An integrated processor system, such as System-on-Chip devices, typically comprises one or more interconnect components used to enable the transfer of data between various other components of the processor system. Such an interconnect component may consists of a bus, crossbar switch, switching fabric, etc.
Components connected via such an interconnect component are typically divided into two types: interconnect master devices and interconnect slave devices. Interconnect master devices typically include, for example, processor cores, direct memory access (DMA) units, etc. arranged to initiate transactions over the interconnect component(s) to send data to and/or request data from interconnect slave devices. Interconnect slave devices typically include components providing memory-mapped resources such as, for example, memory blocks, peripheral components, external interfaces, etc.
Due to unforeseen issues, a master device can hang, or otherwise become unresponsive and enter a failure state in which the master device is unable to handle active and outstanding interconnect transactions (transactions issued by the master device before going into the failure state). This can lead to a system-level deadlock as the interconnect component tries to serve outstanding transactions to the unresponsive master device.
In a conventional system, such a system-level deadlock is recoverable through a system restart. A full system restart leads to a long response time whilst the system restarts. In safety sensitive industries such as the automotive industry, there is a trend away from ‘Fail Safe’ systems, in which a system is put into a safe (restricted) mode when a fault is detected, towards ‘Fault Tolerant’ systems that enable less restricted operation upon a fault occurring and that support higher levels of functional availability during fault conditions. Accordingly, the need to perform a system restart to recover from a system-level deadlock conflicts with the desired move towards fault tolerant systems that support higher levels of functional availability during fault conditions.