This is the multi-page printable view of this section. Click here to print.
Component Design
1 - CM102A_FlsMem
Flash Memory RH850
(FlsMem)
FDD CM102A
2. Sub-Function In This Document 3
3. Critical Register Verification References 3
4.1. Sub-Function: Code Flash Init (FlsMemInit1) 4
4.2. Sub-Function: Code Flash 2-Bit and Address Parity 5
4.3. Sub-Function: Code Flash CRC 5
4.3.7. NTC Verification Method (Special Code) 10
4.4. Sub-Function: Code Flash Single Bit ECC 10
4.4.7. NTC Verification Method (Special Code) 13
5. Revision Record & Change Approval 14
High Level Description
This document describes the microcontroller configuration for flash memory diagnostics for the RH850. It includes ECC, address parity and CRC confirmations. It also includes logic to look for frequent corrections on a given address to predict failures.
Sub-Function In This Document
Below is a linked list of all sub-functions owned by this document.
| Sub-Function Name | Link |
|---|---|
| Code Flash Init | 4.1 |
| Code Flash 2-Bit and Address Parity | 4.2 |
| Code Flash CRC | 4.3 |
Critical Register Verification References
This table contains the information needed for critical register verification as configured or used in this document.
| Register | Init / Periodic Verification | Masking | Expected Value |
|---|---|---|---|
| None – Flash ECC registers will be covered in CM110A |
Sub-functions
Sub-Function: Code Flash Init (FlsMemInit1)
Return to sub-function list link: Sub-Function In This Document
This is an empty Initialization function that contains no logic.
FlsMemInit1 is an RTE function which is required for memory mapping PIM and Calibration definitions
Sub-Function: Code Flash 2-Bit and Address Parity
Return to sub-function list link: Sub-Function In This Document
Refer to FDD CM101A_ExcpnHndling for information on 2-Bit code flash ECC / Address Parity faults.
Sub-Function: Code Flash CRC
Return to sub-function list link: Sub-Function In This Document
NTCs
002.0 Code Flash Single Bit ECC
004.0 Flash Memory Code Flash Crc Fault
SAN Linkage
| Requirement # | DOORs Link |
|---|---|
| 234 | http://usmisag-ap40.nexteer.com:8080/dwa/rm/urn:rational::1-399d8406295f0f5f-O-234-0000e801 |
| 242 | http://usmisag-ap40.nexteer.com:8080/dwa/rm/urn:rational::1-399d8406295f0f5f-O-242-0000e801 |
| 248 | http://usmisag-ap40.nexteer.com:8080/dwa/rm/urn:rational::1-399d8406295f0f5f-O-248-0000e801 |
Description
This sub-function handles code flash Crc Check using RH850 Crc Hardware.
Rationale
32-bit Crc Ethernet algorithm is used considering Crc Hardware supports max 32-bit width Crc Check.
Crc Check Only tested if ECU is Power On Reset, because In the scenario of other than Power Reset, it might get into continuous reset loop.
Implementation
The Code Flash CRC Check shall use 32-Bit CRC / 32-bit Access width schema for computing CRC.
The Header per Crc Region shall exclude in Crc Calculation.
Note: The Prescence patterns per Crc Region shall exclude in Crc Calculation for GM customer.
Sub-Function: Code Flash CRC Check Init (FlsMemInit2)
This function will setup the CRC hardware and the DTS Channel initialize.
In order to setup CRC hardware, first need to reserve one of the CRC hardware out of 4 the CRC hardware by calling “ResCrcHwUnit” client call.
Considering current estimation of DTS channels 32 max shall be used, so 0 to 31 the DTS channels are reserved for CRC operation.
DTS channels shall configure dynamically using configurator tool. The DTS channel shall allow 0xFFFF max block size for data transfer. If the transfer count is more than 65535, the DTS channel configuration shall break transfer into multiple the DTS channel(s).
Execution
“FlsMemInit2” shall schedule after OS Start – Refer CM100A Start up sequence.
“DtsInin” function shall run in supervisor mode.
PEG shall need to configure before “FlsMemInit2”.
CrcHw Init shall schedule before “FlsMemInit2”.
Software
Refer below pseudo code for implementation.
//Power on Reset
{
ChkForStrtUpTest (&ExecStrtUpTest);
If (ExecStrtUpTest ) // True Perform the start up test.
{
// ResvCrcHwUnit is Client call for reserve Crc Hw
CrcHwIdxKey = 0;
Call_ResvCrcHwUnit(CRCHWRESVMOD_RESV, CRCHWRESVCFG_32BITCRC32BITWIDTH,
CrcHwIdxInReg, CrcHwIdxOutReg, 0, CrcHwIdxKey)
if (ResvCrcHwUnit Return == E_OK)
{
//Dynamic DTS channel configuration setup
Call_DTSInit (CrcHwIdxInReg, CrcHwIdxOutReg)
}
//capture the system time and store to PIM
Call_ GetRefTmr100MicroSec32bit (CodFlsCrcChkStrtTi )
} else
{
PwrOnRstCrcChkCmpl =TRUE;
}
}
DtsInin()
{
While (Number of Crc Region)
{
Calculate the number of channel(s) per Crc Region required.
// The DTS Channels (Required only), transfer request register should Clear prior to configure the rest of the register in the channel
DMASSDTFSCnnn. DRQC = 1
Configure the DTS channel as per the Refer “CM102A_FlsMem_DTSPeripheralCfg.xlsx” for transfer code flash data to Crc hardware.
Configure the DTS channel for transfer result to PIM (HwCrcCalcdRes)
Configure the next DTS channel for Crc hardware start clear for next operation
}
Configure the last DTS channel in chain for the interrupt, when Crc Complete. Interrupt flag shall be monitored in FlsMemPer2 function
Clear the DTS Interrupt flag (“RegOutINTIFPINTCLR0”).
Start DTS Operation (0th DTS Channel start transfer enables).
}
Constant value 0 shall use for clear Hardware Crc (clearing Hardware Crc output register).
Software Crc Memory table (CodFlsSwCrc ) shall generate using the configurator tool. It shall contain at least Crc Start Address, Crc region size and Software Crc Calculated result (SwCrcCalRes) for that Crc region.
Sub-Function: Code Flash CRC Check Periodic (FlsMemPer2)
This function intent to Compare Software Crc calculated Result Vs Hardware Crc calculated result, perform diagnostic, Milestone Flag update and release Crc hardware.
The HwCrcCalcdRes shall reside in DTS writable local RAM area.
The Software Crc Calculated Result shall reside in their respective Crc Region.
After completion of the CRC check, the DTS registers for the source and destination addresses are re-initialized with the reset value and transfer request flag if any pending is also cleared to ensure no unintended transfers happen. The cleanup of the registers should happen in supervisor mode as the registers are protected by the channel master settings to be modifiable only in supervisor mode. Hence we make use of a trusted function to do the cleanup.
Execution
FlsMemPer2 shall schedule at 100ms rate.
“DtsClnUp” function shall run in supervisor mode.
Software
Refer below pseudo code for implementation.
FlsMemPer2(Void)
{ // Check the Crc Check Complete Status, If complete then don’t execute logic
if (CrcChkCmpl != TRUE) then
{
// power On Reset flag is true
if (PwrOnRstCrcChkCmpl ==TRUE) then
{ SetNtcSts(NtcNr1.NTCNR_0x004, 0x00, NtcSts1.NTCSTS_PASSD, 0)
CrcChkCmpl = TRUE;
}
else
{
// Check if Crc Complete Interrupt flag set by DTS
if (RegInpINTIFPINT0 != 0) then
{ Call_ResvCrcHwUnit(CRCHWRESVMOD_RELS, 0, 0, 0, 0, CrcHwIdxKey)
for(i=0; i<Number of Crc Region; i++)
{ if (CodFlsSwCrc[i].SwCrcCalRes != HwCrcCalcdRes[i]) then
{CrcChkCompFail =| ((uint8)1U << [i]U);
}
}
if (CrcChkCompFail == TRUE) then
{ SetNtcSts(NtcNr1.NTCNR_0x004, CrcChkCompFail,
NtcSts1.NTCSTS_FAILD, 0);
}
else
{ SetNtcSts(NtcNr1.NTCNR_0x004, 0x00,
NtcSts1.NTCSTS_PASSD, 0)
CrcChkCmpl = TRUE;
}
}
else
{ // If Crc Complete interrupt flag is not set. check Crc Check Allowed
// time expired
Call_ GetTiSpan100MicroSec32bit(CodFlsCrcChkStrtTi,
CodFlsCrcElpdTi)
if (CodFlsCrcElpdTi >= CRCCHKMAXALLWDTI_CNT_U32)
{ Call_ResvCrcHwUnit(CRCHWRESVMOD_RELS, 0, 0, 0, 0,
CrcHwIdxKey)
SetNtcSts(NtcNr1.NTCNR_0x004, 0xFF,
NtcSts1.NTCSTS_FAILD, 0)
CrcChkCmpl = TRUE;
}
}
If (CrcChkCmpl)
{
// Perform the DTS Clean Up – Disable the DTS Channels
// Trusted Function call to DTS cleanup
DtsClnUp ()
}
}
}
// CodFlsCrcChkCmpl output signal is used for Milepost indicator.
CodFlsCrcChkCmpl = CrcChkCmpl;
}
DtsClnUp()
for(i=0; i<=31; i++)
{
// Source Address to 0
// Destination Address to 0
// Clear the DTSFSL transfer request enable bit
// Disable the DTS Channel; DTFSL[i].REQEN = 0
}
If (CodFlsSngBitErr == TRUE)
{
SetNtcSts (NtcNr1.NTCNR_0x002, 0x01, NtcSts1.NTCSTS_FAILD, 0);
CodFlsSngBitErr = FALSE;
}
Else
{
SetNtcSts (NtcNr1.NTCNR_0x002, 0x01, NtcSts1.NTCSTS_PASSD, 0);
}
Reference
RH850 Hardware manual.
NTC Verification Method (Special Code)
Test Case 1:
Perform the Crc Check see NTC004
Verify NTC004 should indicate pass.
Test Case 2:
Inject Crc Initial start value (Constant Value) 0xFFFF FFFF instead of 0 and calculate Crc.
Verify NTC004 should indicate fail.
Start value can be change for individual Crc Region for verify each failure (depends on Test Scope)
Test Case 3: Time Out Test
Do not configure last DTS Channel Interrupt, which would lead time out condition check.
Verify NTC004 should indicate fail.
Test Case 4: Power On Reset Condition Test.
PwrOnRstCrcChkCmpl, Flag should be set, when Power On Reset Occur.
Verify NTC004 should indicate pass.
Sub-Function: Code Flash Single Bit ECC
Return to sub-function list link: Sub-Function In This Document
NTCs
NA
SAN Linkage
The error flag shall be cleared soon after the error occurrence [SAN-P1x-0707]. Otherwise, the error event continues to be active and the error status is not updated if a second ECC 1-bit error occurs. In that case an error count overflow will occur.
In case ECC 1-bit error has occurred, a CRC test [SAN-P1x-0703] shall be executed to check whether or not the error is due single bit or multi-bit corruption that is potentially caused by address decoder failure.
Description
This sub-function does a SW Test to provide greater than 99% coverage on Code Flash Single Bit ECC Error.
Rationale
See the document attached.
Implementation
Sub-Function: Code Flash Single Bit ECC Test (CodFlsSngBitEcc)
Software
Pseudo code:
SuspendAllInterrupts();
CodFlsSngBitErr = TRUE;
// Clear the Error from ECM Status Register
ECMESSTC1_Desired = 0x0000 0010;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Check for Overflow
If (ECCFLICFOVFSTR_PE1 != 0)
{
// Save Address for debug purpose
CodFlsErrAdr = ECCFLICF1STEADR0_PE1;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_CODFLSSNGBITHARDFLT, CodFlsErrAdr);
}
// Single Bit ECC Fault
Else If (ECCFLICF1STERSTR_PE1 & 0x0000 0001 !=0)
{
CodFlsErrAdr = ECCFLICF1STEADR0_PE1;
// Read from 4 other locations to make sure it’s not an address decoder fault
DummyRead = *(CodFlsErrAdr & (0xFFFF FE1F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE2F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE4F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE8F));
// Clear the Error from CF Status Register
ECCFLICFSTCLR_PE1 = 0x0000 0001;
}
Else
{
// Do Nothing
}
// Check for Overflow
If (ECCFLICFOVFSTR_VCI != 0)
{
// Save Address for debug purpose
CodFlsErrAdr = ECCFLICF1STEADR0_VCI;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_CODFLSSNGBITHARDFLT, CodFlsErrAdr);
}
// Single Bit ECC Fault
Else If (ECCFLICF1STERSTR_VCI & 0x0000 0001 !=0)
{
CodFlsErrAdr = ECCFLICF1STEADR0_VCI;
// Read from 4 other locations to make sure it’s not an address decoder fault
DummyRead = *(CodFlsErrAdr & (0xFFFF FE1F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE2F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE4F));
DummyRead = *(CodFlsErrAdr & (0xFFFF FE8F));
// Clear the Error from CF Status Register
ECCFLICFSTCLR_VCI = 0x0000 0001;
}
Else
{
// Do Nothing
}
ResumeAllInterrupts();
Reference
RH850 Hardware manual.
NTC Verification Method (Special Code)
NA
Revision Record & Change Approval
| Rev | Date | Change Control # | Drw | Change Description |
| 1.0.0 | 21OC15 | EA4#1829 | MK | Initial release for implementation |
| 2.0.0 | 06JAN16 | EA4#2942 | KP | Crc Check Function added |
| 2.1.0 | 15JAN16 | EA4#2942 | KP | Crc Check – DTS Channel Interrupt On Second Last Channel Correction |
| 2.2.0 | 15FEB16 | EA4#3859 | KP | Crc Check for the Startup Test Client Call added in FlsMemInit2 |
| 3.0.0 | 29MAR16 | EA4#5004 | KP | DTS Transfer Request Clear prior to configure |
| 4.0.0 | 30MAR16 | EA4#4959 | KP | Remove 1 Bit ECC & DTS Clean Up Added |
| 4.0.1 | 12APR16 | EA4#5257 | KP | Remove PIM “CodFlsFailrAdr” from m file |
| 4.1.0 | 19APR16 | EA4#5421 | SK | Added trusted function call DTSCleanup() in 4.3.5.2 |
| 4.2.0 | 03MAY16 | EA4#5619 | SK | Disable the DTS Channel at the end of DTSCleanup |
| 5.0.0 | 27JUL16 | EA4#6649 | SK | Added SW Test for Single Bit ECC Correction DTSCleanup -> DtsClnUp DTSInit -> DtsInin |
| 5.1.0 | 31AUG16 | EA4#7339 | SK | Added logic for Code Flash Single Bit Hard Fault – Overflow Error |
2 - CM102A_FlsMem_DTSPeripheralCfg
| DTS Peripheral Register Configuration (base Address 0xFFFF 0000h) | ||||||||
| DMA Channel | Configurable | Offset | Name | Update | Description | Bit # | Set/Clear | Comment |
| DTSx | ||||||||
| No | 8200H + 4h × *[Ch#] | DTSnnnCM | Static | DTS Channel Master Setting | 22-20 | 1U | PEID | |
| 19-18 | *4 | SPID | ||||||
| 17 | 0 | UM - Disable | ||||||
| 15-0 | x | CMC | ||||||
| 9000h + 40h *[Ch#] | DTSAnnn | Static | DTS Source Address | 31-0 | - | - | ||
| 9004h + 40h *[Ch#] | DTDAnnn | Static | DTS Destination Address | 31-0 | - | - | ||
| 9008h + 40h *[Ch#] | DTTCnnn | Static | DTS transfer Count | 16-31 | * | Address Reload Count | ||
| 0-15 | * | Transfer Count | ||||||
| 900Ch + 40h *[Ch#] | DTTCTnnn | Static | DTS transfer control | 28-31 | 0 | Rserved | ||
| 27 | 1 | DMA transfer stop when transfer errored | ||||||
| 25-26 | 0 | Reserved | ||||||
| 18-24 | nnn+1 | Next Channel in Chain | ||||||
| 16-17 | 1U *3 | Chain Enable: Chain at last Transfer | ||||||
| 15 | 0 | Disable - Transfer count match interrupt | ||||||
| 14 | 1 *1 | Enable - Transfer Completion interrupt | ||||||
| 13 | 0 | Reserved | ||||||
| 11-12 | 0 | Disable -Reload function 2 | ||||||
| 9-10 | 0 | Disable- Reload Function 1 | ||||||
| 7-8 | 2U | Fixed -Destinable address count direction | ||||||
| 5-6 | 0 | Increment - Source Address count direction | ||||||
| 2-4 | 2U | Transfer Data Size - 32 bits | ||||||
| 0-1 | 1U | Block transfer 1 by transfer count | ||||||
| 9010h + 40h *[Ch#] | DTRSAnnn | Static | DTS Reload Source Address | 31-0 | - | - | ||
| 9014h + 40h *[Ch#] | DTRDAnnn | Static | DTS Reload Destination Address | 31-0 | - | - | ||
| 9018h + 40h *[Ch#] | DTRTCnnn | Static | DTS Reload transfer Count | 16-31 | - | Reload Address reload count | ||
| 0-15 | - | Reload transfer count | ||||||
| 901Ch + 40h *[Ch#] | DTTCCnnn | Static | DTS Transfer Count Compare | 31-16 | 0 | Reserved | ||
| 0-15 | * | Transfer Count Compare | ||||||
| 9020h + 40h *[Ch#] | DTFSLnnn | Static | DTSFSL Operation Setting | 0 | 1U | Enable - Channel Operation | ||
| 9024h + 40h *[Ch#] | DTFSTnnn | Static | DTSFSL transfer request status | 0 | - | Status - DMA transfer Request pending | ||
| 9028h + 40h *[Ch#] | DTFSSnnn | Static | DTSFSL transfer request set | 0 | 1U *2 | DMA Transfer Request Set | ||
| 902Ch + 40h *[Ch#] | DTFSCnnn | Static | DTSFSL transfer request clear | 0 | - | DMA Transfer Request Clear | ||
| Note 1: | ZZZ= Dynamic change value, X = Don’t Care, 1=Set, 0=Clear, -=Loaded Data/Configurable Data, unspecified register bits shall have safe default value | |||||||
| Note 2: | Channel Number, where from nnn = 000 to 031 | |||||||
| Note 3: | *1 Transfer Completion Interupt (Only the Second last DTS channel should be configured) ( the last Crc Region Result Transfer Channel) | |||||||
| *2 set this for 1st channel only after all channel(s) has been configured | ||||||||
| *3 Last One don't enable | ||||||||
| *4 SPID = 2 for Code Flash to Crc & SPID=0 for Crc to Local RAM | ||||||||
3 - CM102A_FlsMem_FDD_Checklist
Overview
Peer Review InstructionsTechnical Review Checklist
Template Change Log
Sheet 1: Peer Review Instructions
| Instructions for Functional Design Package Peer Review | ||
| PRE-MEETING | ||
| Function Owner | Confirm that requirements are reviewed and approved PRIOR to the FDP peer review | |
| Function Owner | Start with latest version of the template for any "first reviews" - Continue to use existing temmplate for re-reviews | |
| Function Owner | Provide the functional design package (changed documents) to the invited attendees 1-2 working days in advance of review | |
| Function Owner | Notify the assigned peer reviewer and make sure they are prepared to do their function in the meeting | |
| Function Owner | Identify necessary attendance and invite to meeting | |
| Function Owner | Complete the "Author" column information for sections 1 through 3 prior to the review | |
| Function Owner | Complete the attendance invitation list in section 5 | |
| Function Owner | For Re-reviews only: Complete the column "remarks by author" to identify actions taken to address items found in earlier reviews. | |
| DURING MEETING | ||
| Function Owner | Present document changes to the review team | |
| Peer Reviewer | Capture attendance of the review | |
| Peer Reviewer | Capture actions and issues in section 4. Identify issue summary, Document type, Reference (Requirement ID, section number, etc), Defect Type and indicate status as "OPEN" | |
| POST MEETING | ||
| Function Owner | Follow up on all "open" items. Update "Summary of Resolution" to indicate what was done or decided. | |
| Function Owner | Schedule follow up review OR review open items with peer reviewer and obtain agreement to close | |
| Peer Reviewer | Close change request in system and confirm all associated tasks are complete. Upload peer review checklist (this document) with any FDP updates |
Sheet 2: Technical Review Checklist
Sheet 3: Template Change Log
| Rev | Change | Author |
| 01.00.05 | Added lesson learned #3.5 | MDK |
| 01.00.06 | Added lesson learned #3.6, 3.7 - Structure and writing of NVM in mfiles and models. | MDK |
| 01.00.07 | Clarified 3.6 and 3.7 Added lessons learned for NTCs not being set in IRQs or periodics faster than 2ms/ | MDK |