Introduction The purpose of power-down protection design is to employ a mechanism that ensures the determinism of system operation and the integrity of recorded data in the event of an unexpected power outage; and that field data can be promptly recovered after power is restored, preventing application system chaos. We know that embedded operating systems are increasingly used in embedded system design and development. Due to the introduction of operating systems, data reading and writing are often done through files, rather than directly manipulating memory addresses. Using file reading and writing methods often results in data being temporarily stored in volatile storage, such as SDRAM, during program execution. This data is often lost in the event of an unexpected power outage. Therefore, certain measures must be taken to protect the system from power loss to prevent system chaos. In general, the main idea of ​​a power-down protection program is to generate a power-down signal, capture the power-down signal, process the power-down signal and data, and restore the field state. Without an operating system, direct data operations on memory units, especially with small data volumes per operation, can be handled using interrupt service routines for power-down protection. However, file-based data operations typically involve larger data volumes, making interrupt service routines unreliable for power-down protection. This paper focuses on power-down protection in the design of more complex embedded systems based on an operating system. 1. System Basis for Power-Down Protection Scheme Implementation Power-down protection is implemented on an ARM-based hardware platform and the μClinux embedded operating system. ARM7 series microprocessors support eight types of interrupt handling. External interrupt requests are responded to by the processor when the external interrupt pin is active (typically low) and the relevant bits in the Program Status Register (CPSR) are enabled. After the response, the processor enters interrupt mode, and the PC is loaded into interrupt vector 0x00000018. This address stores the entry address of the interrupt service routine, which can then be executed. In the power-down protection scheme, the interrupt service routine is simple: it merely sets the global variable indicating power failure. This shortens program execution time. Flash memory is a type of memory that can be electrically erased and written in-system, retaining information even after power loss. It features low power consumption, large capacity, and the ability to be programmed (burned) and erased in-system, either entirely or by sector. Furthermore, it allows for chip manipulation via embedded algorithms, making it widely used in various embedded systems. As a non-volatile memory, Flash is typically used to store program code, constant tables, and user data that needs to be preserved after power failure. Common Flash memory has a data width of 8 bits or 16 bits and a programming voltage of 3.3V. Compared to Flash memory, SDRAM does not retain data even after power loss, but its access speed is significantly higher than Flash memory, and it has read/write capabilities. Therefore, SDRAM is primarily used in systems as the program's runtime space, data, and stack area. When the system starts, the CPU first reads the startup code from the reset address 0x0. After system initialization, the program code is generally loaded into SDRAM for execution to improve system speed. Simultaneously, the system and user stacks, as well as runtime data, are also stored in SDRAM. An SDRAM memory cell can be understood as a capacitor, which always tends to discharge. To avoid data loss, it must be refreshed (charged) periodically. Therefore, to use SDRAM in a system, the microprocessor must have refresh control logic, or an additional refresh control logic circuit must be added to the system. A particularly important case is that after a power failure, an effective mechanism must be in place to ensure that the data in the SDRAM is written to Flash. 2. Hardware Design Based on Power-Down Protection Scheme Figure 1 shows a typical embedded system hardware design scheme. The system's microprocessor uses an S3c4510B, based on the ARM7 architecture. SDRAM is a volatile memory used as the program's runtime space, similar to the RAM in a PC; Flash, as the program storage space, is non-volatile. Data during program execution is often cached in SDRAM and must be written to Flash when the system loses power. [align=center][img=331,266]http://www.e-works.net.cn/images/128031432452500000.GIF[/img] Figure 1 Typical embedded system hardware design scheme[/align] The system requires both 5V and 3.3V DC regulated power supplies. The S3C4510B and some peripheral devices require a 3.3V power supply, while other devices require a 5V power supply. To simplify the system power supply circuit design, the entire system's input voltage must be a high-quality 5V DC regulated power supply. Unlike typical power supply circuit designs, this system's power supply circuit design incorporates power-down protection. The system power supply circuit including this design is shown in Figure 2. [align=center][img=474,198]http://www.e-works.net.cn/images/128031432648437500.GIF[/img] Figure 2 Power Supply Circuit Principle[/align] This power supply circuit, in addition to providing 5V and 3.3V power, also provides delay and early warning functions for system power-down protection. With software cooperation, the system's power-down protection mechanism can be implemented. Under normal circumstances, power supply circuit 1 supplies power to the entire system. When the system loses power due to an unexpected reason, the input comparison voltage decreases, causing the MAX809 module's output voltage to flip, providing a power-down interrupt early warning signal to the system. The interrupt request is generated through the external interrupt pin XREQ0; simultaneously, power supply circuit 2 is activated. Through the discharge of large capacitors C3 and C4, it continues to provide a power supply voltage to the system, supporting the completion of the power-down interrupt service routine. Power supply circuit 2 only supplies power to the minimum system and does not supply power to peripheral components with high power consumption. This ensures that the power supply time to the minimum system is long enough to complete the protection operation of sensitive data. Software calculations show that capacitor discharge provides a minimum system operating time between 0.5 and 4.5 seconds. This calculation method is simple: write a power-down interrupt service routine that continuously refreshes the time. Similarly, software can measure the write/erase of 2-3 MB to the Flash memory during this period. Therefore, with this hardware architecture, system power-down protection is reliably guaranteed. 3. Implementation of Power-Down Signal Handling Software Methods In the μClinux system, power-down signals can be captured in two ways. One is using system calls, specifically `void(*signal(int slg, void(*func)(int)))(int)`. This function assigns a specific execution function to a particular interrupt signal, passed as the parameter `func`. In μClinux, there are 31 system interrupt signals, with the power-down signal being `SIGPWR`. Assuming the power-down interrupt service routine is `void interrupt-service(int)`, the interrupt service is associated with the signal as `signal(SIGPWR, interrupt_service)`. This method fully utilizes system calls and is simple to implement. This mechanism was also initially used in the design of the power-down protection scheme. However, it proved unreliable because the Linux kernel's signal generation and management mechanism is imperfect, and signal loss is possible. Consulting relevant Unix or Linux documentation reveals that this situation is also prevalent in some other versions of Linux and Unix. Another approach is to use a daemon process, which is dedicated to waiting for interrupt signals. The main program divides its process into several atomic operations based on the data operation objects. An atomic operation is a defined program block that either executes completely or not at all. Each operation corresponds to a unique status flag. Before each atomic operation, the main process reads the interrupt signal via pipe communication. If an interrupt signal occurs, the main process first saves the status flag, then writes the relevant data to Flash and exits. After power is restored, the main process first determines the system recovery plan based on the flag. Figure 3 illustrates this process using a flowchart. [align=center][img=394,420]http://www.e-works.net.cn/images/128031433114375000.GIF[/img] Figure 3 Capturing power failure signals using a waitlist process[/align] Below is a program snippet demonstrating this process: [img=279,275]http://www.e-works.net.cn/images/128031433429218750.gif[/img] [img=400,555]http://www.e-works.net.cn/images/128031433565625000.gif[/img] Conclusion The tax-controlled cash register designed based on this scheme has complete power failure protection during actual operation. This power-down protection design method is applied to embedded systems built on ARM and μClinux, and is a typical representative in the development of 32-bit embedded systems. Therefore, it has promotional value in embedded system design.