3.6.25 Flexible static memory controller (FSMC)
Table 98. FSMC_SM_0
SM CODE FSMC_SM_0
Description Control flow monitoring in application software
Ownership End user
Detailed implementation
If FSMC is used to connect an external memory containing software code to be executed by the CPU,
permanent and transient faults affecting the FSMC memory controller are able to interfere with the
access operation by the CPU, leading to wrong data or instruction fetches. A strong control flow
mechanism linked to a system watchdog is able to detect such failures, in case they interfere with the
expected flow of the application software.
The implementation of this method is identical to the one reported for CPU_SM_1, refer there for details
Error reporting Depends on implementation
Fault detection time Depends on implementation. Higher value is fixed by watchdog timeout interval
Addressed fault model Permanent and Transient
Dependency on MCU configuration FSMC interface is available only on selected part numbers
Initialization Depends on implementation
Periodicity Continuous
Test for the diagnostic N/A
Multiple faults protection CPU_SM_0: Periodical core self test software
Recommendations and known
limitations
This mechanism must be used just if FSMC external memory is used to store executable programs
Table 99. FSMC_SM_1
SM CODE FSMC_SM_1
Description Information redundancy on external memory connected to FSMC
Ownership End user
Detailed implementation
If FSMC interface is used to connect an external memory where safety-relevant data are stored,
information redundancy techniques for stored data are able to address faults affecting the FSMC
interface. The possible techniques are:
To use redundant copies of safety relevant data and perform coherence check before consuming.
To organize data in arrays and compute the checksum field to be checked before use
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent and Transient
Dependency on MCU configuration FSMC interface is available only on selected part numbers
Initialization Depends on implementation
Periodicity On demand
Test for the diagnostic Not needed
Multiple faults protection CPU_SM_0: Periodical core self test software
Recommendations and known
limitations
This mechanism must be used just if FSMC external memory is used to store safety-related data.
This safety mechanism can overlap with information redundancy techniques implemented at system
level to address failure of physical device connected to FSMC port
UM1845
Description of hardware and software diagnostics
UM1845 - Rev 4
page 67/108
To Next Page
Loading...
