Power-Fail
SAFE is a 100% powerfail safe system.
Why is it needed?
Embedded
devices do not have the luxury of sophisticated disk recovery programs
as PC comaptible devices do. If your embedded devices file system gets
corrupted because an erase or write operation is unexpectedly
terminated what will happen to the system - lost sectors? - lost the
whole device? - how do you repair it? Robust is not enough in many
cases - the system should be designed to restore your file system from
whatever point it failed. This is SAFE file system!!
How is it done?
The
basic method of operation is quite simple - a complete new file system
must be available for use before any information is erased. In this
way, if the worst happens the system can be rebuilt either in its
pre-write form (as if the write had never started) or with the new
modifications included. This is not possible to guarantee with a DOS
compatible file system (hence the prevalence of disk recovery software)
and with many other file systems.
While the concept is relatively simple an efficient
implementation with flash devices which require sectors to be erased
before writing is definitely complex. Write and erase times can be
relatively long on flash devices and it is extremely important to
ensure the number of these operations is minimised. We believe our
write/erase performance per sector written is second to none for a 100%
power-fail system and indeed with systems that are not power-fail safe.
How is it Verified?
The main method of
verification is through PC simulation of the file system where
thousands of test cases can be run relatively easily - running the
standard source code with simulated NOR and/or NAND flash devices. The
code is then stopped at random or at selected points and it is checked
that the system reliably restarts and that no data is lost.
Further testing has been done with real NOR and NAND
flash arrays by repeatedly breakpointing the code at any point - then
restarting the system and verifying that the operation is correct and
no data has been lost to the system.
HCC have also had several of our customers try to break
the system but to HCC's pleasure (and we hope their customers'
pleasure) they have failed.
Performance
SAFE is a high performance solution.
Flash
devices have special characteristics - in particular their write and
erase times may be comparatively long. Further to this devices suffer
from wear - repeated use of areas can lead to bad blocks developing.
SAFE is a highly crafted system designed to make the
most efficient use of the underlying flash devices. It does not use a
flash translation layer - instead it works directly with its knowledge
of the device/s to give an efficient solution. In particular a
sophisticated write caching-system has been developed such that only
changes to the file descriptor tables are stored in flash - allowing
many updates to be performed with an absolute minimum of flash chip
usage.
This is all done while preserving the 100% power-fail resilience of the system!
Algorithms
are also provided to support the use of Erase Suspend/Resume so that
blocks that are known to be erasable are erased by an interruptible
thread. Additonally logic is included to select pre-erased blocks
preferentially while still maintaining efficient wear algorithms.
There are many algorithms employed to execute as
efficiently as possible without over using the flash - these are done
because of the file systems direct knowledge of the erase/write
structure of the attached devices.
SAFE has been extensively tested with embedded
database's and optimised during testing with these to ensure high
performance in the most difficult application environments.
NOR Flash
SAFE is designed to support all types of standard NOR flash.
General
NOR
flash is one of the base building blocks of most embedded systems. It
contains non-volatile storage of data and code for systems and is
characterised by having storage that can only be written to if
previously erased and erasable blocks with relatively long erase times.
Wear-leveling
Flash devices suffer from
over-use - if a particular block is used beyond the manufacturer's
specification the block may eventually develop errors. To combat this
wear-level algorithms are implemented which ensure an even usage of the
blocks. In addition the method of recording changes to the file
descriptors ensures that the minimum of writing is done.
Bad-Block Management
Bad blocks may develop in a device over time. These are automatically detected and are paged out of the file system.
Reserved Sectors
Often
developers require that sections of their flash device are reserved for
a particular purpose outside of the file system. This is achieved by
specifying in the driver which of the available blocks are for
"private" use. The user can still use the standard low-level
read/write/erase routines for accessing these blocks.
Flash Arrays
Often it is useful to use
multiple flash devices in a system either in parallel - to widen the
data bus and acheive higher performance, or in series to increase
storage size. This behaviour is fully supported by the system and
relies only on configuration changes to the drivers.
Sample Drivers
Provided with the system
is a range of sample drivers for various flash devices from different
manufacturers. The sample drivers are carefully documented in the
Developer's guide to allow easy porting to wahtever chip/hardware
configuration is required.
Devices Supported
There are literally
thousands of NOR flash devices available all with slightly different
characteristics while retaining the same base properties. The system
supports all known manufacturers devices including:
- AMD/Fujutsi/Spansion flash chips including MirrorBit technology and partnumber 29xxxxxxx
- Intel StrataFlash
- Atmel devices including the small memory devices
- Sharp
- SST including 25 and 39 series
- Toshiba
Sample drivers are provided for a number of these devices.
NAND Flash
SAFE is designed to support all types of standard NAND flash.
General
NAND
flash is a relatively new flash technology designed to store large
amounts of non-volatile data at reduced cost. It is characterised by
having storage that can only be written to if previously erased - these
blocks erase quicker than on NOR flash but is still quite long. Other
features that differentiate it from NOR flash are that it is often
shipped with a number of bad-blocks and their reliability is much
increased if all single bit errors are detected and fixed.
Wear-leveling
Flash devices suffer from
over-use - if a particular block is used beyond the manufacturer's
specification the block may eventually develop errors. To combat this
wear-level algorithms are implemented which ensure an even usage of the
blocks. In addition the method of recording changes to the file
descriptors ensures that the minimum of writing is done.
Bad-Block Management
Bad blocks may
exist on a new device and also develop in a device over time. These are
automatically detected and are paged out of the file system.
ECC Algoritms
A highly efficient ECC
algorithm is provided with the system. This may be implemented either
in hardware or software. The algorithm automatically corrects all
single bit errors- thus substantially increasing the relaibility of the
devices.
Reserved Sectors
Developers sometimes
require that sections of their flash device are reserved for a
particular purpose outside of the file system. This is achieved by
specifying in the driver which of the available blocks are for
"private" use. The user can still use the standard low-level
read/write/erase routines for accessing these blocks.
Flash Arrays
Often it is useful to use
multiple flash devices in a system either in parallel - to widen the
data bus and acheive higher performance, or in series to increase
storage size. This behaviour is fully supported by the system and
relies only on configuration changes to the drivers.
Sample Drivers
Provided with the system
is a range of sample drivers for various flash devices from different
manufacturers. The sample drivers are carefully documented in the
Developer's guide to allow easy porting to whatever chip/hardware
configuration is required.
Devices Supported
There are many
different NAND flash devices available all with slightly different
characteristics while retaining the same base properties. The system
supports all known manufacturers devices including:
- Samsung
- Hitachi
- Toshiba
- Micron
- ST Micro
Sample drivers are provided for Samsung, ST, and Micron devices
Atmel DataFlash®
SAFE supports all types of Atmel DataFlash
Introduction
These
devices have special characteristics which makes them difficult to use
in a reliable and failsafe way. In particular if the pages in a sector
are written to 10k times then the system must ensure that all pages in
that sector have been rewritten during that period. Additonally, a
simple copy erase and copyback mechanism is unreliable because if power
is lost during this process a random page of data may be lost from the
system. HCC have provided a reliable and failsafe driver which manages
these issues and ensures that these devices can be used in a reliable
file system.
Wear-leveling
Flash devices suffer from
over-use - if a particular block is used beyond the manufacturer's
specification the block may eventually develop errors. To combat this
wear-level algorithms are implemented which ensure an even usage of the
blocks. In addition the method of recording changes to the file
descriptors ensures that the minimum of writing is done.
Reserved Sectors
Developers sometimes
require that sections of their flash device are reserved for a
particular purpose outside of the file system. This is achieved by
specifying in the driver which of the available blocks are for
"private" use. The user can still use the standard low-level
read/write/erase routines for accessing these blocks.
SPI Sample Drivers
Provided with the
system is a simlpe SPI driver which is the only part which must be
ported to the target. The Developer's guide exlains the steps to allow
easy porting
Devices Supported
All Atmel Dataflash types are supported:
- AT45DB011B
- AT45DB021B
- AT45DB041B
- AT45DB081B
- AT45DB161B
- AT45DB161D
- AT45DB321B
- AT45DB642
- AT45DB642B
- AT45DB642D (including both page modes)
The specific DataFlash device type may be selected through a definition in the driver.
Other Devices
SAFE has a flexible architecture and is suitable for using with any device where guaranteed reliability is required.
The
interface between the drivers and the file system is clearly defined -
any device which can provide a block architecture with read, write and
erase sector functions can be integrated. The driver must supply to the
file system a logical description of the blocks which may be used. The
developer's guide gives detailed information to the required interface
functions and in addition a RAM drive is supplied which may act as a
useful starting point or reference .
Porting
SAFE
is designed to be very portable. It is tested on several commercial
RTOSs and also in a stand-alone system without an RTOS. We are not
aware of any RTOS it cannot easily be ported to.
All
the code is supplied in ANSI compliant 'C', is built on 4 different
development environments and run through a syntax checker to ensure the
highest level of compatibility.
Also supplied with the system is sample application code
for easy exercise of the system - and sample drivers for different
media types with clear reference to their hardware dependencies.
The Developer's Guide gives detailed information on all
aspects of porting and indicates clearly the areas which may need to be
modified for a particular host system. In particular, the host system
may provide:
- real time clock for time/date information - necessary if time/date information is to be stored with files written.
- semaphores for mutual exclusion - only required in a pre-emptive system.
Sample
driver files for a variety of devices are provided with detailed
guidance as to how to modify them for different configurations.
HCC is also experienced to provide customised design and development work for your specific project.
Standard File API
General File System Functions |
| f_getversion |
Get File System Version Number |
| f_init |
Initialize File System |
| f_staticwear |
Execute Static Wear |
Drive Functions
|
| fs_mountdrive |
Mount a Drive |
| f_format |
Format a Drive |
| f_getfreespace |
Get Usage Information From a Drive |
| f_getdrive |
Get Current Drive Number |
| f_chdrive |
Change Current Drive |
Directory Functions
|
| f_getcwd |
Get Current Working Directory |
| f_getdcwd |
Get a Drives' Current Working Directory |
| f_mkdir |
Make a Directory |
| f_chdir |
Change Directory |
| f_rmdir |
Remove a Directory |
File Access Functions
|
| f_open |
Open a File |
| f_close |
Close a File |
| f_flush |
Flush a File to Flash |
| f_write |
Write ro a File |
| f_read |
Read from a File |
| f_seek |
Set Position in a File |
| f_tell |
Get Current File Position |
| f_eof |
Check if at End of File |
| f_rewind |
Move to Start of File |
| f_putc |
Put a Character to a File |
| f_getc |
Get a Character from a File |
| f_truncate |
Truncates a File |
File Control Functions
|
| f_rename |
Rename a File of Directory |
| f_move |
Moves a File of Directory |
| f_delete |
Delete a File or Directory |
| f_filelength |
get the Current Length of a File |
| f_findfirst |
Find a File or Directory in the Specified Path |
| f_findnext |
Find Next File or Directory in the Specified Path |
| f_settimedate |
Set the Time and Date on a File or Directory |
| f_gettimedate |
Get the Time and Date from a File or Directory |
| f_setpermission |
Set the Permissions on a File or Directory |
| f_getpermission |
Get the Permissions from a File or Directory |
Note: Although these functions have standard call formats, their names have
been prefixed differently to the standard file function definitions to
avoid compiler warnings and conflicts when working on systems with
another standard API installed. The developer can change these names
using defines. |
Unified API
Unified API for the SAFE and FAT file systems
For
developers who require failsafe access to their NOR and NAND targeted
filesystems (SAFE) and access to their PC compatible devices (FAT) we
provide a Unified API.
The Unified API allows both file systems to be accessed
through a single interface - seemlessly giving all the advantages of
the failsafe system and the PC compatible system. The two systems work
entirely independently and a wrapper layer is provided to manage all
file system calls. This ensures that neither system's performance is
influenced by the alternate system.
The Unified API is provided free of charge to customers using both the FAT and SAFE file systems on a product
