SM CODE ATIM_SM_1
Recommendations and known
limitations
Tolerance implementation in timer checks is recommended to avoid false positive outcomes of the
diagnostic.
This method apply to timer channels merely used as elapsed time counters
Table 69. ATIM_SM_2
SM CODE ATIM_SM_2
Description 1oo2 for input capture timers
Ownership End user
Detailed implementation
This method is conceived to protect timers used for external signal acquisition and measurement,
like “input capture” and “encoder reading”. Implementation requires to connect the external signals
also to a redundant timer, and to perform a coherence check on the measured data at application
level.
Coherence check between timers is executed each time the reading is used by the application
software
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent and Transient
Dependency on MCU configuration None
Initialization Depends on implementation
Periodicity On demand
Test for the diagnostic Not needed
Multiple faults protection CPU_SM_0: periodical core self-test software
Recommendations and known
limitations
To reduce the potential effect of common cause failures, it is suggested to use for redundant check a
channel belonging to a different timer module and mapped to non-adjacent pin on the device
package
Table 70. ATIM_SM_3
SM CODE ATIM_SM_3
Description Loopback scheme for PWM outputs
Ownership End user
Detailed implementation
This method is implemented by connecting the PWM to a separate timer channel to acquire the generated
waveform characteristics.
The guidelines are the following:
• Both PWM frequency and duty cycle are measured and checked versus the expected value.
• To reduce the potential effect of common cause failure, it is suggested to use for the loopback check a
channel belonging to a different timer module and mapped to non-adjacent pins on the device
package.
This measure can be replaced under the end-user responsibility by different loopback schemes already in
place in the final application and rated as equivalent. For example if the PWM is used to drive an external
power load, the reading of the on-line current value can be used instead of the PWM duty cycle
measurement.
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent and Transient
Dependency on MCU
configuration
None
UM1845
Description of hardware and software diagnostics
UM1845 - Rev 4
page 50/108
To Next Page
Loading...
