- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am developing based on S6J337x.
As per safety requirement, how to make sure that port configuration and clock configuration will not change over time.
How we can solve it ?
Thanks.
Mohit
Solved! Go to Solution.
- Labels:
-
Other Legacy MCU
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Len, Thank you for your input, really appreciated.
I am getting some enquiry from Customer about these failsafe conditions and here language is an issue so checking with Cypress.
I am clear now.
Thank you again.
Mohit
Sent from Yahoo Mail on Android
On Thu, 6 Jun 2019 at 19:16, user_119654<community-manager@cypress.com> wrote:
#yiv1407296646 * #yiv1407296646 a #yiv1407296646 body {font-family:Helvetica, Arial, sans-serif;}#yiv1407296646 #yiv1407296646 h1, #yiv1407296646 h2, #yiv1407296646 h3, #yiv1407296646 h4, #yiv1407296646 h5, #yiv1407296646 h6, #yiv1407296646 p, #yiv1407296646 hr {}#yiv1407296646 .yiv1407296646button td {}
|
Cypress Developer Community |
|
How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
reply from user_119654 in Auto MCU - View the full discussion
Mohit,
Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)? I've never had to design to such a difficult standard. I hope you have colleagues where you work who have prior experience.
There are strategies and specialized CPUs that are designed to work in safety-critical systems. You may want to consult with Cypress to see if your selection is appropriate.
In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.
You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical. It is not always possible to prevent ALL external events.
Here are some suggestions use quite often for detection and possible protection:
RUNTIME Protection
Your watchdog timer set to the shortest time you can tolerate is your best friend. It protects against a runaway CPU in case of an electrical disturbance. It's also a protection against a bad bug in the code such as array and stack overruns.
FLASH Protection
The simplest protection is to place a CRC validation for each section of FLASH. Usually there are at least two sections of FLASH. One is Application the other is Data. The CRC should be generated at compile time and should be checked at boot time at a minimum. Occasional background verification should be done if you are a safety-critical system.
EEPROM Protection
Like the FLASH, you should implement either a CRC or checksum verification. Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.
RAM Protection
It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently. However there are techniques that can be implemented to reasonably detect stack and array overruns.
I hope this helps.
Len
Reply to this message by replying to this email, or go to the message on Cypress Developer Community |
Start a new discussion in Auto MCU by email or at Cypress Developer Community |
Following How to prove that register contents can be guaranteed during operating time without a cyclic refresh. in these streams: Inbox |
This email was sent by Cypress Developer Community because you are a registered user.
You may unsubscribe instantly from Cypress Developer Community, or adjust email frequency in your email preferences
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mohit,
I'm not familiar with S6J337x. What MPU are you using for this effort?
Generally speaking, most port configuration registers can be read back to confirm the configuration values set. This includes clock configuration as well.
A suggested sequence:
- Initialize all your clock and port registers as needed per your application.
- Read back these registers to verify correct contents.
- Go to low-power mode where the CPU is halted for 'X' time. 'X' can be hours or days. Normally if a register needs to be refreshed, it's capacitive based then the contents will be scrambled within a minute or two.
- Wakeup the CPU and verify that the register contents from step 2 have not changed.
The above sequence could optionally be performed in a temp chamber at the maximum operational temperature.
Len
"Engineering is an Art. The Art of Compromise."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Len,
Thank you for answer.
Another question is that,
What will happen when an External Event happen such as ESD-Discharge etc. How MCU can detect and safe it self from such environment?
What safety mechanism MCU have to keep it safe from External events ?
Mohit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mohit,
Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)? I've never had to design to such a difficult standard. I hope you have colleagues where you work who have prior experience.
There are strategies and specialized CPUs that are designed to work in safety-critical systems. You may want to consult with Cypress to see if your selection is appropriate.
In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.
You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical. It is not always possible to prevent ALL external events.
Here are some suggestions use quite often for detection and possible protection:
RUNTIME Protection
Your watchdog timer set to the shortest time you can tolerate is your best friend. It protects against a runaway CPU in case of an electrical disturbance. It's also a protection against a bad bug in the code such as array and stack overruns.
FLASH Protection
The simplest protection is to place a CRC validation for each section of FLASH. Usually there are at least two sections of FLASH. One is Application the other is Data. The CRC should be generated at compile time and should be checked at boot time at a minimum. Occasional background verification should be done if you are a safety-critical system.
EEPROM Protection
Like the FLASH, you should implement either a CRC or checksum verification. Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.
RAM Protection
It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently. However there are techniques that can be implemented to reasonably detect stack and array overruns.
I hope this helps.
Len
"Engineering is an Art. The Art of Compromise."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Len, Thank you for your input, really appreciated.
I am getting some enquiry from Customer about these failsafe conditions and here language is an issue so checking with Cypress.
I am clear now.
Thank you again.
Mohit
Sent from Yahoo Mail on Android
On Thu, 6 Jun 2019 at 19:16, user_119654<community-manager@cypress.com> wrote:
#yiv1407296646 * #yiv1407296646 a #yiv1407296646 body {font-family:Helvetica, Arial, sans-serif;}#yiv1407296646 #yiv1407296646 h1, #yiv1407296646 h2, #yiv1407296646 h3, #yiv1407296646 h4, #yiv1407296646 h5, #yiv1407296646 h6, #yiv1407296646 p, #yiv1407296646 hr {}#yiv1407296646 .yiv1407296646button td {}
|
Cypress Developer Community |
|
How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
reply from user_119654 in Auto MCU - View the full discussion
Mohit,
Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)? I've never had to design to such a difficult standard. I hope you have colleagues where you work who have prior experience.
There are strategies and specialized CPUs that are designed to work in safety-critical systems. You may want to consult with Cypress to see if your selection is appropriate.
In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.
You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical. It is not always possible to prevent ALL external events.
Here are some suggestions use quite often for detection and possible protection:
RUNTIME Protection
Your watchdog timer set to the shortest time you can tolerate is your best friend. It protects against a runaway CPU in case of an electrical disturbance. It's also a protection against a bad bug in the code such as array and stack overruns.
FLASH Protection
The simplest protection is to place a CRC validation for each section of FLASH. Usually there are at least two sections of FLASH. One is Application the other is Data. The CRC should be generated at compile time and should be checked at boot time at a minimum. Occasional background verification should be done if you are a safety-critical system.
EEPROM Protection
Like the FLASH, you should implement either a CRC or checksum verification. Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.
RAM Protection
It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently. However there are techniques that can be implemented to reasonably detect stack and array overruns.
I hope this helps.
Len
Reply to this message by replying to this email, or go to the message on Cypress Developer Community |
Start a new discussion in Auto MCU by email or at Cypress Developer Community |
Following How to prove that register contents can be guaranteed during operating time without a cyclic refresh. in these streams: Inbox |
This email was sent by Cypress Developer Community because you are a registered user.
You may unsubscribe instantly from Cypress Developer Community, or adjust email frequency in your email preferences