FS6500 monitoring FCCU flag IO_23_FS have error reaction

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FS6500 monitoring FCCU flag IO_23_FS have error reaction

2,617 Views
niugh0928
Contributor I

1:  I config IO_23_FS=0(Not safety)  by set  IO_23_FS in INIT_FSSM register at INIT_FS, then after first normal WD inject FCCU error by set  FCCU.NCFF.R = 0x7;

the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if not set IO_23_FS as Safety critical, then FCCU error shouldn't have effct on fail-safe outputs.

2: I config IO_23_FS=1(Safety critical)  by set  IO_23_FS in INIT_FSSM register at INIT_FS,then not Inject any FCCU error,but the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if no have FCCU error shouldn't have effect on fail-safe output

I init FCCU as follow:

SIUL2.MSCR0_255[145].R = 0x6|0x02000000;     /* FCCU EOUT_0 , ODC push-pul */
    SIUL2.MSCR0_255[129].R = 0x6|0x02000000;     /* FCCU EOUT_1 , ODC push-pul */
   
    /* clear possible faults*/
    ClearFccuFault();
    /* Unlock configuration */
    FCCU.TRANS_LOCK.R = 0xBC;
    /* provide Config state key */
    FCCU.CTRLK.R = 0x913756AF;
    /* enter config state - OP1 */
    FCCU.CTRL.R = 0x1;
    /* wait for successful state transition */
    while (FCCU.CTRL.B.OPS != 0x3);
    FCCU.CFG.B.FCCU_SET_AFTER_RESET = 1;
    FCCU.CFG.B.FCCU_SET_CLEAR = 0;
    FCCU.CFG.B.PS = 0;   //EOUT1 is high, and EOUT0 is low
    FCCU.CFG.B.FOM = 2;//   //Bi_stable
    FCCU.EOUT_SIG_EN[0].R=0xFFFFFFFF;
    FCCU.EOUT_SIG_EN[1].R=0xFFFFFFFF;
    FCCU.EOUT_SIG_EN[2].R=0xFFFFFFFF;
    /* NCF Configuration allow the transition from normal state to fault/alarm state when inject fault */
    FCCU.NCF_E[0].B.NCFE7 = 1;      /*1B channel 6  source: STCU, long reset. when STCU2_ERR_STAT[UFSF] is set*/
    /* set up the NOMAL mode of FCCU */
    FCCU.CTRLK.R = 0x825A132B;  //key for OP2 
    FCCU.CTRL.R = 0x2;   //set the OP2 - set up FCCU into the NORMAL mode
    while (FCCU.CTRL.B.OPS != 0x3); //operational status successful

dhaval

Labels (1)
0 Kudos
Reply
14 Replies

1,043 Views
scnaidu
Contributor I

@petervlna and @niugh0928  am also facing same issue, could you please provide me the solution which you found ,

i posted my query also  link :  https://community.nxp.com/t5/NXP-Designs/ECC-Change-Regression-testing/m-p/1895964

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hello,

1:  I config IO_23_FS=0(Not safety)  by set  IO_23_FS in INIT_FSSM register at INIT_FS, then after first normal WD inject FCCU error by set  FCCU.NCFF.R = 0x7;

the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if not set IO_23_FS as Safety critical, then FCCU error shouldn't have effct on fail-safe outputs.

[Peter] - If the SBC is in normal operation mode then by default it is monitoring FCCU signals. This is the reason for pull resistors on IO_23 pins.

Once the FCCU is configured to Bi-stable and enabled EOUT it will reflect the fault status on EOUT0 and 1 pins. So overriding the pull resistors.

If FCCU EOUT monitoring is not enabled and FCCU is set to react on fault, then it will perform reaction no matter the EOUT pins. For example reset. Reset is bidirectional so SBC will be reset also.

2: I config IO_23_FS=1(Safety critical)  by set  IO_23_FS in INIT_FSSM register at INIT_FS,then not Inject any FCCU error,but the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if no have FCCU error shouldn't have effect on fail-safe output

If there is no FCCU error FCCU won't signal it to SBC.

If you inject error, FCCU will behave as cofigured (reset, interrupt, etc..) For more details see FCCU chapter of MCU.

regards,

Peter

0 Kudos
Reply

2,314 Views
niugh0928
Contributor I

Hi Peter:

thanks for you help,but I still confused.

[Gunghui.Niu] can I interpret it as even set IO_23_FS=0 at FS6500 init, then at nomal WD inject FCCU fault ,SBC still can be reset?

[Gunghui.Niu] when I set IO_23_FS=1, I also set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition  from normal state to fault state at FCCU Init, it's mean no FCCU error,but you can check my reply at Data 2019.11.11 6:39, SBC still can be Reset

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

[Gunghui.Niu] can I interpret it as even set IO_23_FS=0 at FS6500 init, then at nomal WD inject FCCU fault ,SBC still can be reset?

In common use case SBC reset and MCU resets are connected. The resets are bidirectional, so when either of the device experience reset it will also trigger reset on other device.

Please refer to datasheets

pastedImage_4.png

[Gunghui.Niu] when I set IO_23_FS=1, I also set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition  from normal state to fault state at FCCU Init, it's mean no FCCU error,but you can check my reply at Data 2019.11.11 6:39, SBC still can be Reset

The reset source is not necessarily FCCU. I can be any other event. You can see the reset source in MCU in RGM (FES and DES) registers once reset is executed.

regards,

Peter

0 Kudos
Reply

2,314 Views
niugh0928
Contributor I

Hi Peter:

 thanks a lot for you support.

1: when I inject NCF Index=7 fault, but I also set FCCU_NCFS_CFG0=0 to  set No reset reaction , why still can be reset?

bellow is the FCCU register

注入故障FCCU寄存器.jpg 

2:when set IO_23_FS =1,I see the reset source FES, DES and FCCU,they show as below.it's sames just power reset, so it's strange what's make continuous reset.

imageFile.jpg

imageFile.jpg

imageFile.jpg

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

1: when I inject NCF Index=7 fault, but I also set FCCU_NCFS_CFG0=0 to  set No reset reaction , why still can be reset?

The reset is triggered by FOSU because you enabled fault and didn't too any action until FOSU watchdog expires. This is safety mechanism for case the fault servicing routine is stuck.

2:when set IO_23_FS =1,I see the reset source FES, DES and FCCU,they show as below.it's sames just power reset, so it's strange what's make continuous reset.

As you can see from FES the source is external reset -> SBC chip or debugger.

I guess it is SBC who make continuous resets.

regards,

Peter

0 Kudos
Reply

2,314 Views
niugh0928
Contributor I

Hi Peter

Many thanks  again for you support.

but for I still hvae some confuse .

1: for FOSU reset

peter response.png

FOSU.png

but I set NCTEOE=0 for FCCU moves into the FAULT state if the respective fault is enabled not to Alarm State, so why FOSU still can work?

2:why once I set IO_23_FS then will be have external reset, it's very stranger. from the register monitor there is no clue.I don't know how to solve this issue.

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

but I set NCTEOE=0 for FCCU moves into the FAULT state if the respective fault is enabled not to Alarm State, so why FOSU still can work?

FOSU cannot be disabled. It works always. It is FCCU supervisor unit. Watching its correct execution.

 

2:why once I set IO_23_FS then will be have external reset, it's very stranger. from the register monitor there is no clue.I don't know how to solve this issue.

IO_23_FS mus tbe set after micro is configured. Once micro is configured it will take care of level on EOUT lines. If there is no fault the SBC wont trigger reset.

Just make sure that once you configure FCCU you have on EOUT no error before you move your SBC from debug state to normal.

To be honest I am still not sure how do you connect uC and SBC and if you used pull resistors correctly.

regards,

Peter

2,314 Views
niugh0928
Contributor I

Hi Peter:

Happy new year

as you said befor I found that LVD self test if not passed. is that the case for SBC reset?

phase3.png

self_test failed.jpg

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

Just do the measurements on scope to see when the drop occurs.

Most probably your SBC is not able to deliver required current in required time.

LVD fail will trigger reset. As you cannot any longer trust micro execution.

You can also replace SBC by power source to see if the problem is gone.

regards,

Peter

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

Before any advice I would like to know which device you are using with FS6500.

MPC57xx? which one?

regards,

Peter

0 Kudos
Reply

2,314 Views
niugh0928
Contributor I

Hi Peter we use mpc5745r.

I attach my test result for you refer

Test case 1:

Enable IO_23_FS=1 , then set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition  from normal state to fault state

test result analysis: according to bi-stable, at   normal phase RSTB assert low, its not the right action.only at error phase RSTB should be assert low

imageFile.jpg

Test case 2:

Disable IO_23_FS =0, set register FCCU.NCF_E[0].B.NCFE7 = 1, after first WD, set FCCU.NCFF.R = 7 to inject FCCU fault

test result analysis: according to bi-stable, As we know just when IO_23_FS is enable, and refer to bi-stable at error phase RSTB should be assert low。

But the result is we didnt set  IO_23_FS=1 when have FCCU fault ,RSTB still can be assert low

imageFile.png

0 Kudos
Reply

2,314 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

I want to ask how do you configure SBC.

FCCU at MCU side must be configured first and then SBC INIT phase can be closed. Vice versa is not working.

Are you configuring MCU FCCU first?

regards,

Peter

0 Kudos
Reply

2,314 Views
niugh0928
Contributor I

Hi Peter:

    Yes,I configuer FCCU before Init Fs6500.

void Cdd_InitPmu(void)
{
 /*Init FCCU*/
 InitFccu(void);
 
    /* Hardware porting */
    InitFS65xxHwPorting();
   
    /* Initialize device */
    FS65_Init();
}

 I configure FCCU as bellow:

void InitFccu(void)
{
    SIUL2.MSCR0_255[145].R = 0x6|0x02000000;     /* FCCU EOUT_0 , ODC push-pul */
    SIUL2.MSCR0_255[129].R = 0x6|0x02000000;     /* FCCU EOUT_1 , ODC push-pul */
   
    /* clear possible faults*/
    ClearFccuFault();
    /* Unlock configuration */
    FCCU.TRANS_LOCK.R = 0xBC;
    /* provide Config state key */
    FCCU.CTRLK.R = 0x913756AF;
    /* enter config state - OP1 */
    FCCU.CTRL.R = 0x1;
    /* wait for successful state transition */
    while (FCCU.CTRL.B.OPS != 0x3);
    FCCU.CFG.B.FCCU_SET_AFTER_RESET = 1;
    FCCU.CFG.B.PS = 0;   //EOUT1 is high, and EOUT0 is low
    FCCU.CFG.B.FOM = 2;   //Bi_stable
 
 FCCU.NCF_E[0].B.NCFE7=1;
 //FCCU.NCF_E[0].R=0x00000000;
 //FCCU.NCF_E[1].R=0x00000000;
 //FCCU.NCF_E[2].R=0x00000000;
    /* set up the NOMAL mode of FCCU */
    FCCU.CTRLK.R = 0x825A132B;  //key for OP2 
    FCCU.CTRL.R = 0x2;   //set the OP2 - set up FCCU into the NORMAL mode
    while (FCCU.CTRL.B.OPS != 0x3); //operational status successful
}
0 Kudos
Reply