Functional safety requirements for application software
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 17
Assumption: [SM_FMEDA_024]Resets during normal operation will be executed only as a reaction to
an error, not as a functional measure. This avoids undetected faults due to interrupts that are not being
generated. [end]
3.2.8 Self-test completion
To ensure absence of latent faults, the self-test executes both a Logic Built-In Self-Test (LBIST) and a
Memory Built-In Self-Test (MBIST) during boot while the device is still under reset (offline). The boot
time BIST includes the scan-based LBIST to test the digital logic and the MBIST to test all RAMs and
ROMs
1
.
NOTE
The overall control of LBISTs and MBISTs is provided by the Self-Test
Control Unit (STCU2). The STCU2 will execute automatically after a
power-on reset
2
(POR), external reset and destructive reset, and will also
execute when initiated by software (online self-test). The MPC5777M logic
is grouped into ten LBIST partitions used for both production testing and
self-test.
The MPC5777M Reference Manual’s “Self-Test Control Unit (STCU2)”
chapter and “Use cases and limitations” section discusses details on how to
correctly execute offline and online self-tests.
The section “Online Logical BIST (LBIST)” of the MPC5777M Reference
Manual’s “Functional safety chapter” shows tables of the module groupings
of each LBIST partition.
Assumption: [SCG18.125]If there is an LBIST failure, or MBIST detects uncorrectable failures, the
STCU2 will cause a destructive reset, causing execution of the self-test again. This is to ensure that a
self-test, which fails only due to a transient error, will not block device usage. If several self-tests fail in a
row, the desctructive reset escalation will activate and hold the MCU in reset. [end]
On the other hand, if MBIST detects correctable failures, software must decide whether to continue or halt
execution. In fact, the MBIST may detect and report two (or more) Single Bit Errors (SBEs) occurring in
multiple test passes instead of one Multiple Bit Error (MBE).
Assumption: [SM_FMEDA_025] Software will determine if two or more errors reported by the MBIST
as SBEs combine to create an uncorrectable error by examining the entries in the System RAM Memory
Management Unit (MEMU) instance. If several entries exist for the same address with different bit num-
bers, this data word actually has an MBE instead of the several SBEs discovered by the MBIST. [end]
Assumption: [SM_FMEDA_026] After start up (and more in general, always after the execution of
MBISTs), software will cross check MBIST status in the STCU2 (pass or fail) with the content of MEMU
MBIST buffer (same as system RAM) to detect failures affecting the reporting of MBIST errors. This can
1.This does not include flash memory.
2.The customer must enable the self-test in the shadow sector of the flash memory since the factory default configu-
ration will be to not run the self-test).
To Next Page
Loading...
