HCC-Embedded SAFE FS
Local Menu
IXXAT Platinum Partner
You are here: ".$breadcrumb->show_breadcrumb().""; ?>

SAFE File System

SAFE was designed from the ground up to be a high performance, 100% failsafe file system for embedded applications. It can be used with all NOR and NAND flash types as well as any media that can simulate a block-structured array. SAFE is designed to be very portable - it integrates easily with any RTOS and is proven with many. The file API is entirely standard, and the low-level interface is abstracted to the simplest possible porting layer. SAFE is used by hundreds of companies worldwide, in all industries, to bring an extra level of reliability and performance to their embedded systems.

Fail Safety

SAFE is designed to handle unexpected resets of the system, in such a way that the file system always remains in a consistent state. It does not require complex error recovery. At all times a file is in a state consistent with its meta-data, and when a file is flushed or closed it is atomically switched into its new state. Even complex operations such as seeking back into a file are handled safely and efficiently using a process that mirrors sectors with changed elements. There is never a need to worry about data consistency, or to invoke complex error recovery; the system is always consistent.

Supported Devices

SAFE supports a very extensive range of devices, including NOR flash, NAND flash, SD cards and DataFlash. To our knowledge all flash devices can be used with SAFE. It may be that a small amount of low-level porting is required for a particular new device, but typically this effort amounts to only a few hours’ work. The SAFE User’s Guide contains extensive sections on porting. Standard File API The SAFE API is standard and will be familiar immediately to a typical user. These routines allow easy initialization and management of files and directories, with complete wild card support. Applications written for other platforms can use SAFE without modification.

Key features

  • 100% Power Fail Safe
  • Long Filenames
  • Multiple Volumes
  • Directory Handling
  • Multiple simultaneous files open
  • Unicode16 support
  • Mix of media types
  • Erase Suspend/Resume
  • Wear-Leveling (Static and Dynamic)
  • ECC algorithms
  • Bad Block handling
  • Standard File API
  • Reserved Sectors
  • ANSI C compliant C source
  • Sample Application code
  • Sample Drivers for several NOR and NAND devices
  • Detailed Implementation Guide

Without Tabs >>>
  • Power Fail
  • Performance
  • NOR Flash
  • NAND Flash
  • Atmel DataFlash
  • Other Devices
  • Porting
  • Standard API
  • Unified API

Power-Fail

SAFE is a 100% powerfail safe system.
Why is it needed?

Embedded devices do not have the luxury of sophisticated disk recovery programs as PC comaptible devices do. If your embedded devices file system gets corrupted because an erase or write operation is unexpectedly terminated what will happen to the system - lost sectors? - lost the whole device? - how do you repair it? Robust is not enough in many cases - the system should be designed to restore your file system from whatever point it failed. This is SAFE file system!!

How is it done?

The basic method of operation is quite simple - a complete new file system must be available for use before any information is erased. In this way, if the worst happens the system can be rebuilt either in its pre-write form (as if the write had never started) or with the new modifications included. This is not possible to guarantee with a DOS compatible file system (hence the prevalence of disk recovery software) and with many other file systems.

While the concept is relatively simple an efficient implementation with flash devices which require sectors to be erased before writing is definitely complex. Write and erase times can be relatively long on flash devices and it is extremely important to ensure the number of these operations is minimised. We believe our write/erase performance per sector written is second to none for a 100% power-fail system and indeed with systems that are not power-fail safe.

How is it Verified?

The main method of verification is through PC simulation of the file system where thousands of test cases can be run relatively easily - running the standard source code with simulated NOR and/or NAND flash devices. The code is then stopped at random or at selected points and it is checked that the system reliably restarts and that no data is lost.

Further testing has been done with real NOR and NAND flash arrays by repeatedly breakpointing the code at any point - then restarting the system and verifying that the operation is correct and no data has been lost to the system.

HCC have also had several of our customers try to break the system but to HCC's pleasure (and we hope their customers' pleasure) they have failed.

Performance

SAFE is a high performance solution.

Flash devices have special characteristics - in particular their write and erase times may be comparatively long. Further to this devices suffer from wear - repeated use of areas can lead to bad blocks developing.

SAFE is a highly crafted system designed to make the most efficient use of the underlying flash devices. It does not use a flash translation layer - instead it works directly with its knowledge of the device/s to give an efficient solution. In particular a sophisticated write caching-system has been developed such that only changes to the file descriptor tables are stored in flash - allowing many updates to be performed with an absolute minimum of flash chip usage.

This is all done while preserving the 100% power-fail resilience of the system!

Algorithms are also provided to support the use of Erase Suspend/Resume so that blocks that are known to be erasable are erased by an interruptible thread. Additonally logic is included to select pre-erased blocks preferentially while still maintaining efficient wear algorithms.

There are many algorithms employed to execute as efficiently as possible without over using the flash - these are done because of the file systems direct knowledge of the erase/write structure of the attached devices.

SAFE has been extensively tested with embedded database's and optimised during testing with these to ensure high performance in the most difficult application environments.

NOR Flash

SAFE is designed to support all types of standard NOR flash.

General

NOR flash is one of the base building blocks of most embedded systems. It contains non-volatile storage of data and code for systems and is characterised by having storage that can only be written to if previously erased and erasable blocks with relatively long erase times.

Wear-leveling

Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.

Bad-Block Management

Bad blocks may develop in a device over time. These are automatically detected and are paged out of the file system.

Reserved Sectors

Often developers require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.

Flash Arrays

Often it is useful to use multiple flash devices in a system either in parallel - to widen the data bus and acheive higher performance, or in series to increase storage size. This behaviour is fully supported by the system and relies only on configuration changes to the drivers.

Sample Drivers

Provided with the system is a range of sample drivers for various flash devices from different manufacturers. The sample drivers are carefully documented in the Developer's guide to allow easy porting to wahtever chip/hardware configuration is required.

Devices Supported

There are literally thousands of NOR flash devices available all with slightly different characteristics while retaining the same base properties. The system supports all known manufacturers devices including:

  • AMD/Fujutsi/Spansion flash chips including MirrorBit technology and partnumber 29xxxxxxx
  • Intel StrataFlash
  • Atmel devices including the small memory devices
  • Sharp
  • SST including 25 and 39 series
  • Toshiba

Sample drivers are provided for a number of these devices.

NAND Flash

SAFE is designed to support all types of standard NAND flash.

General

NAND flash is a relatively new flash technology designed to store large amounts of non-volatile data at reduced cost. It is characterised by having storage that can only be written to if previously erased - these blocks erase quicker than on NOR flash but is still quite long. Other features that differentiate it from NOR flash are that it is often shipped with a number of bad-blocks and their reliability is much increased if all single bit errors are detected and fixed.

Wear-leveling

Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.

Bad-Block Management

Bad blocks may exist on a new device and also develop in a device over time. These are automatically detected and are paged out of the file system.

ECC Algoritms

A highly efficient ECC algorithm is provided with the system. This may be implemented either in hardware or software. The algorithm automatically corrects all single bit errors- thus substantially increasing the relaibility of the devices.

Reserved Sectors

Developers sometimes require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.

Flash Arrays

Often it is useful to use multiple flash devices in a system either in parallel - to widen the data bus and acheive higher performance, or in series to increase storage size. This behaviour is fully supported by the system and relies only on configuration changes to the drivers.

Sample Drivers

Provided with the system is a range of sample drivers for various flash devices from different manufacturers. The sample drivers are carefully documented in the Developer's guide to allow easy porting to whatever chip/hardware configuration is required.

Devices Supported

There are many different NAND flash devices available all with slightly different characteristics while retaining the same base properties. The system supports all known manufacturers devices including:

  • Samsung
  • Hitachi
  • Toshiba
  • Micron
  • ST Micro

Sample drivers are provided for Samsung, ST, and Micron devices

Atmel DataFlash®

SAFE supports all types of Atmel DataFlash

Introduction

These devices have special characteristics which makes them difficult to use in a reliable and failsafe way. In particular if the pages in a sector are written to 10k times then the system must ensure that all pages in that sector have been rewritten during that period. Additonally, a simple copy erase and copyback mechanism is unreliable because if power is lost during this process a random page of data may be lost from the system. HCC have provided a reliable and failsafe driver which manages these issues and ensures that these devices can be used in a reliable file system.

Wear-leveling

Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.

Reserved Sectors

Developers sometimes require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.

SPI Sample Drivers

Provided with the system is a simlpe SPI driver which is the only part which must be ported to the target. The Developer's guide exlains the steps to allow easy porting

Devices Supported

All Atmel Dataflash types are supported:

  • AT45DB011B
  • AT45DB021B
  • AT45DB041B
  • AT45DB081B
  • AT45DB161B
  • AT45DB161D
  • AT45DB321B
  • AT45DB642
  • AT45DB642B
  • AT45DB642D (including both page modes)

The specific DataFlash device type may be selected through a definition in the driver.

Other Devices

SAFE has a flexible architecture and is suitable for using with any device where guaranteed reliability is required.

The interface between the drivers and the file system is clearly defined - any device which can provide a block architecture with read, write and erase sector functions can be integrated. The driver must supply to the file system a logical description of the blocks which may be used. The developer's guide gives detailed information to the required interface functions and in addition a RAM drive is supplied which may act as a useful starting point or reference .

Porting

SAFE is designed to be very portable. It is tested on several commercial RTOSs and also in a stand-alone system without an RTOS. We are not aware of any RTOS it cannot easily be ported to.

All the code is supplied in ANSI compliant 'C', is built on 4 different development environments and run through a syntax checker to ensure the highest level of compatibility.

Also supplied with the system is sample application code for easy exercise of the system - and sample drivers for different media types with clear reference to their hardware dependencies.

The Developer's Guide gives detailed information on all aspects of porting and indicates clearly the areas which may need to be modified for a particular host system. In particular, the host system may provide:

  • real time clock for time/date information - necessary if time/date information is to be stored with files written.
  • semaphores for mutual exclusion - only required in a pre-emptive system.

Sample driver files for a variety of devices are provided with detailed guidance as to how to modify them for different configurations.

HCC is also experienced to provide customised design and development work for your specific project.

Standard File API

General File System Functions
f_getversion Get File System Version Number
f_init Initialize File System
f_staticwear Execute Static Wear

Drive Functions
fs_mountdrive Mount a Drive
f_format Format a Drive
f_getfreespace Get Usage Information From a Drive
f_getdrive Get Current Drive Number
f_chdrive Change Current Drive

Directory Functions
f_getcwd Get Current Working Directory
f_getdcwd Get a Drives' Current Working Directory
f_mkdir Make a Directory
f_chdir Change Directory
f_rmdir Remove a Directory

File Access Functions
f_open Open a File
f_close Close a File
f_flush Flush a File to Flash
f_write Write ro a File
f_read Read from a File
f_seek Set Position in a File
f_tell Get Current File Position
f_eof Check if at End of File
f_rewind Move to Start of File
f_putc Put a Character to a File
f_getc Get a Character from a File
f_truncate Truncates a File

File Control Functions
f_rename Rename a File of Directory
f_move Moves a File of Directory
f_delete Delete a File or Directory
f_filelength get the Current Length of a File
f_findfirst Find a File or Directory in the Specified Path
f_findnext Find Next File or Directory in the Specified Path
f_settimedate Set the Time and Date on a File or Directory
f_gettimedate Get the Time and Date from a File or Directory
f_setpermission Set the Permissions on a File or Directory
f_getpermission Get the Permissions from a File or Directory

Note: Although these functions have standard call formats, their names have been prefixed differently to the standard file function definitions to avoid compiler warnings and conflicts when working on systems with another standard API installed. The developer can change these names using defines.

Unified API

Unified API for the SAFE and FAT file systems

For developers who require failsafe access to their NOR and NAND targeted filesystems (SAFE) and access to their PC compatible devices (FAT) we provide a Unified API.

The Unified API allows both file systems to be accessed through a single interface - seemlessly giving all the advantages of the failsafe system and the PC compatible system. The two systems work entirely independently and a wrapper layer is provided to manage all file system calls. This ensures that neither system's performance is influenced by the alternate system.

The Unified API is provided free of charge to customers using both the FAT and SAFE file systems on a product