EP1924916A2 - Systeme de memoire et son mode de fonctionnement - Google Patents

Systeme de memoire et son mode de fonctionnement

Info

Publication number
EP1924916A2
EP1924916A2 EP06778041A EP06778041A EP1924916A2 EP 1924916 A2 EP1924916 A2 EP 1924916A2 EP 06778041 A EP06778041 A EP 06778041A EP 06778041 A EP06778041 A EP 06778041A EP 1924916 A2 EP1924916 A2 EP 1924916A2
Authority
EP
European Patent Office
Prior art keywords
data word
data
memory
corrected
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP06778041A
Other languages
German (de)
English (en)
Inventor
Thomas Kottke
Yorck Collani
Markus Ferch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of EP1924916A2 publication Critical patent/EP1924916A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/16Protection against loss of memory contents
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C29/00Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation

Definitions

  • the present invention relates to a memory device having a writable data memory and means for detecting and correcting an error in a data word read from the data memory and an operating method for such a memory device.
  • a writable data memory malfunctions can occur, which are expressed in the fact that one or more bits of a stored data word spontaneously change their value. If such a data store is used in a security-relevant application, e.g. in an engine control unit of a motor vehicle or the like. It is imperative to detect such malfunctions and take appropriate countermeasures to avoid dangerous malfunctions. In the simplest case, the countermeasures may be to terminate an application accessing the data store in a predetermined manner upon detection of a failure, so that an erroneous data value is no longer accessed and
  • the number of bit errors that can be corrected in a data word or in a block of data words coded together using an error correction code depends on the number of bits of redundant information generated for that data word or block. This means z. For example, if the bit count of the redundant information is sufficient to correct a single bit error in a data word or block, the operability of the application can be maintained only as long as no more than one bit error in the data word concerned or block occurs. Once a second bit error occurs, no correction is possible and the application must be terminated as described above.
  • Memory errors tend to occur more often. That is, the probability of occurrence of an error in a memory bit is not the same everywhere, but is particularly high in the environment of an already existing error. To ensure reusability of the memory, even if a large number of bit errors occur close to each other, a large amount of redundant information is needed, which increases the required memory space and consequently the cost of the memory array.
  • the present invention provides a method for operating a writable data memory or a memory arrangement having such a data memory, which makes it possible to ensure a high degree of availability of the data memory while keeping the space required for storing redundant information low.
  • the advantage is achieved in that, together with a data word, the redundant information associated with this data word is read from the data memory, the redundant information is used to check whether the data word is faulty, and if it is erroneous, the data word is not only corrected, but also to a new address in a free area of the data store. is written. Since a correct version of the data word is thus again present at the new address, any future errors occurring in this address can be corrected in the maximum number possible based on the redundant information.
  • the reliability of the data memory is therefore not affected by the occurrence of individual bit errors as long as there is free memory area in which the contents of defective memory cells can be moved. Since, in most cases, the new address will be far from the original address of the misrecognized data word, the likelihood of further bit errors occurring at the new address is less than the original one, further improving security.
  • the reading order of the data words in the data store is altered to access the new address for reading the data word. This is particularly necessary if the data word represents a program instruction that must be executed in a predetermined relationship with other instructions.
  • At least one data word preceding it in the reading order may be written into the free area of the data memory together with the corrected data word so as to provide a reference at the original memory location of the latter. a jump command to be able to accommodate its new storage space.
  • a reference to a memory location can be written in the free area follows the original location of the corrected data word.
  • the displacement preferably comprises the copying of a data word from an original adapter. return to a new address, followed by overwriting the original address with another data word after copying. This ensures that at any time each data word is present at least once in the memory.
  • the set of data words contains a reference to a data word that has been moved to the free area, ie in the case of program instructions, for. If, for example, a jump instruction is used for this data word, this reference should be determined and adapted to the new address of the data word.
  • references to displaced data words in the non-shifted data words and relative references to non-displaced data words in the displaced data words should also be adapted to the shift, in order to continue to execute correctly the program instructions.
  • FIG. 1 shows a block diagram of a data processing system according to a first embodiment of the invention
  • Fig. 2 illustrates the allocation of a program memory of the data processing system of Fig. 1 in which an error has occurred
  • FIG. 3 illustrates the allocation of the program memory after correction of the error according to a first embodiment of the method
  • FIG. 5 illustrates the occupation after the correction according to the second embodiment
  • FIG. 6 shows a block diagram of a second embodiment of the data processing system according to the invention.
  • FIG. 1 shows a motor vehicle control unit as a block diagram. It comprises a processor 101, a flash memory 102, in which instructions of an application program to be executed by the processor 101 are stored, a memory monitoring circuit 103 associated with the flash memory 102, a read-write memory 104 as well various sensors 105 and not shown actuators for detecting or influencing operating parameters of a motor vehicle engine.
  • the components 101 to 105 communicate via a common data and address bus 106.
  • the width of the data bus may be 16 bits, for example.
  • the number of bits of the memory cells of the flash memory is greater, it is here, for example 16 + 3 bits, with a 16-bit data word each containing a processor 1 to be processed by the program statement and the remaining 3 bits z.
  • the memory monitoring circuit 103 is connected to an interrupt input 107 of the processor 101 in order to trigger an interrupt of the processor 101 when an error in a data word of the flash memory 102 is detected.
  • This high-priority interrupt breaks the application program, and the processor 101 reads the redundant bits to the data word recognized as erroneous, and performs decoding to correct the data word erroneously output from the memory 102, and carries the address at which the erroneous data word was read in a table. Subsequently, the application program is continued on the basis of the corrected data word.
  • Program instructions to be executed by the processor 101 in the event of an interrupt issued by the monitoring circuit 103 may be stored in the flash memory 102 as the application program.
  • the triggered by the monitoring circuit 103 interrupt is no longer executable, if the error or another error is in the program instructions of this interrupt, alternatively, another read only memory 108 may be provided for the program instructions of the interrupt, which unlike the flash memory 102 does not have to be overwritten by the processor 101 and the probability that a stored bit is erroneous is less than that of the flash memory 102.
  • Fig. 2 shows schematically the use of the flash memory
  • the figure shows 16 memory cells, it being understood that the number of memory cells and the program instructions stored therein is many times greater in practice.
  • the cells 0 to 10 are occupied with program instructions Instrl to Instrll of an application to be executed by the processor 101, and that the remaining memory cells 11 to 15 are unoccupied.
  • Instr7 or Instr ⁇ symbolized by italic inscription Instr7 or Instr ⁇ .
  • the processor 101 reads the program instructions in the flash memory 102, insofar as they do not contain jump instructions, in the order of ascending addresses. If the monitoring circuit 103 detects no error in the read program instructions, they are executed as read by the processor 101. If the monitoring circuit 103 recognizes a program instruction as faulty, that is to say for the first time with the instruction Instr7 in the case shown in FIG. 2, the monitoring circuit 103 outputs the above-mentioned te high-priority interrupt request to the processor 101, which causes them to carry out the correction of the incorrectly issued by the flash memory 102 instruction itself from the associated redundant information.
  • a second interrupt is triggered whose priority is lower than that of the first interrupt and also as the particular time-critical portions of the application program and which causes the processor 1 to correct the contents of the flash memory 2.
  • This correction does not have to take place immediately after the error has been detected in the flash memory, since the system continues to run, as described above, correcting the error in each case in real time.
  • the processor 1 After the processor 1 has executed the corrected instruction Instr7, it addresses the Instr ⁇ instruction, which in the present example is also assumed to be erroneous. The procedure described above is repeated: the error is corrected during a short-term interruption of the application program on the processor 1, the corrected instruction is executed, and the second interrupt is triggered with which the erroneous instruction is to be corrected later.
  • the processor 1 in execution of the second interrupt, writes to the first free memory cell of the memory 102, in the present case the memory cell 11, the instruction Instr ⁇ immediately preceding the instructions of the faulty memory cells 6, 7 corrected instructions Instr7 and Instr ⁇ to the subsequent memory cells 12, 13 and a jump instruction to the following on the defective cells cell 8 in the memory cell 14.
  • the instruction Instr ⁇ in cell 5 is overwritten with a jump order to the cell 11.
  • the defective memory cells 6, 7 no longer need to be accessed. Also, since the content of these memory cells has been corrected before being transferred to the cells 12, 13, an error occurring in these new cells can be corrected in the same manner as described above if there is enough free space available.
  • FIGS. 4 and 5 A second embodiment of the method will be explained with reference to FIGS. 4 and 5.
  • the memory cells 6, 7 are defective.
  • n 3 memory cells are needed.
  • the number n is always greater by 1 than the number of consecutive defective cells because an extra cell is needed to accommodate a jump instruction therein.
  • the processor 101 copies the n most recent instructions of the application program including the associated redundant information from the memory cells 8 to 10 into new, previously unoccupied memory cells 11 to 13, and the memory cells previously occupied by these instructions are released for rewriting.
  • the released memory cells are respectively overwritten with the contents of the n preceding memory cells, which in turn are enabled.
  • the method of the invention does not require correction of a detected error in the flash memory 102 immediately after detection, but the correction can be deferred until an appropriate time, the method is well compatible with real-time applications that determine within given time limits Have to fulfill tasks. A delay resulting from the decoding of the contents of a faulty memory cell may nevertheless be disturbing for such an application.
  • it may be expedient to successively read the program instructions stored in the flash memory 102 in a start-up phase of the application in which no strict real-time requirements have yet to be met To detect memory errors. If no memory error is detected, the application can then operate normally; however, if there is a memory error, it is possible to correct it before the real-time requests become stringent.
  • control unit it is also expedient to carry out an operation in the wake of the control unit, i. in a limited period of time after the engine has been switched off, in which the control unit still remains active.
  • FIG. 1 A second embodiment of a data processing system, which offers a further increased reliability compared to the embodiment of FIG. 1, is shown in FIG.
  • this data processing system comprises a second processor 111, which is capable of accessing the flash memory via the bus 106 shared with the processor 101 or else via a second, own bus 102 of the processor 101.
  • the processor 111 is a second one
  • the memory monitoring circuit 103 associated with the flash memory 102 is connected to the processor 101 only to temporarily interrupt it in the event of an erroneous output of the flash memory 102, it triggers an interrupt at the second processor 111 which causes it to decode the erroneously output data word, to pass a corrected data word to the processor 101 and to note the address of the erroneous data word in a list and to trigger a second interrupt which, at a suitable later time, causes the cor- rectification of the memory 102 based on the list in an analogous manner as described above with reference to FIG. 3 or on Fig. 4, 5 described.
  • the processor 101 processes interrupts, which trigger a memory monitoring circuit 113 due to an error in the flash memory 112 of the second processor 111. Errors that occur in the instructions of the first interrupt in one of the two memories 102 or 112 can no longer cause the system to crash, since they are corrected by interrupt instructions stored in the other memory.
  • the second interrupt may in each case be handled by the same processor 101 or 111, which has also handled the first interrupt. It is also conceivable, however, to have it treated by an external processor connected to the data processing system of FIG. 1 or FIG. 6 via a network connection, a mobile radio connection or the like. communicated.
  • Another possible modification is to design the monitoring circuit 103 to perform not only the detection of an error in a data word output from the memory 102, but also its decoding and correction without resorting to the processor 101 associated with the memory 102.
  • the temporary interruption of the processor 101 which is required to prevent it from accepting a data word incorrectly output on the bus 106, can take place here in that the monitoring circuit 103 interrupts a clock signal supplied to the processor 101 as long as it requires. in order to correct the instruction erroneously output from the memory 102 and in turn to output it correctly to the bus 106.
  • a failure the decoding as a result of an incorrectly stored in the memory 102 interrupt instruction is also excluded here.
  • This refinement has the advantage of being able to correct errors not only in an instruction memory but also in a parameter memory.
  • the invention is also applicable to other types of data memories.
  • memory e.g. a hard disk is used, on which the payload data is stored blockwise together with each block associated redundant information and in the event that based on the redundant information, an error is detected, the affected block is corrected, stored at another location of the hard disk surface and a block which, in the reading order of a file to which the blocks belong, precedes the erroneous block is referenced to the new location of the corrected block.
  • the corrected block in turn, may be referenced to a block subsequent to the reading order, so that the blocks may continue to be read in sequence even though they are not recorded locally contiguous on the disc surface.

Abstract

L'invention concerne un système de mémoire comprenant une mémoire de données (102) inscriptible et des moyens qui permettent de reconnaître (103) une erreur dans un mot donnée lu dans la mémoire de données (102), de corriger (101) l'erreur et d'enregistrer (101) le mode donnée corrigé à une nouvelle adresse dans une zone libre de la mémoire de données (102).
EP06778041A 2005-08-30 2006-07-28 Systeme de memoire et son mode de fonctionnement Withdrawn EP1924916A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102005040916A DE102005040916A1 (de) 2005-08-30 2005-08-30 Speicheranordnung und Betriebsverfahren dafür
PCT/EP2006/064768 WO2007025816A2 (fr) 2005-08-30 2006-07-28 Systeme de memoire et son mode de fonctionnement

Publications (1)

Publication Number Publication Date
EP1924916A2 true EP1924916A2 (fr) 2008-05-28

Family

ID=37708307

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06778041A Withdrawn EP1924916A2 (fr) 2005-08-30 2006-07-28 Systeme de memoire et son mode de fonctionnement

Country Status (8)

Country Link
US (1) US20090327838A1 (fr)
EP (1) EP1924916A2 (fr)
JP (1) JP4917604B2 (fr)
KR (1) KR20080037060A (fr)
CN (1) CN101253485A (fr)
DE (1) DE102005040916A1 (fr)
RU (1) RU2008111995A (fr)
WO (1) WO2007025816A2 (fr)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2413638B1 (fr) * 2007-09-14 2015-10-07 BlackBerry Limited Système et procédé d'heure de démarrage de contrôle de réception discontinue
JP5813450B2 (ja) * 2011-10-17 2015-11-17 日立オートモティブシステムズ株式会社 電子制御装置
CN103514058B (zh) * 2012-06-29 2016-06-15 华为技术有限公司 一种数据失效的处理方法、设备及系统
JP6102515B2 (ja) * 2013-05-24 2017-03-29 富士通株式会社 情報処理装置、制御回路、制御プログラム、および制御方法
FR3025035B1 (fr) * 2014-08-22 2016-09-09 Jtekt Europe Sas Calculateur pour vehicule, tel qu’un calculateur de direction assistee, pourvu d’un enregistreur d’evenements integre
RU2682843C1 (ru) * 2015-03-10 2019-03-21 Тосиба Мемори Корпорейшн Устройство памяти и система памяти
US9772899B2 (en) * 2015-05-04 2017-09-26 Texas Instruments Incorporated Error correction code management of write-once memory codes
US11481273B2 (en) * 2020-08-17 2022-10-25 Micron Technology, Inc. Partitioned memory having error detection capability

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69033262T2 (de) * 1989-04-13 2000-02-24 Sandisk Corp EEPROM-Karte mit Austauch von fehlerhaften Speicherzellen und Zwischenspeicher
JP2830308B2 (ja) * 1990-02-26 1998-12-02 日本電気株式会社 情報処理装置
US5497457A (en) * 1994-10-17 1996-03-05 International Business Machines Corporation Redundant arrays of independent libraries of dismountable media with parity logging
JPH08234928A (ja) * 1995-02-22 1996-09-13 Matsushita Electric Ind Co Ltd 情報記憶制御装置
JP2002109895A (ja) * 1996-02-29 2002-04-12 Hitachi Ltd 半導体記憶装置
JP3565687B2 (ja) * 1997-08-06 2004-09-15 沖電気工業株式会社 半導体記憶装置およびその制御方法
AU7313600A (en) * 1999-09-17 2001-04-24 Hitachi Limited Storage where the number of error corrections is recorded
EP1096379B1 (fr) * 1999-11-01 2005-12-07 Koninklijke Philips Electronics N.V. Circuit de traitement de données avec une mémoire non-volatile et un circuit correcteur d'erreurs
JP4059472B2 (ja) * 2001-08-09 2008-03-12 株式会社ルネサステクノロジ メモリカード及びメモリコントローラ
JP4213053B2 (ja) * 2004-01-29 2009-01-21 Tdk株式会社 メモリコントローラ及びメモリコントローラを備えるフラッシュメモリシステム、並びに、フラッシュメモリの制御方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2007025816A2 *

Also Published As

Publication number Publication date
WO2007025816A3 (fr) 2007-05-24
JP2009506445A (ja) 2009-02-12
KR20080037060A (ko) 2008-04-29
RU2008111995A (ru) 2009-12-10
DE102005040916A1 (de) 2007-03-08
WO2007025816A2 (fr) 2007-03-08
US20090327838A1 (en) 2009-12-31
JP4917604B2 (ja) 2012-04-18
CN101253485A (zh) 2008-08-27

Similar Documents

Publication Publication Date Title
EP0011685B1 (fr) Dispositif programmable de protection de mémoire pour des systèmes de microprocesseurs et circuit avec un tel dispositif
EP1924916A2 (fr) Systeme de memoire et son mode de fonctionnement
DE4331703C2 (de) Elektronische Einrichtung
EP0046976A2 (fr) Mémoire à semiconducteurs constituée de blocs fonctionnels comprenant des zones de mémoire redondantes
DE19839680B4 (de) Verfahren und Vorrichtung zur Veränderung des Speicherinhalts von Steuergeräten
DE2225841B2 (de) Verfahren und Anordnung zur systematischen Fehlerprüfung eines monolithischen Halbleiterspeichers
DE19927657A1 (de) Partitionierung und Überwachung von softwaregesteuerten Systemen
EP0141160A2 (fr) Montage pour l'enregistrement d'adresses de cellules de mémoire à contenus erronés
EP1043641A2 (fr) Système d'automatisation à sécurité intrinsèque avec un processeur standard et méthode pour un système d'automatisation à sécurité intrinsèque
EP1588380B1 (fr) Procede de reconnaissance et/ou de correction d'erreurs d'acces a la memoire et circuit electronique destine a effectuer le procede
WO2004090732A2 (fr) Unite commandee par programme
EP0141161A2 (fr) Montage pour détecter des erreurs statiques et dynamiques de sous-ensembles de circuit
DE60128596T2 (de) Interrupt-steuerung für einen mikroprozessor
DE102005037226A1 (de) Verfahren und Vorrichtung zur Festlegung eines Startzustandes bei einem Rechnersystem mit wenigstens zwei Ausführungseinheiten durch markieren von Registern
WO2021144271A1 (fr) Procédé et dispositif pour reconfigurer un véhicule à conduite automatique en cas d'erreur
DE10340236B4 (de) Anordnung mit einer Datenverarbeitungseinrichtung und einem Speicher
DE10315638A1 (de) Programmgesteuerte Einheit
EP1246066B1 (fr) Procédé d'opération d'un système commandé par processeur
DE10128996B4 (de) Verfahren und Vorrichtung zur Überwachung von Speicherzellen eines flüchtigen Datenspeichers
EP0613077B1 (fr) Procédé pour générer un signal de remise à zéro dans un système de traitement de données
EP0556430B1 (fr) Procédé de commande d'un système peripherique
EP1246062B1 (fr) Procédé d'opération d'un système commandé par processeur
DE19930144C1 (de) Verfahren zum Erkennen von fehlerhaften Speicherzugriffen in prozessorgesteuerten Einrichtungen
WO2016030466A1 (fr) Procédé de protection de données utiles d'une mémoire et système de traitement électronique
EP4266176A1 (fr) Procédé permettant de faire fonctionner par ordinateur d'une unité de mémoire et d'exécuter des programmes d'application au moyen de mémoire redondante

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080331

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110201