PXS20RM Datasheet, PDF(141/1368 Page) Freescale Semiconductor, Inc – PXS20 Microcontroller

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

PXS20RM Datasheet, PDF (141/1368 Pages) Freescale Semiconductor, Inc – PXS20 Microcontroller

◁

Functional Safety

7.6 Software measures

The Safety Application Guide specifies several software measures required to achieve safety integrity for

this device. Software has to trigger these test features at least every 10 ms (Process Safety Time). These

are simple checks. No software based self-test routine library is necessary for this device.

The following shows some examples for software checks. The complete list of software measures is

defined in the Safety Application Guide.

Example 1: Modules which require CRC checks during operation are:

â¢ SIUL: System configuration registers checked

â¢ ADC: Configuration registers checked

â¢ eTimer: Configuration registers checked

Example 2: The CTU unit requires the following checks:

â¢ Have all triggers been generated and served (supported by hardware, faults to be handled in SW)?

â¢ Do trigger times match expected behavior?

â¢ Is there a trigger buffer overrun (supported by hardware, faults to be handled in SW)?

â¢ Does the channel number sequence match expected behavior?

â¢ Are the issued commands valid (supported by hardware, faults to be handled in SW)?

7.7 Fault reaction

All faults detected by hardware measures like the redundancy checkers, self-test features, ECC, voltage

and clock monitors are reported to the central Fault Collection and Control Unit (FCCU). Depending on

the particular fault, the FCCU puts the device into the according configured Fail-Safe state. This prevents

fault propagation to system level. By definition, the Safe State of this chip is either of the following:

â¢ I/Os in tristate when the device is in shutdown or reset

â¢ Device flagging an Error Out for critical errors

The continuous switch between a standard operation state and the reset state without any shut down is not

considered a Safe State.

Safety critical IOs are kept in tri-state when the device is in a Fail-Safe state.

7.8 External measures

This chip requires several external measures to allow safe operation:

â¢ External power supply and monitor

â¢ External watchdog timer

â¢ Error out monitor to handle situations where this device indicates an internal fault

â¢ PWM output monitor that monitors and corrects the PWM outputs

PXS20 Microcontroller Reference Manual, Rev. 1

Freescale Semiconductor

7-3

▷