3.4.4.11 Program Memory Fetch Errors

When the PBU fetches a program data word from the program memory, a data error may be signaled from the program memory as part of the data word to the PBU for one of the following reasons:

  • A double-bit, uncorrected ECC error (DED)
  • A security fetch error

These errors may not have significance to the CPU execution, so it is important to delay any kind of error response until it is known if the CPU will use the data. This cannot be determined until after the program data has been fetched by the CPU in some cases. Therefore, it is the responsibility of the CPU to detect and respond appropriately to a data error. Unless the CPU fetches a bad instruction or data and decides to commit the instruction for execution, data errors from the program memory will remain quiet.

In some scenarios, the ISB may predictively prefetch data from invalid areas of program memory that the CPU would never request. This may happen, for example, when the ISB predictively prefetches beyond the boundary of a programmed region of memory. In this case, the data would never be cached because the CPU never attempted to consume it, and all error event signaling would remain quiet.

In other cases, the CPU may fetch invalid data. When invalid instruction data are fetched by the CPU, a bus error signal is asserted so that the CPU can detect that the data are not valid. This scenario typically occurs when the CPU predictively fetches an instruction while making a conditional branch decision. The predicted branch path may be invalid for the current state of the application. For example, the current program memory security settings may not allow a fetch from the predicted path at the present time.

A decision to take the predicted execution path is made later in the instruction pipeline, but before the instruction is committed. If the predicted execution path is not taken, then the CPU pipeline is flushed, and the error should remain quiet. If the predicted execution path is taken, then the CPU must suspend the instruction pipeline and generate a trap event because the current instruction data is not valid.