The present technique relates to an interrupt controller and a method of operating such an interrupt controller, and in particular relates to the design of an interrupt controller that can be used in functional safety implementations.
Functional safety is becoming an important aspect of modern data processing system design. In order to ensure designs meet the functional safety requirements, it is generally necessary to provide for a high level of fault detection coverage. Purely by way of example, in the automotive field the Standard ISO 26262 entitled “Road Vehicles—Functional Safety” is an international Standard for functional safety of electrical and/or electronics systems in production automobiles, and that Standard defines a number of Automotive Safety Integrity Levels (ASILs). ASIL D dictates the highest integrity requirements, and requires 99% fault detection.
Traditionally, designers resort to spatial redundancy such as Dual-Core-Lock-Step (DCLS) to achieve such high levels of fault detection. In accordance with such a design, two processor cores operate in lockstep and any discrepancy in their output is used to indicate an error. However, duplicating all of the components of the processor cores in such a design could potentially introduce significant area and power overhead. This is becoming a significant issue in modern systems, as more performance and features are added into those systems, resulting in an increase in the die size and power consumption.
One of the components that would potentially need duplicating in such a functional safety system is the interrupt controller. However, there is a significant area penalty associated with duplicating the interrupt controller design within such a system.
It would accordingly be desirable to provide an improved technique for handling interrupts within safety critical systems.