SM CODE DMA_SM_3
• errors in single transferred word
• wrong order in packed transmitted data
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity Periodic
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations None
Table 56. DMA_SM_4
SM CODE DMA_SM_4
Description DMA transaction awareness
Ownership End user
Detailed implementation
DMA transactions are non-deterministic by nature, because typically driven by external events
like communication messages reception. Anyway, well-designed safety systems should keep
much control as possible of events – refer for instance to IEC61508:3 Table 2 item 13
requirements for software architecture.
This method is based on system knowledge of frequency and type of expected DMA
transaction. For instance, an externally connected sensor supposed to send periodically some
messages to a STM32 peripheral. Monitoring DMA transaction by a dedicated state machine
allows to detect missing or unexpected DMA activities.
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent/transient
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity Continuous
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations
Because DMA transaction termination is often linked to an interrupt generation,
implementation of this method can be merged with the safety mechanism NVIC_SM_1:
Expected and unexpected interrupt check.
UM2305
Hardware and software diagnostics
UM2305 - Rev 10
page 37/110
To Next Page
Loading...
Need help?
General
