SAF FCCU Fault handling R1, R2 and R3 Reaction

Harish_R · ‎08-03-2025

Hi team,

overview: working on eMCEM module for error handling. so as per the design of SAF (eMCEM module) when the NCF fault is triggered through eMcem_InjectFault(). alarm handlers are called.

i see two alarm handlers can be called.

1. eMcemUserAlarmHandler - can return EMCEM_ERR_RECOVERED/EMCEM_ERR_NOT_RECOVERED based on convenient. i also see emcem_clearfault API is called eventually

if i return EMCEM_ERR_RECOVERED but what if the Error is not actually cleared. and also, only emcem_clearfault just clears the status of fault. how is it expected to handle?

if EMCEM_ERR_RECOVERED is returned then in that case even the NMI is not triggered. so, what is need for NMI in that case. how NMI is utilised?

2. eMcemDefaultAlarmHandler - using this API would always return error not recovered status because it returns the same. and triggers ISR again. how can it be handled?

if i want to set DTC at what condition would i set the DTC for fault that are unrecoverable.

If someone can drop some info. it would be helpful.

BR,

Harish R

chenyin_h · ‎08-05-2025

Hello, @Harish_R

Thanks for your post.

1. The eMCEM driver provides an ability to handle the ALARM events by defining an alarm handler function. The user can define his own handling function for any FCCU fault. One handler function can be used for more faults. Faults configured as SW recoverable are automatically cleared by the eMCEM Driver in case the handler returned EMCEM_ERR_RECOVERED.

Sometimes, the fault captured by the FCCU may not impact the actual function of certain IP, after the handler cleared the fault, the system may continue run without issues. sometimes, only cleared the fault is not enough, the error exists, and the corresponding faults may be set after cleared, then it is user's responsibility to implement the code to actually fix the issue

2. The default handling function eMcemDefaultAlarmHandler is defined and it returns EMCEM_ERR_NOT_RECOVERED if the user does not want to handle the fault by himself. The fault will not be cleared in this case, so it is used for the case that the user does not want to handle the fault, as a result, the fault could be "Not recovered"

3. The users may determine which kinds of faults could be treated as unrecoverable when defining the DTC according to their own design/use case.

BR

Chenyin