CN115421945A - Processing method and system for meeting functional safety requirements - Google Patents

Processing method and system for meeting functional safety requirements Download PDF

Info

Publication number
CN115421945A
CN115421945A CN202210879076.0A CN202210879076A CN115421945A CN 115421945 A CN115421945 A CN 115421945A CN 202210879076 A CN202210879076 A CN 202210879076A CN 115421945 A CN115421945 A CN 115421945A
Authority
CN
China
Prior art keywords
result
error
processing unit
comparison
pipelines
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210879076.0A
Other languages
Chinese (zh)
Inventor
葛云飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Xinlianxin Intelligent Technology Co ltd
Original Assignee
Shanghai Xinlianxin Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Xinlianxin Intelligent Technology Co ltd filed Critical Shanghai Xinlianxin Intelligent Technology Co ltd
Priority to CN202210879076.0A priority Critical patent/CN115421945A/en
Publication of CN115421945A publication Critical patent/CN115421945A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0721Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1044Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices with specific ECC/EDC distribution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0875Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3867Concurrent instruction execution, e.g. pipeline or look ahead using instruction pipelines

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Advance Control (AREA)

Abstract

The invention relates to a processing method and a system for meeting functional safety requirements, wherein the processing method for meeting the functional safety requirements comprises the following steps: a processing unit configured to provide two pipelines; providing a same instruction for the two pipelines to carry out, and carrying out error correction comparison in the same instruction carrying out process; and transmitting an error result to a bus if the result of the error-correcting comparison is an error. The invention realizes a processing method and a processing system of a single core, which meet the functional safety requirements.

Description

Processing method and system for meeting functional safety requirements
Technical Field
The present disclosure relates generally to the field of processing methods and systems for satisfying functional security requirements, and more particularly to a single core processing method and system for satisfying functional security requirements.
Background
At present, a dual-core lock-step design is generally adopted in an SOC level design scheme for meeting the highest functional safety, the basic principle is that two CPU cores with the same function and the same design execute the same code, the output is compared at the output ends of the two CPUs, and when the output results of the two IO ends are inconsistent, a system considers that random hardware failure occurs. However, if a single core processor is used, a dual core lockstep design cannot be used.
Because of such shortcomings, there is a need for processing methods and systems that can meet functional security requirements in a single core processor.
Disclosure of Invention
The object of the present invention is to solve at least the technical drawbacks. That is, the present invention can achieve the following objects: 1. the function check efficiency is high, the two pipelines (pipeline) execute the same code, and the two pipelines are compared in real time and the instruction level code is compared; 2. the fault tolerance time is short, and the comparison in the core can find errors as early as possible (some errors are not always immediately transmitted to the IO port); 3. the area of crystal grains (die) is saved, two pipelines share a cache, a Translation Lookaside Buffer (TLB) and a bus, the area of a chip is saved, and the cost of the chip is reduced; 4. the software is friendly, and resources of one core do not need to be configured; and 5, the SOC level is friendly in design, and a multi-core structure is not required to be adopted.
Firstly, the operating process of the current multi-stage pipeline micro-architecture processor at each stage is analyzed, and the essence of the method is the process of efficiently solving where data comes, what operation is carried out on the data, and where the obtained result is sent. The circuits that need protection are therefore mainly:
1. and a data storage circuit. The source of data of each level of pipeline is different, and the data (cache, cache pad ram, TLB entries, etc.) from the cache and the data (buf, fifo, reg, etc.) from the cache ensure that the former uses ECC and the latter uses redundancy design, which can be corrected or detected in time once an error occurs in the data.
2. And a data operation circuit. The data manipulation circuitry may utilize designs that implement redundancy to detect errors. The redundant circuit and the data operation circuit obtain data with the same size and the same position from the same data storage circuit, check whether the results are consistent after the data operation, report an error if the results are inconsistent, and write the results into the data storage if the results are consistent. The redundant design circuits should use the same hardware logic as the data manipulation circuits in terms of timing and accuracy.
Therefore, the present invention is directed to a processing method for satisfying functional safety requirements, which can solve the above-mentioned deficiencies of the prior art.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: the invention provides a processing method for meeting functional safety requirements, which comprises the following steps: a processing unit configured to provide two pipelines; providing a same instruction for execution by both of the pipelines; performing a comparison of correction errors in the same instruction execution process; and transmitting an error result to a bus if the result of the error-correcting comparison is an error.
Further, in an instruction fetch stage that provides a same instruction for execution by two of the pipelines, the error correction comparison is performed first, and if a first result of the error correction comparison is an error, the first result is transmitted to the bus, and if the first result is no error, the two pipelines execute the same instruction.
Further, in an instruction execution stage in which a same instruction is provided for the execution of two of the pipelines, the error correction comparison is performed after the instruction execution stage is finished, if a second result of the error correction comparison is an error, the second result is transmitted to the bus, and if the second result is no error, a storage stage is performed.
Further, the error correction comparison is performed during a retirement phase in which a same instruction is provided for the two pipelines, if a third result of the error correction comparison is an error, the third result is transmitted to the bus, and if the third result is error-free, resources of the two pipelines are changed.
Further, a same instruction is provided for the two pipelines to be divided into an instruction fetching stage, an instruction executing stage, a storage stage and a retirement stage, in the instruction fetching stage, the error correction comparison is performed first, if a first result of the error correction comparison is an error, the first result is transmitted to the bus, if the first result is no error, the two pipelines perform the same instruction, the error correction comparison is performed after the instruction executing stage of the same instruction is completed by the two pipelines, if a second result of the error correction comparison performed after the instruction executing stage is an error, the second result is transmitted to the bus, if the second result is no error, the storage stage is performed, then the retirement stage is performed, the error correction comparison is performed in the retirement stage, if a third result of the error correction comparison is an error, the third result is transmitted to the bus, and if the third result is no error, resources of the two pipelines are changed.
Further, the fix-up error comparison performed after the instruction execution phase ends is an address comparison.
Further, the correction error is compared with an odd check or an even check.
The present invention further provides a system for meeting functional safety requirements, comprising: a processing unit configured to provide two pipelines, both of which perform a same instruction, and to perform a corrected error comparison by the processing unit during the same instruction execution; a bus connected to the processing unit and configured to receive an error result when the result of the fixed error comparison is an error.
The processing unit performs the error correction comparison first, transmits a first result to the bus if a first result of the error correction comparison is an error, and performs the same instruction on the two pipelines if the first result is no error.
The processing unit is further configured to perform a revised fault comparison of the address provided by the page table cache after the instruction execution stage is completed, the processing unit transmitting a second result to the bus if a second result of the revised fault comparison of the address is a fault, and performing a store stage if the second result is no fault.
Further, a second cache unit coupled to the processing unit and the page table cache is included for storing in the store stage.
Further, a second cache unit coupled to the processing unit is included that provides a same instruction for storage in a store stage performed by both of the pipelines.
Further, in a retirement phase of providing a same instruction for the two pipelines, the processing unit performs the error correction comparison, if a third result of the error correction comparison is an error, the processing unit transmits the third result to the bus, and if the third result is no error, the processing unit changes the resources of the two pipelines.
The system further includes a first cache unit coupled to the processing unit, a page table cache coupled to the processing unit, and a second cache unit coupled to the processing unit and the page table cache, wherein the two pipelines are divided into an instruction fetch stage, an instruction execution stage, a storage stage, and a retirement stage after executing a same instruction, the first cache unit provides a same instruction for the two pipelines to execute the instruction fetch stage in the instruction fetch stage, the processing unit performs the error correction comparison first, if a first result of the error correction comparison is an error, the processing unit transmits a first result to the bus, if the first result is error-free, the two pipelines perform the same instruction, the processing unit performs the error correction comparison based on an address provided by the page table cache after the instruction execution stage is finished, if a second result of the error correction comparison is an error, the processing unit transmits the second result to the bus, if the second result is error-free, the second cache unit performs the error correction based on the address provided by the page table cache, if a second result of the error correction comparison is an error, the processing unit transmits the second result of the same instruction to the processing unit, and if the second result of the processing unit does not perform the error correction in the processing unit, and if the processing unit does not perform the error correction of the processing of the same instruction.
Further, the first cache unit is an instruction cache.
Further, the second buffer unit is a dCache.
The technical scheme of the invention is that two pipelines are used in a single-core processing unit to execute a single same instruction and correct error comparison is carried out after the two pipelines execute the single same instruction, so that the function of detecting random hardware failure is completed in a single core of one processing unit.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a diagram illustrating a method for satisfying functional safety requirements according to the present invention and a system for satisfying functional safety requirements according to the present invention;
FIG. 2 is a flow diagram of another embodiment of a process for satisfying functional safety requirements in accordance with the present invention;
FIG. 3 is a flow diagram of another embodiment of a process for satisfying functional safety requirements in accordance with the present invention;
FIG. 4 is a flow diagram of another embodiment of a process for satisfying functional safety requirements in accordance with the present invention;
FIG. 5 is a flow diagram of another embodiment of a process for satisfying functional safety requirements in accordance with the present invention;
FIG. 6 is a block diagram of a system for satisfying functional safety requirements according to the present invention.
Description of the reference numerals
1. System for meeting functional safety requirements
10. Processing unit
11. Bus line
12. First buffer unit
13. Page table caching
14. Second buffer unit
S10, S20, S30-S36 steps
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar components or components having the same or similar functions throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In the description herein, references to the terms "one embodiment," "some embodiments," "an example," "a specific example," "some examples," or "some examples" or the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Please refer to fig. 1, which is a diagram illustrating a processing method for satisfying functional safety requirements according to the present invention and an architecture of a system for satisfying functional safety requirements according to the present invention. The processing method for meeting functional safety requirements of the invention comprises a processing unit configured to provide two pipelines (pipelines); providing a same instruction for execution by both of the pipelines; performing a comparison of correction errors in the same instruction execution process; and if the result of the error correction comparison is an error, transmitting an error result to a bus. In practice, if the result of the fix-error comparison is an error at any stage in the same instruction execution process (typically multiple stages), the error result is transmitted to the bus.
Briefly, the present invention utilizes two pipelines in a single core processing unit to execute a single identical instruction and performs a comparison of the corrected error after the two pipelines execute the single identical instruction.
In a possible embodiment, the processing unit is a single-core processing unit, which is used in a single chip microcomputer (SOC), however, the processing unit can also be used in a Central Processing Unit (CPU). Both pipelines include architectural level resources such as General Purpose Registers (GPRs), floating Point Registers (FPRs), and control and state registers (control and state registers). And the bus is further a fault bus. The same instruction is a same software instruction.
Please refer to fig. 2, which is a flowchart illustrating another embodiment of a processing method for satisfying functional safety requirements according to the present invention, and also refer to fig. 1. In embodiments where the comparison of fix-up errors is performed only in one instruction fetch stage, step S10 is a processing unit configured to provide two pipelines. Step S20 is to provide a same instruction for both of the pipelines to perform.
A bug fix comparison is performed during the same instruction execution process in an instruction fetch stage generally divided into an instruction fetch stage, an instruction execute stage, a store stage, and a retire stage, as shown in step S30. In step S31, if a first result of the error correction comparison is an error, the first result is transmitted to the bus, and if the first result is no error, the pipelines execute the same instruction.
In one example, a same instruction is provided to a first cache unit, further an instruction cache (icache). The provided instruction is to add the content of Error-Correcting Code (ECC) to the data, that is, the content of odd check or even check to the data.
In detail, parity check (i.e. odd check or even check) is to perform odd check (exclusive or operation) or even check (exclusive or operation) on an address line (address), a data line (data) and a control line (control) once every 8 bits of data to obtain a result of 1bit, which is called a check bit, and then transmit the result along with a bus (bus) at a request initiating terminal (e.g. CPU) and a request responding terminal (slave, such as typically MC (memory control)), and perform odd check or even check once every 8 bits of data received by a port, and compare the result with transmitted check bit data. If the data transmission process is the same as the data transmission process, no error occurs on the connection line, otherwise, the transmission process is the error, the transmission process with the error is reported to the processing unit to enter an abnormal processing program or is directly uploaded to a system (SOC or an operating system) through a fault bus, and the system determines whether to send processing signals such as abnormal and reset signals to the processing unit.
Please refer to fig. 3, which is a flowchart illustrating another embodiment of a processing method for satisfying functional safety requirements according to the present invention, and also refer to fig. 1. In embodiments where the fix-up error comparison is performed only at the execute instruction stage, step S10 is a processing unit configured to provide two pipelines. Step S20 is to provide a same instruction for both of the pipelines to perform.
Performing a bug fix comparison during the same instruction execution process in this embodiment is performed during the execute stage, which is generally divided into an instruction fetch stage, an instruction execute stage, a store stage, and a retire stage. First, an instruction fetch stage is performed, and then an instruction execution stage is performed in step S32. Then, in step S33, the error correction comparison is performed, and then, in step S34, if a second result of the error correction comparison is an error, the second result is transmitted to the bus, and if the second result is no error, a storage stage is performed.
In one embodiment, a Translation Lookaside Buffer (TLB) is a cache of the processing unit that stores entries mapping virtual addresses to physical addresses as a means for virtual-to-real address Translation. Thus, as shown in FIG. 1, the page table cache has a virtual address (including the contents of the value-added correction error) and a physical address (including the contents of the value-added correction error). Step S33 is performed thereafter. Further, the fix-up error comparison herein is based on a fix-up error comparison of addresses provided by the page table cache. Step S34 is subsequently performed. Further, the storage stage is stored by a second cache unit (dcache), and the storage content is the content of data addition correction error, that is, the content of data addition odd check or even check. The first cache unit and the second cache unit may be separate devices, or the first cache unit and the second cache unit may be an integrated device. Please refer to fig. 4, which is a flowchart illustrating another embodiment of a processing method for satisfying functional security requirements according to the present invention, and refer to fig. 1. In embodiments where the fixed-fault comparison is performed only during the retirement stage, the fixed-fault comparison performed during the same instruction execution process is performed during the retirement stage, which is generally divided into an instruction fetch stage, an instruction execute stage, a store stage, and a retirement stage.
After the store stage ends, in step S35, the bug fix-up comparison is performed during a retirement stage in which a same instruction is provided for both pipelines. In step S36, if a third result of the error-correcting comparison is an error, the third result is transmitted to the bus, and if the third result is no error, the resources of the two pipelines are changed.
In practice, the final comparison is performed at the end of each instruction, and the requests for the architecture-visible resource changes should be consistent, and if they are inconsistent, an error is reported to the bus.
To explain in more detail, in the instruction fetching stage (including instruction fetching and decoding), the processing unit sends a read data request to the instruction cache, where the read address is a Program Counter (PC) and its corresponding physical address, before the main and secondary pipelines (two pipelines) send requests to the icache, the PC compare (PC compare) is performed, and if the read addresses are different, the PC mismatch error is reported to the fault bus, and an error is submitted to the system level processing. If the instruction data is the same as the current instruction fetch address, the current instruction fetch address is proved to have no problem, then the TLB is accessed to obtain a correct physical address (the step can be selected), the number of the TLB entries (TLB entry) also has ECC check protection, then the icache is accessed according to the effective address, the instruction is fetched, the instruction data is firstly subjected to ECC check, and when any one ECC check in two pipelines is wrong, the ECC error is directly reported, and an abnormal service program is entered. When both the primary pipeline and the secondary pipeline ECC checks pass, then the ECC of the retrieved data proves to be unproblematic. Next, the two pipelines will perform decoding operation simultaneously, and transmit various decoded operands and instruction types to the next-stage pipeline.
After receiving the instruction type and various operands given by the decoding stage in the execution stage, the Main and sub pipelines will access their own unique Architecture level visible resources (Main/view Pipe Architecture Resource) to obtain the real data of the required operation. After the data is read out, if the data is a simple operation or logic instruction, the data is directly executed to obtain a result, and if the data is a memory access instruction, information such as a memory access address is firstly calculated and the address information is transmitted to the next level.
The architecturally visible resource contains all architecturally defined General Purpose Registers (GPRs), control and Status registers (Control and Status registers), floating Point Registers (FPRs), etc., and this stage does not allow for excessive comparison of results, since the results of its execution are eventually reflected in the next two stages if there is a problem.
In the access stage, if the instruction is of the access type, the instruction will enter the execution stage to perform the access operation after passing through the execution stage, and if the instruction is not of the access instruction, the instruction is directly bypassed to the next stage. Before the access stage, the access Address is compared (Address Compare), if the Address comparison is wrong (namely, the execution stage of the previous stage has a problem), the error is reported to the system through the fault bus. If there is no error in comparison, it is similar to icache, firstly accesses TLB to perform address translation and ECC check of TLB, if there is no problem, it normally accesses the second cache unit (data cache, DCache), and after fetching the fetched data back, it firstly performs ECC check, and any one of the main and secondary pipelines has ECC error, and immediately enters the abnormal service program, if there is no problem in ECC, it transmits the result to the next stage.
In the retirement stage (or called instruction ending stage), the main and sub pipelines will perform the final comparison (result compare) on the final results obtained after the execution stage and the memory access stage, if there is no problem in the comparison of the control information (write GPR, write CSR, write DCache, etc.), exception information (ECC error, TLB exception, interrupt, etc.) and write data information (value of write-back GPR, value of write-back cache, value of write-back CSR, etc.) of the two pipelines, the corresponding information is written back to the corresponding architecture level visible resource or DCache (DCache is only used once after the write-back data is compared to be the same). This concludes an instruction, and if any of the signals in the two pipelines are not the same, an exception is reported directly to the system via the fault bus. Therefore, the random hardware failure of the current instruction to be retired in the processing unit (such as a CPU, an SOC and the like) is ensured, and the function safety is ensured.
Please refer to fig. 5, which is a flowchart illustrating another embodiment of a processing method for satisfying functional safety requirements according to the present invention, and refer to fig. 1. In the embodiment where the bug fix comparisons are performed at all stages, a bug fix comparison is performed at all stages of the same instruction execution process, which in this embodiment is generally divided into an instruction fetch stage, an instruction execute stage, a store stage, and a retirement stage.
In step S10, a processing unit is configured to provide two pipelines. The above step S20 is divided into steps S30 to S36. In step S30, the correction error comparison is performed. In step S31, if a first result of the error correction comparison is an error, the first result is transmitted to the bus, and if the first result is no error, the pipelines execute the same instruction. In step S32, an execute instruction phase is performed. Then, in step S33, the error correction comparison is performed, and then, in step S34, if a second result of the error correction comparison is an error, the second result is transmitted to the bus, and if the second result is no error, a storage stage is performed. After the store stage is completed, in step S35, the bug fix-up comparison is performed in a retirement stage that provides a same instruction for both pipelines to perform. In step S36, if a third result of the error-correcting comparison is an error, the third result is transmitted to the bus, and if the third result is no error, the resources of the two pipelines are changed.
It is noted that the details of the above steps have been described in detail above.
As shown in fig. 6, the present invention further provides a system 1 for satisfying functional safety requirements, which includes a processing unit 10 and a bus 11. The processing unit 10 is configured to provide two pipelines, in particular, both of the pipelines perform a same instruction and the processing unit 10 performs a fix-up fault comparison during the same instruction execution. The bus 11 is connected to the processing unit 10 and is configured to receive an error result if the result of the fix-error comparison is an error.
In one embodiment, the system 1 for fulfilling functional safety requirements further comprises a first cache unit 12 connected to the processing unit 10, providing a same instruction for two pipelines to execute an instruction fetching stage, the processing unit 10 performing the error correction comparison, if a first result of the error correction comparison is an error, the processing unit 10 transmitting a first result to the bus 11, and if the first result is no error, the two pipelines executing the same instruction.
In another embodiment, the system 1 for satisfying functional safety requirements further comprises a page table cache 13 coupled to the processing unit 10, wherein in an execute instruction stage providing a same instruction for execution by two of the pipelines, the processing unit 10 performs a corrected fault comparison based on an address provided by the page table cache 13 after the execute instruction stage ends, if a second result of the corrected fault comparison of the address is faulty, the processing unit 10 transmits the second result to the bus 11, and if the second result is fault-free, performs a store stage.
In another possible embodiment, the system 1 for fulfilling functional security requirements further comprises a second cache unit 14 coupled to the processing unit 10 and the page table cache 13, for performing the store stage store. In a similarly feasible embodiment, the second cache unit 14 is connected to the processing unit 10. The first cache unit 12 and the second cache unit 14 may be separate devices, or the first cache unit 12 and the second cache unit 14 may be an integrated device.
In another possible embodiment, the processing unit 10 performs the bug fix-up comparison during a retirement phase in which a same instruction is provided for both pipelines, the processing unit 10 transmits a third result of the bug fix-up comparison to the bus 11 if the third result is a bug, and the processing unit 10 changes the resources of both pipelines if the third result is a no-bug.
In another possible embodiment, the system 1 meeting functional safety requirements further includes a first cache unit 12 coupled to the processing unit 10, a page table cache 13 coupled to the processing unit 10, and a second cache unit 14 coupled to the processing unit 10 and the page table cache 13, wherein a same instruction is executed by the pipelines in a fetch stage, an execute stage, a store stage, and a retire stage, wherein the first cache unit 12 provides a same instruction to the pipelines for the fetch stage, the processing unit 10 first performs the corrected error comparison, if a first result of the corrected error comparison is an error, the processing unit 10 transmits a first result to the bus 11, if the first result is error-free, the pipelines execute the same instruction, the processing unit 10 performs the corrected error comparison based on an address provided by the cache 13 after the execute stage, if a second result of the corrected error comparison is error, the processing unit 10 transmits the second result to the pipelines for the read stage, and if the second result of the read error comparison is error-free, the processing unit 10 further provides the same instruction to the pipeline for the store stage, and the third cache unit 10 provides the corrected error correction resource for the pipeline, if the second result of the read error comparison is error, the pipeline, and the pipeline is the pipeline.
It is noted that further details of the system 1 satisfying functional safety requirements as described above have been detailed above.
More broadly, the system and method of the present invention can be applied to the test port of LBIST (logic built-in self test) and MBIST (memory built-in self test) using a single core processing unit.
It should be noted that the connection manner between the units, components, devices, modules and/or apparatuses can be direct connection or indirect connection. By indirectly connected, it is meant that other elements, components, devices, modules, and/or devices may be disposed therebetween without departing from the scope of the present invention.
The invention can execute a single same instruction by using two pipelines in the single-core processing unit and carry out the comparison of correction errors after the two pipelines execute the single same instruction, thereby achieving the following effects: 1. the function checking efficiency is high, the two pipelines execute the same code, and the two pipelines are compared in real time and compared with the instruction level code; 2. fault tolerance time is short, errors can be found as early as possible by comparison in a core (some errors are not always immediately transmitted to an IO port); 3. the area of a crystal grain (die) is saved, two pipeline share cache, TLB and bus, the chip area is saved, and the chip cost is reduced; 4. the software is friendly, and resources of one core do not need to be configured; and 5, the SOC level is friendly in design, and a multi-core structure is not required to be adopted. More specifically, the implementation is summarized:
for processing unit cores:
1. performing ECC protection on the Cache, the TLB and the like;
2. two pipelines are arranged, two sets of independent architecture level resources are provided, and each pipeline accesses own independent architecture level resource;
3. two pipeline execute the same software instruction;
4. comparing before accessing common resources (cache, TLB), if different, reporting fault bus; the same request is sent to the cache or the TLB only once, but the returned result is simultaneously propagated to each pipeline;
5. the last comparison is carried out when each instruction is finished, the updating requests of the architecture level visible resources and the memory access data are consistent, if the updating requests are inconsistent, a fault is reported to a fault bus, and the fault is sent to a processing unit (such as a CPU, an SOC and the like) or an operating system to process the abnormity;
for the processing unit's BUS:
the parity check is that, in the interaction between a processing unit (e.g., CPU, SOC, etc.) and a bus (e.g., AMBA AHB, AXI, etc.), the processing unit (e.g., CPU, SOC, etc.) is used as a master, and typically, an MC (memory control), as a slave, performs odd check (exclusive or operation) or even check (exclusive or operation) once for every 8 bits of data to obtain a result of 1bit, which is called a check bit, and transmits the result to a request initiating terminal (master) and a request responding terminal (slave) along with the bus, performs odd check or even check once for every 8 bits after the port receives the data, and compares the result with transmitted check bit data. If the data transmission process is the same as the data transmission process, it indicates that no error occurs on the connection line, otherwise, it indicates that an error occurs in the transmission, and reports the transmission with the error to a processing unit (for example, a CPU, an SOC, etc.) to enter an exception handling program (an exception of a bus error or a parity error may be generated, so that the processing unit (for example, the CPU, the SOC, etc.) enters an exception state) or directly uploads the exception to a system (an SOC-level error control logic or an operating system) through fault bus, and the system determines whether to send an exception, reset, etc. processing signal to the processing unit (for example, the CPU, the SOC, etc.).
Fault bus mainly provides two pipeline comparison error messages inside a processing unit (such as a CPU, SOC and the like) core, and mainly comprises but is not limited to: the comparison of access to the cache is inconsistent, the comparison of access to the TLB entry is inconsistent, the comparison of two pipeline pc-fetching is inconsistent, the result is inconsistent after the instruction is finished, and the like; second, various ECC errors are reported, including but not limited to: the unit ECC of the cache ECC is used for error checking, the multi-bit error checking, the unit ECC corresponding to the TLB entry is used for error checking, and the multi-bit error checking is carried out; the parity of the interface of the processing unit (e.g., CPU, SOC, etc.) corrects errors and other errors related to functional safety. These errors are reported to the processing unit (e.g., CPU, SOC, etc.), and the system sends corresponding operations, such as interrupt, reset, etc., to the processing unit (e.g., CPU, SOC, etc.) according to the frequency of occurrence of the errors, the type of the errors, etc.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (17)

1. A processing method for meeting functional safety requirements comprises the following steps:
a processing unit configured to provide two pipelines;
providing a same instruction for execution by both of the pipelines;
performing a comparison of correction errors in the same instruction execution process; and
if the result of the comparison is an error, an error result is transmitted to a bus.
2. The method as claimed in claim 1, wherein said error correction comparison is performed during an instruction fetch stage in which a same instruction is provided for execution by both of said pipelines, and wherein if a first result of said error correction comparison is an error, said first result is transmitted to said bus, and if said first result is no error, both of said pipelines execute said same instruction.
3. The method as claimed in claim 1, wherein the bug fix-up comparison is performed after the end of the execute instruction stage in an execute instruction stage that provides a same instruction for execution by two pipelines, and if a second result of the bug fix-up comparison is false, the second result is transmitted to the bus, and if the second result is no-error, a store stage is performed.
4. The method as claimed in claim 1, wherein the ECC comparison is performed during a retirement phase of providing a same instruction for both pipelines, and if a third result of the ECC comparison is an error, the third result is transmitted to the bus, and if the third result is no error, resources of both pipelines are modified.
5. The method as claimed in claim 1, wherein the two pipelines are divided into an instruction fetch stage, an instruction execution stage, a storage stage and a retirement stage after providing a same instruction, the error correction comparison is performed in the instruction fetch stage, if a first result of the error correction comparison is an error, the first result is transmitted to the bus, if the first result is no error, the two pipelines perform the same instruction, the error correction comparison is performed after the execution instruction stage of the same instruction is completed in the two pipelines, if a second result of the error correction comparison performed after the instruction execution stage is completed is an error, the second result is transmitted to the bus, if the second result is no error, the storage stage is performed, then the retirement stage is performed, the error correction comparison is performed in the retirement stage, if a third result of the error correction comparison is an error, the third result is transmitted to the bus, and if the third result is no error, the resources of the pipelines are changed.
6. The method as claimed in claim 3 or 5, wherein the bug-correction comparison performed after the instruction execution phase is completed is an address comparison.
7. A processing method for fulfilling functional safety requirements according to any one of claims 1 to 6, characterized in that the correction errors are compared with an odd check or an even check.
8. A system for meeting functional safety requirements, comprising:
a processing unit configured to provide two pipelines, both of which perform a same instruction and perform a bug fix comparison by the processing unit during the same instruction execution;
a bus connected to the processing unit and configured to receive an error result when the result of the fixed error comparison is an error.
9. The system according to claim 8, further comprising a first cache unit coupled to said processing unit for providing a same instruction for both of said pipelines to perform an instruction fetch stage, said processing unit performing said correctable error comparison first, if a first result of said correctable error comparison is incorrect, said processing unit transmitting a first result to said bus, if said first result is error-free, both of said pipelines performing said same instruction.
10. The system according to claim 8, further comprising a page table cache coupled to said processing unit, said processing unit being configured to perform a fixed error compare based on the address provided by said page table cache after an execution instruction stage in which a same instruction is provided for execution by both of said pipelines, said processing unit being configured to transmit said second result to said bus if a second result of said fixed error compare is an error, and to perform a store stage if said second result is error-free.
11. The system according to claim 10, further comprising a second cache unit coupled to said processing unit and said page table cache for performing said store stage store.
12. The system according to claim 8, further comprising a second cache unit coupled to said processing unit for storing in a store stage that provides a same instruction for both of said pipelines.
13. The system of claim 8, wherein the processing unit performs the bug fix-up comparison during a retirement phase in which a same instruction is provided for both pipelines, wherein the processing unit transmits a third result of the bug fix-up comparison to the bus if the third result is a bug, and wherein the processing unit changes resources of both pipelines if the third result is error-free.
14. The system of claim 1, further comprising a first cache unit coupled to the processing unit, a page table cache coupled to the processing unit, and a second cache unit coupled to the processing unit and the page table cache, wherein the first cache unit provides a same instruction to the second pipeline for the instruction fetch stage, the processing unit performs the error correction comparison first after the same instruction is performed on the two pipelines, the processing unit transmits a first result to the bus if a first result of the error correction comparison is an error, the processing unit transmits a second result to the bus if the first result is error-free, the processing unit performs the same instruction on the two pipelines, the processing unit performs the error correction comparison based on an address provided by the page table cache after the instruction fetch stage ends, the processing unit transmits the second result to the bus if a second result of the error correction comparison is an error, the processing unit transmits the second result to the bus if the second result is error, the second result is error correction for the second pipeline, the processing unit provides the same result to the processing unit, and the processing unit modifies the first result of the error correction resource if the second result is an error.
15. The system according to claim 9 or 14, wherein the first cache unit is an instruction cache.
16. A system as claimed in claim 11, 12 or 14, wherein the second cache unit is a dCache.
17. A system for fulfilling functional safety requirements according to claim 8 to claim 16, wherein said correction errors are compared to an odd check or an even check.
CN202210879076.0A 2022-07-25 2022-07-25 Processing method and system for meeting functional safety requirements Pending CN115421945A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210879076.0A CN115421945A (en) 2022-07-25 2022-07-25 Processing method and system for meeting functional safety requirements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210879076.0A CN115421945A (en) 2022-07-25 2022-07-25 Processing method and system for meeting functional safety requirements

Publications (1)

Publication Number Publication Date
CN115421945A true CN115421945A (en) 2022-12-02

Family

ID=84197034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210879076.0A Pending CN115421945A (en) 2022-07-25 2022-07-25 Processing method and system for meeting functional safety requirements

Country Status (1)

Country Link
CN (1) CN115421945A (en)

Similar Documents

Publication Publication Date Title
US10289469B2 (en) Reliability enhancement utilizing speculative execution systems and methods
US8671329B2 (en) Low overhead and timing improved architecture for performing error checking and correction for memories and buses in system-on-chips, and other circuits, systems and processes
US5193181A (en) Recovery method and apparatus for a pipelined processing unit of a multiprocessor system
US9477550B2 (en) ECC bypass using low latency CE correction with retry select signal
TWI502376B (en) Method and system of error detection in a multi-processor data processing system
US8621336B2 (en) Error correction in a set associative storage device
US8775906B2 (en) Efficient storage of meta-bits within a system memory
US8166338B2 (en) Reliable exception handling in a computer system
US11068339B2 (en) Read from memory instructions, processors, methods, and systems, that do not take exception on defective data
JP7351933B2 (en) Error recovery method and device
US5987585A (en) One-chip microprocessor with error detection on the chip
US8739012B2 (en) Co-hosted cyclical redundancy check calculation
US6615375B1 (en) Method and apparatus for tolerating unrecoverable errors in a multi-processor data processing system
US9106258B2 (en) Early data tag to allow data CRC bypass via a speculative memory data return protocol
US8250440B2 (en) Address generation checking
US6898738B2 (en) High integrity cache directory
US20240004757A1 (en) Electronic device managing corrected error and operating method of electronic device
CN117112318A (en) Dual-core fault-tolerant system based on RISC-V architecture
JP2011065565A (en) Cache system and multiprocessor system
US8176406B2 (en) Hard error detection
CN115421945A (en) Processing method and system for meeting functional safety requirements
CN115482875A (en) Memory secure interface configuration
US20170337110A1 (en) Data processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination