SM CODE CPU_SM_3
Dependency on Device configuration None
Initialization None
Periodicity Continuous
Test for the diagnostic
It is possible to write a test procedure to verify the generation of the HardFault exception;
anyway, given the expected minor contribution in terms of hardware random-failure detection,
such implementation is optional.
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations Enabling related interrupt generation on the detection of errors is highly recommended.
Table 7. CPU_SM_4
SM CODE CPU_SM_4
Description Stack hardening for Application software
Ownership End user
Detailed implementation
The stack hardening method is required to address faults (mainly transient) affecting CPU
register bank. This method is based on source code modification, introducing information
redundancy in register-passed information to called functions.
The guidelines for the implementation of the method are the following:
• To pass also a redundant copy of the passed parameters values (possibly inverted) and
to execute a coherence check in the function.
• To pass also a redundant copy of the passed pointers and to execute a coherence
check in the function.
• For parameters that are not protected by redundancy, to implement defensive
programming techniques (plausibility check of passed values). For example enumerated
fields are to be checked for consistency.
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent/transient
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity On demand
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations
This method partially overlaps with defensive programming techniques required by IEC61508
for software development. Therefore in presence of Application software qualified for safety
integrity greater or equal to SC2, optimizations are possible.
Table 8. CPU_SM_5
SM CODE CPU_SM_5
Description External watchdog
Ownership End user
Detailed implementation
Using an external watchdog linked to control flow monitoring method (refer to CPU_SM_1)
addresses failure mode of program counter or control structures of CPU.
External watchdog can be designed to be able to generate the combination of signals needed
on the final system to achieve the safe state. It is recommended to carefully check the
assumed requirements about system safe state reported in Section 3.3.1 Safety requirement
assumptions.
UM2305
Hardware and software diagnostics
UM2305 - Rev 10
page 13/110
To Next Page
Loading...
Need help?
General
