## 17.1 GENERAL This facility provides the processor with the ability to terminate processing in an orderly manner after the detection of a power failure, and to restart and resume processing correctly after the restoration of power. Apart from separate peripherals, all the system's power supplies, whether within the basic cabinet or extension cabinets, are considered necessary for the correct operation of the system. The failure of any of the supplies will therefore raise the power failure signal. The power failure signal must be connected to interrupt level 0. When power failure is detected an interrupt is raised and IOP exchanges are inhibited, control of the general purpose bus being given to the CPU. The associated interrupt routine is executed to save the contents of registers, and if necessary specific areas of MOS memory. Core memory is already protected and thus no loss of data from core occurs even if there is total power failure before completion of the saving routine. On restoration of power the system restarts and CPU operation continues with the restoration of all registers and areas saved before completing the interrupt routine and returning to the originally interrupted program. The power failure interrupt is reset as necessary by the use of the Reset Internal Interrupt (RIT) instruction. The power failure signal may also be raised at initial power-on time if the key switch of the system operator's panel is set to the LOCK position. In this position the CPU is started and the restoring routine of the interrupt handler is executed to restart normal operation at the point at which it was suspended. If the power failure signal is not connected, the CPU will start and remain in the idle state at power-on, or after restoration of power following a failure. ## 17.2 LIMITS The power failure interrupt is raised at least 2ms before the voltage drops below the acceptable level. The saving routine should not last more than 2ms. A power failure interrupt is not raised for detected power losses of less than 5ms. The validity of the contents of a memory location involved in a memory cycle at the time of total failure can not be guaranteed. ## 17.3 POWER FAILURE / AUTOMATIC RESTART ROUTINE When the system is loaded the power failure/automatic restart routine is entered. A flag is reset to indicate a system start after IPL and not a power-on situation after power failure. When a power failure occurs at runtime, a power failure interrupt is raised and the power failure/automatic restart routine is entered. Registers Al to A8 are saved on the Al5 stack and the task #P is scheduled for dispatching on priority level 0. This task saves Al5, the value of which will be restored after power-on, and the system halts. In an MMU system, if a power failure occurs while the system is busy transferring MMU-buffer contents to an application buffer, the transfer is completed before control is given to the #P task. After power-on, a routine is entered to restore Al5 and control is given to routine PFINIT, which starts drivers at their recovery or power-on entries. The addresses are obtained via the power failure table (PFTAB). Control is then passed to the dispatcher and normal processing resumes. Recovery actions are device dependent and are described in the the Assembler Programmers' Reference Manual, Part 2. The power failure table (PFTAB) contains the addresses of the driver entries. The length of the table depends on the number of drivers included in the TOSS monitor.