JP6555095B2 - Memory diagnostic repair device - Google Patents

Description

  The present invention relates to a technique for diagnosing the presence or absence of a soft error in a memory and repairing the soft error.

  A soft error means that a bit value of a part of data stored in a memory is inverted. It is known that a soft error is caused when particle beams such as alpha rays, neutron rays, proton rays, and heavy ion rays enter a semiconductor chip such as a memory element. It is also known that the frequency of soft errors increases as the semiconductor chip becomes finer. A soft error is a temporary failure unlike a hard error in which a part of a semiconductor chip such as a memory element constituting a memory is physically broken. For this reason, it is generally known that a soft error can be repaired by resetting a memory element or rewriting (rewriting) data.

  It is generally known that the diagnosis of the presence or absence of bit inversion and the restoration of data in which bit inversion has occurred can be realized by using an error correction code (hereinafter referred to as “ECC” (Error Correction Code)). To explain in more detail, it is possible to check whether a single bit or two or more bits have changed by using ECC, and when only a single bit has changed, the data can be restored by inverting that bit. . It is generally known that when two or more bits change, ECC cannot be repaired alone, but when used in combination with an existing interleaving method, an error of two or more bits can be repaired. In addition to techniques using ECC, techniques disclosed in Patent Documents 1 to 3 and Non-Patent Document 1 have been proposed as techniques for realizing diagnosis of soft errors and the like.

  In Patent Document 1, positive data (data as it is written to a memory for later processing) and inverted data (data obtained by inverting each bit of positive data) are stored in a memory in advance. It is described that the presence or absence of an abnormality is determined by parity check or the like when data is accessed, and that inverted data is used when there is an abnormality.

  Patent Document 2 discloses the diagnosis and restoration of the presence or absence of a soft error in EPROM (Erasable Programmable Read Only Memory) or EEPROM (Electrically Erasable Programmable Read Only Memory) such as an electric motor drive device mounted on an electric vehicle or the like. ing. More specifically, Patent Document 2 stores inversion data and a check code in addition to the positive data in an EPROM or the like, and whether there is a soft error at a predetermined timing such as when the master key of the vehicle is removed. It is described that a diagnosis is made and the soft error is repaired.

  Patent Document 3 discloses a diagnosis and repair technique for the presence or absence of a soft error in a memory in a dual system in which a CPU (Central Processing Unit) is duplicated. In Patent Document 3, data is stored in three locations in a memory, and when a dual CPU executes an application program or the like, the presence or absence of a data error is determined and repaired by a majority vote. A technique for verifying whether or not a repair has been performed using the other CPU is described.

  Non-Patent Document 1 describes IEC 61508-7 A.I. In 5.7, a memory diagnosis method using Double RAM with hardware or software comparison and read / write test is described.

Japanese Patent Application Laid-Open No. 5-216671 JP 2002-55885 A JP2013-109532A

IEC61508 Functional safety of electrical / electronic / programmable electrical safety-related systems

  There are two types of memories, one in which only data is read during the actual operation of the device in which the memory is mounted, and the other in which data is written and read at an arbitrary timing. A typical example of the former is an EEPROM, and a typical example of the latter is a RAM (Random Access Memory). Hereinafter, the latter memory is referred to as “memory that is read and written in real time”.

  For memory that is read and written in real time, in a mode in which diagnosis and repair for the presence or absence of a soft error are performed at a specific timing or periodically, the timing at which data is read from the memory to actually execute processing matches the diagnosis timing However, the process may be executed using incorrect data. For this reason, the technique disclosed in Patent Document 2 is not suitable for diagnosis and repair of the presence or absence of a soft error in a memory that is read and written in real time. In the first place, the object of data error diagnosis and repair in the technique disclosed in Patent Document 2 is EPROM or EEPROM, and detection or repair of soft errors in data stored in RAM is not considered.

  The technology disclosed in Patent Literature 1, Patent Literature 3, and Non-Patent Literature 1, or the technology using ECC can be applied to diagnosis and repair of the presence or absence of a soft error in a memory that is read and written in real time. There is a problem like this. First, although the technique disclosed in Patent Document 1 describes that an error is detected at the timing of reading data from a memory, the specific detection method is unclear. Regarding this detection method, Patent Document 1 has a description suggesting that a parity check is used, but the parity check has a problem that the error detection capability is low. Further, the technique disclosed in Patent Document 1 has a problem that the stored contents of the memory are not restored and remain in error.

  In the technique described in Patent Document 3, it is assumed that CPUs are multiplexed, and for verification in addition to hardware (one of the duplicated CPUs) that executes processing using data read from the memory. This requires a separate hardware (the other of the duplicated CPUs). The technique described in Non-Patent Document 1 has a problem that although the presence or absence of a soft error can be diagnosed, the data read from the memory and the stored contents of the memory cannot be repaired.

  The technology that uses ECC has the following problems. That is, when diagnosing and repairing the presence / absence of a soft error using ECC, there is a problem that the cost of hardware increases in order to cope with ECC. In addition, the aspect of diagnosing and repairing the presence or absence of a soft error using ECC has a problem that a soft error of 2 bits or more cannot be repaired unless it is used in combination with a special method such as interleaving. In addition, although the technique using ECC corrects an error in data read from the memory, there is a problem that the stored contents of the memory are not restored and remain in error.

  As explained above, for memory that is read and written in real time, it is possible to diagnose the presence or absence of a soft error at the timing of data reading, and to restore the stored contents of the memory when there is a soft error. There has been no technology that can be realized without inviting.

  The present invention has been made in view of the above-described problem, and diagnoses the presence or absence of a soft error at the timing of data reading, and restores the stored contents of the memory when there is a soft error. It is an object to provide a technology that can be realized without causing an increase in cost.

  In order to solve the above-described problems, the present invention provides a diagnostic repair apparatus having the following memory access control means, identification means, and diagnostic repair means. The memory access control means reads data designated as a reading target from the memory and reads at least two data stored in the memory in association with the data from the memory. The specifying means specifies the data that occupies the majority as the repair data when all of the at least three data read by the memory access control means are not the same, and the storage area in the memory of the data that has become a small number is the diagnosis target area As specified. The diagnostic repairing means reads the data from the diagnostic target area after writing the test data to the diagnostic target area, and if the read data and the test data before writing match, On the other hand, if they do not match, a hard error is notified.

  In the present invention, a small number of data is regarded as abnormal data when all of at least three data read by the memory access control means are not the same. If the data read from the diagnosis target area after writing the test data in the diagnosis target area where the abnormal data was stored matches the test data before writing, the abnormal data is considered to be due to a soft error. It is done. This is because, if a hard error has occurred, the data read from the diagnosis target area does not match the test data before writing.

  According to the present invention, even if a soft error occurs in any storage area in the memory, the soft error is repaired when reading data. For this reason, even if the memory is a memory that is read and written in real time, processing is not executed with erroneous data, and reliability can be ensured. In addition, unlike the technique disclosed in Patent Document 3, the present invention does not require additional hardware for verification. That is, according to the present invention, it is possible to diagnose the presence / absence of a soft error at the timing of data reading, and to restore the stored contents of the memory when there is a soft error without increasing the hardware cost. Is possible.

  In a more preferred aspect, the specifying means includes an error notification of a hard error when the number of data occupying a majority of at least three data read by the memory access control means is less than a predetermined threshold. Performs a different second error notification. If the second error notification is made but the hard error error notification is not made, the above-mentioned storage area for storing each of the data to be read and at least two data corresponding to the data This means that a soft error has occurred in the number of storage areas equal to or greater than the threshold. In other words, the user of the diagnostic / restoration apparatus can grasp whether or not a soft error frequently occurs through the presence / absence of the second error notification. In addition to the first and second error notifications, the data in which an error is found (data that has become a minority in the majority vote or test data that did not match before writing) may be notified. It is possible to make the user of the diagnostic / repair device know whether the bit is suspicious.

  Although only one type of test data may be used, it is more preferable that each of a plurality of test data different from each other is used to perform writing to the diagnosis target area, reading from the diagnosis target area, and comparison before writing. More preferably, writing to the diagnosis target area, reading from the diagnosis target area, and comparison with before writing are performed using two test data whose constituent bits are inverted from each other. The two test data in which the constituent bits are inverted from each other means data such as 0xff and 0x00 or 0xaa and 0x55 when the data size of the test data is 1 byte. If the presence / absence of hardware for a diagnosis target area is detected using only test data in which all bits are 0, such as 0x00, a hardware error in which the bit value remains 0 may be missed. According to this aspect, it is possible to reliably avoid detection errors of hard errors.

  In order to solve the above problems, it is of course possible to provide a program that causes a general computer such as a CPU (or CPU core) to function as the memory access control means, the specifying means, and the diagnostic repair means. As specific distribution modes of such a program, there are a mode in which the program is written and distributed on a computer-readable recording medium such as a flash ROM (Read Only Memory), and a mode in which the program is distributed by download via an electric communication line such as the Internet. It is done.

  As described above, according to the present invention, the presence or absence of a soft error in a memory that is read and written in real time is diagnosed and repaired at the timing of reading data from the memory without increasing the hardware cost. It becomes possible.

It is a figure which shows an example of the block configuration of the diagnostic repair apparatus 10 of one Embodiment of this invention. It is a figure which shows an example of the data management table. It is a figure which shows an example of the structure definition file 13 and the structure definition data 21. It is a figure for demonstrating the outline | summary of the process which the diagnosis repair apparatus 10 performs. It is a figure which shows an example of the hardware constitutions which can implement | achieve the diagnostic repair apparatus. It is a flowchart which shows the flow of the process which CPU36 performs according to an application program. It is a flowchart which shows the flow of a data writing process. It is a flowchart which shows the flow of a data read-out process. It is a flowchart which shows the flow of a diagnostic repair process.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
<Example of Functional Block Configuration of Diagnostic Repair Device 10>
FIG. 1 is a diagram illustrating an example of a functional block configuration of a diagnostic / repair device 10 according to the present embodiment. The diagnostic / repair device 10 in this embodiment is a CPU, for example. The diagnostic / repair device 10 includes a memory 11, a data management table 12, a structure definition file 13, and a program execution unit 14 that executes various application programs. The diagnostic / repair device 10 is a device that diagnoses the presence / absence of a soft error when reading data from the memory 11 and repairs the soft error.

  The memory 11 is a readable / writable memory such as a RAM. The memory 11 has a plurality of storage areas inside. In the example illustrated in FIG. 1, three storage areas of “data area 1”, “data area 2”, and “data area 3” among the plurality of storage areas in the memory 11 are illustrated. In the present embodiment, each of “data area 1”, “data area 2”, and “data area 3” is a diagnosis and repair target for the presence or absence of a soft error. The diagnostic / repair device 10 according to the present embodiment may have a register or the like as an area for storing data that is referred to / updated in the process of executing the application program, a cache memory that temporarily stores data, and the like. May be included.

  The program execution unit 14 is, for example, a CPU core. As shown in FIG. 1, the program execution unit 14 includes a memory access control unit 14a, a specifying unit 14b, and a diagnostic / repair unit 14c. These three means included in the program execution unit 14 are software modules realized by operating the CPU core in accordance with a subroutine program such as a function in C language, for example. For example, the memory access control means 14a is realized by operating the CPU core in accordance with a data write function program for writing data to the memory 11 or a data read function program for reading data from the memory 11. . The specifying unit 14b and the diagnostic repair unit 14c are realized by operating the CPU core according to the data reading function. The data write function program and the data read function program may be implemented as software libraries that can be called as appropriate during the execution of the application program.

  The memory access control unit 14a executes data write processing and data read processing. The data writing process is a process of writing data instructed to be written to the memory 11 in the course of executing the application program (hereinafter, data to be written) to a data area in the memory 11. The data reading process is a process of reading data instructed to be read from the memory 11 in the course of executing the application program (hereinafter referred to as read target data) from the corresponding data area in the memory 11. Details of the data writing process and the data reading process will be described later. Details of processing executed by the specifying unit 14b and the diagnostic / repair unit 14c will also be made clear later.

  The data management table 12 is a table for managing the start address of the data area of the memory 11. The data management table 12 is arranged in a common area accessible from each of the memory access control unit 14a and the diagnostic / repair unit 14c. FIG. 2 is a diagram illustrating an example of the data management table 12. The data management table 12 shown in FIG. 2 has two areas of “number” and “name”, but the area of the data management table 12 is limited to two of “number” and “name”. Not a translation. The “number” area in the data management table 12 stores an identifier for uniquely identifying data stored in the data management table (in this embodiment, data stored in the “name” area). In the present embodiment, a serial number is used as the identifier. The “name” area in the data management table 12 stores the start address of each of a plurality of data areas set in the memory 11.

The structure definition file 13 is a file that manages the data structure of structure data among data that is referred to / updated in an application program or the like. Structure data is data composed of a collection of sub-data called structure members. 3A shows the structure definition data 21, FIG. 3B shows the structure definition file 13 obtained from the structure definition data 21 of FIG. 3A, and FIG. An example of memory allocation of structure data is shown. Structure definition data is data that defines structure data.
FIG. 3A shows structure definition data 21 in a program written in C language. As is well known, in the C language, four types of data, “char”, “int”, “long”, and “double”, are defined. “Char” is a 1-byte data type, and is a data type for character codes such as ASCII codes. “Int” is an integer type and has a data size of 2 bytes. “Long” is a long integer type and has a data size of 4 bytes. “Double” is a double-precision real number type and has a data size of 8 bytes. The structure member may be an array, and [n] means a one-dimensional array composed of n pieces of data.

  The structure definition file 13 shown in FIG. 3B is arranged in a common area accessible from each of the memory access control unit 14a and the diagnostic / repair unit 14c. In the structure definition file 13, for each structure data, “data name”, “number of bytes of the structure member”, “relative of the head of the structure member” of each structure member constituting the structure data "Address" is written. Note that the relative address at the head of a structure member means the head address of the structure member when the head address of the structure data is used as the starting point of the address. Items constituting the structure definition file 13 are not limited to “data name”, “number of bytes”, “start relative address”, and the like. In the present embodiment, when the structure definition data 21 shown in FIG. 3A is input to the diagnostic repair device 10, the diagnostic repair device 10 converts each data into a table, which is shown in FIG. 3B. A structure definition file 13 is generated. FIG. 3C shows an example in which the structure definition file 13 is allocated to the memory 11. Here, in the example of FIG. 1 described above, since there are three data areas in the memory 11, the same area allocation is in a predetermined format (for example, character type, integer type, long integer) in three places in the memory 11. Data type such as type, double precision real number type, and the number of bytes corresponding to the data type).

  Each of the memory access control means 14a, the specifying means 14b, and the diagnostic restoration means 14c in the present embodiment is realized by operating the CPU core according to a program written in C language. In this case, the structure definition file 13 may be generated using the structure definition data 21 set in advance, for example, when the program is compiled, before the diagnosis / repair device 10 (CPU) executes the actual processing. The structure definition data 21 is given to the diagnostic / repair device 10 from the outside together with various application programs. Although the diagnostic repair apparatus 10 of this embodiment produces | generates the structure pair definition file 13 using the structure definition data 21, it is not limited to this. For example, the structure definition file 13 itself may be acquired from the outside via an electric communication line such as the Internet or a LAN (Local Area Network), or may be acquired by input from a user or the like. .

<Outline of processing executed by diagnosis / repair device 10>
Next, an outline of processing executed by the diagnostic / repair device 10 for diagnosing and repairing the presence / absence of a soft error in the memory 11 will be described with reference to FIG. The processes (1) and (2) in FIG. 4 are processes executed by the memory access control means 14a. Specifically, the process (1) in FIG. 4 is a data write process executed by the CPU core in accordance with the data write function program, and the process (2) in FIG. Therefore, this is a data reading process to be executed. The processes (3) and (4) in FIG. 4 are processes executed by the CPU core in accordance with the data read function program. The process of (3) in FIG. 4 is the process of the specifying unit 14b, and the process of (4) in FIG. 4 is the process of the diagnostic repair unit 14c.

  In FIG. 4, each of the data areas 1 to 3 is represented as memories 11-1 to 11-3. The data writing process of the present embodiment, that is, the process (1) in FIG. 4 is a process of writing data instructed to be written to the memory 11 in the execution process of the application program to the memory 11. As shown in (1) of FIG. 4, in the data writing process of the present embodiment, when data is written to the memory 11, the write target data is written to each of the data areas 1 to 3 in three different formats. . Specifically, the memory access control unit 14a writes the data to be written as it is (hereinafter referred to as positive data) to the data area 1, and stores two types of data corresponding to the positive data in the data area 2 and the data area 3. Write to each. More specifically, the memory access control unit 14a writes data (inverted data) obtained by performing an EOR (exclusive OR) operation on the positive data in a hexadecimal number ffff (high value (all f)) in the data area 2, In the data area 3, data (pattern data) obtained by performing an EOR operation on one or a plurality of different predetermined patterns (in the present embodiment, hexadecimal aaaa) set as positive data is written. This is to enable detection of errors such as bit errors other than soft errors.

  The predetermined pattern described above is not limited to the same number of consecutive numbers such as the hexadecimal number aaaa, but may be an ascending or descending order such as the hexadecimal numbers 1334 and 4321. Alternatively, a pattern in which two or more predetermined values are alternately arranged like a hexadecimal number 0a0a may be used. Further, the pattern for generating the pattern data may be changed for each process, and a fixed pattern that is set in advance may be used. Furthermore, the operation for generating the pattern data is not limited to the EOR operation, and for example, a logical product operation or the like may be used, and the content of the operation varies depending on the processing or the type of the processing data. Also good. In the above description, the hexadecimal number used to generate the inverted data and the number of digits of the pattern used to generate the pattern data are four digits. However, the number of digits corresponding to the number of bytes of the positive data may be used.

  The data reading process of the present embodiment, that is, the process (2) in FIG. 4 is a process of reading from the memory 11 data instructed to be read from the memory 11 during the execution of the application program. As shown in (2) of FIG. 4, in the data reading process of the present embodiment, two types of data (that is, inverted data and pattern data) corresponding to the data to be read together with the data to be read (positive data). ) Is read out. In this embodiment, using these three data, a diagnosis is made as to whether or not a soft error has occurred in the storage area in which each data is stored, and if a soft error is detected, the repair is performed. Done.

  More specifically, the memory access control unit 14a collates whether each of the three data (normal data, inverted data, and pattern data) matches each other. Specifically, the memory access control unit 14a first collates the inverted data obtained from the memory 11-2 to the data before the EOR operation with the hexadecimal number ffff and then collates with the positive data. Note that the determination as to whether or not the two match is not limited to a perfect match, and may be determined based on, for example, whether or not they are within a predetermined error range. If the collation results do not match, the memory access control means 14a determines that a memory error has occurred. Next, the memory access control means 14a collates the pattern data with the positive data. Also in this case, the memory access control means 14a collates with the positive data after returning the pattern data to the original data.

  If a match is confirmed in both the collation of the positive data and the inverted data and the collation of the positive data and the pattern data, the process according to the application program is executed using the positive data. On the other hand, when it is determined that there is a memory error, in the present embodiment, the processes (3) and (4) in FIG. 4 are executed. Hereinafter, the process (3) and the process (4) in FIG. 4 are collectively referred to as “diagnosis repair process”. The process (3) in FIG. 4 is the process of the specifying unit 14b. The specifying unit 14b makes a majority decision with the above three data, and determines a large number as normal data. More specifically, the specifying unit 14b sets two data that match each other among the above three data as normal data, and a memory error occurs in the data area in which the data that does not match these two data is stored. The data area is specified as a diagnosis target area on the assumption that it has occurred. If each of the three data is different from each other, the specifying unit 14b issues an error notification indicating the occurrence of a hard error, and ends the diagnostic repair process.

FIG. 4 illustrates the case where the memory 11-1 is specified as the diagnosis target area. When the diagnosis target area is specified, it is diagnosed whether or not the memory error is caused by a soft error. If the error is a soft error, the soft error is repaired by using the normal data as repair data (in FIG. 4). Process (4)) is executed by the diagnostic / restoring means 14c. In the process of (4) in FIG. 4, the diagnostic repair means 14c reads test data from the diagnosis target area after writing predetermined test data in the diagnosis target area, and reads the read test data, the test data before writing, If the two match, the memory error occurring in the diagnosis target area is regarded as a soft error, and the repair data is written in the diagnosis target area to restore the stored data in the repair target area. This is because the soft error can be repaired by resetting the memory element or rewriting data as described above.
The above is the outline of the diagnostic repair process in the present embodiment.

<Hardware Configuration Example of Diagnostic Repair Device 10>
As described above, each functional block (that is, the memory access control unit 14a, the specifying unit 14b, and the diagnostic / repair unit 14c) that significantly shows the features of the diagnostic / repair device 10 is a software module. For this reason, a program (specifically, the above-described write function and read function program, hereinafter referred to as a diagnostic repair program) for causing the CPU to realize each of these means can be applied to a general computer device such as a general-purpose personal computer or a server. If installed as a library, the computer device can function as the diagnostic / repair device 10 by causing the control unit (CPU) of the computer device to read and execute the software library as appropriate.

  FIG. 5 is a diagram illustrating an example of a hardware configuration of a computer apparatus that can operate as the diagnostic repair apparatus 10. The computer device shown in FIG. 5 includes an input device 31, an output device 32, a drive device 33, an auxiliary storage device 34, a memory device 35, a CPU 36 that functions as a control center of the computer device, and a network connection device 37. And a system bus B for connecting these components.

  The input device 31 is a pointing device such as a mouse or a keyboard, for example. The input device 31 provides various operation signals to the CPU 36 in accordance with user operations. Thereby, the user's operation content is transmitted to the CPU 36. Specific examples of the operation signal input by an operation on the input device 31 include a signal for instructing execution of various programs.

  The output device 32 has, for example, a display and its drive circuit. On the display of the output device 32, under the control of the CPU 36, a screen for prompting the use of the computer device and data representing the execution progress and execution results of various programs are displayed.

  The diagnostic / repair program installed in the computer apparatus shown in FIG. 5 is provided by a portable recording medium 38 such as a USB (Universal Serial Bus) memory or a CD-ROM. The recording medium 38 on which the diagnostic repair program is recorded can be set in the drive device 33, and the diagnostic repair program recorded on the recording medium 38 is installed in the auxiliary storage device 34 from the recording medium 38 via the drive device 33. .

  The auxiliary storage device 34 is, for example, a hard disk. The auxiliary storage device 34 is an OS program that causes the CPU 36 to implement an OS (Operating System), the above-described diagnostic repair program, and various types of data (eg, for example) used when executing the processes (1) to (4) in FIG. , Data management table 12, structure definition file 13, etc.) can be stored and input / output as necessary.

  The memory device 35 corresponds to the memory 11 described above. The memory device 35 is loaded with a program read from the auxiliary storage device 34 by the CPU 36. The memory device 35 may include a ROM in addition to the RAM.

  The network connection device 37 is, for example, a NIC (Network Interface Card), and is connected to an electric communication line such as the Internet or a LAN. The network device 37 receives data transmitted from the connected telecommunication line and delivers it to the CPU 36, while sending the data delivered from the CPU 36 to the telecommunication line. Accordingly, the computer apparatus shown in FIG. 5 can perform data communication with another computer apparatus connected to the above-described electric communication line. The network connection device 37 acquires various data necessary for executing the processes (1) to (4) in FIG. 4 from other computer devices connected to the telecommunication line ( Used when downloading.

<Operation of the Diagnosis Repair Device of the Present Embodiment>
Next, the operation of the diagnostic repair apparatus of this embodiment will be described using a flowchart. FIG. 6 is a flowchart showing the flow of processing executed by the CPU 36 in accordance with the application program. The flow of processing executed by the CPU 36 in accordance with this application program is as follows. First, the CPU 36 calls a data read function to read data used in the execution process of the application program from the memory device 35, and executes a data read process according to the data read function program (step S01).

  When the data reading process is completed, the CPU 36 determines whether or not the processing result is abnormal termination (step S02). If the determination result in step S02 is Yes, the CPU 36 executes an abnormality process (step S05) and completes the execution of the application program. On the other hand, if the determination result in step S02 is No, the CPU 36 executes application processing according to the code of the application program (step S03), and further writes data for writing the processing result in the memory device 35. The writing function is called to execute the data writing process (step S04).

  The above is the flow of processing executed by the CPU 36 in accordance with the application program. Note that the processing content of the application processing executed in step S03 is determined according to the type of application program. Hereinafter, the data writing process, the data reading process, and the diagnostic repair process will be described. In the following, the data writing process will be described first for convenience. This is because the read target data in the data read process is data written in the memory device 35 by the data write process.

<Data write processing procedure>
FIG. 7 is a flowchart showing the flow of the data writing process. In this embodiment, the parameters (arguments of the data write function wsdat) specified when calling the data write function (function name; wsdat) are the write data name and the write data. Hereinafter, a description will be given of a case where the description example of the code that calls the data write function wsdat is “rinf = wsdat (a [2] = 20)”. This means that the integer value 20 is written as write data to the third (relative value) of the integer type array whose write data name is a. In the above description example of the code, rinf means a return value of the data write function wsdat (for example, a function value indicating success or failure of writing), but as shown in FIG. 6, this return value is not used in this embodiment.

  In the present embodiment, an example in which a write data name and write data are specified as parameters when calling the data write function wsdat will be described, but the present invention is not limited to this. For example, when data is written to each successive write address, the write head relative address, the number of write data bytes, and the write data can be specified as parameters, and the data can be associated and written together.

  The CPU 36 that operates according to the data write function wsdat and receives the write data name and the write data functions as the memory access control means 14a that executes the data write process. First, as shown in FIG. 7, the CPU 36 reads the data management table 12 and the structure definition file 13 and calculates the write start address (step SA01). The write start address can be calculated using an expression such as “write start address = data area 1 start address + write data name start address + (relative value−1) × number of data name bytes”. However, the present invention is not limited to this.

  Next, the CPU 36 writes parameter data for the number of bytes corresponding to the data name of the structure definition file 13 (step SA02). For example, in the case of an integer type data name, the CPU 36 writes 2 bytes of data. Next, the CPU 36 reads the start address of “data area 2” from the data management table 12, and calculates the write start address with reference to the structure definition file 13 (step SA03). The calculation in step SA03 differs from the calculation in step SA01 described above only in the data area head address. Specifically, the write start address can be calculated using an expression such as “write start address = data area 2 start address + write data name start address + (relative value−1) × number of data name bytes”. .

  Next, the CPU 36 performs EOR operation of the write data and, for example, the hexadecimal number ffff to generate inverted data (step SA04), and writes the inverted data with the number of bytes of the corresponding data type (step SA05). The address to be written at that time is written to the address calculated in the process of step SA03 described above.

  Next, the CPU 36 reads the head address of “data area 3” from the data management table 12, and refers to the structure definition file 13 to calculate the write head address (step SA06). Note that the calculation of the write start address in step SA06 only changes the data area start address as in the above-described calculation in step SA03. Specifically, the write start address can be calculated using an expression such as “write start address = data area 3 start address + write data name start address + (relative value−1) × number of data name bytes”. .

Next, the CPU 36 performs an EOR operation between the write data and a predetermined pattern (hexadecimal number aaaa in this embodiment) to generate pattern data (step SA07), and calculates the pattern data by the process of step SA06. The number of bytes of the corresponding data type is written from the address that has been set (step SA08).
The above is the flow of the data writing process.

<Data read processing procedure>
Next, the data reading process will be described. FIG. 8 is a flowchart showing the flow of the data reading process. In this embodiment, the parameters (arguments of the data read function rsdat) specified when calling the data read function (function name: rsdat) are the read data name and the read register name. Hereinafter, a description will be given of a case where a description example of a code that calls the data read function rsdat is “rinf = rsdat (b [4], x)”. This means that the fifth (relative value) of the long integer type array whose read data name is b is read into the register of the read register name b. In the description example of the above code, rinf means a return value of the data read function rsdat. This return value is one of three values, for example, “normal” (eg, 0), “abnormal” (eg, −1), and “data repair” (eg, 1). In the present embodiment, the determination in step S02 of FIG. 6 is made based on this return value.

  In the present embodiment, an example of specifying a read data name and a read register name as parameters when calling the data read function rsdat will be described, but the present invention is not limited to this. For example, data with continuous read addresses can be read in a batch by associating each data with the read head relative address, the number of read data bytes, and the read data area as parameters.

  The CPU 36, which operates according to the data read function rsdat and is handed over the read data name and the read register name, functions as the memory access control means 14a that executes the data read processing. First, as shown in FIG. 8, the CPU 36 reads the data management table 12 and the structure definition file 13 and calculates the read head address (step SB01). For example, “read start address 1 = data area 1 start address + read data name start address + (relative value−1) × number of data name bytes”, “read start address 2 = data area 2 start” Address + read data name start address + (relative value−1) × data name byte count ”,“ read start address 3 = data area 3 start address + read data name start address + (relative value−1) × data name byte count ” However, the present invention is not limited to this.

  The CPU 36 reads the data written in each data area from the read head addresses 1, 2, and 3 with a predetermined number of read data bytes (step SB02). Hereinafter, the data read in the above manner is referred to as data 1, 2, and 3 for convenience. In this embodiment, data 1 is positive data read from the data area 1, data 2 is inverted data read from the data area 2, and data 3 is pattern data read from the data area 3.

  Next, the CPU 36 performs an EOR operation between the data 2 and the hexadecimal number ffff, and also performs an EOR operation between the data 3 and a predetermined pattern (hexadecimal number aaa) (step SB03). Hereinafter, the former calculation result is referred to as data a, and the latter calculation result is referred to as data b. The process of step SB03 is a process for returning the inverted data and the pattern data to the positive data that is the respective calculation sources. Note that when an operation other than the EOR operation is used as the operation for generating the inverted data and the pattern data, the reverse operation of the operation may be performed in step SB03.

  Next, the CPU 36 collates the data 1 with the data a and b and confirms the coincidence of the data (step SB04). If the three data match (step SB05: Yes), the CPU 36 sets data 1 in the register indicated by the data read register name and sets a value indicating “normal” in the function value (step SB05). SB06), the data reading process is completed. On the other hand, when the data that does not match the others is included in the three data (step SB05: No), the CPU 36 performs the diagnostic repair process (that is, (3) and (4) in FIG. 4). (Step SB07).

<Diagnosis and repair processing procedure>
FIG. 9 is a flowchart showing the flow of diagnostic repair processing. As shown in FIG. 9, the diagnostic repair process of the present embodiment is configured by the processes of Step SC01 to Step SC11. Each process of step SC01, step SC02, and step SC11 in FIG. 9 is the process of (3) in FIG. 4, that is, the process of the specifying unit 14b, and each process of steps SC03 to SC010 is (4) in FIG. This is the process of the diagnostic repair means 14c. As shown in FIG. 9, CPU 36 determines whether any two of data 1, data a, and data b match (step SC01). If the determination result in step SC01 is No, that is, if data 1 and data a do not match, data 1 and data b do not match, and data a and data b do not match, CPU 36 does not match. The function value is set to a value indicating “abnormal” (a value indicating the occurrence of a hard error) (step SC11), and the diagnostic repair process is completed. On the other hand, if the determination result in step SC01 is Yes, that is, if any two of data 1, data a, and data b match, the CPU 36 performs the process in step SC02. Execute.

  In step SC02, which is executed when the determination result in step SC01 is Yes, the CPU 36 determines the data storage destination data area that does not match data 1, data a, and data b as the diagnosis target area. And the address of the diagnosis target area is stored, and one of the data 1, data a, and data b that match each other is specified and stored as repair data. That is, in the present embodiment, the data that occupies the majority among the data 1, data a, and data b is the repair data, and the storage destination of the data that has become the small is the diagnosis target area.

  When the diagnosis target area is specified in the above manner, the CPU 36 determines whether or not the cause of the error in the diagnosis target area is a soft error. More specifically, the CPU 36 first writes the first test data (hexadecimal number 5555 in the present embodiment) in the diagnosis target area (step SC03). When writing data to the diagnosis target area in step SC03, the CPU 36 performs the writing through the cache. Next, the CPU 36 reads data from the diagnosis target area (step SC04), and determines whether or not the read data matches the first test data before writing (step SC05). If the determination result in step SC05 is No, that is, if the data read out from the diagnosis target area does not match the first test data, the CPU 36 executes the process in step SC11 described above. On the other hand, if the determination result in step SC05 is Yes, the CPU 36 writes the second test data (hexadecimal number aaa in this embodiment) in the diagnosis target area (step SC06). Even when data is written to the diagnosis target area in step SC06, the CPU 36 performs the writing through the cache.

  Next, the CPU 36 reads data from the diagnosis target area (step SC07), and determines whether or not the read data matches the second test data before writing (step SC08). When the determination result of step SC08 is No, the CPU 36 executes the process of step SC11 described above. On the other hand, if the determination result in step SC08 is Yes, the CPU 36 determines that the data error occurring in the diagnosis target area is a soft error, and writes the repair data in the diagnosis target area (step SC09). Then, the repair is performed, a value indicating “data repair” is set in the function value (step SC10), and the diagnosis repair process is terminated.

  The second test data is data obtained by inverting the constituent bits of the first test data. In the present embodiment, the diagnosis target region is diagnosed using the two types of test data, the first test data and the second test data, only for the first test data or only for the second test data. This is because if a diagnosis target region is used for diagnosis, a hard error may be missed. For example, if the diagnosis target area is diagnosed using only the second test data in a situation where a hardware error in which the most significant bit remains 0 is generated in the diagnosis target area, the hard error cannot be detected. End up. If the diagnosis target area is diagnosed using two types of test data in which the constituent bits are inverted to each other, it is possible to avoid omission of detection of a hard error. In this embodiment, two types of hexadecimal number 5555 and hexadecimal number aaaa are used as the first and second test data, but hexadecimal number 0000 and hexadecimal number ffff may be used. The point is that the diagnosis target region may be diagnosed by using two types of test data in which the constituent bits are inverted to each other. The same effect can be obtained by using three different types of test data such as the hexadecimal number 00aa, the hexadecimal number ffaa, and the hexadecimal number bb55.

  It should be noted that according to the present embodiment, verification is performed in addition to hardware (that is, the CPU 36) that reads data from the memory device 35, performs application processing, and writes data to the memory device 35. There is no need for additional hardware. Since hardware for verification is not required separately, according to the present embodiment, the hardware cost does not increase unlike the technique disclosed in Patent Document 3. In other words, according to the present embodiment, it is possible to diagnose and repair the presence / absence of a soft error in a memory that is read / written in real time at the timing of reading data from the memory without causing an increase in hardware cost. become.

  In addition, the present embodiment has an advantage that the processing load applied to the CPU 36 is small as compared with the case where ECC is used. As described above, the diagnosis and repair apparatus 10 according to the present embodiment realizes diagnosis and repair of the presence or absence of a soft error in a memory that is loaded and read in real time without increasing the hardware cost. can do. For this reason, the diagnosis and repair apparatus 10 according to the present embodiment performs diagnosis and repair of the presence / absence of a soft error in real time with a small amount of hardware resources (that is, with a small load on a small and low-cost hardware). Suitable for required electronic equipment. A specific example of such an electronic device is a VCU (Vehicle Control Unit) which is a controller of an automobile.

Although one embodiment of the present invention has been described above, the following modifications may be added to this embodiment.
(1) In the above-described embodiment, the soft error is repaired by using one each of the positive data, the inverted data, and the pattern data, that is, the data that occupies the majority among the total of three data. However, when the number of data occupying a large number is less than a predetermined threshold, it is considered that there is a doubt about the reliability of the large number of data, and it is different from the notification of a hard error instead of data restoration. Error notification may be performed. The threshold value may be a value that is equal to or less than the total value of the number of positive data, inverted data, and exclusive OR data and greater than the majority value of the number of positive data, inverted data, and pattern data, It need not be an integer value.

(2) In the above-described embodiment, the presence / absence of a soft error is diagnosed using one each of positive data, inverted data, and pattern data, that is, a total of three data. However, the presence or absence of soft error may be diagnosed using a total of five data of two positive data, two inverted data, and one pattern data, and an odd number of seven or more data is used. A diagnosis of the occurrence of a soft error may be performed. Further, as long as the determination based on the threshold value is used in combination, the total number of the positive data, the inverted data, and the pattern data may be an even number. For example, when 6 pieces of data are used, the threshold value may be set to 3.1, 4, or 5.

(3) In the above embodiment, each of the memory access control means 14a, the specifying means 14b, and the diagnostic / repair means 14c is realized by a software module. However, any one or more of these means is implemented as hardware such as an electronic circuit. It may be realized with. In the above-described embodiment, the memory 11 to be diagnosed and repaired by the soft error is included in the diagnostic / restoration apparatus 10. However, the memory 11 may be provided outside the diagnosis / restoration apparatus 10. In addition, the memory access control unit 14a of the above embodiment has executed the data writing process for writing data to the memory to be diagnosed and the data reading process for reading data from the memory. The processing may be performed by another device.

  In short, the diagnostic / repair device of the present invention reads out data designated as a read target from the memory and reads out at least two data stored in the memory in association with the data from the memory, and a memory access control means A specifying means for specifying data that occupies a large number as repair data when all of at least three data read by the step are not the same, and specifying a storage area in the memory of the data that has become a small number as a diagnosis target area, and diagnosis When the test data is written to the target area, the data is read from the diagnostic target area, and when the read data matches the test data before writing, the repair target data is used to repair the diagnostic target area. Diagnostic repair that provides error notification of hard errors It is sufficient and a stage.

DESCRIPTION OF SYMBOLS 10 ... Diagnosis repair apparatus, 11 ... Memory, 12 ... Data management table, 13 ... Structure definition file, 14 ... Program execution part, 14a ... Memory access control means, 14b ... Identification means, 14c ... Diagnosis repair means, 31 ... Input Device 32. Output device 33 Drive device 34 Auxiliary storage device 35 Memory device 36 CPU 37 Network connection device 38 Recording medium B System bus

Claims (3)

Memory access control means for reading out data designated as a reading target from the memory and reading out at least two pieces of data stored in the memory in association with the data;
When all of at least three data read by the memory access control means are not the same, the data that occupies the majority is specified as repair data, and the storage area of the data that has become a small number is specified as the diagnosis target area Specific means to
After writing test data to the diagnosis target area, data is read from the diagnosis target area, and when the read data matches the test data before writing, the repair data is used to repair the diagnosis target area. A diagnostic repair means for notifying a hard error if they do not match , and
The specifying means is:
When the number of data occupying a majority of at least three data read by the memory access control means is less than a predetermined threshold, a second error notification different from the error notification is performed . A diagnostic repair device characterized.   The diagnostic repair means includes
  Using each of a plurality of different test data, writing to the diagnosis target area, reading from the diagnosis target area, and comparison with before writing
  The diagnostic repair device according to claim 1. 3. The diagnosis and repair device according to claim 2, wherein the diagnosis and repair means uses two test data whose constituent bits are inverted from each other.

Images