Apparatus for and a method of making a hierarchical integrated circuit design of an integrated circuit design, a computer program product and a non-transitory tangible computer readable storage medium
US-9235673-B2 · Jan 12, 2016 · US
System and method for false pass detection in lockstep dual core or triple modular redundancy (TMR) systems
US10089194B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10089194-B2 |
| Application number | US-201615176745-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 8, 2016 |
| Priority date | Jun 8, 2016 |
| Publication date | Oct 2, 2018 |
| Grant date | Oct 2, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure relates to an apparatus and method for false pass detection in lockstep dual processing core systems, triple modular redundancy (TMR) systems, or other redundant processing systems. A false pass occurs when two processing cores generate matching data outputs, both of which are in error. A false pass may occur when the processing core are both subjected to substantially the same adverse condition, such as a supply voltage drop or a sudden temperature change or gradient. The apparatus includes processing cores configured to generate first and second data outputs and first and second timing violation signals. A voter-comparator validates the first and second data outputs if they match and the first and second timing violation signals indicate no timing violations. Otherwise, the voter comparator invalidates the first and second data outputs. Validated data outputs are used for performing additional operations, and invalidated data outputs may be discarded.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus, comprising: a first processing core configured to generate a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions; a second processing core configured to generate a second data output and a second timing violation signal in response to executing another one of the set of lockstep instructions; a voter-comparator configured to validate the first and second data outputs in response to the first data output matching the second data output, and the first and second timing violations signals indicating no timing violation; and a responder configured to perform a defined operation based on an asserted error signal generated by the voter-comparator, wherein the defined operation comprises reconfiguring the first and second data processing cores to states prior to the execution of the set of lockstep instructions, respectively. 2. The apparatus of claim 1 , wherein the voter-comparator is further configured to invalidate at least one of the first or second data output in response to the first data output not matching the second data output or at least one of the first timing signal or the second timing signal indicating a timing violation. 3. The apparatus of claim 1 , wherein the voter-comparator is configured to output at least one of the validated first or second data output. 4. The apparatus of claim 1 , wherein the voter-comparator is configured to suppress outputting at least one of the first or second data output if the at least one of the first and second data output is deemed invalid. 5. The apparatus of claim 1 , wherein the defined operation comprises stalling the operation of the first and second data processing cores. 6. An apparatus, comprising: a first processing core configured to generate a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions; a second processing core configured to generate a second data output and a second timing violation signal in response to executing another one of the set of lockstep instructions; a voter-comparator configured to validate the first and second data outputs in response to the first data output matching the second data output, and the first and second timing violations signals indicating no timing violation; and a responder configured to not respond to a deasserted error signal generated by the voter-comparator. 7. An apparatus, comprising: a first processing core configured to generate a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions; a second processing core configured to generate a second data output and a second timing violation signal in response to executing another one of the set of lockstep instructions, wherein at least one of the first or second data processing cores comprises a timing violation detection circuit configured to generate the at least first or second timing violation signal; and a voter-comparator configured to validate the first and second data outputs in response to the first data output matching the second data output, and the first and second timing violations signals indicating no timing violation. 8. The apparatus of claim 7 , wherein the timing violation detection circuit comprises: a flip-flop comprising: a clock input configured to receive a clock signal; a data input configured to receive a first data from a logic circuit; and a data output configured to output a second data in response to a triggering portion of the clock signal; an inverter configured to generate an inverted clock signal from the clock signal; and a comparator comprising: a first input configured to receive the first data; a second input configured to receive the second data; a third input configured to receive the inverted clock signal, wherein the comparator is configured to assert the first or second timing violation signal in response to the first data not matching the second data during a triggering portion of the inverted clock signal. 9. An apparatus, comprising: a first processing core configured to generate a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions; a second processing core configured to generate a second data output and a second timing violation signal in response to executing another one of the set of lockstep instructions, wherein at least one of the first or second data processing core comprises a plurality of timing violation detection circuits configured to generate the at least first or second timing violation signal, wherein the timing violation detections circuits are employed in selected data paths within the at least one of the first or second data processing core, respectively; and a voter-comparator configured to validate the first and second data outputs in response to the first data output matching the second data output, and the first and second timing violations signals indicating no timing violation. 10. A method, comprising: generating a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions; generating a second data output and a second timing violation signal in response to executing another one of the set of lockstep instructions; validating the first and second data outputs in response to the first data output matching the second data output, and the first and second timing violations signals indicating no timing violation; and performing a defined operation in response to invalidating the first and second data outputs, wherein the defined operation comprises reconfiguring the first and second data processing cores to states prior to the execution of the set of lockstep instructions, respectively. 11. The method of claim 10 , further comprising invalidating at least one of the first or second data output in response to the first data output not matching the second data output or at least one of the first timing signal or second timing signal indicating a timing violation. 12. The method of claim 10 , further comprising outputting at least one of the validated first or second data output. 13. The method of claim 10 , further comprising suppressing an outputting of at least one of the first or second data output if the at least one of the first or second data output is deemed invalid. 14. The method of claim 10 , wherein the defined operation comprises stalling respective operations of the first and second data processing cores that generated the invalidated first and second data outputs, respectively. 15. The method of claim 10 , wherein generating the at least one of the first or second timing violation signal comprises: receiving a first data; receiving a second data in response to a first triggering portion of a clock signal; comparing the first data with the second data in response to a second triggering portion of an inverted clock signal; and asserting the at least first or second timing violation signal in response to the first data not matching the second data based on the comparison. 16. The method of claim 10 , wherein generating the at least first or second timing violation signal comprises monitoring for timing violations in selected data paths within the at least first or second data processing core, respectively. 17. An apparatus, comprising: means for generating a first data output and a first timing violation signal in response to executing one of a set of lockstep instructions;
Assignees
Inventors
Classifications
Voting techniques · CPC title
Solving problems relating to consistency · CPC title
where the redundant components implement processing functionality · CPC title
- G06F11/1641Primary
where the comparison is not performed by the redundant processing components · CPC title
where the fault affects the clock signals of a processing unit and the redundancy is at or within the level of clock signal generation hardware · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10089194B2 cover?
- The disclosure relates to an apparatus and method for false pass detection in lockstep dual processing core systems, triple modular redundancy (TMR) systems, or other redundant processing systems. A false pass occurs when two processing cores generate matching data outputs, both of which are in error. A false pass may occur when the processing core are both subjected to substantially the same a…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F11/1641. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 02 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).