Contains API prototypes for the Memory Manager. More...

Files
file	midware_memory_manager.c
	Implements APIs for the Memory Manager.
file	midware_memory_manager_diag.c
	Implements APIs for the Memory Manager Diagnostic.
file	midware_memory_manager_diag.h
	Contains API prototypes for the Memory Manager Diagnostics.
file	midware_memory_manager_diag_asm.h
	Contains assembly APIs for the Memory Manager Diagnostics.

Macros
#define	DIAG_FLASH_ADDRESS MAPPED_PROGMEM_START
	Defines an address in Flash used in diagnostics to trigger Flash read.
#define	DIAG_EEPROM_ADDRESS EEPROM_START
	Reserves an address in EEPROM used in diagnostics to trigger EEPROM read and write.

Enumerations
enum	persistentFlag_t { PFLAG_ERRINJ_ONGOING , PFLAG_CPU_INJ_FAULT , PFLAG_WDT_INJ_FAULT , PFLAG_SWDT_INJ_FAULT , PFLAG_IO_FLOAT_FAULT , PFLAG_MAX }
	Enum for persistent flags used to store data between non-POR/BOR device resets. More...
enum	persistentVal_t { PVAL_ERRID_REASON , PVAL_RESET_REASON , PVAL_ERRINJ_REASON , PVAL_MAX }
	Enum for persistent values used to store data between non-POR/BOR device resets. More...
enum	eccAllOnes_t { ECC_ALL_ONES_NONE = 0U , ECC_ALL_ONES_ALL , ECC_ALL_ONES_DATA1 , ECC_ALL_ONES_DATA2 , ECC_ALL_ONES_MAX }
	Type defines for available "ECC all ones" (ECCALL1) options. More...

Functions
errFlag_t	MW_GetClearBusError (void)
	Reads and clears the flag indicating an error in the Bus Matrix.
errFlag_t	MW_GetClearCpuDataParityError (void)
	Reads and clears the flag indicating a data bus parity error in the CPU.
errFlag_t	MW_GetClearCpuInstrParityError (void)
	Reads and clears the flag indicating a instruction bus parity error in the CPU.
errFlag_t	MW_GetClearCpuOpcodeError (void)
	Reads and clears the flag indicating an illegal opcode error in the CPU.
errFlag_t	MW_GetClearRamStackError (void)
	Reads and clears the flag indicating a stack pointer limit error in SRAM.
errFlag_t	MW_GetClearRamEccCompError (void)
	Reads and clears the flag indicating a ECC comparator error in the RAM controller.
errFlag_t	MW_GetClearRamEcc1Error (void)
	Reads and clears the flag indicating an ECC single-bit error in SRAM.
errFlag_t	MW_GetClearRamEcc2Error (void)
	Reads and clears the flag indicating an ECC multi-bit error in SRAM.
errFlag_t	MW_GetClearRamParityError (void)
	Reads and clears the flag indicating a bus parity error detected in the RAM controller.
errFlag_t	MW_GetClearNvmEccCompError (void)
	Reads and clears the flag indicating a ECC comparator error in the NVM controller.
errFlag_t	MW_GetClearNvmFlashEcc1Error (void)
	Reads and clears the flag indicating a ECC single-bit error in Flash.
errFlag_t	MW_GetClearNvmFlashEcc2Error (void)
	Reads and clears the flag indicating a ECC multi-bit error in Flash.
errFlag_t	MW_GetClearNvmParityError (void)
	Reads and clears the flag indicating a bus parity error detected in the NVM controller.
errFlag_t	MW_GetClearNvmEepromEcc1Error (void)
	Reads and clears the flag indicating an ECC single-bit error in EEPROM.
errFlag_t	MW_GetClearNvmEepromEcc2Error (void)
	Reads and clears the flag indicating an ECC multi-bit error in EEPROM.
errFlag_t	MW_SetNvmEccAllOnes (eccAllOnes_t config)
	Sets ECC all Ones (ECCALL1) scheme.
errFlag_t	MW_SetRamStackLimit (uint16_t splimAddr, bool lockEnable)
	Sets the Stack Pointer Limit value and optionally locks the value to prevent modification.
void	MW_StorePersistentFlag (persistentFlag_t flagType, bool flag)
	Stores two redundant boolean flags in General Purpose Registers (GPR) for perserving data between resets.
void	MW_StorePersistentVal (persistentVal_t valueType, uint8_t value)
	Stores a value in General Purpose Registers (GPR) for perserving data between resets.
bool	MW_GetPersistentFlag (persistentFlag_t flagType)
	Reads two redundant bits for each boolean flags in General Purpose Registers (GPR) that is stored for preserving data between resets.
uint8_t	MW_GetPersistentVal (persistentVal_t valueType)
	Reads a value in General Purpose Registers (GPR) that is stored for preserving data between resets.
bool	MW_IsPersistentFlagsCorrupt (void)
	Compares two redundant bits for each boolean flags in General Purpose Registers (GPR) and checks if any of the flags are corrupted.
bool	MW_IsPersistentValsCorrupt (void)
	Checks if any of the stored persistent values are corrupted.
void	MW_ClearPersistentFlags (void)
	Clears all stored persistent flags in GPR.
void	MW_ClearPersistentVals (void)
	Clears all stored persistent values in GPR.
errFlag_t	MW_DiagRamParity (void)
	This function performs error injection diagnostic to detect faults in the RAM parity checker triggered by RAM access.
errFlag_t	MW_DiagNvmParity (void)
	This function performs error injection diagnostic to detect faults in the CPU and NVM bus parity checkers triggered by NVM access.
errFlag_t	MW_DiagRamEcc (void)
	This function performs error injection diagnostic to detect faults in the redundant RAMCTRL ECC checkers.
errFlag_t	MW_DiagNvmFlashEcc (void)
	This function performs error injection diagnostic to detect faults in the NVMCTRL ECC checkers with Flash read trigger.
errFlag_t	MW_DiagNvmEepromEcc (void)
	This function performs error injection diagnostic to detect faults in the NVMCTRL ECC checkers with EEPROM read trigger.
void	ASM_InjectCpuDataParityRam (void)
	This function makes the CPU inject a parity error in the data of the following RAM write, which is detected by the RAM Data Parity Checker.
void	ASM_InjectCpuAddressParityRam (void)
	This function makes the CPU inject a parity error in the address of the following RAM read, which is detected by the RAM address Parity Checker.
void	ASM_InjectCpuControlParityRam (void)
	This function makes the CPU inject a parity error in the control of the following RAM read, which is detected by the RAM control Parity Checker.
void	ASM_InjectNvmDataParity (uint8_t *flashDiagAddr)
	This function makes the NVMCTRL inject a parity error in the data of the following NVM (Flash) read, which is detected by the CPU data Parity Checker.
void	ASM_InjectNvmInstructionParity (void)
	This function makes the NVMCTRL inject a parity error in the instruction of the following NVM fetch, which is detected by the CPU instruction Parity Checker.
void	ASM_InjectCpuDataParityNvm (uint8_t *eepromDiagAddr)
	This function makes the CPU inject a parity error in the data of the following NVM (EEPROM) write, which is detected by the NVM control Parity Checker.
void	ASM_InjectCpuAddressParityNvm (uint8_t *flashDiagAddr)
	This function makes the CPU inject a parity error in the address of the following NVM (Flash) read, which is detected by the NVM address Parity Checker.
void	ASM_InjectCpuControlParityNvm (uint8_t *flashDiagAddr)
	This function makes the CPU inject a parity error in the control of the following NVM (Flash) read, which is detected by the NVM control Parity Checker.
void	ASM_InjectRamEccComp (void)
	This function makes the RAM controller inject a comparator error in the following RAM read, which is detected by the RAM ECC Checker.
void	ASM_InjectRamEcc1 (volatile uint8_t *ramDiagAddr)
	This function makes the RAM controller inject a 1-bit ECC error in the following RAM read, which is detected by the RAM ECC Checker.
void	ASM_InjectRamEcc2 (volatile uint8_t *ramDiagAddr)
	This function makes the RAM controller inject a 2-bit ECC error in the following RAM read, which is detected by the RAM ECC Checker.

Detailed Description

Contains API prototypes for the Memory Manager.

Version: 1.0.0-alpha.1

The Memory Manager provides services to Tasks to ensure correct interaction with features of the RAMCTRL, NVMCTRL, CPU and GPR peripherals.

Copyright: © 2025 Microchip Technology Inc. and its subsidiaries.

Subject to your compliance with these terms, you may use Microchip software and any derivatives exclusively with Microchip products. It is your responsibility to comply with third party license terms applicable to your use of third party software (including open source software) that may accompany Microchip software.

THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE.

UML Class Diagrams

UML Activity Diagrams

Enumeration Type Documentation

◆ eccAllOnes_t

enum eccAllOnes_t

Type defines for available "ECC all ones" (ECCALL1) options.

When this feature is enabled, it disregards the ECC check on Non-volatile Memory words read as all 1's from the specified memory sections.

Note: These available configurations are only applicable for Non-volatile Memory and does not affect RAM.

Enumerator
ECC_ALL_ONES_NONE	Feature disabled for all Non-volatile Memory
ECC_ALL_ONES_ALL	Feature enabled for all Non-volatile Memory
ECC_ALL_ONES_DATA1	Feature enabled for APPDATA and USERROW
ECC_ALL_ONES_DATA2	Feature enabled for EEPROM, APPDATA, USERROW and BOOTROW
ECC_ALL_ONES_MAX	Reserved value, indicates highest enum value

Definition at line 94 of file midware_memory_manager.h.

◆ persistentFlag_t

enum persistentFlag_t

Enum for persistent flags used to store data between non-POR/BOR device resets.

Several diagnostics triggers a reset of the device to verify the functionality of a safety mechanism. These flags are used to store data between resets and indicate if diagnostics are ongoing or if a fault has occurred. The flags are written to General Purpose Registers (GPR) and are stored redundantly, meaning each flag consists of two bits stored in two different locations.

Note: All flags will default to false after a Power On Reset (POR) or Brownout Reset (BOR).

Enumerator
PFLAG_ERRINJ_ONGOING	Stores if an error injection leading to reset is ongoing
PFLAG_CPU_INJ_FAULT	Stores if a CPU Lockstep error injection fault detected
PFLAG_WDT_INJ_FAULT	Stores if a WDT Expire error injection fault detected
PFLAG_SWDT_INJ_FAULT	Stores if a SWDT Expire error injection fault detected
PFLAG_IO_FLOAT_FAULT	Stores if the device was not in a Safe State after reset
PFLAG_MAX	Reserved/invalid, indicates highest enum value

Definition at line 49 of file midware_memory_manager.h.

◆ persistentVal_t

enum persistentVal_t

Enum for persistent values used to store data between non-POR/BOR device resets.

Whenever the device is reset, it may be necessary to determine the cause of the reset initiated by software. These values are used to store data between resets and indicate the reason for the reset and any associated Error ID or Error Injection reason. The persistent value types are used to write data to and read data from specific locations in the General Purpose registers (GPR). A checksum is always calculated when storing a value and can be verified when reading from these locations.

Note: All persistent values will default to zero after a Power On Reset (POR) or Brownout Reset (BOR).

Warning: Each persistent value type has a fixed size, and its max value is determined by the highest value of the type of reason to be stored.

Enumerator
PVAL_ERRID_REASON	Stores an 8-bit value corresponding to an Error ID
PVAL_RESET_REASON	Stores a 6-bit value corresponding to a Reset Reason
PVAL_ERRINJ_REASON	Stores a 2-bit value corresponding to an Error Injection Reset Reason
PVAL_MAX	Reserved/invalid, indicates highest enum value

Definition at line 75 of file midware_memory_manager.h.

Function Documentation

◆ ASM_InjectCpuAddressParityNvm()

void ASM_InjectCpuAddressParityNvm ( uint8_t * flashDiagAddr )

This function makes the CPU inject a parity error in the address of the following NVM (Flash) read, which is detected by the NVM address Parity Checker.

Warning: If the Flash address points to uninitialized data, an ECC error may occur.

Parameters

flashDiagAddr An address to data in Flash, used to trigger the Flash read instruction.

◆ ASM_InjectCpuControlParityNvm()

void ASM_InjectCpuControlParityNvm ( uint8_t * flashDiagAddr )

This function makes the CPU inject a parity error in the control of the following NVM (Flash) read, which is detected by the NVM control Parity Checker.

Warning: If the Flash address points to uninitialized data, an ECC error may occur.

Parameters

flashDiagAddr An address to data in Flash, used to trigger the Flash read instruction.

◆ ASM_InjectCpuDataParityNvm()

void ASM_InjectCpuDataParityNvm ( uint8_t * eepromDiagAddr )

This function makes the CPU inject a parity error in the data of the following NVM (EEPROM) write, which is detected by the NVM control Parity Checker.

Note: This injection tests the NVM control Parity Checker and could be tested using both EEPROM or Flash as the injection point. Following the assumption not to use self programming of Flash this is here done using EEPROM.

Warning

This error injection does not restore the stored EEPROM value after injecting an error preventing the application to use this address. The parity safety mechanism should prevent any corrupted data to be written to EEPROM. If the safety mechanism fails the corrupted data will be written to the address giving two unwanted scenarios:

The device could reset during the diagnostic leading to loss of customer data.
Doing two EEPROM writes means waiting for the EEPROM to be ready before restoring.

Parameters

eepromDiagAddr An address to data in EEPROM, used to trigger the EEPROM write instruction.

◆ ASM_InjectNvmDataParity()

void ASM_InjectNvmDataParity ( uint8_t * flashDiagAddr )

This function makes the NVMCTRL inject a parity error in the data of the following NVM (Flash) read, which is detected by the CPU data Parity Checker.

Note: This injection tests the CPU data Parity Checker and could also be tested using RAM as an injection point. Since the instruction bus parity must be tested using NVM trigger the same is done for this injection.

Warning: If the Flash address points to uninitialized data, an ECC error may occur.

Parameters

flashDiagAddr An address to data in Flash, used to trigger the Flash read instruction.

◆ ASM_InjectRamEcc1()

void ASM_InjectRamEcc1 ( volatile uint8_t * ramDiagAddr )

This function makes the RAM controller inject a 1-bit ECC error in the following RAM read, which is detected by the RAM ECC Checker.

Parameters

ramDiagAddr An address to data in RAM, used to trigger the RAM read instruction.

◆ ASM_InjectRamEcc2()

void ASM_InjectRamEcc2 ( volatile uint8_t * ramDiagAddr )

This function makes the RAM controller inject a 2-bit ECC error in the following RAM read, which is detected by the RAM ECC Checker.

Parameters

ramDiagAddr An address to data in RAM, used to trigger the RAM read instruction.

◆ MW_ClearPersistentFlags()

void MW_ClearPersistentFlags ( void )

Clears all stored persistent flags in GPR.

Note: After completing the intentional reset sequence, it is recommended to clear all flags to ensure a clean start on the next device reset.

Definition at line 589 of file midware_memory_manager.c.

◆ MW_ClearPersistentVals()

void MW_ClearPersistentVals ( void )

Clears all stored persistent values in GPR.

Note: This function also clears the checksum of these values.; After completing the intentional reset sequence, it is advisable to clear all values to ensure a clean start on the next device reset.

Definition at line 599 of file midware_memory_manager.c.

◆ MW_DiagNvmEepromEcc()

errFlag_t MW_DiagNvmEepromEcc ( void )

This function performs error injection diagnostic to detect faults in the NVMCTRL ECC checkers with EEPROM read trigger.

The diagnostic starts by disabling global and non-maskable interrupts. This is done to prevent the interrupt routines from triggering and reporting actual errors. The error channels that will trigger due to the diagnostic are configured by disabling float and setting the severity to NOTIFICATION.

The diagnostic runs injection tests on the NVM ECC checkers using EEPROM as the trigger. The injection tests are done by setting the injection bit for the specific checker in the correct control register before performing an instruction that triggers that checker.

This diagnostic does the following error injection tests:

1-bit error injection on EEPROM, triggered by EEPROM read.
2-bit error injection on EEPROM, triggered by EEPROM read.

Note: The 2-bit error injection will trigger the Bus error channel.; This diagnostic does not test the ECC comparator as that is covered in full by MW_DiagNvmFlashEcc.

The interrupt flags and error channels are cleared after the injection tests have been completed. This is done regardless of whether the tests succeeded or failed.

After clearing the interrupts and error channels the diagnostic restores the global interrupt state, reenables the NMI and restores the error channels used to their original configuration.

Warning: This diagnostic temporarily disables the safety mechanism (EEPROM and BUSERR error channels) when called in Mission Mode, potentially masking true faults during execution. It also disables global interrupt during execution, which may delay the servicing of other error-handling interrupts. The original configuration is restored when the diagnostic is complete.

Note: Error injection will not be initiated if the Error Controller is not in NORMAL state or the SPLIM error channel is already set. If either of these conditions occur, the diagnostic function will return an error indicating that the error injection process could not be started.

Warning: This diagnostic uses DIAG_EEPROM_ADDRESS to read from EEPROM. This address is by default set to the first EEPROM address in data space. It assumes that this address is used and has valid data. If the data word pointed to by this address does not contain valid data the ECC checker will always report a 2-bit ECC error when reading it, making the diagnostic fail.; This diagnostic is redundant as the NVM controller shares the ECC checkers between Flash and EEPROM. Therefore, the MW_DiagNvmFlashEcc diagnostic is sufficient to achieve full coverage of the NVM ECC checker. This diagnostic is included to enable testing the full error chain by injecting an error in the EEPROM and verifying that it triggers the correct error channel. Additionally, error channel diagnostics are available to ensure that the EEPROM error channel functions as expected without the need to inject any errors into the EEPROM itself.

Return values

ERROR	Fault detected in the NVMCTRL ECC1 or ECC2 error detection mechanisms or diagnostic failed to start due to illegal conditions.
NO_ERROR	No fault detected in the redundant NVMCTRL ECC checkers.

Definition at line 267 of file midware_memory_manager_diag.c.

◆ MW_DiagNvmFlashEcc()

errFlag_t MW_DiagNvmFlashEcc ( void )

This function performs error injection diagnostic to detect faults in the NVMCTRL ECC checkers with Flash read trigger.

The diagnostic starts by disabling global and non-maskable interrupts. This is done to prevent the interrupt routines from triggering and reporting actual errors. The error channels that will trigger due to the diagnostic are configured by disabling float and setting the severity to NOTIFICATION.

The diagnostic runs injection tests on the NVM ECC checkers using Flash as the trigger. The injection tests are done by setting the injection bit for the specific checker in the correct control register before performing an instruction that triggers that checker.

This diagnostic does the following error injection tests:

Error injection on NVM ECC comparator, triggered by Flash read.
1-bit error injection on Flash, triggered by Flash read.
2-bit error injection on Flash, triggered by Flash read.

Note: The 2-bit error injection will trigger the Bus error channel.

The interrupt flags and error channels are cleared after the injection tests have been completed. This is done regardless of whether the tests succeeded or failed.

After clearing the interrupts and error channels the diagnostic restores the global interrupt state, reenables the NMI and restores the error channels used to their original configuration.

Warning: This diagnostic uses DIAG_FLASH_ADDRESS to read from Flash. This address is by default set to the first flash address in mapped data space. It assumes that this address is used and has valid data. If the data word pointed to by this address does not contain valid data the ECC checker will always report a 2-bit ECC error when reading it, making the diagnostic fail.; This diagnostic temporarily disables the safety mechanism (FLASH1, FLASH2 and BUSERR error channels) when called in Mission Mode, potentially masking true faults during execution. It also disables global interrupt during execution, which may delay the servicing of other error-handling interrupts. The original configuration is restored when the diagnostic is complete.

Note: Error injection will not be initiated if the Error Controller is not in NORMAL state or the FLASH1, FLASH2 or BUSERR error channels is already set. If either of these conditions occur, the diagnostic function will return an error indicating that the error injection process could not be started.

Return values

ERROR	Fault detected in the NVMCTRL ECC error detection mechanisms or diagnostic failed to start due to illegal conditions.
NO_ERROR	No fault detected in the redundant NVMCTRL ECC checkers.

Definition at line 222 of file midware_memory_manager_diag.c.

◆ MW_DiagNvmParity()

errFlag_t MW_DiagNvmParity ( void )

This function performs error injection diagnostic to detect faults in the CPU and NVM bus parity checkers triggered by NVM access.

The diagnostic starts by disabling global and non-maskable interrupts. This is done to prevent the interrupt routines from triggering and reporting actual errors. The error channels that will trigger due to the diagnostic are configured by disabling float and setting the severity to NOTIFICATION.

The diagnostic runs several injection test on different parity checkers on the device. The injection tests are done by setting the injection bit for the specific checker in the correct control register before performing an instruction that triggers that checker. To make sure that the trigger instruction is known, and not a random instruction, the injection and trigger actions are done using assembly functions.

This diagnostic does the following error injection tests:

Error injection on NVM data parity generator, triggered by NVM read.
Error injection on NVM instruction parity generator, triggered by NVM fetch.
Error injection on CPU data parity generator, triggered by NVM write.
Error injection on CPU address parity generator, triggered by NVM read.
Error injection on CPU control parity generator, triggered by NVM read.

The interrupt flags and error channels are cleared after the injection tests have been completed. This is done regardless of whether the tests succeeded or failed.

After clearing the interrupts and error channels the diagnostic restores the global interrupt state, reenables the NMI and restores the error channels used to their original configuration.

Warning: This diagnostic temporarily disables the safety mechanism (BUSERR and OPC error channels) when called in Mission Mode, potentially masking true faults during execution. It also disables global interrupt during execution, which may delay the servicing of other error-handling interrupts. The original configuration is restored when the diagnostic is complete.

Note: Error injection will not be initiated if the Error Controller is not in NORMAL state or the SPLIM error channel is already set. If either of these conditions occur, the diagnostic function will return an error indicating that the error injection process could not be started.; NVM write is done on EEPROM to avoid writing to Flash. This also means that the CPU does not halt for the duration of the write as would be the case for Flash. If the error is detected, the write is automatically aborted. However, if not detected, the write will complete. For this reason an EEPROM address is reserved at DIAG_EEPROM_ADDRESS.

Return values

ERROR	Fault detected in the CPU or NVM bus parity checkers or diagnostic failed to start due to illegal conditions.
NO_ERROR	No fault detected in the CPU or NVM bus parity checkers.

Definition at line 126 of file midware_memory_manager_diag.c.

◆ MW_DiagRamEcc()

errFlag_t MW_DiagRamEcc ( void )

This function performs error injection diagnostic to detect faults in the redundant RAMCTRL ECC checkers.

The diagnostic starts by disabling global and non-maskable interrupts. This is done to prevent the interrupt routines from triggering and reporting actual errors. The error channels that will trigger due to the diagnostic are configured by disabling float and setting the severity to NOTIFICATION.

The diagnostic runs injection tests on the RAM ECC checkers. The injection tests are done by setting the injection bit for the specific checker in the correct control register before performing an instruction that triggers that checker. To make sure that the trigger instruction is known, and not a random instruction, the injection and trigger actions are done using assembly functions.

This diagnostic does the following error injection tests:

Error injection on RAM ECC comparator, triggered by RAM read.
1-bit error injection on RAM, triggered by RAM read.
2-bit error injection on RAM, triggered by RAM read.

Note: The 2-bit error injection will trigger the Bus error channel.

The interrupt flags and error channels are cleared after the injection tests have been completed. This is done regardless of whether the tests succeeded or failed.

After clearing the interrupts and error channels the diagnostic restores the global interrupt state, reenables the NMI and restores the error channels used to their original configuration.

Warning: This diagnostic temporarily disables the safety mechanism (RAM1, RAM2 and BUSERR error channels) when called in Mission Mode, potentially masking true faults during execution. It also disables global interrupt during execution, which may delay the servicing of other error-handling interrupts. The original configuration is restored when the diagnostic is complete.

Note: Error injection will not be initiated if the Error Controller is not in NORMAL state or the SPLIM error channel is already set. If either of these conditions occur, the diagnostic function will return an error indicating that the error injection process could not be started.

Return values

ERROR	Fault detected in the RAMCTRL ECC error detection mechanisms or diagnostic failed to start due to illegal conditions.
NO_ERROR	No fault detected in the redundant RAMCTRL ECC checkers.

Definition at line 177 of file midware_memory_manager_diag.c.

◆ MW_DiagRamParity()

errFlag_t MW_DiagRamParity ( void )

This function performs error injection diagnostic to detect faults in the RAM parity checker triggered by RAM access.

The diagnostic starts by disabling global and non-maskable interrupts. This is done to prevent the interrupt routines from triggering and reporting actual errors. The error channels that will trigger due to the diagnostic are configured by disabling float and setting the severity to NOTIFICATION.

The diagnostic runs several injection test on different parity checkers on the device. The injection tests are done by setting the injection bit for the specific checker in the correct control register before performing an instruction that triggers that checker. To make sure that the trigger instruction is known, and not a random instruction, the injection and trigger actions are done using assembly functions.

This diagnostic does the following error injection tests:

Error injection on CPU data parity generator, triggered by RAM write.
Error injection on CPU address parity generator, triggered by RAM read.
Error injection on CPU control parity generator, triggered by RAM read.

The interrupt flags and error channels are cleared after the injection tests have been completed. This is done regardless of whether the tests succeeded or failed.

After clearing the interrupts and error channels the diagnostic restores the global interrupt state, reenables the NMI and restores the error channels used to their original configuration.

Warning: This diagnostic temporarily disables the safety mechanism (BUSERR error channel) when called in Mission Mode, potentially masking true faults during execution. It also disables global interrupt during execution, which may delay the servicing of other error-handling interrupts. The original configuration is restored when the diagnostic is complete.

Note: Error injection will not be initiated if the Error Controller is not in NORMAL state or the SPLIM error channel is already set. If either of these conditions occur, the diagnostic function will return an error indicating that the error injection process could not be started.

Return values

ERROR	Fault detected in the CPU bus parity checker or diagnostic failed to start due to illegal conditions.
NO_ERROR	No fault detected in the CPU bus parity checker.

Definition at line 83 of file midware_memory_manager_diag.c.

◆ MW_GetClearBusError()

errFlag_t MW_GetClearBusError ( void )

Reads and clears the flag indicating an error in the Bus Matrix.

This function checks whether the BUSERR interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	Bus error flag set.
NO_ERROR	Bus error flag not set.

Definition at line 130 of file midware_memory_manager.c.

◆ MW_GetClearCpuDataParityError()

errFlag_t MW_GetClearCpuDataParityError ( void )

Reads and clears the flag indicating a data bus parity error in the CPU.

This function checks whether the PARITYD interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	Data bus parity error flag set.
NO_ERROR	Data bus parity error flag not set.

Definition at line 146 of file midware_memory_manager.c.

◆ MW_GetClearCpuInstrParityError()

errFlag_t MW_GetClearCpuInstrParityError ( void )

Reads and clears the flag indicating a instruction bus parity error in the CPU.

This function checks whether the PARITYI interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	Instruction bus parity error flag set.
NO_ERROR	Instruction bus parity error flag not set.

Definition at line 162 of file midware_memory_manager.c.

◆ MW_GetClearCpuOpcodeError()

errFlag_t MW_GetClearCpuOpcodeError ( void )

Reads and clears the flag indicating an illegal opcode error in the CPU.

This function checks whether the OPC interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	Illegal opcode error flag set.
NO_ERROR	Illegal opcode error flag not set.

Definition at line 178 of file midware_memory_manager.c.

◆ MW_GetClearNvmEccCompError()

errFlag_t MW_GetClearNvmEccCompError ( void )

Reads and clears the flag indicating a ECC comparator error in the NVM controller.

This function checks whether the COMP interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC Comparator error flag set.
NO_ERROR	ECC Comparator error flag not set.

Definition at line 279 of file midware_memory_manager.c.

◆ MW_GetClearNvmEepromEcc1Error()

errFlag_t MW_GetClearNvmEepromEcc1Error ( void )

Reads and clears the flag indicating an ECC single-bit error in EEPROM.

This function checks whether the EECC1 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC single-bit error flag set.
NO_ERROR	ECC single-bit error flag not set.

Definition at line 348 of file midware_memory_manager.c.

◆ MW_GetClearNvmEepromEcc2Error()

errFlag_t MW_GetClearNvmEepromEcc2Error ( void )

Reads and clears the flag indicating an ECC multi-bit error in EEPROM.

This function checks whether the EECC2 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC multi-bit error flag set.
NO_ERROR	ECC multi-bit error flag not set.

Definition at line 364 of file midware_memory_manager.c.

◆ MW_GetClearNvmFlashEcc1Error()

errFlag_t MW_GetClearNvmFlashEcc1Error ( void )

Reads and clears the flag indicating a ECC single-bit error in Flash.

This function checks whether the FECC1 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC single-bit error flag set.
NO_ERROR	ECC single-bit error flag not set.

Definition at line 295 of file midware_memory_manager.c.

◆ MW_GetClearNvmFlashEcc2Error()

errFlag_t MW_GetClearNvmFlashEcc2Error ( void )

Reads and clears the flag indicating a ECC multi-bit error in Flash.

This function checks whether the FECC2 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC multi-bit error flag set.
NO_ERROR	ECC multi-bit error flag not set.

Definition at line 311 of file midware_memory_manager.c.

◆ MW_GetClearNvmParityError()

errFlag_t MW_GetClearNvmParityError ( void )

Reads and clears the flag indicating a bus parity error detected in the NVM controller.

This function checks whether the PARITYD, PARITYA or PARITYC interrupt flag has been set or not. If set, clears the flags and returns ERROR.

Note: There are three parity checkers for data, address and control signals in the NVM controller. However, this function treats all parity error flags as the same error. If any is set, all parity errors are cleared.

Return values

ERROR	Flash parity error flag set.
NO_ERROR	Flash parity error flag not set.

Definition at line 327 of file midware_memory_manager.c.

◆ MW_GetClearRamEcc1Error()

errFlag_t MW_GetClearRamEcc1Error ( void )

Reads and clears the flag indicating an ECC single-bit error in SRAM.

This function checks whether the ECC1 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC single-bit error flag set.
NO_ERROR	ECC single-bit error flag not set.

Definition at line 226 of file midware_memory_manager.c.

◆ MW_GetClearRamEcc2Error()

errFlag_t MW_GetClearRamEcc2Error ( void )

Reads and clears the flag indicating an ECC multi-bit error in SRAM.

This function checks whether the ECC2 interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC multi-bit error flag set.
NO_ERROR	ECC multi-bit error flag not set.

Definition at line 242 of file midware_memory_manager.c.

◆ MW_GetClearRamEccCompError()

errFlag_t MW_GetClearRamEccCompError ( void )

Reads and clears the flag indicating a ECC comparator error in the RAM controller.

This function checks whether the COMP interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	ECC comparator error flag set.
NO_ERROR	ECC comparator error flag not set.

Definition at line 210 of file midware_memory_manager.c.

◆ MW_GetClearRamParityError()

errFlag_t MW_GetClearRamParityError ( void )

Reads and clears the flag indicating a bus parity error detected in the RAM controller.

This function checks whether the PARITYD, PARITYA or PARITYC interrupt flag has been set or not. If set, clears the flags and returns ERROR.

Note: There are three parity checkers for data, address and control signals in the RAM controller. However, this function treats all parity error flags as the same error. If any is set, all parity errors are cleared.

Return values

ERROR	Bus parity error flag set.
NO_ERROR	Bus parity error flag not set.

Definition at line 258 of file midware_memory_manager.c.

◆ MW_GetClearRamStackError()

errFlag_t MW_GetClearRamStackError ( void )

Reads and clears the flag indicating a stack pointer limit error in SRAM.

This function checks whether the SPLIM interrupt flag has been set or not. If set, clears the flag and returns ERROR.

Return values

ERROR	Stack pointer limit error flag set.
NO_ERROR	Stack pointer limit flag not set.

Definition at line 194 of file midware_memory_manager.c.

◆ MW_GetPersistentFlag()

bool MW_GetPersistentFlag ( persistentFlag_t flagType )

Reads two redundant bits for each boolean flags in General Purpose Registers (GPR) that is stored for preserving data between resets.

Warning: A call to MW_IsPersistentFlagsCorrupt should be performed before calling this function to verify if any flags have been corrupted.

Parameters

flagType The flag type to read.

Return values

true	Both redundant bits are set, flag is true.
false	One or both bits are not set, flag is false.

Definition at line 475 of file midware_memory_manager.c.

◆ MW_GetPersistentVal()

uint8_t MW_GetPersistentVal ( persistentVal_t valueType )

Reads a value in General Purpose Registers (GPR) that is stored for preserving data between resets.

Warning: A call to MW_IsPersistentValsCorrupt should be performed before calling this function to verify if any values have been corrupted.

Parameters

valueType The value type to read.

Returns: The read value.

Definition at line 504 of file midware_memory_manager.c.

◆ MW_IsPersistentFlagsCorrupt()

bool MW_IsPersistentFlagsCorrupt ( void )

Compares two redundant bits for each boolean flags in General Purpose Registers (GPR) and checks if any of the flags are corrupted.

This function reads both bits of a flag and compare their value. If both bits of a flag are zero, the flag is false. If both bits of the flag is one, the flag is true. If the two bits of a flag differ (one is zero and the other is one), the flag is considered corrupt due to a bit-flip or other issue. If any flag is found to be corrupt, it is assumed that all flags are corrupt. This is because the integrity of the operations to reset and write to the flags cannot be trusted if any data is corrupted. Additionally, this function checks whether the invalid input flag has been set or not.

Return values

true	One or more flags have been corrupted, or invalid input flag is set.
false	No flag corruption detected.

Definition at line 536 of file midware_memory_manager.c.

◆ MW_IsPersistentValsCorrupt()

bool MW_IsPersistentValsCorrupt ( void )

Checks if any of the stored persistent values are corrupted.

This function calculates a new checksum for the stored values and compares it to the stored checksum. If the checksums do not match, the values are considered corrupted. Additionally, this function checks whether the invalid input flag has been set or not, indicating that he integrity of the operations to reset and write to the values cannot be trusted.

Return values

true	Fault detected in the checksum or invalid input flag has been set.
false	No value corruption detected.

Definition at line 579 of file midware_memory_manager.c.

◆ MW_SetNvmEccAllOnes()

errFlag_t MW_SetNvmEccAllOnes ( eccAllOnes_t config )

Sets ECC all Ones (ECCALL1) scheme.

This function sets the ECC all ones scheme for the specified memory sections.

Parameters

config Configuration of which NVM memory sections have the feature enabled or disabled.

Return values

ERROR	Invalid config value.
NO_ERROR	Valid config value.

Definition at line 380 of file midware_memory_manager.c.

◆ MW_SetRamStackLimit()

errFlag_t MW_SetRamStackLimit	(	uint16_t	splimAddr,
		bool	lockEnable )

Sets the Stack Pointer Limit value and optionally locks the value to prevent modification.

The Stack Pointer Limit (SPLIM) feature compares the current Stack Pointer (SP) RAM address with the configured SPLIM RAM address. The SP in the CPU points to the top of the stack in RAM and typically starts on the highest RAM address. If the stack grows larger than the specified limit, an error flag is set.

Note: Valid splimAddr range is between INTERNAL_SRAM_START and INTERNAL_SRAM_END defined in the device-specific header file.

Parameters

splimAddr	The Stack Pointer Limit RAM address.
lockEnable	Enable or disable stack pointer lock.

Return values

ERROR	Invalid RAM address.
NO_ERROR	Valid RAM address.

Definition at line 395 of file midware_memory_manager.c.

◆ MW_StorePersistentFlag()

void MW_StorePersistentFlag	(	persistentFlag_t	flagType,
		bool	flag )

Stores two redundant boolean flags in General Purpose Registers (GPR) for perserving data between resets.

This function stores the specified value for the specified persistentFlag_t in General Purpose Registers (GPR) in order to preserve data between non-POR/BOR device resets. Each flag value is stored using two redundant bits to detect data corruption. The stored flag value can be read using MW_GetPersistentFlag.

Note: This function can be used to clear single flags by setting them to false, while MW_ClearPersistentFlags is used to clear all flags.; An invalid flag type is ignored and will set the internal invalid input flag, which is used in MW_IsPersistentFlagsCorrupt as part of checking for data validity.; All flags will default to false after a Power On Reset (POR) or Brownout Reset (BOR).

Parameters

flagType	The type of flag to store.
flag	Boolean value to store.

Definition at line 416 of file midware_memory_manager.c.

◆ MW_StorePersistentVal()

void MW_StorePersistentVal	(	persistentVal_t	valueType,
		uint8_t	value )

Stores a value in General Purpose Registers (GPR) for perserving data between resets.

This function stores the specified value for the specified persistentVal_t in General Purpose Registers (GPR) in order to preserve data between non-POR/BOR device resets. Each value is stored in specific locations which is protected by a checksum. The stored values can be read using MW_GetPersistentVal.

Note: This function can be used to clear single values by setting them to 0, while MW_ClearPersistentVals is used to clear all flags.; An invalid value type is ignored and will set the internal invalid input flag, which is used in MW_IsPersistentValsCorrupt as part of checking for data validity.

Warning: This function verifies the stored checksum before writing any values. If the checksum has been corrupted, the function will return early and to avoid calculating a new checksum. A corrupted checksum will be reported by MW_IsPersistentValsCorrupt.

Note: All values will default to zero after a Power On Reset (POR) or Brownout Reset (BOR).

Parameters

valueType	The value type to store.
value	The value to store.

Definition at line 437 of file midware_memory_manager.c.

Files

Macros

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

◆ eccAllOnes_t

◆ persistentFlag_t

◆ persistentVal_t

Function Documentation

◆ ASM_InjectCpuAddressParityNvm()

◆ ASM_InjectCpuControlParityNvm()

◆ ASM_InjectCpuDataParityNvm()

◆ ASM_InjectNvmDataParity()

◆ ASM_InjectRamEcc1()

◆ ASM_InjectRamEcc2()

◆ MW_ClearPersistentFlags()

◆ MW_ClearPersistentVals()

◆ MW_DiagNvmEepromEcc()

◆ MW_DiagNvmFlashEcc()

◆ MW_DiagNvmParity()

◆ MW_DiagRamEcc()

◆ MW_DiagRamParity()

◆ MW_GetClearBusError()

◆ MW_GetClearCpuDataParityError()

◆ MW_GetClearCpuInstrParityError()

◆ MW_GetClearCpuOpcodeError()

◆ MW_GetClearNvmEccCompError()

◆ MW_GetClearNvmEepromEcc1Error()

◆ MW_GetClearNvmEepromEcc2Error()

◆ MW_GetClearNvmFlashEcc1Error()

◆ MW_GetClearNvmFlashEcc2Error()

◆ MW_GetClearNvmParityError()

◆ MW_GetClearRamEcc1Error()

◆ MW_GetClearRamEcc2Error()

◆ MW_GetClearRamEccCompError()

◆ MW_GetClearRamParityError()

◆ MW_GetClearRamStackError()

◆ MW_GetPersistentFlag()

◆ MW_GetPersistentVal()

◆ MW_IsPersistentFlagsCorrupt()

◆ MW_IsPersistentValsCorrupt()

◆ MW_SetNvmEccAllOnes()

◆ MW_SetRamStackLimit()

◆ MW_StorePersistentFlag()

◆ MW_StorePersistentVal()