WO2016075800A1 - Programmable circuit - Google Patents

Programmable circuit Download PDF

Info

Publication number
WO2016075800A1
WO2016075800A1 PCT/JP2014/080141 JP2014080141W WO2016075800A1 WO 2016075800 A1 WO2016075800 A1 WO 2016075800A1 JP 2014080141 W JP2014080141 W JP 2014080141W WO 2016075800 A1 WO2016075800 A1 WO 2016075800A1
Authority
WO
WIPO (PCT)
Prior art keywords
circuit
failure
data
functional
repair
Prior art date
Application number
PCT/JP2014/080141
Other languages
French (fr)
Japanese (ja)
Inventor
真 佐圓
雄介 菅野
鳥羽 忠信
山田 弘道
阪田 健
雅司 大川
達也 細川
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2014/080141 priority Critical patent/WO2016075800A1/en
Publication of WO2016075800A1 publication Critical patent/WO2016075800A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing

Definitions

  • the present invention relates to a programmable circuit whose circuit configuration can be changed after manufacturing.
  • a programmable circuit which is a semiconductor integrated circuit capable of programming a circuit configuration such as an FPGA (field programmable gate array), an integrated circuit having a unique circuit block without manufacturing an LSI (Large Scale Integration). Can be built in a short period of time.
  • the programmable circuit realizes the circuit function by storing circuit configuration data defining the circuit function in a dedicated built-in memory.
  • this dedicated built-in memory is referred to as a configuration memory.
  • the programmable circuit has an advantage that a unique circuit can be constructed.
  • the programmable circuit is likely to generate a radiation soft error in which the circuit configuration data stored in the configuration memory is destroyed by radiation, and is applied to a device that requires high reliability. It becomes a challenge. This problem is particularly noticeable when the configuration memory is implemented by SRAM (Static Random Access Memory).
  • the soft error here refers to a software error such as a data error rather than a hardware error such as a device disconnection.
  • Patent Document 1 discloses a method for performing a majority process using a triple circuit as a technique for improving resistance to a radiation soft error, and further, configuring a circuit in which a failure is detected in a storage area secured in advance. A technique for repairing a damaged circuit is disclosed. With this method, even if a fault due to a radiation soft error occurs in the programmable circuit, the operation can be continued.
  • the programmable circuit according to the present invention detects a failure in the functional circuit, the output is temporarily stopped, the circuit configuration data is corrected, the failure is repaired, and the functional circuit executes the suspended process again.
  • the programmable circuit according to the present invention can improve availability while suppressing an increase in circuit scale.
  • 1 is a circuit configuration diagram of a programmable circuit FPGA according to a first embodiment. It is a figure which shows the flow of operation
  • RTQD and RTQN re-execution queue circuit
  • FIG. 10 is a configuration diagram of a DRAM access circuit DFNCD in Embodiment 2.
  • FIG. 5 is a timing chart of an interface signal between a programmable circuit and a DRAM chip when a failure is not detected by a failure detection circuit DGMD.
  • 10 is a timing chart of an interface signal between a programmable circuit and a DRAM chip when a failure is detected by a failure detection circuit DGMD.
  • FIG. 10 is a configuration diagram of a DRAM access circuit DFNCD in a third embodiment.
  • FIG. 1 is a circuit configuration diagram of a programmable circuit FPGA according to the first embodiment of the present invention.
  • the programmable circuit FPGA is connected to the memory DRAM, the nonvolatile memory RMCP, and the functional chip NWCP.
  • the memory DRAM is a DRAM (Dynamic Random Access Memory) device.
  • the programmable circuit FPGA writes data to the memory DRAM or reads data from the memory DRAM.
  • the nonvolatile memory RMCP stores circuit configuration data describing a circuit configuration of the programmable circuit FPGA, a software program, and the like.
  • the functional chip NWCP is a circuit device that performs a predetermined function by communicating with the programmable circuit FPGA.
  • the programmable circuit FPGA has a function of detecting a failure and performing self-repair when a failure occurs in an internal circuit.
  • the programmable circuit FPGA includes a processor circuit TFNCP, a DRAM access circuit DFNCD, a communication circuit DFNCN, a configuration memory CRAM, a repair circuit RPC, re-execution queue circuits RTQD and RTQN, and an interconnect circuit TSF.
  • the processor circuit TFNCP is a circuit that performs arithmetic processing and is tripled.
  • the DRAM access circuit DFNCD accesses the DRAM.
  • the communication circuit DFNCN communicates with the functional chip NWCP.
  • the configuration memory CRAM stores circuit configuration data of the programmable circuit FPGA.
  • the repair circuit RPC repairs the failure of the programmable circuit FPGA.
  • the re-execution queue circuits RTQD and RTQN store re-execution data necessary for re-execution after the processes being executed by the DRAM access circuit DFNCD and the communication circuit DFNCN are suspended.
  • the interconnect circuit TSF connects the processor circuit TFNCP, the DRAM access circuit DFNCD, and the communication circuit DFNCN.
  • the processor circuit TFNCP has a triple configuration in which three processors FNCP are connected by a majority circuit.
  • the processor circuit TFNCP issues a processing request (data read request, data write request, etc.) to the DRAM or functional chip NWCP via the signal RQMS, and a response (read data, processing result, etc.) to the access request via the signal RSMS. Receive.
  • the interconnect circuit TSF transfers the processing request received from the processor circuit TFNCP via the signal RQMS to the DRAM access circuit DFNCD or the communication circuit DFNCN according to the destination address included in the processing request.
  • the interconnect circuit TSF receives a response (read data, processing result, etc.) from the DRAM access circuit DFNCD and the communication circuit DFNCN via the signal RSSS, and transfers the response to the processor circuit TFNCP via the signal RSMS.
  • the re-execution queue circuits RTQD and RTQN receive processing requests from the interconnect circuit TSF via the signal RQSS, store these processing requests in the internal storage circuit, and send them to the DRAM access circuit DFNCD and the communication circuit DFNCN via the signal RQSQS.
  • the processing request received is issued.
  • the processing request stored in the internal storage circuit is held until a notification from the interconnect circuit TSF is received via the signal RCLTS that the processing has been completed without failure (the interconnect circuit TSF has safely received the processing request). .
  • the processing requests being executed by the DRAM access circuit DFNCD and the communication circuit DFNCN are held in these re-execution queue circuits, and it becomes possible to reissue a processing request that has been suspended when a failure occurs.
  • the DRAM access circuit DFNCD controls the DRAM based on the data read request and data write request for the DRAM received via the signal RQSQS, and outputs a response such as read data via the signal RSSS.
  • the DRAM access circuit DFNCD includes a DRAM control circuit FNCD, a failure detection circuit DGMD, a mask circuit MSKD, and an input / output circuit FPHD.
  • the DRAM control circuit FNCD is a circuit that controls the operation of the DRAM and is duplicated.
  • the failure detection circuit DGMD detects a failure in the same circuit by comparing the output signals of the two DRAM control circuits. If the output signals do not match, it is determined that at least one of them has failed.
  • the mask circuit MSKD invalidates data writing by masking the data write signal to the DRAM when the failure detection circuit DGMD detects a failure.
  • the input / output circuit FPHD inputs / outputs signals to / from the DRAM.
  • the DRAM access circuit DFNCD notifies the repair circuit RPC of the occurrence of the failure via the signal EDTS.
  • the communication circuit DFNCN controls communication with the functional chip NWCP based on the access request for the functional chip NWCP received via the signal RQSQS, and responds to data and processing results obtained from the functional chip NWCP via the signal RSSS. Is output.
  • the communication circuit DFNCN includes a communication control circuit FNCN, a failure detection circuit DGMN, a mask circuit MSKN, and an input / output circuit FPNN.
  • the communication control circuit FNCN is a circuit that controls communication with the function chip NWCP and is duplicated.
  • the failure detection circuit DGMN detects a failure in the same circuit by comparing the output signals of the two communication control circuits FNCN. If the output signals do not match, it is determined that at least one of them has failed.
  • the mask circuit MSKN invalidates communication by masking communication data for the functional chip NWCP when the failure detection circuit DGMN detects a failure.
  • the input / output circuit FPN transmits / receives communication data to / from the functional chip NWCP.
  • the repair circuit RPC repairs the circuit failure of the programmable circuit FPGA.
  • the circuit failure means that the operation of the programmable circuit FPGA is different from the original operation due to the occurrence of bit inversion of the configuration memory CRAM due to a radiation soft error or the like.
  • the repair circuit RPC repairs the circuit failure by correctly rewriting and correcting the circuit configuration data stored in the configuration memory CRAM.
  • the signal EDTS is a signal for receiving a notification that a failure has occurred in the DRAM access circuit DFNCD and the communication circuit DFNCN.
  • the signal IRTS is a signal for instructing to reissue the processing request stored in the re-execution queue circuit.
  • the signal ITS instructs the DRAM access circuit DFNCD and the communication circuit DFNCN to prepare for receiving a processing request.
  • the configuration memory CRAM is a memory that stores circuit configuration data of the programmable circuit FPGA. Although the configuration memory CRAM is described as one block in FIG. 1, the actual circuit configuration data is distributed in the chip and stores the circuit configuration data of all the programmable circuits.
  • the input / output circuits FPHD and FPHN are not programmable and have a fixed circuit configuration, and no circuit failure due to a soft error occurs in these circuits.
  • Other circuits are programmable, and the circuit configuration is defined by circuit configuration data.
  • the programmable circuit FPGA receives data from the outside via the communication circuit DFNCN, and the processor circuit TFNCP performs processing on this data using the DRAM via the DRAM access circuit DFNCD, and then passes outside via the communication circuit DFNCN. Send the processing result.
  • FIG. 2 is a diagram showing a flow of operations in which the programmable circuit FPGA repairs the failure.
  • the repair process performed by the repair circuit RPC is divided into a cyclic repair process SCRP and an interrupt repair process SIRP.
  • the cyclic repair process SCRP is a process for inspecting and correcting the configuration memory CRAM of the entire programmable circuit.
  • the interrupt repair process SIRP is a process for inspecting and repairing the configuration memory CRAM of the failed circuit part for the failure detected by the failure detection circuits DGMD and DGMN.
  • the repair circuit RPC performs the cyclic repair process SCRP in the background during a period other than when the interrupt repair process SIRP is performed. The operation of each functional circuit is not hindered by the cyclic repair process SCRP.
  • the repair circuit RPC and each functional circuit related to the failure execute an interrupt repair process SIRP.
  • the interrupt repair process SIRP the memory access circuit DFNCD or the communication circuit DFNCN in which a failure is detected controls the output signal so as to invalidate the output.
  • the repair circuit RPC repairs the part of the configuration memory CRAM that stores the configuration data of the circuit in which the failure is detected by the configuration memory repair process SICC.
  • the functional circuit related to the repair circuit RPC and the failure prepares to resume the operation of the functional circuit that has been temporarily stopped when the failure is detected by the operation resumption preparation process SIST. Preparation here means to return the state of the functional circuit to the state before the suspended processing is started, and to start the suspended processing again or to receive the resumed processing. Specific processing differs depending on the type of functional circuit.
  • the repair circuit RPC requests the re-execution queue circuit of the circuit in which the failure has occurred to re-execute the process that was temporarily stopped when the failure occurred by the re-execution processing SIRT. In response to the request, the circuit in which the failure has occurred executes the suspended process again.
  • the repair circuit RPC returns to the cyclic repair operation SCRP, and the functional circuit also returns to the normal operation.
  • FIG. 3 is a diagram showing one cycle of the cyclic repair process SCRP.
  • the repair circuit RPC inspects and repairs the circuit configuration data stored in the configuration memory CRAM in a predetermined order.
  • a processor circuit TFNCP an interconnect circuit TSF, a re-execution queue circuit RTQD and RTQN, a failure detection circuit DGMD and a mask circuit MSKD for a memory access circuit, a failure detection circuit DGMN and a mask circuit MSKN for a communication circuit, a repair circuit
  • the configuration memory CRAM is inspected and corrected in the order of RPC, two DRAM control circuits FNCD, two communication control circuits FNCN, failure detection circuit DGMD and mask circuit MSKD, failure detection circuit DGMN and mask circuit MSKN, and repair circuit RPC.
  • the failure detection circuit DGMD, the mask circuit MSKD, the failure detection circuit DGMN, the mask circuit MSKN, and the repair circuit RPC are included a plurality of times because these are circuits that perform failure detection and repair, especially for reducing the failure rate. is there. The reason is that these circuits are generally small and do not greatly affect the overall inspection and repair time.
  • SCRP cyclic repair process
  • FIG. 4 is a timing chart showing an operation when a failure occurs in the DRAM control circuit FNCD as an example of the interrupt repair processing SIRP.
  • the clock signal CLK is a signal indicating a clock cycle, and here shows the operation of each circuit in cycles C1 to C19.
  • the functional circuits such as the processor circuit TFNCP and the DRAM access circuit DFNCD perform the normal operation SUOP, and the repair circuit RPC performs the cyclic repair operation SCRP.
  • the failure detection circuit DGMD detects a failure, and notifies the DRAM control circuit FNCD, the input / output circuit FPHD, the mask circuit MSKD, and the repair circuit RPC of the failure detection.
  • the mask circuit MSKD operates to invalidate data writing to the DRAM (SMSK), and the DRAM control circuit FNCD and the input / output circuit FPHD stop new access to the DRAM.
  • the repair circuit RPC starts a configuration memory repair process (SICC) for the DRAM access circuit DFNCD. Thereafter, this state is continued until the inspection and correction of the configuration memory CRAM corresponding to the DRAM access circuit DFNCD are completed in C11 (C5 to C11).
  • the repair circuit RPC and the DRAM access circuit DFNCD perform the operation resumption preparation process SIST.
  • the DRAM control circuit FNCD and the input / output circuit FPHD send a command to the DRAM to set the DRAM state to IDLE so that the DRAM operation can be resumed after initializing its circuit state. Issue.
  • the repair circuit RPC waits for completion of the operation resumption preparation process SIST of the DRAM access circuit DFNCD.
  • the repair circuit RPC requests the re-execution queue circuit RTQD to reissue an incomplete processing request (SIRT), and the re-execution queue circuit RTQD Reissue a processing request that has been paused in response to the request.
  • SIRT incomplete processing request
  • the DRAM access circuit DFNCD that has completed the operation resumption preparation process SIST returns from the cycle C15 to the normal operation SUOP.
  • the repair circuit RPC When the re-execution request is completed, the repair circuit RPC returns to the cyclic repair process SCRP in cycle C17, and the re-execution queue circuit RTQD also returns to the normal state.
  • the processor circuit TFNCP and the communication circuit DFNCN in which no failure has occurred continue the normal operation SUOP while the DRAM access circuit DFNCD is being repaired.
  • FIG. 5 is a detailed configuration diagram of the DRAM access circuit DFNCD.
  • DFNCD the DRAM access circuit
  • the failure detection circuit DGMD detects a failure by comparing the output signals of the two DRAM control circuits FNCD and the internal state.
  • Signal CADS includes a command and an address for DRAM access.
  • the signal WDTS is a write data signal for the DRAM.
  • the signal MSKS is a signal for masking write data for the DRAM.
  • the signal RSSS is a response signal for the interconnect circuit TSF.
  • the signal INSS is an internal signal of the DRAM control circuit FNCD.
  • the comparison circuit CMP detects a failure by comparing the output signal and internal state of the DRAM control circuit FNCD.
  • the circuit FDT has a function of notifying the repair circuit RPC and the mask circuit MSKD of a failure detected by the comparison circuit CMP and a function of notifying the repair circuit RPC of a failure in the mask circuit MSKD.
  • the signal EDTS is a signal for notifying the repair circuit RPC of a failure.
  • the signal FMSKS is a signal for notifying the mask circuit MSKD of the failure detected by the comparison circuit CMP.
  • the signal ERMS is a signal for notifying the failure detection circuit DGMD of a failure in the mask circuit MSKD.
  • the mask circuit MSKD invalidates data writing to the DRAM by forcibly setting the write data mask signal MSKS to 1 when a failure is detected.
  • the circuit MSSKF receives the failure detection notification from the failure detection circuit DGMD via the signal FMSKS, the circuit MSSKF forcibly sets the write data mask signal MSKS to 1 regardless of the signal FMSKS. This forced masking state continues until the operation resumption preparation process SIST starts.
  • the circuit DIG is a circuit for diagnosing the mask function of the circuit MSKF. When a failure is detected, the circuit DIG notifies the failure detection circuit DGMD via the signal ERMS. Thereby, the interrupt repair process SIRP is started.
  • FIG. 6 is a timing chart of interface signals between the programmable circuit FPGA and the DRAM when a failure is detected by the failure detection circuit DGMD and data writing is invalidated.
  • the signal DCK is a clock signal
  • the signal DCMD is a signal including a command such as RAS or CAS
  • the signal DADR is an address signal
  • the signal DDT is a data signal such as write data or read data
  • the signal DDM is a write signal This is a data mask signal for invalidating data.
  • FIG. 6 shows a case where an error has occurred in the value of the address signal DADR.
  • the value of the address signal DADR becomes invalid at the time of the clock rising edge P2
  • all the bits of the data mask signal DDM are set to 1 before the clock edges P6, N6, P7, and N7 where the data signal DDT becomes valid. Data writing is disabled.
  • the write data is forcibly masked in the cycle after the clock edge P3, and the portion where the value of the signal DDM is FMSK indicates this.
  • data can be prevented from being written to an incorrect address in the DRAM, and data in the DRAM can be protected even when the programmable circuit FPGA fails.
  • the programmable circuit FPGA fails, the value stored in the DRAM is destroyed, and even if the circuit is repaired and data writing is performed again, the failure can no longer be concealed.
  • the mask function of the first embodiment even if the programmable circuit FPGA fails, the erroneous data writing is not performed on the DRAM until the failure is repaired. As a result, the occurrence of the failure is concealed and the programmable circuit FPGA is hidden. Availability can be increased.
  • FIG. 7 is a circuit configuration diagram of the re-execution queue circuit (RTQD and RTQN).
  • the re-execution queue circuit includes a triple queue circuit QCB and a majority circuit VTR.
  • the circuit VTR in the previous stage performs majority processing on the processing request signal RQSS signal input in triplicate from the interconnect circuit TSF, and the signal RQSVS after the majority determination is input to the queue circuit QCB.
  • the succeeding circuit VTR performs majority processing on the output QOUTS of the queue circuit QCB and outputs it.
  • the re-execution queue circuit holds the processing request until the processing completion is notified via the signal RCLTS, and can thereby re-issue the processing request.
  • Each queue circuit QCB includes a queue element circuit QEM, a queue control circuit QCTR, and an output selector circuit OTS.
  • Each queue element circuit QEM stores one processing request.
  • the output selector circuit OTS selects and outputs a processing request from the plurality of queue element circuits QEM.
  • the queue element circuit QEM stores VLD, process number PID, process request command CMD, process request destination address ADR, data WDT, and process request issue source number SRC as process request data.
  • VLD indicates whether or not the queue element circuit QEM stores a valid processing request.
  • the process number PID is a number for determining a process request.
  • the processing request command CMD is a command such as read or write.
  • the processing request issuer number SRC is, for example, the number of the processor circuit FNCP.
  • the queue control circuit QCTR stores the processing requests input to the respective queue element circuits QEM, instructs to delete the stored processing requests, and instructs the output selector circuit OTS to select output data.
  • the signal QSTS is a signal for instructing to store the processing request input via the signal RQSVS in the queue element circuit.
  • the signal QCLS is a signal for clearing the processing request stored in the queue element circuit QEM.
  • the queue control circuit QCTR generates the signal QCLS upon receiving a processing completion notification via the signal RCLTS.
  • the signal QSELS is a signal that instructs the output selector circuit OTS to select output data.
  • the re-execution queue circuit is multiplexed because the processing request held by the re-execution queue circuit is destroyed by radiation and a different processing request is issued at the time of re-execution, or a processing request is not issued. This is to prevent a failure of the execution queue circuit itself.
  • FIG. 8 is a timing chart showing the operation of the re-execution queue circuit RTQD when a processing request is executed without a failure.
  • the processing request RQ1 from the processor circuit TFNCP is input to the re-execution queue circuit RTQD via the processing request signal RQSS.
  • 1 is asserted to the processing request storage instruction signal QSTS for QEM1, which is one of the queue elements, and the processing request RQ1 is stored in the queue element QEM1 in the next cycle C4.
  • the re-execution queue circuit RTQD outputs a processing request RQ1 to the DRAM access circuit DFNCD via the signal RQSQS.
  • the DRAM access circuit DFNCD performs processing for the processing request, and returns a response RS1 to the processing request RQ1 to the interconnect circuit TSF via the signal RSSS in cycle C11.
  • cycle C12 1 is asserted to the information clear instruction signal QCLS in response to the response RS1, and in response to the information clear instruction signal, the queue element QEM1 deletes the stored RQ1.
  • the symbol INVLD indicates that there is no valid processing request in this queue.
  • the re-execution queue circuit RTQD stores the processing request until the processing is completed without a failure.
  • FIG. 9 is a timing chart showing the operation of the re-execution queue circuit RTQD when a failure is detected during the processing request.
  • the processing request RQ1 is input from the processor circuit TFNCP to the re-execution queue circuit RRQD via the processing request signal RQSS, and in cycle C4, the re-execution queue circuit RTQD sends the processing request RQ1 to the queue element QEM1.
  • the processing request RQ1 is output to the subsequent DRAM access circuit DFNCD via the signal QSQS.
  • a failure occurs in the DRAM access circuit DFNCD.
  • the DRAM access circuit DFNCD in which the failure is detected does not return a response to RQ1, and notifies the repair circuit RPC of the occurrence of the failure via the failure detection notification signal EDTS in cycle C7.
  • the repair circuit RPC starts repair processing SICC for the configuration memory CRAM of the DRAM access circuit DFNCD from cycle C8.
  • the repair circuit RPC transits to the operation resumption preparation process SIST in cycle C12, and instructs the DRAM access circuit DFNCD to prepare for the operation resumption via the signal ITS.
  • the repair circuit RPC instructs the re-execution queue RTQD to reissue the processing request via the signal IRTS.
  • Re-execution queue circuit RTQD that has received this, in cycle C15, outputs processing request RQ1 stored in queue element QEM1 to DRAM access circuit DFNCD via signal RQSQS without being completed.
  • the DRAM access circuit DFNCD performs processing for the processing request, and returns a response RS1 to RQ1 to the interconnect circuit TSF via the signal RSSS in cycle C19.
  • cycle C20 1 is asserted to the information clear instruction signal QCLS in response to the response RS1, and in response to the information clear instruction signal QCLS, the queue element QEM1 deletes the stored RQ1.
  • the symbol INVLD indicates that there is no valid processing request in the queue element QEM1.
  • the re-execution queue circuit RTQD stores a processing request until the processing is completed without a failure, and when a failure occurs during the processing, the processing request is reissued and a processing request is reissued. be able to. As a result, the circuit in which the failure has occurred can restart the processing that has failed due to the failure immediately after the configuration memory CRAM is repaired.
  • FIG. 10 is a circuit configuration diagram of the repair circuit RPC.
  • the repair circuit RPC includes a repair operation control circuit RPCTRL, a table STBL, an error check correction circuit CAC, and a configuration memory access circuit RACC.
  • the table STBL is a table describing a part to be corrected in the configuration memory CRAM with respect to the failure detection notification input via the signal EDTS.
  • the error inspection / correction circuit CAC inspects and corrects the configuration memory area designated by the repair operation control circuit RPCTRL.
  • the configuration memory access circuit RACC reads data from or writes data to the configuration memory CRAM based on the designation from the error check correction circuit CAC.
  • the configuration memory CRAM stores circuit configuration data CFGI of the programmable circuit FPGA and error detection and correction codes ECCI for the circuit configuration data CFGI.
  • error detection and correction code ECCI is an ECC (Error Check and Correct) code.
  • the repair operation control circuit RPCTRL receives a failure notification from the DRAM access circuit DFNCD or the communication circuit DFNCN via the signal EDTS, and determines an area on the configuration memory CRAM to be inspected and corrected by referring to the table STBL.
  • the error inspection / correction circuit CAC is instructed of the area.
  • the error check correction circuit CAC reads the circuit configuration data CFGI and the error detection correction code ECCI from the configuration memory CRAM via the configuration memory access circuit RACC, and uses the read error detection correction code ECCI to read the circuit configuration data CFGI. Inspect whether the contents are destroyed by the influence of radiation or the like (bit inversion has not occurred). As a result of the inspection, if the information is not destroyed and is correct, the data at the next address in the designated configuration memory CRAM area is read and the inspection is continued in the same manner. When destruction (bit inversion of data) has occurred as a result of the inspection, the circuit configuration data CFGI is corrected by obtaining a correct value using the error detection and correction code ECCI and writing the value in the configuration memory CRAM.
  • correct circuit configuration data CFGI can be read from the nonvolatile memory RMCP and the value can be written to the configuration memory CRAM.
  • the error inspection correction circuit CAC performs the above inspection correction on the area designated by the repair operation control circuit RPCTRL.
  • FIG. 11 is a diagram showing an arrangement of circuit configuration data of the programmable circuit FPGA.
  • the configuration memory CRAM is distributed over the entire programmable circuit FPGA.
  • the circuit configuration data corresponding to each circuit block is divided and arranged for each block in the distributed configuration memory CRAM.
  • a processor circuit TFNCP is mounted in the region AFNNCP
  • a DRAM access circuit DFNCD and a re-execution queue circuit RTQD are mounted in the region ADFNCD
  • a communication circuit DFNCN and a re-execution queue circuit RTQN are mounted in the region ADFNCN
  • a region ATSF is mounted in the region ATSF
  • An interconnect circuit TSF is mounted
  • a repair circuit RPC is mounted in the area ARPC.
  • the repair circuit RPC only needs to repair the area ADFNCD. As a result, the time required for repair can be shortened compared with the case where the entire device is repaired.
  • the DRAM access circuit DFNCD and the communication circuit DFNCN invalidate the output to another device connected to the programmable circuit FPGA when the failure diagnosis circuit detects a failure.
  • the output signal value is controlled so that Thereby, even when the programmable circuit FPGA fails, data destruction and malfunction of other devices can be prevented. If the data of another device (for example, DRAM) connected to the programmable circuit FPGA is destroyed, it is necessary to restore the destroyed data in order to resume or continue the operation of the apparatus using the device. It becomes. For this reason, there is a possibility that the time until the operation restarts becomes long, or the operation cannot be continued.
  • the processing is temporarily stopped and the output is invalidated, whereby the availability of the programmable circuit FPGA and the device connected thereto can be improved.
  • the programmable circuit FPGA In order to improve the availability of the programmable circuit FPGA by multiplexing the circuit configuration, it is necessary to increase the number of terminals of the device including the programmable circuit FPGA by that amount. The number of terminals is limited. Since the programmable circuit FPGA according to the first embodiment can suppress the increase in the number of terminals by suppressing the number of multiplexing, it is also effective in terms of cost.
  • the DRAM access circuit DFNCD invalidates data writing to the DRAM by forcibly setting the write data mask signal MSKS to 1 for the DRAM.
  • the data write command for the DRAM is invalidated by converting the data write command for the DRAM into another command that does not write data to the DRAM.
  • FIG. 12 is a configuration diagram of the DRAM access circuit DFNCD in the second embodiment.
  • the failure detection circuit DGMD detects a failure by comparing the output signals of the two DRAM control circuits FNCD and the internal state.
  • failure detection circuit DGMD detects a failure, it notifies failure of DRAM access circuit DFNCD to command invalidation circuit NOPD via command invalidation signal NOPS.
  • the command invalidation circuit NOPD Upon receiving the failure notification, the command invalidation circuit NOPD issues a command for instructing the DRAM not to perform data writing for a predetermined period regardless of the signal CADS.
  • This command is a NOP (No Operation) command.
  • the circuit CADF is a circuit that issues this command.
  • the failure detected by the failure detection circuit DGMD is also notified to the repair circuit RPC, and the interrupt repair processing SIRP of the DRAM access circuit DFNCD is executed.
  • the circuit DIG is a circuit for diagnosing the circuit CADF. When a failure is detected, the circuit DIG notifies the failure detection circuit DGMD via the signal ERMS.
  • FIG. 13 is a timing chart of the interface signal between the programmable circuit and the DRAM chip when no failure is detected by the failure detection circuit DGMD.
  • the signal NOPS is a command invalidation signal that is asserted when the failure detection circuit DGMD detects a failure
  • the signal DCK is a clock signal
  • the signal DCMD is a signal including a command such as RAS and CAS
  • DADR is an address signal
  • signal DDT is a data signal such as write data or read data.
  • FIG. 14 is a timing chart of interface signals between the programmable circuit and the DRAM chip when a failure is detected by the failure detection circuit DGMD.
  • a failure occurs in the address signal DADR in the DRAM control circuit FNCD, and the command invalidation signal NOPS is asserted.
  • the command invalidation circuit NOPD Upon receiving the command invalidation signal NOPS, the command invalidation circuit NOPD invalidates the data write command for the DRAM, and instead outputs a command CNOP instructing the DRAM not to perform the operation to the DRAM.
  • the failure is detected by duplicating the DRAM control circuit FNCD (and the communication control circuit FNCN) and comparing the operations of the two DRAM control circuits FNCD.
  • Advantages of this method include that the design load is small because the same circuit is arranged, and that an erroneous output due to a circuit failure can be detected with high probability by monitoring the input / output of the circuit.
  • DRAM access circuit DFNCD and the communication circuit DFNCN
  • FIG. 15 is a configuration diagram of the DRAM access circuit DFNCD in the third embodiment.
  • the circuit scale is reduced as compared with the case where the circuit is completely duplicated.
  • two DRAM control circuits FNCD are divided into two processing request encoding circuits DCOD, one processing request data path circuit RQDP, two state control circuits DCTRL, and two processing response output circuits RSB.
  • the communication circuit DFNCN can have the same configuration.
  • the processing request encoding circuit DCOD is a circuit that adds an error detection code to the processing request received via the signal QSQS, and outputs the processing request with the error detection code added to the processing request data path circuit RQDP.
  • the processing request encoding circuit DCOD is duplicated for failure detection. Output signals of the two processing request encoding circuits DCOD are output to the DRAM failure detection circuit DGMD via the signal DCODS.
  • the DRAM failure detection circuit DGMD compares the two signals DCODS, and if they are different, it is assumed that a failure has occurred.
  • the processing request data path circuit RQDP is a circuit for queuing a processing request to which an error detection code is added, and its output is connected to the DRAM input / output circuit FPHD.
  • the circuit BCAD is a circuit for queuing data including a command and address for DRAM access
  • the circuit BWDT is a circuit for queuing data including write data to the DRAM
  • the circuit BMSK is a write data mask for the DRAM.
  • the circuit BECD is a circuit that queues error detection codes for these commands, addresses, write data, and write data masks. A failure can be detected by queuing data for DRAM access together with an error detection code.
  • the processing request data path circuit RQDP may perform additional processing such as packing of multiple requests, arbitration, and protocol conversion in order to improve DRAM utilization efficiency during the queuing process.
  • the processing response output circuit RSB is a circuit that temporarily holds a response such as read data received from the DRAM and returns a response to the interconnect circuit TSF via the signal RSSS.
  • the process response output circuit RSB is duplicated for failure detection, and the output signals of these two circuits are compared by the failure detection circuit DGMD and monitored for failure.
  • the state control circuit DCTRL controls the operation flow of the processing request encoding circuit DCOD, the processing request data path circuit RQDP, and the processing response output circuit RSB.
  • the state control circuit DCTRL is duplicated, and the output signals and internal signals of these two circuits are compared by the failure detection circuit DGMD and the presence or absence of a failure is monitored.
  • the failure detection circuit DGMD detects failure by comparing the output signals of the two processing request encoding circuits DCOD, detects failure by comparing the output signals of the two processing response output circuits RSB, the output signals of the two state control circuits DCTRL and the internal Fault detection using signal comparison and fault detection using an error detection code of the processing request data path circuit RQDP are performed.
  • the comparison circuit CMP compares the duplicated circuits and notifies the failure detection control circuit FDT of the result.
  • the data path error detection circuit ECB uses the value of the error detection code signal ECDS to determine whether there is a failure in the values of the signal CADS, the signal WDTS, and the signal MSKS, and notifies the failure detection control circuit FDT of the result. To do.
  • the failure detection control circuit FDT has a function of notifying a failure detected by the circuit CMP and the circuit FDT to the repair circuit RPC and the mask circuit MSKD and a function of notifying a failure in the mask circuit MSKD to the repair circuit RPC.
  • the operation at the time of failure detection is the same as that of the first embodiment.
  • the programmable circuit FPGA detects a failure by adding an error detection code to data stored in the processing request data path circuit RQDP, and other circuits in the DRAM access circuit DFNCD. Is duplicated. Thereby, the circuit scale can be reduced as compared with the configuration in which the entire DRAM access circuit DFNCD is duplicated.
  • the circuit scale can be reduced. It can also be reduced.
  • the present invention is not limited to the embodiments described above, and includes various modifications.
  • the above embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to the one having all the configurations described.
  • a part of the configuration of one embodiment can be replaced with the configuration of another embodiment.
  • the configuration of another embodiment can be added to the configuration of a certain embodiment. Further, with respect to a part of the configuration of each embodiment, another configuration can be added, deleted, or replaced.
  • the circuit configuration for invalidating the output of the programmable circuit FPGA described in the first to third embodiments is effective for improving the reliability of the entire programmable circuit in terms of preventing data destruction and malfunction of other devices connected to the programmable circuit FPGA. It is a technique. For example, even in a programmable circuit that does not include a re-execution queue circuit, data destruction or malfunction of other devices connected to the programmable circuit FPGA can be prevented by invalidating the output of the programmable circuit FPGA as in the first to third embodiments. Can be prevented.
  • the configuration example has been described in which the DRAM access circuit DFNDN and the communication circuit DFNCN are duplicated, and the process suspended temporarily when a failure occurs is re-executed by the re-execution queue circuit.
  • the method of the present invention is not necessarily limited to these circuits, and availability can be improved while suppressing the circuit scale by providing the same configuration for other circuits.
  • mask signals and command conversion are exemplified as methods for invalidating access to the DRAM and the functional chip NWCP. Since the means for invalidating access may differ depending on the type of device and the like, means other than the mask signal and command conversion may be used as long as the same access invalidation can be realized.
  • the flow of operation is described with a number of cycles different from the number of cycles actually required in consideration of easy viewing. Therefore, the time chart in the actual circuit operation is not limited to this.
  • FPGA Programmable circuit
  • DRAM DRAM memory chip
  • RMCP Non-volatile memory
  • NWCP Function chip
  • TFNCP Processor circuit
  • DFNCD DRAM access circuit
  • DFNCN Communication circuit
  • CRAM Configuration memory
  • RPC Repair circuit RTQD, RTQN: Re-execution queue circuit
  • TSF Inter Connect circuit FNCD: DRAM control circuit
  • DGMD Failure detection circuit
  • MSKD Mask circuit FPHD: Input / output circuit
  • FNCN Communication control circuit
  • DGMN Failure detection circuit
  • MSKN Mask circuit FPNN: Input / output circuit NOPD: Command invalidation circuit

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

The purpose of the present invention is to provide a programmable circuit capable of suppressing circuit scale and improving availability. The programmable circuit according to the present invention temporarily stops output upon detection of a failure of a function circuit, and corrects circuit configuration data to correct the failure, and the function circuit performs the temporarily stopped processing again (see fig. 1).

Description

プログラマブル回路Programmable circuit
 本発明は、製造後に回路構成を変更することができるプログラマブル回路に関するものである。 The present invention relates to a programmable circuit whose circuit configuration can be changed after manufacturing.
 FPGA(フィールドプログラマブルゲートアレイ)などのような回路構成をプログラムできる半導体集積回路であるプログラマブル回路を用いることにより、使用者はLSI(Large Scale Integration)を製造することなく、独自回路ブロックを持つ集積回路を短期間で構築できる。プログラマブル回路は、回路機能を定義する回路構成データを専用の内蔵メモリに格納することにより回路機能を実現する。以下ではこの専用の内蔵メモリをコンフィギュレーションメモリと記載する。 By using a programmable circuit which is a semiconductor integrated circuit capable of programming a circuit configuration such as an FPGA (field programmable gate array), an integrated circuit having a unique circuit block without manufacturing an LSI (Large Scale Integration). Can be built in a short period of time. The programmable circuit realizes the circuit function by storing circuit configuration data defining the circuit function in a dedicated built-in memory. Hereinafter, this dedicated built-in memory is referred to as a configuration memory.
 プログラマブル回路は、独自回路を構築できる利点を有する一方で、放射線によりコンフィギュレーションメモリが格納している回路構成データが破壊される放射線ソフトエラーが発生しやすく、高信頼を必要とする装置へ適用する際の課題となる。コンフィギュレーションメモリがSRAM(Static Random Access Memory)によって実装されている場合は、この課題が特に顕著である。ここでいうソフトエラーとは、デバイスの断線などのハードウェアエラーではなく、データ異常などのソフトウェア上のエラーを指す。 The programmable circuit has an advantage that a unique circuit can be constructed. On the other hand, the programmable circuit is likely to generate a radiation soft error in which the circuit configuration data stored in the configuration memory is destroyed by radiation, and is applied to a device that requires high reliability. It becomes a challenge. This problem is particularly noticeable when the configuration memory is implemented by SRAM (Static Random Access Memory). The soft error here refers to a software error such as a data error rather than a hardware error such as a device disconnection.
 下記特許文献1は、放射線ソフトエラーに対する耐性を向上させる手法として、3重化した回路による多数決処理を実施し、さらに、故障が検出された回路をあらかじめ確保した記憶領域にコンフィギュレーションすることにより故障した回路を修復する手法を開示している。この手法により、プログラマブル回路において放射線ソフトエラーによる故障が発生しても、動作を継続することができる。 The following Patent Document 1 discloses a method for performing a majority process using a triple circuit as a technique for improving resistance to a radiation soft error, and further, configuring a circuit in which a failure is detected in a storage area secured in advance. A technique for repairing a damaged circuit is disclosed. With this method, even if a fault due to a radiation soft error occurs in the programmable circuit, the operation can be continued.
特開2011-216020号公報JP 2011-216002 A
 上記特許文献1記載の技術においては、回路を3重化することにより可用性を向上させる反面、回路規模が3倍以上に増加してしまうという課題がある。本発明は同課題に鑑みてなされたものであり、回路規模を抑えつつ可用性を向上させることができるプログラマブル回路を提供することを目的とする。 In the technique described in Patent Document 1, the availability is improved by triple circuit, but there is a problem that the circuit scale increases three times or more. The present invention has been made in view of the above problem, and an object thereof is to provide a programmable circuit capable of improving availability while suppressing the circuit scale.
 本発明に係るプログラマブル回路は、機能回路の故障を検出するとその出力を一時停止し、回路構成データを訂正することにより前記故障を修理し、前記機能回路は一時停止した処理を改めて実行する。 When the programmable circuit according to the present invention detects a failure in the functional circuit, the output is temporarily stopped, the circuit configuration data is corrected, the failure is repaired, and the functional circuit executes the suspended process again.
 本発明に係るプログラマブル回路によれば、回路規模の増加を抑制しつつ、可用性を向上させることができる。 The programmable circuit according to the present invention can improve availability while suppressing an increase in circuit scale.
実施形態1に係るプログラマブル回路FPGAの回路構成図である。1 is a circuit configuration diagram of a programmable circuit FPGA according to a first embodiment. プログラマブル回路FPGAが故障を修理する動作の流れを示す図である。It is a figure which shows the flow of operation | movement in which the programmable circuit FPGA repairs a failure. 巡回修理処理SCRPの1サイクルを示す図である。It is a figure which shows 1 cycle of cyclic repair process SCRP. 割込修理処理SIRPの例として、DRAM制御回路FNCDに故障が発生した際の動作を示すタイミングチャートである。7 is a timing chart showing an operation when a failure occurs in a DRAM control circuit FNCD as an example of an interrupt repair process SIRP. DRAMアクセス回路DFNCDの詳細構成図である。It is a detailed block diagram of DRAM access circuit DFNCD. 故障検出回路DGMDにより故障が検出されデータ書き込みが無効化される場合におけるプログラマブル回路FPGAとDRAM間のインタフェース信号のタイミングチャートである。10 is a timing chart of an interface signal between the programmable circuit FPGA and the DRAM when a failure is detected by the failure detection circuit DGMD and data writing is invalidated. 再実行キュー回路(RTQDおよびRTQN)の回路構成図である。It is a circuit block diagram of a re-execution queue circuit (RTQD and RTQN). 故障なく処理要求が実行された場合における再実行キュー回路RTQDの動作を示すタイミングチャートである。It is a timing chart which shows operation | movement of the re-execution queue circuit RTQD when a process request is performed without a failure. 処理要求中に故障が検出された場合における再実行キュー回路RTQDの動作を示すタイミングチャートである。It is a timing chart which shows operation | movement of the re-execution queue circuit RTQD when a failure is detected during a process request. 修理回路RPCの回路構成図である。It is a circuit block diagram of the repair circuit RPC. プログラマブル回路FPGAの回路構成データの配置を示す図である。It is a figure which shows arrangement | positioning of the circuit structure data of the programmable circuit FPGA. 実施形態2におけるDRAMアクセス回路DFNCDの構成図である。10 is a configuration diagram of a DRAM access circuit DFNCD in Embodiment 2. FIG. 故障検出回路DGMDにより故障が検出されない場合におけるプログラマブル回路とDRAMチップ間のインタフェース信号のタイミングチャートである。5 is a timing chart of an interface signal between a programmable circuit and a DRAM chip when a failure is not detected by a failure detection circuit DGMD. 故障検出回路DGMDにより故障が検出される場合におけるプログラマブル回路とDRAMチップ間のインタフェース信号のタイミングチャートである。10 is a timing chart of an interface signal between a programmable circuit and a DRAM chip when a failure is detected by a failure detection circuit DGMD. 実施形態3におけるDRAMアクセス回路DFNCDの構成図である。FIG. 10 is a configuration diagram of a DRAM access circuit DFNCD in a third embodiment.
<実施の形態1>
 図1は、本発明の実施形態1に係るプログラマブル回路FPGAの回路構成図である。プログラマブル回路FPGAは、メモリDRAM、不揮発メモリRMCP、機能チップNWCPと接続されている。メモリDRAMはDRAM(Dynamic Random Access Memory)デバイスである。プログラマブル回路FPGAはメモリDRAMに対してデータを書き込み、またはメモリDRAMからデータを読み取る。不揮発メモリRMCPは、プログラマブル回路FPGAの回路構成を記述した回路構成データやソフトウェアプログラムなどを格納する。機能チップNWCPは、プログラマブル回路FPGAと通信して所定の機能を実施する回路デバイスである。 <Embodiment 1>
FIG. 1 is a circuit configuration diagram of a programmable circuit FPGA according to the first embodiment of the present invention. The programmable circuit FPGA is connected to the memory DRAM, the nonvolatile memory RMCP, and the functional chip NWCP. The memory DRAM is a DRAM (Dynamic Random Access Memory) device. The programmable circuit FPGA writes data to the memory DRAM or reads data from the memory DRAM. The nonvolatile memory RMCP stores circuit configuration data describing a circuit configuration of the programmable circuit FPGA, a software program, and the like. The functional chip NWCP is a circuit device that performs a predetermined function by communicating with the programmable circuit FPGA.
 プログラマブル回路FPGAは、内部の回路に故障が発生するとその故障を検知して自己修理する機能を有する。プログラマブル回路FPGAは、プロセッサ回路TFNCP、DRAMアクセス回路DFNCD、通信回路DFNCN、コンフィギュレーションメモリCRAM、修理回路RPC、再実行キュー回路RTQDおよびRTQN、インタコネクト回路TSFを備える。 The programmable circuit FPGA has a function of detecting a failure and performing self-repair when a failure occurs in an internal circuit. The programmable circuit FPGA includes a processor circuit TFNCP, a DRAM access circuit DFNCD, a communication circuit DFNCN, a configuration memory CRAM, a repair circuit RPC, re-execution queue circuits RTQD and RTQN, and an interconnect circuit TSF.
 プロセッサ回路TFNCPは演算処理を実施する回路であり、3重化されている。DRAMアクセス回路DFNCDは、DRAMに対してアクセスする。通信回路DFNCNは、機能チップNWCPとの間で通信する。コンフィギュレーションメモリCRAMは、プログラマブル回路FPGAの回路構成データを格納する。修理回路RPCは、プログラマブル回路FPGAの故障を修理する。再実行キュー回路RTQDとRTQNはそれぞれ、DRAMアクセス回路DFNCDと通信回路DFNCNが実行中の処理が一時停止した後に再実行するため必要な再実行データを記憶する。インタコネクト回路TSFは、プロセッサ回路TFNCP、DRAMアクセス回路DFNCD、通信回路DFNCNの間を接続する。 The processor circuit TFNCP is a circuit that performs arithmetic processing and is tripled. The DRAM access circuit DFNCD accesses the DRAM. The communication circuit DFNCN communicates with the functional chip NWCP. The configuration memory CRAM stores circuit configuration data of the programmable circuit FPGA. The repair circuit RPC repairs the failure of the programmable circuit FPGA. The re-execution queue circuits RTQD and RTQN store re-execution data necessary for re-execution after the processes being executed by the DRAM access circuit DFNCD and the communication circuit DFNCN are suspended. The interconnect circuit TSF connects the processor circuit TFNCP, the DRAM access circuit DFNCD, and the communication circuit DFNCN.
 プロセッサ回路TFNCPは、3つのプロセッサFNCPを多数決回路によって接続した3重化構成を有する。プロセッサ回路TFNCPは、信号RQMSを介してDRAMや機能チップNWCPに対する処理要求(データリード要求、データライト要求など)を発行し、信号RSMSを介して同アクセス要求に対する応答(リードデータ、処理結果など)を受け取る。 The processor circuit TFNCP has a triple configuration in which three processors FNCP are connected by a majority circuit. The processor circuit TFNCP issues a processing request (data read request, data write request, etc.) to the DRAM or functional chip NWCP via the signal RQMS, and a response (read data, processing result, etc.) to the access request via the signal RSMS. Receive.
 インタコネクト回路TSFは、プロセッサ回路TFNCPから信号RQMSを介して受けた処理要求を、当該処理要求に含まれる宛先アドレスに応じて、DRAMアクセス回路DFNCDまたは通信回路DFNCNに対して転送する。インタコネクト回路TSFは、DRAMアクセス回路DFNCDや通信回路DFNCNから信号RSSSを介して応答(リードデータ、処理結果など)を受け取り、プロセッサ回路TFNCPに対して信号RSMSを介してその応答を転送する。 The interconnect circuit TSF transfers the processing request received from the processor circuit TFNCP via the signal RQMS to the DRAM access circuit DFNCD or the communication circuit DFNCN according to the destination address included in the processing request. The interconnect circuit TSF receives a response (read data, processing result, etc.) from the DRAM access circuit DFNCD and the communication circuit DFNCN via the signal RSSS, and transfers the response to the processor circuit TFNCP via the signal RSMS.
 再実行キュー回路RTQDおよびRTQNは、インタコネクト回路TSFから信号RQSSを介して処理要求を受け取り、内部記憶回路にこれら処理要求を記憶するとともに、信号RQSQSを介してDRAMアクセス回路DFNCDや通信回路DFNCNに対して受け取った処理要求を発行する。内部記憶回路に記憶された処理要求は、信号RCLTSを介して故障なく処理が完了した(インタコネクト回路TSFが処理要求を安全に受け取った)旨の通知をインタコネクト回路TSFから受け取るまで保持される。これにより、DRAMアクセス回路DFNCDや通信回路DFNCNが実行中の処理要求がこれら再実行キュー回路内に保持され、故障発生時に一時停止した処理要求を再発行することが可能となる。 The re-execution queue circuits RTQD and RTQN receive processing requests from the interconnect circuit TSF via the signal RQSS, store these processing requests in the internal storage circuit, and send them to the DRAM access circuit DFNCD and the communication circuit DFNCN via the signal RQSQS. The processing request received is issued. The processing request stored in the internal storage circuit is held until a notification from the interconnect circuit TSF is received via the signal RCLTS that the processing has been completed without failure (the interconnect circuit TSF has safely received the processing request). . As a result, the processing requests being executed by the DRAM access circuit DFNCD and the communication circuit DFNCN are held in these re-execution queue circuits, and it becomes possible to reissue a processing request that has been suspended when a failure occurs.
 DRAMアクセス回路DFNCDは、信号RQSQSを介して受け取ったDRAMに対するデータリード要求やデータライト要求に基づきDRAMを制御し、信号RSSSを介してリードデータなどの応答を出力する。DRAMアクセス回路DFNCDは、DRAM制御回路FNCD、故障検出回路DGMD、マスク回路MSKD、入出力回路FPHDを備える。DRAM制御回路FNCDはDRAMの動作を制御する回路であり、2重化されている。故障検出回路DGMDは、2つのDRAM制御回路の出力信号を比較することにより同回路の故障を検出する。各出力信号が一致しない場合は少なくともいずれかが故障していると判断する。マスク回路MSKDは、故障検出回路DGMDが故障を検出した際にDRAMに対するデータ書込信号をマスクすることにより、データ書込を無効化する。入出力回路FPHDは、DRAMとの間で信号を入出力する。DRAMアクセス回路DFNCDは、故障検出回路DGMDが故障を検出すると、修理回路RPCに対して信号EDTSを介して故障発生を通知する。 The DRAM access circuit DFNCD controls the DRAM based on the data read request and data write request for the DRAM received via the signal RQSQS, and outputs a response such as read data via the signal RSSS. The DRAM access circuit DFNCD includes a DRAM control circuit FNCD, a failure detection circuit DGMD, a mask circuit MSKD, and an input / output circuit FPHD. The DRAM control circuit FNCD is a circuit that controls the operation of the DRAM and is duplicated. The failure detection circuit DGMD detects a failure in the same circuit by comparing the output signals of the two DRAM control circuits. If the output signals do not match, it is determined that at least one of them has failed. The mask circuit MSKD invalidates data writing by masking the data write signal to the DRAM when the failure detection circuit DGMD detects a failure. The input / output circuit FPHD inputs / outputs signals to / from the DRAM. When the failure detection circuit DGMD detects a failure, the DRAM access circuit DFNCD notifies the repair circuit RPC of the occurrence of the failure via the signal EDTS.
 通信回路DFNCNは、信号RQSQSを介して受け取った機能チップNWCPに対するアクセス要求に基づき機能チップNWCPとの間の通信を制御し、信号RSSSを介して機能チップNWCPから取得したデータや処理結果などの応答を出力する。通信回路DFNCNは、通信制御回路FNCN、故障検出回路DGMN、マスク回路MSKN、入出力回路FPHNを備える。通信制御回路FNCNは機能チップNWCPに対する通信を制御する回路であり、2重化されている。故障検出回路DGMNは、2つの通信制御回路FNCNの出力信号を比較することにより同回路の故障を検出する。各出力信号が一致しない場合は少なくともいずれかが故障していると判断する。マスク回路MSKNは、故障検出回路DGMNが故障を検出した際に機能チップNWCPに対する通信データをマスクすることにより、通信を無効化する。入出力回路FPHNは、機能チップNWCPとの間で通信データを送受信する。 The communication circuit DFNCN controls communication with the functional chip NWCP based on the access request for the functional chip NWCP received via the signal RQSQS, and responds to data and processing results obtained from the functional chip NWCP via the signal RSSS. Is output. The communication circuit DFNCN includes a communication control circuit FNCN, a failure detection circuit DGMN, a mask circuit MSKN, and an input / output circuit FPNN. The communication control circuit FNCN is a circuit that controls communication with the function chip NWCP and is duplicated. The failure detection circuit DGMN detects a failure in the same circuit by comparing the output signals of the two communication control circuits FNCN. If the output signals do not match, it is determined that at least one of them has failed. The mask circuit MSKN invalidates communication by masking communication data for the functional chip NWCP when the failure detection circuit DGMN detects a failure. The input / output circuit FPN transmits / receives communication data to / from the functional chip NWCP.
 修理回路RPCは、プログラマブル回路FPGAの回路故障を修理する。ここでいう回路故障とは、放射線ソフトエラーなどの原因でコンフィギュレーションメモリCRAMのビット反転が発生したことにより、プログラマブル回路FPGAの動作が本来の動作とは異なる状態となったことをさす。修理回路RPCは、コンフィギュレーションメモリCRAMが格納している回路構成データを正しく書き換え訂正することにより、上記回路故障を修理する。 The repair circuit RPC repairs the circuit failure of the programmable circuit FPGA. Here, the circuit failure means that the operation of the programmable circuit FPGA is different from the original operation due to the occurrence of bit inversion of the configuration memory CRAM due to a radiation soft error or the like. The repair circuit RPC repairs the circuit failure by correctly rewriting and correcting the circuit configuration data stored in the configuration memory CRAM.
 信号EDTSは、DRAMアクセス回路DFNCDや通信回路DFNCNにおいて故障が発生した旨の通知を受け取るための信号である。信号IRTSは,再実行キュー回路が記憶している処理要求を再発行するよう指示する信号である。信号ISTSは、DRAMアクセス回路DFNCDや通信回路DFNCNに対して、処理要求を受け取る準備をするよう指示する信号である。 The signal EDTS is a signal for receiving a notification that a failure has occurred in the DRAM access circuit DFNCD and the communication circuit DFNCN. The signal IRTS is a signal for instructing to reissue the processing request stored in the re-execution queue circuit. The signal ITS instructs the DRAM access circuit DFNCD and the communication circuit DFNCN to prepare for receiving a processing request.
 コンフィギュレーションメモリCRAMは、プログラマブル回路FPGAの回路構成データを格納するメモリである。図1においてはコンフィギュレーションメモリCRAMを1つのブロックとして記載しているが、実際の回路構成データはチップ内において分散して配置され、全てのプログラマブル回路の回路構成データを格納する。入出力回路FPHDおよびFPHNはプログラマブルではなく、回路構成が固定されており、これら回路についてはソフトエラーによる回路故障は発生しない。その他回路はプログラマブルであり、回路構成データによって回路構成が定義される。 The configuration memory CRAM is a memory that stores circuit configuration data of the programmable circuit FPGA. Although the configuration memory CRAM is described as one block in FIG. 1, the actual circuit configuration data is distributed in the chip and stores the circuit configuration data of all the programmable circuits. The input / output circuits FPHD and FPHN are not programmable and have a fixed circuit configuration, and no circuit failure due to a soft error occurs in these circuits. Other circuits are programmable, and the circuit configuration is defined by circuit configuration data.
 プログラマブル回路FPGAは、通信回路DFNCNを介して外部からデータを受け取り、このデータに対してプロセッサ回路TFNCPがDRAMアクセス回路DFNCDを介してDRAMを用いながら処理を実行し、通信回路DFNCNを介して外部へ処理結果を送信する。 The programmable circuit FPGA receives data from the outside via the communication circuit DFNCN, and the processor circuit TFNCP performs processing on this data using the DRAM via the DRAM access circuit DFNCD, and then passes outside via the communication circuit DFNCN. Send the processing result.
 図2は、プログラマブル回路FPGAが故障を修理する動作の流れを示す図である。修理回路RPCが実施する修理処理は、巡回修理処理SCRPと割込修理処理SIRPに分けられる。巡回修理処理SCRPは、プログラマブル回路全体のコンフィギュレーションメモリCRAMの検査と訂正を実施する処理である。割込修理処理SIRPは、故障検出回路DGMDおよびDGMNにより検出された故障に対して故障した回路部分のコンフィギュレーションメモリCRAMの検査と修理を実施する処理である。修理回路RPCは、割込修理処理SIRPを実施している以外の期間においては、バックグラウンドで巡回修理処理SCRPを実施する。巡回修理処理SCRPにより各機能回路の動作が妨げられることはない。 FIG. 2 is a diagram showing a flow of operations in which the programmable circuit FPGA repairs the failure. The repair process performed by the repair circuit RPC is divided into a cyclic repair process SCRP and an interrupt repair process SIRP. The cyclic repair process SCRP is a process for inspecting and correcting the configuration memory CRAM of the entire programmable circuit. The interrupt repair process SIRP is a process for inspecting and repairing the configuration memory CRAM of the failed circuit part for the failure detected by the failure detection circuits DGMD and DGMN. The repair circuit RPC performs the cyclic repair process SCRP in the background during a period other than when the interrupt repair process SIRP is performed. The operation of each functional circuit is not hindered by the cyclic repair process SCRP.
 故障検出回路DGMDやDGMNが故障を検出すると、修理回路RPCおよび当該故障に関連する各機能回路(詳細は後述)は割込修理処理SIRPを実行する。割込修理処理SIRPにおいては、故障が検出されたメモリアクセス回路DFNCDや通信回路DFNCNはその出力を無効化するよう出力信号を制御する。修理回路RPCは、コンフィギュレーションメモリCRAMのうち故障が検出された回路の構成データを格納している部分を、コンフィギュレーションメモリ修理処理SICCによって修理する。 When the failure detection circuit DGMD or DGMN detects a failure, the repair circuit RPC and each functional circuit related to the failure (details will be described later) execute an interrupt repair process SIRP. In the interrupt repair process SIRP, the memory access circuit DFNCD or the communication circuit DFNCN in which a failure is detected controls the output signal so as to invalidate the output. The repair circuit RPC repairs the part of the configuration memory CRAM that stores the configuration data of the circuit in which the failure is detected by the configuration memory repair process SICC.
 修理回路RPCおよび故障に関連する各機能回路は、動作再開準備処理SISTによって、故障検出時に一時停止した機能回路の動作を再開させるための準備をする。ここでいう準備とは、機能回路の状態を、一時停止した処理を開始する前まで戻すとともに、一時停止した処理を改めて開始し、または再開した処理を受け取ることができる状態にすることである。具体的な処理は機能回路の種別によって異なる。 The functional circuit related to the repair circuit RPC and the failure prepares to resume the operation of the functional circuit that has been temporarily stopped when the failure is detected by the operation resumption preparation process SIST. Preparation here means to return the state of the functional circuit to the state before the suspended processing is started, and to start the suspended processing again or to receive the resumed processing. Specific processing differs depending on the type of functional circuit.
 修理回路RPCは、再実行処理SIRTにより、故障が発生した回路の再実行キュー回路に対して故障発生時に一時停止した処理を改めて実行するよう要求する。故障が発生した回路はその要求を受けて一時停止した処理を改めて実行する。 The repair circuit RPC requests the re-execution queue circuit of the circuit in which the failure has occurred to re-execute the process that was temporarily stopped when the failure occurred by the re-execution processing SIRT. In response to the request, the circuit in which the failure has occurred executes the suspended process again.
 これら一連の割込修理処理SCRPが完了すると、修理回路RPCは巡回修理動作SCRPに戻り、機能回路も通常動作に復帰する。 When the series of interrupt repair processing SCRP is completed, the repair circuit RPC returns to the cyclic repair operation SCRP, and the functional circuit also returns to the normal operation.
 図3は、巡回修理処理SCRPの1サイクルを示す図である。巡回修理処理SCRPにおいては、修理回路RPCはあらかじめ決めておいた順序で、コンフィギュレーションメモリCRAM内に格納された回路構成データを検査および修理する。1例として、プロセッサ回路TFNCP、インタコネクト回路TSF、再実行キュー回路RTQDとRTQN、メモリアクセス回路用の故障検出回路DGMDとマスク回路MSKD、通信回路用の故障検出回路DGMNとマスク回路MSKN、修理回路RPC、2つのDRAM制御回路FNCD、2つの通信制御回路FNCN、故障検出回路DGMDとマスク回路MSKD、故障検出回路DGMNとマスク回路MSKN、修理回路RPCの順序でコンフィギュレーションメモリCRAMの検査と訂正を実施する。故障検出回路DGMDとマスク回路MSKD、故障検出回路DGMNとマスク回路MSKN、修理回路RPCが複数回含まれるのは、これらが故障検出および修理を実施する回路であり、特に故障率を下げたいからである。また、これらの回路は一般的に小規模で全体の検査修理時間に大きな影響を及ぼさないこともその理由である。巡回修理処理SCRPにより、プログラマブル回路FPGAに発生した潜在故障を、故障が処理結果に影響を与える前に修理し、故障発生率を低減することができる。 FIG. 3 is a diagram showing one cycle of the cyclic repair process SCRP. In the cyclic repair process SCRP, the repair circuit RPC inspects and repairs the circuit configuration data stored in the configuration memory CRAM in a predetermined order. As an example, a processor circuit TFNCP, an interconnect circuit TSF, a re-execution queue circuit RTQD and RTQN, a failure detection circuit DGMD and a mask circuit MSKD for a memory access circuit, a failure detection circuit DGMN and a mask circuit MSKN for a communication circuit, a repair circuit The configuration memory CRAM is inspected and corrected in the order of RPC, two DRAM control circuits FNCD, two communication control circuits FNCN, failure detection circuit DGMD and mask circuit MSKD, failure detection circuit DGMN and mask circuit MSKN, and repair circuit RPC. To do. The failure detection circuit DGMD, the mask circuit MSKD, the failure detection circuit DGMN, the mask circuit MSKN, and the repair circuit RPC are included a plurality of times because these are circuits that perform failure detection and repair, especially for reducing the failure rate. is there. The reason is that these circuits are generally small and do not greatly affect the overall inspection and repair time. By the cyclic repair process SCRP, a potential failure that has occurred in the programmable circuit FPGA can be repaired before the failure affects the processing result, and the failure occurrence rate can be reduced.
 図4は、割込修理処理SIRPの例として、DRAM制御回路FNCDに故障が発生した際の動作を示すタイミングチャートである。クロック信号CLKはクロックサイクルを示す信号であり、ここではサイクルC1~C19における各回路の動作を示す。 FIG. 4 is a timing chart showing an operation when a failure occurs in the DRAM control circuit FNCD as an example of the interrupt repair processing SIRP. The clock signal CLK is a signal indicating a clock cycle, and here shows the operation of each circuit in cycles C1 to C19.
 サイクルC1~C2においては故障が検出されていないため、プロセッサ回路TFNCPやDRAMアクセス回路DFNCDなどの機能回路は通常動作SUOPを実施し、修理回路RPCは巡回修理動作SCRPを実施する。 Since no failure is detected in cycles C1 and C2, the functional circuits such as the processor circuit TFNCP and the DRAM access circuit DFNCD perform the normal operation SUOP, and the repair circuit RPC performs the cyclic repair operation SCRP.
 サイクルC3において故障検出回路DGMDが故障を検出し、DRAM制御回路FNCD、入出力回路FPHD、マスク回路MSKD、および修理回路RPCに対して故障検出を通知する。 In cycle C3, the failure detection circuit DGMD detects a failure, and notifies the DRAM control circuit FNCD, the input / output circuit FPHD, the mask circuit MSKD, and the repair circuit RPC of the failure detection.
 サイクルC4において、この故障検出通知をうけて、マスク回路MSKDはDRAMに対するデータ書き込みを無効化するよう動作し(SMSK)、DRAM制御回路FNCDと入出力回路FPHDはDRAMに対する新たなアクセスを停止するよう動作し(SSTP)、修理回路RPCはDRAMアクセス回路DFNCDに対するコンフィギュレーションメモリ修理処理(SICC)を開始する。以後C11においてDRAMアクセス回路DFNCDに対応するコンフィギュレーションメモリCRAMの検査と訂正が完了するまでこの状態が継続される(C5~C11)。 In cycle C4, upon receiving this failure detection notification, the mask circuit MSKD operates to invalidate data writing to the DRAM (SMSK), and the DRAM control circuit FNCD and the input / output circuit FPHD stop new access to the DRAM. In operation (SSTP), the repair circuit RPC starts a configuration memory repair process (SICC) for the DRAM access circuit DFNCD. Thereafter, this state is continued until the inspection and correction of the configuration memory CRAM corresponding to the DRAM access circuit DFNCD are completed in C11 (C5 to C11).
 サイクルC12~C14において、修理回路RPCとDRAMアクセス回路DFNCDは動作再開準備処理SISTを実施する。この期間において、DRAM制御回路FNCDと入出力回路FPHDは、自身の回路状態を初期化した後に、DRAMの動作を再開できるようにするためDRAMの状態をIDLEにするようにDRAMに対してコマンドを発行する。修理回路RPCはDRAMアクセス回路DFNCDの動作再開準備処理SISTが完了するのを待つ。 In cycles C12 to C14, the repair circuit RPC and the DRAM access circuit DFNCD perform the operation resumption preparation process SIST. During this period, the DRAM control circuit FNCD and the input / output circuit FPHD send a command to the DRAM to set the DRAM state to IDLE so that the DRAM operation can be resumed after initializing its circuit state. Issue. The repair circuit RPC waits for completion of the operation resumption preparation process SIST of the DRAM access circuit DFNCD.
 動作再開準備処理SISTが完了すると、サイクルC15=C16において、修理回路RPCは再実行キュー回路RTQDに対して未完了の処理要求を再発行するよう要求し(SIRT)、再実行キュー回路RTQDはその要求を受けて一時停止している処理要求を再発行する。動作再開準備処理SISTが完了したDRAMアクセス回路DFNCDは、サイクルC15から通常動作SUOPに戻る。 When the operation resumption preparation process SIST is completed, in cycle C15 = C16, the repair circuit RPC requests the re-execution queue circuit RTQD to reissue an incomplete processing request (SIRT), and the re-execution queue circuit RTQD Reissue a processing request that has been paused in response to the request. The DRAM access circuit DFNCD that has completed the operation resumption preparation process SIST returns from the cycle C15 to the normal operation SUOP.
 再実行要求が完了すると、サイクルC17において修理回路RPCは巡回修理処理SCRPに戻り、再実行キュー回路RTQDも通常状態に戻る。 When the re-execution request is completed, the repair circuit RPC returns to the cyclic repair process SCRP in cycle C17, and the re-execution queue circuit RTQD also returns to the normal state.
 故障が発生していないプロセッサ回路TFNCPや通信回路DFNCNは、DRAMアクセス回路DFNCDが修理されている間も通常動作SUOPを継続する。 The processor circuit TFNCP and the communication circuit DFNCN in which no failure has occurred continue the normal operation SUOP while the DRAM access circuit DFNCD is being repaired.
 図5は、DRAMアクセス回路DFNCDの詳細構成図である。以下図5を用いてDRAMアクセス回路DFNCDの内部動作について説明する。 FIG. 5 is a detailed configuration diagram of the DRAM access circuit DFNCD. Hereinafter, the internal operation of the DRAM access circuit DFNCD will be described with reference to FIG.
 故障検出回路DGMDは、2つのDRAM制御回路FNCDの出力信号と内部状態を比較することにより故障を検出する。信号CADSは、DRAMアクセスのためのコマンドとアドレスを含む。信号WDTSは、DRAMに対するライトデータ信号である。信号MSKSは、DRAMに対するライトデータをマスクする信号である。信号RSSSは、インタコネクト回路TSFに対する応答信号である。信号INSSは、DRAM制御回路FNCDの内部信号である。ライトデータマスク信号MSKSを1にセットすることによりDRAMに対するデータ書き込みは無効化され、故障発生時においてDRAMに対して誤ったデータが書き込まれることを防止できる。 The failure detection circuit DGMD detects a failure by comparing the output signals of the two DRAM control circuits FNCD and the internal state. Signal CADS includes a command and an address for DRAM access. The signal WDTS is a write data signal for the DRAM. The signal MSKS is a signal for masking write data for the DRAM. The signal RSSS is a response signal for the interconnect circuit TSF. The signal INSS is an internal signal of the DRAM control circuit FNCD. By setting the write data mask signal MSKS to 1, data writing to the DRAM is invalidated, and erroneous data can be prevented from being written to the DRAM when a failure occurs.
 比較回路CMPは、DRAM制御回路FNCDの出力信号や内部状態を比較することにより故障を検出する。回路FDTは、比較回路CMPが検出した故障を修理回路RPCとマスク回路MSKDに通知する機能と、マスク回路MSKD内の故障を修理回路RPCに通知する機能を持つ。信号EDTSは、修理回路RPCに故障を通知するための信号である。信号FMSKSは、比較回路CMPが検出した故障をマスク回路MSKDに通知する信号である。信号ERMSは、マスク回路MSKD内の故障を故障検出回路DGMDに通知する信号である。 The comparison circuit CMP detects a failure by comparing the output signal and internal state of the DRAM control circuit FNCD. The circuit FDT has a function of notifying the repair circuit RPC and the mask circuit MSKD of a failure detected by the comparison circuit CMP and a function of notifying the repair circuit RPC of a failure in the mask circuit MSKD. The signal EDTS is a signal for notifying the repair circuit RPC of a failure. The signal FMSKS is a signal for notifying the mask circuit MSKD of the failure detected by the comparison circuit CMP. The signal ERMS is a signal for notifying the failure detection circuit DGMD of a failure in the mask circuit MSKD.
 マスク回路MSKDは、故障検出時にライトデータマスク信号MSKSを強制的に1にすることにより、DRAMに対するデータ書き込みを無効化する。回路MSKFは、信号FMSKSを介して故障検出回路DGMDから故障検出通知を受け取ると、信号FMSKSによらずライトデータマスク信号MSKSを強制的に1にする。この強制マスクの状態は動作再開準備処理SISTが始まるまで継続される。回路DIGは、回路MSKFのマスク機能を診断する回路であり、故障が検出されたときは、信号ERMSを介して故障検出回路DGMDにその旨を伝える。これにより割込修理処理SIRPが開始される。 The mask circuit MSKD invalidates data writing to the DRAM by forcibly setting the write data mask signal MSKS to 1 when a failure is detected. When the circuit MSSKF receives the failure detection notification from the failure detection circuit DGMD via the signal FMSKS, the circuit MSSKF forcibly sets the write data mask signal MSKS to 1 regardless of the signal FMSKS. This forced masking state continues until the operation resumption preparation process SIST starts. The circuit DIG is a circuit for diagnosing the mask function of the circuit MSKF. When a failure is detected, the circuit DIG notifies the failure detection circuit DGMD via the signal ERMS. Thereby, the interrupt repair process SIRP is started.
 図6は、故障検出回路DGMDにより故障が検出されデータ書き込みが無効化される場合におけるプログラマブル回路FPGAとDRAM間のインタフェース信号のタイミングチャートである。信号DCKはクロック信号であり、信号DCMDはRASやCASなどのコマンドを含む信号であり、信号DADRはアドレス信号であり、信号DDTはライトデータやリードデータなどのデータ信号であり、信号DDMはライトデータを無効化するデータマスク信号である。 FIG. 6 is a timing chart of interface signals between the programmable circuit FPGA and the DRAM when a failure is detected by the failure detection circuit DGMD and data writing is invalidated. The signal DCK is a clock signal, the signal DCMD is a signal including a command such as RAS or CAS, the signal DADR is an address signal, the signal DDT is a data signal such as write data or read data, and the signal DDM is a write signal This is a data mask signal for invalidating data.
 図6は、アドレス信号DADRの値にエラーが発生した場合を示している。クロック立ち上りエッジP2の時点でアドレス信号DADRの値が不正となるが、データ信号DDTが有効となるクロックエッジP6、N6、P7、N7の前にデータマスク信号DDMの全ビットを1とすることによりデータ書き込みを無効化している。 FIG. 6 shows a case where an error has occurred in the value of the address signal DADR. Although the value of the address signal DADR becomes invalid at the time of the clock rising edge P2, all the bits of the data mask signal DDM are set to 1 before the clock edges P6, N6, P7, and N7 where the data signal DDT becomes valid. Data writing is disabled.
 図6においては、クロックエッジP3以降のサイクルで強制的にライトデータがマスクされており、信号DDMの値がFMSKの箇所がこれを示す。この機能により、DRAM上の間違ったアドレスに対してデータを書き込むことを防ぎ、プログラマブル回路FPGAが故障した際にもDRAM内のデータを保護することができる。ライトデータをマスクしない従来技術においては、プログラマブル回路FPGAが故障するとDRAMが格納している値が破壊され、回路を修理してデータ書き込みを再実行したとしてももはや故障を隠蔽することができないが、本実施形態1のマスク機能によればプログラマブル回路FPGAが故障したとしてもその故障が修理されるまでDRAMに対して誤ったデータ書き込みが実施されないので、結果として故障発生を隠蔽してプログラマブル回路FPGAの可用性を高めることができる。 In FIG. 6, the write data is forcibly masked in the cycle after the clock edge P3, and the portion where the value of the signal DDM is FMSK indicates this. With this function, data can be prevented from being written to an incorrect address in the DRAM, and data in the DRAM can be protected even when the programmable circuit FPGA fails. In the prior art that does not mask the write data, if the programmable circuit FPGA fails, the value stored in the DRAM is destroyed, and even if the circuit is repaired and data writing is performed again, the failure can no longer be concealed. According to the mask function of the first embodiment, even if the programmable circuit FPGA fails, the erroneous data writing is not performed on the DRAM until the failure is repaired. As a result, the occurrence of the failure is concealed and the programmable circuit FPGA is hidden. Availability can be increased.
 図7は、再実行キュー回路(RTQDおよびRTQN)の回路構成図である。再実行キュー回路は、3重化されたキュー回路QCBと多数決回路VTRを備える。前段の回路VTRはインタコネクト回路TSFから3重で入力された処理要求信号RQSS信号を多数決処理し、多数決後の信号RQSVSがキュー回路QCBに入力される。後段の回路VTRはキュー回路QCBの出力QOUTSを多数決処理して出力する。再実行キュー回路は、信号RCLTSを介して処理完了が通知されるまで処理要求を保持し、これにより処理要求を再発行することができる。 FIG. 7 is a circuit configuration diagram of the re-execution queue circuit (RTQD and RTQN). The re-execution queue circuit includes a triple queue circuit QCB and a majority circuit VTR. The circuit VTR in the previous stage performs majority processing on the processing request signal RQSS signal input in triplicate from the interconnect circuit TSF, and the signal RQSVS after the majority determination is input to the queue circuit QCB. The succeeding circuit VTR performs majority processing on the output QOUTS of the queue circuit QCB and outputs it. The re-execution queue circuit holds the processing request until the processing completion is notified via the signal RCLTS, and can thereby re-issue the processing request.
 各キュー回路QCBは、キューエレメント回路QEM、キュー制御回路QCTR、出力セレクタ回路OTSを備える。各キューエレメント回路QEMは、1つの処理要求を記憶する。出力セレクタ回路OTSは、複数のキューエレメント回路QEMから処理要求を選択して出力する。 Each queue circuit QCB includes a queue element circuit QEM, a queue control circuit QCTR, and an output selector circuit OTS. Each queue element circuit QEM stores one processing request. The output selector circuit OTS selects and outputs a processing request from the plurality of queue element circuits QEM.
 キューエレメント回路QEMは、処理要求データとして、VLD、処理番号PID、処理要求コマンドCMD、処理要求先アドレスADR、データWDT、処理要求発行元番号SRCを格納する。VLDは、キューエレメント回路QEMが有効な処理要求を記憶しているか否かを示す。処理番号PIDは、処理要求を判別するための番号である。処理要求コマンドCMDは、リードやライトなどのコマンドである。処理要求発行元番号SRCは例えばプロセッサ回路FNCPの番号である。 The queue element circuit QEM stores VLD, process number PID, process request command CMD, process request destination address ADR, data WDT, and process request issue source number SRC as process request data. VLD indicates whether or not the queue element circuit QEM stores a valid processing request. The process number PID is a number for determining a process request. The processing request command CMD is a command such as read or write. The processing request issuer number SRC is, for example, the number of the processor circuit FNCP.
 キュー制御回路QCTRは、各キューエレメント回路QEMへ入力された処理要求を記憶し、記憶されている処理要求を削除するよう指示し、出力セレクタ回路OTSに対して出力データの選択を指示する。信号QSTSは信号RQSVSを介して入力された処理要求をキューエレメント回路に記憶することを指示するための信号である。信号QCLSは、キューエレメント回路QEMに記憶された処理要求をクリアするための信号である。キュー制御回路QCTRは、信号RCLTSを介した処理完了通知を受けると信号QCLSを生成する。信号QSELSは、出力セレクタ回路OTSに対して出力データの選択を指示する信号である。 The queue control circuit QCTR stores the processing requests input to the respective queue element circuits QEM, instructs to delete the stored processing requests, and instructs the output selector circuit OTS to select output data. The signal QSTS is a signal for instructing to store the processing request input via the signal RQSVS in the queue element circuit. The signal QCLS is a signal for clearing the processing request stored in the queue element circuit QEM. The queue control circuit QCTR generates the signal QCLS upon receiving a processing completion notification via the signal RCLTS. The signal QSELS is a signal that instructs the output selector circuit OTS to select output data.
 再実行キュー回路が多重化されているのは、再実行キュー回路が保持する処理要求が放射線により破壊され再実行時に異なる処理要求が発行される、あるいは処理要求が発行されないなどのような、再実行キュー回路自体の故障を防ぐためである。 The re-execution queue circuit is multiplexed because the processing request held by the re-execution queue circuit is destroyed by radiation and a different processing request is issued at the time of re-execution, or a processing request is not issued. This is to prevent a failure of the execution queue circuit itself.
 図8は、故障なく処理要求が実行された場合における再実行キュー回路RTQDの動作を示すタイミングチャートである。サイクルC3において、プロセッサ回路TFNCPからの処理要求RQ1が処理要求信号RQSSを介して再実行キュー回路RTQDに入力される。これを受けてキューエレメントの1つであるQEM1に対して、処理要求記憶指示信号QSTSに1がアサートされ、次のサイクルC4においてキューエレメントQEM1に処理要求RQ1が記憶される。サイクルC4において、再実行キュー回路RTQDは信号RQSQSを介してDRAMアクセス回路DFNCDに処理要求RQ1を出力する。 FIG. 8 is a timing chart showing the operation of the re-execution queue circuit RTQD when a processing request is executed without a failure. In the cycle C3, the processing request RQ1 from the processor circuit TFNCP is input to the re-execution queue circuit RTQD via the processing request signal RQSS. In response to this, 1 is asserted to the processing request storage instruction signal QSTS for QEM1, which is one of the queue elements, and the processing request RQ1 is stored in the queue element QEM1 in the next cycle C4. In cycle C4, the re-execution queue circuit RTQD outputs a processing request RQ1 to the DRAM access circuit DFNCD via the signal RQSQS.
 サイクルC5~C10において、DRAMアクセス回路DFNCDは、処理要求に対する処理を実施し、サイクルC11において信号RSSSを介して処理要求RQ1に対する応答RS1をインタコネクト回路TSFに返す。 In cycles C5 to C10, the DRAM access circuit DFNCD performs processing for the processing request, and returns a response RS1 to the processing request RQ1 to the interconnect circuit TSF via the signal RSSS in cycle C11.
 サイクルC12において、応答RS1に対して情報クリア指示信号QCLSに1がアサートされ、この情報クリア指示信号を受けてサイクルC13においてキューエレメントQEM1は記憶されていたRQ1を削除する。符号INVLDはこのキュー内に有効な処理要求がないことを示す。以上のように、再実行キュー回路RTQDは、故障なく処理が完了するまで処理要求を記憶する。 In cycle C12, 1 is asserted to the information clear instruction signal QCLS in response to the response RS1, and in response to the information clear instruction signal, the queue element QEM1 deletes the stored RQ1. The symbol INVLD indicates that there is no valid processing request in this queue. As described above, the re-execution queue circuit RTQD stores the processing request until the processing is completed without a failure.
 図9は、処理要求中に故障が検出された場合における再実行キュー回路RTQDの動作を示すタイミングチャートである。図8と同様に、サイクルC3においてプロセッサ回路TFNCPから処理要求RQ1が処理要求信号RQSSを介して再実行キュー回路RTQDに入力され、サイクルC4において再実行キュー回路RTQDはキューエレメントQEM1に処理要求RQ1を記憶し、信号RQSQSを介して後段のDRAMアクセス回路DFNCDに処理要求RQ1を出力する。 FIG. 9 is a timing chart showing the operation of the re-execution queue circuit RTQD when a failure is detected during the processing request. Similarly to FIG. 8, in cycle C3, the processing request RQ1 is input from the processor circuit TFNCP to the re-execution queue circuit RRQD via the processing request signal RQSS, and in cycle C4, the re-execution queue circuit RTQD sends the processing request RQ1 to the queue element QEM1. The processing request RQ1 is output to the subsequent DRAM access circuit DFNCD via the signal QSQS.
 図9において、DRAMアクセス回路DFNCDからRQ1に対する応答が得られる前に、DRAMアクセス回路DFNCDに故障が発生する。故障が検出されたDRAMアクセス回路DFNCDは、RQ1に対する応答を返信せずサイクルC7において故障検出通知信号EDTSを介して修理回路RPCに故障発生を通知する。これをうけた修理回路RPCは、サイクルC8からDRAMアクセス回路DFNCDのコンフィギュレーションメモリCRAMに対する修理処理SICCを開始する。修理処理SICCが完了するとサイクルC12において修理回路RPCは動作再開準備処理SISTに遷移し、信号ISTSを介してDRAMアクセス回路DFNCDに動作再開準備を指示する。 In FIG. 9, before the response to RQ1 is obtained from the DRAM access circuit DFNCD, a failure occurs in the DRAM access circuit DFNCD. The DRAM access circuit DFNCD in which the failure is detected does not return a response to RQ1, and notifies the repair circuit RPC of the occurrence of the failure via the failure detection notification signal EDTS in cycle C7. Upon receiving this, the repair circuit RPC starts repair processing SICC for the configuration memory CRAM of the DRAM access circuit DFNCD from cycle C8. When the repair process SICC is completed, the repair circuit RPC transits to the operation resumption preparation process SIST in cycle C12, and instructs the DRAM access circuit DFNCD to prepare for the operation resumption via the signal ITS.
 動作再開準備が完了した後のサイクルC14において、修理回路RPCは信号IRTSを介して再実行キューRTQDに処理要求を再発行するよう指示する。これを受けた再実行キュー回路RTQDは、サイクルC15において、完了せずにキューエレメントQEM1に記憶されている処理要求RQ1を、信号RQSQSを介してDRAMアクセス回路DFNCDに出力する。 In cycle C14 after the preparation for resuming the operation is completed, the repair circuit RPC instructs the re-execution queue RTQD to reissue the processing request via the signal IRTS. Re-execution queue circuit RTQD that has received this, in cycle C15, outputs processing request RQ1 stored in queue element QEM1 to DRAM access circuit DFNCD via signal RQSQS without being completed.
 サイクルC16~C18において、DRAMアクセス回路DFNCDは、処理要求に対する処理を実施し、サイクルC19において信号RSSSを介してRQ1に対する応答RS1をインタコネクト回路TSFに返す。サイクルC20において応答RS1に対して情報クリア指示信号QCLSに1がアサートされ、この情報クリア指示信号QCLSを受けてサイクルC21においてキューエレメントQEM1は記憶しているRQ1を削除する。符号INVLDはキューエレメントQEM1内に有効な処理要求がないことを示す。 In cycles C16 to C18, the DRAM access circuit DFNCD performs processing for the processing request, and returns a response RS1 to RQ1 to the interconnect circuit TSF via the signal RSSS in cycle C19. In cycle C20, 1 is asserted to the information clear instruction signal QCLS in response to the response RS1, and in response to the information clear instruction signal QCLS, the queue element QEM1 deletes the stored RQ1. The symbol INVLD indicates that there is no valid processing request in the queue element QEM1.
 以上のように、再実行キュー回路RTQDは、故障なく処理が完了するまで処理要求を記憶し、処理途中で故障が発生した場合には処理要求の再発行指示をうけて処理要求を再発行することができる。これによって故障が発生した回路は、コンフィギュレーションメモリCRAMが修理された後すぐに、故障により失敗した処理を再開することができる。 As described above, the re-execution queue circuit RTQD stores a processing request until the processing is completed without a failure, and when a failure occurs during the processing, the processing request is reissued and a processing request is reissued. be able to. As a result, the circuit in which the failure has occurred can restart the processing that has failed due to the failure immediately after the configuration memory CRAM is repaired.
 図10は、修理回路RPCの回路構成図である。修理回路RPCは、修理動作制御回路RPCTRL、テーブルSTBL、エラー検査訂正回路CAC、コンフィギュレーションメモリアクセス回路RACCを備える。テーブルSTBLは、信号EDTSを介して入力された故障検出通知に対してコンフィギュレーションメモリCRAMの修正する部分を記述したテーブルである。エラー検査訂正回路CACは、修理動作制御回路RPCTRLにより指定されたコンフィギュレーションメモリ領域の検査と訂正を実施する。コンフィギュレーションメモリアクセス回路RACCは、エラー検査訂正回路CACからの指定に基づきコンフィギュレーションメモリCRAMに対してデータ読出またはデータ書込を実施する。 FIG. 10 is a circuit configuration diagram of the repair circuit RPC. The repair circuit RPC includes a repair operation control circuit RPCTRL, a table STBL, an error check correction circuit CAC, and a configuration memory access circuit RACC. The table STBL is a table describing a part to be corrected in the configuration memory CRAM with respect to the failure detection notification input via the signal EDTS. The error inspection / correction circuit CAC inspects and corrects the configuration memory area designated by the repair operation control circuit RPCTRL. The configuration memory access circuit RACC reads data from or writes data to the configuration memory CRAM based on the designation from the error check correction circuit CAC.
 コンフィギュレーションメモリCRAMは、プログラマブル回路FPGAの回路構成データCFGI、回路構成データCFGIに対するエラー検出訂正コードECCIを格納している。エラー検出訂正コードECCIの例としては、ECC(Error Check and Correct)コードがある。 The configuration memory CRAM stores circuit configuration data CFGI of the programmable circuit FPGA and error detection and correction codes ECCI for the circuit configuration data CFGI. An example of the error detection and correction code ECCI is an ECC (Error Check and Correct) code.
 修理動作制御回路RPCTRLは、信号EDTSを介してDRAMアクセス回路DFNCDや通信回路DFNCNから故障通知を受け、テーブルSTBLを参照することにより検査訂正を実施すべきコンフィギュレーションメモリCRAM上の領域を決定し、エラー検査訂正回路CACにその領域を指示する。 The repair operation control circuit RPCTRL receives a failure notification from the DRAM access circuit DFNCD or the communication circuit DFNCN via the signal EDTS, and determines an area on the configuration memory CRAM to be inspected and corrected by referring to the table STBL. The error inspection / correction circuit CAC is instructed of the area.
 エラー検査訂正回路CACは、コンフィギュレーションメモリアクセス回路RACCを介してコンフィギュレーションメモリCRAMから回路構成データCFGIとエラー検出訂正コードECCIを読出し、読み出したエラー検出訂正コードECCIを利用して回路構成データCFGIの内容が放射線などの影響により破壊されていないかどうか(ビット反転が発生していないかどうか)を検査する。検査の結果、情報が破壊されておらず正しい場合は、指定されたコンフィギュレーションメモリCRAM領域内の次のアドレスのデータを読み出し同様に検査を継続する。検査の結果破壊(データのビット反転)が発生していた場合、エラー検出訂正コードECCIを用いて正しい値を求め、その値をコンフィギュレーションメモリCRAMに書き込むことにより、回路構成データCFGIを訂正する。別の訂正方法としては、正しい回路構成データCFGIを不揮発メモリRMCPから読み出しその値をコンフィギュレーションメモリCRAMに書き込むこともできる。エラー検査訂正回路CACは、以上の検査訂正を、修理動作制御回路RPCTRLから指定された領域に対して実行する。 The error check correction circuit CAC reads the circuit configuration data CFGI and the error detection correction code ECCI from the configuration memory CRAM via the configuration memory access circuit RACC, and uses the read error detection correction code ECCI to read the circuit configuration data CFGI. Inspect whether the contents are destroyed by the influence of radiation or the like (bit inversion has not occurred). As a result of the inspection, if the information is not destroyed and is correct, the data at the next address in the designated configuration memory CRAM area is read and the inspection is continued in the same manner. When destruction (bit inversion of data) has occurred as a result of the inspection, the circuit configuration data CFGI is corrected by obtaining a correct value using the error detection and correction code ECCI and writing the value in the configuration memory CRAM. As another correction method, correct circuit configuration data CFGI can be read from the nonvolatile memory RMCP and the value can be written to the configuration memory CRAM. The error inspection correction circuit CAC performs the above inspection correction on the area designated by the repair operation control circuit RPCTRL.
 図11は、プログラマブル回路FPGAの回路構成データの配置を示す図である。コンフィギュレーションメモリCRAMは、プログラマブル回路FPGA全体に分散配置されている。各回路ブロックに対応する回路構成データは、この分散配置されたコンフィギュレーションメモリCRAMにブロック毎に分割配置される。領域ATFNCPにはプロセッサ回路TFNCPが実装され、領域ADFNCDにはDRAMアクセス回路DFNCDと再実行キュー回路RTQDが実装され、領域ADFNCNには通信回路DFNCNと再実行キュー回路RTQNが実装され、領域ATSFにはインタコネクト回路TSFが実装され、領域ARPCには修理回路RPCが実装される。 FIG. 11 is a diagram showing an arrangement of circuit configuration data of the programmable circuit FPGA. The configuration memory CRAM is distributed over the entire programmable circuit FPGA. The circuit configuration data corresponding to each circuit block is divided and arranged for each block in the distributed configuration memory CRAM. A processor circuit TFNCP is mounted in the region AFNNCP, a DRAM access circuit DFNCD and a re-execution queue circuit RTQD are mounted in the region ADFNCD, a communication circuit DFNCN and a re-execution queue circuit RTQN are mounted in the region ADFNCN, and a region ATSF is mounted in the region ATSF An interconnect circuit TSF is mounted, and a repair circuit RPC is mounted in the area ARPC.
 このように回路ブロック毎に領域を決めて回路構成データを分割配置することにより、故障が発生した回路の修理を短時間で実行することができる。例えば、DRAMアクセス回路DFNCDに故障が発生し、DRAM故障検出回路DGMDにより故障が検出された場合には、修理回路RPCが領域ADFNCDのみを修理すればよい。これによりデバイス全体を修理する場合と比べて修理に要する時間を短縮できる。 As described above, by determining the area for each circuit block and dividing and arranging the circuit configuration data, it is possible to repair the circuit in which the failure has occurred in a short time. For example, when a failure occurs in the DRAM access circuit DFNCD and the failure is detected by the DRAM failure detection circuit DGMD, the repair circuit RPC only needs to repair the area ADFNCD. As a result, the time required for repair can be shortened compared with the case where the entire device is repaired.
<実施の形態1:まとめ>
 以上のように、本実施形態1に係るプログラマブル回路FPGAにおいて、DRAMアクセス回路DFNCDや通信回路DFNCNは、故障診断回路が故障を検出した際にプログラマブル回路FPGAに接続された別のデバイスに対する出力を無効化するよう出力信号値を制御する。これにより、プログラマブル回路FPGAが故障した際にも他のデバイスのデータ破壊や誤動作を防ぐことができる。仮に、プログラマブル回路FPGAに接続されている他デバイス(例えばDRAM)のデータが破壊されると、当該デバイスを使用する装置の動作再開や継続のためには、破壊されたデータを修復することが必要となる。そのため動作再開までの時間が長くなったり、また動作継続が不可能になったりする可能性がある。プログラマブル回路FPGAに故障が発生した際に処理を一時停止するとともに出力を無効化することにより、プログラマブル回路FPGAおよびこれに接続された装置の可用性を向上させることができる。 <Embodiment 1: Summary>
As described above, in the programmable circuit FPGA according to the first embodiment, the DRAM access circuit DFNCD and the communication circuit DFNCN invalidate the output to another device connected to the programmable circuit FPGA when the failure diagnosis circuit detects a failure. The output signal value is controlled so that Thereby, even when the programmable circuit FPGA fails, data destruction and malfunction of other devices can be prevented. If the data of another device (for example, DRAM) connected to the programmable circuit FPGA is destroyed, it is necessary to restore the destroyed data in order to resume or continue the operation of the apparatus using the device. It becomes. For this reason, there is a possibility that the time until the operation restarts becomes long, or the operation cannot be continued. When the failure occurs in the programmable circuit FPGA, the processing is temporarily stopped and the output is invalidated, whereby the availability of the programmable circuit FPGA and the device connected thereto can be improved.
 回路構成を多重化することによりプログラマブル回路FPGAの可用性を向上させようとする場合、プログラマブル回路FPGAを含むデバイスの端子数をその分だけ増やす必要があるが、これはコスト増につながるので現実的には端子数は限定される。本実施形態1に係るプログラマブル回路FPGAは、多重化の個数を抑えることにより端子数増加を抑えることができるので、コスト面においても有効である。 In order to improve the availability of the programmable circuit FPGA by multiplexing the circuit configuration, it is necessary to increase the number of terminals of the device including the programmable circuit FPGA by that amount. The number of terminals is limited. Since the programmable circuit FPGA according to the first embodiment can suppress the increase in the number of terminals by suppressing the number of multiplexing, it is also effective in terms of cost.
<実施の形態2>
 本発明の実施形態2では、DRAMアクセス回路DFNCDの別構成例について説明する。実施形態1においては、DRAMアクセス回路DFNCDは、DRAMに対するライトデータマスク信号MSKSを強制的に1にすることによりDRAMに対するデータ書込を無効化することを説明した。本実施形態2においてはDRAMに対するデータ書込コマンドをDRAMに対してデータ書込しないその他コマンドへ変換することにより、DRAMに対するデータ書込を無効化する。 <Embodiment 2>
In the second embodiment of the present invention, another configuration example of the DRAM access circuit DFNCD will be described. In the first embodiment, it has been described that the DRAM access circuit DFNCD invalidates data writing to the DRAM by forcibly setting the write data mask signal MSKS to 1 for the DRAM. In the second embodiment, the data write command for the DRAM is invalidated by converting the data write command for the DRAM into another command that does not write data to the DRAM.
 図12は、本実施形態2におけるDRAMアクセス回路DFNCDの構成図である。故障検出回路DGMDは、実施形態1と同様に、2つのDRAM制御回路FNCDの出力信号と内部状態を比較することにより故障を検出する。故障検出回路DGMDは故障を検出すると、DRAMアクセス回路DFNCDの故障を、コマンド無効化信号NOPSを介してコマンド無効化回路NOPDに通知する。 FIG. 12 is a configuration diagram of the DRAM access circuit DFNCD in the second embodiment. As in the first embodiment, the failure detection circuit DGMD detects a failure by comparing the output signals of the two DRAM control circuits FNCD and the internal state. When failure detection circuit DGMD detects a failure, it notifies failure of DRAM access circuit DFNCD to command invalidation circuit NOPD via command invalidation signal NOPS.
 故障通知を受けたコマンド無効化回路NOPDは、信号CADSによらずDRAMがデータ書込を実施しないよう指示するコマンドを所定期間発行する。このコマンドの1例はNOP(No OPeration)コマンドである。回路CADFは、このコマンドを発行する回路である。故障検出回路DGMDにより検出された故障は修理回路RPCにも通知され、DRAMアクセス回路DFNCDの割込修理処理SIRPが実行される。回路DIGは、回路CADFを診断するための回路であり、故障が検出されたときは信号ERMSを介して故障検出回路DGMDにその旨を通知する。 Upon receiving the failure notification, the command invalidation circuit NOPD issues a command for instructing the DRAM not to perform data writing for a predetermined period regardless of the signal CADS. One example of this command is a NOP (No Operation) command. The circuit CADF is a circuit that issues this command. The failure detected by the failure detection circuit DGMD is also notified to the repair circuit RPC, and the interrupt repair processing SIRP of the DRAM access circuit DFNCD is executed. The circuit DIG is a circuit for diagnosing the circuit CADF. When a failure is detected, the circuit DIG notifies the failure detection circuit DGMD via the signal ERMS.
 図13は、故障検出回路DGMDにより故障が検出されない場合におけるプログラマブル回路とDRAMチップ間のインタフェース信号のタイミングチャートである。信号NOPSは故障検出回路DGMDが故障を検出した際に1がアサートされるコマンド無効化信号であり、信号DCKはクロック信号であり、信号DCMDはRASやCASなどのコマンドを含む信号であり、信号DADRはアドレス信号であり、信号DDTはライトデータやリードデータなどのデータ信号である。故障が検出されない場合、コマンド無効化信号NOPSはアサートされず、クロックエッジP2の時点でDRAMに対するデータ書込コマンドCWRTが発行され、DRAMに対して正常にデータが書き込まれる。 FIG. 13 is a timing chart of the interface signal between the programmable circuit and the DRAM chip when no failure is detected by the failure detection circuit DGMD. The signal NOPS is a command invalidation signal that is asserted when the failure detection circuit DGMD detects a failure, the signal DCK is a clock signal, the signal DCMD is a signal including a command such as RAS and CAS, DADR is an address signal, and signal DDT is a data signal such as write data or read data. When no failure is detected, the command invalidation signal NOPS is not asserted, and the data write command CWRT for the DRAM is issued at the time of the clock edge P2, and data is normally written to the DRAM.
 図14は、故障検出回路DGMDにより故障が検出される場合におけるプログラマブル回路とDRAMチップ間のインタフェース信号のタイミングチャートである。DRAM制御回路FNCD内のアドレス信号DADRに故障が発生し、コマンド無効化信号NOPSがアサートされる。コマンド無効化信号NOPSを受けたコマンド無効化回路NOPDは、DRAMに対するデータ書込コマンドを無効化し、代わりにDRAMが動作を実施しないよう指示するコマンドCNOPをDRAMに対して出力する。 FIG. 14 is a timing chart of interface signals between the programmable circuit and the DRAM chip when a failure is detected by the failure detection circuit DGMD. A failure occurs in the address signal DADR in the DRAM control circuit FNCD, and the command invalidation signal NOPS is asserted. Upon receiving the command invalidation signal NOPS, the command invalidation circuit NOPD invalidates the data write command for the DRAM, and instead outputs a command CNOP instructing the DRAM not to perform the operation to the DRAM.
 DRAMに対するデータ書込コマンドを、DRAMに対してデータを書き込まないコマンドへ変換することにより、故障発生時において誤ったデータをDRAMに対して書き込むことを防ぎ、プログラマブル回路FPGAが故障した際にもDRAM内のデータを保護することができる。 By converting a data write command to the DRAM into a command that does not write data to the DRAM, it is possible to prevent erroneous data from being written to the DRAM when a failure occurs, and even when the programmable circuit FPGA fails, the DRAM Can protect the data inside.
<実施の形態3>
 実施形態1では、DRAM制御回路FNCD(および通信制御回路FNCN)を2重化し、2つのDRAM制御回路FNCDの動作を比較することにより故障を検出することを説明した。この方式の利点としては、同じ回路を並べるため設計の負荷が小さいこと、回路の入出力を監視することにより回路故障による誤出力を高い確率で発見できること、が挙げられる。本発明の実施形態3では、DRAMアクセス回路DFNCD(および通信回路DFNCN)の別構成例について説明する。 <Embodiment 3>
In the first embodiment, it has been described that the failure is detected by duplicating the DRAM control circuit FNCD (and the communication control circuit FNCN) and comparing the operations of the two DRAM control circuits FNCD. Advantages of this method include that the design load is small because the same circuit is arranged, and that an erroneous output due to a circuit failure can be detected with high probability by monitoring the input / output of the circuit. In the third embodiment of the present invention, another configuration example of the DRAM access circuit DFNCD (and the communication circuit DFNCN) will be described.
 図15は、本実施形態3におけるDRAMアクセス回路DFNCDの構成図である。本実施形態3は、DRAMアクセス回路DFNCDの一部に対してエラー検出コードを用いることにより、回路を完全2重化するよりも回路規模を削減する。本実施形態3においては、2つのDRAM制御回路FNCDが、2つの処理要求符号化回路DCOD、1つの処理要求データパス回路RQDP、2つの状態制御回路DCTRL、2つの処理応答出力回路RSBに分割される。本実施形態3では、回路規模として比率の大きい処理要求データパス回路RQDPに対してエラー検出コードを用いることにより、2重化せずに故障検出を実施し、DRAMアクセス回路DFNCDの回路規模を削減する。通信回路DFNCNも同様の構成を備えることができる。 FIG. 15 is a configuration diagram of the DRAM access circuit DFNCD in the third embodiment. In the third embodiment, by using an error detection code for a part of the DRAM access circuit DFNCD, the circuit scale is reduced as compared with the case where the circuit is completely duplicated. In the third embodiment, two DRAM control circuits FNCD are divided into two processing request encoding circuits DCOD, one processing request data path circuit RQDP, two state control circuits DCTRL, and two processing response output circuits RSB. The In the third embodiment, by using an error detection code for the processing request data path circuit RQDP having a large ratio as a circuit scale, failure detection is performed without duplication, and the circuit scale of the DRAM access circuit DFNCD is reduced. To do. The communication circuit DFNCN can have the same configuration.
 処理要求符号化回路DCODは、信号RQSQSを介して受けた処理要求にエラー検出コードを付加する回路であり、エラー検出コードが付加された処理要求を処理要求データパス回路RQDPに出力する。処理要求符号化回路DCODは故障検出のために2重化される。2つの処理要求符号化回路DCODの出力信号は、信号DCODSを介してDRAM故障検出回路DGMDに出力される。DRAM故障検出回路DGMDは、2つの信号DCODSを比較し、両者が異なる場合は故障が発生したものとする。 The processing request encoding circuit DCOD is a circuit that adds an error detection code to the processing request received via the signal QSQS, and outputs the processing request with the error detection code added to the processing request data path circuit RQDP. The processing request encoding circuit DCOD is duplicated for failure detection. Output signals of the two processing request encoding circuits DCOD are output to the DRAM failure detection circuit DGMD via the signal DCODS. The DRAM failure detection circuit DGMD compares the two signals DCODS, and if they are different, it is assumed that a failure has occurred.
 処理要求データパス回路RQDPは、エラー検出コードが付加された処理要求をキューイングする回路であり、その出力はDRAM入出力回路FPHDに接続される。回路BCADはDRAMアクセスのためのコマンドとアドレスを含むデータをキューイングする回路であり、回路BWDTはDRAMへのライトデータを含むデータをキューイングする回路であり、回路BMSKはDRAMへのライトデータマスクを含むデータをキューイングする回路であり、回路BECDはこれらのコマンドとアドレスとライトデータとライトデータマスクに対するエラー検出コードをキューイングする回路である。エラー検出コードとともにDRAMアクセスのためのデータをキューイングすることにより、故障を検出することができる。処理要求データパス回路RQDPは、キューイングの過程において、DRAMの利用効率を向上させるため、複数要求のパッキング、調停、プロトコル変換などの追加処理を実施する場合もある。 The processing request data path circuit RQDP is a circuit for queuing a processing request to which an error detection code is added, and its output is connected to the DRAM input / output circuit FPHD. The circuit BCAD is a circuit for queuing data including a command and address for DRAM access, the circuit BWDT is a circuit for queuing data including write data to the DRAM, and the circuit BMSK is a write data mask for the DRAM. The circuit BECD is a circuit that queues error detection codes for these commands, addresses, write data, and write data masks. A failure can be detected by queuing data for DRAM access together with an error detection code. The processing request data path circuit RQDP may perform additional processing such as packing of multiple requests, arbitration, and protocol conversion in order to improve DRAM utilization efficiency during the queuing process.
 処理応答出力回路RSBは、DRAMから受信したリードデータなどの応答を一時保持し、信号RSSSを介してインタコネクト回路TSFに応答を返信する回路である。処理応答出力回路RSBは故障検出のために2重化され、それら2つの回路の出力信号は故障検出回路DGMDによって比較され故障有無が監視される。 The processing response output circuit RSB is a circuit that temporarily holds a response such as read data received from the DRAM and returns a response to the interconnect circuit TSF via the signal RSSS. The process response output circuit RSB is duplicated for failure detection, and the output signals of these two circuits are compared by the failure detection circuit DGMD and monitored for failure.
 状態制御回路DCTRLは、処理要求符号化回路DCOD、処理要求データパス回路RQDP、処理応答出力回路RSBの動作フローを制御する。状態制御回路DCTRLは2重化され、それら2つの回路の出力信号および内部信号が故障検出回路DGMDによって比較され故障有無が監視される。 The state control circuit DCTRL controls the operation flow of the processing request encoding circuit DCOD, the processing request data path circuit RQDP, and the processing response output circuit RSB. The state control circuit DCTRL is duplicated, and the output signals and internal signals of these two circuits are compared by the failure detection circuit DGMD and the presence or absence of a failure is monitored.
 故障検出回路DGMDは、2つの処理要求符号化回路DCODの出力信号の比較による故障検出、2つの処理応答出力回路RSBの出力信号の比較による故障検出、2つの状態制御回路DCTRLの出力信号および内部信号の比較による故障検出、および、処理要求データパス回路RQDPのエラー検出コードを用いた故障検出を実施する。比較回路CMPは上記2重化された各回路の比較を実施し、その結果を故障検出制御回路FDTに通知する。 The failure detection circuit DGMD detects failure by comparing the output signals of the two processing request encoding circuits DCOD, detects failure by comparing the output signals of the two processing response output circuits RSB, the output signals of the two state control circuits DCTRL and the internal Fault detection using signal comparison and fault detection using an error detection code of the processing request data path circuit RQDP are performed. The comparison circuit CMP compares the duplicated circuits and notifies the failure detection control circuit FDT of the result.
 データパスエラー検出回路ECBは、エラー検出コード信号ECDSの値を用いて、信号CADSと信号WDTSと信号MSKSの値に故障があるか否かを判断し、その結果を故障検出制御回路FDTに通知する。 The data path error detection circuit ECB uses the value of the error detection code signal ECDS to determine whether there is a failure in the values of the signal CADS, the signal WDTS, and the signal MSKS, and notifies the failure detection control circuit FDT of the result. To do.
 故障検出制御回路FDTは、回路CMPと回路FDTにより検出された故障を修理回路RPCとマスク回路MSKDに通知する機能と、マスク回路MSKD内の故障を修理回路RPCに通知する機能を持つ。故障検出時の動作は実施形態1と同じである。 The failure detection control circuit FDT has a function of notifying a failure detected by the circuit CMP and the circuit FDT to the repair circuit RPC and the mask circuit MSKD and a function of notifying a failure in the mask circuit MSKD to the repair circuit RPC. The operation at the time of failure detection is the same as that of the first embodiment.
<実施の形態3:まとめ>
 以上のように、本実施形態3に係るプログラマブル回路FPGAは、処理要求データパス回路RQDPが格納するデータに対してエラー検出コードを付加することにより故障を検出し、DRAMアクセス回路DFNCD内のその他回路については2重化する。これにより、DRAMアクセス回路DFNCD全体を2重化する構成と比較して、回路規模を削減することができる。 <Embodiment 3: Summary>
As described above, the programmable circuit FPGA according to the third embodiment detects a failure by adding an error detection code to data stored in the processing request data path circuit RQDP, and other circuits in the DRAM access circuit DFNCD. Is duplicated. Thereby, the circuit scale can be reduced as compared with the configuration in which the entire DRAM access circuit DFNCD is duplicated.
 本実施形態3において、DRAMアクセス回路DFNCDの一部回路に対してエラー検出コードを用いる例を示したが、通信回路DFNCNの一部に対して同様にエラー検出コードを用いることにより、回路規模を削減することもできる。 In the third embodiment, an example in which the error detection code is used for a part of the DRAM access circuit DFNCD has been described. However, by similarly using the error detection code for a part of the communication circuit DFNCN, the circuit scale can be reduced. It can also be reduced.
<本発明の変形例について>
 本発明は上記した実施形態の形態に限定されるものではなく、様々な変形例が含まれる。上記実施形態は本発明を分かりやすく説明するために詳細に説明したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。また、ある実施形態の構成の一部を他の実施形態の構成に置き換えることもできる。また、ある実施形態の構成に他の実施形態の構成を加えることもできる。また、各実施形態の構成の一部について、他の構成を追加・削除・置換することもできる。 <Modification of the present invention>
The present invention is not limited to the embodiments described above, and includes various modifications. The above embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to the one having all the configurations described. A part of the configuration of one embodiment can be replaced with the configuration of another embodiment. The configuration of another embodiment can be added to the configuration of a certain embodiment. Further, with respect to a part of the configuration of each embodiment, another configuration can be added, deleted, or replaced.
 実施形態1~3で説明した、プログラマブル回路FPGAの出力を無効化する回路構成は、プログラマブル回路FPGAに接続された他デバイスのデータ破壊や誤動作を防ぐ観点において、プログラマブル回路全般の高信頼化に有効な手法である。例えば、再実行キュー回路を備えていないプログラマブル回路においても、実施形態1~3と同様にプログラマブル回路FPGAの出力を無効化することにより、プログラマブル回路FPGAに接続された他デバイスのデータ破壊や誤動作を防ぐことができる。 The circuit configuration for invalidating the output of the programmable circuit FPGA described in the first to third embodiments is effective for improving the reliability of the entire programmable circuit in terms of preventing data destruction and malfunction of other devices connected to the programmable circuit FPGA. It is a technique. For example, even in a programmable circuit that does not include a re-execution queue circuit, data destruction or malfunction of other devices connected to the programmable circuit FPGA can be prevented by invalidating the output of the programmable circuit FPGA as in the first to third embodiments. Can be prevented.
 実施形態1~3においては、DRAMアクセス回路DFNDNと通信回路DFNCNを2重化するとともに再実行キュー回路により故障発生時に一時停止した処理を改めて実行する構成例を説明した。これは、DRAMに対するデータ書込や機能チップNWCPとの間のデータ通信は比較的リトライ処理に向いているからである。本発明の手法は、必ずしもこれら回路に対して限定されるものではなく、その他回路についても同様の構成を備えることにより、回路規模を抑えつつ可用性を向上させることができる。 In the first to third embodiments, the configuration example has been described in which the DRAM access circuit DFNDN and the communication circuit DFNCN are duplicated, and the process suspended temporarily when a failure occurs is re-executed by the re-execution queue circuit. This is because data writing to the DRAM and data communication with the functional chip NWCP are relatively suitable for retry processing. The method of the present invention is not necessarily limited to these circuits, and availability can be improved while suppressing the circuit scale by providing the same configuration for other circuits.
 実施形態1~3において、DRAMや機能性チップNWCPに対するアクセスを無効化する手法として、マスク信号やコマンド変換を例示した。アクセスを無効化する手段はデバイスの種類などによって異なる場合があるので、同様のアクセス無効化を実現することができれば、マスク信号やコマンド変換以外の手段を用いてもよい。 In the first to third embodiments, mask signals and command conversion are exemplified as methods for invalidating access to the DRAM and the functional chip NWCP. Since the means for invalidating access may differ depending on the type of device and the like, means other than the mask signal and command conversion may be used as long as the same access invalidation can be realized.
 以上の実施形態において例示したタイムチャートは、見やすさを考慮して実際に要するサイクル数とは異なるサイクル数で動作の流れを記載した。したがって実際の回路動作におけるタイムチャートはこれに限られるものではない。 In the time charts exemplified in the above embodiments, the flow of operation is described with a number of cycles different from the number of cycles actually required in consideration of easy viewing. Therefore, the time chart in the actual circuit operation is not limited to this.
FPGA: プログラマブル回路
DRAM: DRAMメモリチップ
RMCP: 不揮発メモリ
NWCP: 機能チップ
TFNCP: プロセッサ回路
DFNCD: DRAMアクセス回路
DFNCN: 通信回路
CRAM: コンフィギュレーションメモリ
RPC: 修理回路
RTQD、RTQN: 再実行キュー回路
TSF: インタコネクト回路
FNCD: DRAM制御回路
DGMD: 故障検出回路
MSKD: マスク回路
FPHD: 入出力回路
FNCN: 通信制御回路
DGMN: 故障検出回路
MSKN: マスク回路
FPHN: 入出力回路
NOPD: コマンド無効化回路 FPGA: Programmable circuit DRAM: DRAM memory chip RMCP: Non-volatile memory NWCP: Function chip TFNCP: Processor circuit DFNCD: DRAM access circuit DFNCN: Communication circuit CRAM: Configuration memory RPC: Repair circuit RTQD, RTQN: Re-execution queue circuit TSF: Inter Connect circuit FNCD: DRAM control circuit DGMD: Failure detection circuit MSKD: Mask circuit FPHD: Input / output circuit FNCN: Communication control circuit DGMN: Failure detection circuit MSKN: Mask circuit FPNN: Input / output circuit NOPD: Command invalidation circuit

Claims (13)

  1.  回路構成を変更することができるプログラマブル回路であって、
     前記プログラマブル回路の回路構成を指定する回路構成データを格納するコンフィギュレーションメモリ、
     前記回路構成データによって回路構成を変更可能に構成された機能回路、
     前記機能回路の故障を検出する故障検出回路、
     前記故障検出回路が検出した前記故障を修理する修理回路、
     前記機能回路が実行する処理を再実行するために必要な再実行データを記憶する再実行キュー回路、
     を備え、
     前記機能回路は、前記故障検出回路が前記故障を検出すると、前記処理による出力を一時停止し、
     前記修理回路は、前記回路構成データのうち前記機能回路の回路構成を指定する部分を訂正することにより前記故障を修理し、
     前記再実行キュー回路は、前記修理回路が修理した前記機能回路に対して前記再実行データを供給することにより、前記一時停止した処理を前記機能回路に改めて実行させる
     ことを特徴とするプログラマブル回路。     A programmable circuit capable of changing a circuit configuration,
    A configuration memory for storing circuit configuration data for specifying the circuit configuration of the programmable circuit;
    A functional circuit configured to change the circuit configuration according to the circuit configuration data;
    A failure detection circuit for detecting a failure of the functional circuit;
    A repair circuit for repairing the failure detected by the failure detection circuit;
    A re-execution queue circuit for storing re-execution data necessary to re-execute processing executed by the functional circuit;
    With
    The functional circuit, when the failure detection circuit detects the failure, temporarily stops output by the processing,
    The repair circuit repairs the failure by correcting a part of the circuit configuration data that specifies the circuit configuration of the functional circuit,
    The re-execution queue circuit supplies the re-execution data to the functional circuit repaired by the repair circuit, thereby causing the functional circuit to execute the suspended process again.
  2.  前記機能回路は2重化されており、
     前記故障検出回路は、前記2重化された機能回路の出力を互いに比較することにより、前記機能回路の故障を検出する
     ことを特徴とする請求項1記載のプログラマブル回路。     The functional circuit is duplicated,
    The programmable circuit according to claim 1, wherein the failure detection circuit detects a failure of the functional circuit by comparing outputs of the duplicated functional circuits with each other.
  3.  前記機能回路は、前記機能回路の出力を無効化する無効化回路を備え、
     前記故障検出回路は、前記故障を検出するとその旨を前記無効化回路に対して通知し、
     前記無効化回路は、前記故障検出回路から前記通知を受け取ると、前記機能回路の出力を無効化することにより、前記機能回路の前記処理による出力を一時停止させる
     ことを特徴とする請求項1記載のプログラマブル回路。     The functional circuit includes an invalidation circuit that invalidates an output of the functional circuit,
    When the failure detection circuit detects the failure, it notifies the invalidation circuit to that effect,
    2. The invalidation circuit, when receiving the notification from the failure detection circuit, invalidates the output of the functional circuit to temporarily stop the output of the functional circuit by the processing. Programmable circuit.
  4.  前記修理回路は、前記故障検出回路が前記故障を検出していない期間において、前記回路構成データに対してエラー検出および訂正を巡回的に繰り返し実施することにより、前記機能回路の故障を検出および修理する
     ことを特徴とする請求項1記載のプログラマブル回路。     The repair circuit detects and repairs a failure of the functional circuit by cyclically and repeatedly performing error detection and correction on the circuit configuration data in a period in which the failure detection circuit does not detect the failure. The programmable circuit according to claim 1, wherein:
  5.  前記修理回路は、1回の前記巡回において、前記機能回路の故障を検出および修理する処理を複数回実施する
     ことを特徴とする請求項4記載のプログラマブル回路。     The programmable circuit according to claim 4, wherein the repair circuit performs a process of detecting and repairing a failure of the functional circuit a plurality of times in one round of the tour.
  6.  前記故障検出回路、前記修理回路、および前記再実行キュー回路は、前記回路構成データによって回路構成を変更可能に構成されており、
     前記修理回路は、前記故障検出回路が前記故障を検出していない期間において、前記回路構成データに対してエラー検出および訂正を巡回的に繰り返し実施することにより、前記故障検出回路の故障、前記修理回路の故障、および前記再実行キュー回路の故障を検出および修理する
     ことを特徴とする請求項1記載のプログラマブル回路。     The failure detection circuit, the repair circuit, and the re-execution queue circuit are configured such that the circuit configuration can be changed by the circuit configuration data,
    The repair circuit cyclically and repeatedly performs error detection and correction on the circuit configuration data during a period in which the failure detection circuit does not detect the failure, whereby the failure detection circuit detects the failure, the repair The programmable circuit according to claim 1, wherein a circuit failure and a failure of the re-execution queue circuit are detected and repaired.
  7.  前記故障検出回路および前記修理回路は、前記回路構成データによって回路構成を変更可能に構成されており、
     前記修理回路は、前記故障検出回路が前記故障を検出していない期間において、前記回路構成データに対してエラー検出および訂正を巡回的に繰り返し実施することにより、前記故障検出回路の故障および前記修理回路の故障を検出および修理し、
     前記修理回路は、1回の前記巡回において、前記故障検出回路の故障および前記修理回路の故障を検出および修理する処理を複数回実施する
     ことを特徴とする請求項1記載のプログラマブル回路。     The failure detection circuit and the repair circuit are configured such that the circuit configuration can be changed by the circuit configuration data,
    The repair circuit cyclically and repeatedly performs error detection and correction on the circuit configuration data during a period in which the failure detection circuit does not detect the failure, whereby the failure detection circuit fails and the repair is performed. Detect and repair circuit failures,
    2. The programmable circuit according to claim 1, wherein the repair circuit performs a process of detecting and repairing a failure of the failure detection circuit and a failure of the repair circuit a plurality of times in one cycle.
  8.  前記機能回路は、
     前記機能回路が処理するデータに対してエラー検出コードを付加する符号化回路、
     前記エラー検出コードが付加されたデータをキューイングするキューイング回路、
     を備え、
     前記符号化回路は2重化されており、
     前記故障検出回路は、前記2重化された符号化回路の出力を互いに比較することにより、前記符号化回路の故障を検出し、
     前記故障検出回路は、前記エラー検出コードを用いて前記キューイング回路の故障を検出する
     ことを特徴とする請求項1記載のプログラマブル回路。     The functional circuit is
    An encoding circuit for adding an error detection code to data processed by the functional circuit;
    A queuing circuit for queuing the data to which the error detection code is added;
    With
    The encoding circuit is duplicated,
    The failure detection circuit detects a failure of the encoding circuit by comparing outputs of the duplexed encoding circuit with each other,
    The programmable circuit according to claim 1, wherein the failure detection circuit detects a failure in the queuing circuit using the error detection code.
  9.  前記機能回路は、前記処理として、前記プログラマブル回路と接続されたメモリデバイスからデータを読み出し、または前記メモリデバイスに対してデータを書き込むように構成されており、
     前記機能回路は、前記故障検出回路が前記故障を検出すると、前記メモリデバイスに対するデータ書き込みを一時停止する
     ことを特徴とする請求項1記載のプログラマブル回路。     The functional circuit is configured to read data from a memory device connected to the programmable circuit or write data to the memory device as the processing,
    The programmable circuit according to claim 1, wherein when the failure detection circuit detects the failure, the functional circuit suspends data writing to the memory device.
  10.  前記機能回路は、前記機能回路の出力を無効化するマスク回路を備え、
     前記故障検出回路は、前記故障を検出するとその旨を前記マスク回路に対して通知し、
     前記マスク回路は、前記故障検出回路から前記通知を受け取ると、前記機能回路が前記メモリデバイスに対してデータを書き込む信号を無効化することにより、前記メモリデバイスに対するデータ書き込みを一時停止させる
     ことを特徴とする請求項9記載のプログラマブル回路。     The functional circuit includes a mask circuit that invalidates the output of the functional circuit,
    When the failure detection circuit detects the failure, it notifies the mask circuit to that effect,
    When the mask circuit receives the notification from the failure detection circuit, the function circuit temporarily disables data writing to the memory device by invalidating a signal for writing data to the memory device. The programmable circuit according to claim 9.
  11.  前記機能回路は、前記機能回路が出力するコマンドを変換する変換回路を備え、
     前記故障検出回路は、前記故障を検出するとその旨を前記変換回路に対して通知し、
     前記変換回路は、前記故障検出回路から前記通知を受け取ると、前記機能回路が前記メモリデバイスに対してデータを書き込むコマンドを、前記メモリデバイスに対してデータを書き込まないコマンドへ変換することにより、前記メモリデバイスに対するデータ書き込みを一時停止させる
     ことを特徴とする請求項9記載のプログラマブル回路。     The functional circuit includes a conversion circuit that converts a command output from the functional circuit,
    When the failure detection circuit detects the failure, it notifies the conversion circuit to that effect,
    When the conversion circuit receives the notification from the failure detection circuit, the functional circuit converts the command for writing data to the memory device into a command for not writing data to the memory device, thereby The programmable circuit according to claim 9, wherein data writing to the memory device is temporarily stopped.
  12.  前記再実行キュー回路は、前記再実行データとして、前記機能回路が実行する処理を識別するための処理番号を記憶する
     ことを特徴とする請求項1記載のプログラマブル回路。     The programmable circuit according to claim 1, wherein the re-execution queue circuit stores, as the re-execution data, a process number for identifying a process executed by the functional circuit.
  13.  回路構成を変更することができるプログラマブル回路、
     前記プログラマブル回路の回路構成を指定する回路構成データを格納するコンフィギュレーションメモリ、
     前記回路構成データによって回路構成を変更可能に構成された機能回路、
     前記機能回路の故障を検出する故障検出回路、
     前記故障検出回路が検出した前記故障を修理する修理回路、
     前記機能回路が実行する処理を再実行するために必要な再実行データを記憶する再実行キュー回路、
     を備え、
     前記機能回路は、前記処理において使用するデータに対してエラー検出コードが付加されたデータをキューイングするキューイング回路を備え、
     前記故障検出回路は、前記エラー検出コードを用いて前記キューイング回路の故障を検出し、
     前記機能回路は、前記故障検出回路が前記故障を検出すると、前記処理による出力を一時停止し、
     前記修理回路は、前記回路構成データのうち前記機能回路の回路構成を指定する部分を訂正することにより前記故障を修理し、
     前記再実行キュー回路は、前記修理回路が修理した前記機能回路に対して前記再実行データを供給することにより、前記一時停止した処理を前記機能回路に再実行させる
     ことを特徴とするプログラマブル回路。     Programmable circuit capable of changing the circuit configuration,
    A configuration memory for storing circuit configuration data for specifying the circuit configuration of the programmable circuit;
    A functional circuit configured to change the circuit configuration according to the circuit configuration data;
    A failure detection circuit for detecting a failure of the functional circuit;
    A repair circuit for repairing the failure detected by the failure detection circuit;
    A re-execution queue circuit for storing re-execution data necessary to re-execute processing executed by the functional circuit;
    With
    The functional circuit includes a queuing circuit for queuing data in which an error detection code is added to data used in the processing,
    The failure detection circuit detects a failure of the queuing circuit using the error detection code,
    The functional circuit, when the failure detection circuit detects the failure, temporarily stops output by the processing,
    The repair circuit repairs the failure by correcting a part of the circuit configuration data that specifies the circuit configuration of the functional circuit,
    The re-execution queue circuit causes the functional circuit to re-execute the suspended process by supplying the re-execution data to the functional circuit repaired by the repair circuit.
PCT/JP2014/080141 2014-11-14 2014-11-14 Programmable circuit WO2016075800A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/080141 WO2016075800A1 (en) 2014-11-14 2014-11-14 Programmable circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/080141 WO2016075800A1 (en) 2014-11-14 2014-11-14 Programmable circuit

Publications (1)

Publication Number Publication Date
WO2016075800A1 true WO2016075800A1 (en) 2016-05-19

Family

ID=55953913

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/080141 WO2016075800A1 (en) 2014-11-14 2014-11-14 Programmable circuit

Country Status (1)

Country Link
WO (1) WO2016075800A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020149467A (en) * 2019-03-14 2020-09-17 Necプラットフォームズ株式会社 Control device, control system, control method, and program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007188315A (en) * 2006-01-13 2007-07-26 Canon Inc Device trouble detector, control method, and program
WO2011034098A1 (en) * 2009-09-18 2011-03-24 日本電気株式会社 High-reliability device, high-reliability method, and high-reliability program of reconfigurable device
WO2014141455A1 (en) * 2013-03-15 2014-09-18 株式会社日立製作所 Field-programmable gate array circuit
JP2014178793A (en) * 2013-03-14 2014-09-25 Hitachi Ltd Information processing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007188315A (en) * 2006-01-13 2007-07-26 Canon Inc Device trouble detector, control method, and program
WO2011034098A1 (en) * 2009-09-18 2011-03-24 日本電気株式会社 High-reliability device, high-reliability method, and high-reliability program of reconfigurable device
JP2014178793A (en) * 2013-03-14 2014-09-25 Hitachi Ltd Information processing system
WO2014141455A1 (en) * 2013-03-15 2014-09-18 株式会社日立製作所 Field-programmable gate array circuit

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020149467A (en) * 2019-03-14 2020-09-17 Necプラットフォームズ株式会社 Control device, control system, control method, and program

Similar Documents

Publication Publication Date Title
US7669078B2 (en) Method and apparatus for debugging a program on a limited resource processor
US20050172180A1 (en) Programmable built in self test of memory
JP6282482B2 (en) Programmable circuit device and configuration information restoration method
JP2013122748A (en) Fault-tolerant computer system
US20210124655A1 (en) Dynamic Configurable Microcontroller Recovery
US9984766B1 (en) Memory protection circuitry testing and memory scrubbing using memory built-in self-test
WO2019184612A1 (en) Terminal and electronic device
JP2018538628A (en) Replay of partially executed instruction blocks in a processor-based system using a block atomic execution model
US10185635B2 (en) Targeted recovery process
WO2016075800A1 (en) Programmable circuit
WO2015068285A1 (en) Programmable device and electronic system device using same
TW201346529A (en) Signal processing circuit and testing apparatus using the same
JP7107696B2 (en) Failure detection method for semiconductor device and semiconductor memory
US7392432B2 (en) Synchronizing cross checked processors during initialization by miscompare
US8447932B2 (en) Recover store data merging
US20220398158A1 (en) Memory safety interface configuration
TW201606785A (en) Memory controller
WO2010109631A1 (en) Information processing device, information processing method and information processing program
JP2002229811A (en) Control method of logical partition system
US11294757B2 (en) System and method for advanced detection of failures in a network-on-chip
US9542266B2 (en) Semiconductor integrated circuit and method of processing in semiconductor integrated circuit
JP2017059017A (en) Control device with memory access part
US20240142518A1 (en) Selecting an Output as a System Output Responsive to an Indication of an Error
JP4853620B2 (en) Multiprocessor system and initial startup method and program
KR20230063247A (en) Fault recovery system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14905879

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14905879

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP