A Fail-Silent Reconfigurable Superscalar Processor

We propose a reconfigurable superscalar processor with two modes of operation: In safety mode the two pipelines run in lock step, executing the same instruction sequence, thus allowing to detect hardware failures. In performance mode different instruction streams are executed in parallel, just like in a standard superscalar processor. Considering that many embedded applications comprise a mixture of safety-critical and non safety-critical functions, the ability to dynamically switch between the two modes allows an efficient utilization of the duplicated pipeline. To complement the error detection enabled by the duplicated pipeline, non-duplicated components such as the register file are secured by parity. A systematic failure analysis shows that the proposed implementation can indeed detect all single faults in safety mode and that the ability to switch modes does not compromise the fail safe property. These encouraging results are finally confirmed by extensive fault injection experiments.