Feature Summary - 1.0 English

MicroBlaze Triple Modular Redundancy (TMR) Subsystem (PG268)

Document ID
PG268
Release Date
2022-04-28
Version
1.0 English

To implement a complete MicroBlaze TMR subsystem, the following IP cores are provided:

TMR Manager

The TMR Manager is responsible for handling the TMR subsystem state, including fault detection and error recovery. The core is triplicated in each of the sub-blocks in the TMR subsystem, and provides majority voting of its internal state.

In the dual lockstep configuration, the core is duplicated, and provides fault detection of its internal state, including any temporal delay.

TMR Voter

This core provides the majority voter necessary for all bus interfaces of the triplicated subsystem, and distributes the bus interface input signals to the subsystems.

The core is also used in dual lockstep configuration to distribute input signals to the subsystems, with optional temporal delay for the redundant subsystem.

TMR Comparator

The comparators implement fault detection of all bus interfaces in the triplicated subsystem, and also includes an optional voter checker to detect faults in the corresponding TMR Voter. The comparators are triplicated in each of the sub-blocks in the TMR subsystem.

The comparators also implement fault detection in the dual lockstep configuration, together with temporal delay, when this is used.

TMR Inject

The TMR Inject core provides functional fault injection by changing selected MicroBlaze instructions, which provides the possibility to verify that the TMR subsystem error detection and fault recovery logic is working properly.

TMR SEM

The TMR Soft Error Mitigation interface implements a wrapper of the Xilinx Soft Error Mitigation functionality to simplify integration in Vivado IP integrator. The core is only available for 7 series, Zynq®-7000, UltraScale™ and UltraScale+™ devices.

In addition to these cores, the I/O Module v3.1 core provides the TMR voting mechanism necessary to preserve its internal state, in order to enable automated error recovery. In the dual lockstep configuration, the core provides fault detection of its internal state, including any temporal delay.