1.1 TECHNICAL PROPOSAL OUTLINE ................
7
2 INTRODUCTION OT THE CR80 COMPUTER FAMILIES ....
9
2.1 CR80 MAXIM AND FATOM COMPUTERS ............
18
2.2 HARDWARE SYSTEM ORGANIZATION ..............
22
2.2.1 Hardware System Overview ...............
22
2.2.2 Processor Unit and Channel Units ......
28
2.2.2.1 CR80 Modular Packaging ............
28
2.2.2.2 Processon Unit Organization .......
34
2.2.3 The Data Channel ......................
40
2.2.4 Peripheral System Architecture ........
41
2.2.5 Maintenance and Configuration Processor
47
3 EDPF HARDWARE CONFIGURATION (SOW 4.1) ........
50
3.1 SINGLE PROCESSOR NODE COMPUTER ............
55
3.2 DUAL PROCESSOR COMPUTERS ..................
57
3.3 DEVELOPMENT COMPUTER ......................
59
3.4 TDX CONTROLLERS ...........................
62
3.5 TOTAL SYSTEM DELIVERY .....................
64
3.6 SYSTEM UPGRADE CAPABILITY .................
65
4 SOFTWARE CHARACTERISTICS (SOW 4.2 & 4.3 &
4.4) ..........................................
66
4.1 INTRODUCTION ..............................
66
4.2 DAMOS - CR80 STANDARD SYSTEM SOFTWARE .....
67
4.2.1 Overview of DAMOS Operational Software
70
4.2.2 Security ..............................
72
4.2.3 Kernel ................................
74
4.2.3.1 Resource Management ...............
75
4.2.3.2 Process Management ................
76
4.2.3.3 Memory Management .................
77
4.2.3.4 Process Communication .............
77
4.2.3.5 CPU Management ....................
77
4.2.3.6 Processing Unit Management ........
78
4.2.3.7 BASIC Transport Service ...........
78
4.2.3.7.1 Service Types .................
81
4.2.4 DAMOS I/O .............................
81
4.2.4.1 File Management System ............
84
4.2.4.1.1 Device and Volume Handling ....
84
4.2.4.1.2 Directories ...................
85
4.2.4.1.3 Files .........................
85
4.2.4.1.3.1 File Types ................
85
4.2.4.1.3.2 File Commands .............
85
4.2.4.1.4 User Handling .................
86
4.2.4.1.5 Disk Integrity ................
86
4.2.4.1.5.1 Security ..................
86
4.2.4.1.5.2 Redundant Disks ...........
87
4.2.4.1.5.3 Bad Sectors ...............
87
4.2.4.1.6 Access Methods ................
87
4.2.4.1.6.1 Unstructured Access .......
88
4.2.4.1.6.2 Indexed Sequential Access .
88
4.2.4.2 Magnetic Tape File Management
System ............................
89
4.2.4.2.1 Device Functions ..............
90
4.2.4.2.2 Volume Functions ..............
90
4.2.4.2.3 File Functions ................
90
4.2.4.2.4 Record Functions ..............
91
4.2.4.3 Terminal Management System ........
91
4.2.4.3.1 Transfer of I/O Data ..........
92
4.2.4.3.1.1 File Mode .................
92
4.2.4.3.1.2 Communication Mode ........
92
4.2.4.3.2 User Handling .................
95
4.2.4.3.3 Hardware Categories ...........
95
4.2.4.3.3.1 Examples ..................
96
4.2.4.3.3.2 Terminal Controllers ......
98
4.2.4.3.3.3 Lines .....................
98
4.2.4.3.3.4 Units .....................
98
4.2.5 System Initialization .................
99
4.3 STANDARD SUPPORT SOFTWARE .................
100
4.3.1 Terminal Operating System (TOS) .......
100
4.3.2 Language Processors ...................
101
4.3.3 System Generation Software ............
102
4.3.4 Debugging Software ....................
102
4.3.5 Utilities .............................
103
4.3.6 Diagnostic Programs ...................
103
4.3.6.1 Offline Diagnostic Programs .......
103
4.3.6.2 Online Diagnostic Programs ........
104
4.5 TRANSMISSION SOFTWARE .....................
104
4.5.2 Network Interface .....................
105
4.5.2.1 Protocol Levels ...................
105
4.5.3 The Modules of the NSS ................
107
4.5.3.1 The Transport Station .............
107
4.5.3.2 The Transport Station .............
107
4.5.3.3 The Supervisory Module ............
107
4.6 COMMUNICATON SOFTWARE .....................
108
4.6.1 High Level Service Subsystem ..........
108
4.6.2 Terminal Access Subsystem .............
108
5 ADA COMPILER ..................................
111
5.1 PROJECT OVERVIEW ..........................
111
5.2 DESIGN CONSIDERATIONS .....................
112
5.2.1 Selection of Target Language .........
113
5.3 ADA SUBSET ................................
114
5.4 ADA SUBSET ................................
114
5.4.1 Ada Subset Syntax Summary .............
116
5.4.2 Predefined Language Environment .......
126
6 MESSAGE FORMATS AND DATABASE ..................
129
6.1 MESSAGE FORMATS ...........................
129
6.2 DATA BASE .................................
130
6.2.1 Data Base Update ......................
139
6.2.2 Data Base Description .................
145
7 NETWORK TOPOLOGY (SOW 4.7) ....................
147
7.1 BUS NETWORK ...............................
149
7.2 STAR NETWORK ..............................
151
7.3 RING NETWORK ..............................
153
7.4 TREE NEWORK ...............................
155
7.5 BROADCAST NETWORK .........................
157
7.6 IRREGULAR NETWORK .........................
159
8 ACCEPTANCE TESTS (SOW 4.4 & 4.5 & 4.6) ........
160
9 TRAINING (SOW 4.8 & 4.9) ......................
162
9.1 TRAINING REQUIREMENTS ANALYSIS ............
162
9.2 TRAINING PLANNING .........................
163
9.2.1 Management and Organization ...........
163
9.2.2 Training Plan .........................
164
9.2.3 Course Overview .......................
164
9.3 CR80 HARDWARE/SOFTWARE COURSE .............
164
9.4 SYSTEM DEMONSTRATION COURSE ...............
165
9.5 TRAINING MATERIALS ........................
166
9.6 STUDENTS TRAINING COURSE GUIDE ............
166
9.7 TRAINING TECHNIQUES .......................
167
11 DIAGNOSTIC SOFTWARE (SOW 4.10) ...............
169
12 SPARE PARTS AND SPECIAL TOOLS (SOW 4.11) .....
170
13 MAINTENANCE (SOW 4.12) .......................
171
14 SAFETY (SOW 4.13) ............................
172
15 PERSONNEL AVAILABLE FOR THE EDPF PROJECT .....
173
16 TRAVEL AND SUBSISTANCE .......................
181
1̲ ̲ ̲I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
The proposal of Christian Rovsing A/S for design, development
and implementation of an Experimental Distributed Processing
Facility is based on the companies great experience
in applying up-to-date technology to structure an integrated
hardware/software system with the capabilities requested
by CECOM.
Christian Rovsing A/S has specialized in implementation
of a wide range of computer system project based on
the versatile CR80 computer hardware. The CR80 computer
has been designed so modular and flexible that it can
be configured into different standard computer models,
like
o MINI (smal computer)
o TWIN (highly reliable small computer)
o MAXIM (large computer)
o FATOM (FAult TOlerent Multiprocessor)
The components or building blocks of the 4 mentioned
standard computers are well suited to implement a distributed,
flexible and survivable system. The flexibility of
the CR80 computer architecture comprises variance in
instruction execution speed from below 1 mips and up
to 30 mips. Memory capacity variance from 512K bytes
to over 100 megabytes processing power can be varied
from a single CPU to 5 CPU's per Processing Unit. Up
to 16 Processing Units can be interconnected via a
Supra Bus facility.
CHRISTIAN ROVSING A/S has utilized the modular structure
of the CR80 computer to implement a variaty of different
user tailored systems, like front end processor for
NICS-TARE; Computer Aided Message Processing System,
CAMPS - a highly reliable message System for NATO;
commercial EDP systems, Corporate Packet Network for
L. M. Ericson.
The CECOM EDPF can gain from Christian Rovsing A/S's
experience to achieve a Experimental Distributed Processing
Facility. The system can be implemented using advances,
but existing computer component, without relaxation
on the ambitious requirements set forth by CECOM.
Christian Rovsing A/S can clearly state that the problems
normally experienced in development of prototype systems
and which has been expected in the Experimental Distributed
Processing Facility by CECOM can be totally avoided
by following the approach offered by Christian Rovsing
A/S in this proposal.
1.1 T̲E̲C̲H̲N̲I̲C̲A̲L̲ ̲P̲R̲O̲P̲O̲S̲A̲L̲ ̲O̲U̲T̲L̲I̲N̲E̲
The technical proposal for an Experimental Distributed
Processing Facility starts with a brief description
of the four standard computers, that can be configured
using the CR80 hardware components. These four standard
computers are only mentioned to highlight different
characteristics of the CR80 computer family and to
demonstrate the versatility of the CR80.
In the subsequent section (section 3) the proposal
for hardware configuration of the EDPF project is outlined.
The host computer is configured with the same building
block used in all other nodes. This will give a unified
concept for the EDPF. All hardware and software components
will be identical. The second option will also give
an extra super node in an integrated network covering
both initial subsystems.
In section 4 software characteristics are described.
First the DAMOS operation system is outlined. Subsequently
the input/output utilities are mentioned, followed
by standard Support Software. The layering principal
described by ISO is used.
In section 5 the ADA compiler projet is described.
The subset of ADA, which Christian Rovsing A/S is presently
implementing is mentioned.
Section 6 contains the message format and database
feature of the EDPF.
The different network topologies which could be implemented
by the EDPF are analysed and ranked. The best network
for the Experinmental Distributed Processing Facility
is selected for the demonstration to be performed.
The subsequent sections deals with acceptance testing,
training and demonstration, diagnostic software, spare
parts, maintenance, safety and personnel to be allocated
to the EDPF project. Finally an extimate is made over
the number of travels to be expected.
2̲ ̲ ̲I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲ ̲T̲O̲ ̲T̲H̲E̲ ̲C̲R̲8̲0̲ ̲C̲O̲M̲P̲U̲T̲E̲R̲ ̲F̲A̲M̲I̲L̲I̲E̲S̲ ̲(̲S̲O̲W̲ ̲1̲)̲
Several years of rapid computer technology evolution
have led to the development of the CR80 computer product
line at Christian Rovsing A/S. The computer families
are a collection of units architecturally structured
in an innovative way into powerful multiprocessor systems.
Through a high degree of parallelism and redundancy,
the configurations introduced herein offer nearly unlimited
operating power and outstanding system reliability.
From the outset, system architects at Christian Rovsing
recognized that micro-electronics was the driving force
behind modern computer technology. The CR80 systems
in the larger configurations, are competitive with
and challenge the power of large mainframes, but with
far superior operational characteristics and hereto
unrealizable advantages. The CR80 building-block modules
allow a system configuration flexibility previously
unachievable, this has led to the definition of the
CR80 Computer Family depicted in summary block diagrams
on the next page (figure II-2.1).
Arbitrarily, the CR80 family of computers has been
configured into standard computer models and given
simple acronyms. The CR80 standard models are called:
o MINI
o TWIN
o MAXIM
o FATOM
The model names are simple descriptors of the characteristic
features of each configuration which are listed below
the block diagrams in the figure.
As qualified above, system boundaries are arbitrary
and somewhat hard to define since they are truly non-existent,
The CR80 product line as such probably offers the most
versatile computer configurations in the industry.
Nevertheless for purposes of standardization, the CR80
systems cross through 4 smooth transition levels.
Fig. 2.1
The standard CR80 models are divided into two classes
- unmapped and mapped - supported respectively by the
AMOS and DAMOS software operating systems.
The unmapped systems include the
- CR80 MINI, a multiprocessor system with up to 4
CPU's and 256 K words of memory with an operating
range of 0.6 to 1.3 million instructions/second;
and the
- CR80 TWIN, a fully-dualized version of the MINI
with twin multiprocessors and a dual bused peripheral
subsystem.
The mapped systems include the
- CR80 MAXIM, a multiprocessor system with up to
5 CPU's and 16 megawords of memory with an operating
range of 0.6 to 2.0 million instructions/second
and a Data Channel with a megabyte/sec. transfer
rate interfacing up to 15 channel units for control
of up to 960 peripheral modules, and the
- CR80 FATOM, a fault-tolerant system comprised of
as many as 16 multiprocessors interconnected through
a 512 megabit message transport; each multiprocessor
has the same capabilities as a CR80 MAXIM with
256 megawords of memory and an operating range
up to 30 million instructions/second.
These standard configurations encompass a broad range
of physical characteristics to meet the requirements
of the smaller stand-alone user and those of the largest
multi-installation network applications. The four models
offer
- a 50:1 range in instruction execution rate varying
from 0.6 mips to 30 mips.
- a 1000:1 range in memory capacity from 512 K bytes
to 512 megabytes.
- a 80:1 range in processing power utilizing one
CPU or up to 16 interconnected multiprocessors
with a maximum of 5 CPU's each.
- a 400:1 range in connectivity through Peripheral
controllers accommodating a variety of terminations
with as many as 960 peripherals or up to 4096 communication
lines.
Flexible variation is the size and structure of the
CR80 systems are permitted by the unusual degree of
hardware and software modularity. The hardware essentially
consists of fast transfer buses joined to each other
by adapters which allow units on one bus to access
those on another. Dualization as the internal level
and multiple redundancy at the system level provide
a CR80 hardware architecture which is exploited by
the DAMOS software operating system and programs to
survive operational failure of individual components.
Reliability, which is increasingly becoming of concern
in real-time and distributed network applications,
is achieved in the CR80 computer systems by applying
unique architectural concepts. The CR80 hardware/software
architecture treats all multiprocessors as equal elements
not absolutely dedicated to a specific role. Fault
tolerance and backup are achieved through an n+l redundance
scheme without preassignment of system functions to
specific processors. This is in marked contrast to
the more common rigid dualized configurations often
encountered in dedicated applications with on-line
master/slave arrangements, or off-line backup with
switchover facility.
The many functional and operation features inherent
in the CR80 computer system configurations presented
in this proposal go beyond the mere physical size variations
and expansion options. As a general introduction and
to orient these later detailed discussions, the highlights
of the CR80 Computer Family characteristics are presented
here.
The following list of highlights is not exhaustive.
Rather, it is meant to focus on those operational capabilities
meaningful to potential users in varied applications
such as private data networks, front-end processors,
data concentrators, multi-terminal systems, real-time
on-line systems, packet-switched networks or process
control.
C̲R̲8̲0̲ ̲H̲i̲g̲h̲l̲i̲g̲h̲t̲s̲:̲
o DISTRIBUTED PROCESSING THROUGHOUT THE CR80 COMPUTER
FAMILY
- Multiple Central Processors.
- Multiple CPU's in Central Processors.
- Individual Microprocessors in each Peripheral
Controller Module.
- Fast separate processor for Interrupt Preprocessing
and Data Channel management.
- Multiple Microprocessors handling protocol
and logical multiplexing of channels to S-Net
and X-Net.
o UNIQUE MULTILEVEL SECURITY FEATURES
- Privileged instruction set of Central Processors,
coupled with Memory Map control and boundary
register, prevent unauthorized access.
- Separate SYSTEM/USER state limit data access
and process changes and cause interrupt on
attempted violations.
- Prevent processes from monopolizing the system
resources.
- 15 system states with most sensitive part of
privileged instructions only executable in
the highest state.
- Non assigned instructions will cause a trap.
- General centralized addressing mechanism used
whenever object external to a user process
are referred to.
o FAULT TOLERANCY
- NO-BREAK computing supported by numerous unique
hardware, software and maintenance features
to achieve mean time between system failures
in the order of years.
- Multiple Central Processor incorporation of
Peripheral Controller modules providing alternative
processing paths.
- Economic N+1 Central Processor redundancy.
- Economic N+1 Communication Interface redundancy.
- Dual Powering of Peripheral Controller modules
safeguards against single power failures.
- Redundant Fan Units ensures sufficient cooling
of equipment in the event of Fan breakdown
or failure in a mains phase supply.
- Short mean time to repair ensured by major
system components exchangeable from the front
with no cable detachment or special tools needed.
- Extensive Quality assurance and control program
during design and production for achieving
and maintain the CR80 high level of module
reliability.
- Maintenance and Configuration Processor subsystem
supervises Power Supply voltages and environmental
conditions and provides reconfiguration of
the computer in response to errors reported
by on-line diagnostics, self-checks and status
reporting.
o EXTENSIVE USE OF LSI TECHNOLOGY
- High equipment density achieved by use of RAM's,
PROM's, CPU's, USART's, FIFO's, Programmable
Logic Arrays and microprocessors.
- Low power consumption, allowing for forced
air cooling of even the largest computer configurations.
- Very low space requirements of packed computers.
- High speed based on Schottky-TTL technology.
o POWERFUL CPU UTILIZED
- Microcycle time 250 nanoseconds.
- 16 bit instructions.
- Internal pipe lining.
- Instruction prefetch.
- Comprises dual Arithmetic and Logic Units allowing
up to 3 operand arithmetic operations to be
executed simultaneous.
- Extensive error checking with roll-back allowing
instruction reexecution.
- Designed for multi CPU, multiprocessor environment.
- Non-mapped and mapped virtual memory capability.
- Field exchangeable single unit.
o REDUCED BUS CONTENTION USING C̲A̲C̲H̲E̲ HIGH-SPEED BUFFER
MEMORY
- Increases CPU efficiency by 40%
- Transfer bus bandwidth utilization increased
by 50%.
- No software overhead.
- Real time consistency with content of main
memory in multiprocessor environment.
o UNIQUE TDX/X-NET LOCAL AREA NETWORK
- Addresses up to 256 devices on local network.
- Coaxial cable pair allows up to 5000 meters
between stations.
- Multiple ports provide common services to work
stations.
- Megabit serial transfer buses provide essentially
unlimited front-end throughput and connectivity.
o ON-LINE SERVICEABILITY AND EXTENDABILITY
- Computers partioned in self sustained physical
subunits complete with power supply and cooling.
- Physical subunits galvanically isolated from
each other and interconnected via high speed
dual or multiple redundant long distance data
highways, omitting ground loops normally limiting
size and on-line extension of computer systems.
- All major modules, inclusive the power supplies
and Fan Units, are insertable and exchangeable
from the front without special tools.
- On-line exchange and addition of modules without
power down provided by electronic power switches
and bus high impedancing circuitry in the individual
modules.
- Extensive individual indication to operator
of hardware status.
- Wide range of maintenance and diagnostic programs.
- Early warning of error prone conditions and
preventive fault correction made possible by
the Maintenance and Configuration microcomputer
monitoring power supply voltages and environmental
conditions of subunits.
o MAINTENANCE AND CONFIGURATION PROCESSOR
- Stand-alone system Watchdog microcomputer monitors
equipment status through physical sensing.
- Voltage variations of power supplies monitored
with A/D converters.
- Fault Tolerancy computer reconfigurations,
based on accumulated on-line diagnostics, selfchecks
and status reporting.
- Distributed monitoring and control of all computer
subunits through separate redundant, galvanically
isolated connections.
- Fail-safe switch-over to manual set-up of configuration
in case of error in the Maintenance and Configuration
Processor itself.
- Manages the economic N+1 redundancy switch-over
of communication lines.
o DAMOS, DISTRIBUTED ADVANCED MULTIPROCESSOR OPERATING
SYSTEM
- Unifies multiple mapped virtual memory multiprocessors
into a high performance computer (MAXIM and
FATOM).
- Support mapped computers ranging from single
Central Processor with 1 CPU and 128K word
of Memory, and up to 16 Central Processors
each with 5 CPU's and 16 Megaword of memory.
- High efficiency, flexibility and security in
real time environment, but also supports software
development and batch.
- Virtual Memory management by demand paging,
but process swopping is also supported.
- Provides process management, interprocess communication,
basic and high level device handling, including
interactive terminals, communication lines
and file structured backing storage devices.
- Comprehensive suite of software development
tools and utilities, the following languages
are presently available:
- Assembler
- SWELL, the CR80 system programming language
- PASCAL
- COBOL
- ADA (subset)
the following languages are announced:
- FORTRAN 77
- ADA (full range)
2.1 C̲R̲8̲0̲ ̲M̲A̲X̲I̲M̲ ̲A̲N̲D̲ ̲F̲A̲T̲O̲M̲ ̲C̲O̲M̲P̲U̲T̲E̲R̲S̲
Christian Rovsing A/S with the CR80 MAXIM and FATOM
virtual machines has introduced a new and powerful
architecture for ultra-reliable, easy to maintain and
modular fail safe computers. The high speed memory
mapped multiprocessor computers have been designed
to provide modular growth in processing power and memory
requirements to cope economically with the requirements
of:
o General purpose computer systems
o Front end processors
o Packet switches
o Concentrators
o Process control
o On-line systems
o Terminal systems
The illustration overleaf shows that the CR80 FATOM
computer tightly couples Processing Elements (Multiprocessors)
together via the S-NET, the Processing Element (PE)
being constituted by a Processor Unit (PU) and elements
of Channel Units (CU's) attached to the interconnecting
Data Channel. Each peripheral connects to two Processing
Elements (PE's), one PE being the active processor
for a connected peripheral, the other the back-up processor.
Also it is seen that the CR80 MAXIM (Memory mapped
Maxi-computer) is the single Processing Element (PE),
non-redundant subset of the CR80 FATOM (Fault Tolerant
Multiprocessor), otherwise they have identical high
performance characteristics.
The CR80 FATOM fault tolerant computer differs from
other computers (large, medium or small) in that it,
based on a unique distribution of its memory providing
nearby unlimited processing power, up to more than
30 Million instructions per second (MIPS) in a 16 PE
configuration, together with minimum added hardware
to achieve its "self repair" features and 256 Mega
word maximum memory size. Extensive hardware checks
have been incorporated throughout the CR80 architecture,
supporting integrity and security in execution of both
application and system programs, ensuring that erroneous
interaction among users, as well as with the system
software is prevented.
This is extremely important during software maintenance
and development, once a fault tolerant system has been
brought operational, as well as facilitating the initial
software development and debugging.
The CR80 architecture and DAMOS system software supports
modularily the total spectrum of virtual memory machines,
from the 0.6 - 2.0 MIPS MAXIM multiprocessor computer
with one or more CPU's, up to more than 30 MIPS, N+1
redundant FATOM computer, incorporating the cost effective
approach of only having 1 single spare unit, capable
of backing up for any of N working units. The CR80
can be upgraded in the field, often without stopping
operational use, due to its on-line maintainability
and unique galvanic isolation between system elements
at the card-magazine level.
CR80 FATOM…01…CR80 MAXIM
A CR80 Processing Element (PE) constitutes either a
uni- or multiprocessor computer with from 1 to 5 CPU's
(.6 to 2 MIPS). The CR80 FATOM connecting 16 Processing
Elements (PE's) together via the extremely fast S-NET
(up to 512 Mbit/sec.) into a tightly coupled multicomputer
with more than 30 MIPS capability. In addition all
lower levels of input/output processing is distributed
to Peripheral Processors in the Channel Units (CU),
this further enhances the CR80 above the simple accumulated
processing power of the CPUs.
The Peripheral Processors communicate with PE's through
one port of a triple ported memory, the two other ports
allowing for this memory being part of the address
space of two Processing Elements (PE's), which ensure
an alternative Processing Element, in case of a Processing
Element (PE) failure. The Peripheral Processor and
associated three ported memory is physically located
in a Peripheral Module housed in a CU.
The CR80 computers also gain their strength from high
speed intelligent multiplexed Direct Memory Access
(DMA) channels between the distributed memory in PUs
and CUs. The imbedded channel processors (S-NET & INTRA
MEMORY) with minimum interruption of the CPUs autonomeously
handle and ensure the integrity of hundreds of simultaneous
active logical channels between processes.
The CR80 FATOM basic system philosophy is to achieve
N+1 redundancy on all levels, both for Processor Elements
and Peripheral Interfaces. A unified system approach
to software in a redundant system, relieving application
software as far as possible of mechanisms and functions
necessary for fault tolerance, moving these to the
system S/W. Thus the CR80 FATOM Computer is designed
to have no single points of failure on a system basis,
this includes all parts of the system: Processors,
buses, I/O devices, power supply, cooling and software
in order to achieve a continously available no-break
computer. The on-line maintenance features, allows
any failed module to be exchanged and tested, without
interrupting system operation.
Furthermore the CR80 modular packaging and integration
system, ensures the capability for expansion of a CR80
FATOM Computer to virtually any physical size, using
only a few standard types of modules and cables, as
well as achieves the cost efficiency of both the single
and fault tolerant CR80 Computers.
2.2 H̲A̲R̲D̲W̲A̲R̲E̲ ̲S̲Y̲S̲T̲E̲M̲ ̲O̲R̲G̲A̲N̲I̲Z̲A̲T̲I̲O̲N̲
2.2.1 H̲a̲r̲d̲w̲a̲r̲e̲ ̲S̲y̲s̲t̲e̲m̲ ̲O̲v̲e̲r̲v̲i̲e̲w̲
The CR80-memory mapped computers are of modular construction,
allowing the system architect to configurate Computer
Systems with a performance ranging from a single (MAXIM)
computer with from 1 to 5 CPUs and few peripherals
up to a complex failure tolerant (FATOM) computer system
with up to 80 or more CPU's and nearly unlimited amount
of peripheral equipment and communication lines, by
use of few standard items.
In the CR80 Functional Overview shown overleaf (Fig.
2.2.1-1), the basic elements (PE's) and Peripheral
Processors (PER; PROC:) Data Channels and two types
of basic units, Processor Units (PU) and Channel Units
(CU) are shown.
Each Processing Element (PE) looks to the user as a
multiprogrammable multiprocessor (up to 5 CPUs) virtual
memory (16 Megawords) and demand paging. Processing
and receive messages in own Memory via the S-NET. As
all data transfer via the S-NET is through both the
Memory Map of the source PE and the destination PE,
full hardware protection against unintended interference
between PE's is ensured.
A Processing element (e.g. PE No. 1) is physically
implemented in two types of crates (card cages), the
Processor Unit (PU) containing all address sourcing
devices (CPU's and DMA's) and the first Megaword of
the PE-Memory, and a number of Channel Units (CU's)
containing additionally up to 15 Megawork of PE-Memory.
The Channel Units (CU's) furthermore, contain the Peripheral
processors interfacing peripherals (e.g. Disc, Tape,
terminals, communication lines etc.) to the Processing
Element. The Memory Bus of the PE is divided
into three parts (P, C and D) with the Memory Map centrally
placed, in order to optimize processing and access
to Memory.
The P-Bus (P) is reserved for the Central Processing
Units (CPU's). The C-Bus (C) is utilized by Direct
Memory Access (DMA) devices, e.g. the S-Net/TDX Interface
(STI) DMA's and the INTRA MEMORY DMA positioned in
the MAP module. The memory extension bus (D), commonly
named the DATA channel, is shared by CPU's (on P-Bus)
and DMA's (on C-Bus) for access to PE-Memory positioned
in CU's. The memory extension bus (D) gets its channel
like characteristics, due to the intelligent C-Bus
DMA's and their associated embedded processors. Only
passive PE-Memory is attached on the bus (D) itself.
The P-Bus and C-Bus operated independently of each
other (although multiplexing the use of the Memory
Map). This allows processing in the PE by the CPU's
to continue without interference during bulk data transfers
with the S-Net, TDX (X-Net) or within the PE-Memory.
Fig. 2.2.1.1…01…FATOM Functional Overview
Peripherals (Disc, Terminals, communication lines etc.)
are attached by Peripheral Processors (PER. PROC.),
that performs distributedly the I/O processing associated
with the specific types of attached peripheral-devices,
and directly communicates Data and status/control messages
to PE-Memory. The parts of PE-Memory accessible by
Peripheral Processors is compartmentalized. A Peripheral
Processor can only access its own compartment, and
not that of another Peripheral Processor or parts of
PE-Memory allocated for general processing. The combination
of a Peripheral Processor and compartmentalized memory
is defined as a Peripheral Module. This insures integrity
and security of input/output, as well as each Peripheral
Processor having its own path to PE-Memory, results
in omission of the restrictions and speed degradation
of the commonly used multiplexed I/O access to memory.
It is seen from the foregoing that three distinct levels
of multiprocessing are found in the CR80:
o Processor Elements (PE level)
o CPU's within a Processor Element (CPU level)
o Peripheral Processors (PER. PROC. level)
Physical Memory can be incorporated into one or two
Processing elements as shown in the CR80 MAXIM and
FATOM Memory layout overleaf (Fig. 2.2.1-2). This allows
for bulk Memory or Compartmentalized Memory associated
with Peripheral Processors, to be part of the memory
space of two PE's. As both PE's can process data found
in the common part of their memory, this provides for
the Fault Toleranceof the CR80 computer in case of
failure of a PE. It enables other PE's to take over
processing associated with common parts of their Memory
(Bulk or Compartmentalized).
In systems where a Peripheral Module group in a CU,
cannot tolerate a failure, the N+1 redundancy principle
is implemented by having a spare Peripheral Module
available in the CU. This spare Peripheral Module takes
over the operation of any failed Peripheral Module
by switching of the physical peripheral device interface
to the Peripheral Module. This is controlled by the
Maintenance and Control Processor (MCP) described in
a later section.
Fig. 2.2.1-2…01…Memory Layout of CR80 MAXIM AND FATOM Processor
Elements (PE's)
The S-Net (Intermemory Communication Network) provides
high-speed transport of data between Memory of Processing
Elements. Each Processing element interfaces to the
S-Net with from 1 to 32 coaxial twisted pair cables
(SUPRA-BUSES). Galvanic isolation via transformer interface
to the SUPRA/TDX Interface (STI) DMAs, avoids ground
loops between Processing Elements. The information
transfer is multiplexed on the twisted-pair cables,
each carrying 16 Megabits serial transmission under
packet protocol protection which ensures error free
transmission. The Processing Element interface to the
S-Net thus is modularly expandable, by adding SUPRA
BUSES, providing a port to up to 512 Megabits of S-Net
traffic (32 x 16 Megabits) The S-Net achieve high system
reliability and provides multiple redundancy, in that
traffic on a failed SUPRA BUS automatically by the
protocol is distributed to the other SUPRA BUSES. A
Processing Element can communicate with up to 15 other
Processing Element via the S-Net/TDX Interface (STI)
DMA modules alternatively, or mixed with SUPRA BUSES,
provide interface to the TDX (X-Net) Local Area Network
(LAN) for connecting to Peripheral devices (Terminals,
Printers, Process Control, Communication Lines etc.)
and other Processing Elements, within an area of up
to several square Kilometers.
Interrupt handling within a Processing Element is done
centrally by the Interrupt Preprocessor found in the
MAP module. The Interrupt Preprocessor receives interrupts
transmitted serially from C-Bus DMA's, Timers, Peripheral
Processors etc., queue the Interrupts and compare them
with interrupt masks and CPU priorities. The CPU is
only notified via a direct notification line, when
an actual context switching is to take place, thereby
relieving the CPU's of tedious and time consuming Interrupt
handling.
2.2.2 P̲r̲o̲c̲e̲s̲s̲o̲r̲ ̲U̲n̲i̲t̲ ̲A̲n̲d̲ ̲C̲h̲a̲n̲n̲e̲l̲ ̲U̲n̲i̲t̲s̲
The following sections describe PU and CU packaging
and organization.
2.2.2.1 C̲R̲8̲0̲ ̲M̲o̲d̲u̲l̲a̲r̲ ̲P̲a̲c̲k̲a̲g̲i̲n̲g̲
As for the processing system design, great emphasis
has been put on Failure Tolerance and modularity of
the packaging, cooling and Power Supply sub-systems.
The CR80 modular fault tolerant computer system is
assembled using standard modules (printed circuit cards)
housed in Processor Units and Channel Units (Card Cages).
The Units are interfaced by galvanically isolated transfer
buses, structured as shown below (figure 2.2.2.1-1)
and described in the following.
Units are housed in 19" Crates (Card Magazines) for
installation in standard 19" Racks, as shown overleaf
(Figure 2.2.2.1-2). A Crate contains a 25 slot Front
Magazine for insertion of up to 17 Printed circuit
card modules and 2 Power Supply modules, the two upper
rows of connectors is each interconnected by multilayer
printed circuit buses, while the lowest row of connectors
are connected individually via flatcables to corresponding
connectors in the Rear Magazine. The 19 slot Rear Magazine,
which can be pivoted down for access to Crate internal
cabling, holds Adapter modules providing the interface
and cabling to external devices (S-Net, Peripherals
etc.) for their corresponding Front Module. Also a
number of slots is provided outside the Rear Magazine,
at the rear of the Crate for insertion of bus termination
cards and interface cards to the Data Channel bus.
Keeping all external cabling at the rear of the Crate,
allows all front modules (CPU, RAM, Peripheral Modules
etc.), inclusive the plug-in Power Supplies, to be
exchanges quickly without use of special tools.
Below each crate (PU or CU) in the CR80 system is installed
an exchangeable FAN Unit, which by forced air cools
the modules in the crate. To ensure continous air flow,
the FAN unit is redundantly constructed with the airstream
being provided by two sets of blowers, each being powered
from different Mains phases, and each with a capacity
sufficient for cooling the entire crate
over a prolonged period of time. This ensures the failure
tolerance of the FAN unit, both against a Mains phase
falling out and mechanical breakdown of a blower.
Fig. 2.2.21-1…01…Processing Element, Units and Buses
One, or two power supply modules operating in parallel,
are installed, in each PU crate dependent of the required
power consumption. A power supply failure in the PU
will cause the PE to stop processing, but it will not
influence the system operation, as processing of the
failed PE will be taken over by the remaining operating
PE's.
In each CU crate two Power Supplies are installed,
each backing up for the other in supplying the modules
installed in the crate - distributing power via separate
Buses. This power scheme ensures that a single power
supply can fail without influencing the operation of
the modules in the CU crate due to the special Power
Supply ORing-circuit in each of the modules. The power
ORing-circuit in each of the modules. The power ORing-circuit
contains a current limiter which ensures that a short
in a module will not draw excess power from the power
supplies, and thereby interrupt the operation of other
modules in the crate.
A second function of the Power ORing-circuit is, in
combination with a slightly shorter pin in the interface
connector between the Peripheral Module and the buses,
to allow on-line replacement of a module in an operating
CU-crate. The shortened pin will disconnect first and
connect last, when a module is removed or inserted,
at this pin (via an integrating circuit) controls the
current limiter in the Power ORing-circuit, power to
the module is therefore removed, or applied without
spikes on crate-buses during module exchange. Also
because of the special bus driver/receivers used, which
have high impedance against the buses when the power
is removed, no interruption occurs in operation of
the Data buses during module exchange.
BIT (Built In Test) are found in most CR80 modules.
The test starts automatically when power is applied
to the module and lights the red TEST LED on the front
plate. When the internal test cycle, which lasts a
few seconds, has been run through successfully, the
TEST LED is estinguished to indicate this, otherwise
it will remain on.
The red colour is reserved for the BIT function, giving
the CR80 computer its characteristic appearance when
power is applied, the modules in the system will then
light red and after a few seconds estinguish only leaving
an eventually failed one still on, easily identifyable
for exchange.
Fig. 2.2.2.1-2…01…CR80M PROCESSOR UNIT & CHANNEL UNIT
Other built in test functions, which are not destructive
of the normal module function, are used for error detection
by the CR80 on-line diagnostics, during actual operation
of the computer.
2.2.2.2 P̲r̲o̲c̲e̲s̲s̲o̲r̲ ̲U̲n̲i̲t̲ ̲O̲r̲g̲a̲n̲i̲z̲a̲t̲i̲o̲n̲
Installation of modules into the PU-Crate is shown
overleaf (Fig. 2.2.2.2-1).
As previously described, interconnection of the PU
modules is performed by means of two parallel transfer
buses, the P-Bus and the C-Bus implemented as two backplane
printed circuit boards. The buses have identical electrical
and timing specifications with the following characteristics:
transfer rate up to 4 megaword/second (16 bits + 2
parity bits), addressing of 1 megaword as work or byte.
The P-Bus is the transfer bus for the Central Processor
Units (CPUs), while the C-Bus is used as transfer bus
by the C-Bus modules (DMAs).
The central processor units, CPUs, are general purpose
processor units with a word length of 16 bits and the
ability to address 64K work of instruction and 64K
work of data. All data/instruction transfer performed
by the CPU are via the P-Bus and the memory MAP to
the memory. Referring to Fig. 2.2.2.2.-2 overleaf,
physically, the CPUs and the memory MAP are connected
to the same P-Bus, but logically the CPUs recognize
the MAP as being located between the memory and the
CPU.
Each CPU includes a private 1K work Cache Memory. This
diminishes the load on the P-Bus, as CPU's often will
find addressed memory locations in the Cache Memory.
The function performed by the memory MAP is to expand
the addressable memory area to 16 megawork of which
1 megaword can be located in the PU as dual ported
Memory, while the remaining 15 megaword can be located
in CU's on the Data Channel Bus (accessed via the MAP
Interface Adapter, MIA). Besides the address translation,
the MAP also provides memory read/write protection,
with protection performed individually for each 1K
page of the memory.
Fig. 2.2.2.2-1…01…Processor Unit (PU)
Fig. 2.2.2.2-2…01…PU Logical organization
The functions performed by the MAP on the P-Bus transfers
are also performed on all C-Bus transfers. This means
that the C-Bus Modules can access the complete 16 -
megaword memory area, subject to memory read/write
protection.
Beside the address translation described above, the
MAP module also includes the INTRA MEMORY DMA function,
interrupt preprocessing and Data Channel Bus interface.
The DMA is used for block transfer within the complete
16 megaword of Processing Element memory. The DMA is
under control of the system software.
The interrupt preprocessing performed ensures that
only interrupts with sufficiment priority will cause
a context switch in one of the CPUs, while all other
interrupts will be queued by the MAP, until the status
of a CPU allows service of them.
Transfer on the Data Channel Bus will be performed
by the memory MAP (via the MIA module) when the addressed
location is not within the PU Memory addressing space
(1M word).
The STI module contains DMA and associated processors
for autonomeous multiplexed transfer of datablock to/from
the total 16 Mword PE-Memory. It interfaces via up
to 8 SUPRABUS Adapter modules to the S-Net. Each SUPRABUS
Adapter contains receive and transmit buffer and transformer
interface to one 16 Mbit SUPRABUS. Up to four STI modules
can be installed in a PU, allowing for interfacing
a total of 32 SUPRABUSES (512 Megabit/sec.) to a Processing
Element.
2.2.2.3 C̲h̲a̲n̲n̲e̲l̲ ̲U̲n̲i̲t̲ ̲O̲r̲g̲a̲n̲i̲z̲a̲t̲i̲o̲n̲
The organization of Channel Units is shown overleaf
(Figure 2.2.2.3-1) and installation of modules into
the CU-crate is shown overleaf (Figure 2.2.2.3-2).
Interconnection of the CU modules is performed by means
of two parallel transfer buses, Data Bus A and Data
Bus B, implemented as two backplane printed circuit
boards. The buses have identical electrical and timing
specifications with the following characteristics:
transfer rate up to 4 megawords/second (16 bits + 2
parity bits), addressing of 1 megaword as word or byte.
Figure 2.2.2.3-1…01…INTERFACE CONNECTORS TO PERIPHERAL DEVICES
Fig. 2.2.2.3-2…01…Channel Unit (CU)
Data Bus A interfaces to the Data Channel of one Processing
Element, and Data Bus B to the Data Channel of another
Processing Element via Crate Interface Adapters (CIA-A
and CIA-B respectively).
The Channel Units contains Memory Modules and Peripheral
Modules. The dual transfer bus structure ensures that
a single point failure will not stop operation of more
than one Peripheral Module.
The physical interface to the peripherals, communication
lines etc. is an Adapter module located at the rear
of the CU crate. For interfacing to communication lines,
a special Adapter module (LIA-S) is available. This
module is able to select a spare LTU module to be used
instead of a failing LTU module. This selection is
under control of the Maintenance and Configuration
Processor MCP. The spare LTU can be back-up for a number
of active input is taken from two separate sources
to ensure that a failure in one power source cannot
stop the CU operation.
2.2.3 T̲h̲e̲ ̲D̲a̲t̲a̲ ̲C̲h̲a̲n̲n̲e̲l̲
The Data Channel Bus is a 1.2 Megabyte/sec., byte serial,
twisted wire bus. Through the combined address space
and physical length it jointly extends the P-Bus and
C-Bus in the Processor Unit (PU) to the attached daisy
chained Channel Units (CUs). Only address destination
modules (memory) can be attached on the Data Channel
Bus. All access is from the PU through the memory MAP.
The MAP automatically routes accesses to physical memory
addresses above 1 Mword out on the Data Channel Bus.
At the hardware level the Data Channel is viewed by
the CPU's as a physical memory extension to the P-Bus
in the PU. At the system level, however, the Data Channel
is viewed by the CPUs as more intelligent due to the
C-Bus DMA processors. The C-Bus Processors (INTRA MEMORY
DMA/Interrupt processor and SUPRA/TDX processors) attached
to the C-Bus in the PU, concurrently with the CPUs
and under their control, can execute high level programs
for moving data in the total memory of the CR80. Data
can be moved within the Processing Element by the INTRA
MEMORY DMA; and between Processing Elements via the
S-Net. Data is moved as single data words, data blocks
or as block multiplexed
data streams, where up to several hundred simultaneous
logical connections are handled autonomously by the
C-Bus processors, requiring only high level interaction
with the CPUs.
2.2.4 P̲e̲r̲i̲p̲h̲e̲r̲a̲l̲ ̲S̲y̲s̲t̲e̲m̲ ̲A̲r̲c̲h̲i̲t̲e̲c̲t̲u̲r̲e̲
Each Peripheral Device (Disc, tape, terminals, communication
lines etc.) or a group of Peripheral Devices are attached
to the CR80 by a Peripheral Module. A Peripheral Module,
see fig. 2.2.4-1 overleaf, contains Compartmentalized
Memory and a Peripheral Processor.
The Peripheral Processor (Microcomputer or bit-slice
(CPU) handles the Peripheral Device interface, as well
as lower level I/O processing (part of device handlers,
communication protocols etc.) and store/fetches data
in the Compartmentalized Memory via the Peripheral
Module I/O bus. The Compartmentalized Memory (typically
16-64 Kilobyte) is part of the Memory space of one
or two Processing Elements.
The Processing Security is thus enhanced, in that Processing
Element Memory is Compartmentalized in Peripheral Modules
so that a memory fraction is handed over to only one
associated Peripheral Processor. Distributing I/O processing
to Peripheral Processors provides a separate level
of multiprocessing in the CR80 architecture, relieving
the CPU's of real-time, device or character dependent
processing, this together with each Peripheral Processor
having its private I/O Bus to Processing Element Memory,
thereby omitting Multiplexed I/O Channels, provides
for the remarkable peripheral connectivity and throughput
of the CR80. Also as Compartmentalized Memory is simply
a part of Processing Element Memory, CPU's can directly
access and process data without further movement.
The program executed by a Peripheral Processor, is
either contained in PROM or in RAM, in the latter case
this provides for loading the program from the Processing
Element via the Compartmentalized Memory to the Peripheral
Processor RAM. This allows standardization of Peripheral
Module hardware by providing software adaption of a
module to different peripheral devices. An example
is the CR80 Peripheral
Figure 2.2.4-1…01…Peripheral Module Embedding Compartmentalized…01…Memory and Peripheral
Processor
Module for Communication Line Interfacing (Line Termination
Unit, LTU), the standard LTU dependent on program loaded
when initialized, copes with level 1 and 2 of most
Asynchroneous, Synchroneous and Bit-synchroneous protocols
(V24, BSC, HDLC, SDLC etc.) as well as variations in
the line interface (control line options, different
clock sources etc.). The soft-load feature is furthermore
important, as discussed later, for N+1 redundancy Peripheral
Modules, in that the common spare Peripheral Processor
can be loaded with adaptation software corresponding
to that of the faulty Peripheral Processor it replaces.
Protection against un-availability of Peripheral Devices
in case of failure of a Processing Element, is ensured
by Peripheral Module Compartmentalized Memory being
part of Memory Space of two Processing Elements.
Referring to figure 2.2.4-1 showing peripheral module,
Data Bus A, Data Bus B and Crate Interface Adapters,
already described in previous sections. The Compartmentalized
Memory is seen to be connected to the Data Bus A and
the Data Bus B via Bus interfaces A and B respectively.
Further is shown a configuration control register,
a current limiter, a peripheral device, an interrupt
controller, control/status register RAM and Power OR-ing
diodes.
Main control lines and data control lines are shown
and the signal directions indicated by arrows. Signals
DA and DB is provided via separate external lines from
a not shown Maintenance and Configuration Processor
(MCP), supervising the total CR80 computer. Attention
should first be drawn to the configuration control
register, this register being controlled in different
ways to disable either of the Data Bus A and Data Bus
B. If the Maintenance and Configuration Processor (MCP)
detects a failure in the Processing element incorporating
Data Bus A, it will issue a disable A signal DA to
the configuration control register causing the register
to disconnect the A-Bus Interface from the Data Bus
A, apart from the hatchet fraction of the interface,
the hatchet fraction and a similar fraction of the
B-Bus Interface also being connected to inputs of the
configuration control register via lines da and db
respectively. Besides disabling the A-Bus interface
the DA signal also oppresses the da signal.
If not being overruled by the signals DA and DB, the
signals da and db respectively controls the configuration
control register to enable or disable bus interface
A or B. That is the bus interface may be controlled
by the Processing Elements themselves. It is seen from
Figure 2.2.4-1 that interrupt signals from the interrupt
controller and data transfer to and from control/status
register RAM neither are transmitted via a disabled
bus interface. Thus, it is possible that either of
two Processing Elements are having access to the Compartmentalized
Memory, controlled by the Processing elements themselves
or by a supervisor system. The actual situation is
reflected in the control/status register RAM, that
is a Processing Element, of actions of the Maintenance
and Configuration Processor and further about the operation
of the Peripheral Processor (e.g. the control/status
RAM keeping the result of a self-checking routine in
the Peripheral Processor). If the switch adapter has
switched the Peripheral Device over from the peripheral
processor to another Peripheral Processor the control/status
register RAM of these Peripheral Processors will store
the switching conditions so that the Processing Elements
know where to fetch/convey data.
To further enhance the reliability, the dual power
supplies are connected as shown in Figure 2.2.4-1.
Dual power supplies are often connected to dissipating
devices via the power OR-ing diodes, but without the
current limiter, whereby a short circuit in one module
cuts the power to all modules supplied from the Power
Supplies (draws down both power supplies through the
diodes).
This is obviated by means of the current limiter standardly
implemented in CR80 Peripheral Modules. The Current
Limiter also gracefully turns power on/off the Peripheral
Module as it is connetrolled by an integrating circuit
connected to a special pin in the edge connector. This
shortenend pin is the last to connect, and the first
to disconnect when a Peripheral module is inserted
or withdrawn from a CR-crate. Also, special bus driver/receivers
are high impedanced against the buses. Thus, if voltages
in a module falls below nominal, the module can be
serviced and exchanged in an operational CU-crate without
introducing power supply spikes or noise on buses which
might disturb the operation of other Peripheral Modules.
The N+1 redundancy of Peripheral Modules is now described
with reference to Figure 2.2.4.-2 overleaf, showing
a peripheral subsystem of the CR80, typically incorporated
in one CR-crate (printed circuit card cage) being interfaced
to Processing Element Data Channels via Crate Interface
Adapters (CIA). The CU-crate containing M+1 Peripheral
Modules comprising peripheral processors and associated
Compartmentalized Memory (RAM) and switch adapters
(LIA-S). The CU crate is dual powered by Power Supplies
A and B.
Also shown is a Crate Configuration Adapter (CCA),
which is connected via the configuration bus to a Maintenance
and Configuration Control Processor (not shown). The
Maintenance and Configuration Processor supervising
the overall CR80 system, receives status information
from various modules and by way of example monitors
the Power Supplies A and B via lines PA and PB respectively,
the respective Crate Configuration Adapter and the
configuration bus. The Maintenance and Configuration
Processor also receives information from the Processing
Elements, this information being by way of example
a message concerning data missing or being incorrect
from Peripheral Module No. N. Such a message is mostly
created by way of the application software or on-line
diagnostics. The Maintenance and Configuration Processor,
will cause select spare signal to be transmitted to
Switch Adapter No. N (LIA-S) via the configuration
bus. The Switch Adapter comprises solid-state switches
arranged in each buswire to disconnect the telecommunication
lines from Peripheral Processor No. N and connect these
lines to the common spare Peripheral Processor No.
N+1 when the select spare signal is received.
The CR80 N+1 redundancy of Peripheral Modules combines
with the dual incorporation of Compartmentalized Memory
into two processing Elements, yield great improvements
over previously used techniques, as to connectivity
and Fault Tolerance.
Fig. 2.2.4-2…01…REDUNDANCY OF PERIPHERAL MODULES…01…AND CONFIGURATION CONTROL
2.2.5 M̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲ ̲a̲n̲d̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲ ̲P̲r̲o̲c̲e̲s̲s̲o̲r̲ ̲(̲M̲C̲P̲)̲ ̲S̲y̲s̲t̲e̲m̲
MCP system shown below (Figure 2.2.5) consists of standard
modules specially suited for monitoring and control
of CR80 Computers.
The WD-CPU, positioned as a standard Peripheral Module
in the CU-Crate, is the central Maintenance and Configuration
Processor receiving status and control messages from
the CR80 Processing Elements through its dual interface
to two PE's of the CR80 system.
The WCA (Watchdog CPU Adapter)constitutes the interface
between the WD CPU and the configuration Bus and the
four available V24 communication ports. The V24 ports
are used for connection of one or two system consoles
and for connection to a communication port for remote
maintenance and diagnostics of the CR80 system.
The Daisy Chained Configuration Bus is a dualized serial
communication path between the WCA and the connected
CCA's (Crate Configuration Adapters). The CCA is a
standard CR80 adapter module designed for monitoring
and control of the PU and CU crates. The functions
available are: monitoring og the DC voltages, switching
of LIA-S modules (switching a spare LTU to the lines
instead of a defect module), and monitoring of digital
and analogue inputs, and control of digital outputs.
The WD CPU and the WD Panel Controller utilize alternative
paths of the serial configuration bus for control and
monitoring of the attached crates and associated modules.
The serial configuration bus therefore is redundant
with different parts of it being used in AUTO and MANUAL
mode.
Figure 2.2.5…01…MCP System
A fail circuit is implemented between the WD CPU and
the WD Panel Controller, which performs automatic switching
to the manual settings of the WD Panel in case of WD
CPU failure or service. Similarly, replacement of the
WD Panel Controller can be done without off-lining
the system when under control of the WD CPU (AUTO MODE).
Crates under control of the MCP system is galvanically
isolated by optocouplers from the serial configuration
bus without electrical interference with the remaining
part of the system.
3̲ ̲ ̲E̲D̲P̲F̲ ̲H̲A̲R̲D̲W̲A̲R̲E̲ ̲C̲O̲N̲F̲I̲G̲U̲R̲A̲T̲I̲O̲N̲ ̲(̲S̲O̲W̲ ̲4̲.̲1̲)̲
The three different computer configuration requested
by CECOM, i.e. a single processor, a dual processor
and a larger development system have been identified.
All three computer can be built from standard configurations
by only adding extra modules.
By using standard configurations, Christian Rovsing
A/S can offer CECOM utilization of standard integration
procedures and thorough tested computers, which CECOM
will benefit from.
The differnet standard configurations and the flwxibility
laid down in the CR80 computer family ensures that
no compromises regarding customer tailoring has to
be made. In fact the three different computers were
configured bottom up i.e. it was realized which computer
modules had to be included. Afterwards the CR80 handbook
was used to identify the standard configuration which
were closest to the requested configuration.
Christian Rovsing A/S proposes a CR80 as the development
system because this will unify the EDPF concept, and
because it is uncertain to Christian Rovsing A/S whether
the Ada compiler will be available at the VAX computer
in time for the project. If the VAX computer inclusion
is a preferred solution to CECOM and if the question
of Adas availability can be solved, Christian Rovsing
A/S is prepared to follow that direction. Christian
Rovsing A/S has used and are still using VAX computers
in other projects. If this option is pursuited Christian
Rovsing suggest that Christian Rovsing personel could
use the CECOM owned VAX computer at Fort Monmouth for
development of some application program if it is appropriate
for CECOM.
The standard computer configuration used for the three
different computers is the CR 850/001 MAXIM COMPUTER.
The equipment list for this basic computer is:
T̲y̲p̲e̲ ̲N̲o̲.̲ D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲ Q̲t̲y̲.̲
CR8101-/036--/00 Rack 1
CR8125M/225PC/00 PU-Crate 1
CR8125M/425A-/00 CU-Crate 1
CR8105M/020--/00 Fan Unit 2
CR8106-/220--/00 Mains Filter 1
CR8050M/010--/00 Power Supply 2
CR8107-/010--/00 Power Distribution Panel 1
CR8020M/000PC/00 Map 1
CR8071M/010--/00 MIA 1
CR8030M/040PC/00 CPU Cache 1
CR8016M/128PC/00 RAM 128K 2
CR8211M/738--/00 Data Channel Termination 1
CR8211M/015--/00 Cable Data Channel 1
CR8201M/015--/00 Cable Rack Power 6
CR8055M/020--/00 MBT 5
The CR850/001 MAXIM COMPUTER is delivered in a rack
which has room for two crates, see fig. 3-1 and 2 FAN
UNITS plus MAINS FILTER. Both crates have expansion
room for additional modules.
A brief description of the modules in the processor
unit follows:
M̲e̲m̲o̲r̲y̲ ̲M̲a̲p̲p̲i̲n̲g̲ ̲M̲o̲d̲u̲l̲e̲ ̲(̲M̲A̲P̲)̲ provides addressing of
up to 16M words of virtual memory, demand paging and
a protection mechanism to prevent access from unauthorized
users.
C̲e̲n̲t̲r̲a̲l̲ ̲P̲r̲o̲c̲e̲s̲s̲o̲r̲ ̲U̲n̲i̲t̲ ̲(̲C̲P̲U̲)̲ is a general purpose processor
with 16 bits word length and a standard instruction
set of basic arithmetics, logic, transfer, and special
instruction inclusing bit, byte, word, and multiple
word manipulation. The Cache memory included on the
module minimizes the bus load and thereby insures that
the number of CPUs can be increased.
2̲5̲6̲K̲ ̲w̲o̲r̲d̲s̲ ̲w̲o̲r̲k̲i̲n̲g̲ ̲s̲t̲o̲r̲a̲g̲e̲ ̲(̲2̲5̲6̲K̲ ̲R̲A̲M̲)̲ included in the
basic processor Unit (PU) can be expanded by adding
modules of 128K words to the configuration.
D̲a̲t̲a̲ ̲C̲h̲a̲n̲n̲e̲l̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲ ̲(̲M̲I̲A̲)̲ interfaces the processor
unit via the flat cable data channel to the channel
unit. A maximum of 15 channel units can be connected
to the data channel.
P̲o̲w̲e̲r̲ ̲s̲u̲p̲p̲l̲y̲. One module is included, but if required
due to expansion of processor unit, an additional power
supply can be installed. In order to cope with the
28 VDC requirement modifications will be introduced.
The channel unit is delivered with power supply, transfer
bus, and data channel interface (CIA-A). No peripheral
controllers are included, but the unit is prepared
for installation of a great variety of single bus peripheral
controllers from the CR80 product line as DISC CTRL,
TAPE CTRL, LINE PRINTERS CTRL, Communication Line CTRL,
etc.
The Processor Unit crate and the Channel Unit crate
will be assembled in a standard 19" rack, while the
TDX subsystem will be in an adjecent rack. See fig.
3-1 and 3-2.
Figure 3-1
figure 3-2
3.1 S̲I̲N̲G̲L̲E̲ ̲P̲R̲O̲C̲E̲S̲S̲O̲R̲ ̲N̲O̲D̲E̲ ̲C̲O̲M̲P̲U̲T̲E̲R̲
The single processor node computer configuration is
shown in fig. 3.1.1. It comprises two crates plus peripherals
like disk, VDU and printer.
The processing unit PU mainly contains one CPU with
CACHE, 2 128K words of memory, RAM plus a MAP module.
In addition it contains a suprabus/TDX-bus interface
STI.
The configuration of the Single Processor computer
follows
1 CR80 850/001 MAXIM COMPUTER
A̲d̲d̲i̲t̲i̲o̲n̲a̲l̲ ̲M̲o̲d̲u̲l̲e̲s̲ Q̲t̲y̲.̲
PU
CR8021M/040PC/00 STI 1
CR8073M/010--/00 TIA 3
CR2510-/000--/00 TDX OUTLET 3
CU
CR8081M/010A-/00 CIA-A 1
CR8066M/010A-/00 LTU 3
CR8082M/010--/00 LIA-N 3
CR8044M/010A-/00 DISK CTRL 1
CR8084M/010--/00 DCA 1
Peripherals
1 VDU with an attached character printer
1 DISK STATION 80MB
FIG. 3.1.-1
3.2 D̲U̲A̲L̲ ̲P̲R̲O̲C̲E̲S̲S̲O̲R̲ ̲C̲O̲M̲P̲U̲T̲E̲R̲S̲
The dual processor node computer configuration is shown
in fig. 3.2.-1. If comprises two crates plus peripherals
like disc, VDU and printer.
The processing unit PU mainly contains 2 CPUs with
CACHE,3 128K words of memory RAM plus a MAP module.
In addition it contains a suprabus/TDX-bus interface
STI.
The channel unit, CU is identical to the single processor
CU.
1 CR80 8050/001 MAXIM COMPUTER
A̲d̲d̲i̲t̲i̲o̲n̲a̲l̲ ̲M̲o̲d̲u̲l̲e̲s̲ Q̲t̲y̲.̲
PU
CR803M0/040PC/00 CPU CACHE 1
CR8016M/128PC/00 RAM 128K 1
CR8050M/010--/00 POWER SUPLY 1
CR8021M/040PC/00 STI 1
CR8073M/010--/00 TIA 3
CR2510-/000--/00 TDX OUTLET 3
CU
CR8081M/010A-/00 CIA-A 1
CR8066M/010A-/00 LTU 3
CR8082M/010--/00 LIA-N 3
CR8044M/010A-/00 DISK CTRL 1
CR8084M/010--/00 DCA 1
Peripherals
1 VDU with an attached character printer
1 DISK STATION 80MB
Fig. 3.2.-1
3.3 D̲E̲V̲E̲L̲O̲P̲M̲E̲N̲T̲ ̲C̲O̲M̲P̲U̲T̲E̲R̲
The development computer is a triple processor and
it is shown in fig. 3.3-1. It comprises two crates
plus peripherals like three tape drivers, 1 disc drive
12 VDUs and 4 Characters Printers.
The processing unit PU mainly contains three CPUs with
CACHE, 4 128K words of memory RAM plus a MAP module.
In addition it contains a suprabus/TDX-bus interface
STI. The extra modules needed to be added to the basic
configuration CR850/001 MAXIM COMPUTER are 2 extra
CPUs with CACHE and 2 extra memory modules in the PU.
The channel unit, CU mainly contains Line termination
units, which are equipped with software for either
external line communication or terminal communication
software. Also in the CU a disk and a tape controller
is placed.
The configuration of the Development System (Triple
Processor) follows:
1 CR80 850/001 MAXIM COMPUTER
A̲d̲d̲i̲t̲i̲o̲n̲a̲l̲ ̲M̲o̲d̲u̲l̲e̲s̲ Q̲t̲y̲.̲
PU
CR8050M/010--/00 POWER SUPLY 1
CR803M0/040PC/00 CPU CACHE 2
CR8016M/128PC/00 RAM 128K 2
CR8021M/040PC/00 STI 1
CR8073M/010--/00 TIA 3
CR2510-/000--/00 TDX OUTLET 3
CU
CR8050M/010--/00 POWER SUPPLY 1
CR8081M/010A-/00 CIA-A 1
CR8066M/010A-/00 LTU 6
CR8082M/010--/00 LIA-N 6
CR8044M/010A-/00 DISK CTRL 1
CR8084M/010--/00 DCA 1
CR8045M/010A-/00 TAPE CTRL 1
CR8085M/010--/00 TCA 1
Peripherals
11 VDU
4 character printers
1 DISK STATION 80MB
3 TAPE STATION
Fig. 3.3-1
3.4 T̲D̲X̲ ̲C̲O̲N̲T̲R̲O̲L̲L̲E̲R̲S̲
When the node computers are interconnected via the
local network, i.e. the TDX bus, TDX bus controllers
are needed. One controller is needed for each connection.
The total network comprises 6 node computers each equipped
with 3 TDX bus outlet, i.e. 9 TDX controllers are needed
in total. The TDX controllers are assembled in a TDX
crate, but the maximum number of TDX crates needed
will be six, one for each node. In CECOMs experimentation
with the network, the number of TDX controllers in
each TDX crate can be varied according to the selected
network topology.
TDX crate equipped with 3 TDX controllers is shown
in fig. 3.4.-2.
CR1081S/020--/00 LTUX-S CRATE 6
CR8022S/000--/00 POWER SUPPLY 6
CR1070S/000--/00 TDX CTRL 9
CR2510-/000--/00 TDX OUTLET 9
CR8105S/010--/00 FAN UNIT 6
MINI RACK 6
CABLE RACK POWER
Fig. 3.4.-1
3.5 T̲O̲T̲A̲L̲ ̲S̲Y̲S̲T̲E̲M̲ ̲D̲E̲L̲I̲V̲E̲R̲Y̲
To be delivered as system 1 is:
3 single processors
2 dual processors
1 triple processor
1 TDX system
Spares comprising
S̲p̲a̲r̲e̲s̲ Q̲t̲y̲.̲
PU
CR8050M/010--/00 POWER SUPPLY 1
CR8003M/040PC/00 CPU CACHE 1
CR8020M/000PC/00 MAP 1
CR8071M/010--/00 MIA 1
CR8016M/128PC/00 RAM 1
CR8021M/040PC/00 STI 1
CR8073M/010--/00 TIA 1
CR2510-/000--/00 TDX OUTLET 1
CR8055M/010--/00 MBT 1
CR8105M/020--/00 FAN UNIT 1
CU
CR8081M/010A-/00 CIA-A 1
CR8066M/010A-/00 LTU 1
CR8082M/010--/00 LIA-N 1
CR8044M/010--/00 DISK CTRL 1
CR8084M/010--/00 DCA 1
CR8045M/010--/00 TAPE CTRL 1
CR8085M/010--/00 TCA 1
CR8055M/010--/00 MTT 1
TDX
CR8022S/000--/00 POWER SUPPLY 1
CR1070S/000--/00 TDX CTRL 1
CR8105S/010--/00 FAN UNIT 1
Tools
1 Data scope
1 Data communication tester
1 Disk field test unit
Connectors will be supplied
System 2 delivery will be identical to system 1 except
that no tools will be included in this shipment.
3.6 S̲Y̲S̲T̲E̲M̲ ̲U̲P̲G̲R̲A̲D̲E̲ ̲C̲A̲P̲A̲B̲I̲L̲I̲T̲Y̲
All three configurations can be updated in more than
one sense, e.g. more processing power and higher reliability.
While it is not so important to have a super reliable
experimental system, it is often critical to have a
reliable operational system. The CECOM strategy to
develop a network of computers which constantly exchange
information, and where the total system keeps operating
although one node is inoperational is one aspect of
a reliable system. In the case where one maneuver element
has been eliminated together with its computer it is
essential that other elements can continue exchanging
information and benefit from a computer system.
However, a node computer serving a maneuvre element
might become inoperational without any external reason
like a bit and having the maneuvre element without
one of its most essential resources, ie. the information
processing computer. As can be seen from the above,
it is essential that the individual node computer by
itself is very reliable and has a high availability.
The CR80 MAXIM COMPUTER initially offered in the EDPF
project can be upgraded to become CR80 FATOM computers,
i.e FAult TOlerant Multiprocessors. This upgrade can
be done by using the modules identical to the ones
already installed. The personnel to use the computers
are already familiar with the components and the software
are also unchanged.
4̲ ̲ ̲S̲O̲F̲T̲W̲A̲R̲E̲ ̲C̲H̲A̲R̲A̲C̲T̲E̲R̲I̲S̲T̲I̲C̲S̲ ̲(̲S̲O̲W̲ ̲4̲.̲2̲ ̲&̲ ̲4̲.̲3̲ ̲&̲ ̲4̲.̲4̲)̲
4.1 I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
This section describes the software which implements
the functions required for the EDPF. The software
is described in the following subsections:
o Operating System
o Standard Support Software
o Transmission Software
(Link, Network and Transport Layers)
o Communication Software
(Session and Presentation Layers)
o Application Software
The proposed software is organized in a highly modular
structure with specific emphasis in compliance to the
OSI 7-layer model.
The use of internationally acknowledged standards provides
for flexibility, security, and maintainability. Specific
emphasis has also been put to the requirement for "open
ended growth". Thus the S/W will fully comply with
this requirement.
To a large extent the proposed system builds on existing
software components. Thus a complete X.25 protocol
including a transport station is a standard S/W product,
and the Network Control Center software can be adopted
and reprogrammed in ADA from the functionally equivalent
"System Control Center" in the "Danish Defence Integrated
Communications System" developed by Christian Rovsing.
4.2 D̲A̲M̲O̲S̲ ̲-̲ ̲C̲R̲8̲0̲ ̲S̲T̲A̲N̲D̲A̲R̲D̲ ̲S̲Y̲S̲T̲E̲M̲ ̲S̲O̲F̲T̲W̲A̲R̲E̲
o DAMOS Standard System Software is divided into
- operational software
- support software
The CR80 Distributed Advanced Multi Processor Operating
system DAMOS is the standard operating system for memory
mapped CR80 systems.
DAMOS is divided into operational and support software
as defined overleaf.
DAMOS includes a virtual memory operating system kernel
for the mapped CR80 series of computers.
DAMOS fully supports the CR80 architecture which facilitates
fault tolerant computing based on hardware redundancy
and multiplexing. DAMOS supports a wide range of machines
from a single Processing Unit (PU) with 1 CPU and 128
K words of main memory, and up to a maximum configuration
with 16 PU's where each PU has 5 CPU's and 16.384 K
words of main memory and a virtually unlimited amount
of peripheral equipment including backing storage.
DAMOS is particularly suited for use in real time systems
but supports also other environments like software
development and batch. The main objectives fulfilled
in DAMOS are: high efficiency, flexibility, and secure
processing.
DAMOS is built as a hierarchy of modules, each performing
its own special task. The services offered by DAMOS
include CPU, PU, and memory management. Demand paging
is the basic memory scheduling mechanism, but process
swopping is also supported. Other levels of DAMOS
provide process management and interprocess communication,
basic device handling and higher level device handling
including handling of interactive terminals, communication
lines, and file structured backing storage devices.
DAMOS provides an operating system kernel which integrates
supervisory services for real time, interactive and
batchsystems. A comprehensive set of software development
tools is available under DAMOS. The languages overleaf
are presently available.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
DAMOS
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲
OPERATIONAL SUPPORT
SOFTWARE SOFTWARE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲
- Kernel
- resource management - terminal operating system
- directory functions - language processors
- process management - system generation software
- memory management - debugging facilities
- process communica- - utilities
tion
- device management - maintenance and diagnostic
programs
- device handling
- error processing
- real time clock
- PU management
- PU service
- transfer module
- Basic transport service
- Input/output system
- File Management
- Magtape Management
- Terminal Management
- Initialization
Fig. II-4.2-1…01…DAMOS Software Overview
- assembler
- SWELL, the CR80 system programing language
- Pascal
- Cobol
- Ada subset
The following languages are announced:
- Fortran 77
- Ada (all functions)
The DAMOS standard operational software is described
in this section. The description is divided into the
following areas:
- Overview of DAMOS
- Security,
which describes the general DAMOS approach to data
security
- Kernel,
which describes the DAMOS operating system kernel
components
- DAMOS Input/Output,
which describes the DAMOS standard interfaces to
peripheral I/O equipment, the DAMOS disk file management,
magnetic tape file management and terminal and
communication line management systems
- System initialization
The DAMOS standard support software
- terminal operating system
- programing languages
- system generation software
- debugging software
- utilities
- maintenance and diagnostics programs
is defined in section 4.3.
4.2.1 O̲v̲e̲r̲v̲i̲e̲e̲ ̲o̲f̲ ̲D̲A̲M̲O̲S̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲a̲l̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲(̲S̲O̲W̲ ̲4̲.̲4̲)̲
DAMOS may be visualized as the implementation of a
set of abstract data types and a corresponding set
of tools for creating and manipulating instantiations
(objects) of these types.
The major components in DAMOS are the Kernel, the File
Management System, the Magnetic Tape File Management
System, the Terminal Management System and the Root
Operating System.
The DAMOS Kernel exists in one incarnation for each
processing unit (PU). The data types and functions
implemented by the Kernel are:
D̲a̲t̲a̲ ̲T̲y̲p̲e̲ F̲u̲n̲c̲t̲i̲o̲n̲
CPUs CPU management and scheduling
processes process management
virtual memory segments memory management
PU's PU management
synchronization elements inter process communication
device device management and
basic device access methods
ports basic transport service
The Kernel also provides facilities for
- processing of errors
- centralized error reporting
- a data transfer mechanism
- a PU service module
The File Management System (FMS) implements files on
disks. The FMS provides functions for manipulating
and accessing files and acts as an operating system
for a group of disks units. The FMS may exist in several
incarnations in each PU where each incarnation controls
its own devices.
The Terminal Management System (TMS) is similar to
the FMS. It provides functions for manipulating and
accessing communication lines and terminals including
line printers. The objects accessed via the TMS are
called units. A unit may be an interactive terminal,
a line printer or a virtual circuit. The TMS acts
as
an operating system for a group of communication devices
attached via LTUs, LTUXs or a parallel controller.
The TMS may exist in several incarnations in each PU,
each incarnation controlling its own devices.
The Magnetic Tape File Management System handles files
on magnetic tape units.
A common security policy and hierarchical resource
management strategy is used by the Kernel, the FMS
and the TMS. These strategies have been designed with
the objective of allowing multiple concurrent higher
level operating systems to coexist in a PU in a secure
and independent manner.
The Root operating system is a basic high level operating
system which intially possesses all resources in its
PU.
The DAMOS kernel, the File Managemet System, the Terminal
Management System and the Magnetic Tape File Management
are all programmed in SWELL. All the mentioned subsystems,
except the DAMOS kernel, can optionally be reprogrammed
in ADA if requested by CECOM.
4.2.2 S̲e̲c̲u̲r̲i̲t̲y̲
DAMOS offers comprehensive data security features.
A multilevel security system ensures that protected
data is not disclosed to unauthorized users and that
protected data is not modified by unauthorized users.
All memory allocatable for multiple users is erased
prior to allocation in case of reload, change of mode,
etc. The erase facility is controlled during system
generation.
The security system is based on the following facilities:
- Hardware supported user mode/privileged mode with
16 privilege levels. Priviliged instructions can
be executed only when processing under DAMOS control.
- Hardware protected addressing boundaries for each
process.
- Non-assigned instructions will cause a trap.
- Primary memory is parity protected.
- Memory bound violation, non-assigned instructions,
or illegal use of privileged instructions cause
an interrupt of highest priority.
- The hierarchical structure of DAMOS ensures a controlled
use of DAMOS functions.
- A general centralized addressing mechanism is used
whenever objects external to a user process are
referred to.
- A general centralized access authorization mechanism
is employed.
Centralized addressing capabilities and access authorization
are integral parts of the security implementation.
User processes are capable of addressing Kernel objects
only via the associated object descriptor table. The
following types of DAMOS objects are known only via
object descriptors:
- Processes
- Synchronization elements
- Segments
- Devices
- PUs
- CPUs
- Ports
The object forms the user level representation of a
DAMOS Kernel object. It includes the following information:
- A capability vector specifying the operations which
may be performed on the object by the process which
has the object descriptor.
- A security classification
The access right information concerning the various
DAMOS objects is retained in a PU directory of object
control blocks. Each control is associated with a
single object.
When the access right of a process to a segment is
verified and the segment is included in the logical
memory space of the process, the contents of that segment
may be accessed on a 16-bit word basis at the hardware
level subject to hardware access checks.
Authorization of access to an object is based on
- security classification check
- functional capability check for the object
versus the process
The security policy is based on a multilevel -multicompartment
security system.
4.2.3 K̲e̲r̲n̲e̲l̲ ̲(̲S̲O̲W̲ ̲4̲.̲4̲)
The DAMOS Kernel is a set of reentrant program modules
which provide the lowest level of system service above
the CR80 hardware and firmware level.
The Kernel consists of the following components:
- Resource Management,
which administers resources in a coherent way
- Directory Functions,
which provide a common directory service function
for the other Kernel components
- Process Manager,
which provides tools for CPU management, process
management and scheduling
- Page Manager,
which provides memory management tools and implements
a segmented virtual memory
- Process Communication Facility,
which provides a mechanism for exchange of control
information between processes
- Device Manager
which provides a common set of device related functions
for device handlers and a standard interface to
device handlers
- Device Handlers,
which control and interface to peripheral devices
- Error Processor,
which handles errors detected at the hardware and
Kernel level and provides a general central error
reporting mechanism
- Real Time Clock
for synchronization with real time
- PU Manager,
which provides functions for coupling and decoupling
PUs
- PU Service Module,
which provides service functions for remote PUs
- Transfer Module
for a hardware based transfer of data in a PU and
between PUs
- Basic Transport Service,
which provides a general mechanism for exchange
of bulk data between processes and device handlers.
The following subsections describe the main Kernel
functions:
- resource management
- process management
- memory management
- process communication
- CPU management
- PU management
- Basic transport service
4.2.3.1 R̲e̲s̲o̲u̲r̲c̲e̲ ̲M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲
The goal of DAMOS Resource Management is to implement
a set of tools which enables the individual DAMOS modules
to handle resources in a coherent way. This again,
will make it possible for separate operating systems
to implement their own resource policies without interference.
Further built-in deadlock situations will be avoided.
The resource management module governs anonymous resources,
such as control blocks. Examples of resource types
are:
- process control blocks
- segment control blocks
- synchronization elements
- PU directory entries
Each type of resource is managed independently from
all other types.
The resources are managed in a way that corresponds
to the hierarchical relationships among processes.
Two operating systems which have initially got disjoint
sets of resources, may delegate these resources to
their subordinate processes according to separate and
non-interfering strategies. For example, one operating
sytem may give all its subordinate processes distinct
resource pools, i.e. there will not be any risk of
one process disturbing another. On the contrary, the
other operating system may let all its subordinate
processes share a common pool, i.e there may be a much
better resource utilization at the cost of the risk
for deadlock among these processes.
4.2.3.2 P̲r̲o̲c̲e̲s̲s̲ ̲M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲
In the CR80 system, a clear distinction is made between
programs and their executions, called processes. This
distinction is made logically as well as physically
be applying two different base registers: one for program
code and one for process data. This distinction makes
reentrant, unmodifiable code inevitable.
The process is the fundamental concept in CR80 terminology.
The process is an execution of a program module in
a given memory area. The process is identified to
the remaining software by a unique name. Thus, other
processes need not to be aware of the actual location
of a process in memory but must refer to it by name.
"This data furnished in connection with Solicitation
No. D̲A̲A̲B̲ ̲0̲7̲-̲8̲2̲-̲Q̲-̲5̲0̲1̲1̲, shall not be disclosed outside
Government and shall not be duplicated, used, or disclosed
in whole or in part for any purpose other than to evaluate
the quotation; p̲r̲o̲v̲i̲d̲e̲d̲, that if a contract is awarded
to this quoter as a result of or in connection with
the submission of this data, the Government shall have
the right to duplicate, use, or disclose the data to
the extent provided in the contract. This restriction
does not limit the Government's right to use information
contained in the data if it is obtained from another
source without restriction. The data subject to this
restriction comprises all sheets."
