Flash memory failure in product lifetime?

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Flash memory failure in product lifetime?

跳至解决方案
1,727 次查看
rubykrishna
Contributor III

Hi All,

  If flash memory corrupts (Even if single transistor fails ) in product lifetime, is there any fault detection mechanism in  freescale microcontroller. We are using MC9S12XHY  controller.

 

If there is no such error mechanism, shall we use CRC-32 algorithm to validate the flash memory on every power on reset?  it will take a hell lot of time! . Please provide ur suggestions!!

标签 (1)
1 解答
1,216 次查看
RadekS
NXP Employee
NXP Employee

Hi Ruby,

ECC is hardware feature which helps with system safety. This feature is active only during reading from Flash (P-Flash, D-Flash). So, there isn’t any regular testing of whole flash. If you want do it, you have to simply read flash and check ECC flags or implements ECC interrupt.

For P-Flash memory, the ECC implementation requires that programming be done on an aligned 8 byte basis (a Flash phrase, 64bit). This programming writes additional 7 ECC bits to Flash.

ECC bits for D-Flash are generated per word (16bit) - it adds 6 ECC bits.

So, if you want check ECC over whole P-flash, you could just read unaligned words across two phrases with 16 byte distance. For testing ECC, you could read word at address 0x7C0007.. 0x7C0008, after that 0x7C0017.. 0x7C0018, 0x7C0027.. 0x7C0028,…

Since P-Flash memory is always read by phrase, only one single bit fault in the phrase containing the byte or word accessed will be corrected. Additionally some of multi-bit errors could stay unrecognized (More than 2 bit errors cannot be detected reliable. There are cases when 3 bit errors are detected as one bit errors and corrected.).

Unfortunately ECC isn’t 100% protection - the same as in case of CRC checksum. But it is big chance that ECC will discover bit errors when they appears.

So, it always depends on level of required paranoia.

Calculating CRC over whole Flash for every start isn’t typical solution. Some customers implemented it, but it is not widely used solution. It may have sense to calculate CRC for some smaller block and this way test any potential error in address decoder.

I would like to recommend our application note AN4505 Safety Considerations S12GFamily for more details about safety systems.

http://www.freescale.com/files/microcontrollers/doc/app_note/AN4505.pdf

Useful could be also AN4772 IEC 60730 Safety Routines for the DSC 56800EX Core, despite on fact that this application note was not created for S12 devices and it is rather for consumer applications. http://www.freescale.com/files/32bit/doc/app_note/An4772.pdf

Automotive safety is driven by ISO 26262 and IEC 61508:

http://www.freescale.com/webapp/sps/site/overview.jsp?code=FNCTNLSFTY


I hope it helps you.

Have a great day,
RadekS

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

在原帖中查看解决方案

4 回复数
1,216 次查看
RadekS
NXP Employee
NXP Employee

Hi Ruby,

Yes, flash module at MC9S12XHY contains ECC. Flash module could detect single and double bit ECC errors (during flash reading, signalize by flags/interrupts) and it automatically fix single bit fault (CPU will read already fixed value).

You are right, calculating CRC over whole flash takes some time. If you will need this feature, you could use my attached example code as inspiration.

Notes: Example was created for S12G which has no GPAGE. In case of S12XHY we could use global addresses and simple loop. I used checksum.c file from CW and I used just low level CRC functions, high level functions in checksum.c file have problems with paging addresses…


I hope it helps you.

Have a great day,
RadekS

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

1,216 次查看
rubykrishna
Contributor III

Hi Radek,

Thanks for reverting back.

1. Is double bit fault enough to claim  flash corruption(if so it happened) on a product lifetime?

2. Currently we are using CRC-32 algorithm only during reprogramming/flashing a ECU. Is It a standard practise to test flash memory( using CRC algorithm) on every power on reset??

0 项奖励
回复
1,217 次查看
RadekS
NXP Employee
NXP Employee

Hi Ruby,

ECC is hardware feature which helps with system safety. This feature is active only during reading from Flash (P-Flash, D-Flash). So, there isn’t any regular testing of whole flash. If you want do it, you have to simply read flash and check ECC flags or implements ECC interrupt.

For P-Flash memory, the ECC implementation requires that programming be done on an aligned 8 byte basis (a Flash phrase, 64bit). This programming writes additional 7 ECC bits to Flash.

ECC bits for D-Flash are generated per word (16bit) - it adds 6 ECC bits.

So, if you want check ECC over whole P-flash, you could just read unaligned words across two phrases with 16 byte distance. For testing ECC, you could read word at address 0x7C0007.. 0x7C0008, after that 0x7C0017.. 0x7C0018, 0x7C0027.. 0x7C0028,…

Since P-Flash memory is always read by phrase, only one single bit fault in the phrase containing the byte or word accessed will be corrected. Additionally some of multi-bit errors could stay unrecognized (More than 2 bit errors cannot be detected reliable. There are cases when 3 bit errors are detected as one bit errors and corrected.).

Unfortunately ECC isn’t 100% protection - the same as in case of CRC checksum. But it is big chance that ECC will discover bit errors when they appears.

So, it always depends on level of required paranoia.

Calculating CRC over whole Flash for every start isn’t typical solution. Some customers implemented it, but it is not widely used solution. It may have sense to calculate CRC for some smaller block and this way test any potential error in address decoder.

I would like to recommend our application note AN4505 Safety Considerations S12GFamily for more details about safety systems.

http://www.freescale.com/files/microcontrollers/doc/app_note/AN4505.pdf

Useful could be also AN4772 IEC 60730 Safety Routines for the DSC 56800EX Core, despite on fact that this application note was not created for S12 devices and it is rather for consumer applications. http://www.freescale.com/files/32bit/doc/app_note/An4772.pdf

Automotive safety is driven by ISO 26262 and IEC 61508:

http://www.freescale.com/webapp/sps/site/overview.jsp?code=FNCTNLSFTY


I hope it helps you.

Have a great day,
RadekS

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

1,216 次查看
rubykrishna
Contributor III

Thanks for reverting back... Its very informative

0 项奖励
回复