Arm
®
CoreLink™ GIC-600AE Generic Interrupt Controller
Technical Reference Manual
Document ID: 101206_0003_04_en
Issue: 04
Functional Safety
a compressed CRC representation of the payload data. Therefore, a wide primary payload is
represented by a redundant payload of only 8 bits.
The following components are protected with partial duplication:
•
Register slice
•
AMBA Domain Bridge (ADB). It has special logic to ensure the primary and redundant domains
are in sync, and the outputs have the correct temporal delay.
AMBA
®
external interface protection
All external interfaces are protected with AMBA
®
Parity Extension. AMBA
®
Parity Extension
protects point-to-point connections consisting of wires and buffers only, and no gates. This
protection includes the ACE-Lite, GIC Stream, Cross-Chip (CC), and APB external ports.
PPI and SPI source interrupt parity protection
The PPI and SPI interrupt input sources are protected with optional parity protection. There is one
parity bit for each PPI and SPI input pin.
P-Channel and Q-Channel protection
The P-Channel and Q-Channel are protected by parity.
•
The P-Channel protection is for cross-chip functions, so it must protect the
Distributor.
•
Figure 6-1: Safety Mechanism distribution on page 194 shows Q-Channel
protection that is enabled on only one ITS block. However, the Q-Channel
protection can support any block that has a different CDC domain from the
others.
Systematic fault watchdog
GIC-600AE contains a watchdog-based PING/ACK mechanism. This mechanism protects against
systematic errors on the interconnect that connects the various GIC blocks. It works by engaging
a hardware mechanism in the Distributor that pings each GIC block in a round-robin fashion and
waits for a response. If the mechanism does not receive a response within the programmable
timeout window, it reports a fault.
Clocks and resets
The clocks and resets are duplicated. The clocks operate with a temporal delay of two. That is, the
primary logic operates two cycles ahead of the redundant logic.
Fault Management Unit
The Fault Management Unit (FMU) resides in the Distributor. It processes faults that are detected by
the Safety Mechanisms from all blocks. The FMU records the fault syndrome in the Error Records
and reports the fault using Error Recovery Interrupt (ERI) and Fault Handling Interrupt (FHI). It also
provides fault injection and clearing for each Safety Mechanism. The FMU talks to an external
Safety Island through the APB port. The APB port is added for FuSa purposes and does not exist
on the GIC-600, the non-FuSa version.
Copyright © 2018–2020, 2022 Arm Limited (or its affiliates). All rights reserved.
Non-Confidential
Page 195 of 268
To Next Page
Loading...