CN106445748A - Verification method for triplication redundancy - Google Patents

Verification method for triplication redundancy Download PDF

Info

Publication number
CN106445748A
CN106445748A CN201610855588.8A CN201610855588A CN106445748A CN 106445748 A CN106445748 A CN 106445748A CN 201610855588 A CN201610855588 A CN 201610855588A CN 106445748 A CN106445748 A CN 106445748A
Authority
CN
China
Prior art keywords
mode
redundancy
triple
implementation
mode redundancy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610855588.8A
Other languages
Chinese (zh)
Other versions
CN106445748B (en
Inventor
张弢
王相阳
孔璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Technology and Engineering Center for Space Utilization of CAS
Original Assignee
Technology and Engineering Center for Space Utilization of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Technology and Engineering Center for Space Utilization of CAS filed Critical Technology and Engineering Center for Space Utilization of CAS
Priority to CN201610855588.8A priority Critical patent/CN106445748B/en
Publication of CN106445748A publication Critical patent/CN106445748A/en
Application granted granted Critical
Publication of CN106445748B publication Critical patent/CN106445748B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1608Error detection by comparing the output signals of redundant hardware

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)

Abstract

本发明涉及一种三模冗余验证方法,该方法包括:步骤1,确定现场可编程门阵列FPGA的三模冗余实施方式是否为基于功能路径的方式,若不是,则执行步骤2,若是,则执行步骤3;步骤2,对FPGA进行处理,确定FPGA中需要进行验证的三模冗余范围和三模冗余实施方式,并执行步骤3;步骤3,对三模冗余实施方式进行分类,并对三模冗余实施方式进行判断,若为结构三模冗余,则执行步骤4,若为时序三模冗余,则执行步骤5;步骤4,对结构三模冗余进行验证;步骤5,对时序三模冗余进行验证。本发明提供的三模冗余验证方法,调高了验证效率,对于三模冗余实施方式有效性的验证更加全面客观,提高了三模冗余验证方法的准确性和可靠性。

The present invention relates to a triple-mode redundancy verification method, the method comprising: Step 1, determining whether the triple-mode redundancy implementation of the Field Programmable Gate Array FPGA is based on a function path, if not, then perform step 2, if , then execute step 3; step 2, process the FPGA, determine the three-mode redundancy range and the implementation mode of the three-mode redundancy that need to be verified in the FPGA, and perform step 3; step 3, perform the triple-mode redundancy implementation mode Classify and judge the implementation mode of triple-mode redundancy. If it is structural triple-mode redundancy, perform step 4. If it is sequential triple-mode redundancy, perform step 5. Step 4: verify structural triple-mode redundancy ; Step 5, verifying the timing triple-mode redundancy. The verification method for triple-mode redundancy provided by the invention improves the verification efficiency, makes the verification of the effectiveness of the triple-mode redundancy implementation mode more comprehensive and objective, and improves the accuracy and reliability of the verification method for triple-mode redundancy.

Description

一种三模冗余验证方法A Three-mode Redundancy Verification Method

技术领域technical field

本发明涉及系统检测领域,尤其涉及一种三模冗余验证方法。The invention relates to the field of system detection, in particular to a triple-mode redundancy verification method.

背景技术Background technique

三模冗余措施作为可编程逻辑中简单有效的可靠性加固方法,常用于航天、军工、核工业设施等系统。随着集成电路制造工艺的提升,以现场可编程门阵列FPGA为代表的可编程逻辑器件规模呈现指数级增长,三模冗余措施也在诸多领域得到广泛的应用。As a simple and effective reliability reinforcement method in programmable logic, triple-mode redundancy measures are often used in systems such as aerospace, military, and nuclear industry facilities. With the improvement of integrated circuit manufacturing technology, the scale of programmable logic devices represented by field programmable gate array FPGA has shown exponential growth, and triple-mode redundancy measures have also been widely used in many fields.

为充分发挥三模冗余的优势,航天等工程应用中探索了基于功能路径的三模冗余优化实施策略,不仅运用了传统意义上的电路结构的冗余方法,即结构三模冗余,属空间维可靠性策略,而且在接口模块上引入了相同数据多次收发的冗余操作方式,即时序三模冗余,属时间维可靠性策略。作为优化的三模冗余实施策略,基于功能路径的三模冗余实现流程可概括为:通过对FPGA逻辑功能按重要程度排序,将三模冗余措施由繁到简地依次作用于功能序列,并进一步将结构三模冗余和时序三模冗余两种实施方式有选择地施加于各功能路径贯穿的模块或电路上。In order to give full play to the advantages of triple-mode redundancy, the optimization implementation strategy of triple-mode redundancy based on functional paths has been explored in engineering applications such as aerospace, not only using the redundant method of circuit structure in the traditional sense, that is, structural triple-mode redundancy, It belongs to the space-dimensional reliability strategy, and introduces the redundant operation mode of sending and receiving the same data multiple times on the interface module, that is, the three-mode redundancy of the sequence, which belongs to the time-dimensional reliability strategy. As an optimized triple-mode redundancy implementation strategy, the implementation process of triple-mode redundancy based on functional paths can be summarized as follows: by sorting the FPGA logic functions according to their importance, the triple-mode redundancy measures are applied to the functional sequence from complex to simple. , and further selectively apply the structural triple-mode redundancy and sequential triple-mode redundancy implementations to the modules or circuits that each functional path runs through.

在FPGA三模冗余措施有效性验证方面,传统方法是针对结构三模冗余的实现结果进行验证,在硬件故障注入或仿真等强约束条件下,对被验证FPGA内部寄存器进行物理干涉或模拟打翻,未考虑业界应用的基于功能路径的三模冗余方式,未兼顾对时序三模冗余的测试验证,未包含对单路信号和多路信号等特定情况的验证,因此,现有的验证方法具有一定的局限性,不够全面。In terms of the effectiveness verification of FPGA triple-mode redundancy measures, the traditional method is to verify the implementation results of structural triple-mode redundancy. Under strong constraints such as hardware fault injection or simulation, physical interference or simulation is performed on the internal registers of the FPGA to be verified. Overturned, it did not consider the triple-mode redundancy method based on the functional path used in the industry, did not take into account the test and verification of the timing triple-mode redundancy, and did not include the verification of specific situations such as single-channel signals and multi-channel signals. Therefore, the existing The verification method has certain limitations and is not comprehensive enough.

发明内容Contents of the invention

本发明所要解决的技术问题是针对现有技术的不足,提供一种对三模冗余实施方式的有效性进行验证的方法。The technical problem to be solved by the present invention is to provide a method for verifying the effectiveness of the triple-mode redundancy implementation in view of the deficiencies of the prior art.

本发明解决上述技术问题的技术方案如下:The technical scheme that the present invention solves the problems of the technologies described above is as follows:

一种三模冗余验证方法,包括以下步骤:A triple-mode redundancy verification method, comprising the steps of:

步骤1,确定现场可编程门阵列FPGA的三模冗余实施方式是否为基于功能路径的方式,包括明确各功能的重要程度、以及各功能路径贯穿的模块或电路的三模冗余方式,若不是基于功能路径的方式,则执行步骤2,若是基于功能路径的方式,则确定所述三模冗余实施方式包含的接口及功能子模块,并执行步骤3;Step 1. Determine whether the triple-mode redundancy implementation of the field programmable gate array FPGA is based on the functional path, including clarifying the importance of each function, and the triple-mode redundancy of the modules or circuits that each functional path runs through. If it is not based on the functional path, then perform step 2, if it is based on the functional path, then determine the interfaces and functional sub-modules included in the triple-mode redundant implementation, and perform step 3;

步骤2,对所述FPGA进行处理,确定所述FPGA中需要进行验证的三模冗余范围,并确定所述需要进行验证的三模冗余范围内包含的接口及功能子模块的重要程度以及三模冗余实施方式,并执行步骤3;Step 2, processing the FPGA, determining the three-mode redundancy range that needs to be verified in the FPGA, and determining the importance of the interfaces and functional sub-modules included in the three-mode redundancy range that needs to be verified and Three-mode redundant implementation, and perform step 3;

步骤3,对所述三模冗余实施方式分别按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,并对所述三模冗余实施方式进行判断,若为结构三模冗余,则执行步骤4,若为时序三模冗余,则执行步骤5;Step 3, classify the three-mode redundant implementation mode according to the structural three-mode redundant implementation mode and the sequential three-mode redundant implementation mode respectively, and judge the three-mode redundant implementation mode, if it is the structural three-mode redundant implementation mode If it is redundant, go to step 4, if it is time-series triple-mode redundancy, go to step 5;

步骤4,对所述结构三模冗余进行验证,包括确定所述接口及所述功能子模块的具体验证对象在源码文件、布局布线后网表文件或FPGA芯片中的位置,并选取具体验证对象的电路或寄存器,然后对电路或寄存器进行验证;Step 4, verifying the three-mode redundancy of the structure, including determining the position of the specific verification object of the interface and the functional sub-module in the source code file, the netlist file after layout and wiring, or the FPGA chip, and selecting specific verification The circuit or register of the object, and then verify the circuit or register;

步骤5,对所述时序三模冗余进行验证,将时序三模冗余进行处理,使其等价视为结构三模冗余,然后按结构三模冗余进行验证。Step 5, verifying the sequential triple redundancy, processing the sequential triple redundancy so that it is equivalently regarded as the structural triple redundancy, and then performing verification according to the structural triple redundancy.

本发明的有益效果是:通过对FPGA的三模冗余实施方式是否为基于功能路径的方式进行判断,对所述FPGA进行处理、分类,调高了验证效率,并对三模冗余实施方式进行判断,兼顾了对结构三模冗余和时序三模冗余的判断,对于三模冗余实施方式有效性的验证更加全面客观,提高了三模冗余验证方法的准确性和可靠性。The beneficial effects of the present invention are: by judging whether the three-mode redundant implementation mode of FPGA is based on the mode of functional path, described FPGA is processed, classified, and the verification efficiency has been increased, and the triple-mode redundant implementation mode The judgment takes into account the judgment of the structural triple redundancy and the timing triple redundancy, and the verification of the effectiveness of the triple redundancy implementation is more comprehensive and objective, which improves the accuracy and reliability of the triple redundancy verification method.

在上述技术方案的基础上,本发明还可以做如下改进。On the basis of the above technical solutions, the present invention can also be improved as follows.

进一步地,步骤2中,包括以下步骤:Further, in step 2, the following steps are included:

步骤2.1,从任务剖面角度分析所述FPGA的核心功能,确定所述核心功能包括的接口及功能子模块,所述接口及功能子模块均各自包含重要程度分级;Step 2.1, analyze the core function of described FPGA from task profile angle, determine the interface that described core function comprises and function sub-module, described interface and function sub-module all comprise importance classification respectively;

步骤2.2,确定所述FPGA中已实施三模冗余措施包括的接口及功能子模块;Step 2.2, determine the interface and functional sub-modules that have been implemented in the FPGA and included in the triple-mode redundancy measure;

步骤2.3,将所述核心功能包括的接口及功能子模块与已实施三模冗余措施包括的接口及功能子模块进行对比,取交集部分,得到需要进行验证的三模冗余范围;Step 2.3, comparing the interfaces and functional sub-modules included in the core function with the interfaces and functional sub-modules included in the three-mode redundancy measures that have been implemented, and taking the intersection to obtain the triple-mode redundancy range that needs to be verified;

步骤2.4,确定所述需要进行验证的三模冗余范围包含的接口及功能子模块的重要程度以及三模冗余实施方式,并执行步骤3。Step 2.4, determine the importance of the interfaces and functional sub-modules included in the three-mode redundancy range that needs to be verified, and the implementation mode of the three-mode redundancy, and perform step 3.

采用上述进一步方案的有益效果是:通过对所述FPGA进行处理,确定需要进行验证的三模冗余范围包含的接口及功能子模块的重要程度以及三模冗余实施方式,可以更好地对非基于功能路径的三模冗余实施方式进行验证。The beneficial effect of adopting the above-mentioned further scheme is: by processing the FPGA, determining the importance of the interfaces and functional sub-modules included in the three-mode redundancy range that needs to be verified, and the implementation mode of the three-mode redundancy, it can be better implemented Non-functional path-based triple-mode redundancy implementation is verified.

进一步地,步骤3中,将所述三模冗余实施方式按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,并按预设次序对分类后的所述三模冗余实施方式进行排序,例如,预设次序可以为按功能重要程度所决定的三模冗余次序。Further, in step 3, classify the three-mode redundant implementation according to the structural three-mode redundant implementation and the sequential three-mode redundant implementation, and classify the three-mode redundant according to the preset order Sorting in an implementation manner, for example, the preset order may be a triple redundancy order determined according to the importance of functions.

采用上述进一步方案的有益效果是:通过对三模冗余实施方式按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,提高验证效率。The beneficial effect of adopting the above further scheme is that the verification efficiency is improved by classifying the three-mode redundant implementation manners according to the structural triple-mode redundant implementation manner and the sequential triple-mode redundant implementation manner.

进一步地,步骤4包括以下步骤:Further, step 4 includes the following steps:

步骤4.1,确定所述接口及所述功能子模块的具体验证对象在源码文件、布局布线后的网表文件或FPGA芯片中的位置,并选取具体验证对象所位于的电路或寄存器,其中,具体验证对象包括输入输出信号或表决器;Step 4.1, determine the position of the specific verification object of the interface and the functional sub-module in the source code file, the netlist file after layout and wiring, or the FPGA chip, and select the circuit or register where the specific verification object is located, wherein the specific Verification objects include input and output signals or voters;

步骤4.2,判断输入输出信号的信号类型,若为多路信号,则执行步骤4.3,若为单路信号,则执行步骤4.4;Step 4.2, judging the signal type of the input and output signals, if it is a multi-channel signal, then perform step 4.3, if it is a single-channel signal, then perform step 4.4;

步骤4.3,对所述多路信号进行验证,直到所有被选取的电路或寄存器得到验证;Step 4.3, verifying the multiple signals until all selected circuits or registers are verified;

步骤4.4,对所述单路信号进行验证,直到所有被选取的电路或寄存器得到验证。Step 4.4, verifying the single signal until all selected circuits or registers are verified.

进一步地,所述单路信号为传输1比特信息的信号,所述多路信号为多个传输1比特信息的单路信号的有序集合。Further, the single-channel signal is a signal transmitting 1-bit information, and the multi-channel signal is an ordered set of multiple single-channel signals transmitting 1-bit information.

进一步地,步骤4.3包括以下步骤:Further, step 4.3 includes the following steps:

步骤4.3.1,当多路信号的三模取值互不相同时,在各模有效取值范围内任选3个不同值,并将所述3个不同值随机分配给三模,得到输出信号,并对所述输出信号进行表决,若表决后的输出信号为预设值,则所述三模冗余实施方式有效,否则无效;Step 4.3.1, when the values of the three modes of the multi-channel signal are different from each other, select 3 different values within the effective value range of each mode, and randomly assign the 3 different values to the three modes to obtain the output signal, and vote on the output signal, if the output signal after the vote is a preset value, the implementation of the triple-mode redundancy is valid, otherwise it is invalid;

步骤4.3.2,排除多路信号的三模取值各不相同的情况,将各模信号的取值进行约束,例如,假设多路信号三模取值互不相同时,取值分别为{x,y,z},则将各模信号按取值进行约束后,去除取值z,取值可以为{x,y,y};Step 4.3.2, exclude the situation that the values of the three modes of the multi-channel signal are different, and constrain the values of the signals of each mode, for example, when the values of the three modes of the multi-channel signal are different, the values are respectively { x, y, z}, after constraining each modulus signal according to the value, remove the value z, and the value can be {x, y, y};

步骤4.3.3,将各模等价视为单路信号,按单路信号的验证方法进行验证。In step 4.3.3, the equivalence of each module is regarded as a single-channel signal, and verification is performed according to the verification method of a single-channel signal.

进一步地,步骤4.4包括以下步骤:Further, step 4.4 includes the following steps:

步骤4.4.1,所述单路信号包括三模信号,对各模信号按逻辑值0或1随机选取的方式进行故障模拟;Step 4.4.1, the single-channel signal includes a three-mode signal, and the fault simulation is performed on each mode signal by randomly selecting a logic value of 0 or 1;

步骤4.4.2,得到所述单路信号全部可能的8种状态;Step 4.4.2, obtaining all possible 8 states of the single signal;

步骤4.4.3,所述单路信号全部可能的8种状态通过表决器进行表决,分别验证所述三模冗余实施方式的有效性;In step 4.4.3, all possible 8 states of the single-channel signal are voted on by a voting device, and the effectiveness of the three-mode redundant implementation is verified respectively;

步骤4.4.4,对得到的所有三模冗余实施方式的有效性进行综合分析,完成验证。In step 4.4.4, comprehensively analyze the effectiveness of all obtained three-mode redundancy implementation modes, and complete the verification.

进一步地,步骤5中,包括以下步骤:Further, in step 5, the following steps are included:

步骤5.1,依次将所述时序三模冗余的三次通信等价视为结构三模冗余中的冗余结构;Step 5.1, sequentially treating the three communication equivalents of the sequential triple-mode redundancy as a redundant structure in the structural triple-mode redundancy;

步骤5.2,将所述时序三模冗余按照所述结构三模冗余的验证方法进行验证。Step 5.2, verifying the sequence triple redundancy according to the verification method of the structural triple redundancy.

采用上述进一步方案的有益效果是:通过将时序三模冗余的三次通信等价视为结构三模冗余中的冗余结构,可以将时序三模冗余等价看作结构三模冗余进行处理,使对三模冗余的验证更加客观全面。The beneficial effect of adopting the above further scheme is: by considering the three-time communication equivalence of time-series triple-mode redundancy as the redundant structure in structural triple-mode redundancy, the equivalence of time-sequence triple-mode redundancy can be regarded as structural triple-mode redundancy It is processed to make the verification of the triple redundancy more objective and comprehensive.

进一步地,若所述三模冗余实施方式包括结构三模冗余和时序三模冗余,则先对所述时序三模冗余进行验证,再对所述结构三模冗余进行验证。Further, if the three-mode redundancy implementation includes structural three-mode redundancy and sequential three-mode redundancy, the sequential three-mode redundancy is verified first, and then the structural three-mode redundancy is verified.

本发明附加的方面的优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明实践了解到。Advantages of additional aspects of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

附图说明Description of drawings

图1为本发明实施例提供的一种三模冗余验证方法的流程示意图;FIG. 1 is a schematic flow diagram of a triple-mode redundancy verification method provided by an embodiment of the present invention;

图2为本发明另一实施例提供的一种三模冗余验证方法的流程示意图;FIG. 2 is a schematic flow diagram of a triple-mode redundancy verification method provided by another embodiment of the present invention;

图3为本发明另一实施例提供的一种非基于功能路径的三模冗余实施方式的处理方法的流程示意图。FIG. 3 is a schematic flowchart of a processing method of a non-functional path-based triple-mode redundancy implementation provided by another embodiment of the present invention.

具体实施方式detailed description

以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。The principles and features of the present invention are described below in conjunction with the accompanying drawings, and the examples given are only used to explain the present invention, and are not intended to limit the scope of the present invention.

如图1所示,为本发明实施例提供的一种三模冗余验证方法的流程示意图,该方法包括:As shown in Figure 1, it is a schematic flow chart of a triple-mode redundancy verification method provided by an embodiment of the present invention, the method comprising:

S101,确定现场可编程门阵列FPGA的三模冗余实施方式是否为基于功能路径的方式,包括明确各功能的重要程度、以及各功能路径贯穿的模块或电路的三模冗余方式,若不是基于功能路径的方式,则执行S102,若是基于功能路径的方式,则执行S103。S101, determine whether the triple-mode redundancy implementation mode of the field programmable gate array FPGA is based on the functional path, including specifying the importance of each function, and the triple-mode redundancy mode of the modules or circuits that each functional path runs through, if not If the method is based on the functional path, execute S102, and if it is based on the functional path, execute S103.

S102,对FPGA进行处理,确定FPGA中需要进行验证的三模冗余范围和三模冗余实施方式,并执行S103。S102, process the FPGA, determine the three-mode redundancy range and implementation mode of the three-mode redundancy that need to be verified in the FPGA, and execute S103.

S103,对三模冗余实施方式分别按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,并对三模冗余实施方式进行判断,若为结构三模冗余,则执行S104,若为时序三模冗余,则执行S105。S103, classify the three-mode redundant implementation mode according to the structural three-mode redundant implementation mode and the sequential three-mode redundant implementation mode respectively, and judge the three-mode redundant implementation mode, if it is the structural three-mode redundant implementation mode, execute S104, if it is time-sequential triple-mode redundancy, execute S105.

S104,对结构三模冗余进行验证。S104, verifying the structural triple-mode redundancy.

S105,对时序三模冗余进行验证。S105, verifying the timing triple-mode redundancy.

上述实施例提供的一种三模冗余验证方法,通过对FPGA的三模冗余实施方式是否为基于功能路径的方式进行判断,对FPGA进行处理、分类,调高了验证效率,并对三模冗余实施方式进行判断,兼顾了对结构三模冗余和时序三模冗余的判断,对于三模冗余实施方式有效性的验证更加全面客观,提高了三模冗余验证方法的准确性和可靠性。A kind of three-mode redundancy verification method provided by the above-mentioned embodiment, by judging whether the three-mode redundancy implementation mode of FPGA is based on the mode of functional path, FPGA is processed and classified, the verification efficiency is increased, and three The judgment of the implementation mode of the module redundancy takes into account the judgment of the structure triple redundancy and the timing triple redundancy, and the verification of the effectiveness of the triple redundancy implementation is more comprehensive and objective, and the accuracy of the triple redundancy verification method is improved. sex and reliability.

在另一实施例中,如图2所示,假定某产品为基于Xilinx公司2V3000型号FPGA开发,该FPGA实现主要功能为数值运算,次要功能为数据转发,辅助功能为指示灯开关控制,将主要功能、次要功能和辅助功能分别定义为功能A、功能B和功能C。对上述功能采用基于功能路径的三模冗余实施方式,具体措施为:对功能A涉及的多路信号型接口A-1和多路信号型数据运算电路A-2分别进行“时序三模冗余”和“结构三模冗余”;对功能B涉及的单路信号型接口B-1进行“时序三模冗余”;功能C不实施三模冗余。In another embodiment, as shown in Figure 2, assume that a certain product is developed based on Xilinx company 2V3000 model FPGA, the main function of this FPGA is numerical calculation, the secondary function is data forwarding, and the auxiliary function is light switch control. Primary function, secondary function and auxiliary function are defined as function A, function B and function C, respectively. For the above functions, a three-mode redundant implementation based on the functional path is adopted, and the specific measures are as follows: respectively perform "sequential three-mode redundant More than" and "structural triple-mode redundancy"; perform "sequential triple-mode redundancy" on the single-channel signal interface B-1 involved in function B; function C does not implement triple-mode redundancy.

本实施例对2V3000型号FPGA的三模冗余的验证方法包括以下步骤:The present embodiment comprises the following steps to the verification method of the three-mode redundancy of 2V3000 type FPGA:

S201,确定被验证对象的三模冗余实施方式。本实例中FPGA采用了基于功能路径的三模冗余实施方式。S201. Determine the triple-mode redundancy implementation manner of the verified object. In this example, the FPGA adopts a triple-mode redundant implementation based on functional paths.

S202,对三模冗余实施方式进行分类。本实施例中,对三模冗余实施方式分别按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,并分别对分类后的三模冗余实施方式按重要程度进行分类内的排序,需要进行三模冗余的逻辑功能为A、B,因此,将各功能涉及的接口和模块按重要度排序为A-1、A-2、B-1,其中,实施时序三模冗余的接口为A-1、B-1,实施结构三模冗余的模块为A-2,对于实施时序三模冗余的接口A-1、B-1,执行S203-S205,对于实施结构三模冗余的模块,执行S206。S202. Classify the implementation manners of triple-mode redundancy. In this embodiment, the three-mode redundant implementations are classified according to the structural three-mode redundant implementations and the sequential three-mode redundant implementations, and the classified three-mode redundant implementations are classified according to the degree of importance. The sorting, the logical functions that need to be triple-mode redundant are A and B. Therefore, the interfaces and modules involved in each function are sorted into A-1, A-2, and B-1 according to their importance. Among them, the implementation of timing three-mode Redundant interfaces are A-1 and B-1, and modules implementing structural triple-mode redundancy are A-2. For interfaces A-1 and B-1 implementing sequential triple-mode redundancy, execute S203-S205. For implementing For a module with triple-mode redundancy, go to S206.

S203,对结构三模冗余进行验证。选取电路或寄存器,并根据选取的电路或寄存器确定具体验证对象的位置信息,包括端口输入输出信号在RTL源码文件中的实体名、信号名、信号位宽等信息,或表决器在布局布线后的网表文件中的名称编号、位宽等信息,或各模电路在FPGA芯片中的位置区域信息(仅用于物理故障注入的验证方法)。S203, verifying the structural triple-mode redundancy. Select the circuit or register, and determine the location information of the specific verification object according to the selected circuit or register, including the entity name, signal name, signal bit width and other information of the port input and output signals in the RTL source code file, or the voter after layout and wiring The name number, bit width and other information in the netlist file, or the location area information of each module circuit in the FPGA chip (only used for the verification method of physical fault injection).

S204,对多路信号进行验证。根据S202确定的具体验证对象的位置信息,将A-2模块的各冗余结构标记为A-2_R0、A-2_R1、A-2_R2,并将A-2模块的验证优先级设为为高。因为A-2模块的各模信号均为多路信号,所以首先对三模取值各不相同的特例情况进行验证,在各模有效取值范围内任选3个不同值,分别为{0,1,X},其中,X为取值范围内,非0非1的任意值,取值范围根据多路信号的实际情况确定,例如,当多路信号为两路时,X的取值范围为二进制数值00~11。并将3个不同值随机分配给三模,得到输出信号,并对所述输出信号进行表决,若表决后的输出信号为预设值,则三模冗余实施方式有效,若为其他值时,则三模冗余实施方式无效。S204, verifying the multiple signals. According to the location information of the specific verification object determined in S202, mark each redundant structure of the A-2 module as A-2_R0, A-2_R1, A-2_R2, and set the verification priority of the A-2 module as high. Because the signals of each mode of the A-2 module are multi-channel signals, first of all, the special case of the different values of the three modes is verified, and three different values are selected within the effective value range of each mode, respectively {0 , 1, X}, where X is any value that is not 0 or 1 within the value range, and the value range is determined according to the actual situation of the multi-channel signal. For example, when the multi-channel signal is two channels, the value of X The range is binary value 00~11. And randomly assign 3 different values to the three modes to obtain the output signal, and vote on the output signal, if the output signal after the vote is the preset value, then the triple mode redundant implementation is valid, if it is other values , the implementation of triple-mode redundancy is invalid.

S205,对单路信号进行验证。对特例情况进行验证后,排除特例情况,将多路信号的各模信号取值约束为“类型0”和“类型1”,并将上述取值类型等效为单路信号的信号逻辑取值“逻辑0”和“逻辑1”,对A-2模块按单路信号进行处理:令“逻辑1”表示正常,“逻辑0”表示故障,然后将各模信号按逻辑值0或1随机选取的方式模拟故障,对三模信号全部可能的2*2*2=8种状态做遍历性验证,通过表决器表决,得到8种状态下三模冗余实施方式的有效性结论,然后结合特例情况下三模冗余实施方式的有效性,综合判断,得出结论,具体结果参照下表。S205, verifying the single signal. After verifying the special case, exclude the special case, constrain the value of each mode signal of the multi-channel signal to "type 0" and "type 1", and make the above value types equivalent to the signal logic value of the single-channel signal "Logic 0" and "Logic 1", the A-2 module is processed as a single signal: Let "Logic 1" indicate normal, "Logic 0" indicates failure, and then randomly select each model signal according to the logic value 0 or 1 Simulate faults in the same way, perform ergodic verification on all possible 2*2*2=8 states of the three-mode signal, and obtain the validity conclusion of the three-mode redundant implementation mode under the eight states through voting by the voter, and then combine the special case In this case, the effectiveness of the implementation of triple-mode redundancy is comprehensively judged, and a conclusion is drawn. For specific results, refer to the table below.

S206,对时序三模冗余进行验证。按通信时间先后次序,顺次将A-1接口的三次通信标记为A-1_Tr0、A-1_Tr1、A-1_Tr2,并将A-1接口的验证优先级设为高;然后顺次将B-1接口的三次通信标记为B-1_Tr0、B-1_Tr1、B-1_Tr2,并将B-1接口的验证优先级设为低。上述尾缀为“_Tr0(第一模)、_Tr1(第二模)、_Tr2(第三模)”的通信标记可在后续处理中等同于结构三模冗余中的冗余结构标记“_R0(第一模)、_R1(第二模)、_R2(第三模)”,然后按S203~S205的步骤验证。S206, verifying the timing triple-mode redundancy. According to the order of communication time, the three communications of A-1 interface are marked as A-1_Tr0, A-1_Tr1, A-1_Tr2, and the verification priority of A-1 interface is set to high; then B- The three communications of interface 1 are marked as B-1_Tr0, B-1_Tr1, and B-1_Tr2, and the verification priority of interface B-1 is set to low. The above-mentioned communication marks whose suffixes are "_Tr0 (first mode), _Tr1 (second mode), _Tr2 (third mode)" can be equivalent to the redundant structure mark "_R0( first model), _R1 (second model), _R2 (third model)", and then verify according to the steps of S203-S205.

S207,验证完成。必要时,可根据验证的成本、进度等外部条件,仅针对选定验证优先级的接口或模块进行验证,提高验证工作效能。S207, the verification is completed. When necessary, according to external conditions such as verification cost and progress, verification can be performed only for interfaces or modules with a selected verification priority to improve verification work efficiency.

在另一实施例中,如图3所示,假定某公司生产的FPGA的三模冗余实施方式不是基于功能路径的方式,则需要对其进行以下处理再进行验证,处理步骤包括:In another embodiment, as shown in Figure 3, assuming that the triple-mode redundancy implementation of the FPGA produced by a certain company is not based on the functional path, the following processing needs to be performed on it before verification, and the processing steps include:

S301,从任务剖面角度分析FPGA的核心功能,确定核心功能包括的接口及功能子模块;S301, analyze the core functions of the FPGA from the perspective of the task profile, and determine the interfaces and functional sub-modules included in the core functions;

S302,确定FPGA中已实施三模冗余措施包括的接口及功能子模块;S302, determining the interfaces and functional sub-modules included in the triple-mode redundancy measures implemented in the FPGA;

S303,将核心功能包括的接口及功能子模块与已实施三模冗余措施包括的接口及功能子模块进行对比,取交集部分,得到需要进行验证的三模冗余范围;S303, comparing the interfaces and function sub-modules included in the core function with the interfaces and function sub-modules included in the implemented triple-mode redundancy measures, taking the intersection part, and obtaining the triple-mode redundancy range that needs to be verified;

S304,确定需要进行验证的三模冗余范围包含的接口及功能子模块的重要程度以及三模冗余实施方式。S304. Determine the importance of interfaces and functional sub-modules included in the three-mode redundancy range that needs to be verified, and the implementation manner of the three-mode redundancy.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (10)

1.一种三模冗余验证方法,其特征在于,包括以下步骤:1. A triple-mode redundancy verification method, characterized in that, may further comprise the steps: 步骤1,确定现场可编程门阵列FPGA的三模冗余实施方式是否为基于功能路径的方式,若不是,则执行步骤2,若是,则执行步骤3;Step 1, determine whether the triple-mode redundant implementation mode of field programmable gate array FPGA is the mode based on functional path, if not, then perform step 2, if so, then perform step 3; 步骤2,对所述FPGA进行处理,确定所述FPGA中需要进行验证的三模冗余范围和三模冗余实施方式,并执行步骤3;Step 2, processing the FPGA, determining the three-mode redundancy range and the implementation mode of the three-mode redundancy that need to be verified in the FPGA, and performing step 3; 步骤3,对所述三模冗余实施方式进行分类,并对所述三模冗余实施方式进行判断,若为结构三模冗余,则执行步骤4,若为时序三模冗余,则执行步骤5;Step 3, classify the implementation mode of triple redundancy, and judge the implementation mode of triple redundancy, if it is structural triple redundancy, then perform step 4, if it is sequential triple redundancy, then Execute step 5; 步骤4,对所述结构三模冗余进行验证;Step 4, verifying the three-mode redundancy of the structure; 步骤5,对所述时序三模冗余进行验证。Step 5, verifying the timing triple redundancy. 2.根据权利要求1所述的一种三模冗余验证方法,其特征在于,步骤2中,包括以下步骤:2. a kind of three-mode redundancy verification method according to claim 1, is characterized in that, in step 2, comprises the following steps: 步骤2.1,从任务剖面角度分析所述FPGA的核心功能,确定所述核心功能包括的接口及功能子模块;Step 2.1, analyzing the core functions of the FPGA from a task profile angle, determining the interfaces and functional submodules that the core functions include; 步骤2.2,确定所述FPGA中已实施三模冗余措施包括的接口及功能子模块;Step 2.2, determine the interface and functional sub-modules that have been implemented in the FPGA and included in the triple-mode redundancy measure; 步骤2.3,将所述核心功能包括的接口及功能子模块与已实施三模冗余措施包括的接口及功能子模块进行对比,取交集部分,得到需要进行验证的三模冗余范围;Step 2.3, comparing the interfaces and functional sub-modules included in the core function with the interfaces and functional sub-modules included in the three-mode redundancy measures that have been implemented, and taking the intersection to obtain the triple-mode redundancy range that needs to be verified; 步骤2.4,确定所述需要进行验证的三模冗余范围包含的接口及功能子模块的重要程度以及三模冗余实施方式,并执行步骤3。Step 2.4, determine the importance of the interfaces and functional sub-modules included in the three-mode redundancy range that needs to be verified, and the implementation mode of the three-mode redundancy, and perform step 3. 3.根据权利要求1所述的一种三模冗余验证方法,其特征在于,步骤3中,将所述三模冗余实施方式按照结构三模冗余实施方式和时序三模冗余实施方式进行分类,并按预设次序对分类后的所述三模冗余实施方式进行排序。3. a kind of three-mode redundancy verification method according to claim 1, is characterized in that, in step 3, described three-mode redundancy implementation mode is implemented according to structural triple-mode redundancy implementation mode and sequence triple-mode redundancy The manners are classified, and the classified three-mode redundant implementation manners are sorted according to a preset order. 4.根据权利要求1至3中任一项所述的一种三模冗余验证方法,其特征在于,步骤1中,如果所述三模冗余实施方式为基于功能路径的方式,则确定所述三模冗余实施方式包含的接口及功能子模块。4. A kind of triple-mode redundancy verification method according to any one of claims 1 to 3, characterized in that, in step 1, if the triple-mode redundancy implementation is based on a functional path, then determine The interface and functional sub-modules included in the triple-mode redundancy implementation. 5.根据权利要求4所述的一种三模冗余验证方法,其特征在于,步骤4包括以下步骤:5. a kind of three-mode redundancy verification method according to claim 4, is characterized in that, step 4 comprises the following steps: 步骤4.1,确定所述接口及所述功能子模块的具体验证对象;Step 4.1, determining the specific verification object of the interface and the functional sub-module; 步骤4.2,判断所述具体验证对象的信号类型,若为多路信号,则执行步骤4.3,若为单路信号,则执行步骤4.4;Step 4.2, judging the signal type of the specific verification object, if it is a multi-channel signal, then perform step 4.3, if it is a single-channel signal, then perform step 4.4; 步骤4.3,对所述多路信号进行验证;Step 4.3, verifying the multi-channel signal; 步骤4.4,对所述单路信号进行验证。Step 4.4, verifying the single signal. 6.根据权利要求5所述的一种三模冗余验证方法,其特征在于,所述单路信号为传输1比特信息的信号,所述多路信号为多个传输1比特信息的单路信号的有序集合。6. a kind of three-mode redundancy verification method according to claim 5, is characterized in that, described single-channel signal is the signal that transmits 1-bit information, and described multi-channel signal is a plurality of single-channel signals that transmit 1-bit information An ordered collection of signals. 7.根据权利要求5所述的一种三模冗余验证方法,其特征在于,步骤4.3包括以下步骤:7. A kind of three-mode redundancy verification method according to claim 5, is characterized in that, step 4.3 comprises the following steps: 步骤4.3.1,当多路信号的三模取值互不相同时,在各模有效取值范围内任选3个不同值,并将所述3个不同值随机分配给三模,得到输出信号,并对所述输出信号进行表决,若表决后的输出信号为预设值,则所述三模冗余实施方式有效,否则无效;Step 4.3.1, when the values of the three modes of the multi-channel signal are different from each other, select 3 different values within the effective value range of each mode, and randomly assign the 3 different values to the three modes to obtain the output signal, and vote on the output signal, if the output signal after the vote is a preset value, the implementation of the triple-mode redundancy is valid, otherwise it is invalid; 步骤4.3.2,排除多路信号的三模取值各不相同的情况,将各模信号的取值进行约束;Step 4.3.2, exclude the situation that the values of the three modes of the multi-channel signal are different, and constrain the values of the signals of each mode; 步骤4.3.3,将各模等价视为单路信号,按单路信号的验证方法进行验证。In step 4.3.3, the equivalence of each module is regarded as a single-channel signal, and verification is performed according to the verification method of a single-channel signal. 8.根据权利要求5所述的一种三模冗余验证方法,其特征在于,步骤4.4包括以下步骤:8. a kind of three-mode redundancy verification method according to claim 5, is characterized in that, step 4.4 comprises the following steps: 步骤4.4.1,所述单路信号包括三模信号,对各模信号按逻辑值0或1随机选取的方式进行故障模拟;Step 4.4.1, the single-channel signal includes a three-mode signal, and the fault simulation is performed on each mode signal by randomly selecting a logic value of 0 or 1; 步骤4.4.2,得到所述单路信号全部可能的8种状态;Step 4.4.2, obtaining all possible 8 states of the single signal; 步骤4.4.3,根据得到的8种状态分别验证所述三模冗余实施方式的有效性;Step 4.4.3, respectively verifying the effectiveness of the implementation of the triple-mode redundancy according to the obtained 8 states; 步骤4.4.4,对得到的所有三模冗余实施方式的有效性进行综合分析,完成验证。In step 4.4.4, comprehensively analyze the effectiveness of all obtained three-mode redundancy implementation modes, and complete the verification. 9.根据权利要求1至3中任一项所述的一种三模冗余验证方法,其特征在于,步骤5中,包括以下步骤:9. according to a kind of three-mode redundancy verification method described in any one of claims 1 to 3, it is characterized in that, in step 5, comprise the following steps: 步骤5.1,依次将所述时序三模冗余的三次通信等价视为结构三模冗余中的冗余结构;Step 5.1, sequentially treating the three communication equivalents of the sequential triple-mode redundancy as a redundant structure in the structural triple-mode redundancy; 步骤5.2,将所述时序三模冗余按照所述结构三模冗余的验证方法进行验证。Step 5.2, verifying the sequence triple redundancy according to the verification method of the structural triple redundancy. 10.根据权利要求1所述的一种三模冗余验证方法,其特征在于,若所述三模冗余实施方式包括结构三模冗余和时序三模冗余,则先对所述时序三模冗余进行验证,再对所述结构三模冗余进行验证。10. A kind of three-mode redundancy verification method according to claim 1, characterized in that, if the three-mode redundancy implementation includes structural three-mode redundancy and sequence three-mode redundancy, first check the sequence The triple-mode redundancy is verified, and then the triple-mode redundancy of the structure is verified.
CN201610855588.8A 2016-09-27 2016-09-27 A kind of triplication redundancy verification method Active CN106445748B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610855588.8A CN106445748B (en) 2016-09-27 2016-09-27 A kind of triplication redundancy verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610855588.8A CN106445748B (en) 2016-09-27 2016-09-27 A kind of triplication redundancy verification method

Publications (2)

Publication Number Publication Date
CN106445748A true CN106445748A (en) 2017-02-22
CN106445748B CN106445748B (en) 2019-01-04

Family

ID=58169587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610855588.8A Active CN106445748B (en) 2016-09-27 2016-09-27 A kind of triplication redundancy verification method

Country Status (1)

Country Link
CN (1) CN106445748B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111914504A (en) * 2020-07-17 2020-11-10 中科亿海微电子科技(苏州)有限公司 Triple-modular redundancy method and device of application circuit
CN113962176A (en) * 2021-12-22 2022-01-21 中科亿海微电子科技(苏州)有限公司 Method and device for verifying correctness of netlist file subjected to triple modular redundancy processing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4683570A (en) * 1985-09-03 1987-07-28 General Electric Company Self-checking digital fault detector for modular redundant real time clock
US7958394B1 (en) * 2007-04-04 2011-06-07 Xilinx, Inc. Method of verifying a triple module redundant system
CN102857213A (en) * 2011-07-01 2013-01-02 阿尔特拉公司 Reconfigurable logic block
CN103530207A (en) * 2013-09-24 2014-01-22 北京京航计算通讯研究所 Method for verifying triplication redundancy measure
CN104715121A (en) * 2015-04-01 2015-06-17 中国电子科技集团公司第五十八研究所 Circuit safety design method for defending against threat of hardware Trojan horse based on triple modular redundancy

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4683570A (en) * 1985-09-03 1987-07-28 General Electric Company Self-checking digital fault detector for modular redundant real time clock
US7958394B1 (en) * 2007-04-04 2011-06-07 Xilinx, Inc. Method of verifying a triple module redundant system
CN102857213A (en) * 2011-07-01 2013-01-02 阿尔特拉公司 Reconfigurable logic block
CN103530207A (en) * 2013-09-24 2014-01-22 北京京航计算通讯研究所 Method for verifying triplication redundancy measure
CN104715121A (en) * 2015-04-01 2015-06-17 中国电子科技集团公司第五十八研究所 Circuit safety design method for defending against threat of hardware Trojan horse based on triple modular redundancy

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111914504A (en) * 2020-07-17 2020-11-10 中科亿海微电子科技(苏州)有限公司 Triple-modular redundancy method and device of application circuit
CN111914504B (en) * 2020-07-17 2024-03-15 中科亿海微电子科技(苏州)有限公司 Triple-modular redundancy method and device for application circuit
CN113962176A (en) * 2021-12-22 2022-01-21 中科亿海微电子科技(苏州)有限公司 Method and device for verifying correctness of netlist file subjected to triple modular redundancy processing

Also Published As

Publication number Publication date
CN106445748B (en) 2019-01-04

Similar Documents

Publication Publication Date Title
EP2631803B1 (en) Methods and apparatus for automatic fault detection
US8127263B2 (en) Improving routability of integrated circuit design without impacting the design area
CA2641682C (en) High speed redundant data processing system
US9170911B1 (en) Protocol error monitoring on an interface between hard logic and soft logic
CN104268253A (en) Partial triplication redundancy method based on lookup table configuration bit statistics
CN103645435B (en) The software module design for Measurability method of multi-signal model programmable logic device (PLD)
CN106445748A (en) Verification method for triplication redundancy
CN104123253B (en) A kind of method and apparatus for realizing chip interconnection to be verified
WO2011069057A1 (en) Preventing information leakage between components on a programmable chip in the presence of faults
CN105404728A (en) FPGA based chip multi-control signal layout method
US10768227B2 (en) Systems and methods for analyzing failure rates due to soft/hard errors in the design of a digital electronic device
US7685485B2 (en) Functional failure analysis techniques for programmable integrated circuits
KR101544649B1 (en) Method for analyzing error rate in System on Chip
CN102368275A (en) Automatic comparison method for layout validation rule file and test vectors
US10430535B2 (en) Verification support program medium, verification support method, and information processing device for verification of a circuit
US9104829B2 (en) Method of validating timing issues in gate-level simulation
US20090259983A1 (en) Methods for designing a product chip a priori for design subsetting, feature analysis, and yield learning
CN112464600B (en) Sensitivity analysis method of SRAM-type programmable logic device based on code analysis
Coelho et al. A soft-error resilient route computation unit for 3D networks-on-chips
CN115408967A (en) Identifying associations of security-related ports with their security mechanisms through structural analysis
CN106919748A (en) Improve the device and method of FPGA prototype verification efficiency
US20140173538A1 (en) Fec decoder dynamic power optimization
CN104123225B (en) Method for analyzing system single-particle soft error propagation process through fault coupling matrix
US7694252B1 (en) Method and system for static verification of multi-voltage circuit design
Schulz et al. Smart behavioral netlist simulation for SEU protection verification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant