Conventionally, a watchdog timer (WDT) technology has been used for the purpose of detecting a failure of a microprocessor (for example, Japanese patent application laid-open No. 2003-150280). When a signal transmitted at a predetermined interval from a processor comes to a halt, a watchdog timer outputs a reset pulse to the processor. When the processor receives this reset pulse, it resets itself to restore its function. In this manner, by using the watchdog timer technology, it is possible to detect that the processing of the processor has been stopped due to a fault, etc. In addition, in such a case, it is possible for the processor to perform the restoration of its function.
Also, as a technology for conducting tests (debug) without the use of real circuits, there has been known a virtual tester technology (for example, Japanese patent application laid-open No. 2005-32191). A virtual tester is a technology that conducts tests by simulation on a computer using a model of a program to be tested which is modeled by a hardware description language (HDL) without using a real machine or system.
In addition, there has also been known a technique in which instead of making a built-in circuit for monitoring an FPGA (field programmable gate array) small-scale, a large-scale memory module is provided outside the FPGA and is connected thereto through a high speed transmission line (Japanese patent application laid-open No. 2003-271412). With such, it is possible to monitor the operation of the FPGA without regard to the circuit scale thereof.
However, in the case of the above-mentioned conventional technologies, there have been the following problems.
First, with a technology using a virtual tester as described in Japanese patent application laid-open No. 2005-32191, the operation of a real system can not be inspected. In addition, with a technology using a watchdog timer as described in Japanese patent application laid-open No. 2003-150280, it can be checked that a processor is operating, but it can not be verified whether the processor is operating correctly or normally.
The abnormal operation of a processor is attributable to the following causes. The first is a defect (bug) of a program, and is that the processor does not operate according to its specifications.
The second is an alteration of a program by a malicious third party. In recent years, a reconfigurable processor such as an FPGA, etc., has been frequently used as a processor. With an FPGA, the operation of the processor can be changed by changing circuit information (program). Accordingly, in the case of a version upgrade of the program or the like, the operation of the processor can be easily changed by providing a new program to the processor. However, a program provided from outside may have been rewritten by a third party. In such a case, an operation different from a manufacturer's intention will be carried out.
The third is a soft error. The soft error is an error resulting from the data held in a memory being inverted under the influence of radiation such as high energy neutrons. The probability of occurrence of soft errors is increased according to the miniaturization of LSI design rules in recent years. Although this can be dealt with by using a memory with an error correction function, it is difficult to adopt such a memory having an error correction function because of an increase in cost.