Table 9. Cpu_Sm_6; Table 10. Cpu_Sm_7 - ST STM32L4 Series User Manual
Hide thumbs
Also See for STM32L4 Series:
- Manual (213 pages) ,
- User manual (57 pages) ,
- Programming manual (262 pages)
Table of Contents
Advertisement
SM CODE
Error reporting
Fault detection time
Addressed fault model
Dependency on Device configuration
Initialization
Periodicity
Test for the diagnostic
Multiple-fault protection
Recommendations and known limitations
SM CODE
Description
Ownership
Detailed implementation
Error reporting
Fault detection time
Addressed fault model
Dependency on Device configuration
Initialization
Periodicity
Test for the diagnostic
Multiple-fault protection
Recommendations and known limitations
SM CODE
Description
Ownership
Detailed implementation
Error reporting
UM2305 - Rev 10
It also contributes to dramatically reduce potential common cause failures, because the
external watchdog is clocked and supplied independently of Device.
Depends on implementation
Depends on implementation (watchdog timeout interval)
Permanent/transient
None
Depends on implementation
Continuous
To be defined at system level (outside the scope of Compliant item analysis).
CPU_SM_1: Control flow monitoring in Application software
In case of usage of windowed watchdog, End user must consider possible tolerance in
Application software execution to avoid false error reports (affecting system availability).
It is worth noting that the use of an external watchdog could be needed anyway when Device
is used to trigger final elements, in order to comply at system level with requirements from
IEC61508-2:2010 Table A.1/Table A.14.
Table 9.
CPU_SM_6
Independent watchdog
ST
Using the IDWG watchdog linked to control flow monitoring method (refer to CPU_SM_1)
addresses failure mode of program counter or control structures of CPU.
Reset signal generation
Depends on implementation (watchdog timeout interval)
Permanent
None
IWDG activation. It is recommended to use hardware watchdog in option byte settings (IWDG
is automatically enabled after reset).
Continuous
WDG_SM_1: Software test for watchdog at startup
CPU_SM_1: Control flow monitoring in Application software
WDG_SM_0: Periodic read-back of configuration registers
The IWDG intervention is able to achieve a potentially "incomplete" local safe state because
it can only guarantee that CPU is reset. No guarantee that Application software can be still
executed to generate combinations of output signals that might be needed by the external
system to achieve the final safe state. If this limitation turn out in a blocking point, End user
must adopt CPU_SM_5.
Table 10.
CPU_SM_7
Memory protection unit (MPU).
ST
The CPU memory protection unit is able to detect illegal access to protected memory areas,
according to criteria set by End user.
Exception raise (MemManage).
Hardware and software diagnostics
CPU_SM_5
CPU_SM_6
CPU_SM_7
UM2305
page 14/110
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32L4 Series and is the answer not in the manual?