top - download
⟦7efd03578⟧ Wang Wps File
Length: 6875 (0x1adb)
Types: Wang Wps File
Notes: intern meddelelse no. 101
Names: »0881A «
Derivation
└─⟦3eaaffc64⟧ Bits:30006034 8" Wang WCS floppy, CR 0057A
└─ ⟦this⟧ »0881A «
WangText
…02…
…02… FH/810604…02……02…#
INTERN MEDDELELSE NR. 101
…02… FH/810522…02…CAMPS
To: JH[
Fm: FH
S̲u̲b̲j̲e̲c̲t̲:̲ ̲D̲A̲M̲O̲S̲ ̲E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲i̲n̲g̲
As error handling is important in CAMPS, the DAMOS
error reporting mechanisms are summarized in this note.
Please verify the correctness of the outline.
Error isolation and the detailed contents of error
reports are not covered here.
A̲B̲B̲R̲E̲V̲I̲A̲T̲I̲O̲N̲S̲
SDSE: Secondary Device Status Synchronization
Element
PSE: Parent Synchronization Element
CESE: Central Error Synchronization Element
COPSY: CAMPS Operating System.
PDSE: Primary Devise Status Synchronization Element
1̲ ̲ ̲G̲E̲N̲E̲R̲A̲L̲ ̲R̲E̲P̲O̲R̲T̲I̲N̲G̲ ̲M̲E̲C̲H̲A̲N̲I̲S̲M̲
F̲o̲r̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲ ̲E̲r̲r̲o̲r̲s̲:̲
An irrecoverable error at one level (refer to figure
1, 2, and 3 overleaf) implies:
- one report is sent to the creator of the device
(e.g. terminal, channel, LTUX, BSM, TDX BUS, PU
+ STI)
- all subsequent accesses of the device are returned
with a cc defining: terminal disconnected.
- for TMS devices: the disabling of a user connection
is signalled on the system connection.
F̲o̲r̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲E̲r̲r̲o̲r̲s̲ ̲(̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲V̲i̲o̲l̲a̲t̲i̲o̲n̲)̲
A serious (e.g. security violation) error in a child
process is reported to the parent of the child. (Refer
figure 4), and the child is retired.
Figure 1 and 2
Figure 3
FIGURE 4 SPECIFICATION OF THE CAMPS
- process hierarchy
- handling of devices, channels, terminals, volumes
- placement of PSE, PDSE, SDSE, CESE
DVM/DVHs are supposed to be KERNEL pseudo-processes.
1.1 R̲E̲P̲O̲R̲T̲I̲N̲G̲ ̲A̲T̲ ̲T̲H̲E̲ ̲D̲I̲F̲F̲E̲R̲E̲N̲T̲ ̲L̲E̲V̲E̲L̲S̲
The following categories described:
Section 2.1 Single terminal error reporting
Section 2.2 LTU/LTUX error reporting
Section 2.3 Channel error reporting
Section 2.4 BSM-X error reporting
Section 2.5 TDX bus error reporting
Section 2.6 PU error reporting
Section 2.7 Error interrupts reporting
Section 2.8 On-line diagnostics reporting
Section 2.9 Mirrored disks error reporting
Section 2.10 Single disk error reporting
Section 3.1 Security violation
Section 3.2 Non-security violation
2̲ ̲ ̲H̲A̲R̲D̲W̲A̲R̲E̲ ̲E̲R̲R̲O̲R̲S̲
2.1 S̲I̲N̲G̲L̲E̲ ̲T̲E̲R̲M̲I̲N̲A̲L̲ ̲E̲R̲R̲O̲R̲
2.1.1 D̲e̲t̲e̲c̲t̲e̲d̲ ̲D̲u̲r̲i̲n̲g̲ ̲U̲s̲e̲r̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
1) A cc is returned to the user defining:
- irrecoverable terminal error
2) The user connections are disabled
3) A report is sent to SDSE defining:
- irrecoverable terminal error
- a terminal identification
4) A subsequent COPSY call on the system connection
receives a cc defining:
- transition from user to system state
2.1.2 D̲e̲t̲e̲c̲t̲e̲d̲ ̲D̲u̲r̲i̲n̲g̲ ̲C̲O̲P̲S̲Y̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲n̲ ̲a̲ ̲S̲y̲s̲t̲e̲m̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲
1) A cc is returned defining
- transition from user to system state
2) the user connection is disabled
3) A report is sent to SDSE defining:
- irrecoverable terminal error
- a terminal identification
2.2 L̲T̲U̲/̲L̲T̲U̲X̲ ̲E̲R̲R̲O̲R̲
2.2.1 D̲e̲t̲e̲c̲t̲e̲d̲ ̲D̲u̲r̲i̲n̲g̲ ̲U̲s̲e̲r̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
1) All user connections to the terminals at the LTU/LTUX
are disabled.
2) The call implying the detection of the error and
all subsequent calls at user connections get the
cc:
- irrecoverable terminal error
3) A report is sent to SDSE defining:
- irrecoverable LTU/LTUX error
- a device identification
4) Subsequent COPSY calls on any of the system connections
imply a cc defining:
- transition from user to system state
2.2 D̲E̲T̲E̲C̲T̲E̲D̲ ̲D̲U̲R̲I̲N̲G̲ ̲C̲O̲P̲S̲Y̲ ̲O̲P̲E̲R̲A̲T̲I̲O̲N̲
As above.
2.3 C̲H̲A̲N̲N̲E̲L̲ ̲(̲L̲T̲U̲/̲L̲T̲U̲X̲)̲ ̲E̲R̲R̲O̲R̲
Handled as LTU/LTUX errors except for the SDSE report,
which defines
- irrecoverable channel error
- a channel identification
2.4 B̲S̲M̲-̲X̲ ̲E̲R̲R̲O̲R̲
Handled as 2 LTUX errors. However, only reporting to
the creator of the BSM-X, in a SDSE, defining:
- irrecoverable BSM-X error
- BSM-X no.
2.5 T̲D̲X̲ ̲B̲U̲S̲ ̲(̲T̲D̲X̲ ̲C̲T̲R̲,̲ ̲T̲D̲X̲ ̲B̲U̲S̲,̲ ̲T̲I̲A̲s̲)̲ ̲E̲R̲R̲O̲R̲
A switchover is performed. (Maybe COPSY has to command
the watchdog to switch BSM-Xs)
A report is sent to the creator of the TDX BUS in a
SDSE, defining:
- TDX Bus switchover
- failed TDX BUS number
2.6 P̲U̲ ̲(̲I̲N̲C̲L̲U̲D̲E̲S̲ ̲S̲T̲I̲ ̲A̲N̲D̲ ̲I̲O̲B̲U̲S̲)̲ ̲E̲R̲R̲O̲R̲
For some PU errors refer 2.7 a retire of the process,
which detects the error, is performed (hereby a report
is sent to PSE).
For the remaining errors:
- A disabled error print-out routing is called to
sent an error message which is defined at system
generation to the watchdog printer.
- The PU is shut-down via a programmed master clear.
- the MAP is saved
- the MAP PROM is entered
C̲o̲m̲m̲e̲n̲t̲
If a PU includes more than one STI or IOBUS, another
scheme is to be implemented.
2.7 E̲R̲R̲O̲R̲ ̲I̲N̲T̲E̲R̲R̲U̲P̲T̲S̲
Either a
1) retire of the calling process, or
2) PU shut-down
is performed as described in EP-PSP/027
2.7.1 D̲u̲r̲i̲n̲g̲ ̲R̲e̲t̲i̲r̲e̲
A report is sent to PSE defining
- the cause of the error interrupt
2.7.2 D̲u̲r̲i̲n̲g̲ ̲P̲U̲ ̲S̲h̲u̲t̲-̲D̲o̲w̲n̲
Refer section 2.6.
Error interrupts are not only due to a hardware error.
Also e.g. illegal instructions are detected in this
way.
These software error interrupts are covered in section
3.1 as security violation.
2.8 O̲N̲-̲L̲I̲N̲E̲ ̲D̲I̲A̲G̲N̲O̲S̲T̲I̲C̲S̲ ̲R̲E̲P̲O̲R̲T̲I̲N̲G̲
A built-in self-test program, which is executed periodically,
reports errors to SDSE.
2.9 M̲I̲R̲R̲O̲R̲E̲D̲ ̲D̲I̲S̲K̲S̲ ̲(̲D̲I̲S̲K̲ ̲C̲T̲A̲,̲ ̲D̲I̲S̲K̲ ̲D̲R̲I̲V̲E̲,̲ ̲U̲D̲L̲U̲M̲E̲)̲ ̲E̲R̲R̲O̲R̲S̲
Bad sectors and retries are handled by FMS and handlers,
which build up a statistics area summing the errors.
Warnings are sent to SDSE, when thresholds are exceeded.
2.9.1 E̲r̲r̲o̲r̲ ̲i̲n̲ ̲a̲ ̲S̲i̲n̲g̲l̲e̲ ̲D̲i̲s̲k̲
Is reported to SDSE by FMS. Users are not affected.
2.9.2 E̲r̲r̲o̲r̲ ̲i̲n̲ ̲B̲o̲t̲h̲ ̲D̲i̲s̲k̲s̲
A report is sent to SDSE. Subsequent calls of the FMS
(via IOS) are returned via a cc defining:
- irrecoverable dual disk error
2.10 S̲I̲N̲G̲L̲E̲ ̲D̲I̲S̲K̲ ̲E̲R̲R̲O̲R̲
Handled a 9, except 9.1 is omitted.
3̲ ̲ ̲S̲O̲F̲T̲W̲A̲R̲E̲ ̲E̲R̲R̲O̲R̲S̲
3.1 S̲E̲C̲U̲R̲I̲T̲Y̲ ̲V̲I̲O̲L̲A̲T̲I̲O̲N̲
A security violation inplies that the calling process
is retired and a report is sent to PSE.
Also, certain parameter errors in Kernel calls may
imply an automatic retire.
3.2 N̲O̲N̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲ ̲V̲I̲O̲L̲A̲T̲I̲O̲N̲
A cc is returned to the caller
