EEPW论坛

【简介】

   S32K3 系列芯片是支持功能安全相关的特性，功能安全相关的特性在S32DS上是通过S322_SAF 模块来配置，可以通过以下的三个模块来配置。

从以下功能框图也可以看出eMCEM，提供安全服务的sevice 层封装了底层的FCCU/ERM 等配置。

在eMCEM（extended Microcontroller Error Manager） 中添加FCCU 的配置项目就以配置功能安全相关的特性.

emcem 驱动具有以下的配置能力

生成配置代码后，EMCEM 会生成如下的配置文件

const eMcem_ConfigType eMcem_Config_0 = 
{
    NULL_PTR,          /* Configuration Timeout Notification function */
    EMCEM_NO_LOCK,     /* FCCU Configuration Lock Type */
    &Fccu_Config_0,    /* FCCU Configuration */
    &Dcm_Config_0      /* DCM Configuration */
};

上述的配置主要包含DCM 和 FCCU（Fault Collection and Control Unit）的配置,以下是Fccu_Config_0 配置。

static const eMcem_Fccu_ConfigType Fccu_Config_0 = 
{
    /* Configuration Register */
    (uint32)(
        EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_CFG_EOUT_AFTER_RESET, EMCEM_DISABLED ) |
        EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_CFG_INDICATION_MODE, EMCEM_DISABLED ) |
        EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_CFG_POLARITY, EMCEM_FCCU_CFG_POLARITY_E1HE0L ) |
        EMCEM_FCCU_CFG_EOUT_BISTABLE
    ),    /* Configuration Register = 0x00000080UL */

    /* NCF Recovery Timeout Register = 65535 [48MHz IRC ticks] (1365 [us]) */
    (uint32)0x0000FFFFUL,

    /* Configuration Timeout Register = 5 (5461 [us]) */
    (uint32)0x00000005UL,

    /* EOUT DeltaT Signal Duration Register = 0 [us] */
    (uint32)0UL,

    /* Configuration State Timeout IRQ Enable Register = Enabled */
    (uint32)EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_CFG_IRQ_EN, EMCEM_ENABLED ),

    /* NCF Enable Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_ENABLED )
        )     /* NCF Enable Register 0 = 0x000000FFUL */
    },

    /* NCF Cfg Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_FCCU_RECOVERY_SW ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_FCCU_RECOVERY_SW )
        )     /* NCF Cfg Register 0 = 0x000000FFUL */
    },

    /* NCF Alarm Interrupt Enable Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_ENABLED )
        )     /* NCF Alarm Interrupt Enable Register 0 = 0x000000F0UL */
    },

    /* NCF NMI Enable Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_ENABLED )
        )     /* NCF NMI Enable Register 0 = 0x000000F0UL */
    },

    /* NCF Recovery Timeout Enable Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_DISABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_ENABLED )
        )     /* NCF Recovery Timeout Enable Register 0 = 0x000000F0UL */
    },

    /* NCF EOUT Signaling Enable Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_ENABLED ) |
            EMCEM_CONFIG_VAL_1BIT( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_ENABLED )
        )     /* NCF EOUT Signaling Enable Register 0 = 0x000000FFUL */
    },

    /* NCF Reaction Type Registers */
    {
        (uint32)( 
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_0_M7_HSE_LOCKUP, EMCEM_FCCU_REACTION_SHORTRESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_1_GASKET_ERROR_XBAR, EMCEM_FCCU_REACTION_SHORTRESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_2_RAM_ERROR, EMCEM_FCCU_REACTION_SHORTRESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_3_FLASH_ERROR, EMCEM_FCCU_REACTION_SHORTRESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_4_VOLTAGE_ERROR, EMCEM_FCCU_REACTION_NORESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_5_DBG_TEST_MONITORING, EMCEM_FCCU_REACTION_NORESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_6_INTM_ERROR, EMCEM_FCCU_REACTION_NORESETREACTION ) |
            EMCEM_CONFIG_VAL_2BITS( EMCEM_FCCU_NCF_7_SW_FAULT, EMCEM_FCCU_REACTION_NORESETREACTION )
        )     /* NCF Reaction Type Register 0 = 0x00000055UL */
    },

    /* FCCU Alarm Handler Functions */
    {
        NULL_PTR,
        NULL_PTR,
        NULL_PTR,
        NULL_PTR,
        NULL_PTR,
        NULL_PTR,
        NULL_PTR,
        NULL_PTR
    },

    /* NMI notification function */
    NULL_PTR
};

对应的FCCU 的配置结构定义如下：

/**
* @brief      FCCU configuration struct type
* @details    Configuration values of individual FCCU configuration registers.
*/
typedef struct
{
    uint32 Fault_Config;   /**< @brief Configuration Register */
    uint32 Fault_Ncf_TO;   /**< @brief Non-Critical Fault Recovery Timeout Register */
    uint32 Fault_Cfg_TO;   /**< @brief Configuration timeout Register */
    uint32 Fault_DeltaT;   /**< @brief EOUT DeltaT signal duration Register */
    uint32 Fault_Irq_EN;   /**< @brief Configuration Timeout Enable Register */

    uint32 Fault_Ncf_E[FCCU_FAULT_REGISTER_COUNT];         /**< @brief NCF Enable Registers */
    uint32 Fault_Ncf_Cfg[FCCU_FAULT_REGISTER_COUNT];       /**< @brief NCF Cfg Registers */
    uint32 Fault_Alarm_EN[FCCU_FAULT_REGISTER_COUNT];      /**< @brief NCF Alarm Interrupt Enable Registers */
    uint32 Fault_Nmi_EN[FCCU_FAULT_REGISTER_COUNT];        /**< @brief NCF NMI Enable Registers */
    uint32 Fault_Ncf_TOE[FCCU_FAULT_REGISTER_COUNT];       /**< @brief NCF Recovery Timeout Enable Registers */
    uint32 Fault_EoutSig_EN[FCCU_FAULT_REGISTER_COUNT];    /**< @brief NCF EOUT Signaling Enable Registers */
    uint32 Fault_Ncfs_Cfg[FCCU_FAULT_STATE_REGISTER_COUNT];/**< @brief NCF Reaction Type Registers */

    eMcem_FccuHandlerType Fault_AlarmHandler[FCCU_NCF_COUNT];          /**< @brief NCF Alarm Handlers */
 
    eMcem_NMINotificationType Fault_NMINotification;       /**< @brief NMI Notification Function */

} eMcem_Fccu_ConfigType;

以下RTD 代码会根据传入的传入的config 结构对FCCU进行初始化。

Std_ReturnType eMcem_Fccu_Init( const eMcem_Fccu_ConfigType *pConfigPtr )
{
    uint32 u32ReadBack;
    uint8 u8Bank;
    volatile Std_ReturnType nReturnValue = (Std_ReturnType)E_OK;

    eMcem_Fccu_pCurrentConfigPtr = pConfigPtr;

    /* Set to FALSE to eliminate unwanted TIMEOUT_ISR */
    Fccu_bCfgTimeoutExpired = (boolean)FALSE;

    /* Clear Configuration Timeout Interrupt Flag.
     * Flag shall be cleared at the beginning of eMcem_Fccu_Init to avoid false generation of CFG_TO interrupt.
     * Also CFG_TO flag set with disabled CFG_TO interrupt leads to this function returning E_NOT_OK. */
    /* @violates @ref eMcem_Fccu_c_REF_1104 */
    /* @violates @ref eMcem_Fccu_c_REF_1106 */
    SAFETYBASE_REG_WRITE32( FCCU_IRQ_STAT_ADDR32, FCCU_CFG_TO_IRQ_U32 );

#if( STD_ON == EMCEM_FCCU_DEBUG_MODE_ENABLED )
    /* Enable FCCU debug mode if configured */
    /* @violates @ref eMcem_Fccu_c_REF_1104 */
    /* @violates @ref eMcem_Fccu_c_REF_1106 */
    SAFETYBASE_REG_WRITE32( FCCU_CTRL_ADDR32, ( 1UL << EMCEM_FCCU_CTRL_DEBUG_MODE ) );
#endif

    /* Read NCF_S0 status register */
    /* @violates @ref eMcem_Fccu_c_REF_1008 */
    /* @violates @ref eMcem_Fccu_c_REF_1104 */
    /* @violates @ref eMcem_Fccu_c_REF_1106 */
    u32ReadBack = SAFETYBASE_REG_READ32( FCCU_NCF_S_ADDR32( 0U ) );
   
    /* Check if any NCF flag is set */
    if( u32ReadBack > 0UL )
    {
        /* Go through all NCF flags */
        for( u8Bank = 0U; ( (Std_ReturnType)E_OK == nReturnValue ) && ( u8Bank < EMCEM_FCCU_NCF_TOTAL_NUMBER ); u8Bank++ )
        {
            /* Check if specific NCF flag is set */
            if( ( u32ReadBack & ( 1UL << (uint32)u8Bank ) ) > 0UL )
            {
                /* Clear NCF flag */
                nReturnValue = eMcem_Fccu_ClearFault( u8Bank );

                /* Clear DCM flags related to current NCF */
                if( (Std_ReturnType)E_OK == nReturnValue )
                {
                    nReturnValue = eMcem_Dcm_ClearNCFFaults( u8Bank );
                }

#if( STD_ON == EMCEM_EXT_DIAG_ENABLED )
                /* Log extended diagnostic data */
                eMcem_StoreFailurePoint( nReturnValue, EMCEM_FP_FCCU_INIT_1, u8Bank );
#endif
            }
        }
    }

    if( (Std_ReturnType)E_OK == nReturnValue )
    {
        /* Configure FCCU. Enters CONFIG state, configures FCCU, and enters NORMAL state */
        nReturnValue = eMcem_Fccu_ConfigureFccu();
    }

    if( (Std_ReturnType)E_OK == nReturnValue )
    {
        /* Check if configuration timeout occurred */
        nReturnValue = eMcem_Fccu_CheckCfgTO();
    }
   
    if( (Std_ReturnType)E_OK == nReturnValue )
    {
        /* Release EOUT pins */
        /* @violates @ref eMcem_Fccu_c_REF_1104 */
        /* @violates @ref eMcem_Fccu_c_REF_1106 */
        DCM_GPR.DCMRWD2.B.EOUT_STAT_DUR_STEST = 0U;
    }

    return nReturnValue;
}

上述的函数会将配置结构体 赋值到全局配置变量 

然后调用 如下函数对传入的结构进行配置。

FCCU 内部对于错误的管理是按照group 进行管理的对应的如下的7个Slot ,每个slot 下会关联多个错误类型。

代码通过如下寄存器来开启FCCU NCF 中断使能。

以下是FCCU 模块的异常动作行为迁移图