1. Field of the Invention
The present invention relates to state machines, and in particular those used in integrated circuits.
2. Description of the Related Art
A state machine is a sort of automaton, the operation of which is modeled by a set of states linked to each other by transitions. A finite state machine comprises a finite number of states. The change from a state in progress to a next state linked to the state in progress by a transition is performed according to state variables.
Classically, a state machine comprises input signals and output signals generated upon each transition according to the input signals. The input and output signals of a state machine can also be listed as primary signals and secondary signals. The primary input signals are the signals that the state machine receives from the “external environment.” The primary output signals are the signals the state machine sends to the external environment. The secondary output signals produced by the state machine become the secondary input signals upon the next transition. The secondary input signals inform the state machine about the state in progress.
FIG. 1 represents a state machine in block form. In FIG. 1, the state machine FSM comprises a combinational logic circuit CBL and sets of latches LTS1, LTS2. All the outputs of the circuit CBL are connected to the set of latches LTS1. The circuit CBL comprises primary inputs PI and primary outputs PO. The circuit CBL also comprises secondary inputs SI and secondary outputs SO. The secondary outputs SO at output of the set LTS1 are connected to the set of latches LTS2. The latches in the set LTS1 enable the state in progress of the state machine to be stored, i.e., the last values of the primary and secondary output signals generated by the state machine. The secondary output signals, once locked by the set of latches LTS2, become the secondary input signals SI used by the circuit CBL to execute the next transition.
Many electronic circuits use state machines. This is particularly the case of certain serial access memories like EEPROM memories (Electrically Erasable Programmable Read-Only Memory).
In such applications, the transitions are generally performed in synchronization with a clock signal supplied by a communication bus. The primary input signals generally comprise signals received by the memory, and other signals internal to the memory. The primary output signals are control signals controlling various subsets of the memory (shift registers, memory array decoders, read circuitry, charge pump, etc.).
An excessively high clock frequency can seriously interfere with the operation of the state machine. This interference generally results in the production of incorrect output signals, which cause the state machine or the assembly into which the state machine is integrated to malfunction or crash. In the case of a memory, a malfunction can result, for example, in the decoding of incorrect commands, in the corruption of data read (thus reversible) or written (irreversible), or in the memory crashing, which can require a reset by cutting off and restoring the power supply.
The triggering of the malfunction can be involuntary (for example noise on the clock signal of an access bus, interpreted as a brief clock pulse), or voluntary. In the latter case, it may be attempts to interfere with the operation of a secure circuit, so as to try to violate a securization function. Indeed, certain EEPROM memories adapted to a specific application have securization functions, the operation of which can be more or less linked to the state machine.
To detect such a malfunction, one proposal already made consists in determining the frequency of the clock signal by measuring the duration of the periods or half-periods of the clock signal by means of a time reference and comparing the frequency thus determined with a frequency threshold. It transpires that this detection of malfunctioning is independent of the maximum operating frequency of the state machine. To be sure of being protected against a malfunction of the state machine, a frequency threshold is defined much lower than the actual malfunction threshold of the state machine. Indeed, depending on the variations in the supply voltage, temperature, and manufacturing parameters, the frequency of the time reference and the maximum operating frequency of the state machine vary in a decorrelated manner. An error signal must therefore be generated above a threshold much lower than the maximum operating frequency. The result is that the safety margin causes a reduction in the maximum operating frequency of the circuit. Typically, the threshold used to detect a malfunction is set to a frequency at least two times lower than the maximum operating frequency of the state machine.