Title of Invention	A METHOD FOR AVOIDING DATA INCONSISTENCY IN A DATA PROCESSING SYSTEM
Abstract	In order to avoid data inconsistency between accesses of different functions of an application to a global variable in a data processing system, a) a symbolic object code of an entirety of functions (01, ..., Om) to be executed in the data processing system is made available and those functions (01, 02, On, Om) from the entirety that access a same global variable are termed and identified as interfering functions; b) at least one of the interfering functions is selected; c) a step (I) of initialisation of a help variable with the value of the global variable in the object code of every function selected in step b) is inserted or of a function calling a selected function is inserted before its call-up; and d) a symbol of the global variable is substituted in the object of the selected function by a reference to a memory location of the help variable.

Title of Invention

A METHOD FOR AVOIDING DATA INCONSISTENCY IN A DATA PROCESSING SYSTEM

Abstract

In order to avoid data inconsistency between accesses of different functions of an application to a global variable in a data processing system, a) a symbolic object code of an entirety of functions (01, ..., Om) to be executed in the data processing system is made available and those functions (01, 02, On, Om) from the entirety that access a same global variable are termed and identified as interfering functions; b) at least one of the interfering functions is selected; c) a step (I) of initialisation of a help variable with the value of the global variable in the object code of every function selected in step b) is inserted or of a function calling a selected function is inserted before its call-up; and d) a symbol of the global variable is substituted in the object of the selected function by a reference to a memory location of the help variable.

Full Text	DATA CONSISTENCY IN DATA PROCESSING EQUIPMENT Domain of the Invention The present invention is with regard to the problem of data consistency in data processing equipment in which a real-time application runs. This type of application is generally composed of a plurality of functions which, without being definitely chronologically co-ordinated to one another, have read and write access to commonly used variables, also termed global variables. When this type of function reads such a variable several times in succession to execute a computation, and the variable is modified by another function between two such read-accesses, it can thereupon be assumed that the result of the computation will be erroneous. Errors occur in exactly the same manner when a computation requires several write-accesses to the global variable in the case of which intermediary results are temporarily saved in the variables when another function executes a read-access to this type of intermediary result. Functions that access the same global variable are termed as interfering functions within the context of this submission, independent of whether a conflict between the functions is actually possible in individual cases. An established technique with which to ensure the consistency of a global variable in a data processing system is to always exclude all other functions from access to the same variable when a function, which could be interrupted by an intersecting access of an interfering function, accesses a global variable. This type of a process is, however, not applicable to real-time applications in general, since the execution of functions that have to access a variable that has been excluded from access, has to be halted till access to the variable is permitted again, which could result in unforeseeable delays in the execution of these functions. Another established method with which to ensure data consistency is for the individual functions to respectively use copies of the global variables. This means that an interfering function creates a local copy of a required global variable in each case at the beginning of its execution, works subsequently with this copy and, in case the function is capable of modifying the variable, the local is copied back onto the global variable before the function's close, whereby the copying procedures can, in each case, not be interrupted by other functions. The problem in the case of complex program systems is that at the beginning of processing, it is often not clear at which points access conflicts could arise that could result in data inconsistencies. One could counteract this problem by making local copies of all global variables that the function requires in each function. This course of action, however, results in a considerably increased memory requirement and processing power. At the time of system integration, one statement is always possible - from which global quantities is a copy required in which function - since at this point in time all functions as well as their call-up frequency and priority (their rights to interrupt other functions) are established. Several software tools are available to facilitate system integration such as e.g. OLT (Off Line Tool) or ESCAPE (www.etas.com) that, in the present source code, utilising additional information, identify functions that must work with copies to ensure data consistency and modify these functions in such a manner that they work with the corresponding copies instead of with the original quantities. Corresponding copying process are generated over and above this. These copying processes synchronise, depending upon the operating system's configuration, which is static, the copies to their original quantities of one or several functions that could use common copies since they do not interrupt one another. Since these tools read the operating system configuration in order to determine the priority and grouping of individual functions, they can also insert the necessary copying processes automatically in the operating system configuration before or after a function and functions group respectively. The applicability of these tools is limited by the fact that they are instructed to modify the source code. This is inevitably, however, not always available. Particularly when a processing partner receives functions from a third party, the third party, for reasons of confidentiality, does not make the functions available in the form of a source code but instead, at the most, as an object code. These types of functions can not be processed with established tools, so in order to ensure freedom from conflict, comprehensive, not automatable and, therewith, expensive and error-prone modifications at functions present in the source code could be required. Apart from this, intervention in the source code makes re-conversion of the modified codes a necessity each time. Particularly, modifications to the priority of a function (e.g. operating system configuration) could entail substantial modifications in the source code of a large number of other functions. This could result in very long conversion times in the case of large program systems, which could hold up the development process considerably. A further problem is that the established processing tools are, in each case, tailored to specific high level languages i.e. are not suitable for processing of functions, written in various high level languages, to an application. Advantages of the Invention The present invention creates processes with which to avoid data inconsistency and processing tools for application of these processes that can be used at any functions, irrespective of a high level language in which its source code is written and/or irrespective of whether the source code is actually available, and which enable speedy processing. Advantages are achieved on the one hand, in that the process according to Claim 1 inserts the initialisation required for use of a help variable directly into the object code present instead of inserting the same in the source code and converting this subsequently into object code. Insertion can consist of the program steps required for initialisation being inserted directly into the identified function or into a function calling the identified function before its call-up or by inserting a jump command to a help function, which takes over initialisation. A help variable can represent a local variable of the function that uses it i.e. a variable that is only defined and accessible within this function. The help variable is, in practice, advantageously defined as global because then several interfering functions, of which it is established that they do not conflict with one another, can use the same help variable. Substitution of accesses of a selected function to a global variable by accesses to the help variable can take place in two ways. One is to individually identify in each case the symbol of the global variable that e.g. can appear, for argument's sake, as a write or read instruction in the present object code of the selected function that is, for the time being, still in a symbolic form and substitute the same by the symbol of the help variable. A second approach would be to replace the symbol of the global variable in each case directly by a reference to the memory address of the help variables that are to replace it and, thus, quasi "bend" the write/read access during linking of the object code i.e. when all symbols in the object code are substituted by reference to concrete memory addresses. The substitution or "bending" is executed advantageously with a specific tool that can read an object code file, substitutes the symbols therein or inserts corresponding instructions at a link and can subsequently re-write them as a format-suitable object code file. In order not to make the number of the one help variable in the place of the functions using the global variables larger than necessary, the process comprises advantageously of one step c') of identifying the functions amongst the interfering functions that are in a position to interrupt one another, whereby the insertion of help variables and the substitution of accesses is applied only to at least one of the functions thus identified. There is no risk of data inconsistency in the case of functions that are neither interrupted by one another nor are able to interrupt another so that no substitution is required amongst these. This step c1) is appropriately executed by the tool mentioned above that advantageously receives additional information, preferably in the form of a control file, for the purpose as input data apart from the actual object data, which indicates which of the several interfering functions are in a position to be interrupted by other functions and therefore have to work with a help variable instead of the global variable. The ability of the interfering functions to interrupt one another is determined in the additional information, preferably by priority values allocated to the functions. Over and above this, substitutions taken up at the at least one selected function are preferably logged e.g. by simple insertion of the control data into a description section of the run-capable object data in order to make this information available to a debugger. This additional information offers the debugger the possibility of reconstructing the executed substitutions and, therewith, renders transparent the modifications executed by the tool compared to those of the user of the debugger. This is of particular interest when, at a specific software execution time, the original variable and copy contain varying values and the user would like to reconstruct whether the function that he is testing is accessing the original variable or a specific copy. If at least one of the substitutions undertaken at the selected function concerns a write-access i.e., if the function is in a position to modify the value of the help variable, then even a step of overwriting the global variable with the value of the help variable in the object code of the selected function should be inserted or the function calling it should be inserted after the call-up in order to make such a modification globally available. The advantages are, on the other hand, achieved according to Claim 8 by making available a symbolic object code of an entirety from functions to be executed in the data processing system and identifying the interfering functions amongst these, whereby the global variable in the symbolic object code designates each function that accesses it with a symbol specific to this function in each case and at least one interfering function is selected and that in each selected function or in a function calling a selected function, an instruction to copy the global variables to a memory location to which a function-specific symbol is allocated, is inserted before its call and for every non-selected function, the symbol that is specific in each case to the function is linked to a memory location allocated to a global variable. In order to facilitate a tool, which executes the process defined above, to identify the function-specific symbol corresponding to the respective same global variables, a table is advantageously made available that contains symbols used in the functions for the global variable. When the object code compiles several interfering functions from the source code, it can be advantageously provided that a compiler used for this substitutes the same names of the global variable contained in the source code of functions with a symbol specific to each function and prepares a table. Other features and advantages of the invention emanate from the following description of the exemplary embodiments, with reference to the enclosed figures. Drawings Figure 1 presents schematic levels of an authoring tool in accordance with the invention and data objects exchanged between them; Figure 2 is a flow chart of a working method that runs in the object processor of Figure 1; Figure 3 is an illustration analogous to Figure 1 of a second design of the invention; Figure 4 is an analogous illustration of a third design; Figure 5 is an analogous illustration of a fourth design; and Figure 6 presents contents from the control files used in the fourth design. Descriptions of the Exemplary Embodiments The authoring tool presented in Figure 1 comprises of a compiler COMP as a first level that converts source codes S1, S2, Sn of functions of an application in processing, written in a high level language such as C, into symbolic object code functions 01, 02, ..., On. The symbolic object code consists of instructions that each correspond to 1 : 1 instructions that can be executed from a target processor for which the source code to be compiled is intended. Codes that are not directly executable are not referred to at fixed memory addresses for write or read-access and jump commands, but are instead referred to at addresses designated with symbols to which a fixed value is allocated by the linker LINK only in a later phase of processing. An object code processor OP is subordinated to the compiler COMP. The processor revises object codes 01, 02, ..., On of the individual functions created by the compiler as well as, if required, other object codes On+1, ..., Om of functions that are not compiled by the compiler COMP, in order to ensure the consistency of global variables that are used by several of these functions. The object codes On+1, Om can, for example, belong to functions that were originally written in a language other than that of the source code S1, S2, ..., Sn or to functions whose source code is not available since it deals with functions bought in addition by the developer of the application. The object code processor OP has access to a file DESCR made available by the developer, that specifies global variables, which the functions access, for each of the object code functions 01, Om, as well as a priority allocated to the function. Figure 2 presents processing executed by the object code processor OP by means of a flow chart. One of the object code functions Oi, 1 When the priority of function Oi is lower this means that it can be interrupted by the other function Oj and that the risk of data inconsistency, consequently, exists if the other, higher prioritised function Oj modifies the global variable between two read-accesses of the first function Oi or gets to read an undefined interim value of the global variables. In this case the object processor inserts instructions to copy these variables into a help variable in the object code of function Oi before the first access to the concerned global variable or in a function calling function Oi before the call-up and replaces all subsequent accesses to the global variable in object code Oi by such accesses to the help variable. If during this replacement, it is determined that at least one of the accesses is a write-access, an instruction, to be executed to copy the value of the help variable into the global variable is inserted again in function Oi respectively before its closing. Such an instruction can, alternatively also be inserted in the calling function after the call-up. When checking of step 4 indicates that function Oi has the same or a higher priority than the other function Oj, then there is no risk of this first function Oi being interrupted by the other function Oj and the use of a copy is not necessary. In this case, the process will move directly from step 4 to step 6. Step 6 checks whether the function Oi selected in step 1 has another global variable registered to it in file DESCR. If yes, the process will return to step 2 and will select one of these variables. Step 7 will otherwise check whether functions for processing are still pending. If not, the process ends. The object processor creates a record of data consistent object code functions 0'1, ..M O'm in this manner in which, depending upon the type of access to a global variable, only instructions for copying of the global into a local help variable (if the function only has read-access, symbolically represented by a single shaded block 1 in the case of functions 0'1, 0'n), and back (in the case of read and write-access, symbolically represented by two shaded blocks I, C in the case of functions 0'2, O'm) are inserted or no instructions are inserted at all as in the case of function O'n+1, in the event the concerned function has the highest priority that is allocated to the concerned function accessing the global variable. The consistent object functions thus acquired are merged in an, in principle, established manner, by the linker LINK into an executable application by replacing all symbols of the object code with explicit addresses of memory locations. A preferred further development of the authoring tool and of its method of functioning is described by means of Figure 3. The compiler COMP, object code functions 01, ..., On created by it from the source code functions S1, ..., Sn as well as the external object functions On+1, ..., Om are the same as in Figure 1. What is different from Figure 1 is that these functions are not processed by an object code processor OP in order to make them data consistent but instead run through a computer linker CLINK, that creates object code blocks 0"1, ..., 0"p. The number of these blocks corresponds to the number of priority levels assigned to the object code functions, specified for the individual object code functions 01, Om and read by the code linker CLINK from a file PRIO. Each object code block 0"1, 0"p contains functions of the same priority levels. Functions with the highest priority are combined in block 0"1. These functions can access their global variables without any risk and do not require processing in the object code processor OP. All other blocks, 0"2 to 0"p, are subject to the consistency processing, described with reference to Figures 1 and 2, in the object code processor OP,. Processing is effected by combining the functions in the larger blocks. Since the functions of each individual block do not interrupt each other, they can use a common local copy for each global variable, whereby memory space is saved. Blocks O"1 to O"p processed for consistency subsequently run through another linker level that is termed the variable linker VLINK that replaces all symbolic reference names at memory locations with explicit memory addresses and jump addresses, that could not as yet be substituted by explicit addresses in the code linker because they represent jumps between different blocks, are cancelled. The completed, executable application is thus finally obtained. In the design presented in Figure 4, the structure and processing up to creation of the object code blocks O"1, .... O"p , does not differ from that in Figure 3. The object code processor is omitted, instead of which the mode of operation of the variable linkers VLINK is changed. This reads the VAR file that specifies the global variable for each function that accesses it and, using this information, determines the global variables used in each of the object code blocks O"2 to O"p. During linking of object code blocks, each of these global variables is assigned another explicit memory address respectively in each block. The variable linker VLINK subsequently links each individual function of the object code blocks to copying functions read from the library in such a manner that the copying functions are executed in each case at the beginning and/or end of a function, whereby these copying functions respectively copy back the global variable used by the concerned function to the memory location allocated to them for the object code group O"1, .... O"p of this function. Manipulation of the object code undertaken by the object code processor OP in the other exemplary embodiments is, thereby, superfluous and it is nevertheless achieved that all functions for which the risk of interruption by a higher prioritised function exists, never access the original but always only the copy of the global variable. Figure 5 schematically illustrates the levels of processing according to a fourth design of the invention. As in the previous examples, the first level is a compiler COMP, that converts functions S1, S2, ..., Sn written in a source code into a symbolic object code 01, ..., On. A special feature of the compiler in Figure 5 is that in the symbolic object code for a global variable used by several functions and in whose code the global variable is indicated by the same name, the compiler does not use the global variable's source code names in a symbolic object code of all these interfering functions uniformly as a symbol for the global variable, but instead uses specific symbols for the individual variables in the object code of each function for the concerned function. This can, e.g. take place by the compiler creating symbols of object codes in each case by interlinking the variables called in a function of the source to the names of the calling function i.e. a global variable indicated by G1 in a source code S1, S2 of functions F1, F2 is allocated the symbol G1_F1 and G1_F2 respectively in each case in the object codes 01, 02 of the concerned functions created by the compiler. The compiler COMP prepares a control file VAR during compiling in which, as illustrated in Figure 6, the symbol G1_Fi and G2_Fi respectively are specified for a global variable such as perhaps G1, G2 in this object code for every object code function Oi. The control file VAR preferably has an editable form with a conventional text editor, which enables a developer to manually supplement entries of the control file for functions On+1 to Om, that are not compiled by the compiler COMP but are instead present from the beginning in the form of symbolic object codes, the counterparts between names S1 to Sn of global variables used in the source code and their names in the object codes On+1, ..., Om. A second control file PRIO specifies, as also illustrated in Figure 6, a priority value PRIO (Oi) for each object code function Oi, i = 1, ..., m, that specifies the right of the concerned function to interrupt the workflow of the other functions. A linker LINK replaces symbols through reference to explicit memory locations in the symbolic object codes 01, ..., On in order to create this type of a run-capable application. The linker thereby takes into consideration the content of the control files VAR and PRIO. Only in the case of a function with the highest possible priority level does the linker substitute the symbol used for a global variable in this function by a reference to the actual memory location of these variables. Before calling a function with a priority level that is not the highest possible, the linker connects a call-up of a copying function I that creates a copy of the global variable used by the function and substitutes the symbols used for the global variable in this function in the object code of the concerned function with reference to the address of the copy created by the copying function. When the function executes a write-access to the global variable, a copy-back function C is integrated, in addition, after terminating the function that copies back the value of the copy of the global variable to their actual memory locations. In the run-capable application created by the linker up to k-1 copies of a global variable are consequently created, where k is the number of the possible priority level of functions 01 to Om and functions with the same priority levels that can not interrupt each other respectively access the same copy. Thus, as in the designs of Figures 3 and 4, the memory space required for creation of the copy is restricted to the minimum here. Patent Claims 1. Process with which to avoid data inconsistency between accesses by different functions of an application to a global variable in a data processing system, comprising of the following steps : a) Availability of a symbolic object code of an entirety of functions (01, ..., Om) to be executed in the data processing system and identifying those functions (01, 02, On, Om) from the entirety termed as interfering functions that access the same global variable; b) Selecting at least one of the interfering functions; c) Inserting step (I) of initialisation of a help variable with the value of the global variable in the object code of each function selected in step b) or of a function calling a selected function before their call- up; d) Substituting a symbol of the global variable in the object code of the selected function by a reference to a memory location of the help variable. 2. Process according to Claim 1, characterised in that, in the symbolic object code of the selected function, the symbol of the global variable is substituted by the symbol of the help variable in step d) and subsequently, the symbol of the help variable is substituted by a reference to the memory location of the help variable. 3. Process according to Claim 1, characterised in that, a linker substitutes the symbol of the global variable in step d) directly with a reference to the memory location of the help variable. 4. Process according to Claim 3, characterised in that, the linker substitutes the symbol of the global variable with a reference to a memory location of the global variable in at least one non-selected interfering function. 5. Process according to one of the preceding claims, characterised in that, substitutions undertaken at the at least one selected function are logged. 6. Process according to one of the preceding claims, characterised in that, if at least one of the substitutions undertaken at the selected function concerns a write-access, a step for over-writing the global variable with the value of the help variable is inserted. 7. Process according to one of the preceding claims, characterised in that, the identification of the interfering functions in step a) takes place by means of information (DESCR, VAR) made available in addition to the object code of functions. 8. Process with which to avoid data inconsistency between accesses by different functions of an application to a global variable in a data processing system, using the following steps : a) Availability of a symbolic object code of an entirety of functions (01, ..., Om) to be executed in the data processing system and identification of those functions (01, 02, On, OM) from the entirety that are termed as interfering functions, that access the same global variable (G1, G2), whereby the global variable (G1, G2) in the symbolic object code of each function accessing it, is respectively indicated by a symbol (G1_Fi ; G2_Fi) that is specific to this function ; b) Selection of at least one of the interfering functions; c) Insertion of an instruction (I) for copying of the global variable (G1, G2) to a memory location allocated to a function-specific symbol (G1_Fi ; G2_Fi) in each function selected in step b) or in a function calling a selected function before its call-up, and d) For each function not selected in step b): linking of the respective function-specific symbol to a memory location allocated to a global variable (G1; G2). 9. Process according to Claim 8, characterised in that, the interfering functions are identified by means of a table (VAR) that contains the symbols used in the functions for the global variables. 10. Process according to Claim 9, characterised in that, the object code compiles several of the interfering functions from the source code (S1, S2, .., Sn) and that a compiler (COMP) during compiling substitutes the same names (G1 ; G2) of the global variables contained in the source code of functions with a symbol (G1_Fi ; G2_Fi) specific to each function and prepares the table (VAR). 11. Process according to one of Claims 8 to 10, characterised in that, when the selected function executes a write-access to the memory location allocated to the function-specific symbol, a step of over-writing C the global variable with the value of the copy is inserted. 12. Process according to one of the preceding claims, characterised by step a') of identification of functions amongst the interfering functions that are in a position to be interrupted by another function, whereby only functions identified in step a') are selected in step b). 13. Process according to Claim 12, characterised in that, the identification of step a') takes place by means of information (DESCR. PRIO) made available in addition to the symbolic object code of functions. 14. Process according to Claim 13, characterised in that the ability of the functions to interrupt one another is recognised by means of priority values of functions specified in information (DESCR, PRIO) made additionally available. 15. Authoring tool for execution of the process according to one of Claims 1 to 7 or one of Claims 12 to 14 in so far with retrospective reference to Claim 1, with an initial interface (OP) with which to receive the symbolic object codes of functions (01, ..., Om), with a logic unit (OP) for identification of so-called interfering functions (01, 02, On, Om) accessing the same global variable, with an object code processing unit (OP, VLINK) for substitution of a symbol of the global variable by a reference to a memory location, initialised by the value of the global variable, of a help variable in the object code of at least one selected function amongst the interfering functions (01, 02, On, Om) and with a linker with which to link the object codes of the entirety of functions for run-capable application after processing through the object code processing unit (OP, VLINK). 16. Authoring tool for execution of the process according to one of Claims 8 to 11 or one of Claims 12 to 14, in so far with retrospective reference to Claim 7, with an initial interface for receiving the symbolic object codes of functions (01, ..., Om), with a logic unit for identifying the so- called interfering functions (01, 02, On, Om) that access the same global variable, whereby the global variable is indicated by another symbol in the object code of every function that accesses it, with an object code processing unit (LINK) with which to insert a command (I) for copying the global variables to a memory location allocated to the function-specific symbol of a selected function and with a linker (LINK) with which to link the object code of the entirety of the functions for run-capable application after processing through the object code processing unit that is set up to link the symbol (G1_Fi ; G2_Fi) used for the global variable by the selected function to the memory location allocated to this symbol and to link a symbol used for the global variable by a non-selected function to a memory location of the global variable (G1 ; G2). Dated this 6 day of October 2006

Full Text

DATA CONSISTENCY IN DATA PROCESSING EQUIPMENT Domain of the Invention
The present invention is with regard to the problem of data consistency in data processing equipment in which a real-time application runs. This type of application is generally composed of a plurality of functions which, without being definitely chronologically co-ordinated to one another, have read and write access to commonly used variables, also termed global variables. When this type of function reads such a variable several times in succession to execute a computation, and the variable is modified by another function between two such read-accesses, it can thereupon be assumed that the result of the computation will be erroneous. Errors occur in exactly the same manner when a computation requires several write-accesses to the global variable in the case of which intermediary results are temporarily saved in the variables when another function executes a read-access to this type of intermediary result.
Functions that access the same global variable are termed as interfering functions within the context of this submission, independent of whether a conflict between the functions is actually possible in individual cases.
An established technique with which to ensure the consistency of a global variable in a data processing system is to always exclude all other functions from access to the same variable when a function, which could be interrupted by an intersecting access of an interfering function, accesses a global variable. This type of a process is, however, not applicable to real-time applications in general, since the execution of functions that have to access a variable that has been excluded from access, has to be halted till access to the variable is permitted again, which could result in unforeseeable delays in the execution of these functions.

Another established method with which to ensure data consistency is for the individual functions to respectively use copies of the global variables. This means that an interfering function creates a local copy of a required global variable in each case at the beginning of its execution, works subsequently with this copy and, in case the function is capable of modifying the variable, the local is copied back onto the global variable before the function's close, whereby the copying procedures can, in each case, not be interrupted by other functions.
The problem in the case of complex program systems is that at the beginning of processing, it is often not clear at which points access conflicts could arise that could result in data inconsistencies. One could counteract this problem by making local copies of all global variables that the function requires in each function. This course of action, however, results in a considerably increased memory requirement and processing power.
At the time of system integration, one statement is always possible - from which global quantities is a copy required in which function - since at this point in time all functions as well as their call-up frequency and priority (their rights to interrupt other functions) are established. Several software tools are available to facilitate system integration such as e.g. OLT (Off Line Tool) or ESCAPE (www.etas.com) that, in the present source code, utilising additional information, identify functions that must work with copies to ensure data consistency and modify these functions in such a manner that they work with the corresponding copies instead of with the original quantities. Corresponding copying process are generated over and above this. These copying processes synchronise, depending upon the operating system's configuration, which is static, the copies to their original quantities of one or several functions that could use common copies since they do not interrupt one another. Since these tools read the operating system configuration in order to determine the priority and grouping of individual functions, they can also insert the necessary copying processes automatically in

the operating system configuration before or after a function and functions group respectively.
The applicability of these tools is limited by the fact that they are instructed to modify the source code. This is inevitably, however, not always available. Particularly when a processing partner receives functions from a third party, the third party, for reasons of confidentiality, does not make the functions available in the form of a source code but instead, at the most, as an object code. These types of functions can not be processed with established tools, so in order to ensure freedom from conflict, comprehensive, not automatable and, therewith, expensive and error-prone modifications at functions present in the source code could be required.
Apart from this, intervention in the source code makes re-conversion of the modified codes a necessity each time. Particularly, modifications to the priority of a function (e.g. operating system configuration) could entail substantial modifications in the source code of a large number of other functions. This could result in very long conversion times in the case of large program systems, which could hold up the development process considerably.
A further problem is that the established processing tools are, in each case, tailored to specific high level languages i.e. are not suitable for processing of functions, written in various high level languages, to an application.
Advantages of the Invention
The present invention creates processes with which to avoid data inconsistency and processing tools for application of these processes that can be used at any functions, irrespective of a high level language in which its source code is written

and/or irrespective of whether the source code is actually available, and which enable speedy processing.
Advantages are achieved on the one hand, in that the process according to Claim 1 inserts the initialisation required for use of a help variable directly into the object code present instead of inserting the same in the source code and converting this subsequently into object code. Insertion can consist of the program steps required for initialisation being inserted directly into the identified function or into a function calling the identified function before its call-up or by inserting a jump command to a help function, which takes over initialisation.
A help variable can represent a local variable of the function that uses it i.e. a variable that is only defined and accessible within this function. The help variable is, in practice, advantageously defined as global because then several interfering functions, of which it is established that they do not conflict with one another, can use the same help variable.
Substitution of accesses of a selected function to a global variable by accesses to the help variable can take place in two ways. One is to individually identify in each case the symbol of the global variable that e.g. can appear, for argument's sake, as a write or read instruction in the present object code of the selected function that is, for the time being, still in a symbolic form and substitute the same by the symbol of the help variable. A second approach would be to replace the symbol of the global variable in each case directly by a reference to the memory address of the help variables that are to replace it and, thus, quasi "bend" the write/read access during linking of the object code i.e. when all symbols in the object code are substituted by reference to concrete memory addresses.
The substitution or "bending" is executed advantageously with a specific tool that can read an object code file, substitutes the symbols therein or inserts

corresponding instructions at a link and can subsequently re-write them as a format-suitable object code file.
In order not to make the number of the one help variable in the place of the functions using the global variables larger than necessary, the process comprises advantageously of one step c') of identifying the functions amongst the interfering functions that are in a position to interrupt one another, whereby the insertion of help variables and the substitution of accesses is applied only to at least one of the functions thus identified. There is no risk of data inconsistency in the case of functions that are neither interrupted by one another nor are able to interrupt another so that no substitution is required amongst these.
This step c1) is appropriately executed by the tool mentioned above that advantageously receives additional information, preferably in the form of a control file, for the purpose as input data apart from the actual object data, which indicates which of the several interfering functions are in a position to be interrupted by other functions and therefore have to work with a help variable instead of the global variable.
The ability of the interfering functions to interrupt one another is determined in the additional information, preferably by priority values allocated to the functions.
Over and above this, substitutions taken up at the at least one selected function are preferably logged e.g. by simple insertion of the control data into a description section of the run-capable object data in order to make this information available to a debugger. This additional information offers the debugger the possibility of reconstructing the executed substitutions and, therewith, renders transparent the modifications executed by the tool compared to those of the user of the debugger. This is of particular interest when, at a specific software execution time, the original variable and copy contain varying

values and the user would like to reconstruct whether the function that he is testing is accessing the original variable or a specific copy.
If at least one of the substitutions undertaken at the selected function concerns a write-access i.e., if the function is in a position to modify the value of the help variable, then even a step of overwriting the global variable with the value of the help variable in the object code of the selected function should be inserted or the function calling it should be inserted after the call-up in order to make such a modification globally available.
The advantages are, on the other hand, achieved according to Claim 8 by making available a symbolic object code of an entirety from functions to be executed in the data processing system and identifying the interfering functions amongst these, whereby the global variable in the symbolic object code designates each function that accesses it with a symbol specific to this function in each case and at least one interfering function is selected and that in each selected function or in a function calling a selected function, an instruction to copy the global variables to a memory location to which a function-specific symbol is allocated, is inserted before its call and for every non-selected function, the symbol that is specific in each case to the function is linked to a memory location allocated to a global variable.
In order to facilitate a tool, which executes the process defined above, to identify the function-specific symbol corresponding to the respective same global variables, a table is advantageously made available that contains symbols used in the functions for the global variable.
When the object code compiles several interfering functions from the source code, it can be advantageously provided that a compiler used for this substitutes

the same names of the global variable contained in the source code of functions with a symbol specific to each function and prepares a table.
Other features and advantages of the invention emanate from the following description of the exemplary embodiments, with reference to the enclosed figures.
Drawings
Figure 1 presents schematic levels of an authoring tool in accordance with the invention and data objects exchanged between them;
Figure 2 is a flow chart of a working method that runs in the object processor of Figure 1;
Figure 3 is an illustration analogous to Figure 1 of a second design of the invention;
Figure 4 is an analogous illustration of a third design;
Figure 5 is an analogous illustration of a fourth design; and
Figure 6 presents contents from the control files used in the fourth design.
Descriptions of the Exemplary Embodiments
The authoring tool presented in Figure 1 comprises of a compiler COMP as a first level that converts source codes S1, S2, Sn of functions of an application in processing, written in a high level language such as C, into symbolic object code

functions 01, 02, ..., On. The symbolic object code consists of instructions that each correspond to 1 : 1 instructions that can be executed from a target processor for which the source code to be compiled is intended. Codes that are not directly executable are not referred to at fixed memory addresses for write or read-access and jump commands, but are instead referred to at addresses designated with symbols to which a fixed value is allocated by the linker LINK only in a later phase of processing.
An object code processor OP is subordinated to the compiler COMP. The processor revises object codes 01, 02, ..., On of the individual functions created by the compiler as well as, if required, other object codes On+1, ..., Om of functions that are not compiled by the compiler COMP, in order to ensure the consistency of global variables that are used by several of these functions. The object codes On+1, Om can, for example, belong to functions that were originally written in a language other than that of the source code S1, S2, ..., Sn or to functions whose source code is not available since it deals with functions bought in addition by the developer of the application.
The object code processor OP has access to a file DESCR made available by the developer, that specifies global variables, which the functions access, for each of the object code functions 01, Om, as well as a priority allocated to the function.
Figure 2 presents processing executed by the object code processor OP by means of a flow chart. One of the object code functions Oi, 1
When the priority of function Oi is lower this means that it can be interrupted by the other function Oj and that the risk of data inconsistency, consequently, exists if the other, higher prioritised function Oj modifies the global variable between two read-accesses of the first function Oi or gets to read an undefined interim value of the global variables. In this case the object processor inserts instructions to copy these variables into a help variable in the object code of function Oi before the first access to the concerned global variable or in a function calling function Oi before the call-up and replaces all subsequent accesses to the global variable in object code Oi by such accesses to the help variable. If during this replacement, it is determined that at least one of the accesses is a write-access, an instruction, to be executed to copy the value of the help variable into the global variable is inserted again in function Oi respectively before its closing. Such an instruction can, alternatively also be inserted in the calling function after the call-up.
When checking of step 4 indicates that function Oi has the same or a higher priority than the other function Oj, then there is no risk of this first function Oi being interrupted by the other function Oj and the use of a copy is not necessary. In this case, the process will move directly from step 4 to step 6.
Step 6 checks whether the function Oi selected in step 1 has another global variable registered to it in file DESCR. If yes, the process will return to step 2 and will select one of these variables. Step 7 will otherwise check whether functions for processing are still pending. If not, the process ends.
The object processor creates a record of data consistent object code functions 0'1, ..M O'm in this manner in which, depending upon the type of access to a global variable, only instructions for copying of the global into a local help variable (if the function only has read-access, symbolically represented by a single shaded block 1 in the case of functions 0'1, 0'n), and back (in the case of

read and write-access, symbolically represented by two shaded blocks I, C in the case of functions 0'2, O'm) are inserted or no instructions are inserted at all as in the case of function O'n+1, in the event the concerned function has the highest priority that is allocated to the concerned function accessing the global variable.
The consistent object functions thus acquired are merged in an, in principle, established manner, by the linker LINK into an executable application by replacing all symbols of the object code with explicit addresses of memory locations.
A preferred further development of the authoring tool and of its method of functioning is described by means of Figure 3. The compiler COMP, object code functions 01, ..., On created by it from the source code functions S1, ..., Sn as well as the external object functions On+1, ..., Om are the same as in Figure 1. What is different from Figure 1 is that these functions are not processed by an object code processor OP in order to make them data consistent but instead run through a computer linker CLINK, that creates object code blocks 0"1, ..., 0"p. The number of these blocks corresponds to the number of priority levels assigned to the object code functions, specified for the individual object code functions 01, Om and read by the code linker CLINK from a file PRIO. Each object code block 0"1, 0"p contains functions of the same priority levels. Functions with the highest priority are combined in block 0"1. These functions can access their global variables without any risk and do not require processing in the object code processor OP. All other blocks, 0"2 to 0"p, are subject to the consistency processing, described with reference to Figures 1 and 2, in the object code processor OP,. Processing is effected by combining the functions in the larger blocks. Since the functions of each individual block do not interrupt each other, they can use a common local copy for each global variable, whereby memory space is saved.

Blocks O"1 to O"p processed for consistency subsequently run through another linker level that is termed the variable linker VLINK that replaces all symbolic reference names at memory locations with explicit memory addresses and jump addresses, that could not as yet be substituted by explicit addresses in the code linker because they represent jumps between different blocks, are cancelled. The completed, executable application is thus finally obtained.
In the design presented in Figure 4, the structure and processing up to creation of the object code blocks O"1, .... O"p , does not differ from that in Figure 3. The object code processor is omitted, instead of which the mode of operation of the variable linkers VLINK is changed. This reads the VAR file that specifies the global variable for each function that accesses it and, using this information, determines the global variables used in each of the object code blocks O"2 to O"p. During linking of object code blocks, each of these global variables is assigned another explicit memory address respectively in each block. The variable linker VLINK subsequently links each individual function of the object code blocks to copying functions read from the library in such a manner that the copying functions are executed in each case at the beginning and/or end of a function, whereby these copying functions respectively copy back the global variable used by the concerned function to the memory location allocated to them for the object code group O"1, .... O"p of this function. Manipulation of the object code undertaken by the object code processor OP in the other exemplary embodiments is, thereby, superfluous and it is nevertheless achieved that all functions for which the risk of interruption by a higher prioritised function exists, never access the original but always only the copy of the global variable.
Figure 5 schematically illustrates the levels of processing according to a fourth design of the invention. As in the previous examples, the first level is a compiler COMP, that converts functions S1, S2, ..., Sn written in a source code into a symbolic object code 01, ..., On. A special feature of the compiler in Figure 5 is

that in the symbolic object code for a global variable used by several functions and in whose code the global variable is indicated by the same name, the compiler does not use the global variable's source code names in a symbolic object code of all these interfering functions uniformly as a symbol for the global variable, but instead uses specific symbols for the individual variables in the object code of each function for the concerned function. This can, e.g. take place by the compiler creating symbols of object codes in each case by interlinking the variables called in a function of the source to the names of the calling function i.e. a global variable indicated by G1 in a source code S1, S2 of functions F1, F2 is allocated the symbol G1_F1 and G1_F2 respectively in each case in the object codes 01, 02 of the concerned functions created by the compiler.
The compiler COMP prepares a control file VAR during compiling in which, as illustrated in Figure 6, the symbol G1_Fi and G2_Fi respectively are specified for a global variable such as perhaps G1, G2 in this object code for every object code function Oi. The control file VAR preferably has an editable form with a conventional text editor, which enables a developer to manually supplement entries of the control file for functions On+1 to Om, that are not compiled by the compiler COMP but are instead present from the beginning in the form of symbolic object codes, the counterparts between names S1 to Sn of global variables used in the source code and their names in the object codes On+1, ..., Om.
A second control file PRIO specifies, as also illustrated in Figure 6, a priority value PRIO (Oi) for each object code function Oi, i = 1, ..., m, that specifies the right of the concerned function to interrupt the workflow of the other functions.
A linker LINK replaces symbols through reference to explicit memory locations in the symbolic object codes 01, ..., On in order to create this type of a run-capable application. The linker thereby takes into consideration the content of the control

files VAR and PRIO. Only in the case of a function with the highest possible priority level does the linker substitute the symbol used for a global variable in this function by a reference to the actual memory location of these variables. Before calling a function with a priority level that is not the highest possible, the linker connects a call-up of a copying function I that creates a copy of the global variable used by the function and substitutes the symbols used for the global variable in this function in the object code of the concerned function with reference to the address of the copy created by the copying function. When the function executes a write-access to the global variable, a copy-back function C is integrated, in addition, after terminating the function that copies back the value of the copy of the global variable to their actual memory locations.
In the run-capable application created by the linker up to k-1 copies of a global variable are consequently created, where k is the number of the possible priority level of functions 01 to Om and functions with the same priority levels that can not interrupt each other respectively access the same copy. Thus, as in the designs of Figures 3 and 4, the memory space required for creation of the copy is restricted to the minimum here.

Patent Claims
1. Process with which to avoid data inconsistency between accesses by
different functions of an application to a global variable in a data
processing system, comprising of the following steps :
a) Availability of a symbolic object code of an entirety of functions
(01, ..., Om) to be executed in the data processing system and
identifying those functions (01, 02, On, Om) from the entirety
termed as interfering functions that access the same global
variable;
b) Selecting at least one of the interfering functions;
c) Inserting step (I) of initialisation of a help variable with the value of
the global variable in the object code of each function selected in
step b) or of a function calling a selected function before their call-
up;
d) Substituting a symbol of the global variable in the object code of
the selected function by a reference to a memory location of the
help variable.

2. Process according to Claim 1, characterised in that, in the symbolic
object code of the selected function, the symbol of the global variable
is substituted by the symbol of the help variable in step d) and
subsequently, the symbol of the help variable is substituted by a
reference to the memory location of the help variable.
3. Process according to Claim 1, characterised in that, a linker substitutes
the symbol of the global variable in step d) directly with a reference to
the memory location of the help variable.

4. Process according to Claim 3, characterised in that, the linker
substitutes the symbol of the global variable with a reference to a
memory location of the global variable in at least one non-selected
interfering function.
5. Process according to one of the preceding claims, characterised in
that, substitutions undertaken at the at least one selected function are
logged.
6. Process according to one of the preceding claims, characterised in
that, if at least one of the substitutions undertaken at the selected
function concerns a write-access, a step for over-writing the global
variable with the value of the help variable is inserted.
7. Process according to one of the preceding claims, characterised in
that, the identification of the interfering functions in step a) takes place
by means of information (DESCR, VAR) made available in addition to
the object code of functions.
8. Process with which to avoid data inconsistency between accesses by
different functions of an application to a global variable in a data
processing system, using the following steps :
a) Availability of a symbolic object code of an entirety of functions (01, ..., Om) to be executed in the data processing system and identification of those functions (01, 02, On, OM) from the entirety that are termed as interfering functions, that access the same global variable (G1, G2), whereby the global variable (G1, G2) in the symbolic object code of each function accessing it, is

respectively indicated by a symbol (G1_Fi ; G2_Fi) that is specific to this function ;
b) Selection of at least one of the interfering functions;
c) Insertion of an instruction (I) for copying of the global variable (G1,
G2) to a memory location allocated to a function-specific symbol
(G1_Fi ; G2_Fi) in each function selected in step b) or in a function
calling a selected function before its call-up, and
d) For each function not selected in step b): linking of the respective
function-specific symbol to a memory location allocated to a global
variable (G1; G2).
9. Process according to Claim 8, characterised in that, the interfering
functions are identified by means of a table (VAR) that contains the
symbols used in the functions for the global variables.
10. Process according to Claim 9, characterised in that, the object code
compiles several of the interfering functions from the source code (S1,
S2, .., Sn) and that a compiler (COMP) during compiling substitutes the
same names (G1 ; G2) of the global variables contained in the source
code of functions with a symbol (G1_Fi ; G2_Fi) specific to each
function and prepares the table (VAR).
11. Process according to one of Claims 8 to 10, characterised in that,
when the selected function executes a write-access to the memory
location allocated to the function-specific symbol, a step of over-writing
C the global variable with the value of the copy is inserted.
12. Process according to one of the preceding claims, characterised by
step a') of identification of functions amongst the interfering functions
that are in a position to be interrupted by another function,

whereby only functions identified in step a') are selected in step b).
13. Process according to Claim 12, characterised in that, the identification
of step a') takes place by means of information (DESCR. PRIO) made
available in addition to the symbolic object code of functions.
14. Process according to Claim 13, characterised in that the ability of the
functions to interrupt one another is recognised by means of priority
values of functions specified in information (DESCR, PRIO) made
additionally available.
15. Authoring tool for execution of the process according to one of Claims
1 to 7 or one of Claims 12 to 14 in so far with retrospective reference to
Claim 1, with an initial interface (OP) with which to receive the
symbolic object codes of functions (01, ..., Om), with a logic unit (OP)
for identification of so-called interfering functions (01, 02, On, Om)
accessing the same global variable, with an object code processing
unit (OP, VLINK) for substitution of a symbol of the global variable by a
reference to a memory location, initialised by the value of the global
variable, of a help variable in the object code of at least one selected
function amongst the interfering functions (01, 02, On, Om) and with a
linker with which to link the object codes of the entirety of functions for
run-capable application after processing through the object code
processing unit (OP, VLINK).
16. Authoring tool for execution of the process according to one of Claims
8 to 11 or one of Claims 12 to 14, in so far with retrospective reference
to Claim 7, with an initial interface for receiving the symbolic object
codes of functions (01, ..., Om), with a logic unit for identifying the so-
called interfering functions (01, 02, On, Om) that access the same

global variable, whereby the global variable is indicated by another symbol in the object code of every function that accesses it, with an object code processing unit (LINK) with which to insert a command (I) for copying the global variables to a memory location allocated to the function-specific symbol of a selected function and with a linker (LINK) with which to link the object code of the entirety of the functions for run-capable application after processing through the object code processing unit that is set up to link the symbol (G1_Fi ; G2_Fi) used for the global variable by the selected function to the memory location allocated to this symbol and to link a symbol used for the global variable by a non-selected function to a memory location of the global variable (G1 ; G2).
Dated this 6 day of October 2006

Documents:

3707-abstract image.jpg

3707-CHENP-2006 AMENDED PAGES OF SPECIFICATION 07-06-2013.pdf

3707-CHENP-2006 AMENDED CLAIMS 07-06-2013.pdf

3707-CHENP-2006 CORRESPONDENCE OTHERS 22-08-2013.pdf

3707-CHENP-2006 EXAMINATION REPORT REPLY RECEIVED 07-06-2013.pdf

3707-CHENP-2006 EXAMINATION REPORT REPLY RECEIVED 09-10-2012.pdf

3707-CHENP-2006 FORM-1 07-06-2013.pdf

3707-CHENP-2006 FORM-3 22-08-2013.pdf

3707-CHENP-2006 OTHER PATENT DOCUMENT 22-08-2013.pdf

3707-CHENP-2006 OTHERS 22-08-2013.pdf

3707-CHENP-2006 POWER OF ATTORNEY 07-06-2013.pdf

3707-CHENP-2006 POWER OF ATTORNEY 22-08-2013.pdf

3707-CHENP-2006 PRIORITY DOCUMENT 07-06-2013.pdf

3707-CHENP-2006 AMENDED CLAIMS 22-08-2013.pdf

3707-CHENP-2006 FORM-18.pdf

3707-chenp-2006-abstract.pdf

3707-chenp-2006-claims.pdf

3707-chenp-2006-correspondnece-others.pdf

3707-chenp-2006-description(complete).pdf

3707-chenp-2006-drawings.pdf

3707-chenp-2006-form 1.pdf

3707-chenp-2006-form 26.pdf

3707-chenp-2006-form 3.pdf

3707-chenp-2006-form 5.pdf

3707-chenp-2006-pct.pdf

« Previous Patent

Next Patent »

Patent Number

257102

Indian Patent Application Number

3707/CHENP/2006

PG Journal Number

36/2013

Publication Date

06-Sep-2013

Grant Date

03-Sep-2013

Date of Filing

06-Oct-2006

Name of Patentee

ROBERT BOSCH GmbH

Applicant Address

30 02 20,D-70442 STUTTGART,

Inventors:

#	Inventor's Name	Inventor's Address
1	WOERSCHING,UDO	NORDHEIMERSTRASSE 31, 74211 LEINGARTEN
2	LUNT,MARTIN	TROLLINGERWEG5, 71706 MARKGROENINGEN
3	MARKUS,ELMAR	WERNER-EGK-STRASSE 8, 71696 MOEGLINGEN
4	BIEGERT,UWE	KOENIGSTRASSE36, 70597STUTTGART

PCT International Classification Number

G06F 9/4

PCT International Application Number

PCT/EP05/51449

PCT International Filing date

2005-03-30

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	10 2004 017050 .9	2004-04-07	Germany
2	10 2004017050.9	2004-04-07	Germany