Nios® V Processor: Lockstep Implementation

Download PDF
ID 833274
Date 10/07/2024
Public
Document Table of Contents
Document Table of Contents x
1. About the Nios® V Processor Lockstep 2. Overview 3. Controlling the Nios® V Processor Lockstep 4. Programming Model 5. Signals, Interfaces, and Build Parameters 6. Using Nios® V Processor Lock Step A. Document Revision History for the Nios® V Processor: Lockstep Implementation B. Appendix
1. About the Nios® V Processor Lockstep x
1.1. Nios® V Processor Lockstep Features
2. Overview x
2.1. Introduction 2.2. Main Principles 2.3. Operating Modes 2.4. Resets 2.5. LOGS Information
2.2. Main Principles x
2.2.1. System Phases 2.2.2. System States 2.2.3. Safety Mechanisms
2.2.2. System States x
2.2.2.1. Transitioning between System States
2.2.3. Safety Mechanisms x
2.2.3.1. Self-Checking Comparator 2.2.3.2. Timeout Timer 2.2.3.3. Enable Counters 2.2.3.4. Specialized Safety Mechanism
2.3. Operating Modes x
2.3.1. NORMAL and SILENT Modes
2.4. Resets x
2.4.1. Resetting CORE 2.4.2. Resetting OPTIONS 2.4.3. Resetting LOGS 2.4.4. Resetting Time Diversity Register
2.5. LOGS Information x
2.5.1. ALARMS 2.5.2. CONTEXT 2.5.3. STATISTICS 2.5.4. Reset LOGS
2.5.1. ALARMS x
2.5.1.1. Configuring Alarm Severity
3. Controlling the Nios® V Processor Lockstep x
3.1. Configuration Interface 3.2. fRNET Interface 3.3. Controlling the Elective Features
3.3. Controlling the Elective Features x
3.3.1. Applying Timeout and Comparator Blind Window 3.3.2. Injecting Fault 3.3.3. Downloading the CPU Software 3.3.4. Debugging the CPU Software using SILENT Mode 3.3.5. Resetting the CPU upon Fault Detection
3.3.1. Applying Timeout and Comparator Blind Window x
3.3.1.1. Timeout 3.3.1.2. Comparator Blind Window 3.3.1.3. Calculating the Blind Window and Timeout Period
3.3.2. Injecting Fault x
3.3.2.1. Root Fault Injection 3.3.2.2. Alarm Fault Injection
3.3.4. Debugging the CPU Software using SILENT Mode x
3.3.4.1. Entering SILENT Mode 3.3.4.2. SILENT Mode Limitation 3.3.4.3. Exiting SILENT Mode
3.3.5. Resetting the CPU upon Fault Detection x
3.3.5.1. Basic Reset Control
4. Programming Model x
4.1. Memory Map 4.2. Configuring fRSmartComp during Run-time 4.3. Unlocking and Locking Registers 4.4. Detailed Register Description
4.1. Memory Map x
4.1.1. Memory Map—Part 1 4.1.2. Memory Map—Part 2 4.1.3. Memory Map—Part 3
4.4. Detailed Register Description x
4.4.1. DCLSM Blind Window Control Register - DCLSM_BWCR 4.4.2. All Alarms’ Prior Alarms’ Fault Injection Register - ERRCTRL_ALL_ALARMS_PRIOR_AFI 4.4.3. INTREQ Configuration Register - ERRCTRL_INTREQ_CONF 4.4.4. Timeout Deadline and Status Register - ERRCTRL_TIMEOUT 4.4.5. Timeout Acknowledgment Register - ERRCTRL_TIMEOUT_ACK 4.4.6. Enable Key fRSmartComp Control Register - ERRCTRL_ENABLE_KEY 4.4.7. Root Fault Injection Control register - ERRCTRL_ROOT_INJ 4.4.8. Alarm Fault Injection Control register - ERRCTRL_ALARM_INJ 4.4.9. Event Mask Configuration register - ERRCTRL_MASKA and ERRCTRL_MASKB 4.4.10. Alarm Routing Configuration register - ERRCTRL_ROUTA and ERRCTRL_ROUTB 4.4.11. Error Controller PGO LOG Reset Control register - ERRCTRL_PGOLOGRST 4.4.12. PGO0 and PGO4 Configuration registers - ERRCTRL_PGO0 and ERRCTRL_PGO4 4.4.13. FN_MODEIN Control Register - ERRCTRL_FNMODEIN 4.4.14. FN_MODEOUT register - ERRCTRL_FNMODEOUT 4.4.15. All Alarms After Fault Injection - ERRCTRL_FNGIALARMS 4.4.16. Error Controller Context Register - ERRCTRL_FNGICTXT4 4.4.17. CMP Mismatch CONTEXT Registers - ERRCTRL_FNGICMPCTXT0 … ERRCTRL_FNGICMPCTXT3 4.4.18. STATISTICS registers: ERRCTRL_FNGISTAT0 and ERRCTRL_FNGISTAT4 4.4.19. State register - ERRCTRL_FNPERIPHGI4
5. Signals, Interfaces, and Build Parameters x
5.1. Configuration Interface 5.2. System Interface 5.3. fRNET Interface 5.4. IP Parameters
5.3. fRNET Interface x
5.3.1. CONFIG 5.3.2. INFO
6. Using Nios® V Processor Lock Step x
6.1. Instantiating Lockstep-Enabled Processor 6.2. Connecting Signals and Interfaces 6.3. Compiling Design 6.4. Implementing Startup Procedure 6.5. Applying Optional Injection for Validation 6.6. Detecting Faults 6.7. Handling Faults (Safety Use Case)
6.2. Connecting Signals and Interfaces x
6.2.1. Connecting Clock and Reset 6.2.2. Connecting Configuration Interface 6.2.3. Connecting System Interface
6.2.1. Connecting Clock and Reset x
6.2.1.1. Clock 6.2.1.2. Reset
6.2.3. Connecting System Interface x
6.2.3.1. Asynchronous Reset Interface 6.2.3.2. CPU Halt and Restart Acknowledgment Interface 6.2.3.3. Silent Mode Interface 6.2.3.4. Output Qualification (TERMS_LEFT and TERMS_RIGHT) 6.2.3.5. Interrupt Request (INTREQ) 6.2.3.6. ALARMS Interfaces 6.2.3.7. Connecting fRNET Interface
6.7. Handling Faults (Safety Use Case) x
6.7.1. UC_01: Standard Fail Safe or No Availability 6.7.2. UC_02: False Positive Avoidance 6.7.3. UC_03: Timeout on System Reset or After Fault Detection
1. About the Nios® V Processor Lockstep
2. Overview
3. Controlling the Nios® V Processor Lockstep
4. Programming Model
5. Signals, Interfaces, and Build Parameters
6. Using Nios® V Processor Lock Step
A. Document Revision History for the Nios® V Processor: Lockstep Implementation
B. Appendix

B. Appendix

Assumptions:
  • A Lockstep-disabled Nios® V processor (Core 1) acts as the System Supervisor to manage a Lockstep-enabled Nios® V processor (Core 2).
  • Lockstep Configuration Interface of Core 2 is connected to Data Manager of Core 1.
  • The starting address of the Configuration Interface is 0xA0000.

Reading Generated Alarms

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
//Reading Alarms (ERRCTRL_FNGIALARMS)
unsigned int read_alarm = IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD498);

if(!read_alarm) 
{
  printf(“No Alarms”);
} 
else
{
  if(read_alarm&0x1) printf(“Alarm0\n”);
  if(read_alarm&0x2) printf(“Alarm1\n”);
  if(read_alarm&0x4) printf(“Alarm2\n”);
  if(read_alarm&0x8) printf(“Alarm3\n”);
  if(read_alarm&0x10) printf(“Alarm4\n”);
  if(read_alarm&0x10000) printf(“Alarm16\n”);
  if(read_alarm&0x20000) printf(“Alarm17\n”);
  if(read_alarm&0x80000) printf(“Alarm19\n”);
}
}

Reading fRSmartComp State

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
//Reading fRSmartComp state (ERRCTRL_FNPERIPHGI4)
unsigned int read_state = IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD4E4);

switch(read_state)
{
  case 0x1: printf(“DISABLED”); break;
  case 0x2: printf(“OD”); break;
  case 0x4: printf(“FCS”); break;
  default: printf(“This is not expected.”);
}
}

Reading Mismatch Comparator Slices

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
//Reading Mismatch Comparator Slices (ERRCTRL_FNGICMPCTXT0)
unsigned int read_slice = IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD4B0);

if(!read_slice)
{
  printf(“No mismatch”);
}
else
{
  for(int i=0; i<23; i++)
  {
    if(read_slice&0x1) printf(“Mismatch in Slice %d\n”, i);
    read_slice=read_slice/2; 
  }
}
}

Injecting Alarm Faults

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
/*
 * Before Alarm Fault Injection
 * 1. Read Alarms (Expecting no alarms)
 * 2. Read fRSmartComp state (Expecting OD state)
 */
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State

/*
 * Start Alarm4 Fault Injection (ERRCTRL_ALARM_INJ)
 */
IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD448, 0x10);

/*
 * After Alarm Fault Injection
 * 1. Read Alarms (Expecting a new Alarm4)
 * 2. Read fRSmartComp state (Expecting OD state)
 */
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State

/*
 * Stop Alarm4 Fault Injection
 * 1. Read Alarms (Expecting no alarms)
 * 2. Read fRSmartComp state (Expecting OD state)
 */
IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD448, 0x0);
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State
}

Injecting Root Faults

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
/*
 * Before Root Fault Injection
 * 1. Read Alarms (Expecting no alarms)
 * 2. Read fRSmartComp state (Expecting OD state)
 * 3. Read mismatch slice (Expecting no mismatch)
 */
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State
//Refer to Example 3 Reading Mismatch Comparator Slices

/*
 * Configure and Start Root Fault Injection
 * 1. Select BUS_D_CNTRL as target slice (ERRCTRL_PGO0)
 * 2. Inject Comparator Self-detection 
 *     with faulty frSmartComp (ERRCTRL_ROOT_INJ)
 */
IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD460, 0x4);
IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD444, 0x5);

/*
 * After Root Fault Injection
 * 1. Read Alarms (Expecting a new Alarm1, Alarm2, Alarm4)
 * 2. Read fRSmartComp state (Expecting FCS state)
 * 3. Read mismatch slice (Expecting no mismatch, 
 *    and not affected by root fault injection)
 */
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State
//Refer to Example 3 Reading Mismatch Comparator Slices

/*
 * Stop Root Fault Injection
 * No Effects due to Sticky Faults
 * 1. Read Alarms (Expecting the same Alarm1, Alarm2, Alarm4)
 * 2. Read fRSmartComp state (Expecting the same FCS state)
 * 3. Read mismatch slice (Expecting the same no mismatch)
 */
IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD444, 0x0);
//Refer to Example 1 Reading Generated Alarms
//Refer to Example 2 Reading fRSmartComp State
//Refer to Example 3 Reading Mismatch Comparator Slices

/*
 * Reset Processor to Clear Root Faults
 */
}

Startup Procedure

#define LOCKSTEP_CONFIG_BASE_ADDR 0x000A0000

int main()
{
  /*
   * Enter main() after Nios V processor initialization is successful
   */


  /*
   * Configure fRSmartComp
   * 1. Enable INTREQ generation (ERRCTRL_INTREQ_CONF)
   * 2. Verify no alarm mask (ERRCTRL_MASK*)
   * 3. Check default alarms’ severity (ERRCTRL_ROUT*)
   * 4. Check frSmartComp Enable counter (ERRCTRL_PGO4)
   */
  
  // 1. Enable INTREQ generation for ERROR-type alarm
  IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD420, 0x25);
  
  // 2. Verify no alarm mask
  unsigned int maskA = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD44C)&0xffffff;
  unsigned int maskB = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD450)&0xffffff;
  if((maskA == 0x555555)&&(maskB == 0x555555))
  {
    printf(“All alarms are unmasked.\n”);
  }

  // 3. Check default alarms’ severity 
  unsigned int severityA = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD454)&0xffffff;
  unsigned int severityB = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD458)&0xffffff;
  if((severityA == 0xe8fca8)&&(severityB == 0xaa0000))
  {
    printf(“All alarms are reset to default severity.\n”);
  }

  // 4. Check frSmartComp Enable counter
  unsigned int en_count = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD470)&0xf;
  printf(“System Supervisor can trigger %d fRSmartComp Enable command before
    triggering Alarm17.\n”, en_count+1);


  /*
   * Provide timeout acknowledgment (ERRCTRL_TIMEOUT_ACK)
   * Verify timeout counter stopped (ERRCTRL_TIMEOUT) by 
   * delaying more than timeout period
   * Max timeout period at 100MHz processor clock is 10.44 milliseconds
   */
  IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD428, 0x78A5C3E1);
  IOWR_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD428, 0x875A3C1E);
  unsigned char count1 = IORD_8DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD425);
  usleep(10000);
  unsigned char count2 = IORD_8DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD425);
  if(count1 == count2) printf(“Timeout acknowledged.\n”);

/*
   * Disable timeout (ERRCTRL_TIMEOUT)
   * 1. Unlock ERRCTRL_TIMEOUT
   * 2. Verify unlocked status
   * 3. Write new timeout deadline as 0 (Disable)
   * 4. Lock ERRCTRL_TIMEOUT
   */
  IOWR_8DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD427, (0x19<<1));
  unsigned int timeout_csr = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD424);
  printf("Timeout Period = %d\n", timeout_csr&0xff);
  if(timeout_csr&0x01000000) 
  {
    printf(“Unlocked Success.\n”);
  } else
  {
    printf(“Still Locked. Failed to unlock.\n”);
  }
  IOWR_8DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD424, 0);
  IOWR_8DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD427, 0);
  timeout_csr = 
    IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD424);
  if(timeout_csr&0x01000000) 
  {
    printf(“Still Unlocked. Failed to lock.\n”);
  } else
  {
    printf(“Locked Success.\n”);
  }
	 timeout_csr = IORD_32DIRECT(LOCKSTEP_CONFIG_BASE_ADDR, 0xD424);
	 printf("Timeout Period = %d\n", timeout_csr&0xff);
	 if((timeout_csr&0xff) == 0) printf("Timeout disabled.\n");

  /*
   * Check no alarms
   * If ALARM0 ~ ALARM4, a mismatch happens during startup.
   * If ALARM16, timeout acknowledgement failed
   * If ALARM19, either wrong key when disabling timeout or internal error
   */
 //Refer to Example 1 Reading Generated Alarms

}
Level Two Title