SM CODE NVIC_SM_0
Initialization Values of configuration registers must be read after the boot before executing the first check.
Periodicity Periodic
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations
This method addresses only failures affecting configuration registers, and not peripheral core
logic or external interface.
Attention must be paid to registers containing mixed combination of configuration and status
bits. Mask must be used before saving register contents affecting signature, and related
checks done, to avoid false positive detections.
Table 63. NVIC_SM_1
SM CODE NVIC_SM_1
Description Expected and unexpected interrupt check
Ownership End user
Detailed implementation
According to IEC 61508:2 Table A.1 recommendations, a diagnostic measure for continuous,
absence or cross-over of interrupt must be implemented. The method of expected and
unexpected interrupt check is implemented at Application software level.
The guidelines for the implementation of the method are the following:
• The interrupts implemented on the MCU are well documented, also reporting, when
possible, the expected frequency of each request (for example, the interrupts related to
ADC conversion completion that come on a regular basis).
• Individual counters are maintained for each interrupt request served, in order to detect in
a given time frame the cases of a) no interrupt at all b) too many interrupt requests
(“babbling idiot” interrupt source). The control of the time frame duration must be
regulated according to the individual interrupt expected frequency.
• Interrupt vectors related to unused interrupt source point to a default handler that
reports, in case of triggering, a faulty condition (unexpected interrupt).
• In case an interrupt service routine is shared between different sources, a plausibility
check on the caller identity is implemented.
• Interrupt requests related to non-safety-related peripherals are handled with the same
method here described, despite their originator safety classification.
Error reporting Depends on implementation
Fault detection time Depends on implementation
Addressed fault model Permanent/transient
Dependency on Device configuration None
Initialization Depends on implementation
Periodicity Continuous
Test for the diagnostic Not applicable
Multiple-fault protection CPU_SM_0: Periodic core self-test software
Recommendations and known limitations
In order to decrease the complexity of method implementation, it is suggested to use polling
technique (when possible) instead of interrupt for end system implementation.
3.6.15 Cyclic redundancy-check calculation unit (CRC)
Table 64. CRC_SM_0
SM CODE CRC_SM_0
Description CRC self-coverage
UM2305
Hardware and software diagnostics
UM2305 - Rev 10
page 41/110
To Next Page
Loading...
Need help?
General
