In the field of programmable electronic systems, it is known to verify the reliability of algorithms executing independently, either on different cores or the same core. In this respect, for certain applications requiring redundancy and/or that are “mission critical”, it is known for the independent algorithms to comprise the execution of a same function.
To achieve this objective, solutions have been proposed both at a hardware level and a software level in order to ensure consistency in results provided by each function or even algorithm.
One known solution is the so-called “lock-step” verification technique, which monitors synchronism between Central Processing Units (CPUs) in order to detect execution errors that may impact upon the reliability of one or more applications supported by the CPUs. In this respect, hardware is provided to monitor the response of each CPU at a level of granularity associated with a bus interface, for example one or both clock edges. Consequently, in the event that one or both of the CPUs suffer a malfunction, the error can be detected. In order to detect the error, a hardware entity comprising many comparators is provided to monitor the external interfaces of the CPUs. As can be appreciated, the amount of hardware overhead required to support such a level of error detection is considerable for just two CPUs. If one then considers the possibility of performing error detection in respect of many CPUs, the hardware overhead increases further and indeed can even be impossible or uneconomic to support.
Another “lock-step” technique known in the art is implemented in software as opposed to hardware. This technique is employed in relation to a single CPU or multiple CPUs executing algorithms multiple times in order to verify functional consistency. In this respect, the algorithm can be expressed differently, for example using different compiler languages. The algorithm can comprise multiple functions that can be compared at the function level. In this respect, a software module is used to compare the results of the function executions.
U.S. Pat. No. 7,827,429 relates to a fault tolerant computer comprising a first unit, a second unit, a delay buffer and a delay time setting unit. The first unit executes a computer program in response to an input signal. The second unit executes the computer program in the same execution environment as the first unit in response to the input signal. The delay buffer controls a delay between when the input signal is input to the first unit and when the input signal is input to the second unit, and is set to zero when receiving a synchronisation mode signal.
International patent application publication number WO 2011/101707 A1 relates to an alternative implementation of error detection between CPUs in which access to volatile and non-volatile memory is observed and, if required, volatile “transactions” are replayed. In this connection, a first of a number of CPUs in a so-called validation set supporting a function performs the function, the result of which are assumed to be valid and so the results are stored and replicated to the other CPUs in the validation set.