RU2327236C2 - Random access memory with high extent of fault tolerance - Google Patents

Abstract

FIELD: technological processes.

SUBSTANCE: invention is related to the sphere of automatics and computer equipment and is intended for increase of RAM fault tolerance in control systems of true time. Device consists of memory address register (1) redundant RAM (2) equipped with Hamming code, controller of Hamming code (3) register of memory data (4) adder by module two (5) diagnostic cash memory (6) two registers - inverters (7) and (8) input (9) and output (10) multiplexers, element OR (11) element AND (12), adder of word error bits threshold (13) and control box (14).

EFFECT: increase of fault tolerance in relation to single, double and triple combined faults and malfunctions; expansion of functional resources.

5 dwg, 1 tbl

Description

The invention relates to the field of automation and computer technology and is intended to increase the fault tolerance of random access memory (RAM) in real-time control systems.

A device [1] is known that contains redundant bits of the Hamming code and a controller for this code, which allows to detect single and double errors in the RAM memory words and correct single errors. These functions are standard for the Hamming code controller and are used in many high-reliability computers.

The disadvantage of this device is the impossibility of restoring physically failed RAM cells (with the possible exception of one or two backup cells, sometimes used in RAM), which, due to an increase in the error rate over time, leads to device failure or to erroneous correction. Even if there is a backup row or column in RAM, recovery is possible for only one RAM failure, which is clearly not enough for critical systems operating in severe adverse environmental conditions. In addition, the appearance of a double and triple steady failure in the word RAM leads to a failure of the entire device or one of its channels if the system is multi-channel redundant, which also lowers the fault tolerance characteristics of the device.

A device [2] is known, which is a server of a high-performance computing system pSeries 690 from IBM (USA), built on the basis of a POWER4 microprocessor, having a high-performance fault-tolerant multi-level memory (RAM), designed in RAS technology (high reliability, availability and serviceability) to work in conditions of hardware failures and failures. In the known device, high fault tolerance of the memory is achieved by storing the results of the current calculations in the cache of three levels (in addition to RAM), while 64KB of cache instructions and 32KB of cache data inside the chip are protected by parity bits, and the intermodular communication cache and communication directory cache with RAM (up to 32 MB) and RAM itself are protected by a Hamming code. In case of an unrecoverable failure (for example, multiple) to the cache of level i (i = 1, 2, 3), the correct result in real time is taken from level i + 1, up to the "level" of RAM.

The disadvantage of this device is the impossibility of restoring physically failed cache and RAM cells, which, due to an increase in the error rate over time, leads to memory degradation by shutting down failed partitions, to device failure or to erroneous correction. The main negative contribution to reducing the reliability of memory is made by double and triple stable failures, since the fight against double failures is carried out by well-known system methods: preventive cleaning of memory from single failures (the so-called scrubbing) with the help of controllers “cleaners” that constantly or periodically collect “ garbage "in the form of words with a single error such as a failure in RAM to restore the correct value and write it to its previous place in memory; the introduction of software return points and reboots from a higher memory level up to a permanent memory device commands and stored critical data.

Closest to the technical solution to the present invention is a fault-tolerant random access memory [3], containing redundant RAM, equipped with a Hamming code, a Hamming code controller, a memory address register, a memory data register, and an adder modulo two that computes a stable error syndrome.

The known device allows you to restore information in the event of multiple steady failures in RAM. In the known device, an information recovery algorithm is used due to the repeated recording at the same address of the inverted word read from the excess RAM proposed in [4]. In [3], this algorithm was expanded to correct latent steady failures in RAM.

A disadvantage of the known device is the decrease in the speed of the main computing channel due to the constant processing of distorted words with repeated addressing to them in RAM. In addition, the preservation of accesses to physically failed memory cells leads over time to increasing the likelihood of increasing the error rate in the RAM word due to failures and steady failures, which, in turn, leads to erroneous information correction and device failure. The mechanism for calculating and applying corrections proposed in the known device [3] requires additional memory with a capacity of at least equal to the main memory. The latter may be acceptable only for very small RAM (in [3] - eight words), duplication of RAM, which is real in control systems with a capacity of about 0.5-50 megabytes of static memory in one channel, is usually unacceptable for reasons of reliability, consumption energy and cost.

The technical result of the invention is to increase the degree of fault tolerance of the RAM of real-time control systems with respect to single, double and triple combined failures and failures while simplifying the device and expanding its functionality. In general, the invention allows to parry up to several hundred failed memory cells with this type of failure.

The specified technical result is achieved by the fact that in a known random access memory device containing redundant RAM equipped with a Hamming code, a Hamming code controller, a memory address register, a memory data register, a modulo two adder calculating a stable error syndrome, a diagnostic cache with a capacity of of the order of 1 word, the first and second register-inverters, the input and output multiplexers, respectively, in two and three directions, the OR element, the AND element, the adder of the threshold of the error bits of the word and a control automaton, while the address inputs of the diagnostic cache are connected to the index part of the address of the RAM memory word, and the inputs of the diagnostic cache memory are connected to the RAM data word and to the tag part of the RAM memory word address, cache management inputs are connected to the control inputs RAM, the inputs of the register-inverters are connected to the data bus of the RAM and to the zero direction of the output multiplexer, the output of the diagnostic cache is connected to the output of the output multiplexer, and the outputs of the register-inverters are connected They are connected to the first and second directions of the output multiplexer and to the adder modulo two, the outputs of which are connected to the multi-input OR element and to the inputs of the adder of the threshold of the error bits of the word, the output of the OR element is connected to the input of the AND element, the outputs of the AND element, the Hamming code controller, the correctness bit RAM words and two outputs of the threshold word bit adder are connected to the input of the control automaton, whose control outputs are connected to the control inputs of the Hamming code controller, control inputs of multiplexers, input Allowing the above dispensing the contents of registers, the inputs Thurs / Zap. RAM and diagnostic cache, and to the input of the And element, while the output of the output multiplexer is connected through the data register of the memory to the first input of the input multiplexer and to its second input directly, the third output of the adder of the threshold of the error bits of the words is outputted to the alarm signal, and the second output of the adder modulo two is connected to the second input of the input multiplexer 9.

Figure 1 presents the structural diagram of random access memory with a high degree of fault tolerance; figure 2 - automatic control; figure 3 presents the data structure of the Hamming code controller, where a is the Data word in the excess RAM, b is the Address word of the excess RAM, c is the Data word in the diagnostic cache, d is the Word of the address of the diagnostic cache; figure 4 is a memory cell corresponding to a 22-bit address in excess RAM; 5 is a word format in a diagnostic cache.

Random access memory with a high degree of fault tolerance (Fig. 1) comprises a memory address register 1 (RAM), redundant random access memory 2 (RAM) equipped with a Hamming code, a Hamming code controller 3 (CCX), a memory data register 4 (RDP), modulo adder two 5 (SMD), calculating the stable error syndrome, diagnostic cache memory 6 (DCT) with a capacity of the order of 1 word, the first 7 (1RI) and the second 8 (2RI) inverter registers, input multiplexer 9 (V × M) in two directions and output multiplexer 10 (VykhM) in three directions, ele ment OR 11, element And 12, the adder threshold of the error bits of the word 13 (SPOBS) and the control unit 14 (AU). Blocks 5, 7, 8, 9, 10, 11, 12, 13, together with the automatic control unit 14, essentially constitute the second memory controller. The address inputs of the diagnostic cache 6 are connected to the index part of the memory word address of the RAM 2, and the data inputs of the diagnostic cache 6 are connected to the data word RAM 2 and to the tag part of the memory word address of the RAM 2, cache control inputs 6 are connected to control inputs of RAM 2, the output of the diagnostic cache 6 is connected to the output of the output multiplexer 10, the inputs of the register-inverters 7, 8 are connected to the data bus of the RAM 2 and to the zero direction of the output multiplexer 10, and the outputs of the register-inverters 7 and 8 are connected are connected respectively to the first and second directions of the output multiplexer 10 and to the inputs of the adder modulo two 5, the outputs of which are connected to the multi-input element OR 11 and to the inputs of the adder 13, the output of the element OR 11 is connected to the input of the element And 12. The output of the multiplexer 10 is connected through the register data memory 4 via the data bus to the first input of the multiplexer 9 and to its second input directly. The outputs of the controller of the Hamming code 3 (SE v ME), the correct word bit of excess RAM 2 (V), the And element 12 (Syndr_ust) and two outputs of the threshold adder of the error bits of the word 13 (M_Syndr_ust) are connected to the inputs of the control automaton 14. The third output of the threshold adder erroneous bits of word 13 are outputted to the alarm signal. The second adder output modulo two 5 is connected to the second input of the input multiplexer 9. The outputs of the control automaton 14 are connected respectively to the control inputs of the Hamming code controller 3 (CdA, CrA, Latch_en), invertor registers 7 and 8 (en_1, en_2), data register memory 4 (Mem Data Reg_en), memory address register 1 (Addr_en), input 9 (SE v ME, en_3) and output 10 (SE v ME v V, t) multiplexers, AND element 12 (k), redundant RAM 2 and Diagnostic Cache 6 (W / R, cache_en).

The control unit 14 (Fig. 2) is designed to provide a cyclic sequence of control signals, depending on the values taken when reading from the excess RAM 2 control signals SE, ME, Syndr_ust, M Syndr_ust. The control unit 14 is synthesized by standard methods based on the control table 1. Control signals from the output of the control unit 14:

SE (single error) - single error;

ME (multiple error) - multiple error;

V (valid) - the correct word read from RAM;

CrA - correction resolution;

CdA - encoding resolution;

Latch_en - latch is enabled;

Mem_Data Reg_en - data output to the bus is allowed;

Addr_en - permission to issue an address;

t is the control signal of the multiplexer 10;

W / R - write / read signal;

Cache_en - permission to work with diagnostic cache;

k is the phase of the clock signal.

Feedback signals input to the control unit 14:

Syndr_ust - persistent failure;

M_Syndr_ust> 3 (recovery is not guaranteed) or “accident”;

SE, MB, V - see above.

The device operates as follows.

The control unit 14 creates a sequence of control signals at the control inputs of the Hamming 3 code controller (CrA, CdA, Latch_en), permitting the contents of the first 7 (en_1) and second 8 (en_2) inverter registers, memory data register 4 (Mem_Data Reg_en), register memory addresses 1 (Addr_en), input 9 (SE v ME, en_3) and output 10 (SE v ME v V, t) multiplexers, redundant RAM 2 and diagnostic cache 6 (W / R, Cache_en), and AND element 12 (k).

Random access memory with a high degree of fault tolerance is initially loaded with data (or command codes): information and control bits. For information loaded into memory during operation (if it is data), the Hamming 3 code controller adds redundant control bits. When reading from memory, the same controller 3 checks the correctness of the storage of information in the memory and signals errors that have occurred. As a Hamming 3 code controller, EDAC controllers (Error Deletion And Correction) can be used, which have been described many times in the literature, for example [1], and are widely used in computers of increased reliability. It should be noted that the well-known EDAC controllers generate an error syndrome and two control signals SE (single error - single error) and ME (multiple error - multiple error). Using this information, they are able to detect the appearance of a single and double error during storage or reading and to correct a single error. At the same time, a multiple error, in particular a double one, is considered as irreparable catastrophic, requiring interruption of work and treatment at the operating system level. Improving the corrective ability compared to the well-known EDAC controllers by expanding the code power presents significant difficulties and is rarely used in industrial systems.

In the proposed device, as in the prototype, the expansion of the corrective ability is achieved due to temporal and algorithmic redundancy and works in relation to persistent memory failures. This extension is possible thanks to the signal generation circuits Syndr_ust and M_Syndr_ust (blocks 5, 7, 8, 9, 10, 11, 12, 13), which together with the control unit 14 essentially comprise a second memory controller and which, upon receipt of an error signal from the controller Hamming code 3 implements a check for the presence of stable failures in the bits of a read word. Moreover, the invention achieves a slight delay of three to four cycles of accessing static memory when the controller first detects the Hamming code 3 of a failed memory cell. The second memory controller will restore the correct value of the error word and write it to a small additional memory operating in the “inverse cache” mode, which we conventionally called the diagnostic cache memory 6.

The introduction of cache 6 for the purpose of diagnosing and restoring correct information at the physical level (of course, in another information medium, here in the cache) is one of the central points of the invention, since the traditional use of cache in computers has completely different purposes, namely, the coordination of processor speed and main memory. If in a computer the efficiency of cache technology is manifested when the processor primarily works with cache (at least 70% of the time) and not with RAM, then in the invention the diagnostic cache is accessed only in case of a request to a failed memory cell, those. quite rarely. At the second and subsequent calls to the address of this erroneous cell in RAM, it will be read to the memory bus not from RAM, but from the cache memory, without introducing noticeable delays in the system.

The main advantage of introducing a diagnostic cache 6 for storing the recovered information over many other ways of introducing backup memory is the use of a mechanism for mapping a very large address space of the main RAM 2 (tens of MB) to a relatively small (about 1 KB) address space of the diagnostic cache. This mechanism was, in fact, the only revolutionary invention in computers, since it is it that makes the main contribution to the speed of modern computers with dynamic RAM, and it was worked out to perfection. In the invention, the mechanisms for implementing fault tolerant memory are also very close to the mechanisms for operating the cache memory. They are "transparent" to the user, as is the presence of a cache memory, the existence of which many users do not even suspect.

In the invention, the expansion of the correction ability is achieved through the development of additional control variables Syndr_ust, M_Syndr_ust, which together with the variables SE and ME allow the implementation of control table 1.

Table 1 SE ME Syndr_ust M_Syndr_ust Actions 0
0 0
0 0
one 0
0 OK.
Consider serviceable. 0
one one
one 0
0 0
0 Interruption (multiple failure).
Correctable only by rewriting from another face. 0
one one
one one
one 0
0 Controller recovery + Hamming recovery. one 0 0 0 Crash (Hamming Recovery). one 0 one 0 Controller recovery of a single persistent failure. - - - one The appeal to the system: "accident".

First of all, it turns out - there was a failure, a steady failure, or a combination thereof. The verification procedure [4] is given below. The response of the control device 14 is shown in the 5th column of table 1.

If the procedure determines that there is a steady failure, then the second memory controller restores the correct value of the read cell, which is used to continue working. The delay will be on the order of several teams and two calls to RAM 2.

The recovery procedure from sustainable failure is as follows.

. Схема проверки обнаружила при считывании эту ошибку и взвела соответствующий триггер. Итак, считано:Suppose when reading from RAM 2 a failure signal is received (i.e., the Hamming 3 code controller has worked). The memory X ₀ X ₁ X ₂ ... X _k ... X _n-1 was recorded in the memory of RAM 2 (once before!). However, during storage (or when reading), an error occurred in the kth discharge, instead of X _k it became

. The verification circuitry detected this error while reading and cocked the corresponding trigger. So, it is read:

...X_n-1.a: X ₀ X ₁ X ₂ ...

... X _n-1 .

Let's save this value on the register 7. We invert bitwise all the read word:

.b:

.

Write the inverted word back to memory at the same address and read it to another register 8:

.from:

.

.Since the kth digit in the memory is faulty, it again will distort the written X _k in storage and reading

.

Next, we compare modulo the two words b and c:

b:

The result is a failed discharge syndrome. Let us add this syndrome modulo two with the originally read word a:

The result is the correct meaning of the word being read. Recovery always occurs correctly if there is a steady single failure in a word.

More difficult is the case of double failures. Double failures of a stable type and mixed failures of the type of (simultaneous) one failure and one failure may fail to recover correctly. This happens when one error is actively manifested, and the second is not manifested, because coincides at the moment the control is triggered with the correct value in this category. However, in the most important case of a double failure, when both failures are actively manifested, they are correctly restored by the above algorithm.

It is easy to verify that if there was not a steady failure, but a failure, then according to the algorithm, the syndrome will be zero, i.e. It will not indicate the number of the failed discharge, but it will indicate that there is no sustainable failure. Therefore, if the structure of the recorded double failure is a double failure, then restoring the word is not possible other than through rewriting from the correct source. The algorithm, not finding persistent failures in the word, will indicate the need for rewriting from a reliable source.

If the double failure detected by the Hamming control has a structure of one stable and one failure (at the same time), then according to the above algorithm (he will “see” only the steady failure), it will be changed to the correct value in the category of stable failure, and the failed discharge will be the algorithm "Not seen." As a result, the word will be with one error in this bit, but it will be noticed and correctly restored already by the Hamming 3 code controller and written to the diagnostic cache 6, since all words with persistent failures are rewritten there.

If during a double failure one of them is actively manifested, and the other is hidden, then according to the algorithm the values in both digits will be corrected, moreover, in one (active) it is correct, and in a hidden failure it is incorrect. However, although the failure rate will not change (the manifestation of the failure will remain single), the Hamming 3 code controller will correct the remaining single failure and the correct word will be copied to the diagnostic cache 6.

A similar two-stage restoration of the correct value using the second memory controller is also possible in more complex cases of three-time failures, which previously could not be restored. These cases relate to the rows in table 1 in which SE = ME = 1. If in a triple failure all failures are stable and actively appearing, then the information is restored correctly and is transferred to the diagnostic cache 6. If in a triple steady failure two failures are actively appearing and one is hidden, then the information is restored correctly and is also copied to the cache memory 6. If in a triple failure two failures are persistent and actively occurring, and one is a failure, then the information is restored by the second memory controller correctly and is also copied to cache 6. In a more complicated case, the tro one failure, when one failure is actively manifested, and the other two are hidden (see the penultimate row of Table 1), a one-step recovery is triggered: the second memory controller allows the Hamming 3 code controller to correct the value of the “active” erroneous discharge and write the correct word in the cache memory 6. However, if there are more than one failed bits, it is not possible to restore the Hamming 3 code by the controller; in this emergency case, it is necessary to rewrite the correct value from the correct source.

Due to the small volume of alleged failed cells (no more than 0.5-1.0 Kslov), the “diagnostic cache” can be designed on a relatively expensive but significantly more reliable elemental base - for example, CMOS KNS or flash memory (although in the latter you need to overcome some difficulties with recording information). Since accessing the cache memory is, on average, a rare event, delays due to reduced performance are on average insignificant. Such a solution can turn out to be orders of magnitude more economical and more effective than using an expensive elemental base for all memory, as in modern foreign systems using the SOS technology (silicon on sapphire _Silicon_on_Sapphfire).

Consider the architecture of fault tolerant memory.

The data structure of the controller of the Hamming code 3 is presented in figure 3 (a, 6, c, d), where the variables are indicated:

SE (= 1 single error);

ME (= 1 multiple error);

valid (= 0 true);

cache_valid_bit (= 1 true);

Syndr_ust (= 1 persistent failure);

M_Syndr_ust> 3 (recovery is not guaranteed).

The Hamming 3 code controller corrects a single “soft” failure or a single stable failure when reading, but in the latter case it does not restore the true information stored in memory. Therefore, the appearance of the second error in the word, which has both a stable and a bad character, leads to the failure of the face (channel) or system. To counteract the appearance of double errors in the memory word in spaceborne vehicles (Honeywell company in the RH-32SBC on-board computer, BAE company), a special "background" memory cleaner controller (RAM) from single "soft" failures is used. For flash memory, using such a controller is much more problematic due to the difficulties of online rewriting. This procedure reduces the probability of accumulation of multiple failures, but, nevertheless, the appearance in the face (channel) of a cell with multiple (two or more) persistent faults (or in combination: steady + fault) causes the face to fail. The appearance of such failures in each face will cause a complete failure of the system. In order to overcome this drawback, it is proposed to expand the capabilities of the well-known Hamming code controller.

It is assumed that in RAM 2 information is stored in the form of 32 information bits +7 verification bits of the extended Hamming code +1 bit of "word correctness", total 40 bits. The Hamming 3 code controller generates two variables: single-bit flags SE (single error) and ME (multiple error). In the second memory controller, two more variables are generated: “Syndr_ust”, “M_Syndr_ust> 3” and “correctness bit” or, in short, “valid” bit, the last one is another bit of memory (see above). Three auxiliary registers R1temp, R2temp, Rsynd are reserved.

Consider the example of RAM with a capacity of 4MB with addressing the memory word in 22 bits. Since when protecting memory with a Hamming code, addressing is done to words and not to bytes of memory, then assuming a total memory capacity of 4MB, this will be 1M word. The address word is divided into two parts with their own names: index (bits 2 ÷ 11, i.e. 0 and 1 bits that give the address to the byte are not used) and tag addresses are the highest 10 bits. Index and tag are variables that the second memory controller will manipulate.

Additional Cache memory is introduced with the address space defined by the Index field (10 bits) in the address (that is, 1,024 words), with a word width equal to 32 + 7 + | tag | + “cache_valid_bit” = 32 + 7 + 10 + 1 = 50 bits.

When reading a word from RAM 2, an additional word bit (memory word correctness bit) is used as a control bit. If this bit is 0, then reading is done from the main memory (RAM 2), if it is 1, then the reading is redirected to the diagnostic cache memory 6 at the index address.

The second memory controller is designed in accordance with the previously discussed control table 1. As already mentioned, the expansion of the correcting ability of the new memory proposed in the invention is achieved by the generation of additional control variables Syndr_ust, M_Syndr_ust, which together with the variables SE and ME allow implementing the control table one.

Redirection of failed memory cells is as follows.

For stable failures, using information from the Hamming 3 code controller and the second memory controller, you can restore the distorted value in a read word and redirect this word to an additional (backup) memory - diagnostic cache memory 6 for storing the restored good value. Any appeal to a distorted word at the old address should be automatically redirected to the new location of this word without a noticeable increase in the access time.

In the prototype (and, in general, in many modern systems), information recovery is implemented through a backup (mirrored) memory that does not differ from the main one in its volumes. A similar approach for spaceborne systems seems extremely costly. Another idea is proposed here - backup memory of very small capacity. After all, one must be aware that there can not be a lot of stably failed cells, compared to all memory. It was noted that now they are, in the worst case, units. Our task is to try to increase this critical value to several tens or hundreds. In the proposed embodiment, the mechanisms for implementing fault-tolerant memory partially resemble the mechanisms of operation of a regular cache, only in the reverse ("inverse") sequence with other system goals, and implementing other algorithms.

Consider the main actions of the second memory controller.

Let the memory address correspond to the 22-bit address in RAM 2, (Fig. 4):

- if a single failure is detected when reading from RAM 2 at the specified address, it is corrected by the Hamming 3 code controller and the correct value is sent to the interface and overwritten in RAM 2 at the old address;

- if when reading from RAM 2 a multiple failure is detected, then the correct information is restored by census from another face (from the correct source);

- if, when reading from RAM 2, a single failure (i.e., SE = 1, ME = 0) was found to be stable, then the information is restored by the Hamming 3 code controller, and the second memory controller allows it to enter the interface. At the same time, this information + address tag (10 bits) is entered in the diagnostic cache 6 at the index address (10 bits), and in RAM 2 at the full address - 1 is entered in the correctness bit;

- if, when reading from RAM 2, a steady double failure is detected (i.e., SE = 0, ME = 1), then the information is restored by the second memory controller, additionally checked by the Hamming 3 code controller and goes to the interface. At the same time, this information + address tag (10 bits) is entered in the diagnostic cache 6 at the index address (10 bits), and in RAM 2 at the full address - 1 is entered in the correctness bit;

- if, when reading from RAM 2, the correctness bit turns out to be 1, then access (hardware) is made to the diagnostic cache 6.

The word format in the diagnostic cache 6 is shown in Fig.5.

Further work is as follows. At the next call to the address of the faulty cell, the control of the incorrect bit in RAM 2 is triggered. At the same time, control by the Hamming code can also work. In this case, the reading of the word is repeated in hardware from the diagnostic cache 6 at the index address. The information itself and the tag are read, which is compared with the tag field of the full address. If the latter coincides, the reading is considered correct. Tag mismatch can occur in the extremely unlikely event that there is a second faulty RAM 2 cell that has the same index but a different tag. Given that the total number of faulty cells is one, the maximum is several tens, and the various indices are more than a thousand, such a coincidence is unlikely. On the other hand, the possibility of having two faulty cells in RAM 2 with the same indexes can be taken into account when designing the cache memory not as 1-associative (as discussed above), but as 2-associative, allowing the indices to coincide at the addresses of two faulty cells. The capacity of such a cache is twice as large. The latter mechanism is used in the cache of almost all computers, however, for other purposes and therefore in a different procedure.

In general, the proposal looks like an “inverse cache" when compared with real cache technology. In the latter, the processor tries to read the information at the received address first from the cache, and if it does not find it there, it contacts RAM 2. Here, the information is first read from RAM 2 and, if it is correct, then everything goes as usual. If it is found that the RAM cell 2 is faulty, then the correct information is read from the diagnostic cache 6. Given that there should not be a lot of failures, there will be no noticeable performance loss. At the same time, you can afford the "luxury" to have a hundred failed cells, while maintaining the system.

Information sources

1. C. L. Chen and M.Y. Hsiao, "Error-Correcting Codes for Semiconductor Memory Applications: A State of-the-Art Review," IBM Journal Res. & Dev., Vol. 28, No.3, pp.124-134, March 1984. (The use of corrective codes in semiconductor memory: a review of the current state.)

2. D. C. Bossen, A. Kitamorn, K. F. Reick, and M. S. Flood, "Fault-tolerant design of the IBM pSeries 690 system using POWER4 processor technology," IBM Journal Res. & Dev., Vol. 46, No.1, pp.77-86, January 2002. (Fail-safe design of the IBM pSeries 690 system based on POWER4 processor technology).

3. RF patent No. 2211492, cl. G11C 29/00, G06F 11/07, 2003

4. Correction of persistent errors in RAM by the double inversion method, Computer Design, v.20, No. 12, 1981, pp. 187-190.

Claims (1)

High-resiliency random access memory containing redundant RAM equipped with a Hamming code, a Hamming code controller, a memory address register, a memory data register and an adder modulo two, characterized in that it further comprises a diagnostic cache memory, first and second inverter registers , input and output multiplexers, respectively, in two and three directions, an OR element, an AND element, an adder for a threshold of erroneous word bits and an automatic control device, while the address inputs of the diagnostic cache They are connected to the index part of the RAM memory word address and the diagnostic cache data inputs are connected to the RAM data word and to the tag part of the RAM memory word address, cache control inputs are connected to RAM control inputs, register-inverter inputs are connected to the data bus RAM and to the zero direction of the output multiplexer, the output of the diagnostic cache is connected to the output of the output multiplexer, and the outputs of the register-inverters are connected to the first and second directions of the output multiplexer and to the sum modulator two, the outputs of which are connected to the multi-input OR element and to the inputs of the adder of the threshold of the error bits of the word, the output of the OR element is connected to the input of the element AND, the outputs of the element AND, the Hamming code controller, the correct word bits of the RAM and two outputs of the threshold word adder of the error bits connected to the input of the control automaton, the control outputs of which are connected to the control inputs of the Hamming code controller, the control inputs of the multiplexers, the enable input of the contents of the above registers, to the inputs West RAM and diagnostic cache, and to the input of the And element, while the output of the output multiplexer is connected through the data register of the memory to the first input of the input multiplexer and to its second input directly, the third output of the adder of the threshold of the error bits of the words is outputted to the alarm signal, and the second output of the adder modulo two is connected to the second input of the input multiplexer.

Images