How to prove that register contents can be guaranteed during operating time without a cyclic refresh.

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
morac_4271876
Level 1
Level 1
First reply posted First question asked First like given

Hello,

I am developing based on S6J337x.

As per safety requirement, how to make sure that port configuration and clock configuration will not change over time.

How we can solve it ?

Thanks.

Mohit

0 Likes
1 Solution

Hello Len, Thank you for your input, really appreciated.

I am getting some enquiry from Customer about these failsafe conditions and here language is an issue so checking with Cypress.

I am clear now.

Thank you again.

Mohit

Sent from Yahoo Mail on Android

On Thu, 6 Jun 2019 at 19:16, user_119654<community-manager@cypress.com> wrote:

#yiv1407296646 * #yiv1407296646 a #yiv1407296646 body {font-family:Helvetica, Arial, sans-serif;}#yiv1407296646 #yiv1407296646 h1, #yiv1407296646 h2, #yiv1407296646 h3, #yiv1407296646 h4, #yiv1407296646 h5, #yiv1407296646 h6, #yiv1407296646 p, #yiv1407296646 hr {}#yiv1407296646 .yiv1407296646button td {}

|

Cypress Developer Community

|

How to prove that register contents can be guaranteed during operating time without a cyclic refresh.

reply from user_119654 in Auto MCU - View the full discussion

Mohit,

 

Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)?  I've never had to design to such a difficult standard.  I hope you have colleagues where you work who have prior experience.

 

There are strategies and specialized CPUs that are designed to work in safety-critical systems.  You may want to consult with Cypress to see if your selection is appropriate.

 

In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.

 

You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical.  It is not always possible to prevent ALL external events.

 

Here are some suggestions use quite often for detection and possible protection:

 

RUNTIME Protection

Your watchdog timer set to the shortest time you can tolerate is your best friend.  It protects against a runaway CPU in case of an electrical disturbance.  It's also a protection against a bad bug in the code such as array and stack overruns.

 

FLASH Protection

The simplest protection is to place a CRC validation for each section of FLASH.  Usually there are at least two sections of FLASH.  One is Application the other is Data.  The CRC should be generated at compile time and should be checked at boot time at a minimum.  Occasional background verification should be done if you are a safety-critical system.

 

EEPROM Protection

Like the FLASH, you should implement either a CRC or checksum verification.  Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.

 

RAM Protection

It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently.  However there are techniques that can be implemented to reasonably detect stack and array overruns.

 

I hope this helps.

 

Len

Reply to this message by replying to this email, or go to the message on Cypress Developer Community

Start a new discussion in Auto MCU by email or at Cypress Developer Community

Following How to prove that register contents can be guaranteed during operating time without a cyclic refresh. in these streams: Inbox

This email was sent by Cypress Developer Community because you are a registered user.

You may unsubscribe instantly from Cypress Developer Community, or adjust email frequency in your email preferences

View solution in original post

0 Likes
4 Replies
Len_CONSULTRON
Level 9
Level 9
Beta tester 500 solutions authored 1000 replies posted

Mohit,

I'm not  familiar with S6J337x. What MPU are you using for this effort?

Generally speaking, most port configuration registers can be read back to confirm the configuration values set.  This includes clock configuration as well.

A suggested sequence:

  1. Initialize all your clock and port registers as needed per your application.
  2. Read back these registers to verify correct contents.
  3. Go to low-power mode where the CPU is halted for 'X' time.  'X' can be hours or days.  Normally if a register needs to be refreshed, it's capacitive based then the contents will be scrambled within a minute or two.
  4. Wakeup the CPU and verify that the register contents from step 2 have not changed.

The above sequence could optionally be performed in a temp chamber at the maximum operational temperature.

Len

Len
"Engineering is an Art. The Art of Compromise."

Hello Len,

Thank you for answer.

Another question is that,

What will happen when an External Event happen such as ESD-Discharge etc. How MCU can detect and safe it self from such environment?

What safety mechanism MCU have to keep it safe from External events ?

Mohit

0 Likes

Mohit,

Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)?  I've never had to design to such a difficult standard.  I hope you have colleagues where you work who have prior experience.

There are strategies and specialized CPUs that are designed to work in safety-critical systems.  You may want to consult with Cypress to see if your selection is appropriate.

In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.

You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical.  It is not always possible to prevent ALL external events.

Here are some suggestions use quite often for detection and possible protection:

RUNTIME Protection

Your watchdog timer set to the shortest time you can tolerate is your best friend.  It protects against a runaway CPU in case of an electrical disturbance.  It's also a protection against a bad bug in the code such as array and stack overruns.

FLASH Protection

The simplest protection is to place a CRC validation for each section of FLASH.  Usually there are at least two sections of FLASH.  One is Application the other is Data.  The CRC should be generated at compile time and should be checked at boot time at a minimum.  Occasional background verification should be done if you are a safety-critical system.

EEPROM Protection

Like the FLASH, you should implement either a CRC or checksum verification.  Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.

RAM Protection

It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently.  However there are techniques that can be implemented to reasonably detect stack and array overruns.

I hope this helps.

Len

Len
"Engineering is an Art. The Art of Compromise."
0 Likes

Hello Len, Thank you for your input, really appreciated.

I am getting some enquiry from Customer about these failsafe conditions and here language is an issue so checking with Cypress.

I am clear now.

Thank you again.

Mohit

Sent from Yahoo Mail on Android

On Thu, 6 Jun 2019 at 19:16, user_119654<community-manager@cypress.com> wrote:

#yiv1407296646 * #yiv1407296646 a #yiv1407296646 body {font-family:Helvetica, Arial, sans-serif;}#yiv1407296646 #yiv1407296646 h1, #yiv1407296646 h2, #yiv1407296646 h3, #yiv1407296646 h4, #yiv1407296646 h5, #yiv1407296646 h6, #yiv1407296646 p, #yiv1407296646 hr {}#yiv1407296646 .yiv1407296646button td {}

|

Cypress Developer Community

|

How to prove that register contents can be guaranteed during operating time without a cyclic refresh.

reply from user_119654 in Auto MCU - View the full discussion

Mohit,

 

Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)?  I've never had to design to such a difficult standard.  I hope you have colleagues where you work who have prior experience.

 

There are strategies and specialized CPUs that are designed to work in safety-critical systems.  You may want to consult with Cypress to see if your selection is appropriate.

 

In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.

 

You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical.  It is not always possible to prevent ALL external events.

 

Here are some suggestions use quite often for detection and possible protection:

 

RUNTIME Protection

Your watchdog timer set to the shortest time you can tolerate is your best friend.  It protects against a runaway CPU in case of an electrical disturbance.  It's also a protection against a bad bug in the code such as array and stack overruns.

 

FLASH Protection

The simplest protection is to place a CRC validation for each section of FLASH.  Usually there are at least two sections of FLASH.  One is Application the other is Data.  The CRC should be generated at compile time and should be checked at boot time at a minimum.  Occasional background verification should be done if you are a safety-critical system.

 

EEPROM Protection

Like the FLASH, you should implement either a CRC or checksum verification.  Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.

 

RAM Protection

It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently.  However there are techniques that can be implemented to reasonably detect stack and array overruns.

 

I hope this helps.

 

Len

Reply to this message by replying to this email, or go to the message on Cypress Developer Community

Start a new discussion in Auto MCU by email or at Cypress Developer Community

Following How to prove that register contents can be guaranteed during operating time without a cyclic refresh. in these streams: Inbox

This email was sent by Cypress Developer Community because you are a registered user.

You may unsubscribe instantly from Cypress Developer Community, or adjust email frequency in your email preferences

0 Likes