1. Technical Field of the Invention
The present invention relates generally to the hardware design of computer systems, ASICs, systems-on-a-chip, etc., utilizing multiple cores or multiple processors. In particular, this invention relates to computer system hardware and methods of initializing computer hardware, and to a method and apparatus for initializing multiple processors to an identical state, such that they will operate in an identical manner.
2. Description of the Prior Art
Some information processing systems are used for tasks wherein the costs of the consequences of undetected failure are high, such as in financial transaction processing, aviation, and medical equipment operation. The failure may take many forms, but ultimately results in incorrect output. Modern microprocessors or microcontrollers, which are implemented in these information processing systems, have many attractive features, but, unfortunately, error detection is not usually one of them. In a system that requires high integrity, two or more microprocessors or processor cores may be used to simultaneously execute software programs, and hardware may be designed to check their outputs to assure that they agree. This is typically referred to as a “cross checked” system design. When a miscompare of the outputs occurs, that is, the outputs do not agree, either an error interrupt is presented to the processor(s) and/or some actions are taken in the rest of the system to prevent data contamination.
One method of designing a cross checked system is to loosely synchronize the two processors, meaning that they are not doing the exact same operation at the exact same time. The output from the two is compared as it becomes available. This method requires that the outputs are buffered, and so any miscompare signal is typically delayed. Another method uses tight synchronizing of the two processors—each processor is performing the exact same operation on each and every external bus clock cycle. Both processors must present the exact same result at the same time. Usually in such systems, one processor is designated as the “master” and the other is designated as the “checker”. Input signals are presented to both processors at the same time. Output signals of the master are used to drive the rest of the system, but the output signals of the checker processor are only used for comparison purposes. In this method, no buffering is required and the miscompare (error) signal is issued immediately.
In this tightly synchronized configuration, it is necessary to initialize the processors to the same state at reset time. This is referred to as state convergence. Without this, it is very likely that the processors will not follow the exact same path in the execution of a program, causing a difference in their outputs with resultant miscompare signals generated. The problem is that typical processors are not always designed to be put in the exact same state via a hardware reset input signal. Modern microprocessors contain many arrays, such as a branch history table, and latches that have undefined initial states because their initial state doesn't matter in normal usage in a non-cross checked design. This situation is sometimes solved by running some piece of initialization software simultaneously on both processors. The problem with this partial solution is that many modern processors have hardware facilities that can not be directly initialized via software. Depending on the facilities of the processors involved, there may not be an algorithm that would allow two processors to be initialized to the same state in a single reset.
A typical solution for initialization failures, in general, is to try a reset a second time, with the determination and the actual reset initiation being done externally. In the case of two complex processors, many resets may be required to get state convergence, perhaps hundreds. This can be quite time consuming because of the requirement for external determination and initiation, and the many resets could be detrimental to other elements of the apparatus and possibly end users.
An example processor facility that is typically in a random state (upon power up) is a branch history table (BHT). It consists of an array of stored branch points (instruction addresses) and for each branch there is a history of how the branch was taken, or not, previously in the program, as an aid in predicting future branch direction. It is usually not directly modifiable from software. It is only initialized by software instructions taking or not taking conditional branches. Trying to initialize a BHT by doing conditional branches almost always results in the processors, or processor cores, getting out of synchronization due to the different initial states in the BHT arrays.
An obvious answer to this problem is to change the design of the processor so that it can be completely initialized more easily. Unfortunately, the processor design is usually “as is” and is not subject to design changes. The present invention addresses these typical shortcomings in processor error checking design.