@CHIP-RTOS - File System Power Loss Protection
IPC@CHIP® Documentation Index
external disk drives on the SC1x3/SC2x can be formatted with a Power Loss Protection option.
file system's power loss protection (PLP) mechanism
allows unfinished disk write activity to be continued after a power loss
(or other cause of system reset). Using this strategy, the disk will
either contain the original valid image or the completed modified image after
the next time this disk is opened.
External Media and Driver RequirementsThe following requirements must be meet by an external disk and its driver in order for the PLP mechanism to work reliably on that drive.
Problems meeting these requirements have been observed in rare cases on SD cards and on the internal A: flash drive. For this reason, as of @CHIP-RTOS-x86 version 1.53 the PLP drives will be write protected at a Power Fail Interrupt (PFI). The PFI_PLP_WR_EN CHIP.INI entry can be used to leave specified PLP drives write enabled after the PFI.
PLP DisadvantagesThe PLP mechanization will come with some disk speed and space penalties. (Some example cases are provided here.) These include the following:
Implementation NotesA PLP disk will be in one of three states: "stable", "edit" or "commit". Unless the system is reset, the sequence of state transitions is always:
"stable " --> "edit " --> "commit " --> "stable " ...
The "stable" state covers the case where nothing is going on, write activity wise.
When a file is created or opened for write, the "edit" state is entered. The disk can dwell in this state for extended periods of time, up until either a file flush or file close action is performed.
Brief transitions through the "edit" state also occur for file system actions such as the MD, DEL or REN commands.
Note that for PLP type drives, there will be some coupling (directory node updating wise) between write activity on a given PLP drive. The directory nodes for all open files will be updated when ever a "commit" is performed. These directory node updates would occur when, for example:
Assuming no system reset, the "edit" state will followed by the "commit" state. The "commit" state is entered after the file system has stored on the disk sufficient information to safely complete the desired file system modification, irrespective of continued system operation and power supply. If a system reset occurs (e.g. due to power loss) while the disk is in the "commit" state, then the commit actions will be resumed when the disk is opened again following the IPC@CHIP® computer reset.
The "commit" state dwell is intended to be very short, and might instead be viewed as a state transition between states "edit" and "stable". (The state point of view becomes useful when this strobe is caught by a reset event.)
Removable Disk UsageIf a USB stick or other removable storage media is taken from the IPC@CHIP® and used on another computer (e.g. Windows), that other computer must not write to the disk unless the disk was in the "stable" state (meaning no write activity was in progress) when the disk was removed from the IPC@CHIP® .
A disk that was left in the "edit" state will be readable on another computer, provided that the file system on this other computer regards only FAT0 (true for the IPC@CHIP® file system for non-PLP type disks).
A disk that was left in the "commit" state at power loss time must be first re-opened on the IPC@CHIP® computer before moving the disk to another computer, so that the power loss recovery actions can be taken to clean up that disk. Otherwise the disk will most likely appear corrupt on the other computer, and any write activity done by the other computer when in the "commit" state would then corrupt the disk from the Beck target's point of view,
Note that for drives with very large FAT32 tables, the commit or recovery actions can require a significant amount of time to complete (minutes). These actions take place when the drive is first opened after the power loss event. Upon successful completion, the system will output a message like either
B: drive PLP commit successful
B: drive PLP restore successful
to the console.
Supported since or modified in @CHIP-RTOS version
End of document