WO1999066402A1 - Tracking memory page modification in a bridge for a multi-processor system - Google Patents

Tracking memory page modification in a bridge for a multi-processor system Download PDF

Info

Publication number
WO1999066402A1
WO1999066402A1 PCT/US1999/012429 US9912429W WO9966402A1 WO 1999066402 A1 WO1999066402 A1 WO 1999066402A1 US 9912429 W US9912429 W US 9912429W WO 9966402 A1 WO9966402 A1 WO 9966402A1
Authority
WO
WIPO (PCT)
Prior art keywords
bus
bridge
memory
processing
access
Prior art date
Application number
PCT/US1999/012429
Other languages
French (fr)
Inventor
Stephen Rowlinson
Femi A. Oyelakin
Paul J. Garnett
Original Assignee
Sun Microsystems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems, Inc. filed Critical Sun Microsystems, Inc.
Priority to EP99957102A priority Critical patent/EP1086424B1/en
Priority to DE69900947T priority patent/DE69900947T2/en
Priority to AT99957102T priority patent/ATE213850T1/en
Priority to JP2000555159A priority patent/JP2002518734A/en
Publication of WO1999066402A1 publication Critical patent/WO1999066402A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1658Data re-synchronization of a redundant component, or initial sync of replacement, additional or spare unit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1683Temporal synchronisation or re-synchronisation of redundant processing components at instruction level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/845Systems in which the redundancy can be transformed in increased performance

Definitions

  • TITLE TRACKING MEMORY PAGE MODIFICATION IN A BRIDGE FOR A MULTI-PROCESSOR SYSTEM
  • This mvention relates to a multi-processor computer system mcludmg first and second processmg sets (each of which may compnse one or more processors) which communicate with an I/O device bus.
  • the application finds particular application to fault tolerant computer systems where two or more processor sets need to communicate with an I/O device bus m lockstep with provision for identifying lockstep errors m order to identify faulty operation of the system as a whole.
  • an aim is not only to be able to identify faults, but also to provide a structure which is able to provide a high degree of system availability. In order to provide high levels of system availability, it would be desirable for such systems to automatically attempt recovery from a lockstep error.
  • a dirty RAM is a bit map havmg a bit for each block, or page, of memory, which bit is set when a wnte access to the area of memory concerned is made.
  • the provision of a dirty RAM in the processmg sets would not provide a rehable solution to the problem of reinstatmg the memory of the processor because of the difficulties and delays in accessmg the dirty RAM of other processmg sets.
  • An aim of the present mvention is to provide a solution to the problem of addressmg direct memory accesses m achievmg reinstatement of a concurrent state m first and second processmg sets.
  • the bndge compnses bus mterface for connection to an I O bus of a first processmg set, an I O bus of a second processmg set and a device bus.
  • a bndge control mechanism is operable to permit direct memory access to memory of the processmg sets by a device on the device bus, to arbitrate between the first and the second processmg sets for access to the bndge m a first, split, mode, and to monitor lockstep operation of the first and second processmg sets in a second, combmed, mode.
  • a duty RAM mechanism is provided m the bndge for monitoring regions of processor set memory modified by direct memory accesses by the device on the device bus.
  • An embodiment of the mvention is thus able to monitor parts of memory modified by DMA operations initiated by a device on the device bus.
  • a dirty RAM mechanism in a bridge this facilitates access to the dirty RAM by the processmg sets
  • the reintegra ⁇ on process can mvolve a number of passes, durmg each of which passes dirtied memory is copied from a good processmg set to a faulty (target) processmg set or sets During the process of re-integration the good processmg set can access the dirty RAM to determine the parts of the memory which have been dirtied (m either its own or the target processmg set's memory) to be copied on any pass.
  • bus mterfaces referenced above need not be separate components of the bndge, but may be mcorporated m other components of the bndge, and may mdeed be simply connections for the lmes of the buses concerned.
  • the dirty RAM mechanism defines a duty indicator (e g , a bit) for each of a plurality of regions of processmg set memory, a duty mdicator bemg set to a predetemuned value when the region of memory has been written to by a DMA access.
  • a duty indicator e g , a bit
  • the processmg sets can be configured such that one of the processmg sets is operable m the split mode as a primary processmg set and to copy the content of its memory to the other processmg set(s) If durmg this copy operation some of the regions of the memory are wntten to by a direct memory access, the state at the end of the copy operation will not be the same m the vanous processmg sets. As a result the primary processmg set re-copies those regions of its memory which have been marked in the dirty RAM mechanism as havmg been wntten to by virtue of the corresponding duty indication bemg set. This process can be repeated m a number of passes as required.
  • the bndge control mechanism compnses an arbiter connected to the first and second processor bus mterfaces and to the device bus mterface, the arbiter bemg configured to be operable in the split mode to arbitrate for use of the bndge by the first and second processmg sets and devices on the device bus.
  • the bndge control mechanism is configured to be operable to respond to a synchronization reset operation from the primary processmg set, on completion of copymg the content of the memory regions identified in the dirty RAM mechanism with no further regions havmg bemg so identified, to transfer from the split mode of operation to the combmed mode of operation.
  • the dirty RAM mechanism can compnse a duty RAM configured m random access memory in the bndge.
  • a separate hardware memory device may be provided.
  • the content of the dirty RAM can be cleared on bemg read by a processmg set.
  • two duty RAMs can be provided, the two duty
  • RAMs bemg operable m a toggle mode with one bemg wntten to while the other is bemg read.
  • a respective duty RAM could be provided for each processmg set.
  • processor bus mterfaces for connection to I O buses of respective processing sets.
  • a computer system compnsmg a first processmg set havmg an I/O bus, a second processmg set havmg an I/O bus, a device bus, at least one device on the device bus and a bridge as set out above.
  • Each processing set may comprise at least one processor, memory and a processing set I/O bus controller.
  • a method of operating a multiprocessor system comprising: permitting direct memory access to memory of the processing sets by the at least one device on the device bus; and monitoring, in a dirty RAM in the bridge, regions of processor set memory written to by the device on the device bus.
  • a method of re-integration can involve multiple passes of copying areas of memory from a first processing set to a second processing set, the areas to be copied being identified by the areas memory for which corresponding dirty RAM bit is set.
  • the re-integration method can include a set of preventing direct memory access to restart in a combined, or lockstep, mode.
  • Figure 1 is a schematic overview of a fault tolerant computer system incoiporating an embodiment of the invention
  • Figure 2 is a schematic overview of a specific implementation of a system based on that of Figure 1;
  • Figure 3 is a schematic representation of one implementation of a processing set
  • Figure 4 is a schematic representation of another example of a processing set
  • Figure 5 is a schematic representation of a further processing set
  • Figure 6 is a schematic block diagram of an embodiment of a bridge for the system of Figure 1 ;
  • Figure 7 is a schematic block diagram of storage for the bridge of Figure 6;
  • Figure 8 is a schematic block diagram of control logic of the bridge of Figure 6;
  • Figure 9 is a schematic representation of a routing matrix of the bridge of Figure 6;
  • Figure 10 is an example implementation of the bridge of Figure 6;
  • Figure 11 is a state diagram illustrating operational states of the bridge of Figure 6;
  • Figure 12 is a flow diagram illustrating stages in the operation of the bridge of Figure 6;
  • Figure 13 is a detail of a stage of operation from Figure 12;
  • Figure 14 illustrates the posting of I/O cycles in the system of Figure 1;
  • Figure 15 illustrates the data stored in a posted write buffer
  • Figure 16 is a schematic representation of a slot response register
  • Figure 17 illustrates a dissimilar data write stage
  • Figure 18 illustrates a modification to Figure 17
  • Figure 19 illustrates a dissimilar data read stage
  • Figure 20 illustrates an alternative dissimilar data read stage
  • Figure 21 is a flow diagram summarising the operation of a dissimilar data write mechanism
  • Figure 22 is a schematic block diagram explaining arbitration within the system of Figure 1;
  • Figure 23 is a state diagram illustrating the operation of a device bus arbiter
  • Figure 24 is a state diagram illustrating the operation of a bridge arbiter
  • Figure 25 is a timing diagram for PCI signals
  • Figure 26 is a schematic diagram illustrating the operation of the bridge of Figure 6 for direct memory access
  • Figure 27 is a flow diagram illustrating a direct memory access method in the bridge of Figure 6; and Figure 28 is a flow diagram of a re-integration process including the monitoring of a dirty RAM.
  • FIG 1 is a schematic overview of a fault tolerant computing system 10 comprising a plurality of CPUsets (processing sets) 14 and 16 and a bridge 12. As shown in Figure 1, there are two processing sets 14 and 16, although in other embodiments there may be three or more processing sets.
  • the bridge 12 forms an interface between the processing sets and I/O devices such as devices 28, 29, 30, 31 and 32.
  • processing set is used to denote a group of one or more processors, possibly including memory, which output and receive common outputs and inputs.
  • CPUset could be used instead, and that these terms could be used interchangeably throughout this document.
  • bridge is used to denote any device, apparatus or arrangement suitable for interconnecting two or more buses of the same or different types.
  • the first processing set 14 is connected to the bridge 12 via a first processing set I/O bus (PA bus) 24, in the present instance a Peripheral Component Interconnect (PCI) bus.
  • the second processing set 16 is connected to the bridge 12 via a second processing set I/O bus (PB bus) 26 of the same type as the PA bus 24 (i.e. here a PCI bus).
  • the I/O devices are connected to the bridge 12 via a device I O bus (D bus) 22, in the present instance also a PCI bus.
  • D bus device I O bus
  • buses 22, 24 and 26 are all PCI buses, this is merely by way of example, and in other embodiments other bus protocols may be used and the D-bus 22 may have a different protocol from that of the PA bus and the PB bus (P buses) 24 and 26.
  • the processing sets 14 and 16 and the bridge 12 are operable in synchronism under the control of a common clock 20, which is connected thereto by clock signal lines 21.
  • Some of the devices including an Ethernet (E-NET) interface 28 and a Small Computer System Interface (SCSI) interface 29 are permanently connected to the device bus 22, but other I/O devices such as I O devices 30, 31 and 32 can be hot insertable into individual switched slots 33, 34 and 35.
  • Dynamic field effect transistor (FET) switching can be provided for the slots 33, 34 and 35 to enable hot insertability of the devices such as devices 30, 31 and 32.
  • FET field effect transistor
  • the provision of the FETs enables an increase in the length of the D bus 22 as only those devices which are active are switched on, reducing the effective total bus length. It will be appreciated that the number of I/O devices which may be connected to the D bus 22, and the number of slots provided for them, can be adjusted according to a particular implementation in accordance with specific design requirements.
  • FIG 2 is a schematic overview of a particular implementation of a fault tolerant computer employing a bridge structure of the type illustrated in Figure 1.
  • the fault tolerant computer system includes a plurality (here four) of bridges 12 on first and second I/O motherboards (MB 40 and MB 42) order to increase the number of I/O devices which may be connected and also to improve reliability and redundancy.
  • two processing sets 14 and 16 are each provided on a respective processing set board 44 and 46, with the processing set boards 44 and 46 'bridging' the I/O motherboards MB 40 and MB 42.
  • a first, master clock source 20A is mounted on the first motherboard 40 and a second, slave clock source 20B is mounted on the second motherboard 42.
  • Clock signals are supplied to the processing set boards 44 and 46 via respective connections (not shown in Figure 2).
  • First and second bridges 12.1 and 12.2 are mounted on the first I/O motherboard 40.
  • the first bridge 12.1 is connected to the processing sets 14 and 16 by P buses 24.1 and 26.1, respectively.
  • the second bridge 12.2 is connected to the processing sets 14 and 16 by P buses 24.2 and 26.2, respectively.
  • the bridge 12.1 is connected to an I/O databus (D bus) 22.1 and the bridge 12.2 is connected to an I/O databus (D bus) 22.2.
  • Third and fourth bridges 12.3 and 12.4 are mounted on the second I/O motherboard 42.
  • the bridge 12.3 is connected to the processing sets 14 and 16 by P buses 24.3 and 26.3, respectively.
  • the bridge 4 is connected to the processing sets 14 and 16 by P buses 24.4 and 26.4, respectively.
  • the bridge 12.3 is connected to an I/O databus (D bus) 22.3 and the bridge 12.4 is connected to an I O databus (D bus) 22.4.
  • the arrangement shown in Figure 2 can enable a large number of I O devices to be connected to the two processing sets 14 and 16 via the D buses 22.1, 22.2, 22.3 and 22.4 for either increasing the range of I/O devices available, or providing a higher degree of redundancy, or both.
  • FIG 3 is a schematic overview of one possible configuration of a processing set, such as the processing set 14 of Figure 1.
  • the processing set 16 could have the same configuration.
  • a plurality of processors (here four) 52 are connected by one or more buses 54 to a processing set bus controller 50.
  • one or more processing set output buses 24 are connected to the processing set bus controller 50, each processing set output bus 24 being connected to a respective bridge 12.
  • P bus processing set I O bus
  • Figure 2 four such processing set I/O buses (P buses) 24 would be provided.
  • individual processors operate using the common memory 56, and receive inputs and provide outputs on the common P bus(es) 24.
  • FIG 4 is an alternative configuration of a processing set, such as the processing set 14 of Figure 1.
  • a plurality of processor/memory groups 61 are connected to a common internal bus 64.
  • Each processor/memory group 61 includes one or more processors 62 and associated memory 66 connected to a internal group bus 63.
  • An interface 65 connects the internal group bus 63 to the common internal bus 64.
  • individual processing groups, with each of the processors 62 and associated memory 66 are connected via a common internal bus 64 to a processing set bus controller 60.
  • the interfaces 65 enable a processor 62 of one processing group to operate not only on the data in its local memory 66, but also m the memory of another processmg group 61 withm the processmg set 14.
  • the processmg set bus controller 60 provides a common mterface between the common internal bus 64 and the processmg set I/O bus(es) (P bus(es)) 24 connected to the bndge(s) 12. It should be noted that although only two processmg groups 61 are shown m Figure 4, it will be appreciated that such a structure is not limited to this number of processmg groups.
  • Figure 5 illustrates an alternative configuration of a processmg set, such as the processmg set 14 of Figure 1.
  • a simple processmg set mcludes a smgle processor 72 and associated memory 76 connected via a common bus 74 to a processmg set bus controller 70.
  • the processmg set bus controller 70 provides an interface between the mtemal bus 74 and the processmg set I/O bus(es) (P bus(es)) 24 for connection to the bndge(s) 12.
  • the processmg set may have many different forms and that the particular choice of a particular processmg set structure can be made on the basis of the processmg requirement of a particular application and the degree of redundancy required.
  • the processmg sets 14 and 16 referred to have a structure as shown in Figure 3. although it will be appreciated that another form of processmg set could be provided.
  • the bndge(s) 12 are operable m a number of operating modes. These modes of operation will be descnbed m more detail later. However, to assist m a general understanding of the structure of the bndge, the two operating modes will be bnefly summarized here.
  • a bndge 12 is operable to route addresses and data between the processmg sets 14 and 16 (via the PA and PB buses 24 and 26, respectively) and the devices (via the D bus 22).
  • I/O cycles generated by the processmg sets 14 and 16 are compared to ensure that both processmg sets are operating correctly.
  • Companson failures force the bndge 12 into an error limiting mode (EState) m which device I/O is prevented and diagnostic mformation is collected.
  • EState error limiting mode
  • the bndge 12 routes and arbitrates addresses and data from one of the processmg sets 14 and 16 onto the D bus 22 and/or onto the other one of the processmg sets 16 and 14. respectively.
  • the processmg sets 14 and 16 are not synchronized and no I/O compansons are made.
  • DMA operations are also permitted m both modes.
  • the different modes of operation mcludmg the combmed and split modes, will be descnbed in more detail later. However, there now follows a descnption of the basic structure of an example of the bndge 12.
  • FIG 6 is a schematic functional overview of the bndge 12 of Figure 1.
  • Fust and second processmg set I O bus mterfaces, PA bus mterface 84 and PB bus mterface 86 are connected to the PA and PB buses 24 and 26, respectively.
  • a device I/O bus mterface, D bus mterface 82 is connected to the D bus 22. It should be noted that the PA, PB and D bus mterfaces need not be configured as separate elements but could be incorporated m other elements of the bndge.
  • Routing (hereinafter termed a routing matnx) 80 is connected via a first internal path 94 to the PA bus interface 84 and via a second mtemal path 96 to the PB bus mterface 86.
  • the routing matrix 80 is further connected via a third internal path 92 to the D bus mterface 82.
  • the routing matnx 80 is thereby able to provide I/O bus transaction routing m both durections between the PA and PB bus mterfaces 84 and 86. It is also able to provide routing m both directions between one or both of the PA and PB bus mterfaces and the D bus mterface 82
  • the routmg matnx 80 is connected via a further internal path 100 to storage control logic 90.
  • the storage control logic 90 controls access to bndge registers 110 and to a random access memory (SRAM) 126
  • the routing matrix 80 is therefore also operable to provide routing in both durections between the PA, PB and D bus interfaces 84, 86 and 82 and the storage control logic 90.
  • the routing matrix 80 is controlled by bndge control logic 88 over control paths 98 and 99.
  • the bndge control logic 88 is responsive to control signals, data and addresses on internal paths 93, 95 and 97, and also to clock signals on the clock lme(s) 21.
  • each of the P buses (PA bus 24 and PB bus 26) operates under a PCI protocol.
  • the processmg set bus controllers 50 (see Figure 3) also operate under the PCI protocol .
  • the PA and PB bus mterfaces 84 and 86 each provide all the functionality required for a compatible mterface providmg both master and slave operation for data transferred to and from the D bus 22 or internal memones and registers of the bndge m the storage subsystem 90
  • the bus mterfaces 84 and 86 can provide diagnostic mformation to internal bndge status registers m the storage subsystem 90 on transition of the budge to an enor state (EState) or on detection of an I/O error
  • the device bus mterface 82 performs all the functionality required for a PCI compliant master and slave interface for transferring data to and from one of the PA and PB buses 84 and 86.
  • the D bus 82 is operable during direct memory access (DMA) transfers to provide diagnostic mformation to mtemal status registers m the storage subsystem 90 of the bndge on transition to an EState or on detection of an I/O error.
  • Figure 7 illustrates m more detail the bndge registers 110 and the SRAM 124.
  • the storage control logic 110 is connected via a path (e.g. a bus) 112 to a number of register components 114, 116, 118, 120.
  • the storage control logic is also connected via a path (e.g.
  • a bus 128 to the SRAM 126 in which a posted wnte buffer component 122 and a durty RAM component 124 are mapped.
  • these components may be configured in other ways, with other components defined as regions of a common memory (e g a random access memory such as the SRAM 126, with the path 112/128 bemg formed by the internal addressmg of the regions of memory)
  • the posted wnte buffer 122 and the dirty RAM 124 are mapped to different regions of the SRAM memory 126, whereas the registers 114, 116, 118 and 120 are configured as separate from the SRAM memory.
  • Control and status registers (CSRs) 114 form internal registers which allow the control of vanous operating modes of the bndge, allow the capture of diagnostic mformation for an EState and for I O errors, and control processmg set access to PCI slots and devices connected to the D bus 22. These registers are set by signals from the routmg matnx 80.
  • Dissimilar data registers (DDRs) 116 provide locations for containing dissimilar data for different processmg sets to enable non-deterministic data events to be handled. These registers are set by signals from the PA and PB buses.
  • Bndge decode logic enables a common wnte to disable a data comparator and allow wntes to two DDRs 116, one for each processmg set 14 and 16 A selected one of the DDRs can then be read m-sync by the processmg sets 14 and 16.
  • the DDRs thus provide a mechanism enablmg a location to be reflected from one processmg set (14/16) to another (16/14).
  • SRRs Slot response registers
  • Disconnect registers 120 are used for the storage of data phases of an I/O cycle which is aborted while data is in the bndge on the way to another bus.
  • the disconnect registers 120 receive all data queued in the bndge when a target device disconnects a transaction, or as the EState is detected.
  • These registers are connected to the routmg matnx 80
  • the routing matrix can queue up to three data words and byte enables.
  • the initial addresses are voted as bemg equal, address target controllers denve addresses which mcrement as data is exchanged between the bndge and the destination (or target).
  • a wnter for example a processor I/O wnte, or a DVMA (D bus to P bus access)
  • this data can be caught m the bndge when an error occurs.
  • this data is stored m the disconnect registers 120 when an error occurs.
  • These disconnect legisters can then be accessed on recovery from an EState to recover the data associated with the wnte or read cycle which was in progress when the EState was mitiated.
  • the DDRs 116, the SRRs 118 and the disconnect registers may form an integral part of the CSRs 114
  • EState and enor CSRs 114 provided for the capture of a failing cycle on the P buses 24 and 26, with an indication of the failing datum. Following a move to an EState, all of the wntes mitiated to the P buses are logged m the posted wnte buffer 122. These may be other wntes that have been posted m the processmg set bus controllers 50, or which may be mitiated by software before an EState interrupt causes the processors to stop carrying out wntes to the P buses 24 and 26.
  • a dirty RAM 124 is used to indicate which pages of the mam memory 56 of the processmg sets 14 and
  • DMA direct memory access
  • Each page (e.g. each 8K page) is marked by a smgle bit m the duty RAM 124 which is set when a DMA wnte occurs and can be cleared by a read and clear cycle mitiated on the dirty RAM 124 by a processor 52 of a processing set 14 and 16
  • FIG. 8 is a schematic functional overview of the bndge control logic 88 shown m Figure 6 All of the devices connected to the D bus 22 are addressed geographically. Accordmgly, the bridge carnes out decodmg necessary to enable the isolating FETs for each slot before an access to those slots is mitiated.
  • the address decodmg performed by the address decode logic 136 and 138 essentially permits four basic access types: - an out-of-sync access (i.e. not in the combmed mode) by one processmg set (e.g. processing set 14 of
  • Geographic addressmg is used combination with the PCI slot FET switchmg.
  • Durmg a configuration access mentioned above, separate device select signals are provided for devices which are not
  • a smgle device select signal can be provided for the switched PCI slots as the FET signals can be used to enable a correct card.
  • Separate FET switch lmes are provided to each slot for separately switchmg the FETs for the slots.
  • the SRRs 118 which could be mcorporated m the CSR registers 114, are associated with the address decode functions.
  • the SRRs 118 serve m a number of different roles which will be descnbed in more detail later. However, some of the roles are summarized here.
  • each slot may be disabled so that wntes are simply acknowledged without any transaction occurrmg on the device bus 22, whereby the data is lost. Reads will return meanmgless data, once agam without causing a transaction on the device board.
  • each slot can be m one of three states.
  • the states are:
  • a slot that is not owned by a processmg set 14 or 16 making an access (this mcludes not owned or unowned slots) cannot be accessed. Accordmgly, such an access is aborted.
  • the ownership bits are assessable and settable while in the combmed mode, but have no effect until a split state is entered. This allows the configuration of a split system to be determmed while still in the combmed mode.
  • Each PCI device is allocated an area of the processmg set address map. The top bits of the address are determined by the PCI slot. Where a device carnes out DMA, the bndge is able to check that the device is using the conect address because a D bus arbiter mforms the bndge which device is usmg the bus at a particular time.
  • a device access is a processmg set address which is not valid for it, then the device access will be ignored It should be noted that an address presented by a device will be a virtual address which would be translated by an I O memory management unit in the processing set bus controller 50 to an actual memory address.
  • the addresses output by the address decoders are passed via the initiator and target controllers 138 and 140 to the routing matrix 80 via the lines 98 under control of a bridge controller 132 and an arbiter 134.
  • An arbiter 134 is operable in various different modes to arbitrate for use of the bridge on a first-come- first-served basis using conventional PCI bus signals on the P and D buses.
  • the arbiter 134 is operable to arbitrate between the in-sync processing sets 14 and 16 and any initiators on the device bus 22 for use of the bridge 12. Possible scenarios are:
  • both processing sets 14 and 16 must arbitrate the use of the bridge and thus access to the device bus 22 and internal bridge registers (e.g. CSR registers 114).
  • the bridge 12 must also contend with initiators on the device bus 22 for use of that device bus 22.
  • Each slot on the device bus has an arbitration enable bit associated with it. These arbitration enable bits are cleared after reset and must be set to allow a slot to request a bus. When a device on the device bus 22 is suspected of providing an I O error, the arbitration enable bit for that device is automatically reset by the bridge.
  • a PCI bus interface in the processing set bus controller(s) 50 expects to be the master bus controller for the P bus concerned, that is it contains the PCI bus arbiter for the PA or PB bus to which it is connected.
  • the bridge 12 cannot directly control access to the PA and PB buses 24 and 26.
  • the bridge 12 competes for access to the PA or PB bus with the processing set on the bus concerned under the control of the bus controller 50 on the bus concerned.
  • FIG. 8 Also shown in Figure 8 is a comparator 130 and a bridge controller 132.
  • the comparator 130 is operable to compare I/O cycles from the processing sets 14 and 16 to determine any out-of-sync events. On determining an out-of-sync event, the comparator 130 is operable to cause the bridge controller 132 to activate an EState for analysis of the out-of-sync event and possible recovery therefrom.
  • Figure 9 is a schematic functional overview of the routing matrix 80.
  • the routing matrix 80 comprises a multiplexer 143 which is responsive to initiator control signals 98 from the initiator controller 138 of Figure 8 to select one of the PA bus path 94 , PB bus path 96, D bus path 92 or internal bus path 100 as the current input to the routing matrix.
  • Separate output buffers 144, 145, 146 and 147 are provided for output to each of the paths 94, 96, 92 and 100, with those buffers being selectively enabled by signals 99 from the target controller 140 of Figure 8. Between the multiplexer and the buffers 144-147 signals are held in a buffer 149. In the present embodiment three cycles of data for an I/O cycle will be held in the pipeline represented by the multiplexer 143, the buffer 149 and the buffers 144.
  • FIG. 10 is a schematic representation of a physical configuration of the bridge in which the bridge control logic 88, the storage control logic 90 and the bridge registers 110 are implemented in a first field programmable gate a ⁇ ay (FPGA) 89, the routing matrix 80 is implemented in further FPGAs 80.1 and 80.2 and the SRAM 126 is implemented as one or more separate SRAMs addressed by a address control lmes 127
  • the bus mterfaces 82, 84 and 86 shown m Figure 6 are not separate elements, but are mtegrated in the FPGAs 80.1, 80.2 and 89.
  • Two FPGAs 80 1 and 80.2 are used for the upper 32 bits 32-63 of a 64 bit PCI bus and the lower 32 bits 0-31 of the 64 bit PCI bus. It will be appreciated that a smgle FPGA could be employed for the routing matnx 80 where the necessary logic can be accommodated withm the device Indeed, where a FPGA of sufficient capacity is available, the bridge control logic, storage control logic and the bndge registers could be mcorporated in the same FPGA as the routmg matnx.
  • FPGAs 89, 80.1 and 80.2 and the SRAM 126 are connected via mtemal bus paths 85 and path control lmes 87.
  • ASICs Application Specific Integrated Circuits
  • FIG 11 is a transition diagram illustrating m more detail the vanous operating modes of the bndge.
  • the bndge operation can be divided mto three basic modes, namely an enor state (EState) mode 150, a split state mode 156 and a combmed state mode 158.
  • the EState mode 150 can be further divided mto 2 states.
  • the bndge is m this initial EState 152
  • all wntes are stored m the posted wnte buffer 120 and reads from the internal bridge registers (e.g., the CSR registers 116) are allowed, and all other reads are treated as enors (I e they are aborted)
  • the mdividual processmg sets 14 and 16 perform evaluations for determmmg a restart time. Each processmg set 14 and 16 will determine its own restart timer timing. The timer setting depends on a "blame" factor for the transition to the EState.
  • the bndge then moves (155) to the split state 156
  • access to the device bus 22 is controlled by the SRR registers 118 while access to the bndge storage is simply arbitrated.
  • the primary status of the processmg sets 14 and 16 is ignored.
  • Transition to a combmed operation is achieved by means of a sync_reset (157)
  • the bndge is then operable m the combmed state 158, whereby all read and wnte accesses on the D bus 22 and the PA and PB buses 24 and 26 are allowed. All such accesses on the PA and PB buses 24 and 26 are compared in the comparator 130. Detection of a mismatch between any read and wnte cycles (with an exception of specific dissimilar data I/O cycles) cause a transition 151 to the EState 150
  • the vanous states descnbed are controlled by the bridge controller 132.
  • the role of the comparator 130 is to monitor and compare I O operations on the PA and PB buses m the combined state 151 and, m response to a mismatched signal, to notify the bndge controller 132, whereby the bridge controller 132 causes the transition 152 to the enor state 150.
  • the I/O operations can mclude all I O operations initiated by the processmg sets, as well as DMA transfers m respect of DMA mitiated by a device on the device bus
  • Table 1 summarizes the vanous access operations which are allowed m each of the operational states
  • a system running m the combmed mode 158 transitions to the EState 150 where there is a companson failure detected m this bndge, or alternatively a companson failure is detected m another bndge in a multi- bridge system as shown, for example, m Figure 2
  • transitions to an EState 150 can occur in other situations, for example m the case of a software controlled event forming part of a self test operation
  • an interrupt is signaled to all or a subset of the processors of the processmg sets via an interrupt lme 95 Following this, all I/O cycles generated on a P bus 24 or 26 result m leads being returned with an exception and wntes bemg recorded m the posted wnte buffer
  • the operation of the comparator 130 will now be descnbed m more detail
  • the comparator is connected to paths 94, 95, 96 and 97 for companng address, data and selected control signals from the PA and PB bus interfaces 84 and 86
  • a failed companson of m-sync accesses to device I/O bus 22 devices causes a move from the combined state 158 to the EState 150
  • the address, command, address panty, byte enables and panty enor parameters are compared If the companson fails durmg the address phase, the bndge asserts a retry to the processing set bus controllers 50, which prevents data leavmg the I/O bus controllers 50 No activity occurs m this case on the device I/O bus 22 On the processor(s) retrying, no enor is returned
  • the bridge If the companson fails during a data phase (only control signals and byte enables are checked), the bridge signals a target-abort to the processmg set bus controllers 50 An enor is returned to the processors In the case of processmg set I/O bus wnte cycles, the address, command, panty, byte enables and data parameters are compared If the companson fails during the address phase, the bndge asserts a retry to the processmg set bus controllers 50, which results m the processmg set bus controllers 50 retrying the cycle agam. The posted wnte buffer 122 is then active No activity occurs on the device I/O bus 22.
  • Enors fall roughly mto two types, those which are made visible to the software by the processing set bus controller 50 and those which are not made visible by the processmg set bus controller 50 and hence need to be made visible by an interrupt from the bndge 12 Accordmgly, the bndge is operable to capture enors reported in connection with processmg set read and wnte cycles, and DMA reads and wntes
  • FIG. 12 is a flow diagram illustrating a possible sequence of operating stages where lockstep enors are detected durmg a combmed mode of operation.
  • Stage SI represents the combmed mode of operation where lockstep enor checkmg is performed by the comparator 130 shown m Figure 8.
  • Stage S2 a lockstep enor is assumed to have been detected by the comparator 130
  • Stage S3 the current state is saved m the CSR registers 114 and posted wntes are saved m the posted write buffer 122 and/or m the disconnect registers 120
  • FIG. 13 illustrates Stage S3 m more detail.
  • the bndge controller 132 detects whether the lockstep enor notified by the comparator 130 has occuned durmg a data phase in which it is possible to pass data to the device bus 22
  • the bus cycle is terminated
  • the data phases are stored m the disconnect registers 120 and conttol then passes to Stage S35 where an evaluation is made as to whether a further I/O cycle needs to be stored.
  • Stage S31 if at Stage S31, it is determmed that the lockstep enor did not occur during a data phase, the address and data phases for any posted wnte I/O cycles are stored m the posted wnte buffer 122.
  • Stage S34 if there are any further posted wnte I/O operations pendmg, these are also stored m the posted wnte buffer 122.
  • Stage S3 is performed at the initiation of the initial enor state 152 shown m Figure 11 In this state, the first and second processmg sets arbitrate for access to the bndge.
  • the posted write address and data phases for each of the processmg sets 14 and 16 are stored m separate portions of the posted wnte buffer 122, and or m the smgle set of disconnect registers as descnbed above
  • Figure 14 illustrates the source of the posted wnte I/O cycles which need to be stored m the posted write buffer 122.
  • output buffers 162 in the mdividual processors contain I/O cycles which have been posted for transfer via the processmg set bus controllers 50 to the bridge 12 and eventually to the device bus 22.
  • buffers 160 m the processmg set controllers 50 also contam posted I/O cycles for transfer over the buses 24 and 26 to the bndge 12 and eventually to the device bus 22.
  • I/O wnte cycles may already have been posted by the processors 52, either m their own buffers 162, or already transfened to the buffers 160 of the processing set bus controllers 50. It is the I/O wnte cycles m the buffers 162 and 160 which gradually propagate through and need to be stored in the posted wnte buffer 122.
  • a wnte cycle 164 posted to the posted wnte buffer 122 can compnse an address field 165 including an address and an address type, and between one and 16 data fields 166 mcludmg a byte enable field and the data itself.
  • the data is wntten mto the posted wnte buffer 122 m the EState unless the initiating processmg set has been designated as a primary CPU set. At that time, non-primary wntes m an EState still go to the posted wnte buffer even after one of the CPU sets has become a primary processmg set.
  • the value of the posted write buffer pomter can be cleared at reset, or by software using a write under the control of a primary processing set.
  • the individual processing sets independently seek to evaluate the enor state and to determine whether one of the processmg sets is faulty. This determination is made by the individual processors in an enor state in which they individually read status from the control state and EState registers 114. During this enor mode, the arbiter 134 arbitrates for access to the bndge 12.
  • Stage S5 one of the processmg sets 14 and 16 establishes itself as the primary processmg set. This is determmed by each of the processing sets identifying a time factor based on the estimated degree of responsibility for the enor, whereby the first processmg set to time out becomes the primary processmg set. In Stage S5, the status is recovered for that processing set and is copied to the other processing set. The primary processmg is able to access the posted wnte buffer 122 and the disconnect registers 120.
  • Stage S6 the bridge is operable in a split mode. If it is possible to re-establish an equivalent status for the first and second processmg sets, then a reset is issued at Stage S7 to put the processmg sets m the combmed mode at Stage SI. However, it may not be possible to re-establish an equivalent state until a faulty processmg set is replaced. Accordmgly the system will stay m the Split mode of Stage S6 m order to contmued operation based on a single processing set. After replacing the faulty processmg set the system could then establish an equivalent state and move via Stage S7 to Stage SI.
  • the comparator 130 is operable in the combined mode to compare the I/O operations output by the first and second processing sets 14 and 16. This is fine as long as all of the I/O operations of the first and second processmg sets 14 and 16 are fully synchronized and deterministic Any deviation from this will be interpreted by the comparator 130 as a loss of lockstep. This is m principle conect as even a minor deviation from identical outputs, if not trapped by the comparator 130, could lead to the processmg sets divergmg further from each other as the mdividual processmg sets act on the deviating outputs.
  • a solution to this problem employs the dissimilar data registers (DDR) 116 mentioned earlier
  • the solution is to wnte data from the processmg sets mto respective DDRs m the bndge while disabling the comparison of the data phases of the write operations and then to read a selected one of the DDRs back to each processmg set, whereby each of the processmg sets is able to act on the same data.
  • Figure 17 is a schematic representation of details of the bndge of Figures 6 to 10 It will be noted that details of the bndge not shown m Figure 6 to 8 are shown m Figure 17, whereas other details of the bndge shown m Figures 6 to 8 are not shown m Figure 17, for reasons of cla ⁇ ty.
  • the DDRs 116 are provided m the bndge registers 110 of Figure 7, but could be provided elsewhere in the bridge m other embodiments.
  • One DDR 116 is provided for each processmg set.
  • two DDRs 116A and 116B are provided, one for each of the first and second processmg sets 14 and 16, respectively.
  • Figure 17 represents a dissimilar data wnte stage.
  • the addressmg logic 136 is shown schematically to compnse two decoder sections, one decoder section 136A for the first processmg set and one decoder section 136B for the second processmg set 16 Durmg an address phase of a dissimilar data I/O wnte operation each of the processmg sets 14 and 16 outputs the same predetemuned address DDR-W which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressmg the respective first and second respective DDRs 116A and 116B As the same address is output by the first and second processmg sets 14 and 16, this is not interpreted by the comparator 130 as a lockstep enor.
  • the decodmg section 136A, or the decodmg section 136B, or both are ananged to further output a disable signal 137 m response to the predetemuned wnte address supplied by the first and second processmg sets 14 and 16.
  • This disable signal is supplied to the comparator 130 and is operative durmg the data phase of the wnte operation to disable the comparator.
  • the data output by the first processmg set can be stored m the first DDR 116A and the data output by the second processmg set can be stored m the second DDR 116B without the comparator bemg operative to detect a difference, even if the data from the first and second piocessmg sets is different
  • the first decodmg section is operable to cause the routmg matnx to store the data from the first processmg set 14 m the first DDR 116A and the second decodmg section is operable to cause the routmg matnx to store the data from the second processmg set 16 m the second DDR 116B.
  • the comparator 130 is once agam enabled to detect any differences between I/O address and/or data phases as indicative of a lockstep enor
  • the processing sets are then operable to read the data from a selected one of the DDRs 116A 116B.
  • Figure 18 illustrates an alternative anangement where the disable signal 137 is negated and is used to control a gate 131 at the output of the comparator 130 When the disable signal is active the output of the comparator is disabled, whereas when the disable signal is inactive the output of the comparator is enabled
  • FIG 19 illustrates the readmg of the first DDR 116A m a subsequent dissimilar data read stage.
  • each of the processmg sets 14 and 16 outputs the same predetemuned address DDR-RA which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressing the same DDR, namely the first DDR 116A
  • the content of the first DDR 116A is read by both of the processmg sets 14 and 16, thereby enablmg those processmg sets to receive the same data.
  • This enables the two processmg sets 14 and 16 to achieve determmistic behavior, even if the source of the data written into the DDRs 116 by the processmg sets 14 and 16 was not determmistic
  • the processmg sets could each read the data from the second DDR 116B.
  • Figure 20 illustrates the readmg of the second DDR 116B m a dissimilar data read stage followmg the dissimilar data write stage of Figure 15
  • each of the processmg sets 14 and 16 outputs the same piedetermined address DDR-RB which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressmg the same DDR, namely the second DDR 116B.
  • the content of the second DDR 116B is read by both of the processmg sets 14 and 16, thereby enablmg those processmg sets to receive the same data.
  • this enables the two processmg sets 14 and 16 to achieve determmistic behavior, even if the source of the data wntten mto the DDRs 116 by the processmg sets 14 and 16 was not deterministic.
  • the selection of which of the first and second DDRs 116A and 116B to be read can be determmed m any appropnate manner by the software operating on the processmg modules. This could be done on the basis of a simple selection of one or the other DDRs, or on a statistical basis or randomly or m any other manner as long as the same choice of DDR is made by both or all of the processmg sets
  • Figure 21 is a flow diagram summarizing the vanous stages of operation of the DDR mechanism described above
  • stage S10 a DDR wnte address DDR-W is received and decoded by the address decoders sections 136A and 136B durmg the address phase of the DDR wnte operation.
  • stage SI 1 the comparator 130 is disabled.
  • stage SI 2 the data received from the processmg sets 14 and 16 durmg the data phase of the DDR wnte operation is stored m the first and second DDRs 116A and 116B, respectively, as selected by the first and second decode sections 136A and 136B, respectively
  • stage SI 3 a DDR read address is received from the first and second processmg sets and is decoded by the decode sections 136A and 136B, respectively
  • 116A if the received address DDR-RB is for the second DDR 116B, then m stage S15 the content of that DDR 116B is read by both of the processmg sets 14 and 16
  • Figure 22 is a schematic representation of the arbitration performed on the respective buses 22, 24 and 26, and the arbitration for the bndge itself.
  • Each of the processmg set bus controllers 50 in the respective processmg sets 14 and 16 m cludes a conventional PCI master bus arbiter 180 for providmg arbitration to the respective buses 24 and 26.
  • Each of the master arbiters 180 is responsive to request signals from the associated processmg set bus controller 50 and the bridge 12 on respective request (REQ) lmes 181 and 182.
  • the master arbiters 180 allocate access to the bus on a first-come-first-served basis, issumg a grant (GNT) signal to the winning party on an appropnate grants lme 183 or 184
  • a conventional PCI bus arbiter 185 provides arbitration on the D bus 22.
  • the D bus arbiter 185 can be configured as part of the D bus mterface 82 of Figure 6 or could be separate therefrom.
  • the D bus arbiter is responsive to request signals from the contendmg devices, mcludmg the bridge and the devices 30, 31, etc. connected to the device bus 22.
  • Respective request lmes 186, 187, 188, etc. for each of the entities competing for access to the D bus 22 are provided for the request signals (REQ).
  • the D bus arbiter 185 allocates access to the D bus on a first-come-first-served basis, issumg a grant (GNT) signal to the winning entity via respective grant lmes 189, 190, 192, etc
  • Figure 23 is a state diagram surnma ⁇ sing the operation of the D bus arbiter 185.
  • up to six request signals may be produced by respective D bus devices and one by the bndge itself.
  • these are sorted by a pno ⁇ ty encoder and a request signal (REQ#) with the highest pnonty is registered as the winner and gets a grant (GNT#) signal.
  • REQ# request signal
  • GNT# grant
  • Each winner which is selected modifies the pnonties in a pnonty encoder so that given the same REQ# signals on the next move to grant.
  • a different device has the highest pnority, hence each device has a "fair" chance of accessmg DEVs.
  • the bndge REQ# has a higher weighting than D bus devices and will, under very busy conditions, get the bus for every second device.
  • BACKOFF is required as, under PCI rules, a device may access the bus one cycle after GNT# is removed. Devices may only be granted access to D bus if the bndge is not m the not m the EState. A new GNT# is produced at the times when the bus is idle.
  • FIG. 24 is a state diagram summansmg the operation of the bridge arbiter 134.
  • a pnonty encoder can be provided to resolve access attempts which collide. In this case "a collision" the loser/losers are retned which forces them to give up the bus. Under PCI rules retned devices must try repeatedly to access the bndge and this can be expected to happen.
  • the bndge arbiter 134 is responsive to standard PCI signals provided on standard PCI control lines 22 24 and 25 to control access to the bndge 12
  • Figure 25 illustrates signals associated with an I/O operation cycle on the PCI bus.
  • a PCI frame signal (FRAME#) is initially asserted
  • address (A) signals will be available on the DATA BUS and the appropnate command (wnte/read) signals (C) will be available on the command bus (CMD BUS)
  • C command bus
  • IRDY# the initiator ready signal
  • DEVSEL# device selected signal
  • TRDY# data transfer
  • the bndge is operable to allocate access to the bndge resources and thereby to negotiate allocation of a target bus m response to the FRAME# bemg asserted low for the initiator bus concerned.
  • the bridge arbiter 134 is operable to allocate access to the bndge resources and or to a target bus on a first-come- first-served basis m response to the FRAME# bemg asserted low
  • the arbiters may be additionally provided with a mechanism for loggmg the arbitration requests, and can imply a conflict resolution based on the request and allocation history where two requests are received at an identical time.
  • a simple pnonty can be allocated to the vanous requesters, whereby, in the case of identically timed requests, a particular requester always wins the allocation process.
  • Each of the slots on the device bus 22 has a slot response register (SRR) 118, as well as other devices connected to the bus, such as a SCSI mterface.
  • SRR slot response register
  • Each of the SRRs 118 contams bits definmg the ownership of the slots, or the devices connected to the slots on the direct memory access bus
  • each SRR 118 compnses a four bit register
  • a larger register will be required to determine ownership between more than two processmg sets For example, if three processmg sets are provided, then a five bit register will be requued for each slot
  • Figure 16 illustrates schematically one such four bit register 600 As shown m Figure 16, a first bit 602 is identified as SRR[0], a second bit 604 is identified as SRR[1], a third bit 606 is identified as SRR[2] and a fourth bit 608 is identified as SRR[3]
  • Bit SRR[0] is a bit which is set when wntes for valid transactions are to be suppressed.
  • Bit SRRfl is set when the device slot is owned by the first processmg set 14 This defines the access route between the first processmg set 14 and the device slot When this bit is set, the first processmg set 14 can always be master of a device slot 22, while the ability for the device slot to be master depends on whether bit
  • Bit SRR[2] is set when the device slot is owned by the second processmg set 16 This defines the access route between the second processmg set 16 and the device slot When this bit is set, the second processing set 16 can always be master of the device slot or bus 22, while the ability for the device slot to be master depends on whether bit SRR[3] is set Bit SRR[3] is an arbitration bit which gives the device slot the ability to become master of the device bus 22, but only if it is owned by one of the processmg sets 14 and 16, that is if one of the SRR [1] and SRR[2]
  • the fake bit (SRR[0]) of an SRR 118 When the fake bit (SRR[0]) of an SRR 118 is set, wntes to the device for that slot are ignored and do not appear on the device bus 22. Reads return mdetermmate data without causmg a transaction on the device bus 22 In the event of an I/O enor the fake bit SRR[0] of the SRR 188 conespondmg to the device which caused the enor is set by the hardware configuration of the bndge to disable further access to the device slot concerned An interrupt may also be generated by the bndge to inform the software which ongmated the access leading to the I/O enor that the enor has occurred The fake bit has an effect whether the system is m the split oi the combmed mode of operation.
  • each slot can be in three states:
  • a slot which is not owned by the processmg set making the access (this mcludes un-owned slots) cannot be accessed and results m an abort.
  • a processmg set can only claim an un-owned slot; it cannot wrest ownership away from another processmg set. This can only be done by powenng-off the other processmg set.
  • When a processmg set is powered off all slots owned by it move to the un-owned state. Whilst it is not possible for a processmg set to wrest ownership from another processmg set, it is possible for a processmg set to give ownership to another processmg set.
  • the owned bits can be altered when m the combmed mode of operation state but they have no effect until the split mode is entered.
  • Table 2 summarizes the access nghts as determined by an SRR 118.
  • the setting of SRR[2] logic high indicates that the device is owned by processmg set B
  • SRR[3] is set logic low and the device is not allowed access to the processmg set SRRfO] is set high so that any wntes to the device are ignored and reads therefrom return mdetermmate data
  • the malfunctioning device is effectively isolated from the processmg set, and provides mdetermmate data to satisfy any device dnvers, for example, that might be looking for a response from the device.
  • Figure 26 illustrates the operation of the bndge 12 for duect memory access by a device such as one of the devices 28, 29, 30, 31 and 32 to the memory 56 of the processmg sets 14 and 16
  • the D bus arbiter 185 receives a duect memory access (DMA) request 193 from a device (e.g., device 30 m slot 33) on the device bus
  • the D bus arbiter determines whether to allocate the bus to that slot.
  • the D-bus arbiter knows the slot which has made the DMA request 193
  • the DMA request is supplied to the address decoder 142 m the bndge, where the addresses associated with the request are decoded.
  • the address decoder is responsive to the D bus grant signal 194 for the slot concerned to identify the slot which has been granted access to the D bus for the DMA request
  • the address decode logic 142 holds or has access to a geographic address map 196, which identifies the relationship between the processor address space and the slots as a result of the geographic address employed
  • This geographic address map 196 could be held as a table m the bndge memory 126, along with the posted write buffer 122 and the durty RAM 124 Alternatively, it could be held as a table m a separate memory element, possibly forming part of the address decoder 142 itself.
  • the map 182 could be configured in a form other than a table.
  • the address decode logic 142 is configured to verify the conectness of the DMA addresses supplied by the device 30 In one embodunent of the mvention, this is achieved by companng four significant address bits of the address supplied by the device 30 with the conespondmg four address bits of the address held m the geographic addressmg map 196 for the slot identified by the D bus grant signal for the DMA request. In this example, four address bits are sufficient to determme whether the address supplied is withm the conect address range In this specific example, 32 bit PCI bus addresses are used, with bits 31 and 30 always bemg set to 1, bit 29 being allocated to identify which of two bndges on a motherboard is bemg addressed (see Figure 2) and bits 28 to 26 identifying a PCI device.
  • Bits 25-0 define an offset from the base address for the address range for each slot Accordmgly, by companng bits 29-26, it is possible to identify whether the address(es) supplied fall(s) withm the appropnate address range for the slot concerned. It will be appreciated that in other embodiments a different number of bits may need to be compared to make this determination dependmg upon the allocation of the addresses.
  • the address decode logic 142 could be ananged to use the bus grant signal 184 for the slot concerned to identify a table entry for the slot concerned and then to compare the address m that entry with the address(es) received with the DMA request as descnbed above.
  • the address decode logic 142 could be ananged to use the address(es) received with the DMA address to address a relational geographic address map and to determme a slot number therefrom, which could be compared to the slot for which the bus grant signal 194 is intended and thereby to determme whether the addresses fall withm the address range approp ⁇ ate for the slot concerned.
  • the address decode logic 142 is arranged to permit DMA to proceed if the DMA addresses fall withm the expected address space for the slot concerned. Otherwise, the address decoder is ananged to ignore the slots and the physical addresses.
  • the address decode logic 142 is further operable to control the routing of the DMA request to the appropnate processmg set(s) 14/16. If the bndge is m the combmed mode, the DMA access will automatically be allocated to all of the m-sync processmg sets 14/16. The address decode logic 142 will be aware that the bndge is in the combmed mode as it is under the control of the bndge controller 132 (see Figure 8) However, where the bndge is m the split mode, a decision will need to be made as to which, if any, of the processmg sets the DMA request is to be sent.
  • the access When the system is m split mode, the access will be directed to a processmg set 14 or 16 which owns the slot concerned. If the slot is un-owned, then the bndge does not respond to the DMA request
  • the address decode logic 142 is operable to determme the ownership of the device o ⁇ gmahng the DMA request by accessmg the SRR 118 for the slot concerned
  • the approp ⁇ ate slot can be identified by the D bus grant signal
  • the address decode logic 142 is operable to control the target controller 140 (see Figure 8) to pass the DMA request to the approp ⁇ ate processmg set(s) 14/16 based on the ownership bits SRRfl] and SRR[2] If bit SRRfl] is set, the first processmg set 14 is the owner and the DMA request is passed to the first processmg set If bit SRR[2] is set, the second processmg set 16 is the owner and the DMA request is passed to the second processing set. If neither of the bit S
  • FIG 27 is a flow diagram summarizing the DMA verification process as illustrated with reference to Figure 24.
  • the D-bus arbiter 160 arbitrates for access to the D bus 22.
  • stage S21 the address decoder 142 verifies the DMA addresses supplied with the DMA request by accessing the geographic address map.
  • stage S22 the address decoder ignores the DMA access where the address falls outside the expected range for the slot concerned.
  • the actions of the address decoder are dependent upon whether the bridge is in the combined or the split mode.
  • the address decoder controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to both processing sets 14 and 16. If the bridge is in the split mode, the address decoder is operative to verify the ownership of the slot concerned by reference to the SRR 118 for that slot in stage S25.
  • the address decoder 142 controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to first processing set 14. If the slot is allocated to the second processing set 16 (i.e. the SRR[2] bit is set), then in stage S27 the address decoder 142 controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to the second processing set 16.
  • step SI 8 the address decoder 142 ignores or discards the DMA request and the DMA request is not passed to the processing sets 14 and 16.
  • a DMA, or direct vector memory access (DVMA) request sent to one or more of the processing sets causes the necessary memory operations (read or write as appropriate) to be effected on the processing set memory.
  • DVMA direct vector memory access
  • the automatic recovery process includes reintegration of the state of the processing sets to a common status in order to attempt a restart in lockstep.
  • the processing set which asserts itself as the primary processing set as described above copies its complete state to the other processing set. This involves ensuring that the content of the memory of both processors is the same before trying a restart in lockstep mode.
  • a problem with the copying of the content of the memory from one processing set to the other is that during this copying process a device connected to the D bus 22 might attempt to make a direct memory access (DMA) request for access to the memory of the primary processing set.
  • DMA direct memory access
  • a dirty RAM 124 is provided in the bridge. As described earlier the dirty RAM 124 is configured as part of the bridge SRAM memory 126.
  • the dirty RAM 124 comprises a bit map having a dirty indicator, for example a dirty bit, for each block, or page, of memory.
  • the bit for a page of memory is set when a write access to the area of memory concerned is made. In an embodiment of the invention one bit is provided for every 8K page of main processing set memory.
  • the bit for a page of processing set memory is set automatically by the address decoder 142 when this decodes a DMA request for that page of memory for either of the processing sets 14 or 16 from a device connected to the D bus 22.
  • the dirty RAM can be reset, or cleared when it is read by a processing set, for example by means of read and clear instructions at the beginning of a copy pass, so that it can start to record pages which are dirtied since a given time.
  • the dirty RAM 124 can be read word by word. If a large word size is chosen for reading the dirty RAM
  • the bits in the dirty RAM 124 will indicate those pages of processing set memory which have been changed (or dirtied) by DMA writes during the period of the copy.
  • a further copy pass can then be performed for only those pages of memory which have been dirtied. This will take less time that a full copy of the memory. Accordingly, there are typically less pages marked as dirty at the end of the next copy pass and, as a result, the copy passes can become shorter and shorter.
  • the dirty RAM 124 is set and cleared in both the combined and split modes. This means that in split mode the dirty RAM 124 may be cleared by either processing set.
  • the dirty RAM 124 address is decoded from bits 13 to 28 of the PCI address presented by the D bus device. Enoneous accesses which present illegal combinations of the address bits 29 to 31 are mapped into the dirty RAM 124 and a bit is dirtied on a write, even though the bridge will not pass these transactions to the processing sets.
  • the bridge When reading the dirty RAM 124, the bridge defines the whole area from 0x00008000 to OxOOOOffff as dirty RAM and will clear the contents of any location in this range on a read.
  • Figure 28 is a flow diagram summarising the operation of the dirty RAM 124.
  • stage S41 the primary processing set reads the dirty RAM 124 which has the effect of resetting the dirty RAM 124.
  • the primary processor e.g. processmg set 14
  • copies the whole of its memory 56 to the memory 56 of the other processmg set e.g. processmg set 16
  • stage S43 the primary processmg set reads the dirty RAM 124 which has the effect of resetting the duty RAM 124
  • the primary processor determines whether less than a predetemuned number of bits have been wntten m the duty RAM 124
  • the processor m stage S45 copies those pages of its memory 56 which have been dirtied, as mdicated by the duty bits read from the duty RAM 124 in stage S43, to the memory 56 of the other processmg set Control then passes back to stage S43 If, in stage S44, it is determmed less than the predetemuned number of bits have been wntten in the dirty
  • the primary processor causes the bndge to inhibit DMA requests from the devices connected to the D bus 22. This could, for example, be achieved by clea ⁇ ng the arbitration enable bit for each of the device slots, thereby denying access of the DMA devices to the D bus 22 Alternatively, the address decoder 142 could be configured to ignore DMA requests under instructions from the primary processor. Durmg the penod in which DMA accesses are prevented, the primary processor then makes a final copy pass from its memory to the memory 56 of the other processor for those memory pages conespondmg to the bits set m the duty RAM 124
  • stage S47 the primary processor can issue a reset operation for initiating a combmed mode.
  • stage S48 DMA accesses are once more permitted.

Abstract

A bridge for multi-processor system includes bus interfaces for connection to an I/O bus of a first processing set, an I/O bus of a second processing set and a device bus. A bridge control mechanism is operable to permit direct memory access to memory of the processing sets by a device on the device bus, to arbitrate between the first and the second processing sets for access to the bridge in a first, split, mode, and to monitor lockstep operation of the first and second processing sets in a second, combined, mode. The dirty RAM mechanism defines a dirty indicator (e.g., a bit) for each of a plurality of regions of processing set memory, a dirty indicator being set to a predetermined value when the region of memory has been written to by a DMA access. One of the processing sets can be operable in the split mode as a primary processing set to copy the content of its memory to the other processing set(s) and to recopy regions which become identified by the dirty RAM mechanism as having been written to by virtue of the corresponding dirty indication being set. In response to a synchronization reset operation from the primary processing set, on completion of copying the content of the memory regions identified in the dirty RAM mechanism with no further regions having being so identified, the bridge can transfer from the split mode to the combined mode.

Description

TITLE: TRACKING MEMORY PAGE MODIFICATION IN A BRIDGE FOR A MULTI-PROCESSOR SYSTEM
BACKGROUND OF THE INVENTION
This mvention relates to a multi-processor computer system mcludmg first and second processmg sets (each of which may compnse one or more processors) which communicate with an I/O device bus.
The application finds particular application to fault tolerant computer systems where two or more processor sets need to communicate with an I/O device bus m lockstep with provision for identifying lockstep errors m order to identify faulty operation of the system as a whole.
In such a fault tolerant computer system, an aim is not only to be able to identify faults, but also to provide a structure which is able to provide a high degree of system availability. In order to provide high levels of system availability, it would be desirable for such systems to automatically attempt recovery from a lockstep error.
As pan of such an automatic recovery process it is necessary to reintegrate the state of the processmg sets to a common status m order to attempt a restart m lockstep An approach to achievmg this is to copy the complete state of one of the processmg sets (i.e. the "good" one) to the other processmg set. This involves ensuring that the content of the memory of both processors is the same before trying a restart m lockstep mode.
However, a problem with the copymg of the content of the memory from one processmg set to the other is that during this time devices connected to the I/O bus may be making direct memory access (DMA) to the memory of the processmg set(s). If a wnte is made to an area of memory which has already been copied, this would result m the memory state in the processmg sets at the end of the copy not bemg the same.
It has been proposed to employ a dirty RAM in a processor to indicate areas of memory which have been changed smce the dirty RAM was last reset. A dirty RAM is a bit map havmg a bit for each block, or page, of memory, which bit is set when a wnte access to the area of memory concerned is made. However, the provision of a dirty RAM in the processmg sets would not provide a rehable solution to the problem of reinstatmg the memory of the processor because of the difficulties and delays in accessmg the dirty RAM of other processmg sets.
An aim of the present mvention is to provide a solution to the problem of addressmg direct memory accesses m achievmg reinstatement of a concurrent state m first and second processmg sets.
SUMMARY OF THE INVENTION
Particular and preferred aspects of the mvention are set out m the accompanying mdependent and dependent claims. Combinations of features from the dependent claims may be combmed with features of the mdependent claims as appropnate and not merely as explicitly set out m the claims. In accordance with one aspect of the mvention, there is provided a bndge for a multi-processor system.
The bndge compnses bus mterface for connection to an I O bus of a first processmg set, an I O bus of a second processmg set and a device bus. A bndge control mechanism is operable to permit direct memory access to memory of the processmg sets by a device on the device bus, to arbitrate between the first and the second processmg sets for access to the bndge m a first, split, mode, and to monitor lockstep operation of the first and second processmg sets in a second, combmed, mode. A duty RAM mechanism is provided m the bndge for monitoring regions of processor set memory modified by direct memory accesses by the device on the device bus.
An embodiment of the mvention is thus able to monitor parts of memory modified by DMA operations initiated by a device on the device bus. By providmg a dirty RAM mechanism in a bridge, this facilitates access to the dirty RAM by the processmg sets The reintegraαon process can mvolve a number of passes, durmg each of which passes dirtied memory is copied from a good processmg set to a faulty (target) processmg set or sets During the process of re-integration the good processmg set can access the dirty RAM to determine the parts of the memory which have been dirtied (m either its own or the target processmg set's memory) to be copied on any pass.
It should be noted that the bus mterfaces referenced above need not be separate components of the bndge, but may be mcorporated m other components of the bndge, and may mdeed be simply connections for the lmes of the buses concerned.
In an embodiment of the mvention, the dirty RAM mechanism defines a duty indicator (e g , a bit) for each of a plurality of regions of processmg set memory, a duty mdicator bemg set to a predetemuned value when the region of memory has been written to by a DMA access.
The processmg sets can be configured such that one of the processmg sets is operable m the split mode as a primary processmg set and to copy the content of its memory to the other processmg set(s) If durmg this copy operation some of the regions of the memory are wntten to by a direct memory access, the state at the end of the copy operation will not be the same m the vanous processmg sets. As a result the primary processmg set re-copies those regions of its memory which have been marked in the dirty RAM mechanism as havmg been wntten to by virtue of the corresponding duty indication bemg set. This process can be repeated m a number of passes as required.
In an embodiment of the mvention, the bndge control mechanism compnses an arbiter connected to the first and second processor bus mterfaces and to the device bus mterface, the arbiter bemg configured to be operable in the split mode to arbitrate for use of the bndge by the first and second processmg sets and devices on the device bus. The bndge control mechanism is configured to be operable to respond to a synchronization reset operation from the primary processmg set, on completion of copymg the content of the memory regions identified in the dirty RAM mechanism with no further regions havmg bemg so identified, to transfer from the split mode of operation to the combmed mode of operation.
The dirty RAM mechanism can compnse a duty RAM configured m random access memory in the bndge. Alternatively, a separate hardware memory device may be provided. The content of the dirty RAM can be cleared on bemg read by a processmg set. Alternatively, two duty RAMs can be provided, the two duty
RAMs bemg operable m a toggle mode with one bemg wntten to while the other is bemg read. Optionally, a respective duty RAM could be provided for each processmg set.
There may be more than two processor bus mterfaces for connection to I O buses of respective processing sets.
In accordance with another aspect of the mvention, there is provided a computer system compnsmg a first processmg set havmg an I/O bus, a second processmg set havmg an I/O bus, a device bus, at least one device on the device bus and a bridge as set out above. Each processing set may comprise at least one processor, memory and a processing set I/O bus controller.
In accordance with a further aspect of the invention, there is provided a method of operating a multiprocessor system as set out above, the method comprising: permitting direct memory access to memory of the processing sets by the at least one device on the device bus; and monitoring, in a dirty RAM in the bridge, regions of processor set memory written to by the device on the device bus.
A method of re-integration can involve multiple passes of copying areas of memory from a first processing set to a second processing set, the areas to be copied being identified by the areas memory for which corresponding dirty RAM bit is set.
The re-integration method can include a set of preventing direct memory access to restart in a combined, or lockstep, mode.
BRIEF DESCRIPTION OF THE DRAWINGS
Exemplary embodiments of the present invention will be described hereinafter, by way of example only, with reference to the accompanying drawings in which like reference signs relate to like elements and in which:
Figure 1 is a schematic overview of a fault tolerant computer system incoiporating an embodiment of the invention;
Figure 2 is a schematic overview of a specific implementation of a system based on that of Figure 1;
Figure 3 is a schematic representation of one implementation of a processing set;
Figure 4 is a schematic representation of another example of a processing set;
Figure 5 is a schematic representation of a further processing set; Figure 6 is a schematic block diagram of an embodiment of a bridge for the system of Figure 1 ;
Figure 7 is a schematic block diagram of storage for the bridge of Figure 6;
Figure 8 is a schematic block diagram of control logic of the bridge of Figure 6;
Figure 9 is a schematic representation of a routing matrix of the bridge of Figure 6;
Figure 10 is an example implementation of the bridge of Figure 6; Figure 11 is a state diagram illustrating operational states of the bridge of Figure 6;
Figure 12 is a flow diagram illustrating stages in the operation of the bridge of Figure 6;
Figure 13 is a detail of a stage of operation from Figure 12;
Figure 14 illustrates the posting of I/O cycles in the system of Figure 1;
Figure 15 illustrates the data stored in a posted write buffer; Figure 16 is a schematic representation of a slot response register;
Figure 17 illustrates a dissimilar data write stage;
Figure 18 illustrates a modification to Figure 17;
Figure 19 illustrates a dissimilar data read stage;
Figure 20 illustrates an alternative dissimilar data read stage; Figure 21 is a flow diagram summarising the operation of a dissimilar data write mechanism;
Figure 22 is a schematic block diagram explaining arbitration within the system of Figure 1;
Figure 23 is a state diagram illustrating the operation of a device bus arbiter;
Figure 24 is a state diagram illustrating the operation of a bridge arbiter;
Figure 25 is a timing diagram for PCI signals;
Figure 26 is a schematic diagram illustrating the operation of the bridge of Figure 6 for direct memory access;
Figure 27 is a flow diagram illustrating a direct memory access method in the bridge of Figure 6; and Figure 28 is a flow diagram of a re-integration process including the monitoring of a dirty RAM.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Figure 1 is a schematic overview of a fault tolerant computing system 10 comprising a plurality of CPUsets (processing sets) 14 and 16 and a bridge 12. As shown in Figure 1, there are two processing sets 14 and 16, although in other embodiments there may be three or more processing sets. The bridge 12 forms an interface between the processing sets and I/O devices such as devices 28, 29, 30, 31 and 32. In this document, the term "processing set" is used to denote a group of one or more processors, possibly including memory, which output and receive common outputs and inputs. It should be noted that the alternative term mentioned above, "CPUset", could be used instead, and that these terms could be used interchangeably throughout this document. Also, it should be noted that the term "bridge" is used to denote any device, apparatus or arrangement suitable for interconnecting two or more buses of the same or different types.
The first processing set 14 is connected to the bridge 12 via a first processing set I/O bus (PA bus) 24, in the present instance a Peripheral Component Interconnect (PCI) bus. The second processing set 16 is connected to the bridge 12 via a second processing set I/O bus (PB bus) 26 of the same type as the PA bus 24 (i.e. here a PCI bus). The I/O devices are connected to the bridge 12 via a device I O bus (D bus) 22, in the present instance also a PCI bus.
Although, in the particular example described, the buses 22, 24 and 26 are all PCI buses, this is merely by way of example, and in other embodiments other bus protocols may be used and the D-bus 22 may have a different protocol from that of the PA bus and the PB bus (P buses) 24 and 26. The processing sets 14 and 16 and the bridge 12 are operable in synchronism under the control of a common clock 20, which is connected thereto by clock signal lines 21.
Some of the devices including an Ethernet (E-NET) interface 28 and a Small Computer System Interface (SCSI) interface 29 are permanently connected to the device bus 22, but other I/O devices such as I O devices 30, 31 and 32 can be hot insertable into individual switched slots 33, 34 and 35. Dynamic field effect transistor (FET) switching can be provided for the slots 33, 34 and 35 to enable hot insertability of the devices such as devices 30, 31 and 32. The provision of the FETs enables an increase in the length of the D bus 22 as only those devices which are active are switched on, reducing the effective total bus length. It will be appreciated that the number of I/O devices which may be connected to the D bus 22, and the number of slots provided for them, can be adjusted according to a particular implementation in accordance with specific design requirements.
Figure 2 is a schematic overview of a particular implementation of a fault tolerant computer employing a bridge structure of the type illustrated in Figure 1. In Figure 2, the fault tolerant computer system includes a plurality (here four) of bridges 12 on first and second I/O motherboards (MB 40 and MB 42) order to increase the number of I/O devices which may be connected and also to improve reliability and redundancy. Thus, in the embodiment shown in Figure 2, two processing sets 14 and 16 are each provided on a respective processing set board 44 and 46, with the processing set boards 44 and 46 'bridging' the I/O motherboards MB 40 and MB 42. A first, master clock source 20A is mounted on the first motherboard 40 and a second, slave clock source 20B is mounted on the second motherboard 42. Clock signals are supplied to the processing set boards 44 and 46 via respective connections (not shown in Figure 2).
First and second bridges 12.1 and 12.2 are mounted on the first I/O motherboard 40. The first bridge 12.1 is connected to the processing sets 14 and 16 by P buses 24.1 and 26.1, respectively. Similarly, the second bridge 12.2 is connected to the processing sets 14 and 16 by P buses 24.2 and 26.2, respectively. The bridge 12.1 is connected to an I/O databus (D bus) 22.1 and the bridge 12.2 is connected to an I/O databus (D bus) 22.2.
Third and fourth bridges 12.3 and 12.4 are mounted on the second I/O motherboard 42. The bridge 12.3 is connected to the processing sets 14 and 16 by P buses 24.3 and 26.3, respectively. Similarly, the bridge 4 is connected to the processing sets 14 and 16 by P buses 24.4 and 26.4, respectively. The bridge 12.3 is connected to an I/O databus (D bus) 22.3 and the bridge 12.4 is connected to an I O databus (D bus) 22.4.
It can be seen that the arrangement shown in Figure 2 can enable a large number of I O devices to be connected to the two processing sets 14 and 16 via the D buses 22.1, 22.2, 22.3 and 22.4 for either increasing the range of I/O devices available, or providing a higher degree of redundancy, or both.
Figure 3 is a schematic overview of one possible configuration of a processing set, such as the processing set 14 of Figure 1. The processing set 16 could have the same configuration. In Figure 3, a plurality of processors (here four) 52 are connected by one or more buses 54 to a processing set bus controller 50. As shown in Figure 3, one or more processing set output buses 24 are connected to the processing set bus controller 50, each processing set output bus 24 being connected to a respective bridge 12. For example, in the arrangement of Figure 1, only one processing set I O bus (P bus) 24 would be provided, whereas in the arrangement of Figure 2, four such processing set I/O buses (P buses) 24 would be provided. In the processing set 14 shown in Figure 3, individual processors operate using the common memory 56, and receive inputs and provide outputs on the common P bus(es) 24.
Figure 4 is an alternative configuration of a processing set, such as the processing set 14 of Figure 1. Here a plurality of processor/memory groups 61 are connected to a common internal bus 64. Each processor/memory group 61 includes one or more processors 62 and associated memory 66 connected to a internal group bus 63. An interface 65 connects the internal group bus 63 to the common internal bus 64. Accordingly, in the arrangement shown in Figure 4, individual processing groups, with each of the processors 62 and associated memory 66 are connected via a common internal bus 64 to a processing set bus controller 60. The interfaces 65 enable a processor 62 of one processing group to operate not only on the data in its local memory 66, but also m the memory of another processmg group 61 withm the processmg set 14. The processmg set bus controller 60 provides a common mterface between the common internal bus 64 and the processmg set I/O bus(es) (P bus(es)) 24 connected to the bndge(s) 12. It should be noted that although only two processmg groups 61 are shown m Figure 4, it will be appreciated that such a structure is not limited to this number of processmg groups.
Figure 5 illustrates an alternative configuration of a processmg set, such as the processmg set 14 of Figure 1. Here a simple processmg set mcludes a smgle processor 72 and associated memory 76 connected via a common bus 74 to a processmg set bus controller 70. The processmg set bus controller 70 provides an interface between the mtemal bus 74 and the processmg set I/O bus(es) (P bus(es)) 24 for connection to the bndge(s) 12.
Accordmgly, it will be appreciated from Figures 3, 4 and 5 that the processmg set may have many different forms and that the particular choice of a particular processmg set structure can be made on the basis of the processmg requirement of a particular application and the degree of redundancy required. In the following descnption, it is assumed that the processmg sets 14 and 16 referred to have a structure as shown in Figure 3. although it will be appreciated that another form of processmg set could be provided.
The bndge(s) 12 are operable m a number of operating modes. These modes of operation will be descnbed m more detail later. However, to assist m a general understanding of the structure of the bndge, the two operating modes will be bnefly summarized here. In a first, combmed mode, a bndge 12 is operable to route addresses and data between the processmg sets 14 and 16 (via the PA and PB buses 24 and 26, respectively) and the devices (via the D bus 22). In this combmed mode, I/O cycles generated by the processmg sets 14 and 16 are compared to ensure that both processmg sets are operating correctly. Companson failures force the bndge 12 into an error limiting mode (EState) m which device I/O is prevented and diagnostic mformation is collected. In the second, split mode, the bndge 12 routes and arbitrates addresses and data from one of the processmg sets 14 and 16 onto the D bus 22 and/or onto the other one of the processmg sets 16 and 14. respectively. In this mode of operation, the processmg sets 14 and 16 are not synchronized and no I/O compansons are made. DMA operations are also permitted m both modes. As mentioned above, the different modes of operation, mcludmg the combmed and split modes, will be descnbed in more detail later. However, there now follows a descnption of the basic structure of an example of the bndge 12.
Figure 6 is a schematic functional overview of the bndge 12 of Figure 1. Fust and second processmg set I O bus mterfaces, PA bus mterface 84 and PB bus mterface 86, are connected to the PA and PB buses 24 and 26, respectively. A device I/O bus mterface, D bus mterface 82, is connected to the D bus 22. It should be noted that the PA, PB and D bus mterfaces need not be configured as separate elements but could be incorporated m other elements of the bndge. Accordmgly, withm the context of this document, where a references is made to a bus mterface, this does not require the presence of a specific separate component, but lather the capability of the bndge to connect to the bus concerned, for example by means of physical or logical bndge connections for the lmes of the buses concerned.
Routing (hereinafter termed a routing matnx) 80 is connected via a first internal path 94 to the PA bus interface 84 and via a second mtemal path 96 to the PB bus mterface 86. The routing matrix 80 is further connected via a third internal path 92 to the D bus mterface 82. The routing matnx 80 is thereby able to provide I/O bus transaction routing m both durections between the PA and PB bus mterfaces 84 and 86. It is also able to provide routing m both directions between one or both of the PA and PB bus mterfaces and the D bus mterface 82 The routmg matnx 80 is connected via a further internal path 100 to storage control logic 90. The storage control logic 90 controls access to bndge registers 110 and to a random access memory (SRAM) 126 The routing matrix 80 is therefore also operable to provide routing in both durections between the PA, PB and D bus interfaces 84, 86 and 82 and the storage control logic 90. The routing matrix 80 is controlled by bndge control logic 88 over control paths 98 and 99. The bndge control logic 88 is responsive to control signals, data and addresses on internal paths 93, 95 and 97, and also to clock signals on the clock lme(s) 21.
In the embodiment of the mvention, each of the P buses (PA bus 24 and PB bus 26) operates under a PCI protocol. The processmg set bus controllers 50 (see Figure 3) also operate under the PCI protocol Accordmgly, the PA and PB bus mterfaces 84 and 86 each provide all the functionality required for a compatible mterface providmg both master and slave operation for data transferred to and from the D bus 22 or internal memones and registers of the bndge m the storage subsystem 90 The bus mterfaces 84 and 86 can provide diagnostic mformation to internal bndge status registers m the storage subsystem 90 on transition of the budge to an enor state (EState) or on detection of an I/O error
The device bus mterface 82 performs all the functionality required for a PCI compliant master and slave interface for transferring data to and from one of the PA and PB buses 84 and 86. The D bus 82 is operable during direct memory access (DMA) transfers to provide diagnostic mformation to mtemal status registers m the storage subsystem 90 of the bndge on transition to an EState or on detection of an I/O error. Figure 7 illustrates m more detail the bndge registers 110 and the SRAM 124. The storage control logic 110 is connected via a path (e.g. a bus) 112 to a number of register components 114, 116, 118, 120. The storage control logic is also connected via a path (e.g. a bus) 128 to the SRAM 126 in which a posted wnte buffer component 122 and a durty RAM component 124 are mapped. Although a particular configuration of the components 114, 116, 118, 120, 122 and 124 is shown m Figure 7, these components may be configured in other ways, with other components defined as regions of a common memory (e g a random access memory such as the SRAM 126, with the path 112/128 bemg formed by the internal addressmg of the regions of memory) As shown m Figure 7, the posted wnte buffer 122 and the dirty RAM 124 are mapped to different regions of the SRAM memory 126, whereas the registers 114, 116, 118 and 120 are configured as separate from the SRAM memory. Control and status registers (CSRs) 114 form internal registers which allow the control of vanous operating modes of the bndge, allow the capture of diagnostic mformation for an EState and for I O errors, and control processmg set access to PCI slots and devices connected to the D bus 22. These registers are set by signals from the routmg matnx 80.
Dissimilar data registers (DDRs) 116 provide locations for containing dissimilar data for different processmg sets to enable non-deterministic data events to be handled. These registers are set by signals from the PA and PB buses.
Bndge decode logic enables a common wnte to disable a data comparator and allow wntes to two DDRs 116, one for each processmg set 14 and 16 A selected one of the DDRs can then be read m-sync by the processmg sets 14 and 16. The DDRs thus provide a mechanism enablmg a location to be reflected from one processmg set (14/16) to another (16/14).
Slot response registers (SRRs) 118 determine ownership of device slots on the D bus 22 and to allow DMA to be routed to the appropnate processmg set(s) These registers are linked to address decode logic. Disconnect registers 120 are used for the storage of data phases of an I/O cycle which is aborted while data is in the bndge on the way to another bus. The disconnect registers 120 receive all data queued in the bndge when a target device disconnects a transaction, or as the EState is detected. These registers are connected to the routmg matnx 80 The routing matrix can queue up to three data words and byte enables. Provided the initial addresses are voted as bemg equal, address target controllers denve addresses which mcrement as data is exchanged between the bndge and the destination (or target). Where a wnter (for example a processor I/O wnte, or a DVMA (D bus to P bus access)) is wnting data to a target, this data can be caught m the bndge when an error occurs. Accordmgly, this data is stored m the disconnect registers 120 when an error occurs. These disconnect legisters can then be accessed on recovery from an EState to recover the data associated with the wnte or read cycle which was in progress when the EState was mitiated. Although shown separately, the DDRs 116, the SRRs 118 and the disconnect registers may form an integral part of the CSRs 114
EState and enor CSRs 114 provided for the capture of a failing cycle on the P buses 24 and 26, with an indication of the failing datum. Following a move to an EState, all of the wntes mitiated to the P buses are logged m the posted wnte buffer 122. These may be other wntes that have been posted m the processmg set bus controllers 50, or which may be mitiated by software before an EState interrupt causes the processors to stop carrying out wntes to the P buses 24 and 26.
A dirty RAM 124 is used to indicate which pages of the mam memory 56 of the processmg sets 14 and
16 have been modified by direct memory access (DMA) transactions from one or more devices on the D bus 22
Each page (e.g. each 8K page) is marked by a smgle bit m the duty RAM 124 which is set when a DMA wnte occurs and can be cleared by a read and clear cycle mitiated on the dirty RAM 124 by a processor 52 of a processing set 14 and 16
The dirty RAM 124 and the posted wnte buffer 118 may both be mapped mto the memory 124 in the bridge 12. This memory space can be accessed durmg normal read and wnte cycles for testmg purposes. Figure 8 is a schematic functional overview of the bndge control logic 88 shown m Figure 6 All of the devices connected to the D bus 22 are addressed geographically. Accordmgly, the bridge carnes out decodmg necessary to enable the isolating FETs for each slot before an access to those slots is mitiated.
The address decodmg performed by the address decode logic 136 and 138 essentially permits four basic access types: - an out-of-sync access (i.e. not in the combmed mode) by one processmg set (e.g. processing set 14 of
Figure 1) to the other processmg set (e.g. processmg set 16 of Figure 1), m which case the access is routed from the PA bus mterface 84 to the PB bus mterface 86; - an access by one of the processmg sets 14 and 16 m the split mode, or both processmg sets 14 and 16 m the combmed mode to an I/O device on the D bus 22, m which case the access is routed via the D bus interface 82,
- a DMA access by a device on the D bus 22 to one or both of the processmg sets 14 and 16, which would be directed to both processmg sets 14 and 16 m the combmed mode, or to the relevant processing set 14 or 16 if out-of-sync, and if m a split mode to a processmg set 14 or 16 which owns a slot m which the device is located; and
- a PCI configuration access to devices m I O slots.
As mentioned above, geographic addressmg is employed. Thus, for example, slot 0 on motherboard A has the same address when refened to by processmg set 14 or by processmg set 16.
Geographic addressmg is used combination with the PCI slot FET switchmg. Durmg a configuration access mentioned above, separate device select signals are provided for devices which are not
FET isolated. A smgle device select signal can be provided for the switched PCI slots as the FET signals can be used to enable a correct card. Separate FET switch lmes are provided to each slot for separately switchmg the FETs for the slots.
The SRRs 118, which could be mcorporated m the CSR registers 114, are associated with the address decode functions. The SRRs 118 serve m a number of different roles which will be descnbed in more detail later. However, some of the roles are summarized here.
In a combmed mode, each slot may be disabled so that wntes are simply acknowledged without any transaction occurrmg on the device bus 22, whereby the data is lost. Reads will return meanmgless data, once agam without causing a transaction on the device board.
In the split mode, each slot can be m one of three states. The states are:
- Not owned;
- Owned by processmg set A 14; - Owned by processmg set B 16.
A slot that is not owned by a processmg set 14 or 16 making an access (this mcludes not owned or unowned slots) cannot be accessed. Accordmgly, such an access is aborted.
When a processmg set 14 or 16 is powered off, all slots owned by it move to the un-owned state. A processmg set 14 or 16 can only claim an un-owned slot, it cannot wrest ownership away from another processmg set. This can only be done by powermg off the other processmg set, or by getting the other processmg set to relinquish ownership.
The ownership bits are assessable and settable while in the combmed mode, but have no effect until a split state is entered. This allows the configuration of a split system to be determmed while still in the combmed mode. Each PCI device is allocated an area of the processmg set address map. The top bits of the address are determined by the PCI slot. Where a device carnes out DMA, the bndge is able to check that the device is using the conect address because a D bus arbiter mforms the bndge which device is usmg the bus at a particular time. If a device access is a processmg set address which is not valid for it, then the device access will be ignored It should be noted that an address presented by a device will be a virtual address which would be translated by an I O memory management unit in the processing set bus controller 50 to an actual memory address.
The addresses output by the address decoders are passed via the initiator and target controllers 138 and 140 to the routing matrix 80 via the lines 98 under control of a bridge controller 132 and an arbiter 134. An arbiter 134 is operable in various different modes to arbitrate for use of the bridge on a first-come- first-served basis using conventional PCI bus signals on the P and D buses.
In a combined mode, the arbiter 134 is operable to arbitrate between the in-sync processing sets 14 and 16 and any initiators on the device bus 22 for use of the bridge 12. Possible scenarios are:
- processing set access to the device bus 22; - processing set access to internal registers in the bridge 12;
- Device access to the processing set memory 56.
In split mode, both processing sets 14 and 16 must arbitrate the use of the bridge and thus access to the device bus 22 and internal bridge registers (e.g. CSR registers 114). The bridge 12 must also contend with initiators on the device bus 22 for use of that device bus 22. Each slot on the device bus has an arbitration enable bit associated with it. These arbitration enable bits are cleared after reset and must be set to allow a slot to request a bus. When a device on the device bus 22 is suspected of providing an I O error, the arbitration enable bit for that device is automatically reset by the bridge.
A PCI bus interface in the processing set bus controller(s) 50 expects to be the master bus controller for the P bus concerned, that is it contains the PCI bus arbiter for the PA or PB bus to which it is connected. The bridge 12 cannot directly control access to the PA and PB buses 24 and 26. The bridge 12 competes for access to the PA or PB bus with the processing set on the bus concerned under the control of the bus controller 50 on the bus concerned.
Also shown in Figure 8 is a comparator 130 and a bridge controller 132. The comparator 130 is operable to compare I/O cycles from the processing sets 14 and 16 to determine any out-of-sync events. On determining an out-of-sync event, the comparator 130 is operable to cause the bridge controller 132 to activate an EState for analysis of the out-of-sync event and possible recovery therefrom. Figure 9 is a schematic functional overview of the routing matrix 80.
The routing matrix 80 comprises a multiplexer 143 which is responsive to initiator control signals 98 from the initiator controller 138 of Figure 8 to select one of the PA bus path 94 , PB bus path 96, D bus path 92 or internal bus path 100 as the current input to the routing matrix. Separate output buffers 144, 145, 146 and 147 are provided for output to each of the paths 94, 96, 92 and 100, with those buffers being selectively enabled by signals 99 from the target controller 140 of Figure 8. Between the multiplexer and the buffers 144-147 signals are held in a buffer 149. In the present embodiment three cycles of data for an I/O cycle will be held in the pipeline represented by the multiplexer 143, the buffer 149 and the buffers 144.
In Figures 6 to 9 a functional description of elements of the bridge has been given. Figure 10 is a schematic representation of a physical configuration of the bridge in which the bridge control logic 88, the storage control logic 90 and the bridge registers 110 are implemented in a first field programmable gate aπay (FPGA) 89, the routing matrix 80 is implemented in further FPGAs 80.1 and 80.2 and the SRAM 126 is implemented as one or more separate SRAMs addressed by a address control lmes 127 The bus mterfaces 82, 84 and 86 shown m Figure 6 are not separate elements, but are mtegrated in the FPGAs 80.1, 80.2 and 89. Two FPGAs 80 1 and 80.2 are used for the upper 32 bits 32-63 of a 64 bit PCI bus and the lower 32 bits 0-31 of the 64 bit PCI bus. It will be appreciated that a smgle FPGA could be employed for the routing matnx 80 where the necessary logic can be accommodated withm the device Indeed, where a FPGA of sufficient capacity is available, the bridge control logic, storage control logic and the bndge registers could be mcorporated in the same FPGA as the routmg matnx. Indeed many other configurations may be envisaged, and mdeed technology other than FPGAs, for example one or more Application Specific Integrated Circuits (ASICs) may be employed As shown m Figure 10, the FPGAs 89, 80.1 and 80.2 and the SRAM 126 are connected via mtemal bus paths 85 and path control lmes 87.
Figure 11 is a transition diagram illustrating m more detail the vanous operating modes of the bndge. The bndge operation can be divided mto three basic modes, namely an enor state (EState) mode 150, a split state mode 156 and a combmed state mode 158. The EState mode 150 can be further divided mto 2 states.
After initial resetting on powermg up the bndge, or following an out-of sync event, the bndge is m this initial EState 152 In this state, all wntes are stored m the posted wnte buffer 120 and reads from the internal bridge registers (e.g., the CSR registers 116) are allowed, and all other reads are treated as enors (I e they are aborted) In this state, the mdividual processmg sets 14 and 16 perform evaluations for determmmg a restart time. Each processmg set 14 and 16 will determine its own restart timer timing. The timer setting depends on a "blame" factor for the transition to the EState. A processmg set which determines that it is likely to have caused the enor sets a long time for the timer. A processmg set which thinks it unlikely to have caused the enor sets a short time for the tuner. The first processmg set 14 and 16 which times out, becomes a primary processmg set. Accordmgly, when this is determmed, the bndge moves (153) to the primary EState 154.
When either processmg set 14/16 has become the primary processmg set, the bndge is then operating in the primary EState 154 This state allows the primary processmg set to wnte to bndge registers (specifically the SRRs 118). Other wntes are no longer stored m the posted wnte buffer, but are simply lost Device bus reads are still aborted in the primary EState 154
Once the EState condition is removed, the bndge then moves (155) to the split state 156 In the split state 156, access to the device bus 22 is controlled by the SRR registers 118 while access to the bndge storage is simply arbitrated. The primary status of the processmg sets 14 and 16 is ignored. Transition to a combmed operation is achieved by means of a sync_reset (157) After issue of the syncjreset operation, the bndge is then operable m the combmed state 158, whereby all read and wnte accesses on the D bus 22 and the PA and PB buses 24 and 26 are allowed. All such accesses on the PA and PB buses 24 and 26 are compared in the comparator 130. Detection of a mismatch between any read and wnte cycles (with an exception of specific dissimilar data I/O cycles) cause a transition 151 to the EState 150 The vanous states descnbed are controlled by the bridge controller 132.
The role of the comparator 130 is to monitor and compare I O operations on the PA and PB buses m the combined state 151 and, m response to a mismatched signal, to notify the bndge controller 132, whereby the bridge controller 132 causes the transition 152 to the enor state 150. The I/O operations can mclude all I O operations initiated by the processmg sets, as well as DMA transfers m respect of DMA mitiated by a device on the device bus
Table 1 below summarizes the vanous access operations which are allowed m each of the operational states
TABLE 1
D Bus - Read D Bus- Wnte
E State Master Abort Stored m Post Wnte Buffer
Primary EState Master Abort Lost
Split Controlled by SRR bits Controlled by SRR bits and arbitrated and arbitrated
Combined Allowed and compared Allowed and compared
As descnbed above, after an initial reset, the system is m the initial EState 152 In this state, neither piocessing sets 14 or 16 can access the D bus 22 or the P bus 26 or 24 of the other processmg set 16 or 14 The internal bridge registers 116 of the bndge are accessible, but are read only
A system running m the combmed mode 158 transitions to the EState 150 where there is a companson failure detected m this bndge, or alternatively a companson failure is detected m another bndge in a multi- bridge system as shown, for example, m Figure 2 Also, transitions to an EState 150 can occur in other situations, for example m the case of a software controlled event forming part of a self test operation
On movmg to the EState 150, an interrupt is signaled to all or a subset of the processors of the processmg sets via an interrupt lme 95 Following this, all I/O cycles generated on a P bus 24 or 26 result m leads being returned with an exception and wntes bemg recorded m the posted wnte buffer
The operation of the comparator 130 will now be descnbed m more detail The comparator is connected to paths 94, 95, 96 and 97 for companng address, data and selected control signals from the PA and PB bus interfaces 84 and 86 A failed companson of m-sync accesses to device I/O bus 22 devices causes a move from the combined state 158 to the EState 150
For processmg set I/O read cycles, the address, command, address panty, byte enables and panty enor parameters are compared If the companson fails durmg the address phase, the bndge asserts a retry to the processing set bus controllers 50, which prevents data leavmg the I/O bus controllers 50 No activity occurs m this case on the device I/O bus 22 On the processor(s) retrying, no enor is returned
If the companson fails during a data phase (only control signals and byte enables are checked), the bridge signals a target-abort to the processmg set bus controllers 50 An enor is returned to the processors In the case of processmg set I/O bus wnte cycles, the address, command, panty, byte enables and data parameters are compared If the companson fails during the address phase, the bndge asserts a retry to the processmg set bus controllers 50, which results m the processmg set bus controllers 50 retrying the cycle agam. The posted wnte buffer 122 is then active No activity occurs on the device I/O bus 22.
If the companson fails durmg the data phase of a wnte operation, no data is passed to the D bus 22 The failmg data and any other transfer attnbutes from both processmg sets 14 and 16 are stored in the disconnect registers 122, and any subsequent posted wnte cycles are recorded in the posted wnte buffer 118
In the case of direct virtual memory access (DVMA) reads, the data control and panty are checked for each datum. If the data does not match, the bndge 12 terminates the transfer on the P bus. In the case of DVMA writes, control and panty enor signals are checked for conectness Other signals m addition to those specifically mentioned above can be compared to give an indication of divergence of the processmg sets Examples of these are bus grants and various specific signals during processing set transfers and durmg DMA transfers
Enors fall roughly mto two types, those which are made visible to the software by the processing set bus controller 50 and those which are not made visible by the processmg set bus controller 50 and hence need to be made visible by an interrupt from the bndge 12 Accordmgly, the bndge is operable to capture enors reported in connection with processmg set read and wnte cycles, and DMA reads and wntes
Clock control for the bndge is performed by the bndge controller 132 m response to the clock signals from the clock lme 21. Individual control lmes from the controller 132 to the vanous elements of the bndge are not shown m Figures 6 to 10. Figure 12 is a flow diagram illustrating a possible sequence of operating stages where lockstep enors are detected durmg a combmed mode of operation.
Stage SI represents the combmed mode of operation where lockstep enor checkmg is performed by the comparator 130 shown m Figure 8.
In Stage S2, a lockstep enor is assumed to have been detected by the comparator 130 In Stage S3, the current state is saved m the CSR registers 114 and posted wntes are saved m the posted write buffer 122 and/or m the disconnect registers 120
Figure 13 illustrates Stage S3 m more detail. Accordmgly, m Stage S31, the bndge controller 132 detects whether the lockstep enor notified by the comparator 130 has occuned durmg a data phase in which it is possible to pass data to the device bus 22 In this case, m Stage S32, the bus cycle is terminated Then, in Stage S33 the data phases are stored m the disconnect registers 120 and conttol then passes to Stage S35 where an evaluation is made as to whether a further I/O cycle needs to be stored. Alternatively, if at Stage S31, it is determmed that the lockstep enor did not occur during a data phase, the address and data phases for any posted wnte I/O cycles are stored m the posted wnte buffer 122. At Stage S34, if there are any further posted wnte I/O operations pendmg, these are also stored m the posted wnte buffer 122. Stage S3 is performed at the initiation of the initial enor state 152 shown m Figure 11 In this state, the first and second processmg sets arbitrate for access to the bndge. Accordmgly, m Stage S31-S35, the posted write address and data phases for each of the processmg sets 14 and 16 are stored m separate portions of the posted wnte buffer 122, and or m the smgle set of disconnect registers as descnbed above Figure 14 illustrates the source of the posted wnte I/O cycles which need to be stored m the posted write buffer 122. Durmg normal operation of the processmg sets 14 and 16, output buffers 162 in the mdividual processors contain I/O cycles which have been posted for transfer via the processmg set bus controllers 50 to the bridge 12 and eventually to the device bus 22. Similarly, buffers 160 m the processmg set controllers 50 also contam posted I/O cycles for transfer over the buses 24 and 26 to the bndge 12 and eventually to the device bus 22.
Accordmgly, it can be seen that when an enor state occurs, I/O wnte cycles may already have been posted by the processors 52, either m their own buffers 162, or already transfened to the buffers 160 of the processing set bus controllers 50. It is the I/O wnte cycles m the buffers 162 and 160 which gradually propagate through and need to be stored in the posted wnte buffer 122.
As shown in Figure 15, a wnte cycle 164 posted to the posted wnte buffer 122 can compnse an address field 165 including an address and an address type, and between one and 16 data fields 166 mcludmg a byte enable field and the data itself.
The data is wntten mto the posted wnte buffer 122 m the EState unless the initiating processmg set has been designated as a primary CPU set. At that time, non-primary wntes m an EState still go to the posted wnte buffer even after one of the CPU sets has become a primary processmg set. An address pointer m the CSR registers 114 pomts to the next available posted wnte buffer address, and also provides an overflow bit which is set when the bridge attempts to write past of the top of the posted wnte buffer for any one of the processing sets 14 and 16. Indeed, in the present implementation, only the first 16 K of data is recorded in each buffer. Attempts to write beyond the top of the posted wnte buffer are ignored. The value of the posted write buffer pomter can be cleared at reset, or by software using a write under the control of a primary processing set.
Returning to Figure 12, after saving the status and posted writes, at Stage S4 the individual processing sets independently seek to evaluate the enor state and to determine whether one of the processmg sets is faulty. This determination is made by the individual processors in an enor state in which they individually read status from the control state and EState registers 114. During this enor mode, the arbiter 134 arbitrates for access to the bndge 12.
In Stage S5, one of the processmg sets 14 and 16 establishes itself as the primary processmg set. This is determmed by each of the processing sets identifying a time factor based on the estimated degree of responsibility for the enor, whereby the first processmg set to time out becomes the primary processmg set. In Stage S5, the status is recovered for that processing set and is copied to the other processing set. The primary processmg is able to access the posted wnte buffer 122 and the disconnect registers 120.
In Stage S6, the bridge is operable in a split mode. If it is possible to re-establish an equivalent status for the first and second processmg sets, then a reset is issued at Stage S7 to put the processmg sets m the combmed mode at Stage SI. However, it may not be possible to re-establish an equivalent state until a faulty processmg set is replaced. Accordmgly the system will stay m the Split mode of Stage S6 m order to contmued operation based on a single processing set. After replacing the faulty processmg set the system could then establish an equivalent state and move via Stage S7 to Stage SI.
As described above, the comparator 130 is operable in the combined mode to compare the I/O operations output by the first and second processing sets 14 and 16. This is fine as long as all of the I/O operations of the first and second processmg sets 14 and 16 are fully synchronized and deterministic Any deviation from this will be interpreted by the comparator 130 as a loss of lockstep. This is m principle conect as even a minor deviation from identical outputs, if not trapped by the comparator 130, could lead to the processmg sets divergmg further from each other as the mdividual processmg sets act on the deviating outputs. However, a stnct application of this puts significant constraints on the design of the mdividual processmg sets An example of this is that it would not be possible to have independent time of day clocks m the mdividual processmg sets operating under then own clocks. This is because it is impossible to obtain two crystals which are 100% identical m operation. Even small differences m the phase of the clocks could be cπtical as to whether the same sample is taken at any one time, for example either side of a clock transition for the respective processmg sets
Accordmgly, a solution to this problem employs the dissimilar data registers (DDR) 116 mentioned earlier The solution is to wnte data from the processmg sets mto respective DDRs m the bndge while disabling the comparison of the data phases of the write operations and then to read a selected one of the DDRs back to each processmg set, whereby each of the processmg sets is able to act on the same data. Figure 17 is a schematic representation of details of the bndge of Figures 6 to 10 It will be noted that details of the bndge not shown m Figure 6 to 8 are shown m Figure 17, whereas other details of the bndge shown m Figures 6 to 8 are not shown m Figure 17, for reasons of claπty.
The DDRs 116 are provided m the bndge registers 110 of Figure 7, but could be provided elsewhere in the bridge m other embodiments. One DDR 116 is provided for each processmg set. In the example of the multi-processor system of Figure 1 where two processmg sets 14 and 16 are provided, two DDRs 116A and 116B are provided, one for each of the first and second processmg sets 14 and 16, respectively.
Figure 17 represents a dissimilar data wnte stage. The addressmg logic 136 is shown schematically to compnse two decoder sections, one decoder section 136A for the first processmg set and one decoder section 136B for the second processmg set 16 Durmg an address phase of a dissimilar data I/O wnte operation each of the processmg sets 14 and 16 outputs the same predetemuned address DDR-W which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressmg the respective first and second respective DDRs 116A and 116B As the same address is output by the first and second processmg sets 14 and 16, this is not interpreted by the comparator 130 as a lockstep enor.
The decodmg section 136A, or the decodmg section 136B, or both are ananged to further output a disable signal 137 m response to the predetemuned wnte address supplied by the first and second processmg sets 14 and 16. This disable signal is supplied to the comparator 130 and is operative durmg the data phase of the wnte operation to disable the comparator. As a result, the data output by the first processmg set can be stored m the first DDR 116A and the data output by the second processmg set can be stored m the second DDR 116B without the comparator bemg operative to detect a difference, even if the data from the first and second piocessmg sets is different The first decodmg section is operable to cause the routmg matnx to store the data from the first processmg set 14 m the first DDR 116A and the second decodmg section is operable to cause the routmg matnx to store the data from the second processmg set 16 m the second DDR 116B. At the end of the data phase the comparator 130 is once agam enabled to detect any differences between I/O address and/or data phases as indicative of a lockstep enor Followmg the wnting of the dissimilar data to the first and second DDRs 116A and 116B, the processing sets are then operable to read the data from a selected one of the DDRs 116A 116B.
Figure 18 illustrates an alternative anangement where the disable signal 137 is negated and is used to control a gate 131 at the output of the comparator 130 When the disable signal is active the output of the comparator is disabled, whereas when the disable signal is inactive the output of the comparator is enabled
Figure 19 illustrates the readmg of the first DDR 116A m a subsequent dissimilar data read stage. As illustrated m Figure 19, each of the processmg sets 14 and 16 outputs the same predetemuned address DDR-RA which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressing the same DDR, namely the first DDR 116A As a result, the content of the first DDR 116A is read by both of the processmg sets 14 and 16, thereby enablmg those processmg sets to receive the same data. This enables the two processmg sets 14 and 16 to achieve determmistic behavior, even if the source of the data written into the DDRs 116 by the processmg sets 14 and 16 was not determmistic
As an alternative, the processmg sets could each read the data from the second DDR 116B. Figure 20 illustrates the readmg of the second DDR 116B m a dissimilar data read stage followmg the dissimilar data write stage of Figure 15 As illustrated m Figure 20, each of the processmg sets 14 and 16 outputs the same piedetermined address DDR-RB which is separately interpreted by the respective first and second decodmg sections 136A and 136B as addressmg the same DDR, namely the second DDR 116B. As a result, the content of the second DDR 116B is read by both of the processmg sets 14 and 16, thereby enablmg those processmg sets to receive the same data. As with the dissimilar data read stage of Figure 16, this enables the two processmg sets 14 and 16 to achieve determmistic behavior, even if the source of the data wntten mto the DDRs 116 by the processmg sets 14 and 16 was not deterministic.
The selection of which of the first and second DDRs 116A and 116B to be read can be determmed m any appropnate manner by the software operating on the processmg modules. This could be done on the basis of a simple selection of one or the other DDRs, or on a statistical basis or randomly or m any other manner as long as the same choice of DDR is made by both or all of the processmg sets
Figure 21 is a flow diagram summarizing the vanous stages of operation of the DDR mechanism described above
In stage S10, a DDR wnte address DDR-W is received and decoded by the address decoders sections 136A and 136B durmg the address phase of the DDR wnte operation. In stage SI 1, the comparator 130 is disabled.
In stage SI 2, the data received from the processmg sets 14 and 16 durmg the data phase of the DDR wnte operation is stored m the first and second DDRs 116A and 116B, respectively, as selected by the first and second decode sections 136A and 136B, respectively
In stage SI 3, a DDR read address is received from the first and second processmg sets and is decoded by the decode sections 136A and 136B, respectively
If the received address DDR-RA is for the first DDR 116A, then m stage S14 the content of that DDR 116A is read by both of the processmg sets 14 and 16
Alternatively, 116A if the received address DDR-RB is for the second DDR 116B, then m stage S15 the content of that DDR 116B is read by both of the processmg sets 14 and 16 Figure 22 is a schematic representation of the arbitration performed on the respective buses 22, 24 and 26, and the arbitration for the bndge itself.
Each of the processmg set bus controllers 50 in the respective processmg sets 14 and 16 mcludes a conventional PCI master bus arbiter 180 for providmg arbitration to the respective buses 24 and 26. Each of the master arbiters 180 is responsive to request signals from the associated processmg set bus controller 50 and the bridge 12 on respective request (REQ) lmes 181 and 182. The master arbiters 180 allocate access to the bus on a first-come-first-served basis, issumg a grant (GNT) signal to the winning party on an appropnate grants lme 183 or 184
A conventional PCI bus arbiter 185 provides arbitration on the D bus 22. The D bus arbiter 185 can be configured as part of the D bus mterface 82 of Figure 6 or could be separate therefrom. As with the P bus master arbiters 180, the D bus arbiter is responsive to request signals from the contendmg devices, mcludmg the bridge and the devices 30, 31, etc. connected to the device bus 22. Respective request lmes 186, 187, 188, etc. for each of the entities competing for access to the D bus 22 are provided for the request signals (REQ). The D bus arbiter 185 allocates access to the D bus on a first-come-first-served basis, issumg a grant (GNT) signal to the winning entity via respective grant lmes 189, 190, 192, etc
Figure 23 is a state diagram surnmaπsing the operation of the D bus arbiter 185. In a particular embodiment up to six request signals may be produced by respective D bus devices and one by the bndge itself. On a transition mto the GRANT state, these are sorted by a pnoπty encoder and a request signal (REQ#) with the highest pnonty is registered as the winner and gets a grant (GNT#) signal. Each winner which is selected modifies the pnonties in a pnonty encoder so that given the same REQ# signals on the next move to grant. A different device has the highest pnority, hence each device has a "fair" chance of accessmg DEVs. The bndge REQ# has a higher weighting than D bus devices and will, under very busy conditions, get the bus for every second device.
If a device requesting the bus fails to perform a transaction withm 16 cycles it may lose GNT# via the BACKOFF state. BACKOFF is required as, under PCI rules, a device may access the bus one cycle after GNT# is removed. Devices may only be granted access to D bus if the bndge is not m the not m the EState. A new GNT# is produced at the times when the bus is idle.
In the GRANT and BUSY states, the FETs are enabled and an accessmg device is known and forwarded to the D bus address decode logic for checkmg against a DMA address provided by the device. Turning now to the bndge arbiter 134, this allows access to the bndge for the first device which asserts the PCI FRAME# signal indicating an address phase. Figure 24 is a state diagram summansmg the operation of the bridge arbiter 134.
As with the D bus arbiter, a pnonty encoder can be provided to resolve access attempts which collide. In this case "a collision" the loser/losers are retned which forces them to give up the bus. Under PCI rules retned devices must try repeatedly to access the bndge and this can be expected to happen.
To prevent devices which are very quick with their retry attempt from hoggmg the bndge, retned mterfaces are remembered and assigned a higher pnonty. These remembered retries are pnonttsed in the same way as address phases. However as a precaution this mechanism is timed out so as not to get stuck waiting for a faulty or dead device The algonthm employed prevents a device which hasn't yet been retned, but which would be a higher pnonty retry than a device currently waiting for, from bemg retned at the first attempt
In combmed operations a PA or PB bus mput selects which P bus mterface will wm a bndge access Both are informed they won Allowed selection enables latent fault checkmg during normal operation EState pi events the D bus from winning
The bndge arbiter 134 is responsive to standard PCI signals provided on standard PCI control lines 22 24 and 25 to control access to the bndge 12
Figure 25 illustrates signals associated with an I/O operation cycle on the PCI bus. A PCI frame signal (FRAME#) is initially asserted At the same time, address (A) signals will be available on the DATA BUS and the appropnate command (wnte/read) signals (C) will be available on the command bus (CMD BUS) Shortly after the frame signal bemg asserted low, the initiator ready signal (IRDY#) will also be asserted low When the device responds, a device selected signal (DEVSEL#) will be asserted low When a target ready signal is asserted low (TRDY#), data transfer (D) can occur on the data bus
The bndge is operable to allocate access to the bndge resources and thereby to negotiate allocation of a target bus m response to the FRAME# bemg asserted low for the initiator bus concerned. Accordmgly, the bridge arbiter 134 is operable to allocate access to the bndge resources and or to a target bus on a first-come- first-served basis m response to the FRAME# bemg asserted low As well as the simple first-come-first-served basis, the arbiters may be additionally provided with a mechanism for loggmg the arbitration requests, and can imply a conflict resolution based on the request and allocation history where two requests are received at an identical time. Alternatively, a simple pnonty can be allocated to the vanous requesters, whereby, in the case of identically timed requests, a particular requester always wins the allocation process.
Each of the slots on the device bus 22 has a slot response register (SRR) 118, as well as other devices connected to the bus, such as a SCSI mterface. Each of the SRRs 118 contams bits definmg the ownership of the slots, or the devices connected to the slots on the direct memory access bus In this embodiment, and for reasons to be elaborated below, each SRR 118 compnses a four bit register However, it will be appreciated that a larger register will be required to determine ownership between more than two processmg sets For example, if three processmg sets are provided, then a five bit register will be requued for each slot
Figure 16 illustrates schematically one such four bit register 600 As shown m Figure 16, a first bit 602 is identified as SRR[0], a second bit 604 is identified as SRR[1], a third bit 606 is identified as SRR[2] and a fourth bit 608 is identified as SRR[3]
Bit SRR[0] is a bit which is set when wntes for valid transactions are to be suppressed.
Bit SRRfl] is set when the device slot is owned by the first processmg set 14 This defines the access route between the first processmg set 14 and the device slot When this bit is set, the first processmg set 14 can always be master of a device slot 22, while the ability for the device slot to be master depends on whether bit
Bit SRR[2] is set when the device slot is owned by the second processmg set 16 This defines the access route between the second processmg set 16 and the device slot When this bit is set, the second processing set 16 can always be master of the device slot or bus 22, while the ability for the device slot to be master depends on whether bit SRR[3] is set Bit SRR[3] is an arbitration bit which gives the device slot the ability to become master of the device bus 22, but only if it is owned by one of the processmg sets 14 and 16, that is if one of the SRR [1] and SRR[2]
When the fake bit (SRR[0]) of an SRR 118 is set, wntes to the device for that slot are ignored and do not appear on the device bus 22. Reads return mdetermmate data without causmg a transaction on the device bus 22 In the event of an I/O enor the fake bit SRR[0] of the SRR 188 conespondmg to the device which caused the enor is set by the hardware configuration of the bndge to disable further access to the device slot concerned An interrupt may also be generated by the bndge to inform the software which ongmated the access leading to the I/O enor that the enor has occurred The fake bit has an effect whether the system is m the split oi the combmed mode of operation.
The ownership bits only have effect, however, m the split system mode of operation. In this mode, each slot can be in three states:
Not-owned;
Owned by processmg set 14; and Owned by processmg set 16
This is determmed by the two SRR bits SRR[1] and SRR[2], with SRRfl] bemg set when the slot is owned by processmg set 14 and SRR[2] bemg set when the slot is owned by processmg set B. If the slot is unowned, then neither bit is set (both bits set is an illegal condition and is prevented by the hardware).
A slot which is not owned by the processmg set making the access (this mcludes un-owned slots) cannot be accessed and results m an abort. A processmg set can only claim an un-owned slot; it cannot wrest ownership away from another processmg set. This can only be done by powenng-off the other processmg set. When a processmg set is powered off, all slots owned by it move to the un-owned state. Whilst it is not possible for a processmg set to wrest ownership from another processmg set, it is possible for a processmg set to give ownership to another processmg set. The owned bits can be altered when m the combmed mode of operation state but they have no effect until the split mode is entered.
Table 2 below summarizes the access nghts as determined by an SRR 118.
From Table 2, it can be seen that when the 4-bit SRR for a given device is set to 1100, for example, then the slot is owned by processmg set B (i.e. SRR[2] is logic high) and processmg set A may not read from or write to the device (I e. SRRfl] is logic low), although it may read from or wnte to the bndge. "FAKE_AT" is set logic low (I e. SRRfO] is logic low) indicating that access to the device bus is allowed as there are no faults on the bus. As "ARB_EN" is set logic high (l e. SRR[3] is logic high), the device with which the register is associated can become master of the D bus. This example demonstrates the operation of the register when the bus and associated devices are operating conectly TABLE 2
SRR PA BUS PB BUS Device Interface
[3[2][1][0]
0000 xOOx Read Wnte bndge SRR Read/Wnte bndge SRR Access denied
0010 Read/Wnte bndge Read/Wnte bndge Access Denied because Owned D Slot No access to D Slot arbitration bit is off
0100 Read/Wnte bndge Read/wnte bndge Access Denied because No access to D Slot Access to D Slot arbitration bit is off
1010 Read/Wnte bndge, Read/Wnte Bndge Access to CPU B De ed Owned D Slot No access to D Slot Access to CPU A OK
1 100 Read/Wnte bndge, Read/Wnte bndge Access to CPU A Demed No access to D Slot Access to D Slot Access to CPU B OK
001 1 Read/Wnte bndge, Read Wnte bndge Access Denied because
Bndge discard wntes No access to D Slot Arbitration bit is off
0101 Read/Wnte bndge, Read/Wnte bndge Access Demed because
No access to D slot Bndge discards wntes Arbitration bit is off
1011 Read/Wnte bndge, Read Wnte bndge Access to CPU B Demed
Bndge discard wntes No access to D Slot Access to CPU A OK
1101 Read/Wnte bndge, Read/Wnte bndge Access to CPU B Demed
No access to D slot Bndge discards wntes Access to CPU A OK
In an alternative example, where the SRR for the device is set to 0101, the setting of SRR[2] logic high indicates that the device is owned by processmg set B However, as the device is malfunctioning, SRR[3] is set logic low and the device is not allowed access to the processmg set SRRfO] is set high so that any wntes to the device are ignored and reads therefrom return mdetermmate data In this way, the malfunctioning device is effectively isolated from the processmg set, and provides mdetermmate data to satisfy any device dnvers, for example, that might be looking for a response from the device. Figure 26 illustrates the operation of the bndge 12 for duect memory access by a device such as one of the devices 28, 29, 30, 31 and 32 to the memory 56 of the processmg sets 14 and 16 When the D bus arbiter 185 receives a duect memory access (DMA) request 193 from a device (e.g., device 30 m slot 33) on the device bus, the D bus arbiter determines whether to allocate the bus to that slot. As a result of this granting procedure, the D-bus arbiter knows the slot which has made the DMA request 193 The DMA request is supplied to the address decoder 142 m the bndge, where the addresses associated with the request are decoded. The address decoder is responsive to the D bus grant signal 194 for the slot concerned to identify the slot which has been granted access to the D bus for the DMA request
The address decode logic 142 holds or has access to a geographic address map 196, which identifies the relationship between the processor address space and the slots as a result of the geographic address employed This geographic address map 196 could be held as a table m the bndge memory 126, along with the posted write buffer 122 and the durty RAM 124 Alternatively, it could be held as a table m a separate memory element, possibly forming part of the address decoder 142 itself. The map 182 could be configured in a form other than a table.
The address decode logic 142 is configured to verify the conectness of the DMA addresses supplied by the device 30 In one embodunent of the mvention, this is achieved by companng four significant address bits of the address supplied by the device 30 with the conespondmg four address bits of the address held m the geographic addressmg map 196 for the slot identified by the D bus grant signal for the DMA request. In this example, four address bits are sufficient to determme whether the address supplied is withm the conect address range In this specific example, 32 bit PCI bus addresses are used, with bits 31 and 30 always bemg set to 1, bit 29 being allocated to identify which of two bndges on a motherboard is bemg addressed (see Figure 2) and bits 28 to 26 identifying a PCI device. Bits 25-0 define an offset from the base address for the address range for each slot Accordmgly, by companng bits 29-26, it is possible to identify whether the address(es) supplied fall(s) withm the appropnate address range for the slot concerned. It will be appreciated that in other embodiments a different number of bits may need to be compared to make this determination dependmg upon the allocation of the addresses.
The address decode logic 142 could be ananged to use the bus grant signal 184 for the slot concerned to identify a table entry for the slot concerned and then to compare the address m that entry with the address(es) received with the DMA request as descnbed above. Alternatively, the address decode logic 142 could be ananged to use the address(es) received with the DMA address to address a relational geographic address map and to determme a slot number therefrom, which could be compared to the slot for which the bus grant signal 194 is intended and thereby to determme whether the addresses fall withm the address range appropπate for the slot concerned.
Either way, the address decode logic 142 is arranged to permit DMA to proceed if the DMA addresses fall withm the expected address space for the slot concerned. Otherwise, the address decoder is ananged to ignore the slots and the physical addresses.
The address decode logic 142 is further operable to control the routing of the DMA request to the appropnate processmg set(s) 14/16. If the bndge is m the combmed mode, the DMA access will automatically be allocated to all of the m-sync processmg sets 14/16. The address decode logic 142 will be aware that the bndge is in the combmed mode as it is under the control of the bndge controller 132 (see Figure 8) However, where the bndge is m the split mode, a decision will need to be made as to which, if any, of the processmg sets the DMA request is to be sent.
When the system is m split mode, the access will be directed to a processmg set 14 or 16 which owns the slot concerned. If the slot is un-owned, then the bndge does not respond to the DMA request In the split mode, the address decode logic 142 is operable to determme the ownership of the device oπgmahng the DMA request by accessmg the SRR 118 for the slot concerned The appropπate slot can be identified by the D bus grant signal The address decode logic 142 is operable to control the target controller 140 (see Figure 8) to pass the DMA request to the appropπate processmg set(s) 14/16 based on the ownership bits SRRfl] and SRR[2] If bit SRRfl] is set, the first processmg set 14 is the owner and the DMA request is passed to the first processmg set If bit SRR[2] is set, the second processmg set 16 is the owner and the DMA request is passed to the second processing set. If neither of the bit SRRfl] and SRR[2] is set, then the DMA request is ignored by the address decoder and is not passed to either of the processing sets 14 and 16.
Figure 27 is a flow diagram summarizing the DMA verification process as illustrated with reference to Figure 24. In stage S20, the D-bus arbiter 160 arbitrates for access to the D bus 22.
In stage S21, the address decoder 142 verifies the DMA addresses supplied with the DMA request by accessing the geographic address map.
In stage S22, the address decoder ignores the DMA access where the address falls outside the expected range for the slot concerned. Alternatively, as represented by stage S23, the actions of the address decoder are dependent upon whether the bridge is in the combined or the split mode.
If the bridge is in the combined mode, then in stage S24 the address decoder controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to both processing sets 14 and 16. If the bridge is in the split mode, the address decoder is operative to verify the ownership of the slot concerned by reference to the SRR 118 for that slot in stage S25.
If the slot is allocated to the first processing set 14 (i.e. the SRRfl] bit is set), then in stage S26 the address decoder 142 controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to first processing set 14. If the slot is allocated to the second processing set 16 (i.e. the SRR[2] bit is set), then in stage S27 the address decoder 142 controls the target controller 140 (see Figure 8) to cause the routing matrix 80 (see Figure 6) to pass the DMA request to the second processing set 16.
If the slot is unallocated (i.e. neither the SRRfl] bit nor the SRR[2] bit is set), then in step SI 8 the address decoder 142 ignores or discards the DMA request and the DMA request is not passed to the processing sets 14 and 16.
A DMA, or direct vector memory access (DVMA), request sent to one or more of the processing sets causes the necessary memory operations (read or write as appropriate) to be effected on the processing set memory.
There now follows a description of an example of a mechanism for enabling automatic recovery from an EState (see Figure 11).
The automatic recovery process includes reintegration of the state of the processing sets to a common status in order to attempt a restart in lockstep. To achieve this, the processing set which asserts itself as the primary processing set as described above copies its complete state to the other processing set. This involves ensuring that the content of the memory of both processors is the same before trying a restart in lockstep mode. However, a problem with the copying of the content of the memory from one processing set to the other is that during this copying process a device connected to the D bus 22 might attempt to make a direct memory access (DMA) request for access to the memory of the primary processing set. If DMA is enabled, then a write made to an area of memory which has already been copied would result in the memory state of the two processors at the end of the copy not being the same. In principle, it would be possible to inhibit DMA for the whole of the copy process. However, this would be undesirable, bearing in mind that it is desirable to minimise the time that the system or the resources of the system are unavailable. As an alternative, it would be possible to retry the whole copy operation when a DMA operation has occuned during the period of the copy. However, it is likely that further DMA operations would be performed during the copy retry, and accordingly this is not a good option either. Accordingly, in the present system, a dirty RAM 124 is provided in the bridge. As described earlier the dirty RAM 124 is configured as part of the bridge SRAM memory 126.
The dirty RAM 124 comprises a bit map having a dirty indicator, for example a dirty bit, for each block, or page, of memory. The bit for a page of memory is set when a write access to the area of memory concerned is made. In an embodiment of the invention one bit is provided for every 8K page of main processing set memory. The bit for a page of processing set memory is set automatically by the address decoder 142 when this decodes a DMA request for that page of memory for either of the processing sets 14 or 16 from a device connected to the D bus 22. The dirty RAM can be reset, or cleared when it is read by a processing set, for example by means of read and clear instructions at the beginning of a copy pass, so that it can start to record pages which are dirtied since a given time. The dirty RAM 124 can be read word by word. If a large word size is chosen for reading the dirty RAM
124, this will optimise the reading and resetting of the dirty RAM 124.
Accordingly, at the end of the copy pass the bits in the dirty RAM 124 will indicate those pages of processing set memory which have been changed (or dirtied) by DMA writes during the period of the copy. A further copy pass can then be performed for only those pages of memory which have been dirtied. This will take less time that a full copy of the memory. Accordingly, there are typically less pages marked as dirty at the end of the next copy pass and, as a result, the copy passes can become shorter and shorter. As some time it is necessary to decide to inhibit DMA writes for a short period for a final, short, copy pass, at the end of which the memories of the two processing sets will be the same and the primary processing set can issue a reset operation to restart the combined mode. The dirty RAM 124 is set and cleared in both the combined and split modes. This means that in split mode the dirty RAM 124 may be cleared by either processing set.
The dirty RAM 124 address is decoded from bits 13 to 28 of the PCI address presented by the D bus device. Enoneous accesses which present illegal combinations of the address bits 29 to 31 are mapped into the dirty RAM 124 and a bit is dirtied on a write, even though the bridge will not pass these transactions to the processing sets.
When reading the dirty RAM 124, the bridge defines the whole area from 0x00008000 to OxOOOOffff as dirty RAM and will clear the contents of any location in this range on a read.
As an alternative to providing a single dirty RAM 124 which is cleared on being read, another alternative would be to provide two dirty RAMs which are used in a toggle mode, with one being written to while another is read.
Figure 28 is a flow diagram summarising the operation of the dirty RAM 124.
In stage S41, the primary processing set reads the dirty RAM 124 which has the effect of resetting the dirty RAM 124. In stage S42, the primary processor (e.g. processmg set 14) copies the whole of its memory 56 to the memory 56 of the other processmg set (e.g. processmg set 16)
In stage S43, the primary processmg set reads the dirty RAM 124 which has the effect of resetting the duty RAM 124 In stage S44, the primary processor determines whether less than a predetemuned number of bits have been wntten m the duty RAM 124
If more than the predetermined number of bits have been set, then the processor m stage S45 copies those pages of its memory 56 which have been dirtied, as mdicated by the duty bits read from the duty RAM 124 in stage S43, to the memory 56 of the other processmg set Control then passes back to stage S43 If, in stage S44, it is determmed less than the predetemuned number of bits have been wntten in the dirty
RAM 124, then in Stage S45 the primary processor causes the bndge to inhibit DMA requests from the devices connected to the D bus 22. This could, for example, be achieved by cleaπng the arbitration enable bit for each of the device slots, thereby denying access of the DMA devices to the D bus 22 Alternatively, the address decoder 142 could be configured to ignore DMA requests under instructions from the primary processor. Durmg the penod in which DMA accesses are prevented, the primary processor then makes a final copy pass from its memory to the memory 56 of the other processor for those memory pages conespondmg to the bits set m the duty RAM 124
In stage S47 the primary processor can issue a reset operation for initiating a combmed mode.
In stage S48, DMA accesses are once more permitted.
It will be appreciated that although particular embodiments of the mvention have been descnbed, many modifications/additions and/or substitutions may be made withm the spiπt and scope of the present mvention as defined m the appended claims. For example, although m the specific descnption two processmg sets are provided, it will be appreciated that the specifically descnbed features may be modified to provide for three or more processmg sets

Claims

WHAT IS CLAIMED:
1. A bridge for a multi-processor system, the bridge comprising: a first processor bus interface for connection to an I/O bus of a first processing set, the first processing set including memory; a second processor bus interface for connection to an I/O bus of a second processing set, the second processing set including memory; a device bus interface for connection to a device bus; a bridge control mechanism configured to be operable to permit direct memory access to the memory of the processing sets by a device on the device bus, to arbitrate between the first and the second processing sets for access to the bridge in a first, split, mode, and to monitor lockstep operation of the first and second processing sets in a second, combined, mode; and a dirty RAM mechanism in the bridge for monitoring regions of processor set memory modified by direct memory access by the device on the device bus.
2. The bridge of claim 1, wherein the dirty RAM mechanism defines a dirty indicator for each of a plurality of regions of processing set memory, a dirty indicator being set to a predetermined value when the region of memory has been written to by a DMA access.
3. The bridge of claim 2, wherein the dirty indicator is a dirty bit.
4. The bridge of claim 2, wherein the processing sets are configured such that one of the processing sets is operable in the split mode as a primary processing set and to copy the content of its memory to the other processing set.
5. The bridge of claim 3, wherein the primary processing set is operable at the end of a copy pass to re- copy memory regions, which are identified in the dirty RAM mechanism as having been written to by virtue of the conesponding dirty indication being set, from its memory to the memory of the other processing set.
6. The bridge of claim 4, wherein the bridge conttol mechanism comprises an arbiter configured to be operable in the split mode to arbitrate for access to the bridge by the first and second processors and a device on the device bus.
7. The bridge of claim 6, wherein the bridge conttol mechanism is configured to be operable to respond to a synchronization reset operation from the primary processing set, on completion of copying the content of the memory regions identified in the dirty RAM mechanism with no further regions having being so identified, to transfer from the split mode of operation to the combined mode of operation.
8. The bridge of claim 7, wherein the dirty RAM mechanism comprises a dirty RAM configured in random access memory in the bridge.
9. The bridge of claim 6, wherein the content of the dirty RAM is cleared on being read by a processing set.
10. The bridge of claim 1, comprising at least one further processor bus interface for connection to an I/O bus of a further processing set.
11. A bridge for a multi-processor system, the bridge comprising means for interfacing with a first I/O bus for a first processing set, a second I/O bus for a second processing set, and a device bus, means permitting direct memory access to memory of the processing sets by a device on the device bus, means for arbitrating between the first and the second processing sets for access to the bridge in a first, split, mode, means for monitoring lockstep operation of the first and second processing sets in a second, combined, mode and dirty RAM means for monitoring regions of processor set memory modified by direct memory accesses by the device on the device bus.
12. A computer system comprising a first processing set having memory and an first I O bus, a second processing set having memory and a second I/O bus, a device bus, at least one device on the device bus and a bridge, the bridge being connected to the first I/O bus the second I O bus and the device bus and comprising: a bridge conttol mechanism configured to be operable to permit direct memory access to the memory of the processing sets by the at least one device on the device bus, to arbitrate between the first and the second processing sets for access to the bridge in a first, split, mode, and to monitor lockstep operation of the first and second processing sets in a second, combined, mode; and a dirty RAM mechanism in the bridge for monitoring regions of processor set memory modified by direct memory accesses by the device on the device bus.
13. A computer system according to claim 12, wherein each processing set comprises at least one processor, memory and a processing set I/O bus controller.
14. The computer system of claim 12, further comprising at least one further processing set.
15. A method of operating a multi-processor system comprising a first processing set having memory and a first I/O bus, a second processing set having memory and a second I O bus, a device bus having at least one device connected thereto, and a bridge, the bridge being connected to the first I/O bus, the second I/O bus and the device bus, the method comprising: permitting direct memory access to the memory of the processing sets by the at least one device on the device bus; and monitoring, in a dirty RAM in the bridge, regions of processor set memory modified by direct memory access by the device on the device bus.
16. A method of re-integrating a fault tolerant multi-processor system comprising a first processing set having memory and an I/O bus, a second processing set having memory and an I/O bus, a device bus having at least one device connected thereto, and a bridge, the bridge being connected to the first I/O bus, the second I/O bus and the device bus, the method comprising: following a lockstep enor, operating the system in a split mode in which one of the processing sets is operable to copy its state to the other processing set, during which split mode direct memory access to memory of the processing sets by the at least one device on the device bus is permitted and regions of processor set memory written to by the device are marked in a dirty RAM in the bridge; conducting a number of times a step of copying areas of memory indicated in the dirty RAM as having been dirtied since the start of a previous copy step.
17. The method of claim 16, wherein, direct memory access is inhibited during a final copy step and then a combined mode is initiated, in which combined mode lockstep operation of the first and second processing sets is monitored.
PCT/US1999/012429 1998-06-15 1999-06-03 Tracking memory page modification in a bridge for a multi-processor system WO1999066402A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP99957102A EP1086424B1 (en) 1998-06-15 1999-06-03 Tracking memory page modification in a bridge for a multi-processor system
DE69900947T DE69900947T2 (en) 1998-06-15 1999-06-03 TRACKING MEMORY SIDE MODIFICATION IN A BRIDGE FOR A MULTIPROCESSOR SYSTEM
AT99957102T ATE213850T1 (en) 1998-06-15 1999-06-03 MEMORY PAGE MODIFICATION TRACKING IN A BRIDGE FOR A MULTI-PROCESSOR SYSTEM
JP2000555159A JP2002518734A (en) 1998-06-15 1999-06-03 Tracking memory page changes in bridges for multiprocessor systems

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/097,467 US6138198A (en) 1998-06-15 1998-06-15 Processor bridge with dissimilar data registers which is operable to disregard data differences for dissimilar data write accesses
US09/097,486 US6260159B1 (en) 1998-06-15 1998-06-15 Tracking memory page modification in a bridge for a multi-processor system
US09/097,486 1998-06-15

Publications (1)

Publication Number Publication Date
WO1999066402A1 true WO1999066402A1 (en) 1999-12-23

Family

ID=38829267

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US1999/012429 WO1999066402A1 (en) 1998-06-15 1999-06-03 Tracking memory page modification in a bridge for a multi-processor system
PCT/US1999/012430 WO1999066403A1 (en) 1998-06-15 1999-06-03 Processor bridge with dissimilar data registers

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US1999/012430 WO1999066403A1 (en) 1998-06-15 1999-06-03 Processor bridge with dissimilar data registers

Country Status (6)

Country Link
US (2) US6138198A (en)
EP (2) EP1090349B1 (en)
JP (2) JP2002518735A (en)
AT (2) ATE213554T1 (en)
DE (2) DE69900947T2 (en)
WO (2) WO1999066402A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2369692A (en) * 2000-11-29 2002-06-05 Sun Microsystems Inc A fault tolerant computer with a bridge allowing direct memory access (DMA) between main memories of duplicated processing sets
GB2369691B (en) * 2000-11-29 2003-06-04 Sun Microsystems Inc Control logic for memory modification tracking
WO2007135490A1 (en) * 2006-05-24 2007-11-29 Freescale Semiconductor, Inc. Method and system for storing data from a plurality of processors

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6587961B1 (en) * 1998-06-15 2003-07-01 Sun Microsystems, Inc. Multi-processor system bridge with controlled access
US7197589B1 (en) * 1999-05-21 2007-03-27 Silicon Graphics, Inc. System and method for providing access to a bus
AU5805300A (en) 1999-06-10 2001-01-02 Pact Informationstechnologie Gmbh Sequence partitioning in cell structures
US6708244B2 (en) * 1999-07-22 2004-03-16 Cypress Semiconductor Corp. Optimized I2O messaging unit
US6691257B1 (en) * 2000-04-13 2004-02-10 Stratus Technologies Bermuda Ltd. Fault-tolerant maintenance bus protocol and method for using the same
US6708283B1 (en) 2000-04-13 2004-03-16 Stratus Technologies, Bermuda Ltd. System and method for operating a system with redundant peripheral bus controllers
US6802022B1 (en) 2000-04-14 2004-10-05 Stratus Technologies Bermuda Ltd. Maintenance of consistent, redundant mass storage images
US6901481B2 (en) * 2000-04-14 2005-05-31 Stratus Technologies Bermuda Ltd. Method and apparatus for storing transactional information in persistent memory
US6658519B1 (en) * 2000-07-28 2003-12-02 International Business Machines Corporation Bus bridge with embedded input/output (I/O) and transaction tracing capabilities
US6636919B1 (en) * 2000-10-16 2003-10-21 Motorola, Inc. Method for host protection during hot swap in a bridged, pipelined network
GB2369693B (en) * 2000-11-29 2002-10-16 Sun Microsystems Inc Protection for memory modification tracking
GB2369694B (en) * 2000-11-29 2002-10-16 Sun Microsystems Inc Efficient memory modification tracking
GB2369690B (en) * 2000-11-29 2002-10-16 Sun Microsystems Inc Enhanced protection for memory modification tracking
US6886171B2 (en) * 2001-02-20 2005-04-26 Stratus Technologies Bermuda Ltd. Caching for I/O virtual address translation and validation using device drivers
US6766413B2 (en) 2001-03-01 2004-07-20 Stratus Technologies Bermuda Ltd. Systems and methods for caching with file-level granularity
US9552047B2 (en) 2001-03-05 2017-01-24 Pact Xpp Technologies Ag Multiprocessor having runtime adjustable clock and clock dependent power supply
US9411532B2 (en) * 2001-09-07 2016-08-09 Pact Xpp Technologies Ag Methods and systems for transferring data between a processing device and external devices
US9436631B2 (en) 2001-03-05 2016-09-06 Pact Xpp Technologies Ag Chip including memory element storing higher level memory data on a page by page basis
EP1249744A1 (en) * 2001-08-23 2002-10-16 Siemens Aktiengesellschaft Method and apparatus for providing consistent memory contents in a redundant system
US6934888B2 (en) * 2002-03-07 2005-08-23 International Business Machines Corporation Method and apparatus for enhancing input/output error analysis in hardware sub-systems
US6976191B2 (en) * 2002-03-07 2005-12-13 International Business Machines Corporation Method and apparatus for analyzing hardware errors in a logical partitioned data processing system
GB2390442B (en) * 2002-03-19 2004-08-25 Sun Microsystems Inc Fault tolerant computer system
GB2391335B (en) * 2002-03-19 2005-01-12 Sun Microsystems Inc Computer system
US9170812B2 (en) 2002-03-21 2015-10-27 Pact Xpp Technologies Ag Data processing system having integrated pipelined array data processor
JP2004046455A (en) * 2002-07-10 2004-02-12 Nec Corp Information processor
JP3774826B2 (en) * 2002-07-11 2006-05-17 日本電気株式会社 Information processing device
US7096306B2 (en) * 2002-07-31 2006-08-22 Hewlett-Packard Development Company, L.P. Distributed system with cross-connect interconnect transaction aliasing
DE102004001819A1 (en) * 2004-01-07 2005-08-04 Siemens Ag Redundant computer configuration
JP2006178616A (en) * 2004-12-21 2006-07-06 Nec Corp Fault tolerant system, controller used thereform, operation method and operation program
JP2006178636A (en) * 2004-12-21 2006-07-06 Nec Corp Fault tolerant computer and its control method
US7669073B2 (en) * 2005-08-19 2010-02-23 Stratus Technologies Bermuda Ltd. Systems and methods for split mode operation of fault-tolerant computer systems
US7673199B2 (en) * 2006-02-03 2010-03-02 Teradyne, Inc. Multi-stream interface for parallel test processing
JP5028304B2 (en) * 2008-03-11 2012-09-19 株式会社日立製作所 Virtual computer system and control method thereof
US7430584B1 (en) * 2008-03-12 2008-09-30 Gene Fein Data forwarding storage
US9203928B2 (en) 2008-03-20 2015-12-01 Callahan Cellular L.L.C. Data storage and retrieval
US7636759B1 (en) * 2008-09-29 2009-12-22 Gene Fein Rotating encryption in data forwarding storage
US7636761B1 (en) * 2008-09-29 2009-12-22 Gene Fein Measurement in data forwarding storage
US7599997B1 (en) 2008-08-01 2009-10-06 Gene Fein Multi-homed data forwarding storage
US8458285B2 (en) * 2008-03-20 2013-06-04 Post Dahl Co. Limited Liability Company Redundant data forwarding storage
US7877456B2 (en) * 2008-04-08 2011-01-25 Post Dahl Co. Limited Liability Company Data file forwarding storage and search
US8386585B2 (en) * 2008-04-25 2013-02-26 Tajitshu Transfer Limited Liability Company Real-time communications over data forwarding framework
US8452844B2 (en) * 2008-05-07 2013-05-28 Tajitshu Transfer Limited Liability Company Deletion in data file forwarding framework
JP5455901B2 (en) * 2008-06-02 2014-03-26 株式会社東芝 Digital processing type monitoring device
US8599678B2 (en) 2008-07-10 2013-12-03 Tajitshu Transfer Limited Liability Company Media delivery in data forwarding storage network
US8370446B2 (en) 2008-07-10 2013-02-05 Tajitshu Transfer Limited Liability Company Advertisement forwarding storage and retrieval network
US8352635B2 (en) 2008-09-29 2013-01-08 Tajitshu Transfer Limited Liability Company Geolocation assisted data forwarding storage
US8478823B2 (en) * 2008-09-29 2013-07-02 Tajitshu Transfer Limited Liability Company Selective data forwarding storage
WO2010116402A1 (en) * 2009-03-30 2010-10-14 富士通株式会社 Information processor
CN102628921B (en) * 2012-03-01 2014-12-03 华为技术有限公司 Integrated circuit and method for monitoring bus state in integrated circuit
CN103793190A (en) * 2014-02-07 2014-05-14 北京京东方视讯科技有限公司 Information display method and device and display equipment
CN113740851B (en) * 2021-09-07 2023-06-13 电子科技大学 SAR imaging data processing system of time-sharing multiplexing single DDR
US20230315448A1 (en) * 2022-03-30 2023-10-05 Infineon Technologies Ag Flexible support for device emulation and bank swapping

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0411805A2 (en) * 1989-08-01 1991-02-06 Digital Equipment Corporation Bulk memory transfer during resync
EP0752656A2 (en) * 1992-12-17 1997-01-08 Tandem Computers Incorporated Fail-fast, fail-functional, fault-tolerant multiprocessor system
EP0817053A1 (en) * 1996-07-01 1998-01-07 Sun Microsystems, Inc. Memory management in fault tolerant computer systems

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4503535A (en) * 1982-06-30 1985-03-05 Intel Corporation Apparatus for recovery from failures in a multiprocessing system
US4916704A (en) * 1987-09-04 1990-04-10 Digital Equipment Corporation Interface of non-fault tolerant components to fault tolerant system
EP0306211A3 (en) * 1987-09-04 1990-09-26 Digital Equipment Corporation Synchronized twin computer system
US5551035A (en) * 1989-06-30 1996-08-27 Lucent Technologies Inc. Method and apparatus for inter-object communication in an object-oriented program controlled system
US5412788A (en) * 1992-04-16 1995-05-02 Digital Equipment Corporation Memory bank management and arbitration in multiprocessor computer system
US5301283A (en) * 1992-04-16 1994-04-05 Digital Equipment Corporation Dynamic arbitration for system bus control in multiprocessor data processing system
GB2268817B (en) * 1992-07-17 1996-05-01 Integrated Micro Products Ltd A fault-tolerant computer system
US5539345A (en) * 1992-12-30 1996-07-23 Digital Equipment Corporation Phase detector apparatus
US5809340A (en) * 1993-04-30 1998-09-15 Packard Bell Nec Adaptively generating timing signals for access to various memory devices based on stored profiles
US6311286B1 (en) * 1993-04-30 2001-10-30 Nec Corporation Symmetric multiprocessing system with unified environment and distributed system functions
EP0731945B1 (en) * 1993-12-01 2000-05-17 Marathon Technologies Corporation Fault resilient/fault tolerant computing
US5586253A (en) * 1994-12-15 1996-12-17 Stratus Computer Method and apparatus for validating I/O addresses in a fault-tolerant computer system
EP0727728A1 (en) * 1995-02-15 1996-08-21 International Business Machines Corporation Computer system power management
AU5368696A (en) * 1995-03-22 1996-10-08 Ast Research, Inc. Rule-based dram controller
TW320701B (en) * 1996-05-16 1997-11-21 Resilience Corp
US5915082A (en) * 1996-06-07 1999-06-22 Lockheed Martin Corporation Error detection and fault isolation for lockstep processor systems
US5844856A (en) * 1996-06-19 1998-12-01 Cirrus Logic, Inc. Dual port memories and systems and methods using the same
US6173351B1 (en) * 1998-06-15 2001-01-09 Sun Microsystems, Inc. Multi-processor system bridge
US6148348A (en) * 1998-06-15 2000-11-14 Sun Microsystems, Inc. Bridge interfacing two processing sets operating in a lockstep mode and having a posted write buffer storing write operations upon detection of a lockstep error

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0411805A2 (en) * 1989-08-01 1991-02-06 Digital Equipment Corporation Bulk memory transfer during resync
EP0752656A2 (en) * 1992-12-17 1997-01-08 Tandem Computers Incorporated Fail-fast, fail-functional, fault-tolerant multiprocessor system
EP0817053A1 (en) * 1996-07-01 1998-01-07 Sun Microsystems, Inc. Memory management in fault tolerant computer systems

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2369692A (en) * 2000-11-29 2002-06-05 Sun Microsystems Inc A fault tolerant computer with a bridge allowing direct memory access (DMA) between main memories of duplicated processing sets
GB2369692B (en) * 2000-11-29 2002-10-16 Sun Microsystems Inc Processor state reintegration
GB2369691B (en) * 2000-11-29 2003-06-04 Sun Microsystems Inc Control logic for memory modification tracking
US6785777B2 (en) * 2000-11-29 2004-08-31 Sun Microsystems, Inc. Control logic for memory modification tracking with hierarchical dirty indicators
US6961826B2 (en) 2000-11-29 2005-11-01 Sun Microsystems, Inc. Processor state reintegration using bridge direct memory access controller
WO2007135490A1 (en) * 2006-05-24 2007-11-29 Freescale Semiconductor, Inc. Method and system for storing data from a plurality of processors

Also Published As

Publication number Publication date
DE69900947D1 (en) 2002-04-04
EP1086424B1 (en) 2002-02-27
DE69900916D1 (en) 2002-03-28
EP1090349B1 (en) 2002-02-20
WO1999066403A1 (en) 1999-12-23
DE69900947T2 (en) 2002-09-12
ATE213554T1 (en) 2002-03-15
ATE213850T1 (en) 2002-03-15
EP1090349A1 (en) 2001-04-11
JP2002518735A (en) 2002-06-25
JP2002518734A (en) 2002-06-25
EP1086424A1 (en) 2001-03-28
US6138198A (en) 2000-10-24
US6260159B1 (en) 2001-07-10
DE69900916T2 (en) 2002-08-29

Similar Documents

Publication Publication Date Title
EP1090349B1 (en) Processor bridge with dissimilar data registers
US6148348A (en) Bridge interfacing two processing sets operating in a lockstep mode and having a posted write buffer storing write operations upon detection of a lockstep error
US5991900A (en) Bus controller
EP1086425B1 (en) Direct memory access in a bridge for a multi-processor system
EP1088272B1 (en) Multi-processor system bridge
EP1090350B1 (en) Multi-processor system bridge with controlled access
US6141718A (en) Processor bridge with dissimilar data registers which is operable to disregard data differences for dissimilar data direct memory accesses
US6167477A (en) Computer system bridge employing a resource control mechanism with programmable registers to control resource allocation
US6785763B2 (en) Efficient memory modification tracking with hierarchical dirty indicators

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP KR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2000 555159

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 1999957102

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999957102

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1999957102

Country of ref document: EP