PIC18F2331_07 Datasheet, PDF(285/400 Page) Microchip Technology – 28/40/44-Pin Enhanced Flash Microcontrollers with nanoWatt Technology, High Performance PWM and A/D

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

PIC18F2331_07 Datasheet, PDF (285/400 Pages) Microchip Technology – 28/40/44-Pin Enhanced Flash Microcontrollers with nanoWatt Technology, High Performance PWM and A/D

◁

PIC18F2331/2431/4331/4431

22.4 Fail-Safe Clock Monitor

The Fail-Safe Clock Monitor (FSCM) allows the

microcontroller to continue operation, in the event of an

external oscillator failure, by automatically switching

the system clock to the internal oscillator block. The

FSCM function is enabled by setting the Fail-Safe

Clock Monitor Enable bit, FCMEN (CONFIG1H<6>).

When FSCM is enabled, the INTRC oscillator runs at

all times to monitor clocks to peripherals and provide

an instant backup clock in the event of a clock failure.

Clock monitoring (shown in Figure 22-3) is

accomplished by creating a sample clock signal, which

is the INTRC output divided by 64. This allows ample

time between FSCM sample clocks for a peripheral

clock edge to occur. The peripheral system clock and

the sample clock are presented as inputs to the Clock

Monitor latch (CM). The CM is set on the falling edge of

the system clock source, but cleared on the rising edge

of the sample clock.

FIGURE 22-3:

Peripheral

Clock

FSCM BLOCK DIAGRAM

Clock Monitor

Latch (CM)

(edge-triggered)

SQ

INTRC

Source

(32 Î¼s)

Ã· 64

488 Hz

(2.048 ms)

CQ

Clock

Failure

Detected

Clock failure is tested for on the falling edge of the

sample clock. If a sample clock falling edge occurs

while the CM is still set, a clock failure has been

detected (Figure 22-4). This causes the following:

â¢ the FSCM generates an oscillator fail interrupt by

setting bit OSCFIF (PIR2<7>);

â¢ the system clock source is switched to the internal

oscillator block (OSCCON is not updated to show

the current clock source â this is the fail-safe

condition); and

â¢ the WDT is reset.

Since the postscaler frequency from the internal

oscillator block may not be sufficiently stable, it may be

desirable to select another clock configuration and

enter an alternate power-managed mode (see

Section 22.3.1 âSpecial Considerations for Using

Two-Speed Start-upâ and Section 3.1.3 âMultiple

Sleep Commandsâ for more details). This can be

done to attempt a partial recovery or execute a

controlled shutdown.

To use a higher clock speed on wake-up, the INTOSC

or postscaler clock sources can be selected to provide

a higher clock speed by setting bits IRCF2:IRCF0

immediately after Reset. For wake-ups from Sleep, the

INTOSC or postscaler clock sources can be selected

by setting IRCF2:IRCF0 prior to entering Sleep mode.

Adjustments to the internal oscillator block using the

OSCTUNE register also affect the period of the FSCM

by the same factor. This can usually be neglected, as

the clock frequency being monitored is generally much

higher than the sample clock frequency.

The FSCM will detect failures of the primary or second-

ary clock sources only. If the internal oscillator block

fails, no failure would be detected, nor would any action

be possible.

22.4.1 FSCM AND THE WATCHDOG TIMER

Both the FSCM and the WDT are clocked by the

INTRC oscillator. Since the WDT operates with a

separate divider and counter, disabling the WDT has

no effect on the operation of the INTRC oscillator when

the FSCM is enabled.

As already noted, the clock source is switched to the

INTOSC clock when a clock failure is detected.

Depending on the frequency selected by the

IRCF2:IRCF0 bits, this may mean a substantial change

in the speed of code execution. If the WDT is enabled

with a small prescale value, a decrease in clock speed

allows a WDT time-out to occur and a subsequent

device Reset. For this reason, Fail-Safe Clock Monitor

events also reset the WDT and postscaler, allowing it to

start timing from when execution speed was changed

and decreasing the likelihood of an erroneous time-out.

22.4.2 EXITING FAIL-SAFE OPERATION

The fail-safe condition is terminated by either a device

Reset, or by entering a power-managed mode. On Reset,

the controller starts the primary clock source specified in

Configuration Register 1H (with any required start-up

delays that are required for the oscillator mode, such as

the OST or PLL timer). The INTOSC multiplexer provides

the system clock until the primary clock source becomes

ready (similar to a Two-Speed Start-up). The clock system

source is then switched to the primary clock (indicated by

the OSTS bit in the OSCCON register becoming set). The

Fail-Safe Clock Monitor then resumes monitoring the

peripheral clock.

The primary clock source may never become ready

during start-up. In this case, operation is clocked by the

INTOSC multiplexer. The OSCCON register will remain in

its Reset state until a power-managed mode is entered.

Entering a power-managed mode by loading the

OSCCON register and executing a SLEEP instruction

will clear the fail-safe condition. When the fail-safe

condition is cleared, the clock monitor will resume

monitoring the peripheral clock.

Â© 2007 Microchip Technology Inc.

Preliminary

DS39616C-page 283

▷