SAFE File System
SAFE is a file system targeted at embedded devices which use NOR or NAND type flash devices that require a high degree of reliability. The system is completely protected against unexpected power-failure or reset.
The system is designed for the easy integration and configuration of new chip types. HCC gives free consultancy for adding new device types or modifying existing ones. Also available is hardware reference design information.
Power-Fail
SAFE is a 100% powerfail safe system.
Why is it needed?
Embedded devices do not have the luxury of sophisticated disk recovery programs as PC comaptible devices do. If your embedded devices file system gets corrupted because an erase or write operation is unexpectedly terminated what will happen to the system - lost sectors? - lost the whole device? - how do you repair it? Robust is not enough in many cases - the system should be designed to restore your file system from whatever point it failed. This is SAFE file system!!
How is it done?
The basic method of operation is quite simple - a complete new file system must be available for use before any information is erased. In this way, if the worst happens the system can be rebuilt either in its pre-write form (as if the write had never started) or with the new modifications included. This is not possible to guarantee with a DOS compatible file system (hence the prevalence of disk recovery software) and with many other file systems.
While the concept is relatively simple an efficient implementation with flash devices which require sectors to be erased before writing is definitely complex. Write and erase times can be relatively long on flash devices and it is extremely important to ensure the number of these operations is minimised. We believe our write/erase performance per sector written is second to none for a 100% power-fail system and indeed with systems that are not power-fail safe.
How is it Verified?
The main method of verification is through PC simulation of the file system where thousands of test cases can be run relatively easily - running the standard source code with simulated NOR and/or NAND flash devices. The code is then stopped at random or at selected points and it is checked that the system reliably restarts and that no data is lost.
Further testing has been done with real NOR and NAND flash arrays by repeatedly breakpointing the code at any point - then restarting the system and verifying that the operation is correct and no data has been lost to the system.
HCC have also had several of our customers try to break the system but to HCC's pleasure (and we hope their customers' pleasure) they have failed.
Performance
SAFE is a high performance solution.
Flash devices have special characteristics - in particular their write and erase times may be comparatively long. Further to this devices suffer from wear - repeated use of areas can lead to bad blocks developing.
SAFE is a highly crafted system designed to make the most efficient use of the underlying flash devices. It does not use a flash translation layer - instead it works directly with its knowledge of the device/s to give an efficient solution. In particular a sophisticated write caching-system has been developed such that only changes to the file descriptor tables are stored in flash - allowing many updates to be performed with an absolute minimum of flash chip usage.
This is all done while preserving the 100% power-fail resilience of the system!
Algorithms are also provided to support the use of Erase Suspend/Resume so that blocks that are known to be erasable are erased by an interruptible thread. Additonally logic is included to select pre-erased blocks preferentially while still maintaining efficient wear algorithms.
There are many algorithms employed to execute as efficiently as possible without over using the flash - these are done because of the file systems direct knowledge of the erase/write structure of the attached devices.
SAFE has been extensively tested with embedded database's and optimised during testing with these to ensure high performance in the most difficult application environments.
Key features
- 100% Power Fail Safe
- Long Filenames
- Multiple Volumes
- Directory Handling
- Multiple simultaneous files open
- Unicode16 support
- Mix of media types
- Erase Suspend/Resume
- Wear-Leveling (Static and Dynamic)
- ECC algorithms
- Bad Block handling
- Standard File API
- Reserved Sectors
- ANSI C compliant C source
- Sample Application code
- Sample Drivers for several NOR and NAND devices
- Detailed Implementation Guide
NOR Flash
SAFE is designed to support all types of standard NOR flash.
General
NOR flash is one of the base building blocks of most embedded systems. It contains non-volatile storage of data and code for systems and is characterised by having storage that can only be written to if previously erased and erasable blocks with relatively long erase times.
Wear-leveling
Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.
Bad-Block Management
Bad blocks may develop in a device over time. These are automatically detected and are paged out of the file system.
Reserved Sectors
Often developers require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.
Flash Arrays
Often it is useful to use multiple flash devices in a system either in parallel - to widen the data bus and acheive higher performance, or in series to increase storage size. This behaviour is fully supported by the system and relies only on configuration changes to the drivers.
Sample Drivers
Provided with the system is a range of sample drivers for various flash devices from different manufacturers. The sample drivers are carefully documented in the Developer's guide to allow easy porting to wahtever chip/hardware configuration is required.
Devices Supported
There are literally thousands of NOR flash devices available all with slightly different characteristics while retaining the same base properties. The system supports all known manufacturers devices including:
- AMD/Fujutsi/Spansion flash chips including MirrorBit technology and partnumber 29xxxxxxx
- Intel StrataFlash
- Atmel devices including the small memory devices
- Sharp
- SST including 25 and 39 series
- Toshiba
Sample drivers are provided for a number of these devices.
NAND Flash
SAFE is designed to support all types of standard NAND flash.
General
NAND flash is a relatively new flash technology designed to store large amounts of non-volatile data at reduced cost. It is characterised by having storage that can only be written to if previously erased - these blocks erase quicker than on NOR flash but is still quite long. Other features that differentiate it from NOR flash are that it is often shipped with a number of bad-blocks and their reliability is much increased if all single bit errors are detected and fixed.
Wear-leveling
Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.
Bad-Block Management
Bad blocks may exist on a new device and also develop in a device over time. These are automatically detected and are paged out of the file system.
ECC Algoritms
A highly efficient ECC algorithm is provided with the system. This may be implemented either in hardware or software. The algorithm automatically corrects all single bit errors- thus substantially increasing the relaibility of the devices.
Reserved Sectors
Developers sometimes require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.
Flash Arrays
Often it is useful to use multiple flash devices in a system either in parallel - to widen the data bus and acheive higher performance, or in series to increase storage size. This behaviour is fully supported by the system and relies only on configuration changes to the drivers.
Sample Drivers
Provided with the system is a range of sample drivers for various flash devices from different manufacturers. The sample drivers are carefully documented in the Developer's guide to allow easy porting to whatever chip/hardware configuration is required.
Devices Supported
There are many different NAND flash devices available all with slightly different characteristics while retaining the same base properties. The system supports all known manufacturers devices including:
- Samsung
- Hitachi
- Toshiba
- Micron
- ST Micro
Sample drivers are provided for Samsung, ST, and Micron devices
SAFE supports all types of Atmel DataFlash
Introduction
These devices have special characteristics which makes them difficult to use in a reliable and failsafe way. In particular if the pages in a sector are written to 10k times then the system must ensure that all pages in that sector have been rewritten during that period. Additonally, a simple copy erase and copyback mechanism is unreliable because if power is lost during this process a random page of data may be lost from the system. HCC have provided a reliable and failsafe driver which manages these issues and ensures that these devices can be used in a reliable file system.
Wear-leveling
Flash devices suffer from over-use - if a particular block is used beyond the manufacturer's specification the block may eventually develop errors. To combat this wear-level algorithms are implemented which ensure an even usage of the blocks. In addition the method of recording changes to the file descriptors ensures that the minimum of writing is done.
Reserved Sectors
Developers sometimes require that sections of their flash device are reserved for a particular purpose outside of the file system. This is achieved by specifying in the driver which of the available blocks are for "private" use. The user can still use the standard low-level read/write/erase routines for accessing these blocks.
SPI Sample Drivers
Provided with the system is a simlpe SPI driver which is the only part which must be ported to the target. The Developer's guide exlains the steps to allow easy porting
Devices Supported
All Atmel Dataflash types are supported:
- AT45DB011B
- AT45DB021B
- AT45DB041B
- AT45DB081B
- AT45DB161B
- AT45DB161D
- AT45DB321B
- AT45DB642
- AT45DB642B
- AT45DB642D (including both page modes)
The specific DataFlash device type may be selected through a definition in the driver.
Other Devices
SAFE has a flexible architecture and is suitable for using with any device where guaranteed reliability is required.
The interface between the drivers and the file system is clearly defined - any device which can provide a block architecture with read, write and erase sector functions can be integrated. The driver must supply to the file system a logical description of the blocks which may be used. The developer's guide gives detailed information to the required interface functions and in addition a RAM drive is supplied which may act as a useful starting point or reference .
Porting
SAFE is designed to be very portable. It is tested on several commercial RTOSs and also in a stand-alone system without an RTOS. We are not aware of any RTOS it cannot easily be ported to.
All the code is supplied in ANSI compliant 'C', is built on 4 different development environments and run through a syntax checker to ensure the highest level of compatibility.
Also supplied with the system is sample application code for easy exercise of the system - and sample drivers for different media types with clear reference to their hardware dependencies.
The Developer's Guide gives detailed information on all aspects of porting and indicates clearly the areas which may need to be modified for a particular host system. In particular, the host system may provide:
- real time clock for time/date information - necessary if time/date information is to be stored with files written.
- semaphores for mutual exclusion - only required in a pre-emptive system.
Sample driver files for a variety of devices are provided with detailed guidance as to how to modify them for different configurations.
HCC is also experienced to provide customised design and development work for your specific project.
Standard File API
General File System Functions |
|
| f_getversion | Get File System Version Number |
| f_init | Initialize File System |
| f_staticwear | Execute Static Wear |
|
|
| fs_mountdrive | Mount a Drive |
| f_format | Format a Drive |
| f_getfreespace | Get Usage Information From a Drive |
| f_getdrive | Get Current Drive Number |
| f_chdrive | Change Current Drive |
|
|
| f_getcwd | Get Current Working Directory |
| f_getdcwd | Get a Drives' Current Working Directory |
| f_mkdir | Make a Directory |
| f_chdir | Change Directory |
| f_rmdir | Remove a Directory |
|
|
| f_open | Open a File |
| f_close | Close a File |
| f_flush | Flush a File to Flash |
| f_write | Write ro a File |
| f_read | Read from a File |
| f_seek | Set Position in a File |
| f_tell | Get Current File Position |
| f_eof | Check if at End of File |
| f_rewind | Move to Start of File |
| f_putc | Put a Character to a File |
| f_getc | Get a Character from a File |
| f_truncate | Truncates a File |
|
|
| f_rename | Rename a File of Directory |
| f_move | Moves a File of Directory |
| f_delete | Delete a File or Directory |
| f_filelength | get the Current Length of a File |
| f_findfirst | Find a File or Directory in the Specified Path |
| f_findnext | Find Next File or Directory in the Specified Path |
| f_settimedate | Set the Time and Date on a File or Directory |
| f_gettimedate | Get the Time and Date from a File or Directory |
| f_setpermission | Set the Permissions on a File or Directory |
| f_getpermission | Get the Permissions from a File or Directory |
Note: Although these functions have standard call formats, their names have been prefixed differently to the standard file function definitions to avoid compiler warnings and conflicts when working on systems with another standard API installed. The developer can change these names using defines. |
|
Unified API
Unified API for the SAFE and FAT file systems
For developers who require failsafe access to their NOR and NAND targeted filesystems (SAFE) and access to their PC compatible devices (FAT) we provide a Unified API.
The Unified API allows both file systems to be accessed through a single interface - seemlessly giving all the advantages of the failsafe system and the PC compatible system. The two systems work entirely independently and a wrapper layer is provided to manage all file system calls. This ensures that neither system's performance is influenced by the alternate system.
The Unified API is provided free of charge to customers using both the FAT and SAFE file systems on a product
Last Updated: August 30, 2007 15:20