Functional safety requirements for application software
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 55
3.3.26 Mode Entry (MC_ME)
The MPC5777M can be configured in different functional modes. Each mode has its own unique
configuration (for example, enabled peripherals and clock).
The mode configurations and the transition between different modes is controlled by the MC_ME. The
correct execution of a mode transition shall be verified by application software.
Assumption: [SM_FMEDA_165] After the mode transition request, application software shall verify the
status of the transition within the expected completion delay. Also, the new configuration is compared with
the intended configuration. Completion delay is always monitored while the status check is performed,
unless the target mode is low-power. [end]
Assumption: [SM_FMEDA_151] Mode transition process duration, from transition request to transition
complete, shall be monitored. [end]
3.3.27 Semaphores (SEMA42)
Semaphores embedded in the MPC5777M is robust hardware support for implementing a simple
mechanism to achieve “lock/unlock” operation of shared resources.
Assumption: [SM_FMEDA_166] To verify the integrity of the semaphores logic, application software
before locking (or unlocking) a gate, shall check that the value of the gate is the expected one. [end]
NOTE
Checking the gate state after the locking (or unlocking) request verifies if
the gate has been properly locked (or unlocked).
Checking before unlocking the gate helps detect if other masters erroneously received the lock before it
was released by the current master.
Checking before locking helps detect if the gate is already erroneously assigned to the requesting master.
3.4 Operational interference protection
As a multi-master system, the MPC5777M provides safety mechanisms to prevent non-safety masters
from interfering with the operation of the Safety Core, as well as mechanisms to handle the concurrent
operation of software tasks with different or lower ASIL.
3.4.1 Core Memory Protection Unit (CMPU)
The Core Memory Protection Unit (CMPU) ensures inter-task interference protection by providing the
capability of protecting regions of memory from access by software tasks with different privilege levels.
The CMPU features a 24-entry region descriptor table that defines memory regions and their associated
access rights. Only accesses with the sufficient rights are allowed to complete.
Using pre-defined region descriptors that define memory spaces and their associated access rights, the
CMPU concurrently monitors Core initiated memory accesses and evaluates the appropriateness of each
transfer.
To Next Page
Loading...
