Friday, December 15, 2006

Software Anti-interference

大多數工程製品,零件會變髒、磨損,精密度不如目錄所示。數位電腦是當中的異數,它沒有前述問題,至少它的位元或位元組功能,完全符合廣告宣稱的--當數位混入類比,一切似乎又要跌回原形……

以機器人來說,它有感測器(sensor)得知類比世界的訊息,訊息處理後,又要餵控制訊號給類比世界的致動器(actuator)。撇開外界原本就混雜各式干擾不說,所使用的致動器,往往就是馬達,其本身是高負載,開關高負載會嚴重干擾控制電路(如果共用電源的話),馬達運轉時,尤其是電刷部份,也會持續產生雜訊。這些雜訊除了會影響感測電路及控制訊號外,有時 uC 本身也會因為這些干擾而錯亂。

為了維持機器正常運作,除了硬體設計時把雜訊納入考量外,軟體也不可坐以待斃。以下整理一些簡單、低階的軟體抗雜訊手段:

  • 對輸入訊號濾波
  • 資料冗餘與查驗(data redundance and verification)
    • Majority, voting
    • Cyclic Redundancy Checks, CRC
    • Error Correction Codes, ECC
  • 程式自我測試(program self-testing)
    • Applies CRC/ECC to code section
    • Sets and checks the function ID
  • Action Redundance
    • Instruction repeating
    • Prefers pollings to interrupts
  • Watchdog -- where to kick the dog?
    • Super-loop architecture
      • "Watchdog timers are most effective in cyclic systems where the watchdog is tickled each time through the loop."
      • ref. "Solving the Software Safety Paradox"
      • "One approach is to clear a number of flags before each loop is started, as shown in Figure 2 . Each flag is set at a certain point in the loop. At the bottom of the loop the dog is kicked, but first the flags are checked to see that all of the important points in the loop have been visited. ...For a specific failure, it is often a good idea to try to record the cause (possibly in NVRAM), since it may be difficult to establish the cause after the reset."
      • ref. "Watchdog Timers"
    • RTOS architecture
      • "Watchdogs are somewhat more difficult to implement in multitasking systems due to their non-determinism. I've seen some multitasking systems that use an interrupt to tickle the watchdog. ... If all the tasks were blocked and unable to run, the interrupt method would continue to service the watchdog and the reset would never occur."
      • "A better solution is to use a separate monitor task that not only tickles the watchdog, but monitors the other system tasks as well. for example, a task that must run at least once per second could increment a counter. The monitor task reads the counter and “safes” the system if the task counter stops incrementing at the expected rate. if the monitor task was blocked, it would not tickle the watchdog and the system would reset."
      • ref. "Solving the Software Safety Paradox"
      • "This scheme uses a task dedicated to the watchdog. This task wakes up at a regular interval and checks the sanity of all other tasks in the system. If all tasks pass the test, the watchdog is kicked. The watchdog monitor task runs at a higher priority than the tasks it is monitoring."
      • ref. "Watchdog Timers"
    • Time-triggered architecture
      • "Start the watchdog in the scheduler Start function"
      • "Refresh the watchdog in the scheduler Update function" (called in the timer ISR)
      • ref. "Patterns for Time-Triggered Embedded Systems", p274
      • 在 Update function 踹狗的主因是每個 task 每次都要在 tick interval 內執行完畢,才能確保這種 co-operative 架構執行的正確性和可預測性。
      • 如果改成在 Task-Dispaching function 內踹狗,那就退化成 super-loop 架構的作法了。
      • 如果改以獨立的 monitor task ,固定時間踹狗,就類似 RTOS 架構的作法了。

一言蔽之,這些泰半是些「積『非』成『是』」的方法 :)

建議文選:

Tags: [] [] []

1 comments:

York said...

關於嵌入式系統的抗干擾,無論是軟體或硬體的,匠人百寶箱的〈電磁兼容與抗干擾設計相關文章〉裡有一系列討論,很值得參考。