Table 24. Ram_Sm_3; Table 25. Ram_Sm_4 - ST STM32F2 Series User Manual

SM CODE
Multiple faults protection
Recommendations and known limitations Refer to CPU_SM_4
SM CODE
Description
Ownership
Detailed implementation
Error reporting
Fault detection time
Addressed fault model
Dependency on MCU
configuration
Initialization
Periodicity
Test for the diagnostic
Multiple faults protection
Recommendations and known
limitations
SM CODE
Description
Ownership
Detailed implementation
Error reporting
Fault detection time
Addressed fault model
Dependency on MCU configuration
Initialization
Periodicity
UM1845 - Rev 4
RAM_SM_2
Refer to CPU_SM_4
Table 24.
RAM_SM_3
Information redundancy for safety-related variables in application software
End user
To address transient faults affecting SRAM controller, it is required to implement information redundancy on
the safety-related system variables stored in the RAM.
The guidelines for the implementation of this method are the following:
• The system variables that are safety-related (in the sense that a wrong value due to a failure in
reading on the RAM affects the safety functions) are well-identified and documented.
• The arithmetic computation or decision based on such variables are executed twice and the two final
results are compared.
• Safety-related variables are stored and updated in two redundant locations, and comparison is
checked before consuming data.
• Enumerated fields must use non-trivial values, checked for coherence at least one time per PST
• Data vectors stored in SRAM must be protected by a encoding checksum (like CRC)
Depends on implementation
Depends on implementation
Permanent and Transient
None
Depends on implementation
On demand
Not needed
CPU_SM_0: periodical core self-test software
Implementation of this safety method shows a partial overlap with an already foreseen method for Cortex
M3 (CPU_SM_1); optimizations in implementing both methods are therefore possible
Table 25.
RAM_SM_4
Control flow monitoring in application software
End user
In case the end user application software is executed from SRAM, permanent and transient faults
affecting the memory (cells and address decoder) can interfere with the program execution.
To address such failures it is needed to implement this method.
For more details on the implementation, refer to description CPU_SM_1
Depends on implementation
Depends on implementation. Higher value is fixed by watchdog timeout interval.
Permanent and Transient
None
Depends on implementation
Continuous
Description of hardware and software diagnostics
RAM_SM_3
RAM_SM_4
UM1845
®
-
page 23/108