Projects/Lockstep_QMR/README.md


MicroCore Labs <20> Lockstep Quad Modular Redundant System


Description:
------------
Implementation of a Lockstep Quad Modular Redundant System using four MCL51's which are microsequencer-based 8051 CPU cores.

Please see the Application Note in the Documents directory for detailed information on this project.


Highlights:
-----------
- Four MCL51 modules running in Lock Step
- Four Voters - one per module
- All 8051 CPU register and peripheral accesses are broadcast to neighgboring modules.
- Modules are constantly broadcasting Microcode, Registers, User RAM, and Program ROM contents to neighboring cores.
- If a Module's Voter detects a discrepancy, it puts module into Rebuild Mode.
- While in Rebuild Mode the Module listens to neighbor core broadcasts and updates his resources accordingly.
- Once a number of iterations of the complete broadcast cycle have complete, the module rejoins the Lock Step at the beginning of the next instruction.
- The time from detecting a failure to rebuilding the module and rejoining the Lock Step is around 800uS for the example design.
- Peripherals such as UARTs and Timers chose which module results to use based on the Module's Voter.
- Modules failing, rebuilding, and rejoining the Lock Step is undetectable by the downstream peripherals and the other modules. 
- Healthy Modules are not actively involved with rebuilding failed modules and program execution proceeds unaffected and unnoticed by module failures.
- Module cannot rejoin the lockstep while an interrupt is in progress because of the interrupt_flag

 When Voter detects a failure:
- The Module is put into rebuild mode where it listens to RAM, microcore, and register broadcasts from healthy modules.
- The Lockstep's broadcasts are copied to the Rebuilding Module's local resources.
- The Rebuilding Module will listen for a duration of to two address wrap-arounds to ensure that all memories are updated.
- After this, the module waits for a SYNC pulse so it can then rejoin the lockstep.


Notes:
------
Run Levels:  Each of the four modules contains a run_level signal that indicates its "health"

run_level 	0 = Rebuild running - Gate the BROADCAST_OK signal. Look for 3 address passes
			1 = Rebuilding is done - Waiting for SYNC
			2 = Switch from listening to Broadcast Mode
			3 = Rejoined Lockstep - ungate the BROADCAST_OK voter - Final Mode
-												Uploaded 11/25/2019

											
										
										
											2019-11-25 22:52:14 -08:00
 								MicroCore Labs <20> Lockstep Quad Modular Redundant System
 								Description:
 								------------
 								Implementation of a Lockstep Quad Modular Redundant System using four MCL51's which are microsequencer-based 8051 CPU cores.
 								Please see the Application Note in the Documents directory for detailed information on this project.
 								Highlights:
 								-----------
 								- Four MCL51 modules running in Lock Step
 								- Four Voters - one per module
 								- All 8051 CPU register and peripheral accesses are broadcast to neighgboring modules.
 								- Modules are constantly broadcasting Microcode, Registers, User RAM, and Program ROM contents to neighboring cores.
 								- If a Module's Voter detects a discrepancy, it puts module into Rebuild Mode.
 								- While in Rebuild Mode the Module listens to neighbor core broadcasts and updates his resources accordingly.
 								- Once a number of iterations of the complete broadcast cycle have complete, the module rejoins the Lock Step at the beginning of the next instruction.
 								- The time from detecting a failure to rebuilding the module and rejoining the Lock Step is around 800uS for the example design.
 								- Peripherals such as UARTs and Timers chose which module results to use based on the Module's Voter.
 								- Modules failing, rebuilding, and rejoining the Lock Step is undetectable by the downstream peripherals and the other modules.
 								- Healthy Modules are not actively involved with rebuilding failed modules and program execution proceeds unaffected and unnoticed by module failures.
 								- Module cannot rejoin the lockstep while an interrupt is in progress because of the interrupt_flag
 								 When Voter detects a failure:
 								- The Module is put into rebuild mode where it listens to RAM, microcore, and register broadcasts from healthy modules.
 								- The Lockstep's broadcasts are copied to the Rebuilding Module's local resources.
 								- The Rebuilding Module will listen for a duration of to two address wrap-arounds to ensure that all memories are updated.
 								- After this, the module waits for a SYNC pulse so it can then rejoin the lockstep.
 								Notes:
 								------
 								Run Levels:  Each of the four modules contains a run_level signal that indicates its "health"
 								run_level 	0 = Rebuild running - Gate the BROADCAST_OK signal. Look for 3 address passes
 = Rebuilding is done - Waiting for SYNC
 = Switch from listening to Broadcast Mode
 = Rejoined Lockstep - ungate the BROADCAST_OK voter - Final Mode