FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to prevent MCU reset loop and go to Deep-Failsafe

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How to prevent MCU reset loop and go to Deep-Failsafe

Jump to solution
‎11-21-2023 06:53 PM
2,529 Views
tam11
Contributor II

Hi
I am using FS26 and FS84 for 2 different AUTOSAR projects. Both have same problem.

In theory when FLT_ERR_CNT reaches maximum value, then SBC must enter into Deep fail safe mode. But this seems unreachable when some fault occurs during runtime (e.g. watchdog fault).

Its because SW is initialized with FLT_ERR_CNT cleared and FS0B released.


Lets assume below scenario:
1. A program flow issue occurs during run time 2 min after start (e.g. an unexpected infinite loop) which causes watchdog error.
2. So in SBC watchdog timeout happens which resets MCU and SBC goes for INIT_FS mode.
3. SW initializes SBC (FLT_ERR_CNT cleared and FS0B released)
4. Step 1 repeats.

What is correct strategy to avoid such uncontrolled MCU reset loop and go to Deep failsafe when such scenario occurs?

I am looking for solution for both FS26 and FS84.

Thanks

Labels (4)
Reply
1 Solution

Jump to solution
‎11-23-2023 06:36 AM
2,432 Views
guoweisun
NXP TechSupport
NXP TechSupport

guoweisun_0-1700746251032.png

This above can be configured as 00 or 01 which do not affect the RSTB.

guoweisun_1-1700746418469.png

 

If WD error counter always =max, the fault error counter will increase into max then enter into deep FS mode.

 

View solution in original post

0 Kudos
Reply
12 Replies

Jump to solution
‎07-25-2024 03:21 PM
1,059 Views
tam11
Contributor II

This topic is incorrectly marked as SOLVED by NXP which will mislead to other readers.

Still there is no solution provided to the question raised.

0 Kudos
Reply

Jump to solution
‎11-22-2023 09:46 PM
2,487 Views
guoweisun
NXP TechSupport
NXP TechSupport

About your question:

During the run mode of SBC, if it has watchdog fault and the  FLT_ERR_CNT reaches maximum value then SBC enter into LPOFF or assert RSTB, you don't need this function, right?

0 Kudos
Reply

Jump to solution
‎11-23-2023 03:13 AM
2,466 Views
tam11
Contributor II

Thanks for reply.

During the run mode of SBC, if it has watchdog fault and the  FLT_ERR_CNT reaches maximum value then SBC enter into LPOFF or assert RSTB, you don't need this function, right?

When FLT_ERR_CNT reaches maximum value SBC enters into Deep Fail safe mode (not LPOFF).

When watchdog fault occurs, I want to do the reset. This part is OK.

But after the reset SW re-initializes SBC and clears the FLT_ERR_CNT (as recommended in datasheet).

So FLT_ERR_CNT will never reach in maximum value. This part is problem. Because we will end up in reset loop if same watchdog fault happens again and again.

tam11_0-1700734617301.png

 

0 Kudos
Reply

Jump to solution
‎11-23-2023 05:20 AM
2,459 Views
guoweisun
NXP TechSupport
NXP TechSupport

That should be protection for MCU and system, you need enter into debug mode the update the software during this condition.

 

 

 

0 Kudos
Reply

Jump to solution
‎11-23-2023 05:34 AM
2,453 Views
tam11
Contributor II

@guoweisun, Didn't understood what that means. Do you mean enter into debug mode and re-flash software ?

0 Kudos
Reply

Jump to solution
‎11-23-2023 05:40 AM
2,449 Views
guoweisun
NXP TechSupport
NXP TechSupport

If your assumption case happened, the system stuck in the reset endless which remind you to update software.

0 Kudos
Reply

Jump to solution
‎11-23-2023 05:48 AM
2,446 Views
tam11
Contributor II

Well this scenario is not for test on my desk where I re-flash the software quickly. It can be actual scenario in a car driving on the road.

We are using this SBC for safety reasons (safety critical system in car) . So it should not let system stuck in the endless reset. It must go to safe state (which is Deep-failsafe I guess).

0 Kudos
Reply

Jump to solution
‎11-23-2023 06:36 AM
2,433 Views
guoweisun
NXP TechSupport
NXP TechSupport

guoweisun_0-1700746251032.png

This above can be configured as 00 or 01 which do not affect the RSTB.

guoweisun_1-1700746418469.png

 

If WD error counter always =max, the fault error counter will increase into max then enter into deep FS mode.

 

0 Kudos
Reply

Jump to solution
‎11-23-2023 06:56 AM
2,426 Views
tam11
Contributor II

This above can be configured as 00 or 01 which do not affect the RSTB.

Generating a RESET on watchdog error few times is required and expected. It gives MCU or software some chance to recover. So I can't configure those setting.

Problem here is the FLT_ERR_CNT. By SBC design, it is required to clear this counter at SW initialization to enter SBC into Normal mode.

So if watchdog error is not gone --> FLT_ERR_CNT will never reach maximum value --> SBC will never go to Deep-failsafe --> system stuck in endless reset loop.

I hope I have explained this clearly in original question.

 

0 Kudos
Reply

Jump to solution
‎11-23-2023 07:05 AM
2,423 Views
guoweisun
NXP TechSupport
NXP TechSupport

During the INIT phase also need clear the fault error counter, but if the WD always errors at this time the fault error counter also increase to MAX value then lead it into Deep-FS mode.

 

Tags (1)
0 Kudos
Reply

Jump to solution
‎11-23-2023 07:22 AM
2,419 Views
tam11
Contributor II

Ok. We are just going round-and-round in the discussion.

I think I tried my best to explain the problem. Sorry if it wasn't clear enough.

 

0 Kudos
Reply

Jump to solution
‎11-23-2023 07:27 AM
2,416 Views
guoweisun
NXP TechSupport
NXP TechSupport

Excluding the INIT phase WD error, assumption WD no error in the INIT phase and enter into normal mode successfully, at the normal mode the WD error happens again then RSTB assert LOW then enter into INIT phase again and again,that' your condition right?

0 Kudos
Reply