This is the multi-page printable view of this section. Click here to print.
Component Design
1 - CM103A_RamMem
RAM Memory RH850
(RamMem)
FDD CM103A
2. Sub-Functions In This Document 4
4.1. Sub-Function: RAM NTCs Initialization 6
4.2. Sub-Function: RAM ECC -2 Bit and Address Parity Faults 7
4.3. Sub-Function: Local RAM ECC - 1 Bit 13
4.4. Sub-Function: I-Cache ECC & Setting the NTCs 24
5. Revision Record & Change Approval 38
High Level Description
This document describes the diagnostics configuration for all RAM memory in the RH850 based design. RAM initialization is also included in this document.
Local RAM:
PE1 is capable of simultaneously writing or reading up to 128 bits of data at a time to or from the local RAM. Meanwhile, ECC bits are provided for each 32 bits of data and the locations for storage of each 32-bit data segment are referred to as banks 0 to 3.
ECC error detection and correction are carried out (2-bit error detection and 1-bit error detection and correction are carried out)
A status register is provided, which indicates the status of 2-bit ECC error detection and 1- bit ECC error detection. If an error occurs while no error status is set, the corresponding status is set. The error status can be cleared using the clear register.
Instruction Cache RAM:
ECC error detection and correction can be either enabled or disabled.
When enabled, either of the following settings can be selected.
For instruction cache (data), ECC error detection and correction are carried out (2- bit error detection and 1-bit error detection and correction) or ECC error detection is carried out (2-bit error detection and 1-bit error detection).
For instruction cache (TAG), ECC error detection is carried out (2-bit error detection and 1-bit error detection and correction).
Upon occurrence of an ECC error, it is notified to the error control module.
Error notification can be either enabled or disabled upon detection of a 2-bit ECC error.
Error notification can be either enabled or disabled upon detection of a 1-bit ECC error.
A status register is provided, which indicates the statuses of 2-bit ECC error detection and 1-bit ECC error detection. If an error occurs while no error status is set, the corresponding status is set. The error status can be cleared using the clear register.
Peripheral RAM:
This is an ECC module for the RAM of the following peripheral modules:
RS-CAN, FlexRay, CSIHn (n = 0 to 3)
Seven-bit ECC data is appended to the 32-bit RAM data.
This ECC circuit provides 2-bit ECC error detection and 1-bit ECC error detection and correction.
Enabling or disabling ECC error detection and correction
ECC error detection can be either enabled or disabled.
One-bit ECC error correction can be either enabled or disabled.
If all the bits of RAM output data are stuck to 0 or 1, it is detected as a 2-bit ECC error.
Error notification
Error notification is made to the ECM upon detection of a 2-bit ECC error (notification can be either enabled or disabled).
Error notification is made to the ECM upon detection of a 1-bit ECC error (notification can be either enabled or disabled).
Once an error is notified to the ECM, another error notification is not made until the corresponding error status flag is cleared even if another ECC error is detected. Special registers are provided to clear error status.
Sub-Functions In This Document
Below is a linked list of all sub-functions owned by this document.
| Sub-Function Name | Link |
| RAM Register Configuration | 4.1 |
| RAM ECC 2-Bit and Address Parity Faults | 4.2 |
| Local RAM 1-Bit ECC and Data Parity | 4.3 |
| Peripheral RAM Single Bit ECC | Error: Reference source not found |
| I-Cache | 4.4 |
Critical Registers
| Register | Register No. (regID, selID) | Access Permission | Init/Periodic Verification | Masking | Expected Value | Protn Score From Eval Sheet |
| LRSTCLR_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LROVFSTR_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LR1STERSTR_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LR1STEADR0_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LR1STEADR1_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LR1STEADR2_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| LR1STEADR3_PE1 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 2 |
| ECCCSIH0CTL | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0018 | 1 |
| ECCCSIH1CTL | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0018 | 1 |
| ECCCSIH2CTL | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0018 | 1 |
| ECCCSIH3CTL | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0018 | 1 |
| ECCCSIH0EAD0 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 1 |
| ECCCSIH1EAD0 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 1 |
| ECCCSIH2EAD0 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 1 |
| ECCCSIH3EAD0 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 1 |
| ECCRCAN0CTL | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0018 | 1 |
| ECCRCAN0EAD0 | Memory Mapped | SV – R/W UM – R/W | Init | None | 0x0000 0000 | 1 |
Sub-functions
Sub-Function: RAM NTCs Initialization
Return to sub-function list link: Sub-Functions In This Document
NTCs
012.0: Local RAM ECC – Single Bit Correction (Soft Fault)
012.2: I-Cache ECC Error Detection (Cache Miss)
012.4: CAN RAM ECC Single Bit Correction (Soft Fault)
012.6: CSIH0-3 RAM ECC Single Bit Correction (Soft Fault)
017.1: CSIH0 RAM ECC Double Bit (Hard Fault)
018.1: CSIH1 RAM ECC Double Bit (Hard Fault)
019.1: CSIH 2 RAM ECC Double Bit (Hard Fault)
01A.1: CSIH 3 RAM ECC Double Bit (Hard Fault)
01B.2: CAN RAM ECC Double Bit Fault
01D.1: Flexray Message RAM ECC Double Bit Fault
01D.3: Flexray Buffer A RAM ECC Double Bit Fault
01D.5: Flexray Buffer B RAM ECC Double Bit Fault
SAN Linkage
N/A
Description
This RTE Initialization function sets all the NTCs to Passed State.
Rationale
N/A
Implementation
N/A
Initialization (RamMemInit1)
Psuedo Code:
SpiErrChFlg = 255;
// Set NTC 012 to Passed
SetNtcSts (0x012, 0x00, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 017 to Passed
SetNtcSts (0x017, 0x02, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 018 to Passed
SetNtcSts (0x018, 0x02, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 019 to Passed
SetNtcSts (0x019, 0x02, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 01A to Passed
SetNtcSts (0x01A, 0x02, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 01B to Passed
SetNtcSts (0x01B, 0x00, NtcSts1.NTCSTS_PASSD, 0);
// Set NTC 01D to Passed
SetNtcSts (0x01D, 0x00, NtcSts1.NTCSTS_PASSD, 0);
Reference Registers
N/A
Verification Method
N/A
Sub-Function: RAM ECC -2 Bit and Address Parity Faults
Return to sub-function list link: Sub-Functions In This Document
Refer to FDD CM101A_ExcpnHndlg for information on RAM double bit failures (local RAM and DTS RAM) and Address Parity Failures.
NTCs
N/A
SAN Linkage
None
Description
N/A
Rationale
N/A
Event Driven
N/A
Reference
N/A
Verification Method
NA
Sub-Function: Local RAM ECC - 1 Bit
Return to sub-function list link: Sub-Functions In This Document
NTCs
N/A
SAN Linkage
SAN-402 – 406
In case 1-bit corruption is flagged by the ECC logic, a SW test shall be executed to check if the error was due to:
Transient failure of one of the logical word corresponding cell
Permanent failure of one of the logical word corresponding cell
Multiple bits (> 2bits) corruption
An address failure
SAN-407
In case of a) the operation can be continued. In the unlikely event that the corruption is confirmed (permanent fault) and the related data is not duplicated in other locations, it is up to the user whether or not to move to the safe state or to tolerate the error.
SAN-408
In case c) and d) transition to the MCU and the system into the safe state shall be done. Unless, the data is duplicated in two different locations
SAN-409
Whenever an ECC error has occurred, it should be handled and the corresponding flag should be cleared by means of LRSTCLR register.
Description
This sub-function is called by the MCU handler and addresses single bit ECC / data parity issues. It is also responsible for confirming if the single bit error is “real” as based on the hardware, multiple failures could present as single bit faults when they are not. In this instance, a flag is set and the NTC is monitored in a periodic function.
Rationale
Design sets a flag within the exception for triggering of NTCs in a periodic function as NTC setting is not allowed in an exception (architecture requirement).
Design assumes that 1 bit ECC Error detection and correction has been enabled and hence we do not perform software reset on multiple single bit ECC Errors in the same word line addresses.
NxtrSwRstFromExcpn function is designed to clear the ECM bits that triggered the interrupt and hence the ECC bits corresponding to Local RAM 1-bit failure in the ECM register will not be cleared in the periodic tasks.
R7F701311 has 128KB of RAM with a Base address of 0xFEB8 0000 and the Offset starting at 0x0006 0000. Based on this data, we check if the address that we read from the Error Address register has a valid offset address. If not, we log a fault and drive software reset since we could be accessing invalid RAM addresses.
When doing RAM failure mode classification check, we loop through all 8 address locations to read them and we clear any single bit ECC faults if they occurred during the 8 reads. In this small window, there is a chance that DMA can make an access to local RAM and set a single bit ECC fault which can be misinterpreted as a single bit ECC fault from reading the 8 addresses. Also, we have setup the local RAM double bit ECC fault to be configured as a SYSERR. In the event a double bit error occurs while reading the 8 addresses a SYSERR will take us to safe state, hence there is no explicit check for the double bit ECC fault.
Implementation
Applicable Registers’ Information:
| Register | Use | Access | |
| SV | UM | ||
| LRSTCLR_PE1 | Used in the design to clear error information in the register LR1STERSTR_PE1 | R/W | R/W |
| LROVFSTR_PE1 | Used in design to indicate address location of error | R/W | R/W |
| LR1STERSTR_PE1 | Used in design to indicate RAM bank (to identify which register to read for LR1STEADRn_PE1) and identify failure type | R/W | R/W |
LR1STEADRn_PE1 n = 0,1,2,3 | Multiple registers, one for each bank. Contains the address of the memory having the issue. | R/W | R/W |
Event (RamMemLclRamSngBitEcc)
// From EIINT Handler in MCU
// Disable all the EI Interrupts
SuspendAllInterrupts ();
// Identify responsible bank – Check for Bank 0
If ((ECCCPU1ERROVF0 == 1)
{
// Check if the saved address in the valid range
LclRamFailrAdr = (ECCCPU1LR1STEADR0_PE1 << 4);
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
ElseIf (ECCCPU1SEDF0 == 1)
{
// Save Failure Address
LclRamFailrAdr = (ECCCPU1LR1STEADR0_PE1 << 4);
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// No overflow
// Clear RAM Bank 0 error info only
ECCCPU1STCLR0 = 1;
// Clears the following
// 1) LROVFSTR_PE1.ERROVF0 (overflow flag)
// 2) LR1STERSTR_PE1.SEDF0 (error status flag)
// 3) LR1STEADR0_PE1 (error address)
// Check for multibit errors or address errors disguised as single bit
RamFailrModClassnChk (LclRamFailrAdr, 0x0000 0001, 0x0000 0001);
}
// Identify responsible bank – Check for Bank 1
If ((ECCCPU1ERROVF1 == 1)
{
// Check if the saved address in the valid range
LclRamFailrAdr = (ECCCPU1LR1STEADR1_PE1 << 4) | 0x04;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
ElseIf (ECCCPU1SEDF1 == 1)
{
// Save Failure Address
LclRamFailrAdr = (ECCCPU1LR1STEADR1_PE1 << 4) | 0x04;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// No overflow
// Clear RAM Bank 1 error info only
ECCCPU1STCLR1 = 1;
// Clears the following
// 1) LROVFSTR_PE1.ERROVF1 (overflow flag)
// 2) LR1STERSTR_PE1.SEDF1 (error status flag)
// 3) LR1STEADR1_PE1 (error address)
// Check for multibit errors or address errors disguised as single bit
RamFailrModClassnChk (LclRamFailrAdr, 0x0000 0002, 0x0000 0100);
}
// Identify responsible bank – Check for Bank 2
If ((ECCCPU1ERROVF2 == 1) Then
{
// Check if the saved address in the valid range
LclRamFailrAdr = (ECCCPU1LR1STEADR2_PE1 << 4) | 0x08;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
ElseIf (ECCCPU1SEDF2 == 1)
{
// Save Failure Address
LclRamFailrAdr = (ECCCPU1LR1STEADR2_PE1 << 4) | 0x08;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// No overflow
// Clear RAM Bank 2 error info only
ECCCPU1STCLR2 = 1;
// Clears the following
// 1) LROVFSTR_PE1.ERROVF2 (overflow flag)
// 2) LR1STERSTR_PE1.SEDF2 (error status flag)
// 3) LR1STEADR2_PE1 (error address)
// Check for multibit errors or address errors disguised as single bit
RamFailrModClassnChk (LclRamFailrAdr, 0x0000 0004, 0x0001 0000);
}
// Identify responsible bank – Check for Bank 3
If ((ECCCPU1ERROVF3 == 1)
{
// Check if the saved address in the valid range
LclRamFailrAdr = (ECCCPU1LR1STEADR3_PE1 << 4) | 0x0C;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// Overflow detected
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
ElseIf (ECCCPU1SEDF3 == 1)
{
// Save Failure Address
LclRamFailrAdr = (ECCCPU1LR1STEADR3_PE1 << 4) | 0x0C;
If (LclRamFailrAdr & 0xFFFE 0000 != 0x0006 0000)
{
// Invalid Address Found
// API Call for Software Reset
NxtrSwRstFromExcpn (McuDiagc1.MCUDIAGC_LCLRAMECCSNGBITHARDFAILR, LclRamFailrAdr)
}
// Get the valid RAM address by OR-ing the Base address with the Offset
LclRamFailrAdr = LclRamFailrAdr | 0xFEB8 0000;
// No overflow
// Clear RAM Bank 3 error info only
ECCCPU1STCLR3 = 1;
// Clears the following
// 1) LROVFSTR_PE1.ERROVF3 (overflow flag)
// 2) LR1STERSTR_PE1.SEDF3 (error status flag)
// 3) LR1STEADR3_PE1 (error address)
// Check for multibit errors or address errors disguised as single bit
RamFailrModClassnChk (LclRamFailrAdr, 0x0000 0008, 0x0100 0000);
}
RamFailrModClassnChk (LclRamFailrAdr, ClrErrInfo, SngBitErrMask)
{
WordLineAdr = LclRamFailrAdr & 0xFFFF FF1F;
WordLineAdrIdx_u08 = 0;
LclRamEccSngBitSoftFailr = TRUE;
While (WordLineAdrIdx_u08 < 8)
{
// Implementation must ensure all 8 reads happen
LclRamWordLineRead = *WordLineAdr;
WordLineAdrIdx_u08++;
WordLineAdr = WordLineAdr + 0x0000 0020;
}
// Wait until read from the RAM word line is complete
__asm ("SYNCM");
// Clear Bank Specific Error Info
ECCCPU1LRSTCLR_PE1 = ClrErrInfo;
// Clears the following in Bank Specific RAM Status Register
// 1) Overflow flag
// 2) Error status flag
// 3) Error address
// Single Bit faults detected, Single Bit Soft Fault Flag is already set
}
// Re-enable all the disabled EI Interrupts
ResumeAllInterrupts ();
Reference Registers
Verification Method
N/A
Sub-Function: I-Cache ECC & Setting the NTCs
Return to sub-function list link: Sub-Functions In This Document
NTCs
012.0: Local RAM ECC – Single Bit Correction (Soft Fault)
012.2: I-Cache ECC Error Detection
012.4: CAN RAM ECC Single Bit Correction (Soft Fault)
012.6: CSIH0-3 RAM ECC Single Bit Correction (Soft Fault)
017.1: CSIH0 RAM ECC Double Bit (Hard Fault)
018.1: CSIH1 RAM ECC Double Bit (Hard Fault)
019.1: CSIH2 RAM ECC Double Bit (Hard Fault)
01A.1: CSIH3 RAM ECC Double Bit (Hard Fault)
01B.1: CAN RAM ECC Double Bit Fault
01D.1: Flexray Message RAM ECC Double Bit Fault
01D.3: Flexray Buffer A RAM ECC Double Bit Fault
01D.5: Flexray Buffer B RAM ECC Double Bit Fault
SAN Linkage
SAN528:
The ECC error detection and the notification to the ECM should not be disabled.
SAN 871:
The detection of all error types and the status interrupt for each RSCAN module should be enabled. Whether or not to execute a loop back for safety purposes depends on the implemented system level safety measures and should be decided by the user.
SAN 507 - 508:
Whenever an ECC occurs, the corresponding flags shall be cleared by means of IDSTCLR_PE1 and ITSTCLR_PE1 register. Otherwise, the error event remains active and the error status will not be updated. The ECC check of the instruction cache data read out from tag or data RAM is automatically enabled.
SAN 509:
Up on detection of a 1-bit/2-bit ECC error, the corresponding flag will be set in the error status register and the original data will be reloaded from the Code Flash (treated as cache miss). This behavior may lead to performance loss. The critical performance loss can be detected by timeout monitoring. In the case of the critical performance loss, the MCU shall be moved into the safe state.
Description
This function is called by the MCU handler and addresses ECC problems with the peripheral RAM (for the Nexteer design this includes four SPI channels and two CAN channels).
This function also includes an action when a CAN RAM ECC double bit fault error occurs.
Added content… DTS single bit, FR, Cntr
ECM status registers are periodically polled looking for an I-Cache ECC problem. In the event of an I-Cache Error, the respective NTC is set in a periodic and the Error Status Register is cleared.
This sub function reads all the Flags related to Single Bit ECC fault from Local RAM, CSIH RAM and CAN RAM (Singe Bit and Double Bit ECC faults) and takes the following actions
Setting an NTC if required in a periodic task
Clearing the respective ECM Status Register bit
Registers in use:
| Register | Use | Access | |
| SV | UM | ||
| IDSTCLR_PE1 (Instruction Cache Data RAM Error Status Clear Register) | IDSTCLR clears the error flags in the error status register (ID1STERSTR), the overflow flag in the error overflow status register (IDOVFSTR), and the error address register (ID1STEADR). | R/W | R/W |
| ITSTCLR_PE1 (Instruction Cache Tag RAM Error Status Clear Register) | ITSTCLR clears the error flags in the error status register (IT1STERSTR), the overflow flag in the error overflow status register (ITOVFSTR), and the error address register (IT1STEADR). | R/W | R/W |
Rationale
No startup tests are required as the ECC circuit of the peripheral modules is target of LBIST and the associated RAMs are target of the M-BIST as mentioned in the SAN 530.
CAN RAM single bit and double bit ECC, Flexray single bit and double bit ECC, SPI RAM single bit and double bit ECC are all polled in the periodic as a step towards reducing throughput impact (in case of a single bit memory failure).
SPI use in the design applies to several critical functions that may have redundant data sources (motor position, gate drive and power supply control).
SPI has four channels and all four channel errors are routed to a single bit in the ECM error source. To provide flexibility, each of these SPI channels are associated with a unique NTC which can be configured to be an F1 or F3 fault depending on their use case.
Since the I-Cache is configured to reload from flash with a problem (cache misses) there is no need to take action other than notifying via a trouble code and clearing the Error Flags in the Error Status Register.
This design sets NTCs in a periodic function as NTC setting is not allowed in an exception due to design constraints of the Diagnostic Manager getting interrupted in the middle of an NTC (architecture requirement).
When we read from a corrupted address in Peripheral RAM, ECEMF bit is set. The ECEMF bit self clears when uncorrupted data is read from Peripheral RAM. In order to clear the ECER2F or ECER1F bit, according to the Hardware Manual, it is necessary that the ECEMF bit is ‘0’, otherwise a write to ECER1C or ECER2C would not clear the ECER1F or ECER2F bits respectively. Therefore, an attempt to clear to error status flag is done in the periodic assuming that an uncorrupted read from the Peripheral RAM would have occurred.
Implementation
Applicable Registers
| Register | Use | Comments | Access | |
| SV | UM | |||
| ECCCSIHnCTL (SPI 3 Peripheral RAM ECC Control Register) | ECCCSIHnCTL.ECSEDF0 | When set, indicates 1 bit error found at address EAD0 | R/W | R/W |
| ECCCSIHnCTL.ECER1C | When set, will clear ECER1F bit | R/W | R/W | |
| ECCCSIHnCTL.ECER1F | When set, indicates a 1 bit error occurred | R/W | R/W | |
| ECCCSIHnCTL.ECEMF | When set, indicates the RAM output data has bit errors | R/W | R/W | |
| ECCCSIH0EAD0 | Address of ECC error – SPI 0 | R/W | R/W | |
| ECCCSIH1EAD0 | Address of ECC error – SPI 1 | R/W | R/W | |
| ECCCSIH2EAD0 | Address of ECC error – SPI 2 | R/W | R/W | |
| ECCCSIH3EAD0 | Address of ECC error – SPI 3 | R/W | R/W | |
| ECCRCAN0CTL (CAN Peripheral RAM ECC Control) | ECCRCAN0CTL.ECSEDF0 | When set, indicates 1 bit error found at address EAD0 | R/W | R/W |
| ECCRCAN0CTL.ECER1C | When set, will clear ECER1F bit | R/W | R/W | |
| ECCRCAN0CTL.ECER1F | When set, indicates a 1 bit error occurred | R/W | R/W | |
| ECCRCAN0CTL.ECEMF | When set, indicates the RAM output data has bit errors | R/W | R/W | |
| ECCRCAN0EAD0 | Address of ECC error – CAN | R/W | R/W | |
| ECCFLX0CTL | ECCFLX0CTL.ECSEDF0 | When set, indicates 1 bit error found at address EAD0 | R/W | R/W |
| ECCFLX0CTL.ECER1C | When set, will clear ECER1F bit | R/W | R/W | |
| ECCFLX0CTL.ECER1F | When set, indicates a 1 bit error occurred | R/W | R/W | |
| ECCFLX0CTL.ECEMF | When set, indicates the RAM output data has bit errors | R/W | R/W | |
| ECCFLX0EAD0 | Address of ECC error – FlexRay | |||
| ECCFLX0T1CTL | ECCFLX0T1CTL.ECSEDF0 | When set, indicates 1 bit error found at address EAD0 | R/W | R/W |
| ECCFLX0T1CTL.ECER1C | When set, will clear ECER1F bit | R/W | R/W | |
| ECCFLX0T1CTL.ECER1F | When set, indicates a 1 bit error occurred | R/W | R/W | |
| ECCFLX0T1CTL.ECEMF | When set, indicates the RAM output data has bit errors | R/W | R/W | |
| ECCFLX0T1EAD0 | Address of ECC error – FlexRay | |||
| ECCFLX0T0CTL | ECCFLX0T0CTL.ECSEDF0 | When set, indicates 1 bit error found at address EAD0 | R/W | R/W |
| ECCFLX0T0CTL.ECER1C | When set, will clear ECER1F bit | R/W | R/W | |
| ECCFLX0T0CTL.ECER1F | When set, indicates a 1 bit error occurred | R/W | R/W | |
| ECCFLX0T0CTL.ECEMF | When set, indicates the RAM output data has bit errors | R/W | R/W | |
| ECCFLX0T0EAD0 | Address of ECC error – FlexRay | |||
| ECCCSIH0CTL (ECC Control / Status Register for SPI 0) | Indicates a SPI double bit error in SPI 0 | R/W | R/W | |
| ECCCSIH1CTL (ECC Control / Status Register for SPI 1) | Indicates a SPI double bit error in SPI 1 | R/W | R/W | |
| ECCCSIH2CTL (ECC Control / Status Register for SPI 2) | Indicates a SPI double bit error in SPI 2. | R/W | R/W | |
| ECCCSIH3CTL (ECC Control / Status Register for SPI 2) | Indicates a SPI double bit error in SPI 3. | R/W | R/W | |
Periodic - 2ms (RamMemPer1)
Pseudo Code:
// SPI Single bit failures
If ((ECCCSIH0CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemSpiRamEccErrAdr = ECCCSIH0EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCCSIH0CTL = 0x0000 0200;
// Set NTC 012.6 to Failed
SetNtcSts (0x012, 0x40, NtcSts1.NTCSTS_FAILD, 0) ;
}
Else If ((ECCCSIH1CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemSpiRamEccErrAdr = ECCCSIH1EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCCSIH1CTL = 0x0000 0200;
// Set NTC 012.6 to Failed
SetNtcSts (0x012, 0x40, NtcSts1.NTCSTS_FAILD, 0) ;
}
Else If ((ECCCSIH2CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemSpiRamEccErrAdr = ECCCSIH2EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCCSIH2CTL = 0x0000 0200;
// Set NTC 012.6 to Failed
SetNtcSts (0x012, 0x40, NtcSts1.NTCSTS_FAILD, 0) ;
}
Else If ((ECCCSIH3CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemSpiRamEccErrAdr = ECCCSIH3EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCCSIH13CTL = 0x0000 0200;
// Set NTC 012.6 to Failed
SetNtcSts (0x012, 0x40, NtcSts1.NTCSTS_FAILD, 0) ;
}
Else
{
// Do Nothing
}
// SPI 0 ECC Double Bit Fault
If (ECCCSIH0CTL & 0x0002 0004 != 0)
{
SetNtcSts (0x017, 0x02, NtcSts1.NTCSTS_FAILD, 0)
// Stores address information for debug
dRamMemSpi0RamEccErrAdr = ECCCSIH0EAD0;
// Clear error flags by setting the ECMCLSSE018 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0004 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCCSIH0CTL = 0x0000 0400;
}
// SPI 1 ECC Double Bit Fault
If (ECCCSIH1CTL & 0x0002 0004 != 0)
{
SetNtcSts (0x018, 0x02, NtcSts1.NTCSTS_FAILD, 0)
// Stores address information for debug
dRamMemSpi1RamEccErrAdr = ECCCSIH1EAD0;
// Clear error flags by setting the ECMCLSSE018 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0004 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCCSIH1CTL = 0x0000 0400;
}
// SPI 2 ECC Double Bit Fault
If (ECCCSIH2CTL & 0x0002 0004 != 0)
{
SetNtcSts (0x019, 0x02, NtcSts1.NTCSTS_FAILD, 0)
// Stores address information for debug
dRamMemSpi2RamEccErrAdr = ECCCSIH2EAD0;
// Clear error flags by setting the ECMCLSSE018 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0004 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCCSIH2CTL = 0x0000 0400;
}
// SPI 3 ECC Double Bit Fault
If (ECCCSIH3CTL & 0x0002 0004 != 0)
{
SetNtcSts (0x01A, 0x02, NtcSts1.NTCSTS_FAILD, 0)
// Stores address information for debug
dRamMemSpi3RamEccErrAdr = ECCCSIH3EAD0;
// Clear error flags by setting the ECMCLSSE018 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0004 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCCSIH3CTL = 0x0000 0400;
}
// Check if a CAN RAM single bit ECC error was detected
If ((ECCRCAN0CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemCanRamSngBitEccErrAdr = ECCRCAN0EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCRCAN0CTL = 0x0000 0200;
// Set NTC 012.4 to Failed
SetNtcSts (0x012, 0x10, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a CAN RAM double bit ECC error was detected
If ((ECCRCAN0CTL & 0x0002 0004) != 0)
{
// Stores address information for debug
dRamMemCanRamDblBitEccErrAdr = ECCRCAN0EAD0;
// Clear error flags by setting the ECMCLSSE017 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0008 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCRCAN0CTL = 0x0000 0400;
// Set NTC 01B.1 to Failed
SetNtcSts (0x01B, 0x02, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a FlexRay RAM single bit ECC error was detected
If ((ECCFLX0CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemFrRamSngBitEccErrAdr = ECCFLX0EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCFLX0CTL = 0x0000 0200;
// Set NTC 012.5 to Failed
SetNtcSts (0x012, 0x20, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a FlexRay Temporary buffer (TBF B) RAM single bit ECC error was detected
Else If ((ECCFLX0T0CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemFrRamSngBitEccErrAdr = ECCFLX0T0EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCFLX0T0CTL = 0x0000 0200;
// Set NTC 012.5 to Failed
SetNtcSts (0x012, 0x20, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a FlexRay Temporary buffer (TBF A) RAM single bit ECC error was detected
Else If ((ECCFLX0T1CTL & 0x0001 0002) != 0)
{
// Stores address information for debug
dRamMemFrRamSngBitEccErrAdr = ECCFLX0T1EAD0;
// Clear error flags by setting the ECMCLSSE107 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0080;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
ECCFLX0T1CTL = 0x0000 0200;
// Set NTC 012.5 to Failed
SetNtcSts (0x012, 0x20, NtcSts1.NTCSTS_FAILD, 0);
}
Else
{
// Do Nothing
}
// Check if a FlexRay RAM double bit ECC error was detected
If ((ECCFLX0CTL & 0x0002 0004) != 0)
{
// Stores address information for debug
dRamMemFrRamDblBitEccErrAdr = ECCFLX0EAD0;
// Clear error flags by setting the ECMCLSSE020 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0010 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCFLX0CTL = 0x0000 0400;
// Set NTC 01D.1 to Failed
SetNtcSts (0x01D, 0x02, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a FlexRay Temporary buffer (TBF B) RAM double bit ECC error was detected
If ((ECCFLX0T0CTL & 0x0002 0004) != 0)
{
// Stores address information for debug
dRamMemFrRamTmpBufBDblBitEccErrAdr = ECCFLX0T0EAD0;
// Clear error flags by setting the ECMCLSSE020 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0010 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCFLX0T0CTL = 0x0000 0400;
// Set NTC 01D.5 to Failed
SetNtcSts (0x01D, 0x20, NtcSts1.NTCSTS_FAILD, 0);
}
// Check if a FlexRay Temporary buffer (TBF A) RAM double bit ECC error was detected
If ((ECCFLX0T1CTL & 0x0002 0004) != 0)
{
// Stores address information for debug
dRamMemFrRamTmpBufADblBitEccErrAdr = ECCFLX0T1EAD0;
// Clear error flags by setting the ECMCLSSE020 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0010 0000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the 2 Bit Error Detection Flag
ECCFLX0T1CTL = 0x0000 0400;
// Set NTC 01D.3 to Failed
SetNtcSts (0x01D, 0x08, NtcSts1.NTCSTS_FAILD, 0);
}
If ((DMASSDTSER2 & 0x0000 8000) != 0)
{
// Stores address information for debug
dRamMemDtsRamEccErrAdr = DMASSRAMSECAD;
// Clear error flags by setting the ECMCLSSE106 bit of the ECMESSTC1 register
ECMESSTC1_Desired = 0x0000 0040;
WrProtdRegEcm_u32 (ECMESSTC1_Desired, Address of ECMESSTC1);
// Clear the 1 Bit Error Detection Flag
DMASSDTSERC = 0x0000 8000;
// Set NTC 012.3 to Failed
SetNtcSts (0x012, 0x08, NtcSts1.NTCSTS_FAILD, 0);
}
// Check for Local RAM Single Bit Soft Failures and set NTC
If (LclRamEccSngBitSoftFailr == TRUE)
{
// Set NTC 012.0 to Failed
SetNtcSts (0x012, 0x01, NtcSts1.NTCSTS_FAILD, 0)
LclRamEccSngBitSoftFailr = FALSE;
// Increment counter and saturate at LCLRAMSNGBITCNTRMAX_CNT_U08
LclRamEccSngBitCntr++;
// Output Counter value
LclRamEccSngBitCntrOutp = LclRamEccSngBitCntr;
}
// Check ECM status registers for an I-Cache ECC indication .ECMmSSE014 bit
If (((ECMMESSTR0 & 0x0000 4000) != 0) OR ((ECMCESSTR0 & 0x0000 4000) != 0)))
{
// Clear error flags by setting the ECMCLSSE014 bit of the ECMESSTC0 register
ECMESSTC0_Desired = 0x0000 4000;
WrProtdRegEcm_u32 (ECMESSTC0_Desired, Address of ECMESSTC0);
// Clear the Error Flags in the Error Status Register
ECCIC1IDSTCLR_PE1 = 0x0000 0003;
ECCIC1ITSTCLR_PE1 = 0x0000 0001;
// Set NTC 012.2 to Failed
SetNtcSts (0x012, 0x04, NtcSts1.NTCSTS_FAILD, 0);
}
Reference Registers
Verification Method
N/A
Revision Record & Change Approval
| Rev | Date | Change Control # | Drw | Change Description |
| 01.00.00 | 10/21/2015 | EA4#1735 | SK | Initial Release |
| 01.01.00 | 11/19/2015 | EA4#2568 | SK | Corrected the polled ECM Bits for I Cache. Refer Anomaly EA4#2524 |
| 02.00.00 | 03/29/2016 | EA4#4865 | GM | Change from EI Interrupt to Periodic Polling: CAN single bit and double bit SPI single bit Added Flex Ray Single and Double Bit ECC In RAM failure mode classification check function, error flag is cleared after all 8 addresses have been read. Added counter for Local RAM single bit ECC Added SPI RAM double bit ECC from CM101A Single bit DTS Ram ECC also added to periodic |
| 02.00.01 | 3/31/2016 | EA4#5094 | GM | Add rationale to Local RAM ECC - 1 Bit |
| 02.01.00 | 4/11/2016 | EA4#5279 | SK | Combined Reference Registers sections 4.4.6 and 4.4.7 Added SetMcuDiagcIdnData() in SpiDblBitEcc Added new PIMs for FlexRay Double Bit ECC and CAN Double ECC Added coniditon to saturate LclRamEccSngBitCntr on reaching LCLRAMSNGBITCNTRMAX |
| 2.2.0 | 4/18/2016 | EA4#5405 | GM | Remove set MCU Diag data from SPI double bit ECC Remove mask from ECC Error Message Flag in CTL registers |
| 3.0.0 | 07/25/2016 | EA4#6656 | SK | SPI ECC 2 Bit changed from EI to Polling |
| 3.0.1 | 08/28/2016 | EA4#7051 | SK | Added instructions to clear ECC Status Registers of CAN, FlexRay and DTS RAM |
2 - CM103A_RamMem_FDD_Checklist
Overview
Peer Review InstructionsTechnical Review Checklist
Template Change Log
Sheet 1: Peer Review Instructions
| Instructions for Functional Design Package Peer Review | ||
| PRE-MEETING | ||
| Function Owner | Confirm that requirements are reviewed and approved PRIOR to the FDP peer review | |
| Function Owner | Start with latest version of the template for any "first reviews" - Continue to use existing temmplate for re-reviews | |
| Function Owner | Provide the functional design package (changed documents) to the invited attendees 1-2 working days in advance of review | |
| Function Owner | Notify the assigned peer reviewer and make sure they are prepared to do their function in the meeting | |
| Function Owner | Identify necessary attendance and invite to meeting | |
| Function Owner | Complete the "Author" column information for sections 1 through 3 prior to the review | |
| Function Owner | Complete the attendance invitation list in section 5 | |
| Function Owner | For Re-reviews only: Complete the column "remarks by author" to identify actions taken to address items found in earlier reviews. | |
| DURING MEETING | ||
| Function Owner | Present document changes to the review team | |
| Peer Reviewer | Capture attendance of the review | |
| Peer Reviewer | Capture actions and issues in section 4. Identify issue summary, Document type, Reference (Requirement ID, section number, etc), Defect Type and indicate status as "OPEN" | |
| POST MEETING | ||
| Function Owner | Follow up on all "open" items. Update "Summary of Resolution" to indicate what was done or decided. | |
| Function Owner | Schedule follow up review OR review open items with peer reviewer and obtain agreement to close | |
| Peer Reviewer | Close change request in system and confirm all associated tasks are complete. Upload peer review checklist (this document) with any FDP updates |
Sheet 2: Technical Review Checklist
Sheet 3: Template Change Log
| Rev | Change | Author |
| 01.00.05 | Added lesson learned #3.5 | MDK |
| 01.00.06 | Added lesson learned #3.6, 3.7 - Structure and writing of NVM in mfiles and models. | MDK |
| 01.00.07 | Clarified 3.6 and 3.7 Added lessons learned for NTCs not being set in IRQs or periodics faster than 2ms/ | MDK |