top - download
⟦881027326⟧ Wang Wps File
Length: 28408 (0x6ef8)
Types: Wang Wps File
Notes: CPS/SDS/029
Names: »1730A «
Derivation
└─⟦20fb15aa2⟧ Bits:30006084 8" Wang WCS floppy, CR 0130A
└─ ⟦this⟧ »1730A «
WangText
…02…CPS/SDS/029
…02…820514…02……02…
SYSTEM STATUS AND CONTROL
DETAILED DESIGN SPECIFICATION CAMPS
3̲ ̲ ̲E̲N̲V̲I̲R̲O̲N̲M̲E̲N̲T̲
3.1 E̲Q̲U̲I̲P̲M̲E̲N̲T̲
As SSC initially owns all resources, all CAMPS equipment
may be used in the operation of SSC.
3.2 S̲O̲F̲T̲W̲A̲R̲E̲
3.2.1 S̲y̲s̲t̲e̲m̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
N.A.
3.2.2 D̲e̲v̲e̲l̲o̲p̲m̲e̲n̲t̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
N.A.
3.3 I̲N̲T̲E̲R̲F̲A̲C̲E̲S̲
3.3.1 E̲x̲t̲e̲r̲n̲a̲l̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
a) The SSC implements the operator commands described
in CPS/ICD/0010 Operation Commands and Procedures.
b) The SSC implements the
- Sign on
- Sign off
- Security interrogation
- Security Warning
procedures in CPS/230/ICD/0001: User Procedures
and Associated Formats.
c) The SSC implements the
- Assign supervisor
- CAMPS GO
procedures in CPS/230/ICD/0002, Supervisor Commands
and Procedures.
3.3.2 P̲a̲c̲k̲a̲g̲e̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
The description is divided into
- Start-up and close-down of processes
- Commands to SSC during on-line operation
- SSC generation of logs, reports, and statistics
- SSC reception of error reports
- Start-up, operational control and close down of
line subprocesses
- Interfaces to SSP and OLP
3.3.2.1 S̲t̲a̲r̲t̲-̲U̲p̲ ̲a̲n̲d̲ ̲C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲ ̲o̲f̲ ̲P̲r̲o̲c̲e̲s̲s̲e̲s̲
SSC starts all COPSY childprocesses DAMOS vice via
a resume command. The following processes are resumed.
TEP processes
- UMAM
- SPIP
- SUPV
- USER, MSO, MDCO
- ROP
- OCR
THP processes
- ACS
- AAS
- PTR
- PTP
- NICS ̲TARE
- SCARS-CCIS
- TRC ̲PTOP
TMP Processes
- TMP
LOG Processes
- LOG
STP Processes
- STP
SAR Processes
- SAR
MDP Processes
- MDP
During create of a process COPSY specifies start-up
information in registers (Refer to the SWICD section
6.5 for a detailed description of the register contents).
Prior to entering the user program the common
- PREINITIALIZATION procedure
is invoked (Refer to the SWICD section 6.5 for a detailed
description of the PREINITIALIZATION procedure.
For the CSF and TMP processes SSC loads a
- TMP ̲LOAD ̲TABLE
- CSF ̲LOAD ̲TABLE
into CSF, TMP data space prior to resume.
(Refer to the DBD section 5.2.1 for a detailed description
of these tables)
3.3.2.1.1 S̲p̲e̲c̲i̲f̲i̲c̲ ̲S̲t̲a̲r̲t̲-̲U̲p̲
The MMS is requested to restore the CAMPS queue contents
in WARM1 and WARM2 start-up-types via the MMON command:
- START ̲SYSTEM
3.3.2.1.2 C̲l̲o̲s̲e̲ ̲D̲o̲w̲n̲ ̲S̲y̲s̲t̲e̲m̲
SSC close the
- TEP Processes
- UMAM
- SPIP
- THP Processes
- ACS
- AAS
- STP Processes
- STP
- SAR Processes
- SAR
- MDP Processes
- MDP
- SSC processes
- CMI
- OLD
during an ordered closedown by sending a command to
a command input queue. A reply is awaited.
Prior to this close-down line subprocesses have been
closed.
The processes are closed in the following sequence:
- OLD
- AAS
- ACS
- UMAM
- SPIP
- MDP
- LOG
- STP
- SAR
- CMI
3.3.2.2 O̲n̲l̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲ ̲t̲o̲ ̲S̲S̲C̲
During on-line operation SSC receives the following
commands:
- security interrogation (CSF)
- security warning (CSF)
- release security interrogation (TEP.USER)
- system integrity check (TEP.SUPV)
- CAMPS GO (TEP.SUPV)
- block terminal (TEP.SUPV)
- unblock terminal (TEP.SUPV)
- accept SAD (TEP.SUPV)
- no accept (SAD) (TEP.SUPV)
- accept EXC (TEP.SUPB)
- no accept EXC. (TEP.SUPV)
- terminal profile changed (TEP.SUPV)
- device profile changed (TEP.SUPV)
- circuit profile changed (TEP.SUPV)
- atomal printer changed (TEP.SUPV)
Upon command execution SSC sends a reply to the requestor.
The CSF commands are defined in the SWICD section 4.2.3,
while the TEP commands are further described in the
SWICD section 4.2.1.
3.3.2.3 S̲S̲C̲ ̲G̲e̲n̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲L̲o̲g̲s̲,̲ ̲R̲e̲p̲o̲r̲t̲s̲,̲ ̲a̲n̲d̲ ̲S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲
3.3.2.3.1 G̲e̲n̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲L̲o̲g̲
SSC generates log records and sends these to the LOG
Package.
Refer to section 2.2.2.3.1 for a definition of the
log records in question.
3.3.2.3.2 G̲e̲n̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲
SSC generates statistics, which are given to STP. Refer
to section 2.2.2.5.2 for a definition of the statistics
foreseen.
3.3.2.3.3 G̲e̲n̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲R̲e̲p̲o̲r̲t̲s̲
SSC sends security reports to TEP.
Refer to section 2.2.2.5.3 for a definition of the
SSC security reports.
3.3.2.3.4 S̲e̲n̲d̲i̲n̲g̲ ̲o̲f̲ ̲T̲e̲c̲h̲n̲i̲c̲a̲l̲ ̲E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲s̲
SSC directs error reports to the supervisor report
printer, when the WDP ̲ROP is down.
3.3.2.4 S̲S̲C̲ ̲R̲e̲c̲e̲p̲t̲i̲o̲n̲ ̲o̲f̲ ̲E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲s̲
The SSC receives garble error reports from
- TEP
- MDP
- LOG
- THP
- SAR
- STP
processes via the SEND ̲GARBLE procedure during on-line
operation. Refer to section 6.3 in the SWICD for a
detailed description of these error-reports.
3.3.2.5 S̲S̲C̲ ̲L̲i̲n̲e̲ ̲S̲u̲b̲p̲r̲o̲c̲e̲s̲s̲ ̲C̲o̲n̲t̲r̲o̲l̲
SSC controls TEP and THP line-subprocesses during start-up,
online operation and during close down by sending commands
to:
- TEP VDU-subprocesses
- start
- restart
- stop
- block (not applicable to a SUPV)
- close down
- TEP or THP SAD-subprocesses
- start
- stop
- resume print
- close
- THP EXC subprocesses
- start
- stop
- close
The subprocess sends an acknowledgement upon command
execution.
A start VDU command is sent after
- sign on and
- select of functional capabilities
A start SAD or EXC command is sent after
- supervisor specifications of accept of input/output
A restart VDU command is sent to the supervisor
- in supervisor only mode
A stop VDU command is set after
- sign off
- reception of the SUPV CAMPS GO command
A stop SAD or EXC command is sent after
- supervisor specification of non accept of input/output
- line error
- software error
A block VDU command is sent after
- supervisor specificaton of block
- line error
- software error
- security violation
A resume Print command is sent after
- paper-in ROP condition received
The close command is sent:
- during on ordered close down of the CAMPS system
An ordered close down command is divided into two commands:
- initial close down
- final close down, which is sent after a closedown
period as specified by the operator
EXC and SAD subprocesses will, when receiving the initial
closedown command stop processing, when a complete
message is:
- printed
- send
- punched
- received
- transmitted
When receiving the final close down command a cancel/suspend/no
action is executed.
A VDU closedown sequence is similar to the above close
down sequence, except that the init close down command
is replaced by a display in the system line of:
- system to be closed within DTG
3.3.2.6 S̲S̲C̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲ ̲t̲o̲ ̲S̲S̲P̲ ̲a̲n̲d̲ ̲O̲L̲P̲
a) Via operator commands the resources necessary for
SSP operation can be allocated.
b) Via the WDP ̲VDU and WDP the operational commands
relating to SSP operations are directed to an off-line
PU, where they are executed.
3.4 F̲U̲N̲C̲T̲I̲O̲N̲S̲ ̲M̲A̲I̲N̲T̲A̲I̲N̲E̲D̲ ̲B̲Y̲ ̲O̲T̲H̲E̲R̲ ̲P̲A̲C̲K̲A̲G̲E̲S̲
3.4.1 R̲e̲c̲o̲v̲e̲r̲y̲
The TMP handles updates in configuration and profile
tables such that partial updates are avoided i.e. an
update is either completed or has not changed the table.
3.4.2 E̲r̲r̲o̲r̲ ̲D̲e̲t̲e̲c̲t̲i̲o̲n̲ ̲a̲n̲d̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
The Kernel retires a process automatically in the following
cases:
- Security violation in system call
- PU error, which can be localized to within a single
user process
and sends a report to a process synchronization element.
For PU errors, which cannot be localized to within
a single user process, an automatic PU-SHUT ̲DOWN is
executed by the KERNEL.
A PU ̲SHUT ̲DOWN implies
- an error message is saved in a Kernel area, which
may be printed via a MAP command issued by the
operator.
- a programmed master clear is issued
ROOT receives PSE reports from its children
- COPSY
- TMS
- FMS
Upon reception of a PSE report ROOT will call the PU
̲ERROR Procedure.
3.4.3 S̲e̲c̲u̲r̲i̲t̲y̲
Low level security checks are performed by the KERNEL
based on:
- classification of DAMOS objects and subjects (processes)
- access rights for processes to a DAMOS object
High level security checks are performed by the queue
monitor based on:
- queue profiles and subprocess profiles
- access capabilities for a subprocess to queue elements
4̲ ̲ ̲P̲A̲C̲K̲A̲G̲E̲ ̲D̲E̲S̲I̲G̲N̲
4.1 P̲a̲c̲k̲a̲g̲e̲ ̲O̲v̲e̲r̲v̲i̲e̲w̲
4.1.1 F̲u̲n̲c̲t̲i̲o̲n̲a̲l̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
Sections 4.1.1.1 to 4.1.1.7 describes the functions
derived in section 2.2.1 and 2.2.2 to a level of detail,
which enables an allocation of the functions to process
or coroutine software structures.
Section 4.1.1.7 describes common requirements for any
software structure.
The sections, in which SSC functions (identified by
a number) are described, are defined in figure 4.1.1-1.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
FCT
NO. TITLE DESCRIBED IN SECTION
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 Overview 2.2.1
2 Online diagnostics 2.2.1.1 4.1.1.1
3 Line M&C 2.2.1.2 4.1.1.2
4 Technical error
processing 2.2.1.3 4.1.1.3
5 Operator commands 2.2.1.4 4.1.1.4
6 Offline PU operation 2.2.1.5 4.1.1.5
7 WDP FW 2.2.1.6 4.1.1.6
8 Bootload 2.2.2.1.1.1
9 Start active 2.2.2.1.1.2 4.1.1.4.3.1
10 Common start active 4.1.1.4.3.1
11 Start standby 2.2.2.1.1.2 4.1.1.4.3.3
12 Security 2.2.2.6 4.1.1.4.3.3
13 Recovery 2.2.2.2
14 Close active 2.2.2.1.2.1 4.1.1.4.3.2
15 Close standby 2.2.2.1.2.2
16 Validity checks 2.2.2.4
17 Data collection 2.2.2.5
18 Own error handling 2.2.2.3
19 Peripheral recon-
figuration 4.1.1.3
20 Common peripheral
reconfiguration 4.1.1.3
21 Common line M&C 4.1.1.2.2
22 Common SSC functions 4.1.1.7.1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Figure 4.1.1-1 SSC Function to Section Table
4.1.1.1 O̲n̲-̲L̲i̲n̲e̲ ̲D̲i̲a̲g̲n̲o̲s̲t̲i̲c̲s̲
The functions covered by on-line diagnostic are defined
in section 2.2.1.1.
4.1.1.2 L̲i̲n̲e̲ ̲M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲ ̲a̲n̲d̲ ̲C̲o̲n̲t̲r̲o̲l̲
The line M&C functions are depicted on figure 4.1.1.4-1.
The two line M&C functional categories:
- external commands
- control monitoring of line events and subsequent
control
are detailed on figure 4.1.1.4.1-1 and figure 4.1.1.4.2-1
and explained below.
Fig. 4.1.1.2-1…01…Line Monitoring and Control Functions
4.1.1.2.1 E̲x̲e̲c̲u̲t̲i̲o̲n̲ ̲o̲f̲ ̲E̲x̲t̲e̲r̲n̲a̲l̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
The external commands control:
- VDUs
The TEP (supervisor) can request block/unblocking
of a VDU.
The supervisor notifies SSC, that a terminal profile
has been changed.
The TEP (release VDU) can request security interrogation.
During presentation CSF (MMON) can request security
interrogation/warning.
- SADs
The TEP (supervisor) can specify accept/non-accept
of input/output
The supervisor notifies SSC, that a device profile
has been changed.
- EXCs
The TEP (supervisor) can specify accept/non-accept
of input/output on a line or on a circuit.
- The supervisor notifies SSC, that a circuit profile
has been changed.
The supervisor assignment of a new atomal printer is
reported to SSC.
The CAMPS GO command is sent in supervisor only mode
and terminates this mode.
Fig. 4.1.1.2.1-1…01…External Line Control COMMNOS
4.1.1.2.2 M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲ ̲o̲f̲ ̲L̲i̲n̲e̲ ̲E̲v̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲s̲u̲b̲s̲e̲q̲u̲e̲n̲t̲ ̲c̲o̲n̲t̲r̲o̲l̲
During creation of lines in TMS a synchronization element
is specified.
This synchronization element is used for reporting
of events related to the line.
For VDU lines the following events are reported:
- line error
- system key depression
- security key position
The system key is used to request
- sign on/off
- assign supervisor terminal
- specify terminal functional capability
For SAD lines the following events are reported:
- line error
- security key position (only for PTR and MTP ̲ROP)
- paper in/out
For EXC lines the following events are reported:
- line error
The handling of line errors and paper in/out is covered
in the following chapter.
The security key is handled as follows:
- key from on to off.
For a SAD the corresponding subprocess is stopped
(if the SAD is connected). The connected status
is left unchanged.
For a VDU, which is signed in then
- the VDU is blocked
- a security report is sent
For a signed off VDU nothing is done.
- Key from off to on
For a SAD the corresponding subprocess is started
(if the SAD is connected). For disconnected SAD
nothing is done. The connected status is left unchanged.
For a VDU, sign-in will be possible if the VDU
is unblocked.
For a blocked/signed-off VDU nothing is done Supervisor
commands, which changes the connected/blocked status
field, are executed independently of the security
key position.
The WDP monitoring and control is divided into the
following areas
- reception of reports from
- the watchdog itself via a WDP TMS connection
- TMS via a synchronization element
and subsequent execution of control
- sending of commands via a WDP TMS connection to
the WDP.
4.1.1.2.2.1 R̲e̲c̲e̲p̲t̲i̲o̲n̲ ̲o̲f̲ ̲r̲e̲p̲o̲r̲t̲s̲
COPSY receives monitoring reports related to the watch-
dog as defined in figure 4.1.1.2.2-1.
Four categories of reports are received:
- CCB reports
- line events
- own event
- print report
4.1.1.2.2.2 C̲C̲B̲ ̲r̲e̲p̲o̲r̲t̲s̲
The GO SB AC (go standby active) is signalled to the
standby PU and implies a WARM2 start up.
The SB PU UP/DOWN, SB CU UP/DOWN and NOW AC TDX UP/DOWN
reports makes COPSY update appropriate PORT tables
and print an error message.
The BSM ̲X ̲DOWN report is handled in the following section.
The WARNING, NORMAL ̲AGAIN reports relate to WDP registration
events e.g.
- crate temperature out of range and normal again
COPSY prints an error message.
4.1.1.2.2.3 L̲i̲n̲e̲ ̲e̲v̲e̲n̲t̲s̲
During creation of TMS Watchdog connections a synchronization
element is specified upon which the events in figure
4.1.1.2.2-1 are reported. The COPSY handling is described
to the following section.
4.1.1.2.2.4 O̲w̲n̲ ̲E̲v̲e̲n̲t̲
Periodically COPSY is invoked by a timer signal, which
is used to send a keep alive message to the watchdog.
4.1.1.2.2.5 R̲e̲p̲o̲r̲t̲
The watchdog informs the active PU of 4 number series
used during WDP-ROP printout (refer section 4.1.4).
During WDP reinsertion these numbers are given to the
WDP.
The error report number is displayed at the WDP ̲VDU
configuration display.
4.1.1.2.2.6 S̲S̲C̲ ̲P̲U̲ ̲c̲o̲m̲m̲a̲n̲d̲s̲ ̲t̲o̲ ̲t̲h̲e̲ ̲W̲D̲P̲
COPSY communicates with the watchdog during
- start-up of CAMPS system or during reinsertion
of a failed WDP.
- online operation
During start-up COPSY can
- via the WHO AM I command get a PU identification
of itself.
- via the CONFIGURATION command inform the WDP about
the current configuration to be monitored/controlled.
- via the GO ̲CAMPS ̲WDP command notify the WDP, that
the PU is now operational and will start sending
"keep alive" messages.
During online operation COPSY can request the WDP to
- switchover to the standby PU
- master clear the standby PU
- switch a BSM-X
- control the PU access to the IO-busses.
Fig. 4.1.1.2.2-1…01…LINE EVENTS M&C (1 OF 3)
Fig. 4.1.1.2.2-1 (2 of 3)…01…WATCHDOG MONITORING
Fig. 4.1.1.2.2-1…01…SSC PU COMMANDS TO THE WDP (3 OF 3)
4.1.1.3 T̲e̲c̲h̲n̲i̲c̲a̲l̲ ̲E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
A functional breakdown for technical error report handling
is depicted in figure 4.1.1.3-1.
In figure 4.1.1.3-2 common peripheral reconfiguration
functions are depicted.
The common functions are introduced to handle
- error in
- enable (device to become operational) of
- disable (device to be deassigned) of
- start-up of
- close-down of
- mount of
- dismount of
a device as is applicable.
LTUX/LTU line functions are divided into a
- configurational handling e.g.
TMS device creation and PORT table update.
- logical handling e.g.
block/unblock device and update profiles
Receive error report functions are described in 4.1.1.3.1.
The REPORT ̲ERROR function sends an error report to
the WDP ̲ROP. If the WDP ̲ROP is down, then error reports
are printed at the supervisor report printer.
FMS/TMS report handling is described further in 4.1.1.3.2.
Remaining functions are described in section 2.2.1.3.
FIGURE 4.1.1.3-1
Fig. 4.1.1.3-2 (1 of 2)…01…COMMON PERIPHERAL DEVICE FUNCTIONS
FIGURE 4.1.1.3-1
Technical Error Reception
Fig. 4.1.1.3-2 (1 OF 2)…01…COMMON PERIPHERAL DEVICE FUNCTIONS
Figure 4.1.1.3-2 (2 OF 2)
COMMON PERIPHERAL DEVICE FUNCTIONS
Figure 4.1.1.3-3
…01…Configurational versus Logical Line Handling
4.1.1.3.1 E̲r̲r̲o̲r̲ ̲R̲e̲c̲e̲p̲t̲i̲o̲n̲
COPSY receives error reports in:
1- FMS and TMS DSSE: secondary device status element.
The reports describe hardware events. COPSY reactions
are described in section 4.1.1.3.2.
2- PSE: parent synchronization element. The reports
describe a retired process and the cause of retirement.
- security violation (DAMOS or CSF/TMP retires)
- HW errors, which can be localized to a single
user process. (DAMOS retires)
- own child retires (refer below)
COPSY reactions to HW errors are described in section
4.1.1.3.2. Remaining reactions are described in section
2.2.1.3.1.1.3.
3- GAQ: garble queue. Child processes reports errors
in this queue. The report contains a child action.
- GIVE ̲UP
- DUMMY
- CONTINUE
and a detailed description of the error.
COPSY reactions are described in section 2.2.1.3.1.1.3.
4- CESE: central error report synchronization element.
COPSY reactions are described in section 2.2.1.3.
5- From the watchdog
Refer to section 4.1.1.2.2.2
4.1.1.3.2 H̲W̲ ̲E̲r̲r̲o̲r̲ ̲F̲i̲x̲-̲u̲p̲
For any error the following error fix up is done:
- Print error message
- Update port table
- Update configuration display
4.1.1.3.2.1 L̲T̲U̲-̲L̲i̲n̲e̲
LTU lines are of EXC type. An error implies that the
line is deassigned and the line is dismantled in the
profile table. THP is informed via a stop command.
4.1.1.3.2.2 L̲T̲U̲
Handled as above per LTU line.
4.1.1.3.2.3 L̲T̲U̲X̲-̲L̲i̲n̲e̲
For LTUX-lines used as EXC or SAD, disconnected is
set in the profile table. The line is deassigned.
For LTUX MTP ̲ROP lines paper in/out conditions are
received. COPSY ignores paper out reports, while paper
in are signalled to TEP in a resume print command.
LTUX VDU lines are blocked.
TEP/THP is informed via a stop command.
4.1.1.3.2.4 L̲T̲U̲X̲
Handled as above per LTUX line.
4.1.1.3.2.5 B̲S̲M̲-̲X̲
Handled as above per LTUX, but the BSM-X is set out
of service by the WDP.
4.1.1.3.2.6 O̲f̲f̲l̲i̲n̲e̲ ̲D̲i̲s̲k̲ ̲V̲o̲l̲u̲m̲e̲
During initialization: An emergency close down is executed.
During online operation: No specific actions are taken
4.1.1.3.2.7 O̲f̲f̲l̲i̲n̲e̲ ̲D̲i̲s̲k̲
During initialization: An emergency close down
is executed.
During on-line operation: The disk is deassigned.
4.1.1.3.2.8 F̲l̲o̲p̲p̲y̲ ̲D̲i̲s̲k̲ ̲V̲o̲l̲u̲m̲e̲
The volume is dismounted.
4.1.1.3.2.9 F̲l̲o̲p̲p̲y̲ ̲D̲i̲s̲k̲
The disk is deassigned.
4.1.1.3.2.10 W̲D̲P̲
The WDP state is reported, when
- erroneous
- back in service
a) W̲D̲P̲ ̲E̲r̲r̲o̲r̲
Operator command handling is cleaned up. Errorreports
are directed to the supervisor report printer.
Keep alive messages are not sent. The configuration
display is not updated. WDP control commands (e.g.
BSM-X switch actions are ignored).
b) W̲D̲P̲ ̲i̲n̲
The WDP-in report is sent, when a new device is
physically connected to the MAP I/F:
The device may be
- the WDP or
- the WDP ̲VDU
In the WDP case then the above actions are resumed.
In the WDP ̲VDU connected direct case operator commands
can be executed, but no printer output is issued.
Also, the configuration display is updated.
4.1.1.3.2.11 W̲D̲P̲ ̲V̲D̲U̲
The WDP ̲VDU state is reported, when
- erroneous
- back in service
a) W̲D̲P̲ ̲V̲D̲U̲ ̲E̲R̲R̲O̲R̲
Operator command handling is cleaned up.
Update of the configuration display is terminated.
b) W̲D̲P̲ ̲V̲D̲U̲ ̲i̲n̲
The above actions are resumed.
4.1.1.3.2.12 W̲D̲P̲ ̲R̲O̲P̲
The WDP ROP state is reported, where
- erroneous
- paper in/out
- back-in-service
a) W̲D̲P̲ ̲R̲O̲P̲ ̲E̲R̲R̲O̲R̲
Error reports are directed to the supervisor report
printer.
ROP output resulting from operator commands is
ignored.
b) W̲D̲P̲ ̲R̲O̲P̲ ̲I̲N̲
The above actions are resumed…86…1 …02… …02… …02…
…02…
c) W̲D̲P̲ ̲R̲O̲P̲ ̲p̲a̲p̲e̲r̲ ̲o̲u̲t̲
Error reports are directed to the supervisor report
printer.
Printer output resulting from execution of operator
commands is ignored.
The paper-out condition is displayed at the configuration
display.
d) W̲D̲P̲ ̲R̲O̲P̲ ̲p̲a̲p̲e̲r̲ ̲i̲n̲
Above actions are reversed.
4.1.1.3.2.13 S̲T̲I̲,̲ ̲T̲I̲A̲ ̲(̲T̲D̲X̲ ̲B̲U̲S̲)̲,̲ ̲M̲A̲P̲ ̲e̲r̲r̲o̲r̲
An emergency PU closedown/switchover is performed.
4.1.1.3.2.14 M̲i̲r̲r̲o̲r̲e̲d̲ ̲D̲i̲s̲k̲ ̲V̲o̲l̲u̲m̲e̲
An error in one of the mirrored volumes will imply
a dismount and is transparent to users.
An error in both of the mirrored volumes is a disastrous
error, where an emergency PU close down is performed.
4.1.1.3.2.15 M̲i̲r̲r̲o̲r̲e̲d̲ ̲D̲i̲s̲k̲
An error in one of the mirrored diskdrive will imply
a deassignment of the disk. It is transparent to users.
An error in each of the mirrored diskdrive is handled
as an error in each of the mirrored volumes, except
that a WARMS start-up may later be used instead of
DEAD 1 or DEAD 2 start-up.
4.1.1.3.2.16 S̲t̲a̲n̲d̲b̲y̲ ̲P̲U̲
An emergency close down of the standby PU is performed.
4.1.1.3.2.17 A̲c̲t̲i̲v̲e̲ ̲P̲U̲
Errors in the active PU are divided into two types:
- Errors which can be localized to a single user
process (PU-U-MEM)
- Remaining (PU-TOTAL)
For PU-TOTAL error, an emergency close-down of the
active PU is performed by the Kernel and a switchover
to the standby PU (if existing) is requested via the
WDP.
PU-U-MEM errors will in NORMAL mode imply an emergency
switchover as above.
In AT-RISK mode, a retirable process will be retired
and the system continue. For other types of processes,
an emergency switchover is executed.
4.1.1.4 O̲p̲e̲r̲a̲t̲o̲r̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
Operator command functions are decomposed on figure
4.1.1.4-1.
Received operator commands are syntax and semantic
checked. If an error is detected, an error message
is sent to the operator VDU and the command is terminated.
If the command is error free, an appropriate module
is invoked and the command executed. Upon completion
an acknowledgement is sent to the operator VDU.
Operator commands are logged at the operator printer.
Figure 4.1.1.4-1
4.1.1.4.1 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The Software Control commands are divided into:
- online software control
- operator only mode
4.1.1.4.1.1 O̲n̲l̲i̲n̲e̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
a) L̲o̲a̲d̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
Commands exist to copy
- modified application software
- modified system software
- software patches
- the garble file
from the
- floppy disk to the offline or mirrored
disk
- offline disk to the mirrored disks
- or in the opposite direction (the garble
file)
b) D̲e̲f̲i̲n̲e̲ ̲G̲e̲n̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲T̲r̲a̲c̲e̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
Operator commands exist to define the amount of
trace information to be produced.
c) P̲r̲i̲n̲t̲ ̲o̲f̲ ̲S̲y̲s̲t̲e̲m̲ ̲S̲t̲a̲t̲u̲s̲
The operator VDU displays the main system status.
An operator command exists to print detailed system
status at the operator printer.
d) T̲i̲m̲e̲ ̲o̲f̲ ̲D̲a̲y̲
The adjust time command adjust the active PU Software
clock.
e) P̲r̲i̲n̲t̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲V̲e̲r̲s̲i̲o̲n̲s̲
The version numbers for
- the patchfiles
- the application software
are printed
4.1.1.4.2 P̲e̲r̲i̲p̲h̲e̲r̲a̲l̲ ̲R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
The execution of peripheral device reconfiguration
command includes enabling/disabling and specification
of attributes for:
- BSM-X
- LTUX
- LTUX-line
- LTU
- LTU-line
- Offline DISK
- Mirrored Disk
- Floppy Disk
Enabling specifies that a line/device is physically
available and is ready for logical access. For a device
chain e.g. LTU and LTU-line, the line is physically
available, when the complete chain is available.
For the floppy disk mounting/dismounting is supported.
For the mirrored disks insertion/exclusion of a disk
and volume is supported.
4.1.1.4.3 P̲U̲ ̲R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
The PU reconfiguration commands includes
- a switchover to standby PU command
- the operator only mode commands
- a close down active or standby PU command
4.1.1.4.3.1 S̲w̲i̲t̲c̲h̲o̲v̲e̲r̲
Switchover is implemented by:
1- an ordered close-down of the AC PU
2- a notification of the SB PU via the WDP
3- the active PU is master cleared
4- a WARM2 start-up is executed in the SB PU.
4.1.1.4.3.2 O̲p̲e̲r̲a̲t̲o̲r̲ ̲o̲n̲l̲y̲ ̲m̲o̲d̲e̲ ̲c̲o̲m̲m̲a̲n̲d̲s̲
The following operator only mode commands exist:
- load modified software (this command is also an
online command)
- print software versions
- delete CIF
- operator only mode terminated
- handle floppy disk.
4.1.1.4.3.3 C̲l̲o̲s̲e̲ ̲D̲o̲w̲n̲ ̲A̲c̲t̲i̲v̲e̲ ̲P̲U̲
The ordered close-down PU functions depicted in figure
4.1.1.4.3.2-1 are defined in section 2.2.2.1.2.1.
As for start-up active PU processes are divided into
line and non-line processes.
The close down standby PU operator command to the active
PU implies that:
- the active PU commands the WDP to disable the standby
PU.
Fig. 4.1.1.4.3.3-1…01…Close Down Active PU Functions
