DUAL CORE
DUAL CORE
Bus Matrix (Parity Protected)
DUAL-CORE LOCKSTEP CPU
The Dual-Core Lockstep (DCLS) CPU is used to achieve high diagnostic coverage and meet strict fault detection timing. Two identical CPUs execute the same program in parallel with their internal state being continuously compared by dual comparators in lockstep. Any mismatch between the CPUs is reported as an error and will reset the device.
Stack Monitor
STACK MONITOR
The stack monitor detects if the program flow has run away and performed operations that violate the configured stack limit. Any stack overflow or underflow errors are reported to the Error Controller.
Cyclic Redundancy Check (CRC) Memory Scan
CRC SCAN
The Cyclic Redundancy Check (CRC) scan module takes a data stream of bytes from the Flash in the boot, application code or application data sections and generates a checksum. The CRC peripheral (CRCSCAN) can be used to detect errors in the program memory. It also supports a manual mode which can perform the CRC scan on an application-supplied data stream.
Error Correction Codes (ECC)
ECC PROTECTION
All memories on the device are protected by a single-bit error correction and double-bit error detection (SEC-DED) ECC mechanism, with redundant ECC checkers for latent fault detection. Any ECC error will signal the Error Controller, which will take appropriate action according to the configured severity.
EEPROM
SRAM
FLASH
Synchronous Timer
Watchdog Timers
WATCHDOG TIMERS
Two watchdog timers are present on the device: one asynchronous watchdog (WDT) and one synchronous watchdog (SWDT). The asynchronous watchdog is clocked by an independent clock source and will directly reset the device when an error is detected. The synchronous watchdog is clocked by the main clock and counts either clock cycles or CPU instructions. Any SWDT error will signal the Error Controller.
Asynchronous Timer
Clock Monitors
CLOCK MONITORS
Redundant clock failure detection and clock frequency monitors ensure that the error controller is notified if the selected clock source fails or if it is outside its specified operating range. These clock protection mechanisms are driven by a clock that is independent of the one being monitored.
Voltage Regulator Monitor
VOLTAGE REGULATOR MONITOR
A voltage regulator monitor is present on the device to detect overvoltage and undervoltage on the regulated domain. The supply voltage is monitored in active and sleep modes. Any detected errors are reported to the Error Controller.
Dedicated Error Controller
ERROR CONTROLLER
The Error Controller (ERRCTRL) collects internal hardware error reports from the various modules in the MCU and presents them to the application. Whenever a hardware safety mechanism detects an error, it signals the ERRCTRL on the associated error channel. The error is handled based on the severity level assigned by the application.
Bus Matrix (Parity Protected)
Hardware Error Injection Capabilities
