SM CODE CPU_SM_1
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity Continuous
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations None
Table 5. CPU_SM_2
SM CODE CPU_SM_2
Description Double computation in Application software
Ownership End user
Detailed implementation
A timing redundancy for safety-related computation is considered to detect transient faults
affecting the Arm
®
Cortex
®
-M4 CPU subparts devoted to mathematical computations and data
access.
The guidelines for the implementation of the method are the following:
• The requirement needs be applied only to safety-relevant computation, which in case of
wrong result could interfere with the system safety functions. Such computation must be
therefore carefully identified in the original Application software source code
• Both mathematical operation and comparison are intended as computation.
• The redundant computation for mathematical computation is implemented by using
copies of the original data for second computation, and by using an equivalent formula if
possible
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Transient
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity Continuous
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations
End user is responsible to carefully avoid that the intervention of optimization features of the
used compiler removes timing redundancies introduced according to this condition of use.
Table 6. CPU_SM_3
SM CODE CPU_SM_3
Description
Arm
®
Cortex
®
-M4 HardFault exceptions
Ownership ST
Detailed implementation
HardFault exception raise is an intrinsic safety mechanism implemented in Arm
®
Cortex
®
-M4
core, mainly dedicated to intercept systematic faults due to software limitations or error in
software design (causing for example execution of undefined operations, unaligned address
access). This safety mechanism is also able to detect hardware random faults inside the CPU
bringing to such described abnormal operations.
Error reporting High-priority interrupt event
Fault detection time Depends on implementation. Refer to functional documentation.
Addressed fault model Permanent/transient
UM2305
Hardware and software diagnostics
UM2305 - Rev 10
page 12/110
To Next Page
Loading...
Need help?
General
