ST SPC582B Series Application Note
  1. Manuals
  2. Brands
  3. ST Manuals
  4. Microcontrollers
  5. SPC582B Series
  6. Application note

ST SPC582B Series Application Note

Fccu fault sources and reaction
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AN5752
Application note
SPC582Bx FCCU fault sources and reaction
Introduction
This application note describes the FCCU failure input sources. Furthermore, for each of them, it describes how to verify the
integrity of the error reaction path and the recommended methods to inject a fault.
The device mentioned in this document is the SPC582Bx (40 nm–Body–ASIL B). Most of the concepts, however, are also valid
for the other devices belonging to the 40 nm and 55 nm families of SPC5 32-bit automotive MCUs.
Before reading this document, the reader should have a clear understanding about the usage of FCCU. For further details on
this module, refer to "Fault Collection and Control Unit (FCCU)" chapter of the SPC582Bx microcontroller reference manual
RM0403. For description of the functional and electrical problems of the SPC582Bx devices, the reader should also refer to the
SPC582Bx errata sheet ES0413.
A reference code is available.
AN5752 - Rev 1 - November 2021
www.st.com
For further information contact your local STMicroelectronics sales office.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SPC582B Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ST SPC582B Series

Summary of Contents for ST SPC582B Series

  • Page 1 RM0403. For description of the functional and electrical problems of the SPC582Bx devices, the reader should also refer to the SPC582Bx errata sheet ES0413. A reference code is available. AN5752 - Rev 1 - November 2021 www.st.com For further information contact your local STMicroelectronics sales office.

  • Page 2: Overview

    AN5752 Overview Overview The FCCU is a key element of the functional safety concept of the SPC58 and SPC57 families of SPC5 32-bit automotive MCUs. It is responsible for collecting and reacting to failure notifications coming from different modules indicated as monitors. Examples of monitors are CMU, MEMU, XBIC and so forth. Figure 1.
  • Page 3 AN5752 Overview FCCU input # Source Failure description Error reaction path STCU BIST result-wrong signature (STCU recoverable fault) Testable STCU MBIST control activation Testable JTAG, NPC or debug functionality moved out of reset or GLUE LOGIC Testable SSCM activation PLATFORM/DMA DMA_1 gasket monitor error Not testable PLATFORM/DSMC...
  • Page 4 AN5752 Overview FCCU input # Source Failure description Error reaction path Test circuitry group 2 activation Not testable Test circuitry group 3 activation Not testable Test circuitry group 4 activation Not testable PLATFORM/CORE Safety Core_2 exception (machine check exception) Testable PLATFORM/PBRIDGE PBRIDGE_1 e2eEDC error Not testable...

  • Page 5: Fccu Fault Injection, Clearing And Fake Fault Interface

    AN5752 FCCU fault injection, clearing and fake fault interface FCCU fault injection, clearing and fake fault interface The application can use the fault injection to diagnose physical defects affecting the connections between the hardware monitors and the FCCU. The procedure to inject a fault depends on the specific monitor. Three different sets of fault inputs can be distinguished: •...
  • Page 6 AN5752 FCCU fault injection, clearing and fake fault interface To clear a fault directly in the monitor, an additional (and optional) signal is available (clear signal in Figure yellow arrow). The de-assertion of the FCCU_RF_Sn status bit indicates that the software has properly cleared the fault.

  • Page 7: Faults Description

    AN5752 Faults description Faults description The following sections describe all the faults collected by FCCU for SPC582Bx device and how, if possible, to inject them for checking the integrity of the relevant reaction path. The following convention is adopted in the following figures: a green arrow marks the faults injectable by the FCCU fake fault interface;...

  • Page 8: Digital Pmc Initialization Error During Dcf Data Load (Fault #3)

    AN5752 SSCM/Flash_0 fault 3.1.4 Digital PMC initialization error during DCF data load (fault #3) DCF records are used to configure certain registers in the device during system boot. If an error occurs while the SSCM loads the values into the PMC registers, the PMC_DIG forwards this fault to the FCCU. The user cannot inject this fault.

  • Page 9: Bist Result-Wrong Signature (Stcu Unrecoverable Fault) (Fault #6)

    AN5752 STCU faults Figure 5. STCU2 faults INTC Interrupt Interrupt request Fault #6 STCU2 FCCU Fault #7 Error out Fault #8 Reset request reset Clear 3.3.1 BIST result-wrong signature (STCU unrecoverable fault) (fault #6) If the BIST detects a fault that is configured as unrecoverable fault, the STCU forwards this fault to the FCCU. Note: The user shall configure the STCU to trigger either a recoverable or an unrecoverable fault if the BIST fails.

  • Page 10: Glue Logic Faults

    AN5752 Glue logic faults Glue logic faults Figure 6. Glue logic fault #9 Clear INTC Interrupt Interrupt request JTAG/ FCCU Fault #9 Error out SSCM Reset request reset Figure 7. Glue logic fault #96 INTC Interrupt Interrupt request EOUT/EIN FCCU Error out SIUL PAD Reset request...

  • Page 11: Dma Faults

    AN5752 DMA faults The user can inject this fault by: Enabling EOUT control by FCCU (FCCU_CFG[FCCU_SET_AFTER_RESET] = 0x1); Asserting the EOUT / EIN loopback (SIUL2_MSCR_IO27[SSS] = 0x5); Driving the EOUT to logic 0 (FCCU_CFG [FCCU_SET_CLEAR] = 0x1). Assuming the fault configured as HW recoverable fault, the user can clear the fault by: De-asserting the EOUT / EIN loopback (SIUL2_MSCR_IO27[SSS] = 0x0);...

  • Page 12: Dsmc Fault

    AN5752 DSMC fault The user can inject a fake fault by setting the FCCU_RFF[FRFC] field to the value 0x30. The FCCU error reaction path is verified if the FCCU_RF_S1[RFS16] status bit is set. DSMC fault The DSMC generates the atomic read-modify-write bus transactions to the attached slave memory controller, and it is instantiated within the platform and physically resides between the core data AHB bus and the associated XBAR master port.

  • Page 13: Edc After Ecc For Flash Array (Fault #64)

    AN5752 Flash/PFLASHC faults The user can inject this fault by: Enabling the user test (FLASH_0_UT0[UTE] = 0x1); Enabling the customer programmable read voltage and reference detection (FLASH_0_UT0[CPR] = 0x1); Disabling the user test (FLASH_0_UT0[UTE] = 0x0); Accessing the customer programmable detection area in the UTEST block (address 0x0040_02E0 to 0x0040_02FF).

  • Page 14: Pflash Address Feedback Error (Fault #67)

    AN5752 SWT faults 3.7.6 PFLASH address feedback error (fault #67) The PFLASHC detects faults resulting in a mismatch between the address from the XBAR and the feedback address from the Flash and it forwards this fault to FCCU. The user can inject this fault by: Enabling the user test (FLASH_0_UT0[UTE] = 0x1);...

  • Page 15: Memu Faults

    AN5752 MEMU faults MEMU faults The MEMU is responsible for collecting and reporting error events captured by ECC/EDC logic used in system RAM, peripheral RAM and Flash memories. When any of the following events occurs, the MEMU receives an error signal that causes an event to be recorded. When multiple errors are indicated from various sources at the same instant, an overflow can be indicated by the MEMU to the FCCU.

  • Page 16: Peripheral Ram Correctable Error (Fault #24)

    AN5752 IMA fault 3.9.4 Peripheral RAM correctable error (fault #24) In case a correctable error is detected when accessing a peripheral RAM, the MEMU records the event and forwards this fault to the FCCU. The user can inject this fault by a SW procedure that sets the MEMU_DEBUG[FR_PR_CE] bit.

  • Page 17: Ima Activation (Fault #30)

    AN5752 SMPU faults Figure 12. IMA fault INTC Interrupt Interrupt request FCCU Fault #30 Error out Reset request reset 3.10.1 IMA activation (fault #30) Since unwanted activation of the IMA can interfere with execution of the application, the IMA signals to the FCCU when its activation has happened.

  • Page 18: Smpu Xbar 1 Monitor Correctly Refuses An Access (Fault #34)

    AN5752 Core_2 faults 3.11.2 SMPU XBAR 1 monitor correctly refuses an access (fault #34) In case of a memory access not mapped to any region descriptor or with insufficient rights, it terminates with an access error response and the HW monitors inside the SMPU detects this event and forwards this fault to the FCCU.

  • Page 19: Pll1 Loss Of Lock Error (Fault #50)

    AN5752 CMU faults 3.13.2 PLL1 loss of lock error (fault #50) A built-in mechanism can detect a loss of lock for the PLL1. The relevant PLLDIG forwards this fault to the FCCU. The user can inject this fault by a SW procedure that enables the loss of lock interrupt (PLLDIG_PLL1CR[LOLIE] = 1) and changes on-the-fly the PLL configuration (for example, change on-the-fly the value of the PLLDIG_PLL1DV[PREDIV] field) that generates a temporary loss of lock.

  • Page 20: Frequency Out Of Range (Fault #53)

    AN5752 XBIC fault 3.14.3 Frequency out of range (fault #53) Using the IRCOSC frequency as monitor references, the CMU_1 monitors the clock frequency used by Core_2 and XBAR, the CMU_2 monitors the clock frequency used by HPBM, the CMU_3 monitors the clock frequency used by the PBRIDGE, the CMU_11 monitors the clock frequency used by the FBRIDGE and the CMU_14 monitors the clock frequency used by the PFBRIDGE.

  • Page 21: Pram_2 Faults

    AN5752 PRAM_2 faults 3.16 PRAM_2 faults The PRAM controller acts as an interface between the system bus and the integrated system RAM. It converts the protocols between the system bus and the RAM array interface. The device embeds one controller, the PRAMC_2.

  • Page 22: Test Circuitry Group 1 Activation (Fault #78)

    AN5752 PBRIDGE faults Figure 18. TCU faults DFT_1 Fault #78 INTC Interrupt Interrupt request DFT_2 Fault #79 FCCU Error out Fault #80 DFT_3 Reset request reset Fault #81 DFT_4 3.17.1 Test circuitry group 1 activation (fault #78) In case of unwanted activation of the test circuitry in the related diagnostic function test domain, the event is detected and forwarded to the FCCU.

  • Page 23: Pbridge_1 E2Eedc Error (Fault #89)

    AN5752 MC_RGM fault Figure 19. PBRIDGE faults Fault #88 PBRIDGE 1 INTC Interrupt Fault #89 Interrupt request FCCU Error out Fault #90 Fault #91 Reset request PBRIDGE 2 reset 3.18.1 PBRIDGE_1 e2eEDC error (fault #89) A random failure affecting the ECC correction logic of the corresponding master can cause a corrupted ECC correction.

  • Page 24: Compensation Cells Faults

    AN5752 Compensation cells faults 3.20 Compensation cells faults Compensation cells generate an 8-bit compensation code for I/O buffers, depending on process, voltage, and temperature (PVT) conditions of the chip. Compensation reduces the spread of some circuit parameters (for example, current slew rate and output impedance) in the I/O buffers over temperature, pressure and voltage. Figure 21.

  • Page 25: Example Code

    AN5752 Example code Example code An example code that includes the FCCU settings and how to inject the faults according to the above list is available upon request. This is the summary of the actions done in the example code: •...

  • Page 26: Summary

    AN5752 Summary Summary Safety analysis requires that the user verifies the integrity of the FCCU error reaction path (not all FCCU inputs are testable) periodically with a period lower than the trip time (for example, 12 hours). The methodology for these tests is based on fault injection and verification whether the FCCU correctly receives it and depends on the specific FCCU input.

  • Page 27: Appendix A Acronyms, Abbreviations And Reference Documents

    AN5752 Acronyms, abbreviations and reference documents Appendix A Acronyms, abbreviations and reference documents Table 2. Acronyms and abbreviations Terms Description BIST Built-in self-test Device configuration format DSMC Decorated storage memory controller EDC / ECC Error detection code/Error correction code eDMA Enhanced direct memory access eMIOS Enhanced modular input-output system...

  • Page 28: Table 3. Reference Documents

    AN5752 Acronyms, abbreviations and reference documents Terms Description XBAR CrossBAR XBIC CrossBAR integrity checker XOSC External oscillator/crystal Table 3. Reference documents Document name Document title RM0403 SPC58 2B Line - 32 bit Power Architecture automotive MCU z2 core 80 MHz, 1 MByte Flash, ASIL-B ES0413 SPC582Bx devices errata JTAG_ID = 0x1114_0041 AN5752 - Rev 1...

  • Page 29: Revision History

    AN5752 Revision history Table 4. Document revision history Date Revision Changes 26-Nov-2021 Initial release. AN5752 - Rev 1 page 29/35...

  • Page 30: Table Of Contents

    AN5752 Contents Contents Overview ................2 FCCU fault injection, clearing and fake fault interface .
  • Page 31 AN5752 Contents 3.7.5 Flash encoding error (fault #66) ..........13 3.7.6 PFLASH address feedback error (fault #67) .
  • Page 32 AN5752 Contents 3.15.1 XBIC error detected (fault #56) ..........20 3.16 PRAM_2 faults.
  • Page 33 AN5752 List of tables List of tables Table 1. FCCU failure inputs ..............2 Table 2.
  • Page 34 AN5752 List of figures List of figures Figure 1. FCCU monitor to reaction path ............2 Figure 2.
  • Page 35 ST’s terms and conditions of sale in place at the time of order acknowledgement. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of Purchasers’...

Table of Contents