CN100432944C - Computer system - Google Patents

Abstract

The invention discloses a new computer system, which includes: a plurality of independent processing devices, wherein each independent processing device is used to independently manage and access hardware resources and realize an application function, and monopolize the required hardware resources , the communication between a plurality of independent processing devices is realized through message transmission; and the switching device is used to realize the scheduling and monitoring of a plurality of independent processing devices, and realize the message transmission between a plurality of independent processing devices; wherein the switching device Including: a scheduler, used to realize the scheduling of multiple independent processing devices; a message passer, used to realize message transmission among multiple independent processing devices; a monitor, used to monitor multiple independent processing devices; and a switching device Parameters for queues of pending messages and individual processing means are also stored.

Description

computer system

technical field

The present invention relates to a computer system, in particular to an embedded or control computer system, such as a switch, a router, or a network firewall.

Background technique

Existing computer systems include traditional computer systems, microkernel computer systems, and exokernel computer systems.

1. Traditional computer systems

As shown in Figure 1, an existing computer system consists of system programs and application programs. System programs provide a unified platform for applications, including: operating system, which is a layer of software loaded on the basis of hardware, used to manage the entire system and provide interfaces for application programs; other system programs, which operate The upper layer of the system, in which there are compilers, editors, and similar application-independent programs, but these programs run in user mode and can be modified by users. Above the system program is the application program, which is written by the user and realizes the functions required by the user on the basis of the system program. An operating system is a large and complex system that controls and manages computer hardware and software resources, organizes computer workflow, and provides services and support for application programs. The operating system is the system software responsible for supporting the operating environment of the application program and the operating environment of the user in the computer system, and it is also the core and cornerstone of the computer system. Its responsibilities usually include direct supervision of hardware, management of various computing resources (such as memory, processor time, etc.), and providing application-oriented services such as job management, etc.

In the existing computer system, the application program communicates with the operating system and requests services through system calls, that is, the current program is interrupted by the system call command, and the corresponding subroutine in the operating system is executed to complete a specific task. After the system function is completed, the control returns to an instruction after the system call command is issued, and the interrupted program will continue to execute. For example, in this process, the system call parameters are placed in a specified location, such as a register, and then a TRAP instruction is issued to the operating system. After TRAP, the operating system takes control, it checks whether the parameters are valid, and if so, completes the requested work. When the work is completed, the status code is given in the register to notify success or failure, and then a RETURN FROM TRAP instruction is executed to return control to the TRAP.

Although the traditional computer system enables efficient communication between the application program and the operating system through system calls, the operating system not only manages the hardware resources and software resources of the entire computer system, but also provides services and support for the application program. Make the operating system large and complex. Facts have proved that the existing traditional operating system has many loopholes due to its huge code and complex functions, there are many hidden dangers of being attacked, and it is not conducive to maintenance.

The traditional overall kernel operating system is a collection of many processes, each process can call other processes arbitrarily, each process has a defined interface, and the calls between each other are not restricted. In this way, when a process or a functional component in the operating system is damaged unintentionally or maliciously, it is easy to affect other functional components and cause the entire system to crash.

2. Microkernel computer system

The microkernel is a relatively new kernel structure produced in the 1980s, emphasizing the separation of structural components and functional components. The microkernel structure consists of a very simple hardware abstraction layer and a set of key primitives or system calls. These primitives include only a few parts necessary to build a system, such as thread management, address space, and interprocess communication. . All other services, including various device drivers, memory management, file systems, etc., run in the user mode like general application processes, and the client process that requests the service requests the service of the service component through IPC. Each service component runs in its own process space and is isolated from each other. This design makes the design of the core part of the kernel easier. The failure of a service component will not cause the entire system to crash. What the kernel needs to do is just restart this component without affecting other parts.

Although the microkernel has many advantages compared to the traditional monolithic kernel, there are also many problems. For example, the time-consuming IPC is the most important problem affecting the efficiency of the microkernel computer system.

2.1) The first generation microkernel

The concept of the microkernel was proposed by Richard Rashid when he developed the Mach operating system at Carnegie Mellon University. The goal is to establish a minimal kernel based on the message passing mechanism. Referring to FIG. 2 , it shows a structure diagram of a Mach microkernel according to the prior art. Take the Mach microkernel as an example. This microkernel provides the functions of process management, thread management, memory management, communication and I/O services, and removes other functions provided by traditional operating systems (such as file management and directory management) from the kernel. User space control and management. Mach uses message passing to communicate, and the communication function is realized by the IPC mechanism in the core of Mach.

However, first-generation microkernel designs, including Mach, had an important shortcoming: since microkernels used processes to isolate system components, communication between these components was achieved by message passing. Each communication between components is an IPC process, and its performance is generally lower than that of system calls in traditional operating systems. Because the IPC of the microkernel operating system is implemented through a message transmission mechanism, the system call of a traditional operating system is generally implemented through a method similar to trap. Compared with the trap method, it is slower to complete an IPC operation through the message transmission mechanism, because more steps such as creating a message, sending a message, and switching between processes are required. These steps make the message passing part of the microkernel operating system a bottleneck, whose performance is much lower than the system call part of the traditional operating system. For example, on Mach 3, a message-passing-based RPC-like call introduces an overhead of 230 μs on a 486-DX50, while a traditional Unix system call introduces only 20 μs on the same hardware. That is to say, the system call of the traditional Unix system is 10 times faster than the RPC-like call of Mach 3. These performance degradations are not only caused by too many steps in the message transmission mechanism, but also related to the excessive switching between user mode and kernel mode and too many switching between different address spaces caused by the microkernel design. A study shows that switching between different address spaces leads to a high Cache miss rate is an important reason for performance degradation.

2.2) The second generation microkernel

One way to solve the performance problem of microkernel design is to expand the microkernel and re-add some key service programs and drivers to the kernel, thereby reducing the switching between the user state and the kernel state and the system switching between different address spaces. switch between. Examples of this are Mach OS and Chorus OS. However, the method of enlarging the kernel greatly weakens the advantages brought by the idea of microkernel - the enlarging kernel reduces the scalability, flexibility and reliability of the system.

Contrary to the idea of expanding the kernel, another way to solve the microkernel performance problem is to further reduce the size of the kernel and optimize the IPC as much as possible. This line of thinking led to some new kernel designs known as second-generation microkernels. Among these new microkernels, the L4 microkernel is a famous example.

Fig. 3 is a structure diagram of an L4 microkernel according to the prior art. Referring to Figure 3, the L4 kernel only provides basic address space management, thread creation, destruction, message passing and other basic operating functions, and other functions such as driver programs, file operations, and network protocol processing are handed over to user-mode applications for processing. The interrupt handling method of the L4 microkernel is to process hardware interrupts into IPC messages. The microkernel regards hardware as threads that can send IPC messages to related processing codes, and treats interrupt service routines as some threads that are receiving these IPC messages. thread. When a hardware interrupt occurs, the microkernel generates a message for the interrupt and sends the message to the user process associated with the interrupt, and then the thread in the user process responsible for receiving the IPC message handles the hardware interruption. In this way, the kernel is only responsible for generating interrupt messages without involving specific interrupt processing, so that the specific strategy of interrupt processing is isolated from the kernel.

The address space management primitive of L4 is responsible for the mapping of the memory address space and supports three operations: Grant (given), Map (mapped) and Flush (taken back). The above three operations are completed through IPC between processes. For example, at the beginning, All the memory is given to one process, and other new processes can apply for memory from him.

L4's hardware interrupt processing and memory management are implemented through IPC, that is to say, compared with the first-generation microkernel, L4 does not reduce IPC, but improves efficiency by optimizing IPC. L4 improves the efficiency of IPC through the following methods. First, small messages in IPC are passed through registers, which can greatly improve efficiency; large messages use the Map mapping mechanism; in addition, each thread has a kernel stack (kernel stack) to reduce the cache ( cache) miss rate.

In short, the main bottleneck of the first-generation microkernel is that IPC takes too much time, resulting in low system efficiency; while the second-generation microkernel represented by L4 is dedicated to reducing IPC time-consuming, and is comparable to the first-generation microkernel in terms of system efficiency improvement. There has been a certain improvement compared to. However, whether it is the first-generation microkernel or the second-generation microkernel, there are many IPCs. Even if the IPC time consumption is reduced to a small amount, the efficiency can only be improved to a certain extent. In addition, the more IPCs, the more security risks, and the less easy it is to monitor the system security.

3. External core computer system

Traditional kernel designs (including monolithic kernels and microkernels) abstract hardware and hide hardware resources under the hardware abstraction layer. For example, in these systems, if a piece of physical storage is allocated, the application does not know its actual location. The outer kernel does not abstract hardware resources, but exports resources, such as allowing applications to request a "specific" physical space, a "specific" disk block, and so on from the outer kernel. The external kernel uses three kinds of safe operation to export hardware resources: one is to bind the application program and resources together securely, and the realization method is to assign a password to each resource that can determine the user's authority, and each time the resource is used, The outer kernel first checks the permissions; the second is to use the visible recycling protocol for the allocated resources. In this protocol, the application program receives a notification of insufficient resources and can make its own decisions about which resources to give up; the last is to use forced termination. protocol to use mandatory unbind security for applications that do not receive recalls.

The goal of the outer kernel is to separate system protection from resource management. The outer kernel is only responsible for the services related to system protection and system resource reuse, ensuring that the requested resource is currently idle, and the application program is allowed to directly access it. Because the hardware resources are not abstracted, the outer kernel provides complete functions for user programs by adding additional runtime support. These runtime libraries run on the outer kernel, use the interface of the lower outer kernel, and realize the upper layer abstraction for the application program, and Most of the runtime code runs in the address space of the application that uses it.

Referring to FIG. 4 , it shows a structural diagram of an Aegis exo-core according to the prior art. Aegis is an instance of an out-of-kernel operating system. In Aegis, system scheduling is realized through the time slice flow mechanism, and each application corresponds to a time slice. Aegis regards the CPU as a linear quantity, uses the position to identify the order of using time slices and the timing of reclaiming, and uses the position information to balance the satisfaction of application execution time and throughput delay. For example, for a calculation program that needs to run for a long time, it is allocated continuous time slices to reduce the consumption of program context switching during program switching. For applications with strong switching, Aegis provides time slices of the same length to maximize its response speed. The system ensures fairness by limiting the time that the application saves the context environment, and every next interrupt that requires a time slice will be recorded by the time counter. For any application, they pay for each additional time slice saved in the application environment in the next time slice application. If the application takes more than a predetermined amount of time, the system destroys its running environment. Aegis also has a more friendly method, the system will save its context on behalf of the application.

Aegis' processor context is a structure that stores the information needed to send events to the application. Since Aegis must associate resource-related events with the resource owner, all resource consumption is associated with this environment occurrence. Aegis mainly manages four kinds of events: exception, interrupt, protected control transfer and address change. Aegis also has four processor environments corresponding to these four events.

In order to effectively implement the inter-process communication function of the operating system, Aegis provides a protected control alternation mechanism. From an operational point of view, a protected transfer of control assigns the program counter to a fixed value at the calling end, which is used to identify the current time slice in the processor context, and installs the elements of the calling end processor context context (address context identifier, address space label, and processor status word).

From the above introduction, we can see that the design idea of the outer kernel is that the kernel exports hardware resources for applications, rather than providing a set of abstractions. Its responsibility is to ensure the safe reuse of hardware resources through a certain mechanism. The application program directly requests the use of hardware resources from the external kernel, and the kernel itself only guarantees that the requested resource is currently free, and the application program is allowed to directly access it. Although the external kernel is not responsible for the management of hardware resources, it not only exports hardware resources for applications, but also ensures that hardware resources are reused safely through more complex protocols, such as security binding, visible recycling protocol, and forced termination protocol. Such an operating mode, compared with other microkernels, can make applications more efficient in accessing and using hardware resources, but more complex security mechanisms will still consume certain system resources, thus reducing the operating time of the system. Efficiency; In addition, the multiplexing of hardware resources by applications will also have certain security risks. In order to ensure security, the system puts forward relatively high requirements on the mechanism for managing the multiplexing of hardware resources. There are also high requirements for the maintenance of the hardware resource multiplexing management program, because errors in this program will cause the entire system to fail to operate normally.

The design idea of the outer kernel is mainly to build an operating system runtime library on the outer kernel. Applications can run on the runtime library, and most services and abstractions of the system are implemented in user-level libraries. However, the design concept of the present invention is that application programs and hardware resources are bound, and there is no problem of multiplexing hardware resources in the system. The application directly manages and accesses the hardware resources bound to itself without any "intermediary", which makes the system not only have higher efficiency than Aegis, but also better security, suitable for applications that require security High dedicated systems, such as network firewalls, routers, and so on.

Contents of the invention

Therefore, the present invention aims at overcoming the above-mentioned defect of the computer system of prior art, provides a kind of new computer system realization method, and the computer system realized by this method, to realize higher efficiency, better stability, And better security, suitable for application in special systems with high security requirements, such as network firewalls, routers, or network firewalls, etc.

Other advantages, objects and features of the present invention will at least partly be set forth in the ensuing description, and partly become apparent to those of ordinary skill in the art on the basis of analyzing the following content, or can be understood by practicing the present invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description, claims hereof as well as the appended drawings.

According to the present invention, a new computer system is provided, which includes: a plurality of independent processing devices, wherein each of the independent processing devices is used to independently manage and access hardware resources and realize an application function, and Exclusively occupying the required hardware resources, the communication between the multiple independent processing devices is realized by message passing; and the switching device is used to implement the scheduling and monitoring of the multiple independent processing devices The message transfer between processing devices; wherein the switching device includes: a scheduler, used to realize the scheduling of multiple independent processing devices; a message transmitter, used to realize message transfer between multiple independent processing devices; a monitor , for monitoring a plurality of independent processing devices; and the switching device also stores pending message queues and parameters of the independent processing devices.

The computer system according to the invention solves the problems of the traditional computer system, such as large system size, difficult maintenance, and poor security, and solves the problem of low efficiency of the microkernel technology and the outer kernel technology. According to the present invention, a high-efficiency, high-security system is provided, which is very suitable for application in embedded devices such as network switches or routers.

Description of drawings

The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this application. The drawings illustrate embodiments of the invention and, together with the description, explain the principles of the invention. In the attached picture:

Fig. 1 is a structural diagram of a computer system according to the prior art;

Fig. 2 is the structural diagram according to the Mach microkernel of prior art;

Fig. 3 is the structural diagram according to the L4 microkernel of prior art;

Fig. 4 is the structural diagram according to the Aegis outer kernel of prior art;

FIG. 5 is a structural diagram of a computer system 100 according to an embodiment of the present invention;

FIG. 6 is a structural diagram of a computer system 200 according to another embodiment of the present invention;

Figure 7 is a structural diagram of an S-F system according to an embodiment of the present invention;

Fig. 8 is a structural diagram of a Switch system according to an embodiment of the present invention;

FIG. 9 is a flowchart of a message delivery mechanism between S-F systems according to an embodiment of the present invention; and

Fig. 10 is a message structure diagram of a computer system according to an embodiment of the present invention.

Detailed ways

The present invention will be described below in the form of embodiments, it should be noted that these embodiments of the present invention are not intended to limit the present invention according to the claims, and not all combinations of features described in the embodiments are necessary for the solution of the present invention.

Referring first to FIG. 5 , a structural diagram of a computer system 100 according to an embodiment of the present invention is shown. The invention designs a new computer system realization method. This system implementation method can be used in embedded or other computer systems for control. A computer system is composed of multiple independent processing devices that can independently complete certain functions, and a switching device that schedules, monitors, and implements message transmission among multiple independent processing devices.

Each independent processing device can independently implement certain functions, including the access and management of hardware resources can be implemented inside the device. These independent processing devices include the network port data packet filtering device, the serial port data packet filtering device, and devices for completing other functions in FIG. 5 . An independent processing device can be regarded as a data processing unit, and each unit occupies certain resources of the system to complete specific functions, and the data transmission between each device is realized in the form of messages. Each independent processing device includes a code segment and a data segment. The code segment and the data segment independently occupy two segments of space in the memory, and the addressing of the code and data is realized through respective segment selection addresses and intra-segment offset addresses. Each independent processing device runs on different CPU levels, and implements security protection through hardware. Preferably, the independent processing device further includes a watchdog device, which is used to regularly send watchdog messages to the selected independent processing device.

The switching device in the system can realize the scheduling and monitoring of multiple independent processing devices and the data exchange between these devices. When one of the plurality of independent processing devices fails, the switching device recovers the faulty independent processing device. The switching device includes: a scheduler, used to realize the scheduling of multiple independent processing devices; a message transmitter, used to realize message transmission among multiple independent processing devices; a monitor, used to monitor multiple independent processing devices; and The switching means also stores the queue of messages to be processed and the parameters of the individual processing means. The parameters of the independent processing device stored in the switching device include the time parameter that the independent processing device should process the completion message within a certain time, and the initial state when the independent processing device is powered on; When the message has been processed, the supervisor restores it from its initial state on power-up by the independent processing means.

Referring to FIG. 6 , it shows a structural diagram of a computer system 200 according to another embodiment of the present invention. Each independent processing device is called a "S-F system (self-functioning system)". Preferably, there is a special "soft watchdog" system in the S-F system, and its function is to send test messages to a specific S-F system at regular intervals. Because the Switch (switching device) judges whether the S-F system is abnormal and needs to be restored through the time when the S-F system processes the message. For the S-F system without message processing, it is necessary to send a test message by the "soft watchdog" system for it to process. , the Switch judges whether it is abnormal according to the time it takes for the S-F system to process the test message. In this way, when an abnormality occurs in the S-F system that does not need to process messages, the Switch will also detect and recover it in time. Each S-F system can independently complete certain functions without calling functions of other S-F systems. Each S-F system is equivalent to each independent processing device in FIG. 5 . But sometimes it is necessary to transfer data between S-F systems, and the data transfer between systems is realized through messages. Switch only handles message passing and scheduling and monitoring of the S-F system, and does not monitor and access hardware.

Referring to Fig. 7, it shows a structural diagram of an S-F system according to an embodiment of the present invention. The program that manages and accesses the hardware and the application program that needs to call it form an independent S-F system, which can independently complete certain functions without calling other S-F system functions. Construct different S-F systems for different applications. For example, in order to complete the network port data packet filtering function, serial port data packet filtering function, data signature function, or other functions, the network port data packet filtering function S-F system, the serial port data packet filtering function S-F system, and the data signature function S-F system can be created respectively , or other functional S-F systems. These S-F systems do not provide external interfaces or call functions of other S-F systems, and the communication between S-F systems is realized through message passing. Data transmission between S-F systems is realized through message transmission, and there is a program for managing message transmission in Switch.

The message passing mechanism between S-F systems will be described below.

FIG. 9 shows a flowchart of a message transfer mechanism between S-F systems according to an embodiment of the present invention. The steps are as follows:

Construct a message in the local space of the S-F system (step S10).

The S-F system that needs to transmit the message calls the message sending function in the Switch, and the calling parameters are the ID number of the source S-F system and the ID number of the destination S-F system. The message sending function obtains the message from the S-F system that sends the message, and puts it into the message queue of the Switch system to wait for processing (step S20).

The message delivery program analyzes the message, and judges whether the message is a test message through the type field of the message. If it is a test message, check whether the pending message queue of the destination S-F system receiving the message is empty, if it is empty, then put the message in the pending message queue of the destination S-F system; if not empty, then discard the message. If the message is a data message, the data is extracted, and then the message is put at the end of the corresponding S-F system pending message queue in the S-F system list. Fig. 10 is a message structure diagram of a computer system according to an embodiment of the present invention (step S30).

When the scheduler gives the CPU control right to an S-F system, the S-F system will get a message from the waiting message queue for processing (step S40).

Referring to FIG. 8 , it shows a structural diagram of a computer system according to an embodiment of the present invention. The computer system is composed of S-F system and Switch which can realize certain functions independently. The S-F system is linked together by the application program and the hardware access and management program it needs to call, and can independently complete certain functions. In traditional operating systems, although applications can communicate efficiently with hardware access components in the overall kernel through system calls, this will result in a large kernel that is difficult to maintain and manage; The communication between the hardware management programs in the user mode is realized through messages, but this causes great difficulties in improving the efficiency. The S-F system can realize the management and access to the hardware within its own system, and there are only some less message-based data transfers between the S-F systems. Compared with the microkernel, this implementation method reduces a lot of message passing processes and can improve efficiency.

Each S-F system completes certain functions independently without calling functions of other S-F systems. When any S-F system crashes, it will not affect other S-F systems, and the system can be recovered according to the parameters of the crashed S-F system, which enhances the security and robustness of the system. The "soft watchdog" system can ensure that the Switch will find out in time when the S-F system that does not need to process data is abnormal.

Switch is only responsible for S-F system scheduling, monitoring and inter-system communication, not for managing and accessing hardware resources. The implementation function is simple, easy to maintain and repair; Switch does not directly process data from outside the computer system, so it is not easy to be attacked; and even if Switch is attacked, it is not easy to cause the collapse of the entire computer system.

Preferably, because the S-F systems do not directly transmit messages, but are transferred through Switch, and compared with traditional operating systems and microkernels, the number of message transmissions is very small, so it is convenient to establish on the Switch for all transmitted data. Monitoring mechanism to improve system security.

Preferably, when an S-F system is destroyed, the initial state of the S-F system saved by the Switch is restored when it is powered on. This allows the system to return to normal quickly.

Preferably, the code segment and the data segment of the S-F system independently occupy two segments of space in the memory, and the two segments of memory space are discontinuous, and the addressing of the code and data is respectively through the respective segment selector and intra-segment bias Move to achieve.

Preferably, the S-F system can run on different CPU levels, and implement security protection through hardware.

Optionally, the S-F system can be a network port data packet filter device, a serial port data packet filter device, and a data signature device, which can realize certain functions including network port data packet filter function, serial port data packet filter function, and data signature function. It should be noted that the description here is for the purpose of illustrating the present invention, rather than limiting the present invention, and the present invention may include devices for performing other functions, and may realize other functions.

Such a high-efficiency, high-security system is very suitable for use in embedded devices such as network switches or routers. It should be noted that the description here is for the purpose of illustrating the present invention, rather than limiting the present invention, and the present invention may include other computer systems, such as firewalls, PCs, and so on.

The computer system according to the present invention is composed of devices capable of independently completing certain functions and switching devices. Because independent processing devices can independently complete certain functions including access and management of hardware resources, only a small amount of communication is required between independent processing devices. The starting point of this design is not to reduce the time of each communication, but to reduce Communication between multiple independent processing devices in the system fundamentally increases the efficiency of the system. The reduction in the number of communications between multiple independent processing devices is also conducive to the safety monitoring of the entire system and the improvement of system security. The switching device is only responsible for processing message-based communication between multiple independent processing devices, and scheduling each independent processing device. Although the switching device is the core of the entire system, it does not manage any hardware and software resources, and the functions it completes are also very simple, with a small amount of code and easy maintenance. In addition, each device can perform functions independently, so when a device is destroyed, the entire system will not collapse, and only the device needs to be restored. Since there is little communication between the various devices, the switching device can adequately monitor the message data transmitted between the devices. Such a computer system with high efficiency, strong security and easy maintenance is especially suitable for application in network switches or routers.

The present invention designs a new computer system. The computer system is composed of independent processing devices that can independently complete certain functions, and switching devices for the scheduling of these independent processing devices and the exchange of messages between these independent processing devices. Each independent processing device can independently complete certain functions, including Both access and management of hardware resources can be implemented within the independent processing device. Each independent processing device does not need to call the functions of other independent processing devices, and does not provide an interface to be called, and the communication between independent processing devices with different functions is realized by message transmission. The switching device does not manage computer resources such as computer hardware, but is only responsible for the scheduling of these independent processing devices and the transmission of messages between these independent processing devices. Such system design methods can be used in embedded or control computer systems.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (9)

1. A computer system, characterized in that, comprising: A plurality of independent processing devices, wherein each of the independent processing devices is used to independently complete the management and access of hardware resources and realize an application function, and monopolize the required hardware resources. Communication is achieved by message passing; and A switching device, configured to implement scheduling and monitoring of the plurality of independent processing devices, and realize the message transfer between the plurality of independent processing devices; wherein, the switching device includes: a scheduler for implementing said scheduling of said plurality of independent processing devices; a message passer for enabling said message passing between said plurality of independent processing devices; a monitor for monitoring the plurality of independent processing devices; and The switching means also stores a queue of pending messages and parameters of the independent processing means. 2. The computer system according to claim 1, wherein the independent processing means comprises: hardware management and access means; and an application means for invoking the hardware management and access means to realize an application function; The independent processing device is a device selected from the group consisting of a network port data packet filtering device, a serial port data packet filtering device, and a data signature device. 3. computer system according to claim 1, is characterized in that, described independent processing device comprises code segment and data segment, and described code segment and described data segment occupy two sections of spaces independently respectively in memory, code and data segment Data addressing is realized through the respective segment selection addresses and offset addresses within the segment. 4. The computer system according to claim 1, wherein the switching device is also used for monitoring the plurality of independent processing devices, and when one of the plurality of independent processing devices fails, the switching device Restoring a faulty stand-alone processing unit. 5. The computer system according to claim 1, wherein the plurality of independent processing devices run on different CPU levels, and implement security protection through hardware. 6. The computer system according to claim 1, characterized in that, the parameters of the independent processing device stored in the switching device include that the independent processing device should complete processing of the message within a certain time time parameter, and the initial state when power-on of the independent processing device; when the independent processing device has not finished processing the message within the time range of the time parameter, the monitor passes the The initial state at power-on restores the faulty independent processing device. 7. The computer system according to claim 1, wherein the switching device performs the message transfer through the following steps: constructing messages within the space of said independent processing means; The independent processing device that needs to transmit a message uses the ID of the independent processing device and the ID number of the destination independent processing device as parameters to call the message transmitter in the switching device, and the message transmitter is sent from the message transmitter The independent processing device obtains the message, puts it into the pending message queue of the switching device and waits for processing; and The message delivery unit analyzes the message, extracts the data content, length, and type, and then determines to send the Putting the message at the end of the pending message queue of the corresponding independent processing device in the independent processing device list or discarding the message or adjusting the time parameter. 8 . The computer system according to claim 1 , wherein the independent processing device further comprises a watchdog device, configured to regularly send a watchdog message to the selected independent processing device. 9. The computer system according to claim 1, characterized in that it is an embedded or control computer system, and the embedded or control computer system includes a switch, a router, or a network firewall.

Images