Safety Manual for MPC5777M, Rev. 1.1
Functional safety requirements for application software
NXP Semiconductors36
covered by using the SWT. However, fewer wait states can lead to multi-bit errors that are detected by
E2E ECC with only low to medium effectiveness.
Assumption: [SM_FMEDA_074]Application software shall check the configuration of the PRAMC
every FTTI. [end]
The periodic check of PRAMC configuration can be avoided if the following assumption is satisfied:
• Assumption: [SM_FMEDA_075]Application software performs at least two accesses to the
SRAM within the FTTI, or a simple test could be performed (for example, a test based on write
and read-back performed every FTTI). [end]
3.3.8 RAM
RAM is protected from failures by ECC logic with various implementations discussed in the following
sections. To increase the coverage against MBE certain SW measures have been assumed.
3.3.8.1 Error Correcting Code (ECC)
Some failure modes of the RAM, for example failures affecting common part of the RAM structure, cause
data to be read from all location as All-0 or All-1
1
.
In such a case if a data is read out of the RAM, an event should be detected by the ECC which perceives
All-X code-word as invalid code. But in the MPC5777M there are some RAMs whose address is included
in the ECC checksum calculation to increase the diagnostic coverage in case of addressing failures.
List of memories where ECC bits are computed including address contribution can be found in the
Reference Manual (please see the MPC5777M Reference Manual’s “ECC RAM implementation” table in
the “Functional Safety” chapter).
Due to this hardware architecture there are address locations out of which reading All-X word is valid and
no ECC event is triggered
2
. Approximately there is one of these addresses out of 256 ones.
Assumption: [SCG18.122] There is no special handling of All-X words for ECC that includes addresses
in the ECC code-bit calculation. They can be valid, correctable or uncorrectable words depending on the
address. [end]
Consider a permanent All-X failure mode:
• If there is a transaction to a “normal address”, this failure mode is detected by the ECC which
perceives the All-X code-word as invalid (either single bit error or correction is triggered).
• If there is a transaction to an “All-X address”, this failures mode is not detected by the ECC or other
means (All-X code-word is valid for “All-X address”).
The permanent All-X failure mode is not detected by the ECC if an application reads only All-X addresses
of the RAM. This is a pure theoretical case because a real application doesn't read only such All-X
addresses, but reads different parts of the RAM including (and mainly) normal addresses.
1.All-0 and All-1 will be referenced generically as All-X.
2.For the sake of simplicity, let us call “All-X addresses” the ones which perceive All-X as valid and “Normal address-
es” the remaining ones.
To Next Page
Loading...
