公开(公告)号：EP0433979A3

公开(公告)日：1993-05-26

申请号：EP90124582.9

申请日：1990-12-18

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Jewett, Douglas E. ,  Bereiter, Tom ,  Vetter, Brian ,  Banton, Randall G. ,  Cutts, Richard W., Jr. ,  Westbrook, Donald C. ,  Fey, Kyran W., Jr. ,  Pozdro, John ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Webster, Phil ,  Aldridge, Dave ,  Norwood, Peter C.

IPC: G06F11/18 ,  G06F11/20 ,  G06F11/14 ,  G06F1/12 ,  G06F1/30

CPC classification number: G06F11/181 ,  G06F1/12 ,  G06F1/30 ,  G06F11/0724 ,  G06F11/0793 ,  G06F11/1441 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2005 ,  G06F11/2007 ,  G06F11/2015 ,  G06F11/2056 ,  G06F11/22 ,  G06F11/2736 ,  G06F17/30238

Abstract: A computer system in a fault-tolerant configuration employs multiple identical CPUs executing the same instruction stream, with multiple, identical memory modules in the address space of the CPUs storing duplicates of the same data. The system detects faults in the CPUs and memory modules, and places a faulty unit offline while continuing to operate using the good units. The faulty unit can be replaced and reintegrated into the system without shutdown. The computer system employs a power supply system including a battery backup so that upon AC power failure the system can execute an orderly shutdown, saving state to disk. A restart procedure restores the state existing at the time of power failure if the AC power has been restored by the time the shutdown is completed. The system employs a pseudo-filesystem to dynamically manage the hardware components. A directory which appears as a standard, hierarchical directory in this filesystem contains a file for each component; each file maps to either a hardware component or a software module. The pseudo-filesystem hierarchy is determined during system initialization and is automatically updated whenever the software or hardware configuration changes. The pseudo-filesystem, called /config filesystem herein, is implemented as a Unix filesystem in the Unix filesystem switch. The multiple CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of others until all execute the function simultaneously; interrupts can be synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of identical (redundant) I/O processors, but only one is designated to actively control a given device; in case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown.

公开(公告)号：EP0681239A3

公开(公告)日：1996-01-24

申请号：EP95111006.3

申请日：1989-12-08

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W., Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/16 ,  G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

Abstract: This fault-tolerant computer system employs multiple (for example, three) identical CPUs executing the same instruction stream, with multiple (for example, two) memory modules which in their address space of the CPUs store duplicates of the same data. The CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of the others until all execute the respective function simultaneously. Interrupts are synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of redundant identical I/O processors, but only one is designated to actively control a given I/O device. In case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control.

公开(公告)号：EP0683456B1

公开(公告)日：1998-07-22

申请号：EP95111528.6

申请日：1990-12-18

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Webster, Phil ,  Aldridge, Dave ,  Norwood, Peter C. ,  Jewett, Douglas E. ,  Bereiter, Tom ,  Vetter, Brian ,  Banton, Randall G. ,  Cutts, Richard W., Jr. ,  Westbrook, Donald C.

IPC: G06F11/14

CPC classification number: G06F11/1441 ,  G06F11/2015 ,  G06F11/22

公开(公告)号：EP0433979A2

公开(公告)日：1991-06-26

申请号：EP90124582.9

申请日：1990-12-18

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Jewett, Douglas E. ,  Bereiter, Tom ,  Vetter, Brian ,  Banton, Randall G. ,  Cutts, Richard W., Jr. ,  Westbrook, Donald C. ,  Fey, Kyran W., Jr. ,  Pozdro, John ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Webster, Phil ,  Aldridge, Dave ,  Norwood, Peter C.

IPC: G06F11/18 ,  G06F11/20 ,  G06F11/14 ,  G06F1/12 ,  G06F1/30

CPC classification number: G06F11/181 ,  G06F1/12 ,  G06F1/30 ,  G06F11/0724 ,  G06F11/0793 ,  G06F11/1441 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2005 ,  G06F11/2007 ,  G06F11/2015 ,  G06F11/2056 ,  G06F11/22 ,  G06F11/2736 ,  G06F17/30238

Abstract: A computer system in a fault-tolerant configuration employs multiple identical CPUs executing the same instruction stream, with multiple, identical memory modules in the address space of the CPUs storing duplicates of the same data. The system detects faults in the CPUs and memory modules, and places a faulty unit offline while continuing to operate using the good units. The faulty unit can be replaced and reintegrated into the system without shutdown. The computer system employs a power supply system including a battery backup so that upon AC power failure the system can execute an orderly shutdown, saving state to disk. A restart procedure restores the state existing at the time of power failure if the AC power has been restored by the time the shutdown is completed. The system employs a pseudo-filesystem to dynamically manage the hardware components. A directory which appears as a standard, hierarchical directory in this filesystem contains a file for each component; each file maps to either a hardware component or a software module. The pseudo-filesystem hierarchy is determined during system initialization and is automatically updated whenever the software or hardware configuration changes. The pseudo-filesystem, called /config filesystem herein, is implemented as a Unix filesystem in the Unix filesystem switch. The multiple CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of others until all execute the function simultaneously; interrupts can be synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of identical (redundant) I/O processors, but only one is designated to actively control a given device; in case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown.

Abstract translation: 容错配置中的计算机系统使用执行相同指令流的多个相同的CPU，在存储相同数据的副本的CPU的地址空间中具有多个相同的存储器模块。 系统检测CPU和内存模块中的故障，并将故障单元脱机，同时继续使用良好的单元进行操作。 故障单元可以更换并重新集成到系统中，无需关闭。 计算机系统采用包括电池备份的电源系统，以便在交流电源故障时，系统可以执行有序关机，将状态保存到磁盘。 如果交流电源在关机完成时已经恢复，则重新起动程序将恢复停电时存在的状态。 该系统采用伪文件系统来动态管理硬件组件。 在这个文件系统中显示为标准的层次目录的目录包含每个组件的文件; 每个文件映射到硬件组件或软件模块。 伪文件系统层次结构在系统初始化期间确定，并且每当软件或硬件配置更改时自动更新。 伪文件系统（这里称为/ config文件系统）在Unix文件系统交换机中被实现为Unix文件系统。 多个CPU松动地同步，如通过检测诸如存储器引用的事件，并使其他任何CPU停止，直到所有执行功能同时执行; 中断可以通过确保所有CPU在其指令流中的相同点实现中断来同步。 通过单独的CPU到内存总线的内存引用在每个内存模块的三个独立端口上进行投票。 使用两个相同的I / O总线实现I / O功能，每个总线单独地仅耦合到一个存储器模块。 许多I / O处理器耦合到两个I / O总线。 I / O设备通过一对相同（冗余）I / O处理器访问，但只有一个被指定为主动控制给定的设备; 然而，在一个I / O处理器发生故障的情况下，I / O设备可以被另一个I / O设备访问，而不需要系统关闭。

公开(公告)号：EP0372579B1

公开(公告)日：1997-10-01

申请号：EP89122708.4

申请日：1989-12-08

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W., Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/16 ,  G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

公开(公告)号：EP0447577A1

公开(公告)日：1991-09-25

申请号：EP90105102.9

申请日：1990-03-19

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W. Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

Abstract: A computer system in a fault-tolerant configuration employs multiple identical CPUs executing the same instruction stream, with multiple, identical memory modules in the address space of the CPUs storing duplicates of the same data. The multiple CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of others until all execute the function simultaneously; interrupts can be synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of identical (redundant) I/O processors, but only one is designated to actively control a given device; in case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control.

Abstract translation: 容错配置中的计算机系统使用执行相同指令流的多个相同的CPU，在存储相同数据的副本的CPU的地址空间中具有多个相同的存储器模块。 多个CPU松动地同步，如通过检测诸如存储器引用的事件，并使其他任何CPU停止，直到所有执行功能同时执行; 中断可以通过确保所有CPU在其指令流中的相同点实现中断来同步。 通过单独的CPU到内存总线的内存引用在每个内存模块的三个独立端口上进行投票。 使用两个相同的I / O总线实现I / O功能，每个总线单独地仅耦合到一个存储器模块。 许多I / O处理器耦合到两个I / O总线。 I / O设备通过一对相同（冗余）I / O处理器访问，但只有一个被指定为主动控制给定的设备; 然而，在一个I / O处理器发生故障的情况下，I / O设备可以被另一个I / O设备访问，而不需要系统关闭，即仅在指令控制下重新指定I / O设备的寄存器的地址。

公开(公告)号：EP0683456A1

公开(公告)日：1995-11-22

申请号：EP95111528.6

申请日：1990-12-18

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Webster, Phil ,  Aldridge, Dave ,  Norwood, Peter C. ,  Jewett, Douglas E. ,  Bereiter, Tom ,  Vetter, Brian ,  Banton, Randall G. ,  Cutts, Richard W., Jr. ,  Westbrook, Donald C.

IPC: G06F11/14

CPC classification number: G06F11/1441 ,  G06F11/2015 ,  G06F11/22

Abstract: Method of operating a computer system comprises the steps of: executing code by a CPU from memory, including page swapping from said memory and file access to non-volatile storage, in normal operation; detecting a failure of a power supply for said system and initiating a shutdown process in response thereto, said shutdown process including switching to backup power; said shutdown procedure including storing the state of said computer system including the state of processes being executed, in said non-volatile storage; after completing said shutdown procedure, if said power supply has been restored, initiating a restart procedure; said restart procedure including reading said stored state from said non-volatile storage and restarting said processes and continuing execution without rebooting; or, if said power supply has not been restored, shutting down said backup power and ceasing execution by said CPU.

Abstract translation: 操作计算机系统的方法包括以下步骤：在正常操作中，从存储器执行代码，包括从所述存储器进行页面交换和对非易失性存储器的文件访问; 检测所述系统的电源的故障并响应于此而启动关机处理，所述关机处理包括切换到备用电源; 所述关闭过程包括将包括正在执行的进程状态的所述计算机系统的状态存储在所述非易失性存储器中; 在完成所述关闭程序之后，如果所述电源已经恢复，则启动重启程序; 所述重新启动过程包括从所述非易失性存储器读取所述存储状态并重新启动所述进程并继续执行而不重新启动; 或者如果所述电源尚未恢复，则关闭所述备用电源并停止所述CPU的执行。

公开(公告)号：EP0681239A2

公开(公告)日：1995-11-08

申请号：EP95111006.3

申请日：1989-12-08

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W., Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/16 ,  G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

Abstract: This fault-tolerant computer system employs multiple (for example, three) identical CPUs executing the same instruction stream, with multiple (for example, two) memory modules which in their address space of the CPUs store duplicates of the same data. The CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of the others until all execute the respective function simultaneously. Interrupts are synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of redundant identical I/O processors, but only one is designated to actively control a given I/O device. In case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control.

Abstract translation: 该容错计算机系统使用执行相同指令流的多个（例如，三个）相同的CPU，其中多个（例如，两个）存储器模块在其CPU的地址空间中存储相同数据的重复。 CPU通过检测诸如存储器引用的事件和使其他CPU之前的任何CPU停止直到所有执行相应的功能同时被松动地同步。 中断通过确保所有CPU在其指令流中的相同点实现中断来实现同步。 通过单独的CPU到内存总线的内存引用在每个内存模块的三个独立端口上进行投票。 使用两个相同的I / O总线实现I / O功能，每个总线单独地仅耦合到一个存储器模块。 许多I / O处理器耦合到两个I / O总线。 通过一对冗余相同的I / O处理器访问I / O设备，但只有一个被指定为主动控制给定的I / O设备。 然而，在一个I / O处理器发生故障的情况下，I / O设备可以被另一个I / O设备访问，而不需要系统关闭，即仅通过在指令控制下重新指定I / O设备的寄存器的地址。

公开(公告)号：EP0372579A3

公开(公告)日：1991-07-24

申请号：EP89122708.4

申请日：1989-12-08

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W., Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/16 ,  G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

Abstract: A computer system in a fault-tolerant configuration employs multiple identical CPUs executing the same instruction stream, with multiple, identical memory modules in the address space of the CPUs storing duplicates of the same data. The multiple CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of others until all execute the function simultaneously; interrupts can be synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of identical (redundant) I/O processors, but only one is designated to actively control a given device; in case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control.

公开(公告)号：EP0372579A2

公开(公告)日：1990-06-13

申请号：EP89122708.4

申请日：1989-12-08

Applicant: TANDEM COMPUTERS INCORPORATED

Inventor： Cutts, Richard W., Jr. ,  Banton, Randall G. ,  Jewett, Douglas E. ,  Norwood, Peter C. ,  Debacker, Kenneth C. ,  Mehta, Nikhil A. ,  Allison, John David ,  Horst, Robert W.

IPC: G06F11/16 ,  G06F11/18

CPC classification number: G06F9/3863 ,  G06F9/3824 ,  G06F9/3851 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0757 ,  G06F11/1008 ,  G06F11/1405 ,  G06F11/1415 ,  G06F11/1641 ,  G06F11/1658 ,  G06F11/1666 ,  G06F11/1679 ,  G06F11/1683 ,  G06F11/1687 ,  G06F11/1691 ,  G06F11/18 ,  G06F11/181 ,  G06F11/182 ,  G06F11/184 ,  G06F11/185 ,  G06F11/20 ,  G06F11/2015 ,  G06F11/2017 ,  G06F2201/85 ,  G11C29/74

Abstract: A computer system in a fault-tolerant configuration employs multiple identical CPUs executing the same instruction stream, with multiple, identical memory modules in the address space of the CPUs storing duplicates of the same data. The multiple CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of others until all execute the function simultaneously; interrupts can be synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of identical (redundant) I/O processors, but only one is designated to actively control a given device; in case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control.

Abstract translation: 容错配置中的计算机系统使用执行相同指令流的多个相同的CPU，在存储相同数据的副本的CPU的地址空间中具有多个相同的存储器模块。 多个CPU松动地同步，如通过检测诸如内存引用的事件，并阻止其他任何CPU之前的事件，直到所有同时执行该功能; 中断可以通过确保所有CPU在其指令流中的相同点实现中断来同步。 通过单独的CPU到内存总线的内存引用在每个内存模块的三个独立端口上进行投票。 使用两个相同的I / O总线实现I / O功能，每个总线单独地仅耦合到一个存储器模块。 许多I / O处理器耦合到两个I / O总线。 I / O设备通过一对相同（冗余）I / O处理器访问，但只有一个被指定为主动控制给定的设备; 然而，在一个I / O处理器发生故障的情况下，I / O设备可以被另一个I / O设备访问，而不需要系统关闭，即仅在指令控制下重新指定I / O设备的寄存器的地址。