top - download
⟦dc7c1f540⟧ Wang Wps File
Length: 30188 (0x75ec)
Types: Wang Wps File
Notes: CPS/SDS/004
Names: »1103A «
Derivation
└─⟦3697aa7b2⟧ Bits:30006041 8" Wang WCS floppy, CR 0066A
└─ ⟦this⟧ »1103A «
WangText
…00……00……00……00……00…B…0a……00……00…B…0b…B…0f…3…00…3…05…2…0a…2…0f…2…05…1…0b…1…0c…1…0e…1…0f…1…02…1 1…05…1…06…0…0a…0…0e…0…02…0…05…/…86…1 …02… …02…
…02…
…02…CPS/SDS/004
…02…FH/810801…02……02…
SYSTEM STATUS AND CONTROL
…02……02…CAMPS
4.2.1 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲T̲r̲a̲n̲s̲m̲i̲s̲s̲i̲o̲n̲ ̲(̲C̲P̲T̲)̲
4.2.1.1 F̲u̲n̲c̲t̲i̲o̲n̲a̲l̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The CPT functions are decomposed as defined in figure
4.2.1.1-1 overleaf.
The CPT subpackage is situated in the active PU. CPT
sends checkpoint records to the standby PU (SB PU)
via the TDX-bus.
Having transmitted a record an acknowledgement from
the SB PU is awaited and a reply is sent to the caller
of CPT.
The CPT does not await acknowledgement, before transmitting
a new checkpoint (CP) record. However, only a limited
number of outstanding acknowledgements are allowed.
Also, the CPT is invoked periodically, to
- transmit a time of day checkpoint to the SB PU
- update a time of day clock on disk
Figure 4.2.1.1-1
4.2.1.1.1 I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
CPT receives start-up in its input queue CTQ. Having
received a start-up command the coroutines in the CPT
are started.
The COPSY command specifies whether the SB PU is available
or not.
During initialization the timer monitor is requested
to periodically invoke the CPT.
A memory layout for the CPT is given in section 4.2.1.4.
4.2.1.1.2 S̲e̲r̲v̲e̲ ̲I̲n̲p̲u̲t̲ ̲Q̲u̲e̲u̲e̲s̲ ̲(̲C̲T̲Q̲)̲ ̲a̲n̲d̲ ̲I̲n̲p̲u̲t̲ ̲S̲y̲n̲c̲h̲r̲o̲n̲i̲z̲a̲t̲i̲o̲n̲
̲E̲l̲e̲m̲e̲n̲t̲ ̲(̲C̲T̲-̲S̲E̲)̲
The CTQ contains:
- Operational commands from COPSY
Associated data are in the QINFO field or QBUFFER.
- Requests for transmission of log records on behalf
of LOG
Associated data are in a QBUFFER
- Periodic reply from the timer monitor
Associated data are in the INFO field
THE CT ̲SE contains:
- requests for transmission of CIF checkpoint records
on behalf of MMS. The CT ̲SE references a buffer
in a data area shared between CPT and MMS.
The CTQ and CT ̲SE are associated to a semaphore. Further
operations are divided into:
1) handling of operator commands, or
2) sending of checkpoint records
4.2.1.1.3 O̲p̲e̲r̲a̲t̲i̲o̲n̲a̲l̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
During operation the CPT sub-package may receive the
following commands from COPSY:
- SB PU available
- SB PU unavailable
- Close-down
S̲B̲ ̲P̲U̲ ̲A̲v̲a̲i̲l̲a̲b̲l̲e̲
The CPT will start transmission of checkpoint records.
S̲B̲ ̲P̲U̲ ̲U̲n̲a̲v̲a̲i̲l̲a̲b̲l̲e̲
The CPT will stop transmission of checkpoints and send
an accepted reply to the callers.
C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲
Handled as SB PU unavailable.
Having executed an operational command a reply is sent
to the caller.
4.2.1.1.4 S̲e̲n̲d̲ ̲C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲R̲e̲c̲o̲r̲d̲s̲
If the SB PU is available the received checkpoint data
are transmitted. The transmission is identified by
a serial checkpoint number, which is returned in a
subsequent checkpoint acknowledgement.
Checkpoint acknowledgement is not awaited, however,
only a limited number of non-acknowledged checkpoint
records may be outstanding.
If the SB PU is not available a reply is returned to
the caller specifying:
- Checkpointing successful
4.2.1.1.5 A̲w̲a̲i̲t̲ ̲A̲c̲k̲n̲o̲w̲l̲e̲d̲g̲e̲m̲e̲n̲t̲
The SB PU acknowledges reception of checkpoint records
by sending a buffer on the TDX bus containing the serial
no. (CP-NO) of the checkpoint to be acknowledged and
a status indication:
- checkpointing succeeded
- checkpointing not succeeded
The awaiting of acknowledgement is subject to time-out.
Refer to section 4.2.1.1.7 for a description of time-out
error handling.
4.2.1.1.6 S̲e̲n̲d̲ ̲R̲e̲p̲l̲y̲ ̲t̲o̲ ̲C̲a̲l̲l̲e̲r̲
Having received an acknowledgement from the standby
PU a reply is sent to the caller:
- to MMS: in a synchronization element
- to LOG: in a reply queue
The reply defines:
- that the received checkpoint record is correctly
validated and
- that the transmission is completed
4.2.1.1.7 E̲r̲r̲o̲r̲ ̲F̲i̲x̲-̲U̲p̲
The CPT process is of type DUMMY.
4.2.1.1.7.1 S̲W̲ ̲E̲r̲r̲o̲r̲s̲
CPT recognizes the following SW error types:
1) E̲x̲t̲e̲r̲n̲a̲l̲
These errors relate to validity checks in the input
queue or in the input synchronization element.
2) I̲n̲t̲e̲r̲n̲a̲l̲
These errors relate to errors resulting from system
calls.
In NORMAL mode CPT retires for both external and internal
errors.
In AT ̲RISK mode CPT performs DUMMY operation for internal
errors and sends NOK REPLY for external errors.
CP ̲ACK time out is handled as SB PU error. Refer below.
Any error is reported to COPSY in the ERQ.
4.2.1.1.7.2 H̲W̲ ̲E̲r̲r̲o̲r̲s̲
For TDX-bus and SB PU errors CPT returns OK to callers.
4.2.1.2 S̲o̲f̲t̲w̲a̲r̲e̲ ̲S̲t̲r̲u̲c̲t̲u̲r̲e̲
The CPT subpackage functions are implemented in one
process, which only handles checkpoint transmission.
The process is organized in a main program and 7 main
procedures.
The functions defined in
Section 4.2.1.1.1 are allocated to: INIT ̲CPT
Section 4.2.1.1.2 are allocated to: SERVE ̲CTQ ̲CT ̲SE
Section 4.2.1.1.3 are allocated to: HANDLE ̲OP ̲CMD
Section 4.2.1.1.4 are allocated to: SEND ̲CP ̲RECORD
Section 4.2.1.1.5 are allocated to: AWAIT ̲ACK
Section 4.2.1.1.6 are allocated to: SEND ̲REPLY
Section 4.2.1.1.7 are allocated to: CPT ̲ERROR
The main program consists of an initialization part
and 2 coroutines.
The initialization program starts the coroutines. The
coroutines handle transmission of CP records and reception
of acknowledgements, respectively.
They communicate via a semaphore, which defines the
number of checkpoint records, which may be transmitted
before getting an acknowledgement.
4.2.1.3 D̲a̲t̲a̲ ̲F̲l̲o̲w̲ ̲a̲n̲d̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲L̲o̲g̲i̲c̲
4.2.1.3.1 B̲l̲o̲c̲k̲ ̲D̲i̲a̲g̲r̲a̲m̲
A blockdiagram figure 4.2.1.3.1-1 showing data flow
and control logic for the CPT is depicted overleaf.
Refer to section 4.2.1.4.1.1 and 4.2.1.4.1.2 for a
description of the coroutine common data.
CTQ ̲CTSE ̲COR and CR ̲ACK ̲COR communicate via a semaphore
FREE ̲CP, which defines the number of checkpoint records
which may be transmitted before receiving an acknowledgement.
FREE ̲CP is set to maximum at initialization. FREE ̲CP
is decreased by CTQ ̲CTSE ̲COR and increased by CP ̲ACK
̲COR.
The CTQ ̲CTSE ̲COR updates an entry in the CP ̲ARRAY (refer
section 4.2.1.4.1.2) defining the checkpoints for which
acknowledgement is not received. The CP ̲ACK ̲COR deletes
the entry upon reception of an CP ̲ACK.
CTQ ̲CTSE ̲COR has an array index counter, NEXT ̲FREE,
which defines the next free CP ̲ARRAY index.
CP ̲ACK ̲COR has an array index counter, OLDEST, which
defines the oldest checkpoint, for which acknowledgement
is not received.
Errors in the SB PU or the reception of operational
commands defining SB PU available/not available are
signalled through the SB ̲STATE boolean. Refer to the
HIPO diagram in figure 4.2.1.3.2-1 to see the control
logic.
Figure 4.2.1.3.1-1
4.2.1.3.2 H̲I̲P̲O̲ ̲D̲i̲a̲g̲r̲a̲m̲
A HIPO diagram for the main program of the CPT process
is given in figure 4.2.1.3.2-1.
4.2.1.3.3 F̲l̲o̲w̲g̲r̲a̲m̲s̲
A flowgram for the CPT main program is defined in figure
4.2.1.3.3-1.
HIPO FIGURE 4.2.1.3.2-1
I̲N̲I̲T̲-̲C̲P̲T̲
FOREVER LOOP COROUTINE CTQ ̲CTSE ̲COR
S̲E̲R̲V̲E̲-̲C̲T̲Q̲-̲C̲T̲S̲E̲
CASE CMD
OP ̲CMD? H̲A̲N̲D̲L̲E̲ ̲O̲P̲-̲C̲M̲D̲
CP ̲RECORD? SB ̲STATE ON? S̲E̲N̲D̲ ̲C̲P̲-̲R̲E̲C̲O̲R̲D̲
S̲E̲N̲D̲ ̲R̲E̲P̲L̲Y̲
END CASE
END FOREVER LOOP COROUTINES CTQ ̲CTSE ̲COR
FOREVER LOOP COROUTINE CP ̲ACK ̲COR
SB ̲STATE OFF?
A̲W̲A̲I̲T̲ ̲A̲C̲K̲
S̲E̲N̲D̲ ̲R̲E̲P̲L̲Y̲
END FOREVER LOOP COROUTINE CP ̲ACK ̲COR
FLOWGRAM FOR THE CPT MAIN PROGRAM
FIGURE 4.2.1.3.3-1
4.2.1.4 S̲u̲b̲p̲a̲c̲k̲a̲g̲e̲ ̲D̲a̲t̲a̲
4.2.1.4.1 C̲P̲T̲ ̲P̲r̲o̲g̲r̲a̲m̲ ̲a̲n̲d̲ ̲D̲a̲t̲a̲ ̲L̲a̲y̲o̲u̲t̲
Refer to figure 4.2.1.4-1 overleaf.
L̲E̲G̲E̲N̲D̲
GPS Global Program Segment
CPT ̲PS CPT Program Segment
CPD ̲DS CPT Data Seqment
MMS ̲CPT ̲DS Shared MMS AND CPT Data Segment
PPS Process Parameter Segment
PPP Process Parameter Page
Figure 4.2.1.4-1
4.2.1.4.2 C̲P̲-̲R̲E̲C̲O̲R̲D̲ ̲F̲O̲R̲ ̲L̲O̲G̲,̲ ̲C̲I̲F̲,̲ ̲a̲n̲d̲ ̲T̲I̲M̲E̲R̲
Refer to 4.2.2.4.2(1,2,3)
4.2.1.4.3 T̲R̲M̲ ̲R̲E̲C̲O̲R̲D̲
Refer to 4.2.2.4.2.
4.2.1.4.4 C̲P̲-̲A̲C̲K̲
Refer to 4.2.2.4.3.
4.2.1.4.5 C̲o̲r̲o̲u̲t̲i̲n̲e̲ ̲C̲o̲m̲m̲o̲n̲ ̲D̲a̲t̲a̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
FREE ̲CP 0..4
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Semaphore
Initialization value: MAX ̲FREE ̲CP
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲FREE ̲CP
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Integer
Initialization value: 4
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
OLDEST 1.4
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Integer
Initialization value: 1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
NEXT ̲FREE ̲CP 1..4
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Integer
Initialization value: 1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
SB ̲STATE (FALSE/TRUE)
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Boolean
Initialization value: FALSE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
SB-ID
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: Integer
Initialization value: DUMMY
4.2.1.4.7 C̲o̲r̲o̲u̲t̲i̲n̲e̲ ̲C̲o̲m̲m̲o̲n̲ ̲D̲a̲t̲a̲ ̲(̲C̲P̲-̲A̲R̲R̲A̲Y̲)̲
CP ̲ARRAY
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 CP ̲DESCR ̲RECORD
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 OLDEST
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
NEXT ̲FREE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲FREE ̲CP ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
CP ̲DESCR ̲RECORD
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 TYPE (LOG, CIF, TIMER)
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 CP ̲NO (1..16536
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
3 Q ̲EL returned from QMON
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
4 BUF ̲NO given in CT ̲SE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
5 STATUS (ACK ̲RECEIVED,
ACK ̲AWAITED)
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Q ̲EL: Applicable of TYPE = LOG
BUF ̲NO: Applicable of TYPE = CIF
4.2.1.5 C̲P̲T̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
4.2.1.5.1 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲ ̲t̲o̲ ̲O̲t̲h̲e̲r̲ ̲P̲a̲c̲k̲a̲g̲e̲s̲
The CPT receives commands from LOG in the CTQ as described
in section 4.1.6.2.1.2.
The CPT receives commands from MMS in the CP ̲SE (synchronization
element).
The synchronization elements point at a checkpoint
buffer in a shared data segment.
Having executed the command a reply is sent to MMS.
Refer to section 4.1.6.2.4.2.
The CPT updates the time of day on disk via the TMP
(refer to section 4.1.6.2.9).
The CPT is periodically invoked by the timer monitor
(refer to section 4.1.6.2.8).
4.2.1.5.2 I̲n̲t̲e̲r̲n̲a̲l̲ ̲S̲S̲C̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
4.2.1.5.2.1 C̲O̲P̲S̲Y̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲ ̲t̲o̲ ̲t̲h̲e̲ ̲C̲T̲Q̲ ̲i̲n̲ ̲t̲h̲e̲ ̲I̲N̲F̲O̲ ̲F̲i̲e̲l̲d̲
QINFO
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲T̲Y̲P̲E̲ ̲ ̲ ̲ ̲ ̲ ̲C̲M̲D̲ ̲ ̲ ̲
2 ̲ ̲ ̲ ̲C̲O̲P̲S̲Y̲-̲I̲D̲ ̲ ̲ ̲ ̲ ̲
3 ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE = OP ̲CMD
CMD = (START ̲UP, CLOSE ̲DOWN, SB-AVAILABLE, SB
̲NOT ̲AVAILABLE)
COPSY ̲ID = COPSY Identification of the Command
4.2.1.2.2 C̲M̲D̲ ̲S̲T̲A̲R̲T̲-̲U̲P̲
QINFO QBUFFER
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲
1 ̲O̲P̲-̲C̲M̲D̲ ̲S̲T̲A̲R̲T̲-̲U̲P̲ ̲ 1 ̲ ̲ ̲ ̲ ̲S̲B̲ ̲I̲D̲ ̲ ̲ ̲ ̲ ̲ ̲
̲
2 ̲ ̲ ̲ ̲C̲O̲P̲S̲Y̲-̲I̲D̲ ̲ ̲ ̲ ̲ ̲ 2 ̲ ̲ ̲ ̲S̲B̲-̲S̲T̲A̲T̲E̲ ̲ ̲ ̲ ̲
̲
3 ̲ ̲S̲T̲A̲R̲T̲-̲U̲P̲-̲T̲Y̲P̲E̲ ̲ ̲
SB ̲ID Identification of the standby user
connection to be accepted
SB ̲STATE (ON, OFF)
START-UP-TYPE (DEAD1, DEAD2, COLD, WARM1, WARM2,
WARM3)
4.2.1.5.3 C̲T̲Q̲ ̲P̲r̲i̲o̲r̲i̲t̲y̲
Precedence 1 = super flash: OP ̲CMD
Precedence 2 = flash: TIMER
Precedence 3 = immediate: LOG
4.2.2 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲R̲e̲c̲e̲p̲t̲i̲o̲n̲ ̲(̲C̲P̲R̲)̲
4.2.2.1 F̲u̲n̲c̲t̲i̲o̲n̲a̲l̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The CPR subpackage contains the functions defined on
figure 4.2.2.1-1 overleaf.
The CPR sub-package is situated in the standby PU and
it receives checkpoint records from the active PU.
The checkpoint records are received via the TDX bus
from the checkpoint transmission (CPT) subpackage.
Having received a checkpoint record a table is updated
according to the checkpoint record type and an acknowledgement
is sent to the CPT via the TDX bus.
Also, the CPR returns checkpoint records to the original
senders, during a switchover.
Figure 4.2.2.1-1
4.2.2.1.1 I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
CPR receives start-up information in its input queue
CRQ.
Having received a start-up command the CPR awaits reception
of checkpoint records or further operational commands.
The memory layout of the CPR and the initial contents
of variables is defined in section 4.2.2.4.
4.2.2.1.2 O̲p̲e̲r̲a̲t̲i̲o̲n̲a̲l̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
During operation the CPR can receive the following
commands from COPSY in its input queue CRQ:
- WARM2 (send during a switchover)
A WARM2 command from COPSY makes the CPR reject reception
of further checkpoints. Hereafter all received checkpoints
are returned to the original senders i.e. the MMS and
LOG.
4.2.2.1.3 S̲e̲r̲v̲e̲ ̲C̲R̲Q̲ ̲a̲n̲d̲ ̲R̲e̲c̲e̲i̲v̲e̲ ̲C̲R̲ ̲R̲e̲c̲o̲r̲d̲s̲
The CRQ is used by COPSY to send operational commands
to CPR.
Three types of commands exist:
- SB1 and SB2 start-up
- WARM2 (after switchover)
Checkpoint records are received via the TDX bus from
the active PU.
Having received a checkpoint a table is updated and
an acknowledgement sent.
CPR has as many read requests pending as the number
of checkpoint records the CPT may transmit without
getting an acknowledgement.
4.2.2.1.4 U̲p̲d̲a̲t̲e̲ ̲C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲T̲a̲b̲l̲e̲s̲
Having received a checkpoint record a table is updated
according to the type of the checkpoint record.
Two tables exist:
- a log record table: LOG ̲ARRAY
- a CIF checkpoint information table: CIF ̲ARRAY
Each table is of fixed length. Also, entries within
the tables are of fixed length.
Three types of checkpoint records exist:
- log records
- CIF records
- time of day records
The log and CIF records are written to the LOG ̲ARRAY
or the CIF ̲ARRAY.
The LOG ̲ARRAY is situated in a CPR datasegment. The
CIF ̲ARRAY is situated in a segment shared between CPR
and MMS.
A time of day record is used to update the software
clock in the CSF.
CIF records contain a version number: CPR rejects CIF
records with lower version number than the one currently
existing.
4.2.2.1.5 S̲e̲n̲d̲ ̲A̲c̲k̲n̲o̲w̲l̲e̲d̲g̲e̲m̲e̲n̲t̲
Having updated a checkpoint table an acknowledgement
is sent to the active PU.
4.2.2.1.6 E̲r̲r̲o̲r̲ ̲F̲i̲x̲-̲U̲p̲
CPR is of process type VITAL.
4.2.2.1.6.1 S̲W̲ ̲E̲r̲r̲o̲r̲s̲
Any SW error makes CPR retire.
4.2.2.1.6.2 H̲W̲ ̲E̲r̲r̲o̲r̲s̲
A TDX bus or AC PU error makes CPR await a WARM2 start-up
command.
4.2.2.2 S̲o̲f̲t̲w̲a̲r̲e̲ ̲S̲t̲r̲u̲c̲t̲u̲r̲e̲
The CPR subpackage functions are implemented in one
process, which only handles checkpoint reception.
The process consists of a main program and 6 main procedures.
The functions defined in
Section 4.1.2.2.1 are allocated to: INIT ̲CPR
Section 4.1.2.2.2 are allocated to: OP ̲CMDS
Section 4.1.2.2.3 are allocated to: SERVE ̲CRQ ̲TDX
Section 4.1.2.2.4 are allocated to: UPDATE CP ̲TABLES
Section 4.1.2.2.5 are allocated to: SEND ̲ACK
Section 4.1.2.2.6 are allocated to: CPR ̲ERROR
4.2.2.3.1 H̲I̲P̲O̲ ̲D̲i̲a̲g̲r̲a̲m̲s̲
In figure 4.2.2.3.1-1 a HIPO diagram for the CPR main
program is defined.
4.2.2.3.2 F̲l̲o̲w̲g̲r̲a̲m̲s̲
In figure 4.2.2.3.1-2 a flowgram for the CPR main program
is defined.
HIPO FIGURE 4.2.2.3.1-1
I̲N̲I̲T̲-̲C̲P̲R̲
FOREVER LOOP
S̲E̲R̲V̲E̲ ̲C̲T̲Q̲-̲T̲D̲X̲
CASE CMD
CP ̲RECORD? U̲P̲D̲A̲T̲E̲ ̲C̲P̲-̲T̲A̲B̲L̲E̲S̲, S̲E̲N̲D̲ ̲A̲C̲K̲
OP ̲CMD? OP ̲CMDS
END CASE CMD
END FOREVER LOOP
FLOWGRAM FOR THE CPR MAIN PROGRAM…01……01…FIGURE 4.2.2.3.1-1…01…
4.2.2.4 S̲u̲b̲-̲P̲a̲c̲k̲a̲g̲e̲ ̲D̲a̲t̲a̲
4.2.2.4.1 C̲P̲R̲ ̲P̲r̲o̲g̲r̲a̲m̲ ̲a̲n̲d̲ ̲D̲a̲t̲a̲ ̲L̲a̲y̲o̲u̲t̲
Refer to figure 4.2.2.4-1 overleaf.
L̲E̲G̲E̲N̲D̲
GPS Global Program Segment
PPS Process Parameter Segment
CPR ̲PS CPR Program Segment
CPR ̲DS CPR Data Seqment
MMS ̲CPR ̲DS Shared MMS AND CRT Data Segment
Figure 4.2.2.4-1
4.2.2.4.2 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲f̲r̲o̲m̲ ̲t̲h̲e̲ ̲A̲c̲t̲i̲v̲e̲ ̲P̲U̲ ̲(̲T̲R̲M̲ ̲R̲E̲C̲O̲R̲D̲)̲
The general format looks like:
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 ̲ ̲ ̲ ̲ ̲T̲R̲M̲-̲N̲O̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
3 ̲ ̲ ̲ ̲ ̲ ̲T̲Y̲P̲E̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
CP ̲RECORD
2 * LENGTH ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
LENGTH: Total length of TRM ̲RECORD in bytes
TRM ̲ND: Serial number for the TRM ̲RECORD
CP ̲RECORD (defined by users):
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 ̲ ̲ ̲ ̲ ̲ ̲C̲P̲-̲N̲O̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
CP DATA
2 * LENGTH ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: (LOG, CIF, TIME ̲OF ̲DAY)
CPNO: Index number within type
4.2.2.4.2.1 L̲o̲g̲ ̲C̲P̲-̲R̲E̲C̲O̲R̲D̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 50 bytes
2 ̲ ̲ ̲ ̲ ̲ ̲C̲P̲-̲N̲O̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 1..10
25 ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
4.2.2.4.2.2 C̲I̲F̲ ̲C̲P̲-̲R̲E̲C̲O̲R̲D̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 512 bytes
2 ̲ ̲ ̲ ̲ ̲ ̲ ̲C̲P̲-̲N̲O̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 1...400
3 ̲ ̲ ̲ ̲ ̲ ̲V̲E̲R̲S̲I̲O̲N̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
256 ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
4.2.2.4.2.3 T̲I̲M̲E̲-̲O̲F̲-̲D̲A̲Y̲ ̲C̲R̲-̲R̲E̲C̲O̲R̲D̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 6 bytes
2 ̲ ̲ ̲ ̲ ̲ ̲C̲P̲-̲N̲O̲.̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ 1...1
3 ̲H̲O̲U̲R̲ ̲ ̲ ̲ ̲ ̲ ̲M̲I̲N̲U̲T̲E̲ ̲ ̲ ̲
4.2.2.4.3 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲A̲c̲k̲n̲o̲w̲l̲e̲d̲g̲e̲m̲e̲n̲t̲ ̲C̲P̲-̲A̲C̲K̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 ̲ ̲ ̲ ̲ ̲ ̲L̲E̲N̲G̲T̲H̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 ̲ ̲ ̲ ̲ ̲ ̲T̲R̲M̲-̲N̲O̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
3 ̲ ̲ ̲ ̲ ̲ ̲S̲T̲A̲T̲U̲S̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
LENGTH: 6 bytes
TRM-ND: Serial number for a TRM ̲RECORD
STATUS: (ACK, NACK)
4.2.2.4.4 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲T̲a̲b̲l̲e̲ ̲f̲o̲r̲ ̲L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲(̲L̲O̲G̲-̲A̲R̲R̲A̲Y̲)̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Index LOG
1 CP ̲RECORD
Refer 4.2.2.4.3.1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲LOG ̲RE-
CORDS ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲LOG ̲RECORDS = 10
4.2.2.4.5 C̲h̲e̲c̲k̲p̲o̲i̲n̲t̲ ̲T̲a̲b̲l̲e̲ ̲f̲o̲r̲ ̲L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲(̲C̲I̲F̲-̲A̲R̲R̲A̲Y̲)̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Index CIF
1 CP ̲RECORD
Refer 4.2.2.4.3.2
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲CIF ̲RE-
CORDS ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MAX ̲CIF ̲RECORDS = 400
4.2.2.4.6 S̲h̲a̲r̲e̲d̲ ̲D̲a̲t̲a̲
The CPR and MMS share the CIF ̲ARRAY.
4.2.2.5 C̲P̲R̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
4.2.2.5.1 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲ ̲t̲o̲ ̲O̲t̲h̲e̲r̲ ̲P̲a̲c̲k̲a̲g̲e̲s̲
4.2.2.5.1 T̲o̲ ̲M̲M̲S̲
The CPR interfaces to the message management system
(MMS) in SFM during recovery after a switchover.
By means of a sequence of MMON RESTORE commands, each
of which is pointing at a CIF ̲ARRAY entry, the CIF
̲ARRAY is transferred to MMS. Refer section 4.1.6.2.3.2.
4.2.2.5.1.2 T̲o̲ ̲L̲O̲G̲
The CPR interfaces to LOG during recovery after a switchover.
By means of a sequence of QMON SEND commands, each
of which is pointing at a LOG ̲ARRAY entry, which is
transferred to a shared data area in QMON, the LOG
̲ARRAY is transferred to LOG. Refer section 4.1.6.2.1.1.1.
4.2.2.5.1.3 T̲o̲ ̲T̲i̲m̲e̲r̲ ̲M̲o̲n̲i̲t̲o̲r̲
The CPR updates the time of day via the timer monitor
in CSF. Refer section 4.1.6.2.8.
4.2.2.5.2 I̲n̲t̲e̲r̲n̲a̲l̲ ̲S̲S̲C̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲
4.2.2.5.2.1 C̲O̲P̲S̲Y̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲ ̲i̲n̲ ̲t̲h̲e̲ ̲C̲R̲Q̲ ̲(̲C̲R̲Q̲-̲C̲O̲M̲M̲A̲N̲D̲)̲
The three word INFO fixed in a queue element contains:
QINFO QBUFFER
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 TYPE CMD 1 AC ̲PU ̲CONN
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 COPSY-ID
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
3 START-UP-TYPE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: OP ̲CMD
CMD: (START ̲UP)
COPSY ̲ID: COPSY ID. of command
AC ̲PU ̲CONN: User connection to AC PU to be accepted.
START ̲UP ̲TYPE: SB1, SB2
4.2.2.5.2.2 T̲o̲ ̲C̲P̲T̲
The CPR interfaces to CPT via the IOC, which services
the TDX bus.
4.2.2.5.3 C̲R̲Q̲ ̲P̲r̲i̲o̲r̲i̲t̲y̲
Precedence level 1: super flash = OP ̲CMD
Precedence level 2: flash = Not used
Precedence level 3: immediate = LOG reply
4.2.3 O̲n̲-̲L̲i̲n̲e̲ ̲D̲i̲a̲g̲n̲o̲s̲t̲i̲c̲s̲ ̲(̲O̲L̲D̲)̲
4.2.3.1 F̲u̲n̲c̲t̲i̲o̲n̲a̲l̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The OLD functions are decomposed as defined in figure
4.2.3.1-1 overleaf.
OLD sumchecks the program part of the KERNEL periodically
and on request from the supervisor.
Figure 4.2.3.1-1
4.2.3.1.1 I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
OLD awaits a start-up command from COPSY in its input
queue OLDQ.
A request is sent to the timer monitor in CSF to periodically
invoke the OLD.
4.2.3.1.2 S̲e̲r̲v̲e̲ ̲I̲n̲p̲u̲t̲ ̲Q̲u̲e̲u̲e̲
During operation OLD receives
- time-out
- supervisor requests
- COPSY close-down commands
in its input queue OLDQ.
4.2.3.1.3 H̲a̲n̲d̲l̲i̲n̲g̲ ̲o̲f̲ ̲T̲i̲m̲e̲-̲O̲u̲t̲
The reception of a time-out makes OLD execute a checksumming
of the KERNEL program by calling a monitor procedure
in the KERNEL:
Checksum-Kernel.
4.2.3.1.4 R̲e̲c̲e̲p̲t̲i̲o̲n̲ ̲o̲f̲ ̲S̲u̲p̲e̲r̲v̲i̲s̲o̲r̲ ̲R̲e̲q̲u̲e̲s̲t̲
The reception of a supervisor request makes OLD execute
the Checksum-Kernel procedure and send a reply to the
supervisor.
4.2.3.1.5 R̲e̲c̲e̲p̲t̲i̲o̲n̲ ̲o̲f̲ ̲C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲
When OLD receives a close-down command it answers COPSY
immediately and awaits further COPSY commands, which
will not arrive.
4.2.3.1.6 E̲r̲r̲o̲r̲ ̲F̲i̲x̲-̲U̲p̲
OLD is a process of DUMMY type.
The OLD-recognizes the following SW error-types:
1) E̲x̲t̲e̲r̲n̲a̲l̲ ̲S̲W̲ ̲E̲r̲r̲o̲r̲s̲
These errors relate to validity checks in the input
queue.
2) I̲n̲t̲e̲r̲n̲a̲l̲ ̲S̲W̲ ̲E̲r̲r̲o̲r̲s̲
These errors relate to errors resulting from system
calls.
3) C̲h̲e̲c̲k̲s̲u̲m̲ ̲E̲r̲r̲o̲r̲s̲
Checksum errors make OLD retire.
In NORMAL mode OLD retires for all kinds of errors.
In AT ̲RISK mode OLD performs DUMMY operation for internal
errors, and sends NOK REPLY for external errors.
Any error is reported to COPSY in the ERQ.
4.2.3.2 S̲o̲f̲t̲w̲a̲r̲e̲ ̲S̲t̲r̲u̲c̲t̲u̲r̲e̲
The OLD subpackage functions are implemented in one
process, which only handles on-line diagnostics.
The process is organized in a main program and 6 main
procedures.
The functions defined in section 4.2.3.1 are allocated
to the procedures:
Section 4.2.3.1.1 to INIT ̲OLD
Section 4.2.3.1.2 to SERVE ̲OLDQ
Section 4.2.3.1.3 to EXEC ̲CHECKSUMMING
Section 4.2.3.1.4 to SEND ̲REPLY
Section 4.2.3.1.5 to CLOSE ̲DOWN ̲OLD
Section 4.2.3.1.6 to OLD ̲ERROR
4.2.3.3 D̲a̲t̲a̲ ̲F̲l̲o̲w̲ ̲a̲n̲d̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲L̲o̲g̲i̲c̲
4.2.3.3.1 H̲I̲P̲O̲ ̲D̲i̲a̲g̲r̲a̲m̲
A HIPO diagram for the main program of OLD is given
in figure 4.2.3.3.1-1.
4.2.3.3.2 F̲l̲o̲w̲g̲r̲a̲m̲
A flowgram, which defines the control logic in the
OLD main program is defined in figure 4.2.3.3.2-1.
Underlined names refer to procedures defined in the
HIPO diagram.
HIPO Figure 4.2.3.3.1-1
I̲N̲I̲T̲-̲O̲L̲D̲
FOREVER LOOP
CASE CMD
TIME-OUT? E̲X̲E̲C̲-̲C̲H̲E̲C̲K̲S̲U̲M̲M̲I̲N̲G̲
SUPERVISOR ̲REQUEST? E̲X̲E̲C̲-̲C̲H̲E̲C̲K̲S̲U̲M̲M̲I̲N̲G̲,̲ ̲S̲E̲N̲D̲-̲R̲E̲P̲L̲Y̲
CLOSE ̲DOWN? C̲L̲O̲S̲E̲-̲D̲O̲W̲N̲-̲O̲L̲D̲
END CASE
END FOREVER LOOP
FLOWGRAM FOR OLD MAIN PROGRAM…01……01…FIGURE 4.2.2.3.1-2…01…
4.2.3.4 S̲u̲b̲p̲a̲c̲k̲a̲g̲e̲ ̲D̲a̲t̲a̲
Refer to the QINFO contents defined in section 4.2.3.5.
4.2.3.5 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲ ̲t̲o̲ ̲O̲L̲D̲
4.2.3.5.1 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲ ̲t̲o̲ ̲O̲t̲h̲e̲r̲ ̲P̲a̲c̲k̲a̲g̲e̲s̲
Refer section 4.1.6.2.2.1 for TEP interfaces and section
4.1.6.2.8 for timer monitor interfaces.
4.2.3.5.1 I̲n̲t̲e̲r̲n̲a̲l̲ ̲S̲S̲C̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
COPSY sends the following commands to the OLDQ.
QINFO
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
1 TYPE CMD
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
2 COPSY-ID
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
3 START-UP-TYPE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
TYPE: OP ̲CMD
CMD: (START ̲UP, CLOSE ̲DOWN)
START ̲UP ̲TYPE: NIL
OLD sends error reports to COPSY in the ERQ. Refer
to section 4.1.6.2.1.9 for a detailed layout.
4.2.4 E̲r̲r̲o̲r̲ ̲H̲a̲n̲d̲l̲e̲r̲ ̲a̲n̲d̲ ̲C̲o̲m̲m̲a̲n̲d̲ ̲D̲i̲s̲p̲a̲t̲c̲h̲e̲r̲ ̲(̲E̲H̲D̲)̲
4.2.4.1 F̲u̲n̲c̲t̲i̲o̲n̲a̲l̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The EHD subpackage functions are depicted on figure
4.2.4.1-1 overleaf.
EHD serves various COPSY input queues and synchronization
elements and based on the received command/report type
an appropriate COPSY coroutine is invoked.
Figure 4.2.4.1-1
4.2.4.1.1 R̲e̲c̲e̲i̲v̲e̲ ̲L̲i̲n̲e̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
The EHD receives commands in the system queue (SYQ)
from TEP, MMON and TMON as described in section 4.1.1.4.1.
4.2.4.1.2 D̲i̲s̲p̲a̲t̲c̲h̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
MMON security commands are sent to the VDU ̲M ̲C coroutine
in an operation semaphore.
TEP commands are directed to the
- CFH for circuit commands
- VDU ̲M ̲C for blocking and security interrogation
commands
- EXC ̲M ̲C for supervisor accept commands
- SAD ̲M ̲C for supervisor accept commands
TMON commands are sent to the WDP ̲M ̲C (used for sending
keep-alive messages).
4.2.4.1.3 R̲e̲c̲e̲i̲v̲e̲ ̲O̲p̲e̲r̲a̲t̲o̲r̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
Operator commands from the CMI are received in the
SYQ:
Refer to section 4.1.1.6 for a description of operator
commands.
4.2.4.1.4 C̲a̲l̲l̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲ ̲H̲a̲n̲d̲l̲e̲r̲
Operator commands are executed in the CFH by sending
a command to the CFH operational semaphore.
4.2.4.1.5 R̲e̲c̲e̲i̲v̲e̲ ̲E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲s̲
The EHD receives
- DAMOS HW error reports in the SDSE (secondary synchronization
element)
- Retire error reports in the PSE (parent synchronization
element)
- Child error reports in the ERQ (error queue).
4.2.4.1.6 I̲s̲o̲l̲a̲t̲e̲ ̲E̲r̲r̲o̲r̲
As the received error reports contain the required
HW and SW disolution (refer to section 4.1.6.2.17/18/19),
which enables further error-fix-up this function is
dummy.
It is the objective of the isolate error procedure
to isolate hardware errors to one of the types defined
in section 2.2.1.5.1.2 and to isolate software errors
to one of the types defined in section 2.2.1.5.1.1.3.
4.2.4.1.7 C̲a̲l̲l̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲ ̲H̲a̲n̲d̲l̲e̲r̲
Error reports are directed to the CFH in its input
operation semaphore.
4.2.4.1.8 E̲r̲r̲o̲r̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
Refer to section 2.2.2.3.
4.2.4.2 S̲o̲f̲t̲w̲a̲r̲e̲ ̲S̲t̲r̲u̲c̲t̲u̲r̲e̲
The EHD subpackage functions are implemented in two
coroutines, the command dispatcher (CMD), and the system
error handler (SEH). The CMD coroutine contains three
main procedures, which are allocated functions as defined
in figure 4.2.4.2-1.
The SEH coroutine contains Main procedures, which are
allocated functions as defined in figure 4.2.4.2-2.
Figure 4.2.4.2-1
Figure 4.2.4.2-2
4.2.4.3 D̲a̲t̲a̲ ̲F̲l̲o̲w̲ ̲a̲n̲d̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲L̲o̲g̲i̲c̲
4.2.4.3.1 H̲I̲P̲O̲ ̲D̲i̲a̲g̲r̲a̲m̲
A HIPO diagram for the CMD and for the SEH coroutines
are given in figure 4.2.4.3.1-1 and figure 4.2.4.3.1-2
respectively.
L̲E̲G̲E̲N̲D̲
Q = Queue
SE = Synchronization Element
OS = Operation Semaphore
HIPO 4.2.4.3.1-1
HIPO 4.2.4.3.1-2
4.2.4.4 S̲u̲b̲p̲a̲c̲k̲a̲g̲e̲ ̲D̲a̲t̲a̲
4.2.4.4.1 L̲i̲n̲e̲ ̲t̲o̲ ̲S̲e̲m̲a̲p̲h̲o̲r̲e̲ ̲T̲a̲b̲l̲e̲ ̲(̲L̲I̲N̲E̲-̲S̲E̲M̲-̲T̲A̲B̲L̲E̲)̲
In figure 4.2.4.4.1-1 overleaf the relation between
a line (represented by a logical line designator) and
the corresponding operational semaphore are defined.
For VDU, SAD, and EXC lines the logical line designator
corresponds to a subprocess identification.
Also, the configuration handler associated input operational
semaphore is given.
Figure 4.2.4.4.1-1
4.2.4.5 S̲u̲b̲p̲a̲c̲k̲a̲g̲e̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
4.2.4.5.1 P̲a̲c̲k̲a̲g̲e̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
The EHD receives line control commands from TEP as
specified in section 4.1.6.2.2.2.
The EHD receives security commands from MMON as specified
in section 4.1.6.2.4.1.
The EHD receives periodic invocation signals from the
timer monitor as specified in section 4.1.6.2.6.
The EHD receives hardware error reports from DAMOS
as specified in section 4.1.6.2.1.7.
The EHD receives retire reports from DAMOS as specified
in section 4.1.6.2.1.8.
The EHD receives child error reports as specified in
section 4.1.6.2.1.9.
4.2.4.5.2 I̲n̲t̲e̲r̲n̲a̲l̲ ̲S̲S̲C̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
4.2.4.5.2.1 T̲o̲ ̲C̲M̲I̲
The EHD receives CMI commands as specified in section
4.1.6.
4.2.4.5.2.2 T̲o̲ ̲C̲O̲P̲S̲Y̲ ̲C̲o̲r̲o̲u̲t̲i̲n̲e̲s̲
The EHD invokes
- CFH
- VDU
- SAD
- EXC
- WDP
coroutines by sending operational semaphores.
The associated operation on 18 words contains a copy
of the input data as described in section 4.2.4.5.1.
