JP2004005627A - Duplex memory system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To achieve high reliability of a computer, and facilitate error correction, repair and replacement during system operation. <P>SOLUTION: A processor 1 and a system bus control device 3 are connected to each other by a CPU bus, the system bus control device 3 and a memory device 4 are duplexed, and these are respectively connected to a pair of system buses 13. Inside the system bus control device 3 and the memory device 4, error detection circuits 6, 80 and 85 to detect error in each bus, comparator circuits 51, 104 and 105 to compare output contents of the buses, bus switching circuits 7, 82 and 83, and mode setting circuits 100, 101 and 102 are provided. Output of the error detection circuits is exchanged between a pair of devices, and the bus switching circuits are controlled in accordance with detection result of the error detection circuits from the other side, and setting contents by the mode setting circuits. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
[Industrial applications]
The present invention relates to a memory device in a highly reliable computer, and more particularly to a configuration method, a diagnosis method, and a failure monitoring method of a redundant memory system.
[0002]
[Prior art]
In the field of a fault-tolerant computer, one of the most common techniques for improving the reliability of a computer is a method of multiplexing a logic circuit that is critical in reliability, such as a processing unit (CPU) or a storage device. Usually, multiplexing of storage devices is basically based on duplication, and one of the duplicated storage devices is configured as a service side and the other is configured as a standby side. In this case, when writing, the same data is written to both sides to maintain consistency, and when reading, only the data on the regular side is output.If an error occurs in the data read from the regular side, the data transfer subject is changed to the standby side. Then, by outputting the correct data, the operation of the system can be continued.
[0003]
However, most of the conventional techniques are limited to only a memory device, and a high reliability method by duplicating a control unit and a connected system bus has not been established. Therefore, the means for separating and diagnosing the failed storage device, the repair and replacement during system operation (hot wire replacement), and the measures to be taken when the system bus connecting the storage device fails are all insufficient.
[0004]
Japanese Patent Application Laid-Open Nos. Sho 59-17796, 01-70847, Japanese Patent Publication No. 60-3225, Japanese Patent Application Laid-Open No. 63-273950, and Japanese Patent Application Laid-open No. 60-238957 In the methods described in JP-A-57-109195 and JP-A-4-233305, the bus to which the storage device is connected is not duplicated, and in most systems, the control unit is duplicated. Had not been done. Furthermore, when an error occurs in the storage device, correct data is guaranteed by switching or restoration at the time of reading, but care is not taken at the time of writing, and performance is reduced due to retry operation and the processing unit side circuit becomes complicated. I was invited. Furthermore, when diagnosing a faulty memory, consideration should be given to not affecting the normal memory, means for repairing and replacing a faulty control unit or memory device during system operation, and reliability when an input / output control device accesses a storage device. Consideration was not sufficient, and there was room for improvement in the overall system reliability.
[0005]
[Problems to be solved by the invention]
As described above, the conventional technique has several problems, and a solution to this problem is to duplicate all components. This cannot be achieved simply by preparing two sets of components, and the following points must be considered in order to always ensure correct continuous operation as a system.
[0006]
Problem 1: To guarantee normal data at high speed in switching of a duplicated system bus and without changing the timing of the system bus even when an error occurs.
[0007]
Problem 2: It is possible to operate normally even if one of arbitrary devices in the duplexed device is not mounted, and to eliminate the need for a special signal line for knowing whether or not the other side is mounted.
[0008]
Problem 3: To specify and diagnose a failure point when an error occurs without affecting a normal part.
[0009]
Problem 4: To easily provide a means capable of continuing a duplex operation even when a data parity error occurs during writing.
[0010]
Problem 5: To sufficiently perform an error check when the system bus is duplicated.
[0011]
Problem 6: When an unrecoverable error occurs in one of the duplicated memory devices, repair and replacement can be performed without stopping the system, and the duplicated operation can be resumed.
[0012]
Problem 7: To be able to easily increase the memory capacity when not used as a dual memory device.
[0013]
Problem 8: When diagnosing a failed input / output control device, writing data to the memory does not cause memory destruction that makes recovery impossible.
[0014]
Problem 9: To be able to connect to a duplicated memory system without reducing reliability without designing a special input / output control device for connecting to a duplicated system bus.
[0015]
Purpose
The present invention has been made to solve the above problems, and has as its object to provide a highly reliable dual memory system.
[0016]
[Means for Solving the Problems]
In order to solve the above problems, the present invention provides a processing device that performs various processes, a pair of system bus controllers connected to the processing device via a CPU bus, and a pair of system bus controllers connected to the pair of system bus controllers, respectively. A pair of system buses, and a pair of memory devices A and B respectively connected to both of the pair of system buses. During a write operation in the processing device, the system bus control device is connected to the pair of memory devices. At the same time, in a redundant memory system in which data is written from the processing device and one of the system bus controllers sends data read from the corresponding memory device to the processing device during a read operation in the processing device, a pair of memory devices A and B respectively has a write enable flag for permitting writing to the memory and a read permission from the memory. A read permission flag for permitting a tooth, and has an address discrimination circuit for discriminating an object of an access for the current address.
[0017]
Further, according to the present invention, a state defining means for defining a state of each memory device according to a combination of the write permission flag and a read permission flag, and each state defined by the state defining means according to a setting by a processing device State transition means for transitioning between the states.
[0018]
Further, according to the present invention, the memory devices A and B may each include a common access space specifying register for specifying a common access space to be accessed by both the memory device A and the memory device B; One has an individual space access designation register for designating an individual access space to be accessed.
[0019]
The present invention also provides a setting means for setting the value of the common access space designation register of the memory device A and the memory device B to the same address, the value of the individual space designation register of the memory device A and the value of the individual space designation register of the memory device B. It has a second setting means for setting a value to a different address, and a third setting means for resetting the address set by these setting means at an arbitrary timing.
[0020]
Further, the present invention has an error injection means for injecting a pseudo error into an arbitrary area of each memory device, and an error state inspection means for inspecting an error state by accessing the error injected area. .
[0021]
Further, the present invention has an injection value setting means for setting an address of an area where an error is injected by the error injection means and a value of data to be injected to different values in both memory devices.
[0022]
Also, the present invention provides a system address error detecting means for each of the memory devices to detect an address error of a system bus, an error address signal line for notifying a detection result of the system address error detecting means to the other memory device, Error address storage means for storing an error-free address in the own device when an error occurs in the other memory device according to the state of the error address signal line notified from the device, and when an address error is detected in the own device Write-inhibiting means for inhibiting writing into the memory of the own device.
[0023]
Further, the present invention provides a system address error interrupt generating means for generating an interrupt signal in accordance with a detection result of the system address error detecting means, and an address stored in the error address storage means when a system address error interrupt occurs. Error recovery means for performing error recovery.
[0024]
[Action]
According to the present invention having the above configuration, the write permission flags of the memory devices A and B permit writing to the memory, the read permission flag permits reading from the memory, and the address determination circuit determines an access target for the current address. As a result, data is written or read in accordance with a combination of the result of the determination by the determination circuit and the two flags.
[0025]
According to the invention, the state defining means defines the state of each memory device according to a combination of the write permission flag and the read permission flag, and the state transition means defines each memory device according to the setting by the processing device. Transition between the states defined in.
[0026]
According to the present invention, the common access space designation register of the memory devices A and B designates a common access space to be accessed by both the memory device A and the memory device B, and the individual space access designation register designates the memory device A or B. One of the memory devices B specifies an individual access space to be accessed.
[0027]
According to the invention, the setting means sets the value of the common access space designation register of the memory device A and the memory device B to the same address, and the second setting means sets the individual memory device A set by the setting means. The value of the space designation register and the value of the individual space designation register of the memory device B are set to different addresses, and the third setting means resets the addresses set by the two setting means at an arbitrary timing.
[0028]
Further, according to the present invention, the error injection means injects a pseudo error into an arbitrary area of each memory device, and the error state inspection means accesses the error-injected area to check the error state. Operation of each function can be confirmed.
[0029]
Further, according to the present invention, the injection value setting means sets the address of the area where the error is injected by the error injection means and the value of the data to be injected to different values in both memory devices.
[0030]
Further, according to the present invention, the system address error detecting means of each of the memory devices detects an address error of the system bus, the error address signal line notifies the other memory device of the detection result, and the other memory device detects the error. The error address storage means stores an error-free address in its own device according to the state of the error address signal line, and when an address error is detected in each device by the prohibiting means of each system bus control device, the memory of its own device is used. Writing to is prohibited.
[0031]
Further, according to the present invention, the system address error interrupt generating means generates an interrupt signal according to the detection result of the system address error detecting means, and the error repairing means also generates the address stored in the error address storage means according to the interrupt signal. And perform error repair.
[0032]
【Example】
Embodiment 1 FIG.
FIG. 1 shows a duplicated memory system according to a first embodiment of the present invention. In FIG. 1, 1 is a processing device (CPU), 2 is a control ROM in which a program for the processing device 1 to perform special processing such as diagnosis is stored, and 3 is a device for controlling the exchange of the processing device 1 with a system bus. A system bus control device, 4 is a memory device, and 5 is built in the system bus control device 3 for determining a system bus control device to which data read from the memory device during normal operation should be sent to the processing device 1. A master determination circuit 6 is built in the system bus control device 3 and an error detection circuit for detecting an error in data read from the memory device 4. The CPU bus switching circuit determines whether to output data. The processing device 1 and the system bus control device 3 are connected by a CPU bus composed of a data signal 8, a low-level interrupt signal 9, a high-level interrupt signal 10, and an address signal 11, and the system bus control device 3 and the memory device 4 are duplicated. And 3a, 3b, 4a and 4b respectively. The duplicated system bus controllers are connected by CPU bus switching signal lines 12a and 12b, the memory device 4a is connected to the system bus controller 3a via the system bus A13a, and the memory device 4b is connected to the system bus B13b via the system bus B13b. It is connected to the control device 3b.
[0033]
Although the duplicated portion is classified into the A system and the B system as described above, in the following description, when discriminating both sides, the component numbers are indicated by adding a suffix a or b to each other. Represented without letters.
[0034]
FIG. 2 shows a detailed configuration of the error detection circuit 6 and the CPU bus switching circuit 7 built in the system bus control device 3 in FIG. In the figure, reference numeral 13-1 denotes a data signal read from the memory device and sent out onto the system bus, and is composed of a data part of 32 bits and a parity part of 4 bits. 14 is a data latch circuit that outputs a data signal 16 obtained by latching the data signal 13-1 with a clock signal 15, 17 is a data latch circuit that outputs a data signal 18 obtained by latching the data signal 16 with a clock signal 15, and 19 is a data signal. 16 is an error detection circuit for performing a parity check, 12 is an error signal line which is output from the error detection circuit 19 and becomes "1" when an error is detected and is used as a CPU bus switching signal line, and 20 is an output of the error detection circuit 19 , A normal signal line which becomes “1” when no error is detected, 21 is a master mode input signal line for selecting a system bus control device to send read data to the CPU bus when no error is detected, and 22 is valid data from the memory device. Is a data valid signal line indicating that the data is transmitted, 23 is a master mode input signal line 21, and a data valid signal line. Line 22, latches the condition the signal output by the AND gates 24, 25 and OR gate 26 the error status signal line 12 and the normal signal line 20, a CPU bus selection latch. 29 is an AND gate for generating a gate signal 32 in accordance with the condition of the output signal 33 of the CPU bus selection latch 23 and the data output timing clock signal 30, and 31 is a signal for transmitting the data signal 18 to the CPU bus when the gate signal 32 is "1". A 3-state buffer which outputs the data signal 8 and keeps the data signal 8 in a high impedance state when the gate signal 32 is "0". A pull-up 34 pulls up the CPU bus switching signal 12 from the other system bus controller. Resistance. An EXOR gate 35 generates an interrupt signal 9 at a low level when one of the CPU bus switching signal lines 12a and 12b is "1". A reference numeral 36 indicates that both the CPU bus switching signal lines 12a and 12b are "1". Is an AND gate that generates a high-level interrupt signal 10 at the time of. The EXOR gate 35 and the AND gate 36 generate two types of interrupt signals for the processing device. FIG. 3 shows the relationship between the occurrence state of the error and the CPU bus switching signal line 12 and the interrupt signal lines 9 and 10.
[0035]
FIG. 4 is a timing chart showing the operation of the error detection circuit and the CPU bus switching circuit shown in FIG. 2, in which respective input / output signals are shown correspondingly. In the figure, T01 to T14 indicate clock cycles based on the clock signal 15.
[0036]
FIG. 5 shows how the data signal 18 is driven as the data signal 8 by the timing of the gate signal 32.
[0037]
FIG. 6 shows details of the master determination circuit 5 inside the system bus control device 3 of FIG. In the figure, reference numeral 37 denotes a flip-flop that stores a mode, and outputs an output signal line 41. 38 is a master change signal line for changing the master, 39 and 40 are negative logic AND gates, and 42 is a negative logic reset signal line for initializing the flip-flop 37 when the power is turned on. When the master determination circuit is incorporated in FIG. 2, the output signal 41 is connected instead of the master mode input line 21.
[0038]
FIG. 7 is a timing chart showing the operation of the master determination circuit of FIG.
[0039]
A schematic operation of the dual memory system configured as described above will be described with reference to FIG. In the initial processing after power-on, the processing device 1 executes a program stored in the control ROM 2 and diagnoses the memory device 4 connected to the system bus 13, and then executes processing such as a disk control device (not shown). A program such as an OS is read into the memory device 4 via the input / output control device, and thereafter, while the system operates normally, the program stored in the memory device 4 is executed. When an error is detected in the system, an interrupt signal 9 or 10 is output to the processing device 1, and the processing device 1 executes a predetermined error processing program in the control ROM 2, and after the error processing is completed, the program stored in the memory device 4. Resume execution.
[0040]
When the processing device 1 accesses the memory device 4 along with the execution of the program, if the writing operation is performed, the writing is simultaneously performed to the memory devices 4a and 4b on both sides via the duplicated system bus control devices 3a and 3b. At the time of the read operation, both the system bus controllers 3a and 3b instruct the memory device to perform a read operation, the data is simultaneously read from the memory devices 4a and 4b, and the system bus controllers 3a and 3b are read via the system buses A13a and 13b. To send out the read data. A master determination circuit 5 is built in the system bus control device 3. If the error detection circuit 6 indicates that there is no error in the data sent from the memory device, the side set as the master is the CPU bus data. 8 and the read data is transmitted. When an error is detected, the system bus controller on the detecting side outputs a CPU bus switching signal line 12 to the other side, and the CPU bus switching circuit 7 causes the system bus controller on the normal side to output the CPU bus switching signal. The read data is transmitted to data 8.
[0041]
Next, detailed operations of the error detection circuit 6 and the CPU bus switching circuit 7 will be described with reference to FIG.
[0042]
In FIG. 2, the system bus controller has a master mode input signal line 21. The master mode input signal line 21a is externally connected to "1" in the system bus controller 3a, and is externally connected to "0" in the system bus controller 3b. It is assumed that In this case, the system bus controller 3a operates as a master, and the system bus controller 3b operates as a slave. The data read from the memory device is input to the system bus control device 3 as a data signal line 13-1 of the system bus together with the data valid signal line 22, and is latched by the data latch circuit 14 by the system clock signal 15, and The output signal line 16 of the circuit 14 is input to an error detection circuit 19 such as parity detection and is supplied to a data latch circuit 17. The data signal line 13-1 is composed of a data part of 32 bits and a parity part of 4 bits. If the data is normal, the error detection circuit 19 sets the normal signal line 20 to "1" and sets the CPU bus switching signal line 12 to "1". If "0", an error is detected, both signals are output with the opposite logic.
[0043]
Assuming that the data is normal, the normal signal line 20a is "1" in the system bus controller 3a on the master side, and the output of the OR gate 26a becomes "1" via the AND gate 24a. The CPU bus selection latch 23a is set to "1" at the timing of the system clock signal line 15a, and the AND gate 29a controls the gate of the three-state buffer 31a of the CPU data bus only during the period when the data output timing clock signal 30a is "1". The signal 32a becomes "1", and the content of the output signal line 18a of the data latch circuit 17a is output to the CPU bus as the data signal line 8.
[0044]
On the other hand, if an error is detected in the data, the normal signal line 20a becomes "0" and the gate signal 32a becomes "0", so that the system bus controller 3a does not output data to the CPU bus. .
[0045]
Next, the operation on the slave side will be described.
[0046]
When no error is detected in the data, the normal signal line 20b is "1" in the slave-side system bus controller 3b, but the master mode input signal line 21b is "0", so that the AND gate 24b is "0". Moreover, since the CPU bus switching signal line 12a from the master system bus control device 3a is also "0", the output of the OR gate 26b is also "0". As a result, the gate signal 32b of the three-state buffer 31b of the CPU data bus becomes "0", and the system bus controller 3b does not output data to the CPU bus. Here, if an error is detected by the master system bus control device 3a, the CPU bus switching signal line 12a becomes "1" and the outputs of the AND gate 25b and the OR gate 26b become "1". The system bus controller 3b on the slave side outputs the data signal line 8 to the CPU bus instead of the system bus controller 3a. For this reason, duplication not only at the memory device but also at the system bus level becomes possible.
[0047]
Next, generation of the interrupt signal lines 9 and 10 for the processing device 1 will be described with reference to FIG.
[0048]
The EXOR gate 35 and the AND gate 36 determine the state of the interrupt signal lines 9 and 10 according to the combination of the CPU bus switching signals 12a and 12b. When the read data from the memory device 4 is normal on both sides, both the interrupt signal lines 9 and 10 become inactive. When an error is detected in one of them, the EXOR gate 35 activates the low-level interrupt signal line 9, and when an error is detected on both sides, the AND gate 36 activates the high-level interrupt signal line 10.
[0049]
The operation of the processing device 1 by these two types of interrupts will be described.
[0050]
The low-level interrupt indicates the occurrence of a so-called minor failure in which correct data has been sent to the processing device 1 despite the detection of an error. The processing device 1 executes a normal program as it is, and performs an error process at a program break (usually at the timing of a task switch). On the other hand, a high-level interrupt indicates a serious failure in which correct data was not sent to the processing device 1, and is used when the processing device 1 should immediately perform error processing.
[0051]
The role of the pull-up resistor 34 in FIG. 2 will be described. This resistor has a meaning when one system bus controller, for example, the system bus controller 3a on the master side is removed by repair and replacement. At this time, since the output signal of the error detection circuit 19a is not driven, the pull-up resistor 34b built in the system bus controller 3b fixes the level of the CPU bus switching signal line 12a to "1". This is the same as the state in which the master system bus controller 3a detects a data error. As a result, the slave system bus controller 3b sends out data.
[0052]
The operation of the error detection circuit 6 and the CPU bus switching circuit 7 of the system bus control device 3 described above will be described with reference to FIG. 4, taking an example in which an error is detected during reading of eight consecutive word data.
[0053]
In the figure, data with white circles indicate data read from the memory device 4a, and data with black circles indicate data read from the memory device 4b, and the system clock signal line 15 connects the system bus signal line 15 in accordance with the timings T01 to T14. The inside of the control device operates in clock synchronization. The figure shows a CPU bus switching signal line 12, a gate signal 32, and a CPU data bus when an error is detected in the third word in the master system bus controller 3a and in the fifth word in the slave system bus controller 3b. The signal 8 and the low-level interrupt signal line 9 are shown. The timing in the figure takes into account the signal delay due to latches and gates. For example, the output signal line 16 of the data latch 14 is output slightly behind the rising edge of the system clock 15 and indicates a more realistic timing. is there.
[0054]
No data error is detected in the first and second words, the gate signal 32a of the system bus controller 3a on the master side becomes "1", and the CPU data bus 8 receives the signals of the system bus controller 3a at the timings T03 and T04. Data, that is, read data from the memory device 4a is output.
[0055]
When an error is detected in the third word, the error is detected at the timing of T04, and the CPU bus switching signal line 12a becomes "1". At the timing of T05, the data of the slave system bus controller 3b, The read data from the device 4b is output, and at the same time, a low-level interrupt signal 9 is output.
[0056]
In the fourth word, since normal data is detected on both sides, switching of the CPU bus does not occur, and data on the master side set as default is output at the timing of T06.
[0057]
For the data of the fifth word, an error is detected on the slave side, but the master side is normal, and the switching of the CPU bus does not occur, and the data on the master side is output at the timing of T07.
[0058]
As shown in FIG. 4, unless an error is detected on the master side, the read data of the memory device connected to the master side is always output to the processing device 1 and connected to the slave side only when an error is detected. The read data of the memory device is output to the processing device 1. Therefore, even when the switching occurs, normal data is supplied to the processing device at the same timing.
[0059]
As illustrated in FIG. 4, only a part of the transfer cycle of the gate signal line 32 of the three-state buffer is set to “1”. This is because if the period is set to "1", the outputs of the three-state buffers on both sides may collide with each other for a short time due to the delay of the element when the CPU bus is switched. As shown in FIG. 5, the data is held on the data bus for a certain period of time by the stray capacitance of the wiring even after the drive is completed, so that the drive time required for design can be determined.
[0060]
In FIG. 2, the master mode switching signal line is used directly for switching the master of the system bus control device 3. However, the master mode can be switched by the processing device 1 by adding a master determination circuit shown in FIG. The operation of the master switching circuit will be described with reference to FIGS.
[0061]
In FIG. 7, when the power is turned on, the master flip-flop 37 is set / reset according to the state of the master mode switching signal line 21 by the reset signal line 42 at timing T20, and the master mode output signal line 41a of the system bus control device 3a is set to "1". And the master mode output signal line 41b of the system bus control device 3b is set to "0". The master flip-flops 37 are synchronously inverted at T21 by the master switching signal line 38 from the processing device 1, the master mode output signal line 41a of the system bus control device 3a is set to "0", and the system bus control device 3b of the system bus control device 3b. Master mode output signal line 41b is set to "1". By using the master mode output signal line 41 as the master mode input signal line 21 in FIG. 2, the mode of the system bus control device 3 can be switched.
[0062]
Embodiment 2. FIG.
FIG. 8 shows a duplicated memory system according to a second embodiment of the present invention, in which a check function of a CPU data bus is added to the first embodiment to further improve reliability.
[0063]
In FIG. 8, reference numeral 50 denotes a data receiver circuit for taking in the CPU bus data 8 into the system bus control device; 51, a data comparison circuit for comparing the output signal line 18 of the data latch circuit 17 with the output signal line 55 of the data receiver circuit 50; Reference numeral 53 denotes an output signal line for outputting "1" when the comparison result of the data comparison circuit 51 does not match. Reference numeral 54 denotes a three-state buffer.
[0064]
FIG. 9 shows that the data read is performed from the side of the system bus control device 3a, the signal line of each data comparison circuit 51 and the normality of the CPU bus data 8 when a part of the circuit of FIG. FIG. 3 is a diagram showing a relationship between high-level interrupt signal lines 10.
[0065]
FIG. 10 is a modification of the second embodiment of the present invention, in which the output signal line 53 of each data comparison circuit 51 is output as it is to the outside of the system bus control device, and the AND circuit 56 and the EXOR circuit 57 output a low-level interrupt signal. 9 and a high level interrupt signal 10. Similarly, FIG. 11 shows the output signal line of each data comparison circuit 51 and the CPU bus data when a part of the circuit of FIG. 8 is a diagram illustrating a normality of the interrupt signal 8 and a relationship between a low-level interrupt signal 9 and a high-level interrupt signal line 10. FIG. Also in FIG. 11, it is assumed that data reading is performed from the system bus control device 3a side.
[0066]
The comparison operation of the CPU data bus of the system bus control device configured as described above will be described with reference to FIG.
[0067]
The data read from the duplicated memory device is temporarily latched by the data latch 17 and supplied to the driver circuit 31 composed of the comparison circuit 51 and the three-state buffer. The master system bus controller 3a operates according to the first embodiment. Outputs the data to the CPU bus via the driver circuit 31a according to the following. The CPU bus data signal 8 is taken into the system bus controllers 3 on both sides through the receiver circuit 50, and is input to the comparison circuit 51. The comparison circuit 51 compares the output of the data latch 17 with the output of the receiver circuit 50, and outputs "0" if they match, and outputs a comparison error signal line 53 if they do not match. By the way, since the master mode output signal line 41a of the system bus controller 3a on the master side is set to "1", the enable signal of the three-state buffer 54a is inverted by the NOT circuit 52a and given "0". The error signal line 53a is not output to the outside. On the other hand, since the master mode output signal line 41b of the system bus controller 3b on the slave side is set to "0", the enable signal of the three-state buffer 54b is inverted by the NOT circuit 52b and given "1". , The error signal line 53b is output via the three-state buffer 54b, and is notified to the processing device 1 as the high-level interrupt signal line 10.
[0068]
Next, the relationship between the comparison error signal line 53, the validity of the CPU data bus 8, and the interrupt signal line 10 when a failure occurs in the middle of the data transfer path will be described with reference to FIG. In this example, the failure location indicates when the data latch 17, the comparison circuit 51, the driver circuit 31, and the receiver circuit 50 have failed, and when all are normal, the correct data is naturally stored in the CPU data bus. Is output, and no interrupt occurs. If the data latch 17a or the driver circuit 31a fails, erroneous data is output to the CPU data bus. This is detected as an error by the slave-side comparison circuit, and a high-level interrupt is generated. The read data error is notified to the processing device 1. . By executing the error analysis processing stored in the control ROM 2, the processing device 1 outputs, for example, the master switching signal line 38, changes from the system bus control device 3a to 3b, reads data from the memory device again, and returns to normal. If there is, a failure of the data latch 17a or the driver circuit 31a can be detected. Thereafter, the system bus control device 3b operates as the master.
[0069]
When the master-side receiver circuit 50a or the comparison circuit 51a fails, the comparison error signal line 53a is output internally, but the interrupt signal line 10 is not output and does not affect the operation. At this time, since normal data is output to the CPU data bus 8, there is no problem. On the other hand, when any one of the receiver circuit 50b, the comparison circuit 51b, and the data latch 17b on the slave side fails, the comparison error signal line 53b is set to “1” despite correct data being output from the master side to the CPU data bus. "And the high-level interrupt signal line 10 is output. Also at this time, since the processing device 1 outputs the master switching signal line, the master is switched to the system bus control device 3b side. To prevent unnecessary switching due to the failure of the slave side, the following method may be used. . That is, the status of the error signal line 53 in the system bus control device is stored in a status register (not shown), and when the processing device 1 executes an error process stored in the control ROM 2, the contents of the status register are checked. . At this time, if no error has occurred on the master side, control may be performed so as not to perform master switching.
[0070]
In FIG. 9, since the data read is assumed to be performed from the side of the system bus control device 3a, the logic of the comparison error signal line 53b and the logic of the high-level interrupt signal line 10 always match. This is because the comparison error signal line 53b is output as the high-level interrupt signal line 10 in FIG. This is shown in FIG. 9 by the fact that the logics in the #B_ERROR and HINTR columns match.
[0071]
Next, an example in which the comparison error signal line 53 is output from the system bus control devices 3 on both sides and two different levels of interrupts are generated by combining these will be described with reference to FIGS. The difference between FIG. 10 and FIG. 8 described above is that the output of the comparison circuit 51 is output to both outsides, and these are generated as an interrupt signal to the processing device 1 by an AND gate and an EXOR gate.
[0072]
When the driver circuit 31a shown in FIG. 11 fails, the comparison error signal lines 53 on both sides become "1" and the high-level interrupt signal line 10 is output. For the other portions, the low-level interrupt signal line 9 is output. Is done. In order to determine the normality of the data output to the CPU data bus, the high-level interrupt signal line 10 should be output even when the data latch 17a fails, but this is the same as in the first embodiment. A solution is to be achieved by adding a parity check circuit to the output and switching the data from the slave side for output. As a result, a low-level interrupt signal can be output as long as the data output to the CPU data bus is normal, and a high-level interrupt signal can be output only when the data is abnormal.
[0073]
Embodiment 3 FIG.
FIG. 12 shows a duplicated memory system according to the third embodiment of the present invention. In the figure, 60 is a driver / receiver on the CPU data bus side built in the system bus control device 3, 61 is a driver / receiver on the system bus side, 62 is a driver / receiver built in the memory device 4, and 63 is a processing device 1 is a parity generation circuit built in 1, 64 is a parity check circuit on the CPU data bus side built in the system bus control device 3, 65 is a parity check circuit on the system bus side built in the system bus control device 3, 66 is A parity check circuit built in the memory device 4, 67 to 69 are status registers for storing the results of the parity check circuits 64 to 66, 70 is an internal bus of the system bus control device, 71 is a memory, and 72 is an inside of the memory device 4. It is a bus.
[0074]
FIG. 13 is a diagram showing an error analysis at the time of a write operation to the memory in the system of FIG. 12, and FIG. 14 is a diagram showing an error analysis at the time of a read operation from the memory. The crosses indicate error detection.
[0075]
The operation of the dual memory system configured as described above will be described with reference to FIG. First, when the processing device 1 writes data to the memory device 4, an error check code such as a parity code is generated inside the processing device and is output to the CPU data bus 8. The system bus control device 3 receives the data with parity output from the processing device 1 by the receiver circuit 60, performs a parity check on the data with the parity check circuit 64, stores the result in the status register 67, and stores the data received by the receiver 60. Is supplied to the driver circuit 61 on the system bus side through the internal bus 70 and is output to the system bus 13. Immediately before the driver circuit, there is a parity check circuit 65, and the check result is similarly stored in the status register 68. Further, the memory device 4 receives the data from the system bus 13 via the receiver circuit 62, performs a parity check by the parity check circuit 66, stores the result in the status register 69, and simultaneously stores the data in the memory device in the memory 71. The contents of the bus 72 are written as they are as a data part and a check code part. If an error is detected somewhere in the data path at the time of writing, an interrupt occurs to the processing device 1 (interrupt signal lines are not shown), and the processing device 1 executes the error analysis program stored in the control ROM 2. Execute to identify the fault location.
[0076]
Next, the contents of the status registers 64 to 66 in which the error detection result at the time of writing is stored and an example of failure analysis will be described with reference to FIG. The probability of occurrence of a failure is based on the circuit scale, assuming that the memory is 1/10000, the bus is 1 / 100,000, the parity generation / inspection circuit and the driver / regiver are 1 / 100,000. It is assumed that a severe fault is 10,000 × 1,000,000 = 1/10 billion. FIG. 13 is created by estimating the combination having the highest failure occurrence probability among the possible failure causes as the cause. Eight types of failures are considered depending on the combination of status registers. Case 1 is a state in which no error has occurred. Case 2 is normal up to the internal bus 70 of the system bus control device. Therefore, a failure of the system bus 13, the driver circuit 61, the receiver circuit 62 of the memory device, or the parity check circuit 66 is considered. Are compared, it is estimated that the system bus 13 has failed. In Case 3, since only the parity check circuit 65 in the middle of the path detects an error, it is estimated that only the parity check circuit 65 has failed. In this case, there is a possibility that the parity check circuits 64 and 66 are faulty and only 65 is correct. The following case may be considered in the same manner.
[0077]
Next, the operation at the time of reading from the memory device 4 will be described with reference to FIG. The memory 71 stores a data portion and an error check code portion. The read data with parity is subjected to a parity check by a parity check circuit 66 and the result is stored in a status register 69. The system bus controller 3 receives the data through the receiver circuit 61 and stores the result of the parity check by the parity check circuit 65 in the status register 68. Further, the result of the parity check by the parity check circuit 64 immediately before the driver circuit 60 of the CPU bus is stored in the status register 67. In the system bus controller 3, when a parity error is detected in the data, the system bus controller that has not detected the error sends the data to the processing device 1 in accordance with the operation of the first embodiment.
[0078]
The contents of the status registers 64 to 66 in which the error detection result at the time of reading is stored and an example of failure analysis will be described with reference to FIG. In FIG. 14 as well, the most probable combination of possible failure locations is the cause. In case 8, since an error is detected immediately after reading from the memory 71, a failure in the memory 71 or an error in the data path at the time of writing is considered. However, the probability is compared to determine the former failure. In case 7, the error is detected at the time of reading from the memory, and after that, an error is detected. Therefore, in case 6, the failure is considered to be a failure of the parity check circuit 65 and the memory 71. The following case may be considered in the same manner.
[0079]
Embodiment 4. FIG.
FIG. 15 shows a duplicated memory system according to the fourth embodiment of the present embodiment. In the figure, reference numeral 80 denotes an error detection circuit inside the system bus control device 3 for detecting an error in data transmitted to the system bus, and 81 a system bus for transmitting the result of the error detection circuit 80 to the other system bus control device. A switching signal line 82 is a system bus switching circuit for switching a system bus, which operates according to the result of the system bus switching signal line 81 from the other party and an internal error detection circuit 80, and 85 is a memory inside the memory device 4 An error detection circuit for detecting an error in the data read from 71, a memory error detection signal line 84 for transmitting the result of the error detection circuit 85 to the memory device of the other party, and a memory error detection signal line 84 for the other party and the internal A system for switching a system bus, which operates according to the result of the error detection circuit 85 It is a scan switching circuit.
[0080]
FIG. 16 is a diagram showing the concept of output data switching in the system bus switching circuit 82 and the error detection circuit 80 in FIG. 15. In FIG. 16, reference numeral 94 denotes a data latch for storing the contents of the data bus 70 inside the system bus control device. 90 is a three-state buffer for system bus A that sends data to system bus A, 91 is a three-state buffer for system bus B that sends data to system bus B, and 86 is an output enable signal of three-state buffer 90 for system bus A. , 87 is an AND gate that generates an output enable signal for the 3-state buffer 91 for the system bus B, 95 is an AND gate that generates an output enable signal for both the 3-state buffers 90 and 91, and 92 is a system bus switch. A low level interrupt is generated by a combination of the signal lines 81a and 81b. Raised to EXOR gate, likewise 93 denotes an AND gate for generating a high level interrupt.
[0081]
FIG. 17 is a diagram showing the concept of input data switching in the system bus switching circuit 83 and the error detection circuit 85 in FIG. 15. In FIG. 17, reference numeral 98 denotes a receiver circuit for taking data from the system bus A13a into the memory device 4, and 99 denotes a receiver circuit. A receiver circuit for taking data from the system bus B13b into the memory device 4, and outputs input data signals 76 and 77, respectively. Reference numeral 83 denotes an error detection circuit that performs a parity check or the like of an input data signal. Reference numeral 73 denotes a selection circuit that selects correct data based on the result of the error detection circuit and outputs the selected data to the internal bus 72 of the memory. When the input switching signal 78 which is the output signal of the NOT gate 74 is "1", the input data line 76 is selected, and when the input switching signal line 79 which is the output signal of the AND gate 75 is "1", the input data line is selected. 77 is selected.
[0082]
FIGS. 18A and 18B are diagrams showing the state of bus switching by the system bus switching circuits 82 and 85 when a failure occurs in the middle of the data bus at the time of writing from the processing device 1 to the memory device 4. FIG. , (B) shows a state in which the receiver in the CPU bus switching circuit 7a has failed, (C) a state in which the system bus A13a has failed, and (D) a data flow in a state in which the driver of the system bus switching circuit 82b has failed. Is shown. In the data flow indicated by the broken line in the drawing, actual data is not output while each three-state buffer is closed.
[0083]
Similarly, FIG. 19 is a diagram showing a state of bus switching by the CPU bus switching circuit 7 and the system bus switching circuits 82 and 85 when the processing device 1 fails in the middle of the data bus when reading from the memory device 4, (A) is a normal state, (B) is a state in which the receiver in the system bus switching circuit 82a has failed, (C) is a state in which the system bus A13a has failed, and (D) is built in the memory device 4. It shows a data flow when the memory 71a has failed.
[0084]
The schematic operation of the dual memory system configured as described above will be described with reference to FIG. When the processing device 1 writes data to the memory device 4, write data from the processing device 1 is supplied to each of the duplexed system bus controllers 3 as the CPU data bus 8, and the system bus controller is connected to the system bus 13. Immediately before sending out the write data, the data parity check is performed by the error check circuit 80, and the result is mutually exchanged as a system bus switching signal line 81. When no error is detected, the master system bus control device 3a Output data to the system bus A13a, and the slave system bus controller 3b outputs data to the system bus B13b. When an error is detected, the above-mentioned system bus switching signal line 81 becomes "1", and the output to the system bus 13 on the side where the error is detected is stopped by the system bus switching circuit 82. The bus controller outputs write data to both system buses. In the memory device 4, the write data output to the system bus is fetched from the system buses 13 on both sides, a parity check is performed by the error detection circuit 85, and the data on the system bus in which no error has occurred is written to the memory 71.
[0085]
When reading data from the memory device 4, the internal error detection circuit 85 performs a parity check on the data read from the duplicated memory 71, and outputs the result as a memory error signal line 84 for mutual notification. If there is no error, the memory device 4a sends data to the system bus A13a and the memory device 4b sends data to the system bus B13b. If an error occurs, the memory device on the side where the error occurred is sent to the system bus by the system bus switching circuit 83. Is stopped, and the other memory device outputs read data to the system buses on both sides. Further, the system bus controller 3 takes in data from the system buses on both sides, performs a parity check in the error detection circuit 6, and outputs the result as a CPU bus switching signal line to notify each other. The system bus control device 3a outputs read data to the CPU data bus 8, and when an error is detected, the system bus control device on the detecting side stops the data output by the CPU bus switching circuit 7, and outputs the data to the system bus on the partner side. The control unit outputs on its behalf.
[0086]
First, a detailed operation when data is written from the processing device 1 to the memory device 4 will be described with reference to FIG. Write data from the processing device is latched by the data latch 94 through the internal bus 70, and a parity check is performed by the error detection circuit 80. The output signal of the data latch 94 is supplied to output buffers 90 and 91 each composed of a three-state buffer. The gate signals of the three-state buffer are the master mode input signal line 21, the system bus switching signal lines 81a and 81b, and the data output. It is controlled by the timing clock signal 30. When no error is detected by the error detection circuits 80a and 80b, the output of the AND gate 86a is "1" and the outputs of the AND gates 87a and 95a are "0" in the master system bus controller 3a. , The output signal of the OR gate 96a becomes "1" and the output of the OR gate 97a becomes "0", and outputs data to the system bus A13a via the output buffer 90a. On the other hand, in the slave system bus controller 3b, the outputs of the AND gates 86b and 95b are "0", the output of the AND gate 87b is "1", the output of the OR gate 97b is "1", and the output of the OR gate 96b is "1". The output becomes "0", and the data is output to the system bus B13b via the output buffer 91b.
[0087]
When a data error is detected by the system bus controller 3a and the output 81a of the error detection circuit 80a becomes "1", the output of the AND gate 86a becomes "0" and the output of the output buffer 90a is stopped. The bus control device 3b sets the output of the AND gate 95b to "1" when the system bus switching signal line 81a from the partner changes to "1", and also sets the output of the output buffer 90b to the enabled state. 13b is output to both sides.
[0088]
Further, in the memory device 4, as shown in FIG. 17, the data of the system buses on both sides are fetched internally by the receiver circuits 98 and 99, and the parity check is performed by the error detection circuit 83. If no error is detected, the error is detected. The output of the detection circuit 83-1 becomes "0", the input data switching signal line 78 becomes "1", and the data of the system bus A13a is selectively output to the internal bus 72. On the other hand, when a failure occurs in the system bus A13a, the output of the error detection circuit 83-1 becomes "1", the input data switching signal line 78 becomes "0", and the input data switching signal line 79 becomes "1". The data of B13b is selectively output to the internal bus 72.
[0089]
When an error is detected by both of the error detection circuits 83-1 and 83-2 (for example, when the system bus 13a fails and the receiver circuit 99a on the master side further fails), the input data switching signal line 78 and the 79 are both "0" and the selection circuit 73a cannot select any system bus. At this time, since incorrect data (which cannot be detected as an error) is written to the memory 71a, a situation in which the incorrect data is sent to the processing device 1 at the time of reading may occur. To avoid this, the following method may be used. That is, when none of the system buses can be selected, error data (for example, all data of "1" for even parity, all data of "0" for odd parity) is generated on the internal bus 72a of the memory. And the error data is forcibly written to the memory. As a result, at the time of reading, the system bus controller 3b on the slave side can send correct read data to the processing device 1 by the operation of the first embodiment.
[0090]
FIG. 15 will be described again. When the processing device 1 reads data from the memory device 4, the operation similar to that of the system bus control device 3 shown in FIG. 16 is incorporated in the memory device so that there is no error in the data read from the memory. For example, the memory device 4a outputs read data to the system bus A13a, and the memory device 4b outputs read data to the system bus B13b. On the other hand, when an error is detected in the read data of the memory 71b incorporated in the memory device 4b, the data output of the output buffer of the memory device 4b is stopped, and the memory error detection signal line 84b is output to the memory device 4a on the other side. This signal causes the memory device 4a to output data to the system buses on both sides. An input data selection circuit similar to the memory device 4 is provided inside the system bus control device 3 and normally outputs read data from the system bus A13a to the internal bus, but an error is detected on the system bus A13a side. Then, the read data of the system bus B13b is output to the internal bus.
[0091]
FIG. 18 illustrates a state of data switching when a part of the components fails in the above-described redundant memory system during a write operation.
[0092]
(A) In the normal state, write data from the processing device 1 is output from the system bus control device 3a to the system bus A13a, from the system bus control device 3b to the system bus B13b, and the memory device 4 stores data in the system bus A13a. Is selected as write data and written to the memory 71.
[0093]
(B) When the receiver in the CPU bus switching circuit 7a has failed, the system bus control signal line 81a is output from the system bus control device 3a, the output buffer of the system bus control device 3a is closed, and the system bus control is performed instead. The device 4b outputs data to the system buses on both sides, and the memory device 4 selects the data on the system bus A13a as write data and writes it to the memory 71.
[0094]
(C) When the system bus A13a has failed, the memory device 4 selects the data on the system bus B13b as write data and writes the data to the memory 71.
[0095]
(D) When the driver of the system bus switching circuit 82b fails, correct data is not output to the system bus B13b, but there is no effect since the memory device 4 writes the data of the system bus A13a.
[0096]
The read operation will be described with reference to FIG.
[0097]
(A) In the normal state, the data read from the memory 71 is output from the memory device 4a to the system bus A13a and from the memory device 4b to the system bus B13b, and the system bus control device 3a reads the data from the CPU bus. Is sent.
[0098]
(B) When the receiver in the system bus switching circuit 82a has failed, an error is detected by the error detection circuit of the system bus control device 3a, and the CPU bus switching signal line 12a is output. 3b outputs data to the CPU bus.
[0099]
(C) When the system bus A13a has failed, an error in the system bus A13a is detected in the system bus controller, the read data of the system bus B13b is used as input data, and the system bus controller 3a transmits data to the CPU bus. Is sent.
[0100]
(D) When the memory 71a incorporated in the memory device 4 has failed, an error is detected by an error detection circuit inside the memory device 4a, and a memory error detection signal line 84a is output. The read data is transmitted to the system buses on both sides, and the system bus controller 3a transmits the data to the CPU bus.
[0101]
Embodiment 5 FIG.
FIG. 20 shows a duplicated memory system according to the fifth embodiment of the present invention. In the figure, 100 is a mode setting circuit that is built in the system bus control device 3 and sets the mode of the CPU bus, 101 is a mode setting circuit that sets the mode of the system bus, and 102 is a mode that is built in the memory device 4 and is the mode of the system bus. A mode setting circuit 104 for setting data, a comparison circuit 104 incorporated in the system bus control device 3 for comparing data of a duplicated system bus, and a 105 incorporated in the memory device 4 for comparing data of a duplicated system bus. This is a comparison circuit.
[0102]
FIG. 21 is a diagram showing the concept of a circuit that controls the CPU bus in the system bus control device 3 and includes a mode setting circuit 100, a data latch 17, a comparison circuit 51, a driver 31, and a receiver 50. The data output of the CPU bus is controlled by the A bus permission signal line 106 output from the mode determination circuit.
[0103]
FIG. 22 is a diagram similarly showing the concept of a circuit in the system bus control device 3 for controlling the system bus. The system bus A is enabled by the A bus permission signal line 106, and the system bus B is enabled by the B bus. The data output of the system bus is controlled by the signal line 107.
[0104]
FIG. 23 is a diagram showing details of the mode setting circuit 101 in FIG. 20 (the same applies to 100 and 102). In the figure, reference numeral 120 denotes a mode setting data signal line; 121, a selector circuit for selecting a mode setting data signal in accordance with the master mode input line 21; 122, an output signal line of the selector circuit 121; A mode latch 125 is a mode latch for storing a mode of the B bus. The mode setting signal line 103 stores the contents of the output signal line 122 of the selector circuit. Each of the mode output signal lines 124 and 126 is connected to a subsequent AND gate. By the combination of the OR gates, an A bus enable signal 106 and a B bus enable signal 107 which are final output signals are output.
[0105]
FIG. 24 is a diagram showing an operation sequence of the mode setting circuit in FIG. 23. T100 is a reset timing, T101 and T104 are mode setting timings, T102 is a timing at which an error is detected on the system bus control device 3a side, and T103 is an error timing. This shows the timing of recovery.
[0106]
FIG. 25 shows the relationship between the operation and the mode of the memory device 4 during the actual operation. FIG. 25A shows the overall flow, and FIG. 25B shows the details of the diagnostic operation (process 142). 24, the power-on process 140 corresponds to T100, the mode change process 143 corresponds to T101, the failure occurrence 145 corresponds to T102, and the mode change process 146 corresponds to T104.
[0107]
The schematic operation of the dual memory system configured as described above will be described with reference to FIG. The mode setting circuits 100 to 102 can independently set four types of modes A, B, C, and D, and the mode setting circuit 100 reads out the data to the CPU data bus 8 by the system bus controller 3. The mode setting circuit 101 controls the output of data, the mode setting circuit 101 controls the system bus controller 3 to output the write data to the system bus, and the mode setting circuit 102 controls the memory device 4 to output the read data to the system bus. The output control of the data to the CPU data bus by the system bus control device 3 includes the state of the mode setting circuit 100, the status of error detection by the error detection circuit 6 inside the system bus control device 3, and the CPU bus switching signal from the other party. Controlled by line 12. Data output to the system bus by the system bus control device 3 is controlled by the state of the mode setting circuit 101, the status of error detection by the error detection circuit 80 inside the system bus control device 3, and the system bus switching signal line from the other party. 81. The output control of data to the system bus by the memory device 4 is controlled by the state of the mode setting circuit 102, the status of error detection by the error detection circuit 85 inside the memory device 4, and the system bus switching signal line 84 from the other party. Is done.
[0108]
The output circuit of each bus has a comparison circuit for comparing the contents of the bus and outputting the result to the outside to generate an interrupt signal line. The input data is input again for comparison, and the contents of the two system buses are compared on the system bus side.
[0109]
Next, a detailed operation on the CPU bus side of the system bus control device 3 will be described with reference to FIG. In a normal operation, the mode setting circuit 100a is set to the mode A and the mode setting circuit 100b is set to the mode B. Data read from the memory device is supplied to the data latch 17 via the internal bus 70 of the system bus control device 3. And a parity check is performed by the error detection circuit 6. In the system bus controller 3a in mode A, if no error is detected by the error detection circuit 6a, the output 106a of the mode setting circuit 100a becomes "1", and the read data is output from the driver circuit 31a to the CPU data bus 8. You. When an error is detected, the output 106a of the mode setting circuit 100a becomes "0" to stop outputting data, and "1" is output to the CPU bus switching signal line 12a.
[0110]
In the mode B system bus controller 3b, if the CPU bus switching signal line 12a from the other party is "0", the output 106b of the mode setting circuit 100b becomes "0" and no data is output to the CPU data bus. When no error is detected by the error detection circuit 6b, when the CPU bus switching signal line 12a from the other party becomes "1", the output 106b of the mode setting circuit 100b becomes "1", and the read data is transmitted to the CPU data bus. 8 is output. When the system is powered on, the mode setting circuits 100 on both sides are set to mode D, the output 106 of the mode setting circuit 100 is always "0", and this system bus control device outputs read data to the CPU data bus. There is no. (It should be noted here that the CPU bus is not duplicated like the system bus, so that output to the CPU data bus is permitted only to one of the mode A and B system bus controllers. Therefore, modes A and B have different meanings from those in control of a system bus described later. For the same reason, mode C is not used in control of the CPU bus.)
[0111]
The mode A system bus controller 3a further inputs its own output data via the receiver circuit 50a, compares the input signal line 55a with the output signal line 18a of the data latch 17a, and outputs the mode B system bus signal. The control device 3b inputs the output data of the other party via the receiver circuit 50b, and compares the input signal line 55b with the output signal line 18b of the data latch 17b. If the comparison result is different, the comparison error signal line 53 becomes "1", and this signal is output from the mode B system bus controller 3b to the outside via the three-state buffer 54b, and the high-level interrupt signal line 10 To the processing apparatus 1, and the processing apparatus performs error analysis as shown in FIG.
[0112]
Since the output control to the system bus by the system bus control device 3 is equivalent to that of the memory device, the output control to the system bus by the memory device 4 will be described next with reference to FIG. In the normal operation mode, the mode setting circuit 102a is set to the mode A and the mode setting circuit 102b is set to the mode B, and the data read from the memory is latched in the data latch 94 via the internal bus 72 of the memory device. At the same time, a parity check is performed in the error detection circuit 85. In the memory device 4a in mode A, if no error is detected by the error detection circuit 85a, the output 106a of the mode setting circuit 102a becomes "1" and the output 107a becomes "0", and the read data is transmitted from the driver circuit 90a to the system bus A13a. Is output. When an error is detected, the outputs 106a and 107a of the mode setting circuit 102a both become "0", the output of data is stopped, and the system bus switching signal line 84a is output to "1". When no error is detected and the system bus switching signal line 84b from the other party goes to "1", the outputs 106a and 107a of the mode setting circuit 102a both go to "1", and the read data is sent from the driver circuits 90a and 91a. It is output to both system buses A13a and 13b.
[0113]
On the other hand, in the memory device 4b in mode B, when no error is detected by the error detection circuit 85b, the output 106b of the mode setting circuit 102b becomes "0" and the output 107b becomes "1", and the read data is transferred from the driver circuit 90b to the system bus. B13b. When an error is detected, the outputs 106b and 107b of the mode setting circuit 102b both become "0", the output of data is stopped, and the system bus switching signal line 84b is output to "1". When no error is detected, when the system bus switching signal line 84a from the other party goes to "1", the outputs 106b and 107b of the mode setting circuit 102b both go to "1" and the read data becomes the driver circuits 90b and 91b. To both system buses A13a and 13b
Is output.
[0114]
Further, the memory devices 4 on both sides input the data of the duplicated system bus via the receiver circuits 108 and 109 and compare the data by the comparison circuit 105. The comparison result is an error output signal of the internal error detection circuit 85 ( The signals are processed by the system bus switching signal line 84) and the OR gate and output to the outside, and the conditions are taken by the AND gate 93 and the EXOR gate 92 to generate interrupt signals of different levels for the processing device 1. When receiving the interrupt, the processing device 1 performs the error analysis processing as shown in FIG.
[0115]
The configuration and operation of the mode setting circuit will be described with reference to FIGS. 23 and 24, taking the case of the mode setting circuit 101 incorporated in the system bus control device 3 as an example. First, when the power is turned on, the reset signal line 42 becomes "0" at the timing of T100, the mode latches 123 and 125 are reset and the outputs become "0", and both the mode setting circuits 101a and 101b operate in the mode D (initial mode). ). In mode D, the outputs of the AND gates 127, 129 and 134 become "0", so that the bus permission signal lines 106 and 107 both output "0".
[0116]
Next, when the processing device outputs the mode setting signal line 103 with the data “1001” corresponding to the mode to be set in the data signals 120-1 to 120-4 at the timing of T101 in FIG. Selects two of the input data 120 according to the state of the master mode input line 21. Since the master mode input line 21a of the system bus control device 3a is "1", the input data 120-1 is input to the output signal 122-1a of the selector circuit, and the input data 120-1 is output to the output signal 122-2a of the selector circuit. 120-3 is output, while the master mode input line 21b of the system bus control device 3b is "0". Therefore, the input signal 120-2 is input to the output signal 122-1b of the selector circuit, and the output signal 122-2 of the selector circuit is output. The input data 120-4 is output to -2b, the mode setting circuit 101a is set to mode A, and the mode setting circuit 101b is set to mode B. Conversely, the mode A is a mode in which the mode output signal 124a is "1", the mode output signal 126a is "0", and "1" is output to the bus permission signal line 106a and "0" is output to 107a. Can be defined. Similarly, in mode B, the mode output signal 124b is "0", the mode output signal 126b is "1", and "0" is output to the bus permission signal line 106b and "1" is output to 107b.
[0117]
By the way, when the error detection circuit 80a of the system bus control device 3a detects an error in the timing from T102 to T103 in FIG. 24, that is, when the system bus control device 3a is in the mode A and the system bus control device 3b is in the mode B, The internal error signal line 81a becomes "1", the AND gates 127a, 129a and 134a become "0", and the A bus permission signal line 106a and the B bus permission signal line 107a both become "0". On the other hand, in the system bus control device 3b, since the system bus switching signal line 81a (logically the same as the internal error signal 81a) becomes "1", the output of the AND gate 134b becomes "1" and the OR gates 132b and 133b Both the output A bus permission signal line 106a and the output B bus permission signal line 107a become "1".
[0118]
Further, when the processing device outputs the mode setting signal line 103 with data “0101” corresponding to the mode to be set in the data signals 120-1 to 120-4 at the timing of T104 in FIG. 24, the system bus control device 3a Of the mode latches 123a and 125a are both "0", the mode setting circuit 101a returns to the mode D, and the bus permission signal lines 106a and 107a are both "0". On the other hand, the mode latches 123b and 125b in the system bus controller 3b are both set to "1", the mode setting circuit 101a is set to the mode C, and the bus permission signal lines 106b and 107b are both set to "1".
[0119]
When the mode setting circuit is used in the above-described redundant memory system, processing such as diagnosis, replacement, and recovery can be easily performed. An example in which this function is used in the memory device 4 will be described with reference to FIG.
[0120]
The duplicated memory devices are indicated by A system and B system, respectively, and perform processing while changing the mode setting in synchronization with each other. First, power is turned on to both memory devices in process 140, and both processes are set to mode D by process 141 at the time of reset, so that neither memory outputs data.
[0121]
Next, the initial diagnosis of the memory by the write, read, and comparison check in the process 142 will be described with reference to FIG. In order to diagnose the memory, it is necessary to read the write data independently from the duplicated memory device. Therefore, first, the memory device of the A system is set to the mode C in the process 142-1a, and the B device is changed to the mode C in the process 142-1b. The memory device is set to mode D so that read data is output only from the memory of the A-system, and writing, reading, and comparison are performed on the memory device in process 142-2a. Therefore, the memory device of the A system is diagnosed. At this time, the data is also written in the memory device of the B system, but does not affect the diagnosis result of the A system. Next, the memory device of system A is set to mode D and the memory device of system B is set to mode C in process 142-3, and the memory device of system B can be tested in process 142-4b.
[0122]
When the initial diagnosis of the memory device by the process 142 is completed, the normal operation process 144 is performed by setting the memory device of the A system to the mode A and the memory device of the B system to the mode B in the process 143, that is, the system bus A13a. Means that the memory device of the A system sends out the read data, the memory device of the B system sends out the read data to the system bus B13b, and when an error is detected in one of them, the other side sends out the data to both system buses. , A dual memory operation. If the memory device of the system A fails due to the failure 145a, the memory device of the system B responds with correct data, and the processing device 1 performs a failure analysis based on the interrupt. By setting the memory device of system A to mode D and the memory device of system B to mode C in 146, the memory device of system A is disconnected from the system bus. Thereafter, the B-system memory device sends the read data to the system buses on both sides, so that the A-system repair / replacement process 147a can be performed.
[0123]
When a new memory device is inserted into the system A by the exchange process, the memory device of the system A is set to the mode D by the reset process, and thereafter, data is read from the memory device of the normal system B by the process 150, and the data is transferred to the memory device of the new system A. Perform a copy operation to write. When the copying is completed, the memory device of the A system is set to the mode A and the memory device of the B system is set to the mode B in the process 151, and the normal dual memory operation can be restored.
[0124]
Embodiment 6 FIG.
FIG. 26 shows a duplicated memory system according to the sixth embodiment of the present invention. In the figure, reference numeral 170 denotes a permission flag built in the memory device 4 for controlling writing and reading of the memory, 171 a control circuit for generating memory access timing, and 172 an address discriminating circuit for determining an access address to the memory device. , 173 are error injection circuits for forcibly writing errors to the memory 71, and 177 is an input / output control device connected to both of the duplicated system buses.
[0125]
FIG. 27 is a diagram showing the internal configuration of the memory device 4, which includes a permission flag 170, an address determination circuit 172, a driver 220, a receiver 221, a parity generation circuit 239, and the memory 71. In the figure, the permission flag is composed of a read permission flag 170-1, a write permission flag 170-2, and a parity generation permission flag 170-3. The combination of these outputs controls writing, reading, and parity generation to and from the memory.
[0126]
FIG. 28 shows the details of the address discriminating circuit in FIG. 27. The address discriminating circuit includes a common space specifying register 231, an individual space specifying register 232, an I / O address discriminating circuit 230, comparing circuits 233 and 234, and an AND gate 237. A common space write signal line 210, an individual space write signal line 211, a common space read signal line 212, and an individual space read signal line 213 are generated as output signals.
[0127]
FIG. 29 is a diagram showing the division of the address space when accessing the system bus. 200 shows the entire memory space, 201 shows the entire I / O space, (A) shows the allocation at the time of the duplex operation, and (B) ) Shows the assignment at the time of unification. The memory space is further divided into a common access space 202 and an individual access space 203.
[0128]
FIG. 30 is a diagram showing a state in which the memory device in FIG. 26 makes a state transition according to the permission flag 170. Depending on a combination of the permission flags, a disconnection operation state 181, a normal operation state 183, a restoration operation state 184, and a protection operation are performed. The state is defined in the state 185, and transition between the states is caused by occurrence of an error or rewriting of the permission flag. The separation operation state 181 is a state in which both writing and reading are impossible, the normal operation state 183 is a state in which writing and reading are possible, the restoration operation state 184 is a state where only writing is possible, and the protection operation state 185 is a state where only reading is possible.
[0129]
FIG. 31 shows data when different data and error states are injected into the diagnostic areas of the memories 71a and 71b by the error injection circuit 173 and the individual space access, and are read out by the common space access.
[0130]
FIG. 32 shows the concept of a configuration in which an address error detection circuit 176 is provided inside the memory device 4 and its output is exchanged between the memories, and if an error is detected on the other side, the correct address is stored in the error address register. FIG. 33 shows details.
[0131]
A schematic operation of the dual memory system configured as described above will be described with reference to FIG.
[0132]
The permission flag 170 in the memory device 4 is composed of three bits of a read permission flag, a write permission flag, and a parity generation permission flag, and the address discrimination circuit 172 discriminates a common access space and an individual access space. When performing a write operation using the common access space from the processing device 1, if the write enable flag is "1", the parity is generated and written to the memory 71 regardless of the state of the parity generation enable flag, and the write permission is performed. If the flag is "0", no writing is performed. When the processor 1 performs a write operation using the individual access space, the write is performed in the memory device 71 irrespective of the state of the write permission flag. However, if the parity generation permission flag is “0”, the parity is generated. Without writing to the memory device 71.
[0133]
Next, when reading from the processing device 1 using the common access space is performed, the reading is performed if the reading permission flag is "1", and the reading is not performed if the reading permission flag is "0". When reading using the individual access space from the processing device 1, the reading is performed regardless of the state of the read permission flag.
[0134]
The input / output control device 177 is connected to both system buses. The system bus switching circuit is configured in the same manner as the system bus control device in the fifth embodiment, and when reading data from the memory device 4, an error occurs. Use the data of the system bus on the other side.
[0135]
Next, the circuit configuration and operation of the permission flag 170, the address determination circuit 172, and the error injection circuit 173 will be described with reference to FIGS. The permission flag 170 includes a read permission flag 170-1, a write permission flag 170-2, and a parity generation permission flag 170-3, and is input from the system bus in accordance with a permission flag setting signal line 225 output from the address discrimination circuit 172. The contents of the data signal lines 224-1 to 224-3 are latched. In the initial state, all the flags are initialized to “0” by the reset signal 42. A gate signal 222 for outputting read data to the system bus is formed by a read enable signal line 214 that is an output of a read enable flag, a common space read signal 212 that is an output of the address determination circuit 172, and an individual space read signal 213. It is determined. First, in reading from the individual space, the individual space read signal 213 becomes “1”, so that the gate signal 222 of the driver circuit 220 becomes “1” by the function of the OR gate 219 regardless of the state of the read permission signal line 214. , And outputs read data from the memory 71 to the system bus. On the other hand, in reading from the common space, even if the common information read signal 212 becomes "1", the read data is not output to the system bus unless the read permission signal line 214 is "1" by the AND gate 218.
[0136]
In writing to the individual space, the individual space write signal 211 becomes “1”, and the function of the OR gate 217 causes the memory write signal line 162 to become “1” regardless of the state of the write enable signal line 215. Data is written to the memory 71. On the other hand, in writing to the common space, even if the common space write signal line 210 becomes "1", the memory write signal line 162 becomes "1" unless the write enable signal line 215 is "1" due to the presence of the AND gate 216. ", And writing to the memory 71 is not performed. The parity generation circuit 239 has a function of controlling parity generation by controlling the parity generation permission signal line 163. When the parity generation permission signal line 163 is "1", parity data is normally generated and "0". In the case of, an error is generated. Therefore, in writing to the common space, the common space write signal line 210 is set to "1", so that correct parity is always generated. However, in the case of the individual access space, when the parity permission flag signal line 338 is set to "1". Only the correct parity is generated. When this function is used in the write operation of the individual space, an operation of intentionally writing data that causes a parity error to the memory 71, that is, error injection can be performed.
[0137]
Further, the above-mentioned address discriminating circuit 172 is configured as shown in FIG. 28, and the I / O address discriminating circuit 230 decodes a unique address provided for register access to the memory device. Here, the conditions of the address signal line 13-2 of the system bus, the master mode input line 21, and the write signal line 13-4 of the system bus are taken, and a common space designation register setting signal line 235, an individual space designation register setting signal line 236, And a permission flag setting signal line 225. The common space register latches the value of the data signal line of the system bus by the setting signal line 235, and the individual space register 232 latches the value of the data signal line of the system bus by the setting signal line 236. When the processing device 1 accesses the memory space, the comparison signal 233 compares the address signal line 13-2 on the system bus with the contents set in the common space designation register. Becomes "1". At this time, when the write signal line 13-4 is "1", the common space write signal line 210 becomes "1" and the read signal line 13-3 becomes "1" by the AND gate 237-3. In this case, the common space read signal line 212 is set to "1" by the AND gate 237-4. Similarly, the setting contents of the individual space designation register are compared by the comparison circuit 234, and if they match, the individual signal access signal 229 becomes "1" and the individual space write signal 211 or the individual space read signal line 213 becomes "1". Become.
[0138]
An example of allocating the address space of the memory device 4 using the function of the address determination circuit 172 operating as described above will be described with reference to FIG. (In FIG. 29, entities indicated by 200 to 207 are memory areas having respective widths.) FIG. 29A shows a setting example when operating as a dual memory. The address 202-1 of the common access memory A / B space is set in the common space register 231a, and the address 203-1 of the individual access memory A space is set in the individual space register 232a. Next, for the memory device 4b, the address 202-1 of the common access memory A / B space is set in the common space register 231b, and the address 203-2 of the individual access memory B space is set in the individual space register 232b. With this setting, in the access to the common space 202-1, both the memory device 4a and the memory device 4b are targeted. In the access to the individual access space 203-1, only the memory device 4a is used, and in the access to the individual space 203-2. Is intended only for the memory device 4b, and can operate as a duplicated memory.
[0139]
As shown in FIG. 29B, the common space register 231a is shared with the address 202-3 of the common space access memory A space for the memory device 4a, and the common space register 231b is shared with the memory device 4b. When the address is set to the address 202-4 of the space access memory B space, the memory device 4a is enabled for access to the common address space 202-3, and the memory device 4b is enabled for access to the common address space 202-4. It is possible to provide twice the memory capacity as compared with the operation.
[0140]
Next, using the above-described permission flag 170 and the access function of the common and individual spaces, the normal operation from power-on, and the repair and repair / replacement of the failed memory are described by a combination of the read permission flag and the write permission flag. It will be described with reference to FIG. 30 together with the defined state transition. First, as a state definition, the normal operation state 183 has a read permission flag and a write permission flag of “1”, the repair operation state 184 has a read permission flag of “0” and a write permission flag of “1”, and the protection operation state 185 has a read permission. The flag is “1”, the write permission flag is “0”, the disconnection operation state 181 is a state in which the read permission flag and the write permission flag are “0”, and the system power is not turned on or the memory device is removed from the system. The defined state 180 is supplementarily defined.
[0141]
First, when the power of the system is turned on, a transition 186 is made from the state 180 to a disconnection state 181. In this state, a memory diagnosis 188 such as writing, reading and comparison check is performed on the memory 71 by using the individual space access for each memory device. It moves to 183. In state 183, the memory device performs a duplex operation and remains in state 183 when no error has occurred and when a single data parity error has occurred. When a data parity error occurs repeatedly, the memory device is disconnected by the transition 191 to the state 181 for failure diagnosis, but the memory device on which no error has occurred remains in the normal operation state 183.
[0142]
When the normal memory device is in the state 183 and the faulty memory device is in the disconnection state 181, the repair process is checked for the faulty memory device by the diagnostic processing 188. Since the access to the memory device by the device 177 is performed on the common space, the normal memory device responds and the normal operation is guaranteed. If it is determined that the repair is impossible, the maintenance personnel replaces the new memory device with the new memory device. The new memory device is first inserted into the disconnection operation state 181 and diagnosed. By the way, once transition to the disconnection state 181, there is a difference in contents from the normal memory device, so that it is not possible to transition to the normal operation state 183 as it is. Therefore, the transition to the restoration operation state 184 is made by the transition 196 at the end of diagnosis. In the repair operation state 184, data is read from the normal memory device in the common space, and data is written to both the normal memory device and the memory device to be repaired by writing by common space access. When the copy process 194 of all areas is completed, both memory devices are returned to the normal operation state 183 again by the restoration completion transition 193, and the dual memory operation is restored. During this time, since the access to the memory device by the input / output control device 177 is performed on the common space, the write operation is performed on both the memory devices, and the read operation is performed by the normal memory device in the state 183. Normal operation is assured.
[0143]
When an address parity error occurs in the normal operation state 183, the memory contents of the address are not reliable in the data of the memory device in which the error has occurred. Move to state 184. Even in the repair operation state 184 after the occurrence of the address parity error, writing to the memory device in which the error has occurred is continued. Only the place where it occurred. Then, after performing necessary restoration processing, it is possible to return to the normal operation state 183.
[0144]
A method of using the protection operation state 185 will be described. The mode is switched to the protection operation state by the mode switching processing 197 from the processing apparatus 1. For example, when diagnosing a failure of the input / output control device 177 connected to the system bus 13, this device does not always execute a correct write to the memory device, and a diagnosis involving writing to the memory device may be performed carelessly. For example, the contents of the memory 71 can be destroyed. Therefore, one of the duplicated memory devices is set to the protection operation state 185 to prevent the contents of the memory from being destroyed, and the diagnosis is executed. Shall be copied. As a result, even if the input / output control device performs an illegal write operation, the memory can be restored to a normal memory. If the input / output control device operates normally, the write data is written to the memory device in the normal operation state 183 in which the write permission flag remains “1”. Can be diagnosed.
[0145]
Next, an error injection state using the error injection circuit in FIG. 26 and a diagnosis method using this function will be described with reference to FIGS. An area 71-1 in FIG. 31 is a normal area in which programs and data are stored, and areas 71-2 to 71-5 are used as diagnostic areas. First, the parity permission flag of the memory device 4a is set to “1”, and the data “8888” is written to the area 71-2a and the data “AAAAA” is written to the area 71-4a by the individual space access of the memory device 4a, thereby making the normal operation. Data is generated. Next, the parity permission flag of the memory device 4a is set to "0", and data "9999" is written in the area 71-3a and data "BBBB" is written in the area 71-5a by the individual space access of the memory device 4a. Data including a parity error is generated. Similarly, for the memory device 4b, the normal data of the data "CCCC" and "DDDD" is stored in the areas 71-2b and 71-3b, and the data "EEEE" and "FFFF" are stored in the areas 71-4b and 71-5b. The data including the parity error of "" is written.
[0146]
As described above, while the normal data and the data including the parity error are written in the diagnostic area, the processing device 1 reads the diagnostic area at regular intervals by a function such as a timer, and an error occurs in the memory. In this case, the function of outputting the contents of the memory on the normal side and the function of generating a high-level interrupt when an error is detected in both memories (operation in the fourth embodiment) can be diagnosed. That is, if the function is normal, the memory 71a responds to the reading of the area 71-2 and the data “8888” is returned, and the normal data “DDDD” of the memory 71b is read and the area 71- In reading 5, a high-level interrupt occurs because both memories are in error. When the error detection means 85a in the memory device 4a is not operating normally, "9999" of the error data is read by reading the area 71-3, and the failure portion can be determined.
[0147]
Next, detection of an address error will be schematically described with reference to FIG. When the memory device 4 is accessed from the processing device 1, the parity check of the address signal of the memory is performed by the address error detection circuit 176, and the result is output to the other memory device as the address error detection signal line 175 and the error is detected. Is detected, the internal read permission flag is set to "0" to prohibit reading. On the other hand, the memory device that has detected the change of the address error signal line 175 of the other party stores the address in the error address register 174, and the processing device 1 that knows the occurrence of the address error due to the interruption has the fault stored in the control ROM 2. The analysis and restoration program is executed, and the memory address where the error has occurred is read from the error address register 174 in the normal memory device. By reading and rewriting the contents of the memory indicated by this address, the contents of the memory in which the error has occurred are restored to normal data.
[0148]
Of the above operations, details of the address error detection and the error address register will be described with reference to FIG. The address error detection circuit 176a performs a parity check of the address signal line 13-2a on the system bus, and outputs an address error signal line 175a to "1" when detecting an error. This signal internally resets the read permission flag 170-1a to "0", and sets the write signal line 162 to "0" by the AND gate 216 to prohibit writing to an erroneous address. On the other hand, when an address error is detected in the memory device 4b on the other side, the address error signal line 175b from the other side becomes "1", and the contents of the address signal line 13-2a at this time are stored in the error address register 174a. Is stored in When an address error occurs during reading, if a signal corresponding to the memory error detection signal line 84 in FIG. 15 is output, a memory device in which no error has occurred outputs read data. Data can be guaranteed. Moreover, in the memory device in which the address error has occurred, only the portion in which the error has occurred has not been rewritten, and can be easily repaired. An interrupt signal when an address error occurs is generated by the EXOR gate 92 and the AND gate 93 under the conditions of the address error detection signal lines 175a and 175b. When an address error occurs in one of the memory devices, the output of the EXOR gate 92 becomes "1", a low-level interrupt signal 9 is output, and when an address error occurs in both memory devices, an AND gate is output. The output of 93 becomes "1", and the high-level interrupt signal 10 is output. A low-level interrupt indicates that the errored access address is stored in the address error register in a normal memory device and can be repaired. A high-level interrupt cannot identify the errored access address. Indicates that the restoration process is not possible.
[0149]
Embodiment 7 FIG.
FIG. 34 is a diagram showing detection of a data error inside the memory device of the redundant memory system according to the seventh embodiment of the present invention. In the figure, 240 is a receiver for inputting an address, 241 is an error upper limit register for setting an upper limit of the number of errors that occur in advance, and 244 is an error upper limit for writing a value to the error upper limit register 241. The register setting signal line 245 is an error detection circuit, 247 is an error accumulation counter that is incremented by an error detection signal 246 output from the error detection circuit 245, and is decremented by an external error correction signal line 256. A comparison circuit for comparing the output of the register 241 with the output of the error accumulation counter 247 and outputting two types of interrupt signal lines in accordance with the comparison result. 252 is a plurality of error address registers for storing the address where an error has occurred. Error address register write signal 25 Is a selector for selecting and outputting data stored in the memory or the error address register 252, and 259 is a signal for selecting the output signal 255 of the selector 254. When the read data 233 is "1", it is a selector switching signal for performing control for selecting and outputting the contents of the error address register 252-2 when the error address register 252-1 is "2". Note that the error upper limit register setting signal line 244, the error correction signal line 256, and the selector switching signal 259 are generated by, for example, decoding the address accessed by the processing device by the address determination circuit 172 of FIG.
[0150]
The operation of error detection configured as described above will be described with reference to FIG. First, when the power is turned on, the error accumulation counter 247 is initialized to “0”. ("2" in this embodiment) is set. Thereafter, when a normal memory access operation is performed, "0" is output to the selector switching signal 259, and the parity check is performed on the read data 223 from the memory 71 by the error detection circuit 245, and an error occurs. If not, it is output to the system bus 13-1 via the selector 254 and the driver circuit 220. When an error is detected, the error detection signal line 246 becomes “1”, and the content of the error accumulation counter 247 is incremented. The comparison circuit 249 compares the content set in the error upper limit value register 241 with the content of the error accumulation counter 247. The interrupt signal line 9 is set to "1", and if it exceeds, the high-level interrupt signal line 10 is set to "1".
[0151]
By the way, when the error detection signal line 246 becomes "1", the write control circuit 257 switches the content of the address signal 251 to be written to which error address register according to the content of the output signal 248 of the error accumulation counter. Perform In other words, in the initial state, the content of the error accumulation counter 247 is "0", so that the write signal line 258-1 is output, so that the error address is written in the error address register 252-1. Since the content of the error accumulation counter 247 is "1", an error address is written to the error address register 252-2 by outputting the write signal line 258-2. The addresses in which the error has occurred are sequentially stored in the error address register 252. When the processing device receives the low-level interrupt and accesses the error address register 252-1 by the fault recovery processing, the selector switching signal is output. 259 becomes "1", and the contents of the error address register 252-1 are output to the system bus via the selector 254 and the data driver 220. The processor can know the address where the error has occurred in this way, and restores the contents of the memory where the parity error has occurred by reading out the data of the memory indicated by this address and writing the same at the same address. The post-processing device decrements the content of the error accumulation counter 247 by the error correction signal line 256. By the way, access to the memory device is executed even before the processing device accepts a low-level interrupt. If a parity error occurs at another address, if the error is less than the number of error address registers, the generated address is stored. be able to. If an error occurs beyond the number of error address registers, the high-level interrupt signal line of the comparison circuit 249 becomes "1", and the occurrence of an unrecoverable serious fault is notified to the processing device. Using the functions of the mode setting circuit and the like described in Example 5, the corresponding memory device is disconnected.
[0152]
Embodiment 8 FIG.
FIG. 35 shows a redundant memory system according to the eighth embodiment of the present invention, in which a normal input / output control device 260 having only a single bus is connected via a redundant bus conversion adapter 261. 36 and 37 show the detailed configuration of the duplex bus conversion adapter 261.
[0153]
In FIG. 36, reference numeral 263 denotes a driver / receiver circuit for an address signal, 264 denotes a driver / receiver circuit for a data signal, and 269 denotes a parity generation for generating an address parity when the normal input / output control device 260 accesses the system bus. 271 is a parity generation circuit for generating data parity, and 270 is for checking the parity of the duplicated address bus and selecting the correct address when accessing a normal input / output control device from the system bus. 272 is a parity check selection circuit for selecting data.
[0154]
In FIG. 37, reference numeral 276 denotes an address area register for setting an address area to which the normal input / output control device 260 can access, and 278 denotes an address which the normal input / output control device 260 intends to output to the system bus; This is a comparison circuit that compares the contents of the address area register 276 and controls the gate of the driver of the system bus according to the result.
[0155]
An operation outline of the input / output control device of the redundant memory system configured as described above will be described with reference to FIG. The input / output control device 177 is designed for a duplicated memory system, and can access the system buses on both sides. On the other hand, the ordinary input / output control device 260 is an existing device that is not aware of a duplicated memory system, and can be connected to only one system bus itself. , An error check code, an address check, etc., to improve reliability.
[0156]
Next, the detailed operation of the duplex bus conversion adapter 261 will be described with reference to FIG. The normal input / output control device 260 is connected to the duplexed bus conversion adapter 261 by an address signal line 262-2 and a data signal line 262-1 each having no parity code. When accessing the device 1, the parity code is added to the address signal line 262-2 by the parity generation circuit 269 to become the address signal line 265, and the address signal line 13- is connected to the system buses on both sides via the driver circuit 263-1. Output as 2a and 13-2b. A parity code is added to the data signal line 262-1 by the parity generation circuit 271 to form a data signal line 267, which is connected to the system buses on both sides via the driver circuit 364-1 as address signal lines 13-1a and 13-1b. Is output.
[0157]
On the other hand, when the input / output control device is accessed from the duplicated system bus, the address signal lines 13-2a and 13-2b of the system bus are input by the receiver circuit 263-2 and the parity check by the parity check selection circuit 270 is performed. As a result, the address signal 266 on the side where no error has occurred is selected and output as the address signal line 262-2 for the normal input / output control device 260. Similarly, the data signal lines 13-1a and 13-1b of the system bus are input by the receiver circuit 264-2, and as a result of the parity check by the parity check selection circuit 272, the data signal 268 on the side where no error occurs is selected. Is output as a data signal line 262-2 to the normal input / output control device 260.
[0158]
When an error is detected on both address signal lines by the parity check selection circuit 270 and a correct address cannot be selected, an error is detected on the address error signal line 274 and on the data signal lines on both sides by the parity check selection circuit 272, When correct data cannot be selected, the data error signal lines 275 are output, and the OR gate 273 outputs a low-level interrupt signal. At this time, since the write / read signal lines (not shown) for the normal input / output control device 260 are output, the input / output control device does not start the operation but performs the retry process by the software of the processing device 1.
[0159]
Next, an operation of restricting access to the input / output control device 260 will be described with reference to FIG. The address area register 276 is used to specify a range of memory addresses accessible by the input / output control device 260. Before starting the input / output operation to the input / output control device 260, the processing device 1 sets the address area register setting signal 282 Thus, the content of the data signal line 262-1 is set in the address area register 276. When the input / output control device 260 is activated and transfer to the memory occurs, the input / output control device 260 outputs a memory address for accessing the address signal line 262-2. At this time, the comparison circuit 278 determines whether or not it is within the range set in the address area register 276, and if it is within the range, sets the driver output permission signal line 279 to "1" to permit access to the system bus. If it is out of the range, the driver output permission signal line 279 is set to "0" to prohibit access to the system bus. When an address outside the range is accessed by the OR gate 281, the low-level interrupt signal line 9 is set to “1” to notify the processing device.
[0160]
In the above embodiment, parity data is used as the data check code of the memory device. However, this can be similarly realized by using ECC codes instead of parity data.
[0161]
【The invention's effect】
As described above in detail, according to the present invention, as a result of the memory devices A and B having the write permission flag and the read permission flag independently, and the address discriminating circuit discriminating the access target for the current address, The memory device can appropriately determine the case where the access reaches its own device, and facilitates processing such as diagnosis.
[0162]
According to the present invention, the state defining means defines the state of each memory device according to the combination of the write permission flag and the read permission flag, and the state transition means transitions each memory device between the states according to the setting by the processing device. Therefore, initial setting of each memory device, switching at the time of occurrence of an error, and the like can be appropriately performed.
[0163]
Further, according to the present invention, the common access space designation register of the memory devices A and B designates a common access space to be accessed by both the memory device A and the memory device B, and the individual space access designation register designates the memory device A or the memory device. As a result of specifying one of the individual access spaces to be accessed by one of the devices B, accurate memory state management becomes possible. Further, if the protection operation state is used at the time of diagnosis at the time of failure of the input / output control device, memory destruction due to malfunction of the input / output control device can be prevented.
[0164]
According to the present invention, the setting unit, the second setting unit, and the third setting unit appropriately set the values of the common access space designation register and the individual space designation register of each memory device. When the duplication operation is not required (when high reliability is not so required), the available memory capacity can be doubled by using each memory device separately.
[0165]
Further, according to the present invention, since the error injection means injects a pseudo error into an arbitrary area of each memory device, switching of the device can be forcibly generated, and the error injected area can be appropriately accessed. By doing so, the operations of the error detection circuit, the bus switching circuit, and the interrupt generation circuit can be confirmed, so that the reliability is improved.
[0166]
According to the present invention, the injection value setting means sets the address of the area into which the error is injected by the error injection means and the value of the data to be injected to different values in both memory devices, so that the error is forcibly generated. The identified memory device can be identified, and the device can be easily diagnosed.
[0167]
According to the present invention, when one of the memory devices detects an address error of the system bus, the other memory device stores an error-free address in its own device. Address to be specified. Further, in the memory device in which the address error has been detected, the writing to the own memory is prohibited, so that it is possible to avoid a situation in which the data of the erroneously designated address is destroyed.
[0168]
Further, according to the present invention, the system address error interrupt generating means generates an interrupt signal according to the detection result of the system address error detecting means, so that the error repairing means can also store the address stored in the error address storage means according to the interrupt signal. Error correction can be performed at the same time.
[Brief description of the drawings]
FIG. 1 is a block diagram showing an overall configuration of a duplicated memory system according to a first embodiment of the present invention.
FIG. 2 is a diagram showing a configuration of an error detection circuit 6 and a CPU bus switching circuit 7 in FIG.
FIG. 3 is a diagram showing a correlation between an error occurrence state and a CPU bus switching signal line 12 and interrupt signal lines 9 and 10 in FIG. 1;
FIG. 4 is a timing chart showing the operation of the circuit of FIG. 2;
FIG. 5 is a diagram showing timings of a data signal 18 and a gate signal 32 in the circuit of FIG.
FIG. 6 is a diagram showing details of a master determination circuit 5 in FIG. 1;
FIG. 7 is a timing chart showing an operation of the master determination circuit 5 of FIG.
FIG. 8 is a diagram showing a system bus control circuit of a duplicated memory system according to a second embodiment of the present invention.
FIG. 9 is a diagram showing an operation when a part of the circuit in FIG. 8 fails.
FIG. 10 is a modified example of the system bus control circuit according to the second embodiment of the present invention.
11 is a diagram illustrating an operation when a part of the circuit in FIG. 10 has failed.
FIG. 12 is a diagram showing an arrangement of an error detection circuit and a status register in a redundant memory system according to a third embodiment of the present invention.
FIG. 13 is a diagram showing a method of determining a failure portion at the time of writing data to the memory of the redundant memory system in FIG. 12;
FIG. 14 is a diagram showing a method of determining a failure portion at the time of memory reading of the redundant memory system in FIG. 12;
FIG. 15 is a block diagram showing an overall configuration of a duplicated memory system according to a fourth embodiment of the present invention.
16 is a diagram showing a portion of the system bus switching circuit 82 included in the system bus control device 3 in FIG. 15 for switching output to the system bus 13. FIG.
17 is a diagram showing an input switching portion from the system bus 13 of a system bus switching circuit 83 built in the memory device 4 in FIG. 15;
18 is a diagram showing switching of a data bus when a processing device in the duplicated memory system in FIG. 15 performs writing to the memory device.
19 is a diagram showing switching of a data bus when a processing device in the dual memory system in FIG. 15 performs reading from the memory device.
FIG. 20 is a block diagram showing an overall configuration of a duplicated memory system according to a fifth embodiment of the present invention.
21 is a configuration diagram around a CPU bus of the system bus control device 3 in FIG.
FIG. 22 is a configuration diagram around a system bus of the system bus control device 3 in FIG. 20;
23 is a detailed diagram of a mode setting circuit 100 built in the system bus control device 3 in FIG.
FIG. 24 is a timing chart showing an operation of the circuit of FIG. 23;
FIG. 25 is a diagram showing a mode transition in the memory device in FIG. 20;
FIG. 26 is a block diagram showing an overall configuration of a redundant memory system according to a sixth embodiment of the present invention.
FIG. 27 is a diagram showing an internal configuration of a memory device 4 in FIG. 26;
FIG. 28 is a diagram showing details of an address determination circuit 172 in FIG. 26;
FIG. 29 is a diagram showing allocation of an address space of the memory device 4;
FIG. 30 is a diagram showing a state transition of the memory device 4 according to a combination of permission flags.
FIG. 31 is a diagram showing an error injection state in the memory by the error injection circuit 173 in FIG. 26;
FIG. 32 is a block diagram showing an overall configuration of a redundant memory system in which an address error detecting function is added to the sixth embodiment of the present invention.
FIG. 33 is a diagram showing an internal configuration of a memory device 4 in FIG. 32;
FIG. 34 is a diagram illustrating a data error detection method according to a seventh embodiment of the present invention.
FIG. 35 is a block diagram showing an overall configuration of a redundant memory system including a redundant bus conversion adapter 261 according to an eighth embodiment of the present invention.
36 is a diagram showing the internal structure of the duplex bus conversion adapter 261 in FIG.
FIG. 37 is a diagram showing a duplex bus conversion adapter 261 to which an address area register 276 is added in FIG. 36;
[Explanation of symbols]
1 processing device (CPU), 2 control ROM, 3 system bus control device, 4 memory device, 5 master determination circuit, 6 error detection circuit, 7 CPU bus switching circuit, 8 CPU data bus, 9 low level interrupt, 10 high Level interrupt, 11 CPU address bus, 12 CPU bus switching signal line, 13 system bus, 19 error detection circuit, 20 normal signal line, 21 master mode input signal line, 30 data output timing clock signal, 31 3-state buffer, 34 Pull-up resistor, 35 EXOR gate, 36 AND gate, 38 master switching signal line, 41 master mode output signal line, 42 reset signal line, 51 data comparison circuit, 53 comparison error signal line, 60 to 62 driver / receiver, 63 Parity generation circuit, 64-66 parity check circuit, 7 to 69 status register, 70 system bus control device internal bus, 71 memory, 72 memory device internal bus, 73 selection circuit, 78 input data switching signal line, 80, 85 error detection circuit, 81 system bus switching signal line, 82, 83 system bus switching circuit, 84 memory error detection signal line, 100 to 102 mode setting circuit, 103 mode setting signal line, 104, 105 comparison circuit, 106 A bus permission signal line, 107 B bus permission signal line, 113 comparison error signal Line, 120 mode setting data signal line, 121 selector circuit, 123, 125 mode latch, 140 power-on processing, 141, 146, 148 mode D state, 142 diagnostic processing, 143, 151 mode A state, 144, 152 normal operation, 145 Failure occurred, 147 Repair / replacement processing, 1 9 diagnostic processing, 150 memory copy processing, 153, 161 mode B state, 156 mode C state, 157 normal operation, 162 memory write signal, 163 parity generation permission signal line, 170 parity permission flag, 172 address discrimination circuit, 173 error injection Circuit, 174 error address register, 175 error address signal line, 176 address error detection circuit, 177 input / output control device, 180 power off state, 181 disconnection operation state, 183 normal operation state, 184 restoration operation state, 185 protection operation state, 186 Card insertion / power-on operation, 187 Card removal / power-off operation, 188 Memory diagnosis operation, 189 Power-on diagnosis completion, 190 error / single data error operation, 191 Duplicate data error occurrence, 192 address error occurrence, 1 3 Repair completed, 194 Memory copy operation, 195 Unrecoverable error occurred, 196 Diagnosis completed, 197 Protection mode switching, 200 memory space, 201 I / O space, 202 common access space, 203 individual access space, 206 I / O space A, 207 I / O space B, 208 memory space A, 209 memory space B, 210 common space write, 211 individual space write, 212 common space read, 213 individual space read, 214 read enable signal line, 215 write enable signal line , 222 driver gate signal line, 223 memory read data signal line, 225 flag write signal line, 226 memory write data signal line, 228 common space access signal, 229 individual space access signal, 230 I / O address determination circuit, 231 common space Designated cash register 232 individual space specification register, 233, 234 comparison circuit, 235 common space specification register setting signal line, 236 individual space specification register signal line, 239 parity generation circuit, 240 address receiver, 241 error upper limit value register, 244 error upper limit value Register setting signal line, 245 error detection circuit, 246 error detection signal line, 247 error accumulation counter, 248 accumulation counter output signal line, 249 comparison circuit, 251 input address signal line, 253 error address output signal line, 254 selector circuit, 256 Error correction signal line, 260 input / output control device, 261 duplex bus conversion adapter, 262 conversion bus signal line, 263 address driver / receiver circuit, 264 data driver / receiver circuit, 265 address signal line, 266 address input Signal line, 267 data signal line, 268 data input signal line, 269 address parity generation circuit, 270 address parity generation / selection circuit, 271 data parity generation circuit, 272 data parity generation circuit / selection circuit, 274 address error signal line, 275 Data error signal line, 276 address area register, 277 address area signal line, 278 comparison circuit, 279 driver output enable signal line, 282 address area register setting signal line.

Claims (8)

A processing device for performing various processes, a pair of system bus controllers connected to the processing device via a CPU bus, and a pair of system buses respectively connected to the pair of system bus controllers; And a pair of memory devices A and B connected to both of the pair of system buses. In a write operation in the processing device, the system bus control device writes data from the processing device to the pair of memory devices simultaneously, and At the time of the read operation in the redundant memory system in which one of the system bus control devices sends data read from the corresponding memory device to the processing device,
The memory devices A and B are respectively
A write permission flag for permitting writing to the memory,
A read permission flag for permitting reading from the memory;
An address determination circuit for determining an access target for the current address;
Has,
A dual memory system, wherein data is written or read according to a combination of a result of determination by an address determination circuit and a write permission flag and a read permission flag. The dual memory system according to claim 1,
The system is
State definition means for defining a state of each of the memory devices according to a combination of the write permission flag and the read permission flag;
State transition means for transitioning each memory device between the states defined by the state definition means according to the setting by the processing device;
A dual memory system comprising: The dual memory system according to claim 1,
The memory devices A and B are respectively
A common access space designation register for designating a common access space to be accessed by both the memory device A and the memory device B;
An individual space access designation register that designates an individual access space to be accessed by one of the memory device A and the memory device B;
A dual memory system comprising: The dual memory system according to claim 3,
The system is
Setting means for setting the value of the common access space designation register of the memory device A and the memory device B to the same address;
Second setting means for setting the value of the individual space designation register of the memory device A and the value of the individual space designation register of the memory device B to different addresses;
Third setting means for resetting the address set by these setting means at an arbitrary timing,
With
A duplicated memory system characterized in that usable memory capacity can be doubled without adding a memory device. The dual memory system according to claim 1,
The system is
Error injection means for injecting a pseudo error into an arbitrary area of each memory device,
Error state checking means for accessing an area where an error has been injected and checking an error state;
Has,
A redundant memory system characterized in that functions of each part of the system can be confirmed. The dual memory system according to claim 5,
The system is
Injection value setting means for setting an address of an area where an error is injected by the error injection means and a value of data to be injected to different values in both memory devices;
A dual memory system comprising: The dual memory system according to claim 1,
Each of the memory devices,
System address error detecting means for detecting a system bus address error;
An error address signal line for notifying the detection result of the system address error detection means to the other memory device;
Error address storage means for storing an error-free address in its own device when an error occurs in the other memory device according to the state of the error address signal line notified from the other memory device;
Write-inhibiting means for inhibiting writing to the memory of the own device when an address error is detected in the own device;
A dual memory system comprising: The dual memory system according to claim 7,
The system is
System address error interrupt generating means for generating an interrupt signal according to the detection result in the system address error detecting means,
Error repair means for performing error repair based on an address stored in the error address storage means when a system address error interrupt occurs;
A dual memory system comprising:

Images