A microprogram control unit is said self-checking when capable of detecting and signalling to the outside the occurrence of an error inside it. It is said to be selfchecking with on-line error-detection capability, if it can detect and signal the errors concurrently with its ordinary operation, without requiring specific periodical execution of self-checking programs.
Self-checking control units already known in the art usually have the disadvantage that their capacity to detect possible errors requires too high circuit complexity.
Said units differ from one another as to the approach used for error detection.
A known type of self-checking control unit, as described for example, in the paper "Design of concurrently testable microprogrammed control units" by M. Namjoo, Proceedings of the MICRO-15 Workshop, Palo Alto, Calif., July 1982, follows a functional error-detection approach which checks the correct microinstruction sequencing.
Namely, microinstruction transitions are checked, by assigning a check symbol to each microinstruction.
This check symbol is randomly generated independently of the microinstruction address. Its correctness is then checked. This approach has the following disadvantages:
complete sequencing error coverage cannot be ensured without associating a different symbol with each microinstruction, which is equivalent to adding two address fields to the microinstruction, thereby effecting a considerable increase in the microprogram memory and internal buses; and
even doubling of the microinstruction length does not allow checking of the correct correspondence between the destination of a condition jump and the value of the condition logic variable. In case of an error in the condition logic variable, the jump destination will be incorrect without possibility of error detection, thereby introducing sequencing errors among microinstructions.
Another known type of self-checking control unit, described for example, in the paper entitled "The design of a microprogram control unit with concurrent error detection" by C. Yu Wong, et al., Proceedings of the 13th International Symposium on Fault-Tolerant Computing, Milan, June 1983, follows an analytical error detection approach based on the use of an error model strictly correlated with the technology used.
For instance, in MOS technology, a unidirectional error model is used. A unidirectional error is a multiple or single error which may affect one or more positions in a word such that all the erroneous positions assume the same logic level.
Unidirectional errors are detected by introducing an additional field into the microinstruction containing the Berger code of the microinstruction address. This code is then compared during the microinstruction execution with the code logically regenerated by a suitable circuit; a possible difference indicates the error. The Berger code is the binary coding of the number of zeroes contained in the field to be coded.
Conversely, the failures which do not give rise to unidirectional error are covered by using the duplication of the relevant circuit parts of the unit. Besides the expense in terms of the number of components needed, the duplication technique is incapable of covering the failures on the carry lines of the computing elements and on the data lines beyond the branching points of the internal buses, since the error checks are carried out by using the Berger coding, which is extracted from the first copy of the datum, sent into the bus together with the second copy, and compared at the bus end with the code here extracted from the second copy. Thus only unidirectional errors are covered, and hence the duplication in this case is useless.