It has long been known that processor structures may even include third and fourth calculating units intended for continuously checking for the presence of bit errors in the data words used. Processor structures of this kind can be said to function in a double processor mode.
A processor structure may also include a comparator for comparing output data from the parallel-operating calculating units, a diagnostic unit which is adapted to ascertain or determine which of the two calculating units has delivered correct output data when a difference between output data is detected in the comparator, and a control unit which is adapted to ensure that output data from the processor structure originates from a calculating unit that has delivered correct output data.
The two parallel-operating calculating units await the result of the determination of the diagnostic unit when a difference is detected in the comparator, whereafter the calculating unit that has delivered correct output data continues to operate after the result of the determination has been received.
The calculating unit that has delivered incorrect output data is stopped and subjected to a start-up routine, wherewith the stopped calculating unit is brought into phase with the calculating unit that continues to operate and can then be restarted for parallel operation with the calculating unit that was not stopped. When only one calculating unit is in operation, it is said that the processor structure generally operates as a "single mode processor". By stopped is not meant that the calculating unit ceases to operate and is switched-off, but that the calculating unit concerned is stopped from performing standard execution work and, instead, switches to a mode in which it carries out various self-checks and/or the aforesaid start-up routine.
By calculating unit is meant in this document a unit for processing or executing instructions or data words read into said unit, such as a processor or an ALU (Arithmetic Logical Unit) within a processor.
It has long been known to use error correction in a double processor mode for correcting bit errors in the data words that are inputted on the programme code and, when diagnosing which processor has delivered an erroneous result in the event of a difference between the results delivered by the two processors, to ascertain or determine which processor has delivered the wrong result.
There are normally used in a system that is very sensitive to processor disturbances two parallel processors which perform precisely the same operations.
The results obtained from the two processors with each executed instruction are compared and the results are considered to be correct when said results are identical.
When the results differ, it is assumed that one processor has made an incorrect calculation and it is then necessary to establish which of the processors has delivered a wrong result.
When a difference is detected there is used a diagnostic method which identifies the processor that has delivered an incorrect result. The maximum time for carrying out this method is 20 ms, in which time none of the processors carries out a calculating or executing operation with respect to input instructions, but stand idle and carry out certain self-diagnosing operations, for instance.
When it has been established which of the processors has delivered the incorrect result, the correct processor continues to execute incoming instructions as a single mode processor.
The system is extremely vulnerable during this time period, since there is no control for ascertaining whether the result from this single processor is correct or not.
The stopped processor must therefore be restarted as soon as possible. This is achieved with a specific start-up routine in which the stopped processor is restarted and brought into phase with the correct processor.
This start-up routine takes several minutes to carry out and includes total rewriting of all memories belonging to the stopped processor, these memories being allotted the same information as that present in the memories of the correct processor.
When the content of all memories in the stopped processor is identical with the content of the memories belonging to the correct processor, the stopped processor can be restarted and the system switched from a single processor mode back to a double processor mode.
In respect of incorrectly executed instructions, the highest error frequency normally occurs in conjunction with reading from the memories in so-called memory accesses. This is because several different memories operate around a processor and because the memories have a high error frequency per se.
It is known to use traditional error correction to reduce the number of errors caused by erroneous memory accesses when reading-in instructions from the programme code.
Traditional error correction is effected by using a plurality of check bits for each data word when reading-in instructions, these check bits enabling an algorithm to check whether or not the instruction read-in is correct. When a data word is incorrectly read-in, the check bits are used for error correction of the data word.
In simple terms, it can be said that the error correction can turn out in three different ways:
an error is found and corrected; PA1 an error is found and cannot be corrected; or PA1 an error is found and corrected erroneously.
Another possibility is that the data word read-in contains a bit error which is not discovered by the error correction algorithm.
The first outturn results in a correct data word being read into the processor with no error occurring.
The second outturn results in an incorrect data word being read into the processor and culminating in a difference in the result from the parallel operating processors.
The diagnosing procedure is simplified in this case, since the result obtained with the error correction algorithm shows that one data word was incorrect.
In the third outturn, an incorrect data word is read into the processor, resulting in a difference in the result obtained from the parallel processors. The diagnosing procedure receives no assistance from the error correction algorithm in this case, since the algorithm shows that the data word read-in was correct (corrected). The likelihood of this third outturn is normally very remote.
When a bit error in a data word read into a processor is not discovered, the same situation arises as that in the afore described third event.
A memory access procedure normally has a duration of about five to six data cycles, of which one data cycle is used for error correction.
When the instruction flow is continuous, the additional time required by this data cycle makes no difference, since the instructions arrive mutually sequentially.
In the event of a sequence interruption in reading-in instructions, such as in the event of a jump instruction, it is necessary to re-access the memory from an address unknown prior to the sequence interruption.
This results in a time lapse in the read-in sequence that corresponds in duration to the duration of the access time, thus a duration in the order of from five to six data cycles.
Error correction is performed by ALU that is not included in the standard execution work in the processor, but which is used solely for error correction. This correction process does not therefore take capacity from the remainder of the processor. However, it is necessary to wait for the result before the instruction can be considered usable within the standard processor.
Gains corresponding to parts of one percent in input time are considered significant advancements with regard to increased efficiency with essentially retained system reliability.
About 10% of all instructions that are read in from the programme code consist of different sorts of jump instructions, which are instructions that cause so-called sequence interruptions in reading instructions into the calculating units.
The sequentially read-in instructions each take-up one data cycle, whereas a jump instruction takes-up in the region of six data cycles, due to the sequence-interruptions in read-in instructions constituted by a jump instruction.
An object of the present invention is to generally reduce the additional time consumed by a sequence interruption without needing to affect system reliability in a negative manner.
If each jump instruction can be caused to take-up five data cycles instead of six data cycles for instance, this will result in an average reduction of one data cycle per fifteen data cycles in the total instruction input, which corresponds to 6.7% of the total input time. This represents a considerable time saving in the present contexts.
Publications U.S. Pat. Nos. 4,358,823, 4,916,696 and EP-A2-0 433 979 also describes the background of the invention.