SM CODE
Dependency on Device configuration
Initialization
Periodicity
Test for the diagnostic
Multiple-fault protection
Recommendations and known limitations
SM CODE
Description
Ownership
Detailed implementation
Error reporting
Fault detection time
Addressed fault model
Dependency on Device configuration
Initialization
Periodicity
Test for the diagnostic
Multiple-fault protection
Recommendations and known limitations
SM CODE
Description
Ownership
Detailed implementation
UM2305 - Rev 10
None
None
Continuous
It is possible to write a test procedure to verify the generation of the HardFault exception;
anyway, given the expected minor contribution in terms of hardware random-failure detection,
such implementation is optional.
CPU_SM_0: Periodic core self-test software
Enabling related interrupt generation on the detection of errors is highly recommended.
Table 7.
CPU_SM_4
Stack hardening for Application software
End user
The stack hardening method is required to address faults (mainly transient) affecting CPU
register bank. This method is based on source code modification, introducing information
redundancy in register-passed information to called functions.
The guidelines for the implementation of the method are the following:
•
To pass also a redundant copy of the passed parameters values (possibly inverted) and
to execute a coherence check in the function.
•
To pass also a redundant copy of the passed pointers and to execute a coherence
check in the function.
•
For parameters that are not protected by redundancy, to implement defensive
programming techniques (plausibility check of passed values). For example enumerated
fields are to be checked for consistency.
Depends on implementation
Depends on implementation
Permanent/transient
None
Depends on implementation
On demand
Not applicable
CPU_SM_0: Periodic core self-test software
This method partially overlaps with defensive programming techniques required by IEC61508
for software development. Therefore in presence of Application software qualified for safety
integrity greater or equal to SC2, optimizations are possible.
Table 8.
CPU_SM_5
External watchdog
End user
Using an external watchdog linked to control flow monitoring method (refer to CPU_SM_1)
addresses failure mode of program counter or control structures of CPU.
External watchdog can be designed to be able to generate the combination of signals needed
on the final system to achieve the safe state. It is recommended to carefully check the
assumed requirements about system safe state reported in
assumptions.
Hardware and software diagnostics
CPU_SM_3
CPU_SM_4
CPU_SM_5
Section 3.3.1 Safety requirement
UM2305
page 13/110
Need help?
Do you have a question about the STM32L4 Series and is the answer not in the manual?