Fault injection is useful to test the integrity of the TMR subsystem, and ensure that error detection and recovery operates nominally. There are three principal methods of fault injection:
• Functional fault injection, supported by the TMR Inject core.
• Comparator fault injection, supported by the TMR Manager and TMR Comparator cores, and
• Configuration bit fault injection, supported by the TMR SEM core.
Functional fault injection is implemented by injecting a different instruction in one of the triplicated MicroBlaze processors at a certain instruction address (program counter). This eventually causes a mismatch between this processor and the two others, which is detected by a TMR comparator.
To inject a fault in one of the three processors, the software writes the instruction, address and CPU ID to the TMR Inject core. The software can check that the expected comparator mismatch has occurred by reading the TMR Manager First Failing Register.
During testing, it is possible to prevent the TMR Manager from reacting to the fault using the TMR Manager Comparison Mask Register. In the absence of an additional actual fault, the subsystem continues to operate nominally.
|
X-Ref Target - Figure 2-6 
|