3.6.2 Embedded FLASH memory
Table 14. FLASH_SM_0
SM CODE FLASH_SM_0
Description Periodical software test for Flash memory
Ownership End user or ST
Detailed implementation
Permanent faults affecting the system Flash memory, memory cells and address decoder, are addressed
through a dedicated software test that checks the memory cell contents versus the expected value, using
signature-based techniques. According to IEC 61508:2 Table A.5, the effective diagnostic coverage of such
techniques depends on the width of the signature in relation to the block length of the information to be
protected - therefore the signature computation method is to be carefully selected. Note that the simple
signature method (IEC 61508:7 - A.4.2 Modified checksum) is inadequate as it only achieves a low value of
coverage.
The information block does not need to be addressed with this test as it is not used during normal operation
(no data nor program fetch)
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent
Dependency on MCU
configuration
Flash size changes according part number
Initialization Memory signatures must be stored in Flash as well
Periodicity Periodic
Test for the diagnostic
Self-diagnostic capabilities can be embedded in the software, according the test implementation design
strategy chosen
Multiple faults protection
CPU_SM_1: control flow monitoring in application software
CPU_SM_0: periodical core self-test software
Recommendations and known
limitations
This test is expected to have a relevant time duration – test integration must therefore consider the impact on
application software execution.
The use of internal CRC module is recommended. In principle DMA feature for data transfer can be used.
Unused Flash sections can be excluded from testing
Table 15. FLASH_SM_1
SM CODE FLASH_SM_1
Description Control flow monitoring in application software
Ownership End user
Detailed implementation
Permanent and transient faults affecting the system Flash memory, memory cells and address
decoder, can interfere with the access operation by the CPU, leading to wrong data or instruction
fetches.
Such failures can be detected by control flow monitoring techniques implemented in the application
software loaded from Flash memory.
For more details on the implementation, refer to description CPU_SM_1
Error reporting Depends on implementation
Fault detection time Depends on implementation. Higher value is fixed by watchdog timeout interval.
Addressed fault model Permanent and Transient
Dependency on MCU configuration None
Initialization Depends on implementation
UM1845
Description of hardware and software diagnostics
UM1845 - Rev 4
page 18/108
To Next Page