[go: up one dir, main page]

CN116681015B - Chip design method, device, equipment and storage medium - Google Patents

Chip design method, device, equipment and storage medium Download PDF

Info

Publication number
CN116681015B
CN116681015B CN202310971469.9A CN202310971469A CN116681015B CN 116681015 B CN116681015 B CN 116681015B CN 202310971469 A CN202310971469 A CN 202310971469A CN 116681015 B CN116681015 B CN 116681015B
Authority
CN
China
Prior art keywords
target
chip
sub
module
security level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310971469.9A
Other languages
Chinese (zh)
Other versions
CN116681015A (en
Inventor
肖佐楠
黄旭松
王宇
沈贽
郑茳
匡启和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCore Technology Suzhou Co Ltd
Original Assignee
CCore Technology Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCore Technology Suzhou Co Ltd filed Critical CCore Technology Suzhou Co Ltd
Priority to CN202310971469.9A priority Critical patent/CN116681015B/en
Publication of CN116681015A publication Critical patent/CN116681015A/en
Application granted granted Critical
Publication of CN116681015B publication Critical patent/CN116681015B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/33Design verification, e.g. functional simulation or model checking
    • G06F30/3323Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/327Logic synthesis; Behaviour synthesis, e.g. mapping logic, HDL to netlist, high-level language to RTL or netlist
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/337Design optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/16Equivalence checking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/20Design reuse, reusability analysis or reusability optimisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)

Abstract

The application discloses a chip design method, device, equipment and storage medium, and relates to the technical field of chips. The method comprises the following steps: obtaining a mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels; obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level; and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores. The balance of fault coverage rate and power consumption is realized, so that the same chip can adapt to different security level requirements, and can be reused in the design of different domain control systems of the whole vehicle as much as possible, the reusability of the vehicle-level chip is improved, the system development is facilitated, and the cost and the development period of a vehicle factory are reduced.

Description

Chip design method, device, equipment and storage medium
Technical Field
The present invention relates to the field of chip technologies, and in particular, to a chip design method, apparatus, device, and storage medium.
Background
With the development of electronic and automatic driving of automobiles, the related application scenarios and conditions of the processors serving as automobile hubs are more and more complex, and in order to make the processors meet the high security level required by certain functions and achieve higher fault coverage, a micro-architecture level redundancy scheme is generally considered, that is, two processor cores with consistent functions are integrated in a chip, one of which is a main core and the other of which is an inspection core. However, not all domains of chips in automotive electronics and automated driving need high fault coverage, and therefore, the chips need to be re-customized for different security level requirements, thereby increasing development cycle and capital investment, and manufacturers also need to consider the suitability problem of different chips when working in the same system. In the prior art, the design of the high-security-level chip can be directly multiplexed into the module with low security level requirement, but in actual application, the function is excessive, and more resources and power consumption can be occupied. Therefore, how to flexibly switch the chip between different security level requirements and adapt to the different security level requirements is a problem that needs to be solved currently.
Disclosure of Invention
In view of the above, the present invention aims to provide a chip design method, device, apparatus and storage medium, which can enable the same chip to adapt to different security level requirements and improve the reusability of the vehicle-mounted chip. The specific scheme is as follows:
in a first aspect, the present application discloses a chip design method, including:
obtaining a mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels;
obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores.
Optionally, the obtaining the mapping relationship between the security level and the submodule includes:
determining a sub-module corresponding to each security level according to the fault injection test result and the digital circuit design information corresponding to the target chip;
and constructing the mapping relation between the security level and the sub-module according to the sub-module corresponding to each security level.
Optionally, the constructing the mapping relationship between the security level and the sub-module according to the sub-module corresponding to each security level includes:
determining configuration parameters according to the submodules corresponding to each security level;
and configuring a target register according to the configuration parameters to configure corresponding sub-modules for different security levels so as to obtain the mapping relation between the security levels and the sub-modules.
Optionally, the obtaining the target security level corresponding to the target chip includes:
acquiring mode configuration aiming at a target chip, and judging the type of the mode configuration;
and if the type of the mode configuration is the security level configuration, determining a target security level corresponding to the target chip according to the security level configuration.
Optionally, after the determining the type of the mode configuration, the method further includes:
and if the mode is configured to be a dual-core mode, the target chip is operated as a dual-core system, and fault detection is stopped.
Optionally, before determining the target sub-module corresponding to the target chip by querying the mapping relationship according to the target security level, the method further includes:
judging whether the target security level is the highest level;
if not, executing the step of determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
if yes, stopping fault detection of the sub-module, and carrying out fault detection on the two cores by comparing the bus outputs of the two cores.
Optionally, the target chip includes a main core and an inspection core, and the comparing and checking the output of the target sub-module in the two cores of the target chip includes:
forwarding the input of each target sub-module in the main core to the corresponding target sub-module in the checking core through the mode selection unit;
and comparing and checking the output of the same target sub-module according to the output of each target sub-module in the main core and the output of each target sub-module in the checking core.
In a second aspect, the present application discloses a chip design apparatus comprising:
the mapping relation acquisition module is used for acquiring the mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels;
the target sub-module determining module is used for obtaining a target security level corresponding to the target chip and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
and the fault checking module is used for comparing and checking the output of the target sub-module in the two cores of the target chip in the running process of the target chip so as to realize the fault checking of the target sub-module in the cores.
In a third aspect, the present application discloses an electronic device comprising:
a memory for storing a computer program;
and a processor for executing the computer program to implement the chip design method.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein the computer program, when executed by the processor, implements the chip design method described above.
In the application, the mapping relation between the security level and the sub-module is obtained; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels; obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level; and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores. Therefore, the sub-modules needing fault detection in the chip are configured for different automobile safety levels through the mapping relation between the safety levels and the sub-modules, and then corresponding fault detection is executed according to the target safety levels required by the chip, so that the balance of fault coverage rate and power consumption is realized without all fault detection, the same chip can adapt to different safety level requirements, and can be reused in the design of different domain control systems of the whole automobile as much as possible, the reusability of the automobile-level chip is improved, the system development is facilitated, and the cost and the development period of an automobile factory are reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a chip design method provided in the present application;
FIG. 2 is a schematic diagram of a specific chip structure provided in the present application;
FIG. 3 is a schematic diagram of a chip design apparatus according to the present disclosure;
fig. 4 is a block diagram of an electronic device provided in the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the prior art, the chip needs to be customized again according to different security level demands, so that development period and fund investment are increased, or in a module designed by directly multiplexing the design of the high security level chip to the low security level demands, in actual application, the chip is excessive in function and occupies more resources and power consumption. In order to overcome the technical problems, the application provides a chip design method which can enable the same chip to adapt to different security level requirements, so that the chip can be reused in the design of different domain control systems of the whole automobile as much as possible, and the reusability of the automobile-level chip is improved.
The embodiment of the application discloses a chip design method, referring to fig. 1, the method may include the following steps:
step S11: obtaining a mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels.
In this embodiment, the mapping relationship between the security level and the sub-module is obtained, and the mapping relationship is used to characterize the sub-modules that need to be checked for faults in the chip under different automobile security levels, that is, the sub-modules that need to be checked for faults in the chip under different automobile security levels have differences, so that by constructing the mapping relationship between the security level and the sub-modules in advance, those sub-modules that need to be checked under each security level can be defined.
It will be appreciated that in the design of automotive-related electronic chips, each chip responsible for a particular function of an automobile will have its security rating specified in accordance with the ISO26262 standard, the security rating (i.e., automobile security integrity rating, automotiveSafetyIntegrityLevel, ASIL) comprising ASIL-A, ASIL-B, ASIL-C, ASIL-D, wherein the security ratings rise in sequence, ASIL-D being the highest security rating. The domains (domains), i.e. the set of electronic and electric architectures for controlling a certain large functional module of the automobile, each Domain is uniformly controlled by a chip, for example, the domains can be specifically divided into a power Domain, a chassis Domain, a body Domain, a cabin Domain, an autopilot Domain and the like, the division of the domains is different, the safety level requirements of each Domain are also different, for example, the automobile electronic chassis chip corresponding to the chassis Domain needs to reach a more severe safety level standard, namely ASLI-D, while the automobile lamp control unit may not need to reach such a high safety level. The higher security level needs high fault coverage rate, the lower the security level is, the lower the requirement on the fault coverage rate is, so that the embodiment configures corresponding inspection ranges for different security levels to adjust the fault coverage rate through the mapping relation between the security level and the sub-module, and thus, the embodiment adapts to different security levels.
Fault coverage is the percentage of failure rate detected or controlled by an implemented safety protection to the failure rate of a certain failure mode of a hardware element, including permanent faults and transient faults. Permanent faults are open circuits, short circuits and the like caused by external stress or aging in the middle period of bathtub curves after chip production. Often not easily repaired in time, permanent faults in the digital circuit may be represented by a stuck 1 (high level), or a stuck 0 (low level). A transient fault is a fault that occurs once and then disappears, and is caused by the bit flip of the memory cell due to the space particle radiation (i.e., the content changes from 0 to 1 or from 1 to 0). The requirements for fault coverage include coverage requirements for both permanent and transient faults.
In this embodiment, the obtaining the mapping relationship between the security level and the sub-module may include: determining a sub-module corresponding to each security level according to the fault injection test result and the digital circuit design information corresponding to the target chip; and constructing the mapping relation between the security level and the sub-module according to the sub-module corresponding to each security level. Specifically, those sub-modules are selected for fault detection, and can be specifically combined with fault injection and digital circuit design (namely, resistor Transistor Logic (RTL) design) information for analysis, and key sub-modules and sub-modules which are easy to generate faults in the whole operation can be positioned through fault injection results and RTL design analysis, so that a mapping relation between the safety level and the sub-modules is constructed, and a better fault detection effect can be realized as much as possible on the basis of keeping the resource consumption.
In this embodiment, the constructing, according to the sub-module corresponding to each security level, the mapping relationship between the security level and the sub-module may include: determining configuration parameters according to the submodules corresponding to each security level; and configuring a target register according to the configuration parameters so as to configure corresponding sub-modules for different security levels, thereby obtaining the mapping relation between the security levels and the sub-modules. The method determines to carry out comparison inspection on the sub-modules in a register configuration mode, achieves the configurable function of the inspection range, and specifically configures the sub-modules according to different security level requirements, so that the power consumption is reduced.
Step S12: and obtaining a target security level corresponding to the target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level.
In this embodiment, when configuring the target chip, the mapping relationship between the security level and the sub-module is acquired, and the target security level required by the target chip is also required to be acquired, so that the mapping relationship is queried according to the target security level, and it can be determined which sub-modules the target chip currently needs to perform fault inspection have.
In this embodiment, the obtaining the target security level corresponding to the target chip may include: acquiring mode configuration aiming at a target chip, and judging the type of the mode configuration; if the type of the mode configuration is security level configuration, determining a target security level corresponding to the target chip according to the security level configuration; and if the mode is configured to be a dual-core mode, the target chip is operated as a dual-core system, and fault detection is stopped. The mode configuration of the target chip is firstly obtained, the mode configuration can be the security level configuration or the dual-core mode, if the dual-core mode is adopted, the current chip is characterized in that fault detection is not needed, so that fault detection is stopped, and the two chips in the target chip are operated as a dual-core system. If the type of the mode configuration is a security level configuration, the security level is further determined.
In the prior art, for the vehicle-level chip, a dual-core lock-step (DCLS, dualCoreLockStep) method is generally adopted to achieve the safety goal of ASIL-D, but the scheme chip can be actually switched in two modes, namely a dual-core mode and a lock-step mode. In the dual-core mode, when the output of the two cores does not need to be compared with the result, the chip is operated as a dual-core system; in lockstep mode, the two cores will perform output comparison, and the chip is actually running as a single core. However, it can be found through actual operation that for chips with low security requirements, it may only be necessary to perform a comparison check on some modules tightly coupled to security. Therefore, in order to make the chip more suitable for the requirements of different security target levels, a smaller granularity inspection is performed on the basis of the prior architecture, namely, the output results of a certain key modules in the chip are inspected, and the specific cost is that at least 5 modes, namely, a dual-core mode, an ASIL-D mode, an ASIL-C mode, an ASIL-B mode and an ASIL-A mode are supported through configuration mapping relation and the security level of the chip, namely, the support of the ASIL-C mode, the ASIL-B mode and the ASIL-A mode is increased on the basis of the prior art, so that the chip design and the use are more flexible.
In this embodiment, before determining the target sub-module corresponding to the target chip by querying the mapping relationship according to the target security level, the method may further include: judging whether the target security level is the highest level; if not, executing the step of determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level; if yes, stopping fault detection of the sub-module, and carrying out fault detection on the two cores by comparing the bus outputs of the two cores. The highest security level is the ASIL-D mode, in which case all outputs of the two cores are compared, i.e. all modules in the chip are checked, so that the bus outputs of the two cores are selected to be directly compared, the determination of the sub-modules and the subsequent steps are not required, the checking of the internal sub-modules is not required, and vice versa, thereby avoiding wasting unnecessary resources.
Step S13: and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores.
After the target sub-module is determined, only the output of each target sub-module in two cores of the target chip is compared and checked in the operation process of the target chip. In this embodiment, the target chip includes a main core and an inspection core, and the comparing and checking the output of the target sub-module in the two cores of the target chip may include: forwarding the input of each target sub-module in the main core to the corresponding target sub-module in the checking core through the mode selection unit; and comparing and checking the output of the same target sub-module according to the output of each target sub-module in the main core and the output of each target sub-module in the checking core.
For example, as shown in fig. 2, ALU (logical operation Unit, arithmetic and logic Unit), FPU (floating Point Unit), BPU (branch prediction Unit, branch Processing Unit), and cache_ctrl (CACHE control) are exemplified as target sub-modules. The mode selection unit (modeSelect) forwards the inputs of the several sub-modules in the main core to the same sub-modules in the check core respectively, even if the same sub-modules have the same input data, and then performs comparison check on the outputs of the same target sub-modules according to the outputs of the target sub-modules in the main core and the outputs of the target sub-modules in the check core, for example, as shown in fig. 2, the logic operation check unit is used for performing comparison check on the data output by the ALUs of the two cores, and the other sub-modules are similarly detected by the corresponding detection units, so that the effects of meeting the safety requirement and saving resources are achieved, and the fault position and the sub-module can be specifically positioned.
In fig. 2, the core check module performs fault detection on the output of the external bus in the ASIL-D mode, and the mode selection unit intercepts the input of the main core multiplexed to the check core module when the corresponding sub-module check is turned off, i.e., in the ASIL-D mode. In addition, whether the detection of all the outputs of the cores of the bus outputs or the detection of the outputs of the sub-modules is performed, the comparison detection is performed through exclusive OR logic, and if the detection of the outputs is different, a fault is reported to the interrupt unit.
From the above, in this embodiment, the mapping relationship between the security level and the sub-module is obtained; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels; obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level; and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores. Therefore, the sub-modules needing fault detection in the chip are configured for different automobile safety levels through the mapping relation between the safety levels and the sub-modules, and then corresponding fault detection is executed according to the target safety levels required by the chip, so that the balance of fault coverage rate and power consumption is realized without all fault detection, the same chip can adapt to different safety level requirements, and can be reused in the design of different domain control systems of the whole automobile as much as possible, the reusability of the automobile-level chip is improved, the system development is facilitated, and the cost and the development period of an automobile factory are reduced. The automobile gauge chip refers to a chip which has technical standards reaching automobile gauge level and can be applied to automobile control. The gauge class is one of the standard classes of specifications suitable for automotive electronics.
Correspondingly, the embodiment of the application also discloses a chip design device, referring to fig. 3, the device comprises:
the mapping relation obtaining module 11 is configured to obtain a mapping relation between the security level and the submodule; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels;
the target sub-module determining module 12 is configured to obtain a target security level corresponding to a target chip, and determine a target sub-module corresponding to the target chip by querying the mapping relationship according to the target security level;
and the fault checking module 13 is used for comparing and checking the outputs of the target sub-modules in the two cores of the target chip in the running process of the target chip so as to realize fault checking of the target sub-modules in the cores.
From the above, in this embodiment, the mapping relationship between the security level and the sub-module is obtained; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels; obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level; and in the running process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip so as to realize the fault check of the target sub-module in the cores. Therefore, the sub-modules needing fault detection in the chip are configured for different automobile safety levels through the mapping relation between the safety levels and the sub-modules, and then corresponding fault detection is executed according to the target safety levels required by the chip, so that the balance of fault coverage rate and power consumption is realized without all fault detection, the same chip can adapt to different safety level requirements, and can be reused in the design of different domain control systems of the whole automobile as much as possible, the reusability of the automobile-level chip is improved, the system development is facilitated, and the cost and the development period of an automobile factory are reduced.
In some specific embodiments, the mapping relationship obtaining module 11 may specifically include:
the sub-module determining unit is used for determining the sub-module corresponding to each security level according to the fault injection test result and the digital circuit design information corresponding to the target chip;
and the mapping construction unit is used for constructing the mapping relation between the security level and the sub-modules according to the sub-modules corresponding to each security level.
In some specific embodiments, the mapping construction unit may specifically include:
the configuration parameter generation unit is used for determining configuration parameters according to the submodules corresponding to each security level;
and the configuration unit is used for configuring a target register according to the configuration parameters so as to configure corresponding sub-modules for different security levels, and the mapping relation between the security levels and the sub-modules is obtained.
In some embodiments, the target sub-module determination module 12 may specifically include:
a mode configuration obtaining unit, configured to obtain a mode configuration for a target chip, and determine a type of the mode configuration;
and the execution unit is used for determining the target security level corresponding to the target chip according to the security level configuration if the type of the mode configuration is the security level configuration.
In some embodiments, the chip design apparatus may specifically include:
and the operation configuration unit is used for operating the target chip as a dual-core system and stopping fault detection if the mode is configured as a dual-core mode.
In some embodiments, the chip design apparatus may specifically include:
the level judging unit is used for judging whether the target security level is the highest level before determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
the execution unit is used for executing the step of determining the target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level if the judgment of the level judgment unit is no;
a kernel fault checking unit for stopping fault checking of the sub-module if the judgment of the level judging unit is yes, and performing fault checking on the two cores by comparing the bus outputs of the two cores.
In some embodiments, the fault checking module 13 may specifically include:
the forwarding unit is used for forwarding the input of each target sub-module in the main core to the corresponding target sub-module in the checking core through the mode selection unit;
and the submodule fault checking unit is used for comparing and checking the output of the same target submodule according to the output of each target submodule in the main core and the output of each target submodule in the checking core.
Further, the embodiment of the application further discloses an electronic device, and referring to fig. 4, the content in the drawing should not be considered as any limitation on the scope of use of the application.
Fig. 4 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is used for storing a computer program, which is loaded and executed by the processor 21 to implement the relevant steps in the chip design method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon include an operating system 221, a computer program 222, and data 223 including a mapping relation, and the storage may be a temporary storage or a permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and the computer program 222, so as to implement the operation and processing of the processor 21 on the mass data 223 in the memory 22, which may be WindowsServer, netware, unix, linux. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the chip design method performed by the electronic device 20 disclosed in any of the previous embodiments.
Further, the embodiment of the application also discloses a computer storage medium, wherein the computer storage medium stores computer executable instructions, and when the computer executable instructions are loaded and executed by a processor, the steps of the chip design method disclosed in any embodiment are realized.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above detailed description of a chip design method, device, apparatus and medium provided by the present invention applies specific examples to illustrate the principles and embodiments of the present invention, and the above examples are only used to help understand the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (8)

1. A chip design method, comprising:
obtaining a mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels;
obtaining a target security level corresponding to a target chip, and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
in the operation process of the target chip, comparing and checking the output of the target sub-module in the two cores of the target chip to realize the fault check of the target sub-module in the cores;
the obtaining the target security level corresponding to the target chip includes:
acquiring mode configuration aiming at a target chip, and judging the type of the mode configuration;
if the type of the mode configuration is security level configuration, determining a target security level corresponding to the target chip according to the security level configuration;
wherein after the judging of the type of the mode configuration, the method further comprises:
and if the mode is configured to be a dual-core mode, the target chip is operated as a dual-core system, and fault detection is stopped.
2. The chip design method according to claim 1, wherein the obtaining the mapping relation between the security level and the sub-module comprises:
determining a sub-module corresponding to each security level according to the fault injection test result and the digital circuit design information corresponding to the target chip;
and constructing the mapping relation between the security level and the sub-module according to the sub-module corresponding to each security level.
3. The chip design method according to claim 2, wherein the constructing the mapping relationship between the security level and the sub-module according to the sub-module corresponding to each security level comprises:
determining configuration parameters according to the submodules corresponding to each security level;
and configuring a target register according to the configuration parameters to configure corresponding sub-modules for different security levels so as to obtain the mapping relation between the security levels and the sub-modules.
4. The chip design method according to claim 1, wherein before the determining the target sub-module corresponding to the target chip by querying the mapping relationship according to the target security level, the method further comprises:
judging whether the target security level is the highest level;
if not, executing the step of determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
if yes, stopping fault detection of the sub-module, and carrying out fault detection on the two cores by comparing the bus outputs of the two cores.
5. The chip design method according to any one of claims 1 to 4, wherein the target chip includes a main core and a check core, and the comparing and checking outputs of the target sub-modules in the two cores of the target chip includes:
forwarding the input of each target sub-module in the main core to the corresponding target sub-module in the checking core through the mode selection unit;
and comparing and checking the output of the same target sub-module according to the output of each target sub-module in the main core and the output of each target sub-module in the checking core.
6. A chip design apparatus, comprising:
the mapping relation acquisition module is used for acquiring the mapping relation between the security level and the sub-module; the mapping relation is used for representing sub-modules which need to be subjected to fault detection in the chip under different automobile safety levels;
the target sub-module determining module is used for obtaining a target security level corresponding to the target chip and determining a target sub-module corresponding to the target chip by inquiring the mapping relation according to the target security level;
the fault checking module is used for comparing and checking the output of the target sub-module in the two cores of the target chip in the running process of the target chip so as to realize the fault checking of the target sub-module in the cores;
the target sub-module determining module is used for acquiring the mode configuration aiming at the target chip and judging the type of the mode configuration; if the type of the mode configuration is security level configuration, determining a target security level corresponding to the target chip according to the security level configuration;
the chip design device is further configured to, after determining the type of the mode configuration, operate the target chip as a dual-core system and stop fault checking if the mode configuration is a dual-core mode.
7. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the chip design method as claimed in any one of claims 1 to 5.
8. A computer-readable storage medium storing a computer program; wherein the computer program when executed by a processor implements the chip design method according to any one of claims 1 to 5.
CN202310971469.9A 2023-08-03 2023-08-03 Chip design method, device, equipment and storage medium Active CN116681015B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310971469.9A CN116681015B (en) 2023-08-03 2023-08-03 Chip design method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310971469.9A CN116681015B (en) 2023-08-03 2023-08-03 Chip design method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116681015A CN116681015A (en) 2023-09-01
CN116681015B true CN116681015B (en) 2023-12-22

Family

ID=87785936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310971469.9A Active CN116681015B (en) 2023-08-03 2023-08-03 Chip design method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116681015B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326053A (en) * 2016-08-25 2017-01-11 深圳先进技术研究院 Chip security test method and system based on fault injection
CN107818271A (en) * 2016-09-14 2018-03-20 国民技术股份有限公司 Direct fault location analysis method and system based on chip layout
CN110955571A (en) * 2020-02-20 2020-04-03 南京芯驰半导体科技有限公司 Fault management system for functional safety of vehicle-specification-level chip
CN113722138A (en) * 2021-08-27 2021-11-30 常州苏度科技有限公司 High-reliability FPGA system and method for reducing soft error sensitivity
CN114968646A (en) * 2022-07-27 2022-08-30 南京芯驰半导体科技有限公司 A functional fault handling system and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326053A (en) * 2016-08-25 2017-01-11 深圳先进技术研究院 Chip security test method and system based on fault injection
CN107818271A (en) * 2016-09-14 2018-03-20 国民技术股份有限公司 Direct fault location analysis method and system based on chip layout
CN110955571A (en) * 2020-02-20 2020-04-03 南京芯驰半导体科技有限公司 Fault management system for functional safety of vehicle-specification-level chip
CN113722138A (en) * 2021-08-27 2021-11-30 常州苏度科技有限公司 High-reliability FPGA system and method for reducing soft error sensitivity
CN114968646A (en) * 2022-07-27 2022-08-30 南京芯驰半导体科技有限公司 A functional fault handling system and method thereof

Also Published As

Publication number Publication date
CN116681015A (en) 2023-09-01

Similar Documents

Publication Publication Date Title
US20180111626A1 (en) Method and device for handling safety critical errors
US9323595B2 (en) Microcontroller, control device and determination method
US9677480B2 (en) High diagnosability, quality managed-compliant integrated circuit for implementing ASIL B-compliant automotive safety-related functions
EP3423849B1 (en) Ultra-fast autonomous clock monitoring circuit for safe and secure automotive applications
US7890233B2 (en) Microcontroller, control system and design method of microcontroller
US20140039864A1 (en) Method, computer program product, and apparatus for simulating electromagnetic immunity of an electronic device
KR20130050501A (en) In-vehicle debugging system for ecu and method thereof
EP4198736A1 (en) Distributed mechanism for fine-grained test power control
CN116681015B (en) Chip design method, device, equipment and storage medium
KR20210151963A (en) Reconfigurable System-on-Chip
US20230203796A1 (en) Dynamically Re-Configurable In-Field Self-Test Capability For Automotive Systems
KR100345115B1 (en) Method for diagnosing logics
US9644593B2 (en) Cold-crank event management
US20090052609A1 (en) Method and apparatus for self identification of circuitry
US11210188B1 (en) Systems and methods for processor monitoring and recovery
CN114967641A (en) A method and system for automatic testing of vehicle controller diagnostic function
US20130054988A1 (en) Integrated circuit device, signal processing system and method for managing power resources of a signal processing system
US10521233B2 (en) Electronic control unit
US20100077383A1 (en) Simulation method and storage medium for storing program
JP5978873B2 (en) Electronic control unit
JP2017149244A (en) Semiconductor device and operation method thereof, and electronic control system
US20250123903A1 (en) Distributed mechanism for fine-grained test power control
US12019118B2 (en) Processing system, related integrated circuit, device and method
JP6090094B2 (en) Information processing device
CN116501522A (en) Investigation method and device for intelligent driving incapable of starting of automobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Xiao Zuonan

Inventor after: Huang Xusong

Inventor after: Wang Yu

Inventor after: Shen Zhi

Inventor after: Zheng Jiang

Inventor after: Kuang Qihe

Inventor before: Xiao Zuonan

Inventor before: Huang Xusong

Inventor before: Shen Zhi

Inventor before: Zheng Jiang

Inventor before: Kuang Qihe

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant