Safety Manual for MPC5777M, Rev. 1.1
Functional safety requirements for application software
NXP Semiconductors40
• Assumption: [SM_FMEDA_084]The ISR shall check that it was called with the correct priority.
[end]
• Assumption: [SM_FMEDA_085]Interrupts where a short latency is safety-relevant are assigned
to two (or more) cores and one of those cores checks (for example, using a shared variable) that the
other core actually executes the ISR within the expected latency after the IRQ occurred. [end]
• Assumption: [SM_FMEDA_086]The ISR checks that it is executed on the expected core using
the relevant core register. [end]
NOTE
The application software can determine the core that is presently running
software by reading the Processor ID Register (PIR) (see e200z7xx Core
Reference Manual for details).
• Assumption: [SM_FMEDA_087]Unused interrupt vectors shall point, or jump, to an address
which is illegal to execute, contains an illegal instruction, or in some other way causes detection of
their execution. [end]
NOTE
Example implementations of this software and further information on it can
be found in Application Note AN4527 “Software Routines for Functional
Safety Usage of the Qorivva Interrupt Controllers”.
3.3.12 eDMA usage
The DMA provides the capability to perform data transfers with minimal intervention from the core. It
supports programmable source and destination addresses and transfer size.
Since DMA is NoSaMo, no safety measure has been implemented in HW. It is the task of the application
software to provide any necessary safety measures due to safety-relevant usage of the eDMA.
3.3.13 Reset Generation Module (MC_RGM)
MC_RGM can trigger interrupts or request a transition to SAFE mode, if the MC_RGM is configured to
do so.
Assumption: [SM_FMEDA_089]To detect spurious interrupts or transition requests to SAFE mode, the
interrupt handler, for IRQs coming from the MC_RGM, will check that the shown source is one which was
configured to cause such a request from the MC_RGM (for example, compare the MC_RGM_FES register
to the expected MC_RGM_FERD and MC_RGM_FEAR register contents). [end]
NOTE
If the MC_RGM triggers a transition request to SAFE mode, no interrupt is
triggered by the MC_RGM. An interrupt will be triggered by the MC_ME.
To Next Page
Loading...
