WO2015068207A1 - Programmable device - Google Patents

Programmable device Download PDF

Info

Publication number
WO2015068207A1
WO2015068207A1 PCT/JP2013/079916 JP2013079916W WO2015068207A1 WO 2015068207 A1 WO2015068207 A1 WO 2015068207A1 JP 2013079916 W JP2013079916 W JP 2013079916W WO 2015068207 A1 WO2015068207 A1 WO 2015068207A1
Authority
WO
WIPO (PCT)
Prior art keywords
circuit
error
circuits
copy
logic circuit
Prior art date
Application number
PCT/JP2013/079916
Other languages
French (fr)
Japanese (ja)
Inventor
山田 弘道
山田 勉
島村 光太郎
雄介 菅野
真 佐圓
鳥羽 忠信
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to JP2015546177A priority Critical patent/JPWO2015068207A1/en
Priority to PCT/JP2013/079916 priority patent/WO2015068207A1/en
Publication of WO2015068207A1 publication Critical patent/WO2015068207A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K19/00Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
    • H03K19/02Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits using specified components
    • H03K19/173Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits using specified components using elementary logic circuits as components
    • H03K19/177Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits using specified components using elementary logic circuits as components arranged in matrix form
    • H03K19/17748Structural details of configuration resources
    • H03K19/17764Structural details of configuration resources for reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/142Reconfiguring to eliminate the error
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K19/00Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
    • H03K19/003Modifications for increasing the reliability for protection
    • H03K19/00392Modifications for increasing the reliability for protection by circuit redundancy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • G06F11/183Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components

Definitions

  • the present invention relates to a technique effective when applied to a programmable device in which an internal logic circuit can be defined and changed by a user after manufacture.
  • FPGA Field Programmable Gate Array
  • the logic circuit information When power is turned on to the FPGA, the logic circuit information is loaded into the internal CRAM (configuration RAM), and the FPGA determines the logic circuit and starts operation. To do.
  • CRAM configuration RAM
  • the FPGA determines the logic circuit and starts operation.
  • a soft error occurs in the CRAM due to the influence of cosmic rays and the logic circuit information is rewritten, and the logic circuit is changed to a wrong function (failed) and malfunctions.
  • a triple as a method of preventing an output error even if a logic circuit fails.
  • the majority of the output of the triple logic circuit is processed, and when the result becomes 2 to 1, the result of which the two match is selected.
  • the logic circuit that outputs a result that does not match is regarded as a failure and stops its operation.
  • Such triplet is called non-repair triplet. Designing a non-repair triple circuit as a logic circuit is effective to some extent against FPGA soft error countermeasures. However, if one logic circuit fails, majority processing can no longer be performed. If one of them fails, an output error cannot be prevented.
  • Some of the latest FPGAs have a dynamic partial reconfiguration function, and a part of logic circuit information can be reloaded from an external flash ROM to CRAM during operation. If this function is used, when the output of the triple logic circuit is divided into two-to-one, it is considered that the logic circuit that has output that does not match is faulty, and the logic circuit information in the CRAM is It can be reloaded to repair a failed logic circuit. Even if the logic circuit is repaired, the data held by the sequential circuit FF (flip-flop) does not always match the normal logic circuit. Therefore, a method of copying and matching data from the FF at the same position of the normal logic circuit to the FF of the repaired logic circuit can be considered.
  • Patent Document 1 discloses that in an FPGA having a dynamic partial reconfiguration function, a logic circuit is tripled and majority processing is performed, and when an error is detected, an unused portion of the FPGA is replaced.
  • a method is disclosed in which a logic circuit is configured and data is copied in one cycle from all FFs of a normal logic circuit to all FFs of the newly configured logic circuit.
  • Such a triple that can repair a failed logic circuit is called a repair triple.
  • the repair system triple even if a logic circuit breaks down, it can be repaired and the original triple can be restored, so that higher reliability can be obtained than the non-repair system triple.
  • the logic circuit for generating the copy data and the wiring between the FFs are required for the number of FFs, which consumes the logic cells and wiring resources of the FPGA and deteriorates the mounting efficiency, and the maximum delay. There was a problem that power consumption increased.
  • An object of the present invention is to provide a technology for realizing a triple repair system of an FPGA while suppressing the consumption of the logic cells and wiring resources of the FPGA.
  • a programmable device having a dynamic partial reconfiguration function for reloading a part of logic circuit information from an external storage medium during operation, a triple logic circuit, and a large number of outputs of the triple logic circuit
  • the input data of some sequential circuits is one of the other two Is output to the logic circuit as copy data, and the copy data from another logic circuit and the data generated by the own logic circuit are selected and input to the sequential circuit.
  • a copy circuit configured as described above, and error control for executing partial reconfiguration by inputting the error signal and overwriting logic circuit information on the configuration memory of the logic circuit in which an error has occurred by the partial reconfiguration function
  • the sequential circuit from the logic circuit that is operating normally to the logic circuit in which the error has occurred is changed to a multistage number of sequential circuits that are not connected to the copy circuit.
  • a sequential circuit copy control circuit for executing control for copying by applying a plurality of corresponding copy cycles is provided.
  • the copy circuit selects input data or output data to some sequential circuits in each of the triple logic circuits. Output to one of the other two logic circuits as copy data, and select the copy data from the other logic circuit and the data generated by its own logic circuit and input to the sequential circuit. It is characterized by being.
  • the number of copy cycles corresponding to the multi-stage number of sequential circuits not connected to the copy circuit has an allowable value.
  • the copy circuit is connected to a sequential circuit in the middle of a sequence circuit sequence not connected to the multi-stage continuous copy circuit, thereby reducing the number of copy cycles required for copying all the sequential circuits. It is characterized by that.
  • a copy circuit is connected to a part of the sequential circuit, and a plurality of copy cycles corresponding to the number of stages of the sequential circuit not connected to the copy circuit is performed.
  • FIG. 3 is an equivalent logic diagram of the majority circuit in the first embodiment.
  • 3 is a truth table of the majority circuit in the first embodiment.
  • 3 is a process flowchart of an error control circuit according to the first exemplary embodiment.
  • 3 is a flowchart of error processing of a triple logic circuit MA according to the first embodiment.
  • 3 is a timing chart of error processing of the logic circuit MA1 according to the first embodiment.
  • FIG. 2 is a block diagram of a triple logic circuit MA and an FF copy control circuit (FFCOPY) in Embodiment 1.
  • FIG. 2 is a configuration diagram of an FF copying circuit from a triple logic circuit MA0 to MA1 in Embodiment 1.
  • FIG. 3 is a timing chart of FF copying from a triple logic circuit MA0 to MA1 in the first embodiment. It is an example of a timing chart of copying failure. It is an example of a timing chart of successful copying.
  • FIG. 1 shows a first embodiment to which the present invention is applied.
  • a logic circuit is tripled and majority processing is performed, and a failed logic circuit is reloaded into a CRAM.
  • FIG. 3 is a block diagram of a repair-type triple logic circuit configured to be able to copy data from another logic circuit to a repair and a part of the FF of the repaired logic circuit.
  • the logic circuit information of the FPGA 1 is held in an external flash ROM (FR) 2.
  • FR external flash ROM
  • the FPGA 1 includes a user logic circuit 3, a CRAM 4, and a CRAM access interface circuit (CRAM_ACC_IF) 5.
  • the user logic circuit 3 includes three types of logic circuits MA, MB, and MC, each of which is tripled.
  • MA is tripled into MA0 (10), MA1 (11), and MA2 (12), processes the input signal INA, and outputs 13, 14, and 15 are majority determined by the majority circuit V16 (V is an abbreviation for Voter).
  • the output signal OUTA is processed, and the error signal 18 at the time of occurrence of the error is input to the error control circuit ERRNG40.
  • the logic circuit MB is tripled into MB0 (20), MB1 (21), and MB2 (22), processes the input signal INB, and outputs 23, 24, and 25 are processed by the majority circuit V26 to output the output signal 27.
  • the error signal 28 is input to the ERRNG 40.
  • the logic circuit MC is tripled to MC0 (30), MC1 (31), MC2 (32), processes the signal 27, and outputs 33, 34, 35 are processed by the majority circuit V36 to become an output signal OUTC.
  • the error signal 38 is input to the ERRNG 40.
  • CRAM 4 includes triple logic circuits MA0, MA1, MA2, MB0, MB1, MB2, MC0, MC1, MC2, and majority circuit V, error control circuit ERRMNG, partial reconfiguration control circuit PTRCFG, and FF copy control circuit FFCOPY. An area for storing logic circuit information is divided.
  • PTRCFG 50 designates the address area of FR2 and CRAM4 where the information of the failed logic circuit is stored in CRAM_ACC_IF5, and requests reloading from FR2 to CRAM4 (51).
  • the CRAM_ACC_IF 5 outputs an address to the FR 2 in accordance with the request 51 (6), reads the logic circuit information (7), outputs the address and the logic circuit information to the CRAM 4 and performs overwriting (8).
  • the CRAM_ACC_IF 5 outputs an end signal 9 to the PTRCFG 50
  • the PTFRFG 50 outputs an end signal 52 to the ERRNG 40.
  • ERRMNG 40 requests the FF copy control circuit FFCOPY 60 to make an FF copy of the repaired logic circuit (42).
  • the FFCOPY 60 executes FF copying of the failed logic circuit in accordance with the request 42.
  • 61 is an MA copy control signal
  • 62 is an MB copy control signal
  • 63 is an MC copy control signal.
  • the FFCOPY 60 outputs an end signal 64, and the ERRMNG 40 recognizes that the repair of the logic circuit that detected the error has been completed. If the repaired logic circuit is operating normally, the majority circuit error output should disappear. If an error is output from the same logic circuit, it is not a CRAM soft error but a logic circuit hardware failure is suspected.
  • ERRMNG 40 confirms whether the error disappears after the repair, and if it does not disappear, outputs an error signal ERR to notify the system of the abnormality.
  • the ERRMNG 40 may have a register or a memory for recording information on the occurrence of an error. As information to be stored, an identifier of a module in which an error has occurred, the number of times an error has occurred, an error occurrence timing, and the like can be considered.
  • FIG. 2 is an equivalent logic diagram of the majority circuit V in the first embodiment.
  • the output signals of the triple logic circuit are input to vin0, vin1, and vin2, respectively.
  • N circuits are connected for each bit.
  • vout is a majority output signal
  • err [1: 0] is an error signal.
  • FIG. 3 is a truth table of the majority circuit V in the first embodiment.
  • the input signals vin0, vin1, and vin2 each take a value of 0 or 1, and there are 8 combinations.
  • the majority output signal vout outputs the larger value of the three inputs.
  • the error signal err [1: 0] is 00 (no error) when all three input signals match, and the input signal identification number that does not match when divided into 2: 1 (in the case of vin0, 01, in case of vin1) 10. When vin2, 11) is output.
  • FIG. 4 is a process flowchart of the error control circuit ERRNG 40 in the first embodiment.
  • process P1 the error signals of the majority circuits (V) 16, 26, and 36 are checked. If there is no error in the branch process S1, the process ends. If there is an error, the process proceeds to branch process S2, and if MA is an error, MA error process (P2) is executed. If MA is not an error, the process proceeds to branch process S3. If MB is an error, MB error process (P3) is executed. If the MB is not an error, MC error processing (P4) is executed. If a plurality of MAs, MBs, and MCs are in error, error processing is executed with a priority order of MA> MB> MC.
  • FIG. 5 is a flowchart of error processing of the triple logic circuit MA in the first embodiment.
  • the error signal 18 of the majority circuit (V) 16 is checked. If MA0 is an error in branch processing S20, MA0 is partially reconfigured in process P21, and FF of MA0 is copied from MA2 in process P22. If MA0 is not an error, the process proceeds to branch process S21. If MA1 is an error, MA1 is partially reconfigured in process P23, and FF of MA1 is copied from MA0 in process P24. If MA1 is not an error, MA2 is partially reconstructed in process P25, and the FF of MA2 is copied from MA1 in process P26.
  • FIG. 6 is a timing chart example of MA1 error processing in the first embodiment. It is assumed that the logic circuit information (CRAM) of MA0, MA1, and MA2 is normal in the cycle in which the clock clk is 1. Since the user logic circuits (MA0, MA1, MA2) operate normally and the inputs of the majority circuit (V) match, vout is normal and err is error free. If a soft error occurs in the MA1 logic circuit information on the CRAM in the cycle where the clock clk is 4 and a failure occurs (information error), the MA1 logic circuit fails (function error) and malfunctions.
  • CRAM logic circuit information
  • the MA2 logic circuit fails and malfunctions.
  • MA0 and MA1 match the inputs of the majority circuit, and MA2 does not match the others, so the outputs of MA0 and MA1 are regarded as normal values for vout. And that err is output that MA2 is an error.
  • MA2 is repaired by partial reconstruction and FF copying.
  • the repair system triple prevents the two logic circuits from failing at the same time by repairing the failed logic circuit and restoring the triple.
  • the free-run counter is an N-bit FF with a reset input (rst) and is initialized to all 0s by rst. When rst is released, the free-run counter is incremented by 1 every time the clock clk is input. The free-run counter adds 1 to the output data q by an incrementer to obtain FF input data d.
  • the output data q forms a feedback loop for determining the input data d, and FF copying is essential to update the FF.
  • the next state d is determined in the combinational circuit C by the output data q of the FF which is the current state and the input i.
  • the output data q of the FF forms a feedback loop that determines the input data d, and FF copying is essential to update the FF.
  • the non-enable register is a temporary storage circuit for data that does not form a feedback loop.
  • the input data d of the FF becomes output data q with a delay of one clock cycle. In this type, the output data q of the FF does not affect the input data d, and if d becomes normal, q becomes normal in the next cycle, so the necessity for FF copying is low.
  • (1) the free-run counter and (2) the state machine require FF copying, and the registers (3) and (4) may be written with a normal input d within an allowable cycle time. Copy only at low points. A part of the FFs of the logic circuit are copied to normalize, and the other FFs wait until the input becomes normal as the cycle progresses and is written and normalized.
  • FIG. 8 is a block diagram of the triple logic circuit MA and the FF copy control circuit (FFCOPY) in the first embodiment.
  • F is a register without enable and FE is a register with enable.
  • C is a combinational circuit.
  • the first and fourth FFs are copied and the second and third FFs are not copied.
  • 70 is copy data from MA0 to MA1
  • 71 is copy data from MA1 to MA2
  • 72 is copy data from MA2 to MA0.
  • the FFCOPY 60 executes the FF copy of the failed logic circuit in accordance with the FF copy request 42 from the error control circuit ERRMNG 40.
  • Reference numeral 610 denotes FF copy control of MA0
  • 611 denotes FF copy control of MA1
  • 612 denotes FF copy control of MA2.
  • the MA copy control signal 61 in FIG. 1 is a bundle of three signals 610, 611 and 612.
  • the FFCOPY 60 has a copy cycle setting information storage unit CPCYC 65, and executes copying according to the stored information (cycle).
  • the CPCYC65 stored information may be a constant or a variable (register setting).
  • FIG. 9 is a configuration diagram of the FF copying circuit from the triple logic circuit MA0 to MA1 in the first embodiment.
  • MA0 10
  • the outputs d101 and en102 of the combinational circuit 100 are the input data and enable of the FF (FE) 107 with enable before the copying circuit is added.
  • ma2_ff_out72 is copy data from MA2 (not shown).
  • copy_ff_ma0 (610) is an FF copy control signal of MA0.
  • the multiplexer MUX 103 generates the input data d_mux 104 of the FE 107. When copy_ff_ma0 (610) is 0, d101 is selected, and when it is 1, ma2_ff_out72 is selected.
  • the logical sum circuit 105 generates the enable 106 of the FE 107 (logical sum of en102 and copy_ff_ma0 (610)).
  • the multiplexer MUX 109 generates copy data ma0_ff_out70 from MA0 to MA1.
  • en102 is 0, the output data q108 of the FE 107 is selected, and when it is 1, d101 is selected.
  • the internal configuration of MA1 is the same as MA0.
  • ma0_ff_out70 becomes FE output data q108 when en102 is 0, and becomes d101 when en102 is 1, and becomes data held by the FE 107 in the next cycle.
  • copy_ff_ma1) 1, which coincides with the data held in FE 107 of MA0 in the next cycle.
  • FIG. 10 is a timing chart of FF copying from the triple logic circuit MA0 to MA1 in the first embodiment.
  • FF is a 4-bit enabled register.
  • the FF input data d, the FF output data q, and the FF copy data ma0_ff_out are expressed as 4-bit binary numbers.
  • clk the FF input data d, enable en, and output data q do not match between MA0 and MA1.
  • the FF copy control signal copy_ff_ma1 from MA0 to MA1 is asserted in a cycle in which clk is 2.
  • FIG. 11 is a timing chart of copying failure due to one-cycle copying.
  • FIG. 12 is a timing chart of successful copying by multiple cycle copying. Since there are two FFs that do not perform FF copying before the fourth stage FF with enable, the arrival of correct data is delayed by two cycles. Therefore, FF copying is performed in 3 cycles with 2 cycles added. By doing so, it becomes possible to copy only a part of the FFs and normalize the entire FFs.
  • the logic circuits MA0 (10), MA1 (11), and MA2 (12) in FIG. 8 copied only the FF (FE) with enable and did not copy the FF (F) without enable. FF copying may be effective.
  • a copy cycle until the entire FF is made normal can be shortened by configuring the FF in the middle to be copied. For example, when 100 stages of FFs are connected, if copying is not performed at all, 100 cycles are required until correct data is output from the 100th stage of FFs. Halve to 51 cycles.
  • an embodiment in which the non-enable FF is copied is also conceivable.
  • ERRNGG40, PTFCFG50, and FFCOPY60 are doubled and the respective output signals are compared to detect a failure is also conceivable. Since ERRMNG 40, PTFCFG 50, and FFCOPY 60 are also made of FPGA user logic circuits, there is a possibility that the logic circuits may fail due to CRAM soft errors.
  • both logic circuits When one of the duplicated logic circuits is the main logic circuit and the other is the auxiliary logic circuit, the outputs of both logic circuits are compared, and if they match, the output of the main logic circuit is used. If an error occurs, both logic circuits can be partially reconfigured and restarted by initialization. Since all of ERRMNG40, PTRCFG50, and FFCOPY60 are not large in circuit scale, the time required for partial reconfiguration is not large. Therefore, when a failure is detected in these circuits, these functions are stopped, and partial reconfiguration is performed. Let it resume.

Abstract

In this programmable device, which has a dynamic component reconfiguration function: a logical circuit is triplexed and a majority decision is performed; when an error is detected, local reconfiguration of the failed logical circuit is performed; resource consumption of wires and duplication logical cells of a sequential circuit is suppressed; all the sequential circuits are updated to correct data; and the triplexing is restored. To achieve same, a means is provided that is configured in a manner so as to output a subset of FF input data in each logical circuit as data for duplication to another logical circuit and to select data for duplication from another logical circuit and input data of the selfsame means, and that reloads into CRAM and repairs logical circuit information for which a failure is determined when an error is detected in the majority decision process, applies a cycle count set uniquely to the logical circuits to perform duplication of the FF configured in a manner able to be duplicated, and restores the triplexing when the duplication is complete.

Description

プログラマブルデバイスProgrammable device
 本発明は、製造後にユーザによって内部論理回路を定義・変更できるプログラマブルデバイスに適用して有効な技術に関する。 The present invention relates to a technique effective when applied to a programmable device in which an internal logic circuit can be defined and changed by a user after manufacture.
 家電製品、AV機器、携帯電話、自動車、産業機械等の機器には、専用LSI(ASIC)が数多く使用されているが、機器の高性能化・高機能化・小型化・低消費電力化・低コスト化に欠かせない重要な部品である。近年半導体プロセスの微細化により開発費が高騰し、ASICの開発が困難になってきている。内部論理回路が固定のASICに対し、ユーザによって内部論理回路を定義・変更できるプログラマブルデバイスであるFPGA(Field Programmable Gate Array)はASICと比べると製品価格は高いが開発費が安価であるため、特に少量多品種の開発が主体となる産業機器においてはFPGAの活用が期待されている。FPGAの論理回路情報は外部のフラッシュROMに保持されており、FPGAに電源が投入されると論理回路情報が内部のCRAM(コンフィギュレーションRAM)にロードされ、FPGAは論理回路が決定し動作を開始する。しかしながら、宇宙線の影響によりCRAMにソフトエラーが発生して論理回路情報が書き変わり、論理回路が誤った機能に変更(故障)して誤動作するという課題があった。 Many devices such as home appliances, AV equipment, mobile phones, automobiles, and industrial machines use dedicated LSIs (ASICs), but these devices have higher performance, higher functionality, smaller size, lower power consumption, It is an important part that is indispensable for cost reduction. In recent years, development costs have increased due to miniaturization of semiconductor processes, making it difficult to develop ASICs. FPGA (Field Programmable Gate Array), which is a programmable device that allows the user to define and change the internal logic circuit, is more expensive than ASIC, but the development cost is low, especially for ASIC with fixed internal logic circuit. Utilization of FPGA is expected in industrial equipment that mainly develops a small variety of products. The logic circuit information of the FPGA is held in an external flash ROM. When power is turned on to the FPGA, the logic circuit information is loaded into the internal CRAM (configuration RAM), and the FPGA determines the logic circuit and starts operation. To do. However, there is a problem that a soft error occurs in the CRAM due to the influence of cosmic rays and the logic circuit information is rewritten, and the logic circuit is changed to a wrong function (failed) and malfunctions.
 論理回路が故障しても出力を誤らなくする方法として3重化がある。3重化した論理回路の出力を多数決処理して、結果が2対1になったときには2つが一致する方の結果を選択する。一致しない結果を出力した論理回路は故障しているとみなし動作を停止させる。このような3重化は非修理系3重化と呼ばれる。論理回路を非修理系3重化の設計とすることはFPGAのソフトエラー対策にある程度有効であるが、1つの論理回路が故障してしまうと、もはや多数決処理は行えず、2つの論理回路のうちどちらかが故障すると、出力の誤りを防ぐことはできない。 There is a triple as a method of preventing an output error even if a logic circuit fails. The majority of the output of the triple logic circuit is processed, and when the result becomes 2 to 1, the result of which the two match is selected. The logic circuit that outputs a result that does not match is regarded as a failure and stops its operation. Such triplet is called non-repair triplet. Designing a non-repair triple circuit as a logic circuit is effective to some extent against FPGA soft error countermeasures. However, if one logic circuit fails, majority processing can no longer be performed. If one of them fails, an output error cannot be prevented.
 最新のFPGAには動的部分再構成機能を有するものがあり、論理回路情報の一部を動作中に外部のフラッシュROMからCRAMに再ロードすることができる。この機能を利用すれば、3重化した論理回路の出力が2対1に分かれた場合に、一致しない出力を出した論理回路が故障しているとみなして、CRAMにあるその論理回路情報を再ロードして、故障した論理回路を修理することができる。論理回路が修理されても、順序回路であるFF(フリップフロップ)が保持するデータは正常な論理回路と一致するとは限らない。そこで、修理した論理回路のFFに正常な論理回路の同じ位置のFFからデータを複写して一致させる方法が考えられる。 Some of the latest FPGAs have a dynamic partial reconfiguration function, and a part of logic circuit information can be reloaded from an external flash ROM to CRAM during operation. If this function is used, when the output of the triple logic circuit is divided into two-to-one, it is considered that the logic circuit that has output that does not match is faulty, and the logic circuit information in the CRAM is It can be reloaded to repair a failed logic circuit. Even if the logic circuit is repaired, the data held by the sequential circuit FF (flip-flop) does not always match the normal logic circuit. Therefore, a method of copying and matching data from the FF at the same position of the normal logic circuit to the FF of the repaired logic circuit can be considered.
 特開2011-216020号公報(特許文献1)には、動的部分再構成機能を有するFPGAにおいて、論理回路を3重化して多数決処理を行い、誤りを検出するとFPGAの未使用部分に代わりの論理回路を構成し、その新たに構成した論理回路の全てのFFに正常な論理回路の全てのFFから1サイクルでデータを複写する方法が開示されている。このように故障した論理回路を修理できる3重化は修理系3重化と呼ばれる。修理系3重化は論理回路が故障しても修理して元の3重化を復旧できるため、非修理系3重化より高い信頼性を得ることができる。 Japanese Unexamined Patent Application Publication No. 2011-2116020 (Patent Document 1) discloses that in an FPGA having a dynamic partial reconfiguration function, a logic circuit is tripled and majority processing is performed, and when an error is detected, an unused portion of the FPGA is replaced. A method is disclosed in which a logic circuit is configured and data is copied in one cycle from all FFs of a normal logic circuit to all FFs of the newly configured logic circuit. Such a triple that can repair a failed logic circuit is called a repair triple. In the repair system triple, even if a logic circuit breaks down, it can be repaired and the original triple can be restored, so that higher reliability can be obtained than the non-repair system triple.
特開2011-216020号公報JP 2011-216002 A
 特許文献1に開示される上記方法は、修理対象の論理回路の全てのFFを複写対象としている。実施例ではイネーブル無しFFの複写が記載されており、FFの入力データを3重化している他の論理回路に複写データとして出力し、出力先のFFの入力部で自身の論理回路の入力データと選択するようにして、通常は自身の入力データを選択し、複写時には他の論理回路からの複写データを選択するようにしている。また、FFにはイネーブル付きのタイプがあり、特許文献1には開示されていないが、イネーブルが0の場合は現在保持している信号を複写し、イネーブルが1の場合には入力データを複写する必要がある。全てのFFを複写対象にすると、複写データを生成する論理回路およびFF間の配線がFFの個数分必要になり、FPGAの論理セルと配線のリソースを消費して実装効率を悪化させ、最大ディレイと消費電力が増加するという問題があった。 In the above method disclosed in Patent Document 1, all FFs of a logic circuit to be repaired are to be copied. In the embodiment, copying of FFs without enable is described, the input data of the FF is output as copy data to another tripled logic circuit, and the input data of its own logic circuit at the input unit of the output destination FF In general, the input data of itself is selected, and the copy data from another logic circuit is selected at the time of copying. Also, FF has a type with enable, which is not disclosed in Patent Document 1, but when the enable is 0, the currently held signal is copied, and when the enable is 1, the input data is copied. There is a need to. If all the FFs are to be copied, the logic circuit for generating the copy data and the wiring between the FFs are required for the number of FFs, which consumes the logic cells and wiring resources of the FPGA and deteriorates the mounting efficiency, and the maximum delay. There was a problem that power consumption increased.
 本発明の目的は、FPGAの論理セルと配線のリソースの消費を抑えて、FPGAの修理系3重化を実現する技術を提供することにある。 An object of the present invention is to provide a technology for realizing a triple repair system of an FPGA while suppressing the consumption of the logic cells and wiring resources of the FPGA.
 上記課題を解決するために本発明では、電源が投入されると外部の記憶媒体に保持された論理回路情報を内部のコンフィギュレーションメモリにロードして論理回路を構成して動作を開始し、かつ動作中に論理回路情報の一部を外部の記憶媒体から再ロードする動的部分再構成機能を有するプログラマブルデバイスを、3重化した論理回路と、前記3重化した論理回路の出力を多数決して出力するとともに、出力が不一致となった論理回路を特定するエラー信号を出力する多数決回路と、前記3重化した論理回路のそれぞれにおいて、一部の順序回路の入力データを他の2つのいずれかの論理回路に複写データとして出力するとともに、他の論理回路からの複写データと自身の論理回路で生成したデータを選択して前記順序回路に入力するように構成された複写回路と、前記エラー信号を入力して、前記部分再構成機能によりエラーを発生した前記論理回路の前記コンフィギュレーションメモリ上の論理回路情報を上書きする部分再構成を実行するエラー制御回路と、エラーを発生した前記論理回路の部分再構成後に、エラーを発生した前記論理回路に正常に動作している論理回路から順序回路を、前記複写回路を接続しない順序回路の多段階数に応じた複数の複写サイクルを掛けて複写する制御を実行する順序回路複写制御回路を備えて構成した。 In order to solve the above problems, in the present invention, when power is turned on, logic circuit information held in an external storage medium is loaded into an internal configuration memory, a logic circuit is configured, and an operation is started. A programmable device having a dynamic partial reconfiguration function for reloading a part of logic circuit information from an external storage medium during operation, a triple logic circuit, and a large number of outputs of the triple logic circuit In each of the majority circuit that outputs an error signal that identifies a logic circuit that outputs a mismatch and the triple logic circuit, the input data of some sequential circuits is one of the other two Is output to the logic circuit as copy data, and the copy data from another logic circuit and the data generated by the own logic circuit are selected and input to the sequential circuit. A copy circuit configured as described above, and error control for executing partial reconfiguration by inputting the error signal and overwriting logic circuit information on the configuration memory of the logic circuit in which an error has occurred by the partial reconfiguration function After partial reconfiguration of the circuit and the logic circuit in which an error has occurred, the sequential circuit from the logic circuit that is operating normally to the logic circuit in which the error has occurred is changed to a multistage number of sequential circuits that are not connected to the copy circuit. A sequential circuit copy control circuit for executing control for copying by applying a plurality of corresponding copy cycles is provided.
 また、上記課題を解決するために本発明では、前記プログラマブルデバイスにおいて、前記複写回路が、前記3重化した論理回路のそれぞれにおいて、一部の順序回路への入力データ、または出力データを選択して他の2つのいずれかの論理回路に複写データとして出力するとともに、他の論理回路からの複写データと自身の論理回路で生成したデータを選択して前記順序回路に入力するように構成されていることを特徴とする。 In order to solve the above problems, according to the present invention, in the programmable device, the copy circuit selects input data or output data to some sequential circuits in each of the triple logic circuits. Output to one of the other two logic circuits as copy data, and select the copy data from the other logic circuit and the data generated by its own logic circuit and input to the sequential circuit. It is characterized by being.
 また、上記課題を解決するために本発明では、前記プログラマブルデバイスの前記3重化した論理回路のそれぞれにおいて、前記複写回路を接続しない順序回路の多段階数に応じた複写サイクル数が許容値を超えないようにするために、多段に連続した前記複写回路を接続しない順序回路の列の途中の順序回路に、前記複写回路を接続して、全ての順序回路の複写に要する複写サイクル数を抑えたことを特徴とする。 In order to solve the above-described problem, in the present invention, in each of the triple logic circuits of the programmable device, the number of copy cycles corresponding to the multi-stage number of sequential circuits not connected to the copy circuit has an allowable value. In order not to exceed this, the copy circuit is connected to a sequential circuit in the middle of a sequence circuit sequence not connected to the multi-stage continuous copy circuit, thereby reducing the number of copy cycles required for copying all the sequential circuits. It is characterized by that.
 本発明のプログラマブルデバイスでは、3重化した論理回路のそれぞれにおいて、順序回路の一部に複写回路を接続して、前記複写回路を接続しない順序回路の多段階数に応じた複数の複写サイクルを掛けて全ての順序回路を複写する順序回路更新手段を備えることにより、従来方式と比べて少ない論理セルと配線リソースで実現できるため、FPGAの実装効率が改善し、最大ディレイと消費電力の増加を軽減できる。 In the programmable device of the present invention, in each of the triple logic circuits, a copy circuit is connected to a part of the sequential circuit, and a plurality of copy cycles corresponding to the number of stages of the sequential circuit not connected to the copy circuit is performed. By providing the sequential circuit update means for copying all the sequential circuits, it can be realized with fewer logic cells and wiring resources than the conventional method, so that the mounting efficiency of the FPGA is improved, and the maximum delay and the increase in power consumption are improved. Can be reduced.
本発明を適用した第1の実施例で、動的部分再構成機能を有するFPGAにおいて、論理回路を3重化して多数決処理を行い、故障した論理回路のCRAMの再ロードによる修理と、修理した論理回路の一部のFFに他の論理回路からデータを複写可能に構成した修理系3重化論理回路のブロック図である。In the first embodiment to which the present invention is applied, in the FPGA having a dynamic partial reconfiguration function, the logic circuit is duplicated and majority processing is performed, and the repair of the failed logic circuit by reloading the CRAM is performed. It is a block diagram of a repair system triple logic circuit configured to be able to copy data from another logic circuit to some FFs of the logic circuit. 実施例1における多数決回路の等価論理図である。FIG. 3 is an equivalent logic diagram of the majority circuit in the first embodiment. 実施例1における多数決回路の真理値表である。3 is a truth table of the majority circuit in the first embodiment. 実施例1におけるエラー制御回路の処理フローチャートである。3 is a process flowchart of an error control circuit according to the first exemplary embodiment. 実施例1における3重化論理回路MAのエラー処理のフローチャートである。3 is a flowchart of error processing of a triple logic circuit MA according to the first embodiment. 実施例1における論理回路MA1のエラー処理のタイミングチャートである。3 is a timing chart of error processing of the logic circuit MA1 according to the first embodiment. 順序回路のFFの型の分類図である。It is a classification | category figure of the type | mold of FF of a sequential circuit. 実施例1における3重化論理回路MAとFF複写制御回路(FFCOPY)のブロック図である。2 is a block diagram of a triple logic circuit MA and an FF copy control circuit (FFCOPY) in Embodiment 1. FIG. 実施例1における3重化論理回路MA0からMA1へのFF複写回路の構成図である。2 is a configuration diagram of an FF copying circuit from a triple logic circuit MA0 to MA1 in Embodiment 1. FIG. 実施例1における3重化論理回路MA0からMA1へのFF複写のタイミングチャートである。3 is a timing chart of FF copying from a triple logic circuit MA0 to MA1 in the first embodiment. 複写失敗のタイミングチャートの例である。It is an example of a timing chart of copying failure. 複写成功のタイミングチャートの例である。It is an example of a timing chart of successful copying.
 以下、図面を参照しながら、実施の形態について詳細に説明する。 Hereinafter, embodiments will be described in detail with reference to the drawings.
 図1は本発明を適用した第1の実施例を示し、動的部分再構成機能を有するFPGAにおいて、論理回路を3重化して多数決処理を行い、故障した論理回路のCRAMへの再ロードによる修理と、修理した論理回路の一部のFFに他の論理回路からデータを複写可能に構成した修理系3重化論理回路のブロック図である。 FIG. 1 shows a first embodiment to which the present invention is applied. In an FPGA having a dynamic partial reconfiguration function, a logic circuit is tripled and majority processing is performed, and a failed logic circuit is reloaded into a CRAM. FIG. 3 is a block diagram of a repair-type triple logic circuit configured to be able to copy data from another logic circuit to a repair and a part of the FF of the repaired logic circuit.
 FPGA1は論理回路情報が外部のフラッシュROM(FR)2に保持されており、FPGA1に電源が投入されると論理回路情報がCRAM4にロードされ、FPGA1は論理回路が決定し動作を開始する。
  FPGA1の内部はユーザ論理回路3、CRAM4、CRAMアクセスインタフェース回路(CRAM_ACC_IF)5から構成される。ユーザ論理回路3には3種類の論理回路MA,MB,MCがあり、それぞれ3重化されている。MAはMA0(10),MA1(11),MA2(12)に3重化され、入力信号INAをそれぞれ処理して、出力13,14,15が多数決回路V16(VはVoterの略)で多数決処理されて出力信号OUTAとなり、エラー発生時のエラー信号18がエラー制御回路ERRMNG40に入力される。論理回路MBはMB0(20),MB1(21),MB2(22)に3重化され、入力信号INBをそれぞれ処理して、出力23,24,25が多数決回路V26で処理されて出力信号27となり、エラー信号28がERRMNG40に入力される。論理回路MCはMC0(30),MC1(31),MC2(32)に3重化され、信号27をそれぞれ処理して、出力33,34,35が多数決回路V36で処理されて出力信号OUTCとなり、エラー信号38がERRMNG40に入力される。 The logic circuit information of the FPGA 1 is held in an external flash ROM (FR) 2. When the FPGA 1 is powered on, the logic circuit information is loaded into the CRAM 4, and the logic circuit of the FPGA 1 is determined and started.
The FPGA 1 includes a user logic circuit 3, a CRAM 4, and a CRAM access interface circuit (CRAM_ACC_IF) 5. The user logic circuit 3 includes three types of logic circuits MA, MB, and MC, each of which is tripled. MA is tripled into MA0 (10), MA1 (11), and MA2 (12), processes the input signal INA, and outputs 13, 14, and 15 are majority determined by the majority circuit V16 (V is an abbreviation for Voter). The output signal OUTA is processed, and the error signal 18 at the time of occurrence of the error is input to the error control circuit ERRNG40. The logic circuit MB is tripled into MB0 (20), MB1 (21), and MB2 (22), processes the input signal INB, and outputs 23, 24, and 25 are processed by the majority circuit V26 to output the output signal 27. Thus, the error signal 28 is input to the ERRNG 40. The logic circuit MC is tripled to MC0 (30), MC1 (31), MC2 (32), processes the signal 27, and outputs 33, 34, 35 are processed by the majority circuit V36 to become an output signal OUTC. The error signal 38 is input to the ERRNG 40.
 ERRMNG40はエラー信号18,28,38にエラーがあることを検出すると、部分再構成制御回路PTRCFG50に故障した論理回路の部分再構成を要求する(41)。CRAM4は3重化された論理回路MA0,MA1,MA2,MB0,MB1,MB2,MC0,MC1,MC2および、多数決回路V、エラー制御回路ERRMNG、部分再構成制御回路PTRCFG、FF複写制御回路FFCOPYの論理回路情報を記憶する領域が分かれている。 ERRMNG 40, when detecting that there is an error in error signals 18, 28, 38, requests partial reconfiguration of the failed logic circuit to partial reconfiguration control circuit PTRCFG50 (41). CRAM 4 includes triple logic circuits MA0, MA1, MA2, MB0, MB1, MB2, MC0, MC1, MC2, and majority circuit V, error control circuit ERRMNG, partial reconfiguration control circuit PTRCFG, and FF copy control circuit FFCOPY. An area for storing logic circuit information is divided.
 PTRCFG50はCRAM_ACC_IF5に故障した論理回路の情報が記憶されているFR2のアドレス領域とCRAM4のアドレス領域を指定し、FR2からCRAM4への再ロードを要求する(51)。CRAM_ACC_IF5は要求51に従い、FR2にアドレスを出力して(6)、論理回路情報を読み出し(7)、CRAM4にアドレスと論理回路情報を出力して上書きを行う(8)。再ロードが終了すると、CRAM_ACC_IF5は終了信号9をPTRCFG50に出力し、PTRCFG50は終了信号52をERRMNG40に出力する。ERRMNG40はFF複写制御回路FFCOPY60に修理した論理回路のFF複写を要求する(42)。FFCOPY60は要求42に従い、故障した論理回路のFF複写を実行する。61はMAの複写制御信号、62はMBの複写制御信号、63はMCの複写制御信号である。複写が終了すると、FFCOPY60は終了信号64を出力し、ERRMNG40はエラーを検出した論理回路の修理が完了したことを認識する。修理した論理回路が正常に動作しているならば、多数決回路のエラー出力は無くなるはずである。もし同じ論理回路からエラーが出力されるならCRAMのソフトエラーではなく、論理回路のハード故障が疑われる。ERRMNG40は修理後にエラーが無くなるかを確認し、無くならない場合は外部にエラー信号ERRを出力し、システムに異常を通知する。ERRMNG40はエラー発生の情報を記録するレジスタあるいはメモリを有することもできる。記憶する情報としては、エラーを発生したモジュールの識別子、エラーの発生回数、エラーの発生タイミングなどが考えられる。 PTRCFG 50 designates the address area of FR2 and CRAM4 where the information of the failed logic circuit is stored in CRAM_ACC_IF5, and requests reloading from FR2 to CRAM4 (51). The CRAM_ACC_IF 5 outputs an address to the FR 2 in accordance with the request 51 (6), reads the logic circuit information (7), outputs the address and the logic circuit information to the CRAM 4 and performs overwriting (8). When the reloading is completed, the CRAM_ACC_IF 5 outputs an end signal 9 to the PTRCFG 50, and the PTFRFG 50 outputs an end signal 52 to the ERRNG 40. ERRMNG 40 requests the FF copy control circuit FFCOPY 60 to make an FF copy of the repaired logic circuit (42). The FFCOPY 60 executes FF copying of the failed logic circuit in accordance with the request 42. 61 is an MA copy control signal, 62 is an MB copy control signal, and 63 is an MC copy control signal. When copying is completed, the FFCOPY 60 outputs an end signal 64, and the ERRMNG 40 recognizes that the repair of the logic circuit that detected the error has been completed. If the repaired logic circuit is operating normally, the majority circuit error output should disappear. If an error is output from the same logic circuit, it is not a CRAM soft error but a logic circuit hardware failure is suspected. ERRMNG 40 confirms whether the error disappears after the repair, and if it does not disappear, outputs an error signal ERR to notify the system of the abnormality. The ERRMNG 40 may have a register or a memory for recording information on the occurrence of an error. As information to be stored, an identifier of a module in which an error has occurred, the number of times an error has occurred, an error occurrence timing, and the like can be considered.
 図2は実施例1における多数決回路Vの等価論理図である。vin0,vin1,vin2にはそれぞれ3重化された論理回路の出力信号を入力する。出力信号がNビットある場合には、N個の回路をビットごとに接続する。voutは多数決出力信号、err[1:0]はエラー信号である。 FIG. 2 is an equivalent logic diagram of the majority circuit V in the first embodiment. The output signals of the triple logic circuit are input to vin0, vin1, and vin2, respectively. When the output signal has N bits, N circuits are connected for each bit. vout is a majority output signal, and err [1: 0] is an error signal.
 図3は実施例1における多数決回路Vの真理値表である。入力信号vin0,vin1,vin2はそれぞれ0または1の値をとり、組み合わせは8通りである。多数決出力信号voutは3入力の多い方の値を出力する。エラー信号err[1:0]は3つの入力信号が全て一致する場合には00(エラー無し)、2対1に分かれる場合には一致しない入力信号の識別番号(vin0の場合01、vin1の場合10、vin2の場合11)を出力する。 FIG. 3 is a truth table of the majority circuit V in the first embodiment. The input signals vin0, vin1, and vin2 each take a value of 0 or 1, and there are 8 combinations. The majority output signal vout outputs the larger value of the three inputs. The error signal err [1: 0] is 00 (no error) when all three input signals match, and the input signal identification number that does not match when divided into 2: 1 (in the case of vin0, 01, in case of vin1) 10. When vin2, 11) is output.
 図4は実施例1におけるエラー制御回路ERRMNG40の処理フローチャートである。処理P1において多数決回路(V)16,26,36のエラー信号をチェックする。分岐処理S1において、エラーが無い場合には終了となる。エラーがある場合は分岐処理S2へ移り、MAがエラーの場合はMAのエラー処理(P2)を実行する。MAがエラーでない場合には分岐処理S3へ移り、MBがエラーの場合はMBのエラー処理(P3)を実行する。MBがエラーでない場合にはMCのエラー処理(P4)を実行する。MA,MB,MCの複数がエラーの場合は、MA>MB>MCの優先順位でエラー処理が実行される。 FIG. 4 is a process flowchart of the error control circuit ERRNG 40 in the first embodiment. In process P1, the error signals of the majority circuits (V) 16, 26, and 36 are checked. If there is no error in the branch process S1, the process ends. If there is an error, the process proceeds to branch process S2, and if MA is an error, MA error process (P2) is executed. If MA is not an error, the process proceeds to branch process S3. If MB is an error, MB error process (P3) is executed. If the MB is not an error, MC error processing (P4) is executed. If a plurality of MAs, MBs, and MCs are in error, error processing is executed with a priority order of MA> MB> MC.
 図5は実施例1における3重化論理回路MAのエラー処理のフローチャートである。処理P20において多数決回路(V)16のエラー信号18をチェックする。分岐処理S20においてMA0がエラーの場合は処理P21でMA0を部分再構成し、処理P22でMA0のFFをMA2より複写する。MA0がエラーでない場合には分岐処理S21へ移り、MA1がエラーの場合は処理P23でMA1を部分再構成し、処理P24でMA1のFFをMA0より複写する。MA1がエラーでない場合には処理P25でMA2を部分再構成し、処理P26でMA2のFFをMA1より複写する。 FIG. 5 is a flowchart of error processing of the triple logic circuit MA in the first embodiment. In process P20, the error signal 18 of the majority circuit (V) 16 is checked. If MA0 is an error in branch processing S20, MA0 is partially reconfigured in process P21, and FF of MA0 is copied from MA2 in process P22. If MA0 is not an error, the process proceeds to branch process S21. If MA1 is an error, MA1 is partially reconfigured in process P23, and FF of MA1 is copied from MA0 in process P24. If MA1 is not an error, MA2 is partially reconstructed in process P25, and the FF of MA2 is copied from MA1 in process P26.
 図6は実施例1におけるMA1のエラー処理のタイミングチャート例である。クロックclkが1のサイクルでは、MA0,MA1,MA2の論理回路情報(CRAM)は正常であるとする。ユーザ論理回路(MA0,MA1,MA2)は正常に動作し、多数決回路(V)の入力は一致するため、voutは正常でerrはエラー無しとなる。
  クロックclkが4のサイクルで、CRAM上のMA1の論理回路情報にソフトエラーが発生して故障(情報のエラー)すると、MA1の論理回路が故障(機能のエラー)して誤動作となる。
  クロックclkが7のサイクルで誤動作の影響が出力に現れると、多数決回路の入力はMA0とMA2が一致し、MA1が他と不一致となるため、voutにはMA0およびMA2の出力を正常な値とみなして出力し、errにはMA1がエラーであることを出力する。
  ERRMNG40はPTRCFG50にMA1の再構成を要求する(clk=10)。
  PTRCFG50はCRAM_ACC_IF5に要求を出し、MA1の論理回路情報を外部のフラッシュROM2からCRAM4にロードさせる。論理回路情報のロードに要する時間(再構成時間)は、MA1の回路規模に依存するが、本実施例では1200clk要するとする。
  ロードが完了すると(clk=1215)、ERRMNG40はFFCOPY60にFF複写を要求し、FFCOPY60は修理された論理回路MA1のFF複写を実行する(clk=1220)。状態故障(ゲートや配線(回路)は正しく直ったが、FFの値は間違っている状態)していたMA1が正常になったため、多数決回路の入力は一致するようになりerrはエラー無しとなる。 FIG. 6 is a timing chart example of MA1 error processing in the first embodiment. It is assumed that the logic circuit information (CRAM) of MA0, MA1, and MA2 is normal in the cycle in which the clock clk is 1. Since the user logic circuits (MA0, MA1, MA2) operate normally and the inputs of the majority circuit (V) match, vout is normal and err is error free.
If a soft error occurs in the MA1 logic circuit information on the CRAM in the cycle where the clock clk is 4 and a failure occurs (information error), the MA1 logic circuit fails (function error) and malfunctions.
If the influence of the malfunction appears in the output with the clock clk being 7 cycles, the inputs of the majority circuit match MA0 and MA2, and MA1 does not match the others, so the outputs of MA0 and MA2 are set to normal values for vout. It is assumed that MA1 is in error and is output to err.
ERRMNG 40 requests PTRCFG 50 to reconfigure MA1 (clk = 10).
The PTFCFG 50 issues a request to the CRAM_ACC_IF 5 to load the logic circuit information of MA1 from the external flash ROM 2 into the CRAM 4. The time required for loading the logic circuit information (reconfiguration time) depends on the circuit scale of MA1, but it is assumed that 1200 clk is required in this embodiment.
When the loading is completed (clk = 1215), ERRMNG 40 requests the FFCOPY 60 from the FFCOPY 60, and the FFCOPY 60 executes the FF copy of the repaired logic circuit MA1 (clk = 1220). Since MA1 that was in a state failure (gate and wiring (circuit) corrected correctly, but FF value is incorrect) became normal, the majority circuit inputs matched and err was error free. .
 クロックclkが1302のサイクルで、CRAM上のMA2の論理回路情報にソフトエラーが発生して故障すると、MA2の論理回路が故障して誤動作となる。clkが1305のサイクルで誤動作の影響が出力に現れると、多数決回路の入力はMA0とMA1が一致し、MA2が他と不一致となるため、voutにはMA0およびMA1の出力を正常な値とみなして出力し、errにはMA2がエラーであることを出力する。MA1の場合と同様に、部分再構成とFF複写によってMA2の修理が実行される。以上のように修理系3重化は故障した論理回路を修理して3重化を復旧させることによって、2つの論理回路が同時に故障することを防いでいる。 When the clock clk is 1302 and a software error occurs in the MA2 logic circuit information on the CRAM and fails, the MA2 logic circuit fails and malfunctions. When the influence of malfunction appears in the output with the cycle of clk 1305, MA0 and MA1 match the inputs of the majority circuit, and MA2 does not match the others, so the outputs of MA0 and MA1 are regarded as normal values for vout. And that err is output that MA2 is an error. As in the case of MA1, MA2 is repaired by partial reconstruction and FF copying. As described above, the repair system triple prevents the two logic circuits from failing at the same time by repairing the failed logic circuit and restoring the triple.
 本発明の特徴であるFFの部分複写の説明をする前に、図7を用いて順序回路であるFFの型について説明する。
  (1)フリーランカウンタはリセット入力(rst)付きのNビットのFFで、rstで全ビット0に初期化され、rstが解除されるとクロックclkが入力されるごとに1ずつカウントアップする。フリーランカウンタは、出力データqをインクリメンタで1加算し、FFの入力データdとする。出力データqが入力データdを決定するフィードバックループを形成しており、FFを更新するためにはFF複写が必須である。
  (2)ステートマシンは現在のステートであるFFの出力データqと入力iにより組合わせ回路Cにおいて次のステートdが決まる。ステートマシンでは、FFの出力データqが入力データdを決定するフィードバックループを形成しており、FFを更新するためにはFF複写が必須である。
  (3)イネーブル無しレジスタはフィードバックループを形成しないデータの一時記憶回路である。FFの入力データdが1クロックサイクル遅れで出力データqとなる。この型はFFの出力データqが入力データdに影響を与えず、dが正常になれば次のサイクルでqが正常となるためFF複写の必要性は低い。ただし、この型のFFが多段に接続されている場合には、初段のFFの入力が正常になってから最終段のFFの出力が正常になるまでにFFの段数分のサイクルが必要であることを考慮しなくてはならない。
  (4)イネーブル付きレジスタはイネーブルenが1の場合の入力データdが1クロック遅れで出力データqとなる。この型はFFの出力データqが入力データdに影響を与えないが、dが正常になってもイネーブルenが1にならないとqが更新されない。FF複写の必要性はenの頻度に依存し、enが1になる頻度が高ければFF複写の必要性は低いが、頻度が低ければその必要性は高い。 Before describing the partial copying of the FF, which is a feature of the present invention, the type of the FF that is a sequential circuit will be described with reference to FIG.
(1) The free-run counter is an N-bit FF with a reset input (rst) and is initialized to all 0s by rst. When rst is released, the free-run counter is incremented by 1 every time the clock clk is input. The free-run counter adds 1 to the output data q by an incrementer to obtain FF input data d. The output data q forms a feedback loop for determining the input data d, and FF copying is essential to update the FF.
(2) In the state machine, the next state d is determined in the combinational circuit C by the output data q of the FF which is the current state and the input i. In the state machine, the output data q of the FF forms a feedback loop that determines the input data d, and FF copying is essential to update the FF.
(3) The non-enable register is a temporary storage circuit for data that does not form a feedback loop. The input data d of the FF becomes output data q with a delay of one clock cycle. In this type, the output data q of the FF does not affect the input data d, and if d becomes normal, q becomes normal in the next cycle, so the necessity for FF copying is low. However, when this type of FF is connected in multiple stages, a cycle corresponding to the number of FF stages is required from when the input of the first stage FF becomes normal until the output of the final stage FF becomes normal. You have to consider that.
(4) In the register with enable, the input data d when the enable en is 1 becomes the output data q with a delay of 1 clock. In this type, the output data q of the FF does not affect the input data d, but q is not updated unless enable en becomes 1 even if d becomes normal. The need for FF copying depends on the frequency of en. The need for FF copying is low if the frequency at which en becomes 1 is high, but the need is high if the frequency is low.
 本発明では、(1)フリーランカウンタと(2)ステートマシンはFF複写を必須とし、(3)と(4)のレジスタは、許容できるサイクル時間内に正常な入力dが書き込まれる可能性が低い個所だけ複写を行うようにする。論理回路の一部のFFを複写して正常にし、その他のFFはサイクルの経過によって入力が正常になり、それが書き込まれて正常化するまで待つ。 In the present invention, (1) the free-run counter and (2) the state machine require FF copying, and the registers (3) and (4) may be written with a normal input d within an allowable cycle time. Copy only at low points. A part of the FFs of the logic circuit are copied to normalize, and the other FFs wait until the input becomes normal as the cycle progresses and is written and normalized.
 図8は実施例1における3重化論理回路MAとFF複写制御回路(FFCOPY)のブロック図である。論理回路MA0(10),MA1(11),MA2(12)において、Fはイネーブル無しレジスタ、FEはイネーブル付きレジスタである。Cは組み合わせ回路である。この実施例では1段目と4段目のFFを複写し、2段目と3段目のFFは複写しない。70はMA0からMA1への複写データ、71はMA1からMA2への複写データ、72はMA2からMA0への複写データである。FFCOPY60はエラー制御回路ERRMNG40からのFF複写要求42に従い、故障した論理回路のFF複写を実行する。610はMA0のFF複写制御、611はMA1のFF複写制御、612はMA2のFF複写制御である。図1におけるMAの複写制御信号61は、610,611,612の3本を束ねたものである。FFCOPY60には複写サイクル設定情報記憶部CPCYC65があり、この記憶情報(サイクル)に従って複写を実行する。CPCYC65記憶情報は定数でも変数(レジスタ設定)でも良い。FFCOPY60はFF複写を実行するとERRMNG40に終了信号64を出力する。 FIG. 8 is a block diagram of the triple logic circuit MA and the FF copy control circuit (FFCOPY) in the first embodiment. In the logic circuits MA0 (10), MA1 (11), and MA2 (12), F is a register without enable and FE is a register with enable. C is a combinational circuit. In this embodiment, the first and fourth FFs are copied and the second and third FFs are not copied. 70 is copy data from MA0 to MA1, 71 is copy data from MA1 to MA2, and 72 is copy data from MA2 to MA0. The FFCOPY 60 executes the FF copy of the failed logic circuit in accordance with the FF copy request 42 from the error control circuit ERRMNG 40. Reference numeral 610 denotes FF copy control of MA0, 611 denotes FF copy control of MA1, and 612 denotes FF copy control of MA2. The MA copy control signal 61 in FIG. 1 is a bundle of three signals 610, 611 and 612. The FFCOPY 60 has a copy cycle setting information storage unit CPCYC 65, and executes copying according to the stored information (cycle). The CPCYC65 stored information may be a constant or a variable (register setting). When FFCOPY 60 executes FF copying, it outputs an end signal 64 to ERRNG 40.
 図9は実施例1における3重化論理回路MA0からMA1へのFF複写回路の構成図である。MA0(10)において、組み合わせ回路100の出力d101とen102は複写回路を付加する前のイネーブル付きFF(FE)107の入力データとイネーブルである。ma2_ff_out72は図示していないMA2からの複写データである。copy_ff_ma0(610)はMA0のFF複写制御信号である。マルチプレクサMUX103はFE107の入力データd_mux104を生成し、copy_ff_ma0(610)が0の場合はd101を選択し、1の場合はma2_ff_out72を選択する。論理和回路105はFE107のイネーブル106を生成する(en102とcopy_ff_ma0(610)の論理和)。マルチプレクサMUX109はMA0からMA1への複写データma0_ff_out70を生成し、en102が0の場合はFE107の出力データq108を選択し、1の場合はd101を選択する。MA1の内部構成はMA0と同じである。 FIG. 9 is a configuration diagram of the FF copying circuit from the triple logic circuit MA0 to MA1 in the first embodiment. In MA0 (10), the outputs d101 and en102 of the combinational circuit 100 are the input data and enable of the FF (FE) 107 with enable before the copying circuit is added. ma2_ff_out72 is copy data from MA2 (not shown). copy_ff_ma0 (610) is an FF copy control signal of MA0. The multiplexer MUX 103 generates the input data d_mux 104 of the FE 107. When copy_ff_ma0 (610) is 0, d101 is selected, and when it is 1, ma2_ff_out72 is selected. The logical sum circuit 105 generates the enable 106 of the FE 107 (logical sum of en102 and copy_ff_ma0 (610)). The multiplexer MUX 109 generates copy data ma0_ff_out70 from MA0 to MA1. When en102 is 0, the output data q108 of the FE 107 is selected, and when it is 1, d101 is selected. The internal configuration of MA1 is the same as MA0.
 MA0からMA1へのFF複写を実行すると、copy_ff_ma0=0,copy_ff_ma1=1となる。MA0においては、FE107の入力データd_mux104=d101,イネーブル106=en102となり、通常通りの動作となる。またma0_ff_out70はen102が0の場合はFE出力データq108となり、1の場合はd101となるので、次のサイクルでFE107が保持するデータになる。MA1においては、FE117の入力データd_mux114=ma0_ff_out70,イネーブル116=(en112|copy_ff_ma1)=1となり、次のサイクルでMA0のFE107が保持するデータと一致する。 When FF copying from MA0 to MA1 is executed, copy_ff_ma0 = 0 and copy_ff_ma1 = 1. In MA0, the input data d_mux 104 = d101 of the FE 107 and the enable 106 = en102 are obtained, and the normal operation is performed. Further, ma0_ff_out70 becomes FE output data q108 when en102 is 0, and becomes d101 when en102 is 1, and becomes data held by the FE 107 in the next cycle. In MA1, FE117 input data d_mux 114 = ma0_ff_out70 and enable 116 = (en112 | copy_ff_ma1) = 1, which coincides with the data held in FE 107 of MA0 in the next cycle.
 図10は実施例1における3重化論理回路MA0からMA1へのFF複写のタイミングチャートである。FFは4ビットのイネーブル付きレジスタであるとする。FFの入力データd、FFの出力データq、FF複写データma0_ff_outは4ビットの2進数として表記している。clkが1のサイクルではFFの入力データd、イネーブルen、出力データqがMA0とMA1で一致していない。clkが2のサイクルでMA0からMA1へのFF複写制御信号copy_ff_ma1がアサートされる。MA0においてenが1であるためFF複写データma0_ff_outは入力データd=0101となり、MA0とMA1のFFにデータ0101が書き込まれ、clkが3のサイクルでFFの出力データqがMA0とMA1で一致する。 FIG. 10 is a timing chart of FF copying from the triple logic circuit MA0 to MA1 in the first embodiment. Assume that FF is a 4-bit enabled register. The FF input data d, the FF output data q, and the FF copy data ma0_ff_out are expressed as 4-bit binary numbers. In a cycle where clk is 1, the FF input data d, enable en, and output data q do not match between MA0 and MA1. The FF copy control signal copy_ff_ma1 from MA0 to MA1 is asserted in a cycle in which clk is 2. Since en is 1 in MA0, the FF copy data ma0_ff_out is input data d = 0101, data 0101 is written in the FFs of MA0 and MA1, and the output data q of the FF matches MA0 and MA1 in the cycle of clk 3. .
 図11と図12を用いて複数サイクル複写の必要性について説明する。図11は1サイクル複写による複写失敗のタイミングチャートである。論理回路は図8と同じ4段のFFが接続された構成とし、複写先のFFの信号を示している。clkが1のサイクルで4つのFFは入力および出力が誤っているとする。1段目のイネーブル付きFFは図に示す6サイクルにはイネーブルen1がアサートされない。2段目と3段目はイネーブル無しのFFである。4段目のイネーブル付きFFはclkが1と4のサイクルでイネーブルen4がアサートされる。clkが2のサイクルでFF複写制御信号ff_copyがアサートされると、1段目と4段目のイネーブル付きFFに複写が行われ、clkが3のサイクルで1段目のFFの出力データq1と4段目のFFの出力データq4が正しくなる。このサイクルでは2段目と3段目のイネーブル無しFFの出力データq2,q3は誤っている。clkが4のサイクルでq2が正しくなり、clkが5のサイクルでq3が正しくなる。ところが、clkが4のサイクルで4段目のイネーブル付きFFのイネーブルen4がアサートされてしまい、3段目のFFの誤った出力データq3で生成されたd4を書き込んでしまい、clkが5のサイクルでq4は誤ったデータになってしまう。これを複写失敗と呼ぶ。このようにFFが多段に接続された構成で、前(入力側の接続)に複写を行わないFFが存在すると、自身は複写を実行して出力が正しくなったFFでも、その後の入力データが正しくなるまでにサイクルが必要となることが判る。 The necessity of multi-cycle copying will be described with reference to FIG. 11 and FIG. FIG. 11 is a timing chart of copying failure due to one-cycle copying. The logic circuit has a configuration in which the same four-stage FFs as in FIG. 8 are connected, and shows the signal of the copy destination FF. Assume that the input and output of four FFs are incorrect in the cycle of clk = 1. In the first stage FF with enable, enable en1 is not asserted in the 6 cycles shown in the figure. The second and third stages are FFs without enable. In the fourth stage FF with enable, enable en4 is asserted in a cycle in which clk is 1 and 4. When the FF copy control signal ff_copy is asserted in a cycle in which clk is 2, copying is performed to the first-stage and fourth-stage enabled FFs in a cycle in which clk is 3, and the output data q1 of the first-stage FF in the cycle of 3 The output data q4 of the fourth stage FF becomes correct. In this cycle, the output data q2 and q3 of the second and third stage non-enabled FFs are incorrect. q2 is correct when clk is 4 and q3 is correct when clk is 5. However, the enable en4 of the fourth-stage enabled FF is asserted in the cycle where clk is 4, and d4 generated by the erroneous output data q3 of the third-stage FF is written, so that the cycle where clk is 5 Thus, q4 becomes incorrect data. This is called copying failure. In such a configuration in which FFs are connected in multiple stages, if there is an FF that does not copy before (input-side connection), even if the FF itself has been copied and the output is correct, the subsequent input data is not It turns out that a cycle is required to be correct.
 図12は複数サイクル複写による複写成功のタイミングチャートである。4段目のイネーブル付きFFの前にはFF複写を行わないFFが2段あるので、正しいデータの到着が2サイクル遅れる。そこでFF複写を2サイクル追加した3サイクルで行う。このようにすることで、一部のFFだけを複写して、全体のFFを正常にすることが可能になる。 FIG. 12 is a timing chart of successful copying by multiple cycle copying. Since there are two FFs that do not perform FF copying before the fourth stage FF with enable, the arrival of correct data is delayed by two cycles. Therefore, FF copying is performed in 3 cycles with 2 cycles added. By doing so, it becomes possible to copy only a part of the FFs and normalize the entire FFs.
 図8の論理回路MA0(10),MA1(11),MA2(12)はイネーブル付きFF(FE)だけを複写し、イネーブル無しFF(F)を複写しなかったが、論理回路によってはイネーブル無しFFの複写が有効な場合がある。イネーブル無しFFが多段に接続される論理回路の場合、途中のFFを複写するように構成することで、全体のFFを正常にするまでの複写サイクルを短くできる。例えば、100段のFFが接続されている場合、全く複写を行わなければ正しいデータが100段目のFFから出力されるまでに100サイクルを必要とするが、50段目のFFを複写すれば51サイクルに半減する。このように、イネーブル無しFFを複写するようにした実施例も考えられる。 The logic circuits MA0 (10), MA1 (11), and MA2 (12) in FIG. 8 copied only the FF (FE) with enable and did not copy the FF (F) without enable. FF copying may be effective. In the case of a logic circuit in which FFs with no enable are connected in multiple stages, a copy cycle until the entire FF is made normal can be shortened by configuring the FF in the middle to be copied. For example, when 100 stages of FFs are connected, if copying is not performed at all, 100 cycles are required until correct data is output from the 100th stage of FFs. Halve to 51 cycles. Thus, an embodiment in which the non-enable FF is copied is also conceivable.
 図1において、ERRMNG40,PTRCFG50,FFCOPY60を2重化し、それぞれの出力信号を比較して故障を検出する構成とする実施例も考えられる。ERRMNG40,PTRCFG50,FFCOPY60もFPGAのユーザ論理回路で作られているため、CRAMのソフトエラーによって論理回路が故障する可能性がある。 In FIG. 1, an embodiment in which ERRNGG40, PTFCFG50, and FFCOPY60 are doubled and the respective output signals are compared to detect a failure is also conceivable. Since ERRMNG 40, PTFCFG 50, and FFCOPY 60 are also made of FPGA user logic circuits, there is a possibility that the logic circuits may fail due to CRAM soft errors.
 2重化した一方の論理回路を主の論理回路として、もう一方を補助の論理回路として、両方の論理回路の出力を比較して、一致する場合は、主の論理回路の出力を使用する。エラーが発生したら、両論理回路ともに部分再構成して、初期化することで再開させることができる。ERRMNG40,PTRCFG50,FFCOPY60のいずれも回路規模は大きくないので、部分再構成に要する時間も大きくないため、これらの回路で故障が検出されたらこれらの機能を停止させ、部分再構成を行って動作を再開させる。 When one of the duplicated logic circuits is the main logic circuit and the other is the auxiliary logic circuit, the outputs of both logic circuits are compared, and if they match, the output of the main logic circuit is used. If an error occurs, both logic circuits can be partially reconfigured and restarted by initialization. Since all of ERRMNG40, PTRCFG50, and FFCOPY60 are not large in circuit scale, the time required for partial reconfiguration is not large. Therefore, when a failure is detected in these circuits, these functions are stopped, and partial reconfiguration is performed. Let it resume.
1 FPGA
2 フラッシュROM
3 FPGA内部のユーザ論理回路
4 FPGA内部のコンフィギュレーションRAM
5 FPGA内部のCRAMアクセスインタフェース回路
10,11,12 3重化論理回路MA
20,21,22 3重化論理回路MB
30,31,32 3重化論理回路MC16,26,36 多数決回路
40 エラー制御回路
50 部分再構成制御回路
60 FF複写制御回路
65 複写サイクル設定情報記憶部 1 FPGA
2 Flash ROM
3 User logic circuit inside the FPGA 4 Configuration RAM inside the FPGA
5 FPGA internal CRAM access interface circuit 10, 11, 12 Triple logic circuit MA
20, 21, 22 Triple logic circuit MB
30, 31, 32 Triple logic circuit MC16, 26, 36 Majority circuit 40 Error control circuit 50 Partial reconfiguration control circuit 60 FF copy control circuit 65 Copy cycle setting information storage unit

Claims (8)

  1.  電源が投入されると外部の記憶媒体に保持された論理回路情報を内部のコンフィギュレーションメモリにロードして論理回路を構成して動作を開始し、かつ動作中に論理回路情報の一部を外部の記憶媒体から再ロードする動的部分再構成機能を有するプログラマブルデバイスにおいて、
     3重化した論理回路と、
     前記3重化した論理回路の出力を多数決して出力するとともに、出力が不一致となった論理回路を特定するエラー信号を出力する多数決回路と、
     前記3重化した論理回路のそれぞれにおいて、一部の順序回路の入力データを他の2つのいずれかの論理回路に複写データとして出力するとともに、他の論理回路からの複写データと自身の論理回路で生成したデータを選択して前記順序回路に入力するように構成された複写回路と、
     前記エラー信号を入力して、前記部分再構成機能によりエラーを発生した前記論理回路の前記コンフィギュレーションメモリ上の論理回路情報を上書きする部分再構成を実行するエラー制御回路と、
     エラーを発生した前記論理回路の部分再構成後に、エラーを発生した前記論理回路に正常に動作している論理回路から順序回路を、前記複写回路を接続しない順序回路の多段階数に応じた複数の複写サイクルを掛けて複写する制御を実行する順序回路複写制御回路を有することを特徴とするプログラマブルデバイス。     When the power is turned on, the logic circuit information held in the external storage medium is loaded into the internal configuration memory, the logic circuit is configured to start operation, and part of the logic circuit information is externally output during operation. In a programmable device having a dynamic partial reconfiguration function of reloading from a storage medium of
    A triple logic circuit;
    A majority voting circuit that outputs a large number of outputs of the tripled logic circuit and outputs an error signal that identifies the logic circuit whose output does not match;
    In each of the triple logic circuits, the input data of some sequential circuits are output as copy data to one of the other two logic circuits, and the copy data from other logic circuits and its own logic circuit A copying circuit configured to select and input the data generated in step S to the sequential circuit;
    An error control circuit that inputs the error signal and executes partial reconfiguration that overwrites logic circuit information on the configuration memory of the logic circuit that has generated an error by the partial reconfiguration function;
    After partial reconfiguration of the logic circuit in which an error has occurred, a plurality of sequential circuits from a logic circuit that is operating normally to the logic circuit in which an error has occurred, in accordance with the number of stages in the sequential circuit not connected to the copy circuit A programmable device comprising a sequential circuit copy control circuit for executing a copy control by applying a copy cycle.
  2.  前記複写回路が、前記3重化した論理回路のそれぞれにおいて、一部の順序回路への入力データ、または出力データを選択して他の2つのいずれかの論理回路に複写データとして出力するとともに、他の論理回路からの複写データと自身の論理回路で生成したデータを選択して前記順序回路に入力するように構成されていることを特徴とする請求項1に記載のプログラマブルデバイス。 In each of the triple logic circuits, the copy circuit selects input data to some sequential circuits or output data and outputs it as copy data to one of the other two logic circuits. 2. The programmable device according to claim 1, wherein copy data from another logic circuit and data generated by its own logic circuit are selected and input to the sequential circuit.
  3.  前記3重化した論理回路のそれぞれにおいて、前記複写回路を接続しない順序回路の多段階数に応じた複写サイクル数が許容値を超えないようにするために、多段に連続した前記複写回路を接続しない順序回路の列の途中の順序回路に、前記複写回路を接続して、全ての順序回路の複写に要する複写サイクル数を抑えたことを特徴とする請求項1に記載のプログラマブルデバイス。 In each of the triple logic circuits, in order to prevent the number of copying cycles corresponding to the number of multi-stage sequential circuits not connected to the copying circuit from exceeding an allowable value, the copying circuits connected in multiple stages are connected. 2. The programmable device according to claim 1, wherein the copy circuit is connected to a sequential circuit in the middle of a sequence of sequential circuits to reduce the number of copy cycles required for copying all the sequential circuits.
  4.  請求項1に記載のプログラマブルデバイスにおいて、
     前記順序回路複写制御回路は、順序回路を複写するサイクル数を事前に設定する記憶部を有し、該記憶部から複写サイクル数を読み出して、全ての順序回路を複写する制御を行なうことを特徴とするプログラマブルデバイス。     The programmable device of claim 1, wherein
    The sequential circuit copy control circuit has a storage unit for presetting the number of cycles for copying the sequential circuit, and reads out the number of copy cycles from the storage unit and performs control for copying all the sequential circuits. A programmable device.
  5.  請求項1に記載のプログラマブルデバイスにおいて、
     前記エラー制御回路は更に、前記順序回路複写制御回路が複写を完了した後、前記多数決回路のエラー出力を監視し、エラーが無くならなければ修理が完了していないとみなして外部に異常発生信号を出力することを特徴とするプログラマブルデバイス。     The programmable device of claim 1, wherein
    The error control circuit further monitors the error output of the majority circuit after the sequential circuit copy control circuit completes copying, and if the error does not disappear, considers that repair has not been completed and outputs an abnormality signal to the outside. A programmable device characterized by output.
  6.  請求項1に記載のプログラマブルデバイスにおいて、
     前記3重化した論理回路のそれぞれに含まれる複写を行う順序回路はフィードバックループを形成する順序回路だけに限定することを特徴とするプログラマブルデバイス。     The programmable device of claim 1, wherein
    2. A programmable device according to claim 1, wherein a sequential circuit for performing copying included in each of the triple logic circuits is limited to a sequential circuit forming a feedback loop.
  7.  請求項1に記載のプログラマブルデバイスにおいて、
     前記エラー制御回路と前記順序回路複写制御回路をそれぞれ2重化して、それぞれ2重化した両回路の出力信号を比較して不一致となった場合に故障を検出し、これらの回路で故障が検出されたらこれらの回路を停止させ、両回路の部分再構成を行って動作を再開させることを特徴とするプログラマブルデバイス。     The programmable device of claim 1, wherein
    The error control circuit and the sequential circuit duplication control circuit are respectively duplicated, and when the output signals of both the duplicated circuits are compared and a mismatch is detected, a failure is detected, and the failure is detected by these circuits. A programmable device characterized in that when it is done, these circuits are stopped and both circuits are partially reconfigured to resume operation.
  8.  請求項1に記載のプログラマブルデバイスにおいて、
     前記エラー制御回路は、エラーを発生したモジュールの識別子、エラーの発生回数、エラーの発生タイミングを記憶する記憶部を有し、外部から読み出し可能とすることを特徴とするプログラマブルデバイス。     The programmable device of claim 1, wherein
    The error control circuit includes a storage unit that stores an identifier of a module in which an error has occurred, the number of occurrences of an error, and the timing of occurrence of an error, and is programmable from the outside.
PCT/JP2013/079916 2013-11-05 2013-11-05 Programmable device WO2015068207A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2015546177A JPWO2015068207A1 (en) 2013-11-05 2013-11-05 Programmable device
PCT/JP2013/079916 WO2015068207A1 (en) 2013-11-05 2013-11-05 Programmable device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2013/079916 WO2015068207A1 (en) 2013-11-05 2013-11-05 Programmable device

Publications (1)

Publication Number Publication Date
WO2015068207A1 true WO2015068207A1 (en) 2015-05-14

Family

ID=53041015

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/079916 WO2015068207A1 (en) 2013-11-05 2013-11-05 Programmable device

Country Status (2)

Country Link
JP (1) JPWO2015068207A1 (en)
WO (1) WO2015068207A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3316135A1 (en) 2016-10-26 2018-05-02 Hitachi, Ltd. Control system
JP6490316B1 (en) * 2018-02-28 2019-03-27 三菱電機株式会社 Output judgment circuit

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009534738A (en) * 2006-04-21 2009-09-24 ハネウェル・インターナショナル・インコーポレーテッド Error filtering in fault-tolerant computing systems
JP2012118725A (en) * 2010-11-30 2012-06-21 Mitsubishi Electric Corp Error detection recovery equipment
JP2013046181A (en) * 2011-08-24 2013-03-04 Hitachi Ltd Programmable device, reconfigurable method of programmable device, and electronic device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009534738A (en) * 2006-04-21 2009-09-24 ハネウェル・インターナショナル・インコーポレーテッド Error filtering in fault-tolerant computing systems
JP2012118725A (en) * 2010-11-30 2012-06-21 Mitsubishi Electric Corp Error detection recovery equipment
JP2013046181A (en) * 2011-08-24 2013-03-04 Hitachi Ltd Programmable device, reconfigurable method of programmable device, and electronic device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MAKOTO FUJINO ET AL.: "Context Synchronization Method for Reliable Softcore Processor System", IEICE TECHNICAL REPORT. RECONF, vol. 111, no. 31, 5 May 2011 (2011-05-05), pages 25 - 30, Retrieved from the Internet <URL:http://ci.nii.ac.jp/naid/110008725913> [retrieved on 20131226] *
YOSHIHIRO ICHINOMIYA ET AL.: "Recovery and syncronization technique for TMR softcore processor", IEICE TECHNICAL REPORT. RECONF, vol. 109, no. 26, 7 May 2009 (2009-05-07), pages 49 - 54, Retrieved from the Internet <URL:http://ci.nii.ac.jp/naid/110007226121> [retrieved on 20131226] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3316135A1 (en) 2016-10-26 2018-05-02 Hitachi, Ltd. Control system
US10313095B2 (en) 2016-10-26 2019-06-04 Hitachi, Ltd. Control system
JP6490316B1 (en) * 2018-02-28 2019-03-27 三菱電機株式会社 Output judgment circuit
WO2019167193A1 (en) * 2018-02-28 2019-09-06 三菱電機株式会社 Output determination circuit

Also Published As

Publication number Publication date
JPWO2015068207A1 (en) 2017-03-09

Similar Documents

Publication Publication Date Title
US10496471B2 (en) Register error detection system
US10230495B2 (en) CRC calculation circuit, semiconductor device, and radar system
US20130162290A1 (en) Partial reconfiguration circuitry
CN109558277B (en) Microcontroller and control method thereof
WO2015068207A1 (en) Programmable device
JP6373154B2 (en) Semiconductor device
US10318376B2 (en) Integrated circuit and programmable device
Miculka et al. Generic partial dynamic reconfiguration controller for transient and permanent fault mitigation in fault tolerant systems implemented into fpga
US9292378B2 (en) Single event upset protection circuit and method
JP2014229130A (en) Highly reliable processor and highly reliable control device using the same
GB2617177A (en) Method and circuit for performing error detection on a clock gated register signal
JP6973877B2 (en) Basic logic element, semiconductor device equipped with it, output control method and control program of basic logic element
JP6960453B2 (en) Reconstruction controller
EP3296874B1 (en) Apparatus and associated method
JP6490316B1 (en) Output judgment circuit
US20200348716A1 (en) Method for configuring master/slave in double board, and board thereof
US9542266B2 (en) Semiconductor integrated circuit and method of processing in semiconductor integrated circuit
US11282554B2 (en) Data storage circuit and electronic apparatus
KR102200665B1 (en) Area-efficient fault tolerant linear feedback shift register and its error detection method
KR100538487B1 (en) Majority voter of railway signaling control system
JP2017045344A (en) Fault tolerant system
JP2023175145A (en) Semiconductor device
JP4114722B2 (en) State circuit
Astarloa et al. An autonomous fault tolerant system for can communications
KR20160098757A (en) Embedded System and error recovery method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13896890

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2015546177

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13896890

Country of ref document: EP

Kind code of ref document: A1