A11.1.7 Fault reaction
The Cortex®‑A76AE processor does not include any specific features to react to a fault detected by the lock-step mechanism. The system integrator might choose to reset the system on detecting a fault or initiate some other hardware or software recovery mechanism. It is not normally possible to discover whether the fault occurred in the functional logic, in the redundant copy, or in the comparators themselves.
Fault Response Time
It is not possible to quantify the Fault Response Time (FRT) for a fault in the processor that is detected by the lock-step mechanism. The reasons for this include:
- The fault might cause a bit in an internal register to be flipped. Until that register is read and affects the primary outputs of the processor, which might be many cycles later, the fault stays undetected. Alternatively, if this register is not used by the software running on the processor, it might never be detected.
- The number of clock cycles needed to propagate the fault to a primary output depends on the number of register (pipeline or buffer) stages between the fault location and the primary output.
Latent fault detection and control mechanisms
The latent faults that could lead to non-detection of faults either within the primary or redundant core are expected to occur within the delay registers or comparator elements. These elements should be defined by the system integrator. The system integrator can include latent fault detection mechanisms in the delay and comparator elements as necessary. Faults which do not affect the externally observable behavior of one of the processors in a lock-step configuration are not detectable by the lock-step comparators.