Presentation is loading. Please wait.

Presentation is loading. Please wait.

PIC ® MCU Safety Features and Certified Class B Library.

Published byChristian Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "PIC ® MCU Safety Features and Certified Class B Library."— Presentation transcript:

1 PIC ® MCU Safety Features and Certified Class B Library

2 Software and Hardware Support 2 Microchip’s library of low-level software routines simplifies IEC 60730 compliance for Class B Safety. Microchip also provides products with integrated safety features to ease implementation.

3 PIC ® MCU Safety Overview Flash CRC Module, Error Correction, Read/Write Protection Flash CRC Module, Error Correction, Read/Write Protection RAM Stuck At Faults RAM Stuck At Faults SFR DC Fault Detection SFR DC Fault Detection CPU Trap Instruction, Program Counter Stuck-At Faults CPU Trap Instruction, Program Counter Stuck-At Faults Clocks Redundant Osc., Windowed WDT, Lockable Clock, Clock Fail Detect, Freq. Detect Clocks Redundant Osc., Windowed WDT, Lockable Clock, Clock Fail Detect, Freq. Detect Peripherals Hardware Limit Timer, Dead-man Timer, PWM Fault Peripherals Hardware Limit Timer, Dead-man Timer, PWM Fault 3

4 Agenda 8-bit MCU Safety Features 16-bit MCU & DSC Safety Features 32-bit MCU Safety Features Certified Class B Library 8-bit MCU Safety Features 16-bit MCU & DSC Safety Features 32-bit MCU Safety Features Certified Class B Library 4

5 8-bit MCU Safety Features

6 Software and Hardware Support Cyclic Redundancy Check with Memory scan (CRC/SCAN) Adds reliability by scanning program memory for corruption Detection done in hardware, no interruption to the CPU Software configurable 6

7 CRC + Memory Scan (CRC/SCAN) Cyclic Redundancy Check (CRC) l An error-detection module available to on-chip Memory and Comms. Peripherals l Blocks of data entering the system get a short check value attached l Corruption is detected by matching check values upon data retrieval l Software configurable so it can be updated/modified if necessary Memory Scan l Scans program memory to ensure the contents are correct l Calculation is done using the CRC peripheral l All memory-scan operations are controlled via software Cyclic Redundancy Check (CRC) l An error-detection module available to on-chip Memory and Comms. Peripherals l Blocks of data entering the system get a short check value attached l Corruption is detected by matching check values upon data retrieval l Software configurable so it can be updated/modified if necessary Memory Scan l Scans program memory to ensure the contents are correct l Calculation is done using the CRC peripheral l All memory-scan operations are controlled via software Memory SCAN CRC 7

8 Software and Hardware Support Windowed Watchdog Timer (WWDT) Monitors software to ensure operation within predefined limits A RESET is generated when instructions fall outside a set window Offloads timing-critical tasks from CPU 8

9 Windowed Watchdog Timer (WWDT) Detects “over-run” and “under-run” errors in software timing l Resets the CPU if… l The Timer runs into Overflow (standard WDT function) l The wrong value is written into the Watchdog register l Hardware and Software Configurable l Multiple clock sources l 2 selectable reference input clocks Detects “over-run” and “under-run” errors in software timing l Resets the CPU if… l The Timer runs into Overflow (standard WDT function) l The wrong value is written into the Watchdog register l Hardware and Software Configurable l Multiple clock sources l 2 selectable reference input clocks 9

10 Software and Hardware Support Hardware Limit Timer (HLT) Detects hardware fault conditions (stall, stops, etc.) Ideal for closed-loop control applications Eliminates the need for external devices Multiple modes and clock sources adds design flexibility 10

11 Hardware Limit Timer (HLT) l Monitors hardware for fault conditions (stalls, stops, etc) l Reduces code complexity l No code needed for detection set-up or management l Flexible design l Selectable start-of-event trigger, clock sources l One-shot mode – eliminates need to SW disable l Multiple HLT modes (e.g. One-Shot Mode) l Monitors hardware for fault conditions (stalls, stops, etc) l Reduces code complexity l No code needed for detection set-up or management l Flexible design l Selectable start-of-event trigger, clock sources l One-shot mode – eliminates need to SW disable l Multiple HLT modes (e.g. One-Shot Mode) HLT 11

12 8-bit PIC ® MCUs Safety Features -1/1 ✓ -4x 10-bit62563.5KPIC12(L)F1612 -1/1 ✓ -8x 10-bit12 256 3.5K 1/3212x 10-bit185127K EUSART, I 2 C, SPI 1/3 ✓ 4181K14K 20-pin 1 2 2 - ✓ ✓ ✓ ✓ ✓ ✓ ✓ PIC16(L)F1613 PIC16(L)F1618 PIC16(L)F161912x 10-bit 14-pin 8-pin Released CQ4’14 ✓ ✓ EUSART, I 2 C, SPI Comms. 8-bit DAC I/O Pins RAM (Bytes) FLASH (Bytes) WWDT, CRC/SCAN 8-/16-bit Timers CLC ADC Device Comp.HLT Status EUSART, I 2 C™, SPI 1/328x 10-bit127K 2 ✓ ✓ PIC16(L)F1614 CQ4’14 512 ✓ EUSART, I 2 C, SPI 1/3 48x 10-bit1214K 2 ✓ ✓ PIC16(L)F1615 CQ4’14 1K ✓ 12

13 Development Tools Support PICDEM™ Lab Development Kit (part # DM163045) Development platform for 6- to 20-pin MCUs 8-bit Low Pin Count Board (part # DM164130-9) Development code for enhanced Mid-range core products Supported by standard tool suite MPLAB ® X IDE MPLAB ICD 3, PICkit™ 3 Development Platforms MPLAB Code Configurator 13

14 16-bit MCU Safety Features

15 Flash Error Correction (ECC) l Up to 2 bit errors detected, Single bit correction l Real-time monitor & correction l Transparent hardware implementation l Up to 2 bit errors detected, Single bit correction l Real-time monitor & correction l Transparent hardware implementation 241 1 1 61 Flash Memory Contents Data to be written to Flash ECC Bits ECC Engine Detects 2 single bit failures, corrects 1 bit errors Flash Read Data 15

16 Flash Protection with CodeGuard™ Security Regulates Flash Operations Program/Erase Protected Space Read/Write Secured Segments -Code Flow Changes -Interrupt Vectors 16

17 Illegal Opcode Detect Flash Illegal Opcode Device Reset 17

18 Comprehensive CRC Module l 32-bit Hardware CRC l Flash, RAM, SFR spaces l Variable bit widths, 8-bit to 32-bit l Low CPU overhead l FIFO speeds calculation l 32-bit Hardware CRC l Flash, RAM, SFR spaces l Variable bit widths, 8-bit to 32-bit l Low CPU overhead l FIFO speeds calculation 18

19 Error Trap Monitor Generate Reset if simultaneous Traps occur 19

20 Reset Traceability Reset sources captured and flagged 20

21 OSCCON Lock Sequence Password sequence l Prevents errant frequency changes l Requires two back to back writes l Separate upper and lower byte writes l Upper byte is oscillator source l Lower byte is oscillator enable 21

22 l Detects loss of system clock l Automatically switches to Internal Oscillator source l Issues clock fail trap l Detects loss of system clock l Automatically switches to Internal Oscillator source l Issues clock fail trap Fail-Safe Clock Monitor System Clock Missing Clock Detected 22

23 Frequency Check Timer qualifies system frequency 23

24 Windowed WDT l Detects and Resets MCU in event of code execution error l Window option implements selectable CLRWDT time l Scalable period from 1 ms to 131 s l Dedicated clock source, independent of system clock l Detects and Resets MCU in event of code execution error l Window option implements selectable CLRWDT time l Scalable period from 1 ms to 131 s l Dedicated clock source, independent of system clock 24

25 Dead-man Timer (DMT) l Counts instructions executed l Requires “Proper Clear” to avoid reset l Based on system clock l Detects out of sequence execution l Counts instructions executed l Requires “Proper Clear” to avoid reset l Based on system clock l Detects out of sequence execution 25

26 PWM Lock l Prevent errant changes l Requires password sequence l Temporarily unlocks registers mov #0xabcd,w10 ;Load first unlock key to w10 register mov #0x4321,w11 ;Load second unlock key to w11 register mov #0xabcd,w10 ;Load first unlock key to w10 register mov #0x4321,w11 ;Load second unlock key to w11 register 26

27 16-bit dsPIC ® DSCs Safety Features 27

28 Development Tools Support dsPIC33E USB Starter Kit (part # DM330012) Motor Control Starter Kit with mTouch ® Sensing (part # DM330015) Supported by standard tool suite MPLAB ® X IDE MPLAB ICD 3, PICkit™ 3 Development Platforms MPLAB Code Configurator 28

29 32-bit MCU Safety Features

30 Flash Error Correction (ECC) l Detects and corrects errors resulting in extended flash life l 128-bit wide flash word groups l ECC can be Enabled/Disabled l Dynamically enabled using the FECCCON Configuration bit l Detects and corrects errors resulting in extended flash life l 128-bit wide flash word groups l ECC can be Enabled/Disabled l Dynamically enabled using the FECCCON Configuration bit 30

31 Flash Protection l Code Protection is enabled by the CP bit l On PIC32MX devices Boot Flash Write Protection is enabled by the BWP bit l On PIC32MZ devices boot flash write protection is divided into pages and is enable by the LBWPx and UBWPx bits in the NVMBWP register 31

32 Illegal Opcode Detect Flash Illegal Opcode Instruction Validity Exception trap 32

33 32-bit CRC Module 32-bit Programmable CRC Generation module: CRC module can be assigned to any of the available DMA channels CRC module is highly configurable 33

34 Reset Traceability Reset sources captured and flagged 34

35 OSCCON Lock Sequence Password sequence l Prevents errant frequency changes l Requires two back to back writes l Separate upper and lower byte writes l Upper byte is oscillator source l Lower byte is oscillator enable 35

36 l Detects loss of system clock l Automatically switches to Internal Oscillator source l Triggers NMI (Non-Maskable Interrupt) when clock fails l A separate internal Backup FRC (BFRC) upon clock source failure l Detects loss of system clock l Automatically switches to Internal Oscillator source l Triggers NMI (Non-Maskable Interrupt) when clock fails l A separate internal Backup FRC (BFRC) upon clock source failure Fail-Safe Clock Monitor System Clock Missing Clock Detected 36

37 High Voltage Detect (HVD) Monitors the core voltage at the VCAP pin I/O Pins disabled if voltage above the required level is detected on VCAP 37

38 Windowed Watchdog Timer (WDT) l Operates from the internal Low-Power Oscillator (LPRC) clock source l Detects system software malfunctions & resets device l Wakes the device from Sleep or Idle mode l Operates from the internal Low-Power Oscillator (LPRC) clock source l Detects system software malfunctions & resets device l Wakes the device from Sleep or Idle mode Watch Dog Timer Block Diagram 38

39 Dead-man Timer (DMT) l Reset processor in the event of software malfunction l Used in mission critical and safety critical applications l Reset processor in the event of software malfunction l Used in mission critical and safety critical applications Dead-man Timer Block Diagram 39

40 Misc. Lock Functions l Peripheral Module Disable Lock l Disables a peripheral module by stopping all clock sources supplied l Memory Protect l Peripheral and memory region access control l I/O (PPS) l Lock the I/O assignment for that pin l Peripheral Module Disable Lock l Disables a peripheral module by stopping all clock sources supplied l Memory Protect l Peripheral and memory region access control l I/O (PPS) l Lock the I/O assignment for that pin 40

41 32-bit MCUs Safety Features 41

42 Development Tools Support PIC32 USB Starter Kit III (part # DM320003-3) PIC32MZ EC Starter Kit With Crypto Engine (part # DM320006-C) Supported by standard tool suite MPLAB ® X IDE MPLAB ICD 3, PICkit™ 3 Development Platforms MPLAB Harmony Integrated Software Framework 42

43 Certified Class B Library AN1229

44 Library Scope Class B Safety Software Library routines detect the occurrence of faults in a single channel CPU Developed in accordance with IEC 60730 to support Class B certification process Routines directly integrate into MCU applications to test and verify the critical functionalities without affecting the end application 44

45 Supported Architectures PIC16F 8-bit MCU PIC18F 8-bit MCU PIC24F 16-bit MCU dsPIC33E 16-bit DSC PIC32 32-bit MCU Class B Library PIC16F 8-bit MCU PIC18F 8-bit MCU PIC24F 16-bit MCU dsPIC33E 16-bit DSC PIC32 32-bit MCU Class B Library 45

46 Library Coverage 46

47 CPU Register Test The CPU Register test implements the functional test H.2.16.5 defined by the IEC 0730 standard. It detects stuck-at Faults in the CPU registers. 1010 0101 0101 1010 1010 0101 0101 1000 0101 1010 CPU Registers 47

48 Program Counter Test The Program Counter (PC) test implements the functional test H.2.16.5 defined by the IEC 0730 standard. If the PC returned matches, the PC branches to next Instruction. 1010 0101 1010 0101 1010 0101 0101 1010 0101 1010 0101 1010 1010 0101 1010 0101 1010 0101 0101 1000 0101 1010 0101 1010 Program Counter 48

49 Flash Test The Invariable Memory (Flash/EEPROM) test implements the periodic modified checksum H.2.19.3.1 defined by the IEC 60730 standard. It detects the single bit Faults in the invariable memory using the Cyclic Redundancy Check (CRC). 1010 0101 1010 0101 1010 0101 0101 1010 0101 1010 0101 1010 1010 0101 1010 0101 1010 0101 0101 1000 0101 1010 0101 1010 Flash Memory 49

50 RAM Test Variable Memory l March C/C Minus l Stuck-at, Addressing, Transition, and Coupling Fault Detection l Run at start-up l March B l Stuck-at, Linked Idempotent & Inversion Coupling l Checkerboard Test l March C/C Minus l Stuck-at, Addressing, Transition, and Coupling Fault Detection l Run at start-up l March B l Stuck-at, Linked Idempotent & Inversion Coupling l Checkerboard Test 1010 0101 0101 1010 1010 0101 0101 1000 0101 1010 RAM 50

51 Interrupt Test The Interrupt test implements the independent time slot monitoring H.2.18.10.4 defined by the IEC 60730 standard. It checks whether the number of interrupts that occurred is within the predefined range. Timer Generated Int. Interrupts Line Freq. Generated 51

52 Oscillator Test Clock test implements the independent time slot monitoring H.2.18.10.4 defined by the IEC 60730 standard. It verifies the reliability of the system clock, i.e. too fast or too slow Secondary Osc. Oscillator Line Freq. Generated 52

53 Thanks! 53

Download ppt "PIC ® MCU Safety Features and Certified Class B Library."

Similar presentations

1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.
8051 Core Specification.

8051 Core Specification.
Computer System Overview

Computer System Overview
CSCI 4717/5717 Computer Architecture

CSCI 4717/5717 Computer Architecture
1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.
Introduction of Holtek HT-46 series MCU

Introduction of Holtek HT-46 series MCU
Chapter 7 Interupts DMA Channels Context Switching.

Chapter 7 Interupts DMA Channels Context Switching.
Timers and Interrupts Shivendu Bhushan Summer Camp ‘13.

Timers and Interrupts Shivendu Bhushan Summer Camp ‘13.
16.317: Microprocessor System Design I Instructor: Dr. Michael Geiger Spring 2012 Lecture 29: Microcontroller intro.

16.317: Microprocessor System Design I Instructor: Dr. Michael Geiger Spring 2012 Lecture 29: Microcontroller intro.
The Cortex-M3 Embedded Systems: LM3S9B96 Microcontroller – System Control Refer to Chapter 6 in the reference book “Stellaris® LM3S9B96 Microcontroller.

The Cortex-M3 Embedded Systems: LM3S9B96 Microcontroller – System Control Refer to Chapter 6 in the reference book “Stellaris® LM3S9B96 Microcontroller.
Clock Generation Module MTT48 4-1 CLOCK GENERATION MODULE (CGM)

Clock Generation Module MTT CLOCK GENERATION MODULE (CGM)
NS9750 - Training Hardware. System Controller Module.

NS Training Hardware. System Controller Module.
The domestic refrigerator-An example A car door mechanism.

The domestic refrigerator-An example A car door mechanism.
Introduction to Embedded Systems

Introduction to Embedded Systems
Renesas Electronics Europe GmbH 00000-A © 2010 Renesas Electronics Corporation. All rights reserved. RL78 Clock Generator.

Renesas Electronics Europe GmbH A © 2010 Renesas Electronics Corporation. All rights reserved. RL78 Clock Generator.
System Clocks.

System Clocks.
LPC2148 Programming Using BLUEBOARD

LPC2148 Programming Using BLUEBOARD
CHAPTER 2: COMPUTER-SYSTEM STRUCTURES Computer system operation Computer system operation I/O structure I/O structure Storage structure Storage structure.

CHAPTER 2: COMPUTER-SYSTEM STRUCTURES Computer system operation Computer system operation I/O structure I/O structure Storage structure Storage structure.
Silberschatz, Galvin, and Gagne  1999 2.1 Applied Operating System Concepts Module 2: Computer-System Structures Computer System Operation I/O Structure.

Silberschatz, Galvin, and Gagne  Applied Operating System Concepts Module 2: Computer-System Structures Computer System Operation I/O Structure.
1 CSE Department MAITSandeep Tayal Computer-System Structures Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.

1 CSE Department MAITSandeep Tayal Computer-System Structures Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.

Similar presentations

Ads by Google