Fault Collection Unit (FCU) RM0046
754/936 Doc ID 16912 Rev 5
28 Fault Collection Unit (FCU)
28.1 Introduction
The Fault Collection Unit (FCU) module provides functional safety to the device.
28.1.1 Overview
The FCU provides a central capability to collect faults reported by the individual modules of
the device. It represents the minimum blocking unit to develop a coherent safety strategy for
the chassis family. Selected critical faults are reported to the external device via output pins,
if no recovery is provided by the device. The operation of the FCU is independent from the
CPU. The FCU provides an independent fault reporting mechanism even in case the CPU
behavior is abnormal. The FCU always starts up in init mode. As long as the FCU remains in
init mode, testing of the FCU logic (for dormant fault detection) can be performed under
software control.
The FCU is developed to increase the level of safety of the system/MCU level.
Functional safety features of the FCU include:
● It is an independent module: If other control modules are behaving abnormally, the user
can still trigger actions to prevent a critical situation.
● Collection and external reporting of faults occurring on the device
● Centralized fault collection
● Each fault cause can be treated in a different way
– No action
– Alarm—allows hardware or software to recover from fault
– Fault—communicates directly to an external device that something went wrong
● Three different output protocols available
● Possible to inject fake faults on user request during initialization phase to test the
peripheral (dormant fault detection)
General description
The FCU is logically divided in three blocks:
● Input unit—captures faults reported from the device
● Control unit—implemented by a finite state machine (see Figure 449 for details)
● Output unit—generates output signals
To Next Page
Loading...
