FS6500 monitoring FCCU flag IO_23_FS have error reaction

niugh0928 · ‎10-28-2019

1: I config IO_23_FS=0(Not safety) by set IO_23_FS in INIT_FSSM register at INIT_FS, then after first normal WD inject FCCU error by set FCCU.NCFF.R = 0x7;

the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if not set IO_23_FS as Safety critical, then FCCU error shouldn't have effct on fail-safe outputs.

2: I config IO_23_FS=1(Safety critical) by set IO_23_FS in INIT_FSSM register at INIT_FS,then not Inject any FCCU error,but the reaction is after five consecutive RSTB ,the SBC go to DFS.

but as my understanding if no have FCCU error shouldn't have effect on fail-safe output

I init FCCU as follow:

SIUL2.MSCR0_255[145].R = 0x6|0x02000000;     /* FCCU EOUT_0 , ODC push-pul */
    SIUL2.MSCR0_255[129].R = 0x6|0x02000000;     /* FCCU EOUT_1 , ODC push-pul */

    /* clear possible faults*/
    ClearFccuFault();
    /* Unlock configuration */
    FCCU.TRANS_LOCK.R = 0xBC;

    /* provide Config state key */
    FCCU.CTRLK.R = 0x913756AF;
    /* enter config state - OP1 */
    FCCU.CTRL.R = 0x1;
    /* wait for successful state transition */
    while (FCCU.CTRL.B.OPS != 0x3);

    FCCU.CFG.B.FCCU_SET_AFTER_RESET = 1;
    FCCU.CFG.B.FCCU_SET_CLEAR = 0;
    FCCU.CFG.B.PS = 0;   //EOUT1 is high, and EOUT0 is low
    FCCU.CFG.B.FOM = 2;//   //Bi_stable

    FCCU.EOUT_SIG_EN[0].R=0xFFFFFFFF;
    FCCU.EOUT_SIG_EN[1].R=0xFFFFFFFF;
    FCCU.EOUT_SIG_EN[2].R=0xFFFFFFFF;
    /* NCF Configuration allow the transition from normal state to fault/alarm state when inject fault */
    FCCU.NCF_E[0].B.NCFE7 = 1;      /*1B channel 6 source: STCU, long reset. when STCU2_ERR_STAT[UFSF] is set*/

    /* set up the NOMAL mode of FCCU */
    FCCU.CTRLK.R = 0x825A132B;  //key for OP2
    FCCU.CTRL.R = 0x2;   //set the OP2 - set up FCCU into the NORMAL mode
    while (FCCU.CTRL.B.OPS != 0x3); //operational status successful

dhaval‌

scnaidu · ‎07-02-2024

@petervlna and @niugh0928 am also facing same issue, could you please provide me the solution which you found ,

i posted my query also link : https://community.nxp.com/t5/NXP-Designs/ECC-Change-Regression-testing/m-p/1895964

petervlna · ‎11-13-2019

Hello,

1: I config IO_23_FS=0(Not safety) by set IO_23_FS in INIT_FSSM register at INIT_FS, then after first normal WD inject FCCU error by set FCCU.NCFF.R = 0x7;
the reaction is after five consecutive RSTB ,the SBC go to DFS.
but as my understanding if not set IO_23_FS as Safety critical, then FCCU error shouldn't have effct on fail-safe outputs.

[Peter] - If the SBC is in normal operation mode then by default it is monitoring FCCU signals. This is the reason for pull resistors on IO_23 pins.

Once the FCCU is configured to Bi-stable and enabled EOUT it will reflect the fault status on EOUT0 and 1 pins. So overriding the pull resistors.

If FCCU EOUT monitoring is not enabled and FCCU is set to react on fault, then it will perform reaction no matter the EOUT pins. For example reset. Reset is bidirectional so SBC will be reset also.

2: I config IO_23_FS=1(Safety critical) by set IO_23_FS in INIT_FSSM register at INIT_FS,then not Inject any FCCU error,but the reaction is after five consecutive RSTB ,the SBC go to DFS.
but as my understanding if no have FCCU error shouldn't have effect on fail-safe output

If there is no FCCU error FCCU won't signal it to SBC.

If you inject error, FCCU will behave as cofigured (reset, interrupt, etc..) For more details see FCCU chapter of MCU.

regards,

Peter

niugh0928 · ‎11-13-2019

Hi Peter:

thanks for you help,but I still confused.

[Gunghui.Niu] can I interpret it as even set IO_23_FS=0 at FS6500 init, then at nomal WD inject FCCU fault ,SBC still can be reset?

[Gunghui.Niu] when I set IO_23_FS=1, I also set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition from normal state to fault state at FCCU Init, it's mean no FCCU error,but you can check my reply at Data 2019.11.11 6:39, SBC still can be Reset

petervlna · ‎11-14-2019

Hi,

[Gunghui.Niu] can I interpret it as even set IO_23_FS=0 at FS6500 init, then at nomal WD inject FCCU fault ,SBC still can be reset?

In common use case SBC reset and MCU resets are connected. The resets are bidirectional, so when either of the device experience reset it will also trigger reset on other device.

Please refer to datasheets

[Gunghui.Niu] when I set IO_23_FS=1, I also set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition from normal state to fault state at FCCU Init, it's mean no FCCU error,but you can check my reply at Data 2019.11.11 6:39, SBC still can be Reset

The reset source is not necessarily FCCU. I can be any other event. You can see the reset source in MCU in RGM (FES and DES) registers once reset is executed.

regards,

Peter

niugh0928 · ‎11-20-2019

Hi Peter:

thanks a lot for you support.

1: when I inject NCF Index=7 fault, but I also set FCCU_NCFS_CFG0=0 to set No reset reaction , why still can be reset?

bellow is the FCCU register

2:when set IO_23_FS =1,I see the reset source FES, DES and FCCU,they show as below.it's sames just power reset, so it's strange what's make continuous reset.

petervlna · ‎11-20-2019

Hi,

1: when I inject NCF Index=7 fault, but I also set FCCU_NCFS_CFG0=0 to set No reset reaction , why still can be reset?

The reset is triggered by FOSU because you enabled fault and didn't too any action until FOSU watchdog expires. This is safety mechanism for case the fault servicing routine is stuck.

2:when set IO_23_FS =1,I see the reset source FES, DES and FCCU,they show as below.it's sames just power reset, so it's strange what's make continuous reset.

As you can see from FES the source is external reset -> SBC chip or debugger.

I guess it is SBC who make continuous resets.

regards,

Peter

niugh0928 · ‎12-04-2019

Hi Peter

Many thanks again for you support.

but for I still hvae some confuse .

1: for FOSU reset

but I set NCTEOE=0 for FCCU moves into the FAULT state if the respective fault is enabled not to Alarm State, so why FOSU still can work?

2：why once I set IO_23_FS then will be have external reset, it's very stranger. from the register monitor there is no clue.I don't know how to solve this issue.

petervlna · ‎12-05-2019

Hi,

but I set NCTEOE=0 for FCCU moves into the FAULT state if the respective fault is enabled not to Alarm State, so why FOSU still can work?

FOSU cannot be disabled. It works always. It is FCCU supervisor unit. Watching its correct execution.

2：why once I set IO_23_FS then will be have external reset, it's very stranger. from the register monitor there is no clue.I don't know how to solve this issue.

IO_23_FS mus tbe set after micro is configured. Once micro is configured it will take care of level on EOUT lines. If there is no fault the SBC wont trigger reset.

Just make sure that once you configure FCCU you have on EOUT no error before you move your SBC from debug state to normal.

To be honest I am still not sure how do you connect uC and SBC and if you used pull resistors correctly.

regards,

Peter

niugh0928 · ‎12-31-2019

Hi Peter:

Happy new year

as you said befor I found that LVD self test if not passed. is that the case for SBC reset?

petervlna · ‎01-06-2020

Hi,

Just do the measurements on scope to see when the drop occurs.

Most probably your SBC is not able to deliver required current in required time.

LVD fail will trigger reset. As you cannot any longer trust micro execution.

You can also replace SBC by power source to see if the problem is gone.

regards,

Peter

petervlna · ‎10-31-2019

Hi,

Before any advice I would like to know which device you are using with FS6500.

MPC57xx? which one?

regards,

Peter

niugh0928 · ‎11-11-2019

Hi Peter we use mpc5745r.

I attach my test result for you refer

Test case 1:

Enable IO_23_FS=1 , then set NCF_E[n].R=0(n=1,2,3)register to disable FCCU fault transition from normal state to fault state

test result analysis: according to bi-stable, at normal phase RSTB assert low, it’s not the right action.only at error phase RSTB should be assert low

Test case 2:

Disable IO_23_FS =0, set register FCCU.NCF_E[0].B.NCFE7 = 1, after first WD, set FCCU.NCFF.R = 7 to inject FCCU fault

test result analysis: according to bi-stable, As we know just when IO_23_FS is enable, and refer to bi-stable at error phase RSTB should be assert low。

But the result is we didn’t set IO_23_FS=1 when have FCCU fault ,RSTB still can be assert low

petervlna · ‎11-11-2019

Hi,

I want to ask how do you configure SBC.

FCCU at MCU side must be configured first and then SBC INIT phase can be closed. Vice versa is not working.

Are you configuring MCU FCCU first?

regards,

Peter

niugh0928 · ‎11-12-2019

Hi Peter:

Yes,I configuer FCCU before Init Fs6500.

void Cdd_InitPmu(void)
{
/*Init FCCU*/
InitFccu(void);

    /* Hardware porting */
    InitFS65xxHwPorting();

    /* Initialize device */
    FS65_Init();
}

I configure FCCU as bellow:

void InitFccu(void)
{
    SIUL2.MSCR0_255[145].R = 0x6|0x02000000;     /* FCCU EOUT_0 , ODC push-pul */
    SIUL2.MSCR0_255[129].R = 0x6|0x02000000;     /* FCCU EOUT_1 , ODC push-pul */

    /* clear possible faults*/
    ClearFccuFault();
    /* Unlock configuration */
    FCCU.TRANS_LOCK.R = 0xBC;

    /* provide Config state key */
    FCCU.CTRLK.R = 0x913756AF;
    /* enter config state - OP1 */
    FCCU.CTRL.R = 0x1;
    /* wait for successful state transition */
    while (FCCU.CTRL.B.OPS != 0x3);

    FCCU.CFG.B.FCCU_SET_AFTER_RESET = 1;
    FCCU.CFG.B.PS = 0;   //EOUT1 is high, and EOUT0 is low
    FCCU.CFG.B.FOM = 2;   //Bi_stable

FCCU.NCF_E[0].B.NCFE7=1;
//FCCU.NCF_E[0].R=0x00000000;
//FCCU.NCF_E[1].R=0x00000000;
//FCCU.NCF_E[2].R=0x00000000;

    /* set up the NOMAL mode of FCCU */
    FCCU.CTRLK.R = 0x825A132B;  //key for OP2
    FCCU.CTRL.R = 0x2;   //set the OP2 - set up FCCU into the NORMAL mode
    while (FCCU.CTRL.B.OPS != 0x3); //operational status successful
}

FS6500 monitoring FCCU flag IO_23_FS have error reaction

FS6500 monitoring FCCU flag IO_23_FS have error reaction

Evaluation Board