Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1999-12-21
2003-09-23
Beausoliel, Robert (Department: 2184)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C712S220000
Reexamination Certificate
active
06625749
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to microprocessors and, in particular, to microprocessors capable of operating in high-reliability modes.
2. Background Art
Soft errors arise when alpha particles or cosmic rays strike an integrated circuit and alter the charges stored on the voltage nodes of the circuit. If the charge alteration is sufficiently large, a voltage representing one logic state may be changed to a voltage representing a different logic state. For example, a voltage representing a logic true state may be altered to a voltage representing a logic false state, and any data that incorporates the logic state will be corrupted.
Soft error rates (SERs) for integrated circuits, such as microprocessors (“processors”), increase as semiconductor process technologies scale to smaller dimensions and lower operating voltages. Smaller process dimensions allow greater device densities to be achieved on the processor die. This increases the likelihood that an alpha particle or cosmic ray will strike one of the processor's voltage nodes. Lower operating voltages mean that smaller charge disruptions are sufficient to alter the logic state represented by the node voltages. Both trends point to higher SERs in the future. Soft errors may be corrected in a processor if they are detected before any corrupted results are used to update the processor's architectural state.
Processors frequently employ parity-based mechanisms to detect data corruption due to soft errors. A parity bit is associated with each block of data when it is stored. The bit is set to one or zero according to whether there is an odd or even number of ones in the data block. When the data block is read out of its storage location, the number of ones in the block is compared with the parity bit. A discrepancy between the values indicates that the data block has been corrupted. Agreement between the values indicates that either no corruption has occurred or two (or four . . . ) bits have been altered. Since the latter events have very low probabilities of occurrence, parity provides a reliable indication of whether data has been corrupted. Error correcting codes (ECCs) are parity-based mechanisms that track additional information for each data block. The additional information allows the corrupted bit(s) to be identified and corrected.
Parity/ECC mechanisms have been applied extensively to caches, memories, and similar data storage arrays. These structures have relatively high densities of data storing nodes and are susceptible to soft errors even at current device dimensions. Their localized array structures make it relatively easy to implement parity/ECC mechanisms. The remaining circuitry on a processor includes data paths, control logic, execution logic and registers (“execution core”). The varied structures of these circuits and their distribution over the processor die make it more difficult to apply parity/ECC mechanisms.
One approach to detecting soft errors in an execution core is to process instructions on duplicate execution cores and compare results determined by each on an instruction by instruction basis (“redundant execution”). For example, one computer system includes two separate processors that may be booted to run in either a symmetric multi-processing (“SMP”) mode or a [Functionalredundant redundant] Functional Redundant Check (“FRC”) mode. In SMP mode, instruction execution is distributed between the processors to provide higher overall performance than single processor systems. In FRC mode, one processor executes code normally and a second processor executes identical instructions on the same data that is provided to the first processor. If the second processor detects a discrepancy between its operations and those of the first processor, it signals an error. The operating mode can only be switched between SMP and FRC modes by resetting the computer system.
The dual processor approach is costly (in terms of silicon). In addition, the inter-processor signaling through which results are compared is too slow to detect corrupted data before it updates the processors' architectural states. Consequently, this approach is not suitable for correcting the detected soft errors.
Another computer system provides execution redundancy using dual execution cores on a single processor chip. The two execution cores operate in FRC mode, and ECC protected check point registers store information on intermediate states of the processor. When an error is detected in a code segment, the processor implements a micro-code routine to restore the processor to the last uncorrupted processor state, using the check point registers. Control is then returned to the code segment, beginning with the instruction(s) that encountered the error. The error recovery micro-code routine is stored on the processor chip, making it difficult to update or modify. In addition, routines sufficiently flexible to correct a broad range of errors tend to be relatively complex. Micro-code implementations of these routines occupy significant area on the processor die.
The present invention addresses these and other deficiencies of available high reliability computer systems.
SUMMARY OF THE INVENTION
The present invention provides a firmware mechanism for recovering from soft errors in a dual execution core processor that is capable of operating the execution cores in redundant mode and split mode.
A method in accordance with the present invention detects a soft error when the processor is operating the execution cores in redundant mode. An error recovery routine is executed on each execution core to save uncorrupted data from storage structures associated with the execution core. Processor state data is recovered from the saved data, and the first and second execution cores are initialized using processor state data.
A computer system in accordance with the present invention includes a dual execution core processor and a non-volatile memory that stores the error recovery routine. The error recovery routine is invoked when the processor detects a soft error while operating in the redundant mode. The routine switches the processor to the split mode, in which mode each execution core saves uncorrupted data in its associated storage structures to a designated memory location. The routine recovers processor state data from the saved data.
REFERENCES:
patent: 4453215 (1984-06-01), Reid
patent: 4912707 (1990-03-01), Kogge et al.
patent: 5475856 (1995-12-01), Kogge
patent: 5504859 (1996-04-01), Gustafson et al.
patent: 5530802 (1996-06-01), Fuchs et al.
patent: 5664214 (1997-09-01), Taylor et al.
patent: 5748873 (1998-05-01), Ohguro et al.
patent: 6279119 (2001-08-01), Bissett et al.
patent: 6393582 (2002-05-01), Klecka et al.
patent: 0315303 (1989-05-01), None
patent: 0411805 (1991-02-01), None
Keith Diefendorff, Microprocessor Report,Nov. 15, 1999, pp. 8, vol. 13, No. 15.
Keith Diefendorff, Power4 Focuses on Memory Bandwidth, Oct. 6, 1999, pp. 11-17.
Beausoliel Robert
Blakely , Sokoloff, Taylor & Zafman LLP
McCarthy Christopher S.
LandOfFree
Firmware mechanism for correcting soft errors does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Firmware mechanism for correcting soft errors, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firmware mechanism for correcting soft errors will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3009179