After the first failure in a TMR MicroBlaze sub-block, the two remaining healthy sub-blocks operate in lockstep mode, and their outputs need to be compared to detect any difference. The healthy sub-blocks are compared cycle by cycle and if a mismatch occurs, the TMR MicroBlaze subsystem is stopped and the fatal error signal is set to one.
While in lockstep mode the TMR voters ensure that the outputs from the faulty sub-block are masked by the healthy ones.
To ensure the integrity of the comparison the TMR comparators are also triplicated in the sub-blocks. This means that there is one voter and three comparators for every external interface. An error in the voter itself is considered a fatal error and needs to be detected. This is done by letting the triplicated comparators also check the voted output.