JP5629981B2 - Semiconductor integrated circuit and fault diagnosis method for semiconductor integrated circuit - Google Patents

Description

  The present invention relates to a failure diagnosis technique in a semiconductor integrated circuit.

  In recent years, in semiconductor integrated circuits such as LSIs (Large Scale Integration) for automobiles, it is required to detect failures in the semiconductor integrated circuits and prevent the occurrence of accidents by the system before causing a serious accident. The concept of improving safety by implementing a safety device as a function that reduces the risk of failure of the elements and parts that make up the system is called functional safety. For example, the international standard IEC61058 has been established for the functional safety of electronic equipment, and the international standard ISO26262 is scheduled to be established for the functional safety for the automobile field. There is a tendency for demands to increase.

  In a semiconductor integrated circuit equipped with a CPU (Central Processing Unit) as shown in FIG. 4, there is a method described below as a method for detecting a CPU failure. The semiconductor integrated circuit shown in FIG. 4 includes a CPU 101, a ROM (Read Only Memory) 102, a RAM (Random Access Memory) 103, and a peripheral portion 104. The CPU 101, the ROM 102, the RAM 103, and the peripheral unit 104 are connected to be communicable with each other via the system bus BUS. The CPU 101 executes processing according to a program stored in the ROM 102 or the like, and exchanges data with the RAM 103 or the peripheral unit 104 or the like via the system bus BUS according to the processing.

  Further, the semiconductor integrated circuit shown in FIG. 4 includes a diagnostic data acquisition unit 105 and an expected value comparison unit 106 relating to the fault diagnosis function. The diagnostic data acquisition unit 105 is connected to a transmission path for outputting the output of the CPU 101 to the system bus BUS, and acquires data necessary for failure determination from the output of the CPU 101. The expected value comparison unit 106 compares the data acquired by the diagnostic data acquisition unit 105 with an expected value prepared in advance.

  A diagnostic program for diagnosing a failure of the CPU 101 is prepared in advance and stored in the ROM 102. When diagnosing the failure, the CPU 101 reads the diagnostic program from the ROM 102 and executes it. The CPU 101 performs processing related to the diagnostic program one step at a time, and stores the processing result in, for example, the RAM 103 via the system bus BUS. The diagnostic data acquisition unit 105 outputs the processing result of the diagnostic program output from the CPU 101 to the RAM 103 and the peripheral unit 104 via the system bus BUS as diagnostic data from the transmission path for each step or a predetermined number of steps. Get every time. The expected value comparing unit 106 sequentially compares the prepared expected value for each data acquired by the diagnostic data acquiring unit 105, and if the acquired data does not match the expected value, it is a failure. judge.

  Further, in the semiconductor memory device, a checksum in each stored information is stored in advance, and at the time of testing, a checksum is calculated based on the read information and output to the outside. There has been proposed a method in which it is unnecessary to calculate a checksum on a tester by outputting to the outside (see, for example, Patent Document 1). In addition, in a logic circuit having a shift path structure, a diagnostic dictionary showing the location and content of a failure is created by simulation, and the output value of the logic circuit and the content of the diagnostic dictionary are compared and collated at the time of testing, and the location and content of the failure Has been proposed (see, for example, Patent Document 2).

JP-A-6-36600 Japanese Patent Laid-Open No. 11-287845

  In the above-described failure detection method in a semiconductor integrated circuit equipped with a CPU, the diagnostic data acquisition unit 105 for acquiring diagnostic data used for failure determination outputs the output of the CPU 101 to the system bus BUS. Connected to the transmission path. Therefore, the load related to the output of the CPU 101 is increased by the diagnostic data acquisition unit 105, the transmission speed related to the output of the CPU 101 is lowered, and the performance (processing execution capability, performance) of the CPU 101 is affected. Moreover, it is necessary to compare with the expected value prepared for every data acquired by the diagnostic data acquisition unit 105.

  An object of the present invention is to provide a semiconductor integrated circuit that enables fault diagnosis without affecting the performance of a CPU.

One aspect of the semiconductor integrated circuit includes: a first interface connected to a first bus through which data related to normal operation is transmitted; and a processing unit having a second interface connected to a second bus different from the first interface; A diagnostic unit that is disposed outside the processing unit and connected to the second bus and determines whether or not the processing unit is faulty; and is disposed outside the processing unit and connected to the second bus; A debugger unit that accumulates diagnostic information including first information indicating the internal state of the processing unit, and a storage unit that is connected to the diagnostic unit and holds an expected value. The processing unit inputs / outputs data to / from a plurality of peripheral circuits connected to the first bus via the first bus at the time of a fault diagnosis operation, and also transmits diagnostic information to the debugger via the second bus. To the output. The diagnostic unit includes the first diagnostic information stored in the debugger unit via the second bus without affecting the data input / output operation between the processing unit and the plurality of peripheral circuits during the fault diagnostic operation. By extracting second information to be used for failure diagnosis of the processing unit from information 1, error detection information is obtained based on the second information, and the first period has elapsed since the start of the failure diagnosis operation At this timing, it is determined whether or not the processing unit has failed by comparing the error detection information with the expected value.

  Since diagnostic information is acquired via a second bus different from the first bus through which data related to normal operation is transmitted, it is determined whether or not the processing unit has failed. The load on one bus does not increase. Therefore, failure diagnosis can be performed without degrading the performance and without affecting the performance.

It is a figure which shows the structural example of the semiconductor integrated circuit in embodiment of this invention. It is a figure which shows the other structural example of the semiconductor integrated circuit in this embodiment. 3 is a flowchart showing an operation example of the semiconductor integrated circuit in the present embodiment. It is a figure which shows the structure of the semiconductor integrated circuit carrying CPU.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram illustrating a configuration example of a semiconductor integrated circuit according to an embodiment of the present invention.
1 includes a CPU (Central Processing Unit) 1, a ROM (Read Only Memory) 2, a RAM (Random Access Memory) 3, a peripheral unit 4, a debugger module 5, and A diagnostic macro 6 is included.

  The CPU 1 controls each functional unit in the semiconductor integrated circuit by reading and executing the program. For example, the CPU 1 executes a process according to a program, and exchanges data with the RAM 3 and the peripheral unit 4 according to the process. The CPU 1 has two different interfaces IFA and IFB for inputting / outputting information (data) (including the case of being either input or output). The CPU 1 is connected to the first bus BUSA by the first interface IFA, and is connected to the second bus BUSB by the second interface IFB.

  The first bus BUSA is a bus used in normal operation (a bus in which normal data related to normal operation is exchanged). For example, normal data called a system bus (or resource bus) is exchanged. For the bus. In the semiconductor integrated circuit according to the present embodiment, the CPU 1, the ROM 2, the RAM 3, and the peripheral unit 4 are connected to be communicable with each other via the first bus BUSA. In the present embodiment, when the CPU 1 is executing a diagnostic program for failure diagnosis is referred to as failure diagnosis operation, and distinguished from failure diagnosis operation, a predetermined function process different from the diagnosis program is realized. The time when the CPU 1 is executing the program is called normal operation.

  The second bus BUSB is a bus that is not used for normal operation (a bus that does not exchange normal data related to normal operation). For example, various information called a trace bus (for example, trace information for debugging ( Debug information)) is transmitted on the bus. In the semiconductor integrated circuit according to this embodiment, the CPU 1 and the debugger module 5 are communicably connected via the second bus BUSB, and the diagnostic macro 6 is provided so that various types of transmitted information can be acquired. 2 bus BUSB.

  The ROM 2 stores a program executed by the CPU 1, data used for processing performed according to the program, and the like. In the present embodiment, it is assumed that at least a diagnostic program for performing a fault diagnosis is stored in the ROM 2. Note that the program executed by the CPU 1, data used for processing related thereto, and the like may be supplied from the peripheral unit 4, or may be supplied from the outside via the peripheral unit 4.

  The RAM 3 is a memory that temporarily stores data such as a processing result of a program executed by the CPU 1, and functions as a so-called main memory or work area of the CPU 1. The peripheral unit 4 is a functional unit that realizes a predetermined function.

  The debugger module 5 accumulates various types of information indicating the internal state of the CPU 1 output from the CPU 1 via the second bus BUSB separately from the actual operation. Various information output from the CPU 1 via the second bus BUSB is accumulated during the execution of the program, and is used to perform an operation analysis by tracing the accumulated information when the operation related to the program is abnormal. Information (for example, trace information for debugging (debug information)) is included.

  The diagnosis macro 6 generates diagnosis data TI to be used for failure diagnosis from various information indicating the internal state of the CPU 1 output from the CPU 1 via the second bus BUSB when the diagnosis program for failure diagnosis is executed. Extract. As an example in the present embodiment, the diagnostic macro 6 diagnoses the instruction execution address, the store address at the time of the store instruction, the store data, the read address at the time of execution of the load instruction, and the read data from the debug trace information output from the CPU 1. Is extracted as data TI for use.

  The diagnostic macro 6 obtains error detection information based on the extracted diagnostic data TI, and determines whether or not the CPU 1 has failed based on the obtained error detection information. For example, the diagnostic macro 6 includes a checksum calculation unit, and calculates a checksum as error detection information from the extracted diagnostic data TI. The diagnostic macro 6 compares the final checksum calculation result obtained by executing the diagnostic program with an expected value prepared in advance, and determines whether or not there is a failure based on the comparison result. For the checksum calculation in the diagnostic macro 6, any checksum algorithm method (for example, CRC checksum, Alder-32 checksum, Fletcher-32 checksum, etc.) can be applied.

  In the semiconductor integrated circuit shown in FIG. 1, during normal operation, the CPU 1 executes processing according to a predetermined program, and the CPU 1 exchanges data via the first bus BUSA with the RAM 3 and the peripheral unit 4 according to the processing. Thus, predetermined function processing is performed.

  Further, during the failure diagnosis operation, the CPU 1 reads and executes a diagnosis program for failure diagnosis. During execution of the diagnostic program, the CPU 1 exchanges data with the RAM 3 and the peripheral unit 4 via the first bus BUSA according to the processing, and debugs separately from the actual operation via the second bus BUSB. Output various information such as trace information. Further, during execution of the diagnostic program, the diagnostic macro 6 extracts diagnostic data TI used for failure diagnosis from various information output from the CPU 1 via the second bus BUSB, and extracts the diagnostic data TI extracted. Is used to obtain error detection information. Then, the diagnostic macro 6 compares the final error detection information obtained over the entire period after the execution of the diagnostic program and the expected value prepared in advance to obtain the final error detection information. If the expected value and the expected value do not match, it is determined that there is a failure, and if they match, it is determined that there is no failure.

  As described above, the semiconductor integrated circuit according to the present embodiment uses diagnostic data from information transmitted via the second bus BUSB that is not used for normal operation different from the first bus BUSA used for normal operation. TI is acquired and a failure diagnosis of the CPU 1 is performed. As a result, failure diagnosis can be performed without increasing the load on the first bus BUSA, and the performance of the CPU 1 is not degraded. Therefore, failure diagnosis can be performed without affecting the performance of the CPU 1.

  In the semiconductor integrated circuit according to the present embodiment, the final error detection information and the expected value obtained by executing the diagnostic program are not compared with the expected value for each acquired diagnostic data TI. Since it is determined whether or not it is a failure by comparison, the processing amount related to the comparison can be reduced. Further, it is not necessary to prepare an expected value for each acquired diagnostic data TI, it is sufficient to prepare only one expected value to be compared with the final error detection information, and the number of expected values to be prepared can be reduced. The storage capacity for holding the expected value can be reduced.

  FIG. 2 is a block diagram showing another configuration example of the semiconductor integrated circuit according to the embodiment of the present invention. In FIG. 2, components having the same functions as those shown in FIG. 1 are given the same reference numerals, and redundant descriptions are omitted.

  The semiconductor integrated circuit shown in FIG. 2 includes an expected value register 11, a comparison timing timer 12, a comparison timing timer value register 13, a monitor, in addition to the CPU 1, the ROM 2, the RAM 3, the peripheral unit 4, the debugger module 5, and the diagnostic macro 6. A timer 14 for monitoring, a timer value register 15 for monitoring, and an information register 16.

  The expected value register 11 is a register that holds an expected value of error detection information calculated in accordance with the execution of the diagnostic program. The diagnostic macro 6 refers to the expected value register 11 and compares the error detection information obtained based on the diagnostic data TI at the expected value comparison timing with the expected value held in the expected value register 11.

  The comparison timing timer 12 is a timer that generates an expected value comparison timing for comparing the error detection information obtained based on the diagnostic data TI with the expected value. The comparison timing timer 12 counts down (decrements) every time a predetermined time elapses during the execution of the diagnostic program, and indicates that it is the expected value comparison timing when the timer value becomes “0”. The comparison timing timer value register 13 is a register that holds a timer value related to the expected value comparison timing, in other words, an initial value of the timer value in the comparison timing timer 12. When execution of the diagnostic program is started, the timer value is loaded from the comparison timing timer value register 13 to the comparison timing timer 12 and set.

  The monitoring timer 14 generates a reset timing for resetting the CPU 1 when the end of the process is not confirmed even after the time for completing the process related to the diagnostic program has elapsed after the execution of the diagnostic program is started. It is a timer. The monitoring timer 14 counts down (decrements) every time a predetermined time elapses during execution of the diagnostic program, and indicates that it is a reset timing when the timer value becomes “0”. The monitoring timer value register 15 is a register that holds a timer value related to reset timing, in other words, an initial value of the timer value in the monitoring timer 14. When execution of the diagnostic program is started, a timer value is loaded from the monitoring timer value register 15 to the monitoring timer 14 and set.

  The information register 16 is a register that holds information related to the failure diagnosis operation. The information register 16 is a register that can hold information without being reset (initialized) even when the CPU 1 is reset. For example, when the CPU 1 is reset, the information register 16 holds a flag indicating that fact.

Next, the operation of the semiconductor integrated circuit shown in FIG. 2 will be described.
During normal operation, the semiconductor integrated circuit performs processing according to a predetermined program by the CPU 1, and the CPU 1 exchanges data with the RAM 3, the peripheral unit 4 and the like via the first bus BUSA according to the processing. Perform functional processing.

  The failure diagnosis operation will be described with reference to FIG. FIG. 3 is a flowchart showing an example of a failure diagnosis operation in the semiconductor integrated circuit shown in FIG. In the following description, it is assumed that the diagnosis macro 6 calculates a checksum as error detection information and uses a CRC checksum as the checksum algorithm method. That is, the diagnosis macro 6 has a CRC calculation unit and performs CRC calculation based on the extracted diagnostic data TI.

  When starting the failure diagnosis operation, first, in step S1, initial setting related to the failure diagnosis operation is performed. In the initial setting in step S1, a diagnostic program for performing failure diagnosis is stored in the ROM 3, and an expected value is stored in the expected value register 11. In the initial setting in step S1, timer values are stored in the comparison timing timer value register 13 and the monitoring timer value register 15, respectively. Note that the order in which these processes (diagnostic program storage, expected value storage, and timer value storage) are performed is arbitrary, and it is sufficient that all processes are completed before the execution of the diagnostic program is started.

  In step S <b> 2, the CPU 1 starts executing the diagnostic program stored in the ROM 3. Simultaneously with the start of execution of the diagnostic program, timer values are loaded from the comparison timing timer value register 13 and the monitoring timer value register 15 to the comparison timing timer 12 and the monitoring timer 14, respectively. Start (countdown). Note that loading of the timer values from the comparison timing timer value register 13 and the monitoring timer value register 15 to the comparison timing timer 12 and the monitoring timer 14 may be performed in advance before the execution of the diagnostic program.

  Next, in step S3, the diagnostic macro 6 determines the instruction execution address, the store address at the time of the store instruction, from the trace information for debugging output from the CPU 1 via the second bus BUSB as the diagnostic program is executed. Store data, a read address at the time of executing a load instruction, and read data are extracted as diagnostic data TI. Furthermore, the diagnostic macro 6 takes the extracted diagnostic data TI into a CRC calculation unit built in the diagnostic macro 6 and performs CRC calculation. The process in step S3 is performed from the start of the execution of the diagnostic program until the expected value comparison timing is reached.

  Next, in step S4, when the timer value of the comparison timing timer 12 becomes “0”, that is, at the expected value comparison timing, the diagnosis macro 6 performs a CRC calculation result (CRC check) based on the diagnosis data TI. Sam) and expected value. As a result of the comparison, if the CRC calculation result (CRC checksum) matches the expected value (YES in step S5), the diagnosis operation is terminated as normal.

  On the other hand, as a result of the comparison in step S4, when the CRC calculation result (CRC checksum) and the expected value are different (NO in step S5), the diagnosis macro 6 determines that there is a failure, and in step S6 Issue NMI (Non Maskable Interrupt) to CPU1.

  After issuing the NMI, the diagnostic macro 6 monitors whether or not the NMI is accepted by the CPU 1 (step S7). If the CPU 1 determines that the NMI has been accepted (YES in step S7), the diagnostic operation is terminated. On the other hand, if the NMI is not accepted by the CPU 1 (NO in step S7), the diagnostic macro 6 proceeds to step S9 if the time for which the NMI should be accepted has elapsed (YES in step S8). The determination as to whether or not the time for which the NMI should be accepted has passed has been made based on the timer value of the monitoring timer 14, and when the timer value has become “0”, that is, the NMI should be accepted at the reset timing. Is determined to have elapsed.

  In step S9, the diagnostic macro 6 resets the CPU 1 and ends the operation. When resetting the CPU 1 in step S9, the diagnostic macro 6 sets a flag indicating that the reset has occurred because the NMI is not accepted by the information register 16. As described above, the information register 16 is a register that is not reset even when the CPU 1 is reset. Thus, by reading the information in the information register 16 when returning from the reset state, the cause of the reset can be analyzed, and it can be seen that the NMI was not accepted and was reset.

  According to the present embodiment, the diagnosis data TI is acquired from the information transmitted via the second bus BUSB and the failure diagnosis of the CPU 1 is performed, so that the first bus BUSA used in the normal operation is related. Failure diagnosis can be performed without increasing the load. Therefore, failure diagnosis can be performed without affecting the performance of the CPU 1. Further, according to the present embodiment, the comparison operation between the error detection information and the expected value is performed only once, so that the processing amount related to the comparison can be reduced. Moreover, only one expected value needs to be prepared, the number of expected values to be prepared can be reduced, and the storage capacity for holding the expected value can be reduced.

  The diagnosis macro 6 may determine that the CPU 1 has runaway and stop the diagnosis operation when the diagnosis macro 6 does not end even after the time for the diagnosis program to end after the execution of the diagnosis program has started. good. For example, the diagnosis operation can be stopped when the failure diagnosis operation becomes abnormal such that the CRC calculation result (CRC checksum) does not match the expected value but NMI is not issued. The determination as to whether or not the time for ending the diagnostic program has passed may be made based on the timer value or the like by, for example, extending the function of the monitoring timer 14 or providing a new timer.

  Further, the error detection information required when the NMI is issued and the timer value of the monitoring timer 14 may be fetched and held in the information register 16 so that they can be read out. For example, an appropriate value is set in the expected value register 11 and the comparison timing timer value register 13 to execute a diagnostic program, and an NMI is intentionally issued. At that time, error detection information and a timer of the monitoring timer 14 Get the value. Thereby, the acquired error detection information can be obtained as an expected value to be compared when the diagnostic program is executed. In addition, a timer value related to the expected value comparison timing in the execution of the diagnostic program is obtained by estimating the timer value when the CRC calculation result is compared with the expected value from the acquired timer value of the monitoring timer 14 Can do.

  In this embodiment, the comparison timing timer 12 is a timer whose timer value is counted down (decremented) after the execution of the diagnostic program is started, but is a timer whose timer value is counted up (incremented). May be. When a timer whose timer value is counted up is used as the comparison timing timer 12, for example, the comparison timing timer 12 is initialized at the start of execution of the diagnostic program, and the operation is started. The expected value comparison timing may be set when the value set in the value register 13 is reached.

  Further, although the monitoring timer 14 is a timer whose timer value is counted down (decremented), it may be a timer whose timer value is counted up (incremented). When a timer whose timer value is counted up is used as the monitoring timer 14, for example, the monitoring timer 14 is initialized at the start of execution of the diagnostic program, and the operation is started. The time when the value becomes the reset timing may be set as the reset timing.

  In the semiconductor integrated circuit according to the present embodiment, whether or not to provide the monitoring timer 14 and the monitoring timer value register 15 is arbitrary, and a failure diagnosis operation can be realized without providing the monitoring timer 14 and the monitoring timer value register 15. Further, whether or not the information register 16 is provided is arbitrary, and a failure diagnosis operation can be realized without providing the information register 16.

The above-described embodiments are merely examples of implementation in carrying out the present invention, and the technical scope of the present invention should not be construed as being limited thereto. That is, the present invention can be implemented in various forms without departing from the technical idea or the main features thereof.
Various aspects of the present invention will be described below as supplementary notes.

(Supplementary note 1) a processing unit having a first interface connected to a first bus through which data related to normal operation is transmitted, and a second interface connected to a second bus different from the first bus; ,
Diagnosis that is connected to the second bus, obtains error detection information based on diagnostic information output from the processing unit, and determines whether the processing unit is faulty based on the obtained error detection information And
One expected value is retained,
The diagnostic unit determines whether or not the processing unit is out of order by comparing the final error detection information obtained in accordance with execution of a program and the expected value.
(Supplementary note 2) The semiconductor integrated circuit according to supplementary note 1, wherein the error detection information is a checksum.
(Supplementary note 3) The semiconductor integrated circuit according to Supplementary note 1 or 2, wherein the second bus is a bus through which information indicating an internal state of the processing unit output from the processing unit is transmitted.
(Additional remark 4) The information which shows the internal state of the said process part is the trace information which concerns on execution of the program in the said process part, The semiconductor integrated circuit of Additional remark 3 characterized by the above-mentioned.
(Additional remark 5) It has a timer which produces | generates the timing which compares the said error detection information with the said expected value in the said diagnostic part, The semiconductor integrated circuit of any one of Additional remark 1-4 characterized by the above-mentioned.
(Supplementary note 6) The semiconductor according to any one of supplementary notes 1 to 5, wherein the diagnostic unit issues an interrupt to the processing unit when the error detection information and the expected value are different. Integrated circuit.
(Additional remark 7) The said diagnostic part resets the said process part, when the process which concerns on the said interrupt is not performed by the predetermined time after issuing the said interrupt. The semiconductor integrated circuit according to appendix 6.
(Supplementary note 8) The semiconductor integrated circuit according to supplementary note 7, wherein the diagnostic unit sets a flag indicating a cause of occurrence of the reset when the reset is applied.
(Supplementary note 9) The semiconductor according to supplementary note 6, further comprising a register that holds error detection information obtained by the processing unit when the interrupt is issued and time information indicating a time from the start of execution of a program Integrated circuit.
(Supplementary note 10) The semiconductor integrated circuit according to any one of supplementary notes 1 to 9, wherein the diagnosis unit performs a CRC calculation using the diagnosis information and calculates a checksum as the error detection information. .
(Supplementary note 11) The semiconductor integrated circuit according to any one of Supplementary notes 1 to 10, wherein the first bus is a system bus, and the second bus is a trace bus.
(Supplementary Note 12) From a processing unit having a first interface connected to a first bus through which data related to normal operation is transmitted, and a second interface connected to a second bus different from the first bus A calculation step for obtaining error detection information based on diagnostic information output to the second bus;
A determination step of determining whether or not the processing unit has failed based on the obtained error detection information,
One expected value is stored in advance, and in the determination step, the final error detection information obtained in accordance with the execution of the diagnostic program is compared with the expected value to determine whether the processing unit is out of order. A fault diagnosis method for a semiconductor integrated circuit.

1 CPU
2 ROM
3 RAM
4 Peripheral 5 Debugger Module 6 Diagnostic Macro 11 Expected Value Register 12 Comparison Timing Timer 13 Comparison Timing Timer Value Register 14 Monitoring Timer 15 Monitoring Timer Value Register 16 Information Register BUSA First Bus BUSB Second Bus IFA First 1 bus interface IFB 2nd bus interface

Claims (6)

A processing unit having a first interface connected to a first bus through which data related to normal operation is transmitted, and a second interface connected to a second bus different from the first bus;
A diagnostic unit disposed outside the processing unit and connected to the second bus to determine whether the processing unit is faulty;
A debugger unit that is disposed outside the processing unit and connected to the second bus, and stores diagnostic information including first information indicating an internal state of the processing unit;
A storage unit connected to the diagnostic unit and holding an expected value;
Wherein the processing unit at the time of failure diagnosis operation, over the first bus, with input and output of a plurality of peripheral circuits and the data connected to the first bus via the second bus, before outputs cross information to the debugger portion,
The diagnosis unit is stored in the debugger unit via the second bus without affecting the data input / output operation between the processing unit and the plurality of peripheral circuits during the failure diagnosis operation. that from the first information included in the diagnostic information, by extracting the second information for use in fault diagnosis of the processing unit obtains the error detection information based on the second information, the A semiconductor integrated circuit that determines whether or not the processing unit has failed by comparing the error detection information with the expected value at a timing when a first period has elapsed from the start of a failure diagnosis operation. circuit. The first information is accumulated in the debugger unit during the execution of the processing unit, and when there is an abnormality in the operation of the processing unit, the diagnosis unit performs an operation analysis based on the information accumulated in the debugger unit. Has trace information to do,
2. The semiconductor device according to claim 1, wherein the second information includes data including any one of an instruction execution address, a store address, store data, a read address, and read data extracted from the trace information. Integrated circuit. 3. The semiconductor integrated circuit according to claim 1, wherein the error detection information is a checksum. 4. The timer according to claim 1, further comprising a timer that generates the timing for comparing the error detection information with the expected value in the diagnosis unit by measuring the first period . 5. The semiconductor integrated circuit according to Item . The diagnosis unit, when said error detection information and the expected value are different, a semiconductor integrated circuit according to any one of claims 1 to 4, characterized in that to issue an interrupt to the processing unit. A processing unit having a first interface connected to a first bus through which data related to normal operation is transmitted during a fault diagnosis operation, and a second interface connected to a second bus different from the first bus From the first bus, the diagnostic information including the first information indicating the internal state of the processing unit is output to the second bus,
Accumulating the diagnostic information in a debugger unit disposed outside the processing unit and connected to the second bus,
During the fault diagnosis operation, a plurality of peripheral circuits connected to the first bus via the first bus and the processing unit perform data input / output, and via the second bus, The processing unit outputs the diagnostic information to the debugger unit,
The first information included in the diagnostic information stored in the debugger unit via the second bus without affecting the data input / output operations of the plurality of peripheral circuits and the processing unit . From the information, by extracting second information to be used for failure diagnosis of the processing unit, error detection information is obtained based on the second information,
Determining whether or not the processing unit is faulty by comparing the error detection information with an expected value held in advance at a timing when a first period has elapsed from the start of the fault diagnosis operation. A method for diagnosing a failure in a semiconductor integrated circuit.

Images