Functional safety requirements for application software
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 33
Assumption: [SM_FMEDA_064]Application SW checks the configuration of the SMPU every FTTI. In
particular, it has to check the cacheability attribute of each region descriptor as transactions erroneously
marked as cacheable may cause shared data to be cached, potentially leading to stale data in the cache.
[end]
Safety analyses are performed under the following assumptions:
• Assumption: [SM_FMEDA_065]FMEDA assumes that 90% of region descriptors are usually
used during the execution of safety tasks. [end]
• Assumption: [SM_FMEDA_066]SMPU is enabled approximately 99% of the time during the
execution of safety tasks. [end]
3.3.5 Platform flash memory controller
The PFLASH controller configuration controls aspects of read wait states, port arbitration, prefetching
policy, master access and flash memory remapping.
Some of these failures only cause performance reductions, so they can be covered by the SWT.
Assumption: [SM_FMEDA_067]Safety analysis assumes that at least four reads through the PFLASH
controller are executed within the FTTI. [end]
Other configuration failures, such as master access and safe remapping, only cause MultiPoint Failures
(MPF), so one time readback is sufficient.
Assumption: [SM_FMEDA_068]After configuring the PFLASH controller, the application shall read
back the PFLASH controller registers and compare them with the expected values every FTTI. [end]
3.3.6 Flash memory
3.3.6.1 Overlay operations
Overlay SRAM is included in the MPC5777M family of devices as part of a comprehensive set of
calibration and debug features. It is recommended that overlay SRAM be used only for these tasks and not
for wide scale general functionality in production since the safety mechanisms have only limited CCF
protection.
Assumption: [SM_FMEDA_069]Overlay RAM is used to remap data only. No instruction fetch
remapping occurs during normal operation, but this can be done during debug mode. [end]
Writes to incorrect addresses are covered by reading back the data that was written. Reads from an
incorrect source have different effects according to the selected source versus the targeted one:
• Overlay RAM, instead of flash memory, read errors can be detected by E2E ECC as the overlay
read data buffer contains data fetched from a different address (with its specific addr/data ECC).
• Prefetch buffers, instead of overlay RAM, read errors can be detected by E2E ECC as the word has
been prefetched from a different address.
To Next Page
Loading...
