4 Replies Latest reply on Jun 7, 2019 12:18 AM by morac_4271876

    How to prove that register contents can be guaranteed during operating time without a cyclic refresh.

    morac_4271876

      Hello,

      I am developing based on S6J337x.

       

      As per safety requirement, how to make sure that port configuration and clock configuration will not change over time.

       

      How we can solve it ?

       

      Thanks.

      Mohit

        • 1. Re: How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
          LePo_1062026

          Mohit,

           

          I'm not  familiar with S6J337x. What MPU are you using for this effort?

           

          Generally speaking, most port configuration registers can be read back to confirm the configuration values set.  This includes clock configuration as well.

          A suggested sequence:

          1. Initialize all your clock and port registers as needed per your application.
          2. Read back these registers to verify correct contents.
          3. Go to low-power mode where the CPU is halted for 'X' time.  'X' can be hours or days.  Normally if a register needs to be refreshed, it's capacitive based then the contents will be scrambled within a minute or two.
          4. Wakeup the CPU and verify that the register contents from step 2 have not changed.

           

          The above sequence could optionally be performed in a temp chamber at the maximum operational temperature.

           

          Len

          1 of 1 people found this helpful
          • 2. Re: How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
            morac_4271876

            Hello Len,

             

            Thank you for answer.

             

            Another question is that,

             

            What will happen when an External Event happen such as ESD-Discharge etc. How MCU can detect and safe it self from such environment?

             

            What safety mechanism MCU have to keep it safe from External events ?

             

            Mohit

            • 3. Re: How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
              LePo_1062026

              Mohit,

               

              Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)?  I've never had to design to such a difficult standard.  I hope you have colleagues where you work who have prior experience.

               

              There are strategies and specialized CPUs that are designed to work in safety-critical systems.  You may want to consult with Cypress to see if your selection is appropriate.

               

              In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.

               

              You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical.  It is not always possible to prevent ALL external events.

               

              Here are some suggestions use quite often for detection and possible protection:

               

              RUNTIME Protection

              Your watchdog timer set to the shortest time you can tolerate is your best friend.  It protects against a runaway CPU in case of an electrical disturbance.  It's also a protection against a bad bug in the code such as array and stack overruns.

               

              FLASH Protection

              The simplest protection is to place a CRC validation for each section of FLASH.  Usually there are at least two sections of FLASH.  One is Application the other is Data.  The CRC should be generated at compile time and should be checked at boot time at a minimum.  Occasional background verification should be done if you are a safety-critical system.

               

              EEPROM Protection

              Like the FLASH, you should implement either a CRC or checksum verification.  Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.

               

              RAM Protection

              It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently.  However there are techniques that can be implemented to reasonably detect stack and array overruns.

               

              I hope this helps.

               

              Len

              • 4. Re: How to prove that register contents can be guaranteed during operating time without a cyclic refresh.
                morac_4271876

                Hello Len, Thank you for your input, really appreciated.

                I am getting some enquiry from Customer about these failsafe conditions and here language is an issue so checking with Cypress.

                I am clear now.

                Thank you again.

                Mohit

                 

                Sent from Yahoo Mail on Android

                 

                  On Thu, 6 Jun 2019 at 19:16, user_119654<community-manager@cypress.com> wrote:  

                #yiv1407296646 * #yiv1407296646 a #yiv1407296646 body {font-family:Helvetica, Arial, sans-serif;}#yiv1407296646 #yiv1407296646 h1, #yiv1407296646 h2, #yiv1407296646 h3, #yiv1407296646 h4, #yiv1407296646 h5, #yiv1407296646 h6, #yiv1407296646 p, #yiv1407296646 hr {}#yiv1407296646 .yiv1407296646button td {}

                |

                 

                  Cypress Developer Community 

                 

                 

                 

                |

                How to prove that register contents can be guaranteed during operating time without a cyclic refresh.

                 

                reply from user_119654 in Auto MCU - View the full discussion

                 

                Mohit,

                 

                 

                 

                Are you required to implement a design that conforms to ASIL requirements (ie ISO 26262)?  I've never had to design to such a difficult standard.  I hope you have colleagues where you work who have prior experience.

                 

                 

                 

                There are strategies and specialized CPUs that are designed to work in safety-critical systems.  You may want to consult with Cypress to see if your selection is appropriate.

                 

                 

                 

                In general, there are many strategies for "fault-tolerance" depending on the severity of the safety level needed.

                 

                 

                 

                You should try to make your design "hardened" to external events (such as ESD, voltage transients, etc) where practical.  It is not always possible to prevent ALL external events.

                 

                 

                 

                Here are some suggestions use quite often for detection and possible protection:

                 

                 

                 

                RUNTIME Protection

                 

                Your watchdog timer set to the shortest time you can tolerate is your best friend.  It protects against a runaway CPU in case of an electrical disturbance.  It's also a protection against a bad bug in the code such as array and stack overruns.

                 

                 

                 

                FLASH Protection

                 

                The simplest protection is to place a CRC validation for each section of FLASH.  Usually there are at least two sections of FLASH.  One is Application the other is Data.  The CRC should be generated at compile time and should be checked at boot time at a minimum.  Occasional background verification should be done if you are a safety-critical system.

                 

                 

                 

                EEPROM Protection

                 

                Like the FLASH, you should implement either a CRC or checksum verification.  Since EEPROM can be altered by the Application more frequently than FLASH, you need to have code to update the CRC or checksum when the contents are intentionally changed.

                 

                 

                 

                RAM Protection

                 

                It is usually not practical to implement a CRC or checksum on RAM since it is designed to be changed by the Application frequently.  However there are techniques that can be implemented to reasonably detect stack and array overruns.

                 

                 

                 

                I hope this helps.

                 

                 

                 

                Len

                 

                Reply to this message by replying to this email, or go to the message on Cypress Developer Community

                Start a new discussion in Auto MCU by email or at Cypress Developer Community

                Following How to prove that register contents can be guaranteed during operating time without a cyclic refresh. in these streams: Inbox

                 

                 

                This email was sent by Cypress Developer Community because you are a registered user.

                You may unsubscribe instantly from Cypress Developer Community, or adjust email frequency in your email preferences