Contains API prototypes and defines for the Error Manager. More...

Files
file	midware_error_manager.c
	Implements APIs for the Error Manager.
file	midware_error_manager_diag.c
	Implements APIs for the Error Manager Diagnostics.
file	midware_error_manager_diag.h
	Contains API prototypes and defines for the Error Manager Diagnostics.

Data Structures
struct	errChConfig_t
	Holds an error channel configuration for configuring the ERRCTRL. More...
struct	errChConfigs_t
	Holds configurations for all error channels. More...

Enumerations
enum	errCh_t { ERRCH_VREGFAIL = 0U , ERRCH_BUSERR , ERRCH_RAM2 , ERRCH_FLASH2 , ERRCH_OPC , ERRCH_SPLIM , ERRCH_RAM1 , ERRCH_FLASH1 , ERRCH_VREGWARN , ERRCH_CFD0 , ERRCH_CFD1 , ERRCH_CFM0 , ERRCH_CFM1 , ERRCH_SWDT , ERRCH_EEPROM , ERRCH_EVSYS0 , ERRCH_EVSYS1 , ERRCH_MAX }
	Hardware error channels found in the Error Controller. More...
enum	errChSeverity_t { ERRCH_SEVERITY_CRITICAL = 0U , ERRCH_SEVERITY_RESERVED , ERRCH_SEVERITY_NONCRITICAL , ERRCH_SEVERITY_NOTIFICATION , ERRCH_SEVERITY_MAX }
	Type definitions for error channel severity level. More...

Functions
errFlag_t	MW_GetErrorChannel (errCh_t ch)
	Reads the status of the specified error channel.
errFlag_t	MW_ClearErrorChannel (errCh_t ch)
	Clears the specified error channel and confirms that the channel is cleared.
errFlag_t	MW_CheckIoSafe (void)
	Checks if all I/O pins are floated (tri-stated).
void	MW_EnableForceFloat (void)
	Enables forced floating (tri-stating) of all I/O pins.
errFlag_t	MW_DisableForceFloat (void)
	Disables forced floating (tri-stating) of all I/O pins.
void	MW_StartHeartbeat (void)
	Starts the Heartbeat output signal.
void	MW_StopHeartbeat (void)
	Stops the Heartbeat output signal.
errFlag_t	MW_ConfigErrorChannels (const errChConfigs_t *configs, uint8_t timeout)
	Sets the error controller timeout duration and configures all error channels with the provided settings.
errFlag_t	MW_DiagErrorChannelSplim (void)
	Performs error injection diagnostic to detect faults in the SPLIM error channel.
errFlag_t	MW_DiagErrorChannelCfd0 (void)
	Performs error injection diagnostic to detect faults in the CFD0 error channel.
errFlag_t	MW_DiagErrorChannelCfd1 (void)
	Performs error injection diagnostic to detect faults in the CFD1 error channel.
errFlag_t	MW_DiagErrorChannelCfm0 (void)
	Performs error injection diagnostic to detect faults in the CFM0 error channel.
errFlag_t	MW_DiagErrorChannelCfm1 (void)
	Performs error injection diagnostic to detect faults in the CFM1 error channel.
errFlag_t	MW_DiagErrorChannelEeprom (void)
	Performs error injection diagnostic to detect faults in the EEPROM error channel.
errFlag_t	MW_DiagErrorChannelEvsys0 (void)
	Performs error injection diagnostic to detect faults in the EVSYS0 error channel.
errFlag_t	MW_DiagErrorChannelEvsys1 (void)
	Performs error injection diagnostic to detect faults in the EVSYS1 error channel.

Detailed Description

Contains API prototypes and defines for the Error Manager.

Version: 1.0.0-alpha.1

The Error Manager provides services to Tasks to ensure correct interaction with features of the ERRCTRL peripheral.

Copyright: © 2025 Microchip Technology Inc. and its subsidiaries.

Subject to your compliance with these terms, you may use Microchip software and any derivatives exclusively with Microchip products. It is your responsibility to comply with third party license terms applicable to your use of third party software (including open source software) that may accompany Microchip software.

THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE.

UML Class Diagrams

UML Activity Diagrams

UML Sequence Diagrams

Enumeration Type Documentation

◆ errCh_t

enum errCh_t

Hardware error channels found in the Error Controller.

Each member of this enum corresponds to an error channel in the ERRCTRL. For a detailed description of each Error Channel, refer to the data sheet.

Warning: It is assumed that 'ERRCH_VREGFAIL' is initialized to zero and each subsequent error channel value corresponds to their channel number. 'ERRCH_MAX' is set to the highest enumerator value to ensure correct input validation in the Error Manager.

Enumerator
ERRCH_VREGFAIL	VREGFAIL channel in the ERRCTRL
ERRCH_BUSERR	BUSERR channel in the ERRCTRL
ERRCH_RAM2	RAM2 channel in the ERRCTRL
ERRCH_FLASH2	FLASH2 channel in the ERRCTRL
ERRCH_OPC	OPC channel in the ERRCTRL
ERRCH_SPLIM	SPLIM channel in the ERRCTRL
ERRCH_RAM1	RAM1 channel in the ERRCTRL
ERRCH_FLASH1	FLASH1 channel in the ERRCTRL
ERRCH_VREGWARN	VREGWARN channel in the ERRCTRL
ERRCH_CFD0	CFD0 channel in the ERRCTRL
ERRCH_CFD1	CFD1 channel in the ERRCTRL
ERRCH_CFM0	CFM0 channel in the ERRCTRL
ERRCH_CFM1	CFM1 channel in the ERRCTRL
ERRCH_SWDT	SWDT channel in the ERRCTRL
ERRCH_EEPROM	EEPROM channel in the ERRCTRL
ERRCH_EVSYS0	EVSYS0 channel in the ERRCTRL
ERRCH_EVSYS1	EVSYS1 channel in the ERRCTRL
ERRCH_MAX	Reserved/invalid, indicates highest error channel value

Definition at line 49 of file midware_error_manager.h.

◆ errChSeverity_t

enum errChSeverity_t

Type definitions for error channel severity level.

Enumerator
ERRCH_SEVERITY_CRITICAL	Critical error
ERRCH_SEVERITY_RESERVED	Reserved, decoded as CRITICAL
ERRCH_SEVERITY_NONCRITICAL	Noncritical error (reset value)
ERRCH_SEVERITY_NOTIFICATION	Notification error
ERRCH_SEVERITY_MAX	Reserved/invalid, indicates highest severity value

Definition at line 75 of file midware_error_manager.h.

Function Documentation

◆ MW_CheckIoSafe()

errFlag_t MW_CheckIoSafe ( void )

Checks if all I/O pins are floated (tri-stated).

This function determines if all I/O pins are floated, indicating that the device is in a Safe State.

Return values

ERROR	One or more I/O pins are not floated.
NO_ERROR	All IO pins are floated

Definition at line 105 of file midware_error_manager.c.

◆ MW_ClearErrorChannel()

errFlag_t MW_ClearErrorChannel ( errCh_t ch )

Clears the specified error channel and confirms that the channel is cleared.

This function clears the error channel by clearing its error flag in the Error Status Flag register. If clearing fails, it indicates that one of the error channel sources has not been cleared and an error is returned.

Parameters

ch	Which error channel to clear.

Return values

ERROR	Failed to clear the error channel, or invalid error channel input.
NO_ERROR	Error channel was cleared successfully.

Definition at line 78 of file midware_error_manager.c.

◆ MW_ConfigErrorChannels()

errFlag_t MW_ConfigErrorChannels	(	const errChConfigs_t *	configs,
		uint8_t	timeout )

Sets the error controller timeout duration and configures all error channels with the provided settings.

This function configures the severity and floatIo setting for each error channel, and the timeout value for the Error Controller timeout mechanism. A countdown from the current timeout value is automatically started when entering the CONFIG state or ALARM state. If it times out, the Error Controller will automatically reset the device.

If the severity configuration for a channel is invalid, that channel will not be configured, and the function will return errFlag_t ERROR. All other channels with valid input will still be configured.

The system transitions to the CONFIG state for the error channel configuration. After the configuration is complete, the system is transitioned to the NORMAL state which is when the new timeout value is loaded.

Note: Global interrupts are disabled during configuration to avoid timing out while the error controller is in the CONFIG state and restored to the original setting after configuration is complete.

Warning: Assumes the existing timeout is sufficiently long to complete configuration.

Note: The timeout value is updated after all configuration is done and should be configured to account for the next entry into CONFIG state in addition to the ALARM state timeout.

Warning: Disabling the timeout mechanism (timeout = 0) is not permitted, and will return ERROR without configuring any channels.; The errChConfigs_t configs pointer must be initialized for all error channels, otherwise it will lead to undefined behavior.

Parameters

configs	The configuration for all error channels.
timeout	The next timeout value to use after configuration.

Return values

ERROR	Invalid timeout or config detected, or Error Controller is not in NORMAL state.
NO_ERROR	No invalid input detected.

Definition at line 153 of file midware_error_manager.c.

◆ MW_DiagErrorChannelCfd0()

errFlag_t MW_DiagErrorChannelCfd0 ( void )

Performs error injection diagnostic to detect faults in the CFD0 error channel.

This function injects an error on the Clock Failure Detected 0 (CFD0) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the CFD0 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the CFD0 error channel is already set.

Return values

ERROR	Fault detected in the CFD0 error channel, or error injection did not start.
NO_ERROR	No fault detected in the CFD0 error channel.

Definition at line 107 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelCfd1()

errFlag_t MW_DiagErrorChannelCfd1 ( void )

Performs error injection diagnostic to detect faults in the CFD1 error channel.

This function injects an error on the Clock Failure Detected 1 (CFD1) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the CFD1 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the CFD1 error channel is already set.

Return values

ERROR	Fault detected in the CFD1 error channel, or error injection did not start.
NO_ERROR	No fault detected in the CFD1 error channel.

Definition at line 133 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelCfm0()

errFlag_t MW_DiagErrorChannelCfm0 ( void )

Performs error injection diagnostic to detect faults in the CFM0 error channel.

This function injects an error on the Clock Frequency Measurement Error 0 (CFM0) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the CFM0 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the CFM0 error channel is already set.

Return values

ERROR	Fault detected in the CFM0 error channel, or error injection did not start.
NO_ERROR	No fault detected in the CFM0 error channel.

Definition at line 159 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelCfm1()

errFlag_t MW_DiagErrorChannelCfm1 ( void )

Performs error injection diagnostic to detect faults in the CFM1 error channel.

This function injects an error on the Clock Frequency Measurement Error 1 (CFM1) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the CFM1 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the CFM1 error channel is already set.

Return values

ERROR	Fault detected in the CFM1 error channel, or error injection did not start.
NO_ERROR	No fault detected in the CFM1 error channel.

Definition at line 185 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelEeprom()

errFlag_t MW_DiagErrorChannelEeprom ( void )

Performs error injection diagnostic to detect faults in the EEPROM error channel.

This function injects an error on the EEPROM error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the EEPROM error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the EEPROM error channel is already set.

Return values

ERROR	Fault detected in the EEPROM error channel, or error injection did not start.
NO_ERROR	No fault detected in the EEPROM error channel.

Definition at line 211 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelEvsys0()

errFlag_t MW_DiagErrorChannelEvsys0 ( void )

Performs error injection diagnostic to detect faults in the EVSYS0 error channel.

This function injects an error on the Event System Input 0 (EVSYS0) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the EVSYS0 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the EVSYS0 error channel is already set.

Return values

ERROR	Fault detected in the EVSYS0 error channel, or error injection did not start.
NO_ERROR	No fault detected in the EVSYS0 error channel.

Definition at line 237 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelEvsys1()

errFlag_t MW_DiagErrorChannelEvsys1 ( void )

Performs error injection diagnostic to detect faults in the EVSYS1 error channel.

This function injects an error on the Event System Input 1 (EVSYS1) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the EVSYS1 error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the EVSYS1 error channel is already set.

Return values

ERROR	Fault detected in the EVSYS1 error channel, or error injection did not start.
NO_ERROR	No fault detected in the EVSYS1 error channel.

Definition at line 263 of file midware_error_manager_diag.c.

◆ MW_DiagErrorChannelSplim()

errFlag_t MW_DiagErrorChannelSplim ( void )

Performs error injection diagnostic to detect faults in the SPLIM error channel.

This function injects an error on the Stack Pointer Limit (SPLIM) error channel directly to detect any faults in the error channel mechanism.

Warning: During the diagnostic, the SPLIM error channel is configured to have errChSeverity_t NOTIFICATION and disabled automatic float of all I/O pins. The original configuration is restored when the diagnostic is complete.

Note: This function disables global interrupts during its execution to ensure atomic execution and that accidental interrupts are not triggered by initiating the error injection.; Error injection will not be initiated if the Error Controller is not in NORMAL state or the SPLIM error channel is already set.

Return values

ERROR	Fault detected in the SPLIM error channel, or error injection did not start.
NO_ERROR	No fault detected in the SPLIM error channel.

Definition at line 81 of file midware_error_manager_diag.c.

◆ MW_DisableForceFloat()

errFlag_t MW_DisableForceFloat ( void )

Disables forced floating (tri-stating) of all I/O pins.

This function attempts to disable the forced floating of all I/O pins and will return an errFlag_t which reflects whether the disabling was successful or not.

Return values

ERROR	Failed to disable forced floating.
NO_ERROR	Successfully disabled forced floating.

Definition at line 125 of file midware_error_manager.c.

◆ MW_EnableForceFloat()

void MW_EnableForceFloat ( void )

Enables forced floating (tri-stating) of all I/O pins.

This function will immediately float all I/O pins, thereby transitioning the device into a Safe State.

Definition at line 120 of file midware_error_manager.c.

◆ MW_GetErrorChannel()

errFlag_t MW_GetErrorChannel ( errCh_t ch )

Reads the status of the specified error channel.

This function reads the Error Status Flag of the specified error channel and returns an error if the flag is set.

Parameters

ch	Which error channel to read.

Return values

ERROR	Error channel is set, or invalid error channel input.
NO_ERROR	Error channel is not set.

Definition at line 55 of file midware_error_manager.c.

◆ MW_StartHeartbeat()

void MW_StartHeartbeat ( void )

Starts the Heartbeat output signal.

This function enables the 1 kHz square wave heartbeat signal output on an I/O pin. When enabled, the error controller will tri-state the signal when it enters the FAULT state, and force it low when entering the CONFIG state.

Note: Use PORTMUX to select which I/O pin should output the heartbeat signal when enabled.

Definition at line 143 of file midware_error_manager.c.

◆ MW_StopHeartbeat()

void MW_StopHeartbeat ( void )

Stops the Heartbeat output signal.

This function stops the heartbeat output on the configured I/O pin. Stopping the heartbeat can be used to explicitly signal a failure to the surrounding system. See MW_StartHeartbeat.

Warning: The heartbeat signal is forced low in the CONFIG state, which should be considered when asserting the possibility of system failure.

Definition at line 148 of file midware_error_manager.c.

Files

Data Structures

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

◆ errCh_t

◆ errChSeverity_t

Function Documentation

◆ MW_CheckIoSafe()

◆ MW_ClearErrorChannel()

◆ MW_ConfigErrorChannels()

◆ MW_DiagErrorChannelCfd0()

◆ MW_DiagErrorChannelCfd1()

◆ MW_DiagErrorChannelCfm0()

◆ MW_DiagErrorChannelCfm1()

◆ MW_DiagErrorChannelEeprom()

◆ MW_DiagErrorChannelEvsys0()

◆ MW_DiagErrorChannelEvsys1()

◆ MW_DiagErrorChannelSplim()

◆ MW_DisableForceFloat()

◆ MW_EnableForceFloat()

◆ MW_GetErrorChannel()

◆ MW_StartHeartbeat()

◆ MW_StopHeartbeat()