Contains API prototypes Pre-startup Tasks.
More...
|
| void | T_EnsureSafeState (void) |
| | Ensures the device is in a Safe State by making sure io pins are floated.
|
| void | T_DetermineResetReason (void) |
| | Determines the reason for the last device reset and stores it for later handling.
|
| void | T_RunResetDiagnosticFsm (void) |
| | Implements an FSM for performing error injection diagnostics leading to device resets.
|
Contains API prototypes Pre-startup Tasks.
- Version
- 1.0.0-alpha.1
The Pre-startup Task APIs are used by the Pre-startup Task Manager to perform the Pre-startup sequence.
- Copyright
- © 2024 Microchip Technology Inc. and its subsidiaries.
Subject to your compliance with these terms, you may use Microchip software and any derivatives exclusively with Microchip products. It is your responsibility to comply with third party license terms applicable to your use of third party software (including open source software) that may accompany Microchip software.
THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE.
UML Class Diagrams
UML Activity Diagrams
UML Sequence Diagrams
UML State Machine Diagrams
◆ T_DetermineResetReason()
| void T_DetermineResetReason |
( |
void | | ) |
|
Determines the reason for the last device reset and stores it for later handling.
This function is responsible for determining the reason for the last reset, and checks persistent storage to verify if an error injection diagnostic is ongoing. If so, the reason for the error injection reset is stored in persistent storage for T_RunResetDiagnosticFsm to continue its diagnostics, otherwise it stores the reset reason in a separate location in persistent storage to be handled later by T_HandleResetReason.
- Warning
- This function is intended to be called inside the .init3 memory section (see restrictions in init3).
-
This function depends on T_RunResetDiagnosticFsm to store the correct error injection ongoing flag in persistent memory to correctly determine if the reset reason was due to an ongoing pre-startup diagnostic or a true device reset.
-
The reset reason and any persistent data stored between device resets is cleared upon Power-On Reset (POR) and Brown-out Reset (BOR).
Definition at line 78 of file tasks_pre_startup.c.
◆ T_EnsureSafeState()
| void T_EnsureSafeState |
( |
void | | ) |
|
Ensures the device is in a Safe State by making sure io pins are floated.
This function checks if the device is in a Safe State after device reset by checking if all I/O pins are floated. If a hardware fault has occurred and any I/O pins are not floated, the task will ensure a Safe State by forcing all I/O pins to be floated using the Error Controller forcefloat feature and report the error. A side-effect of force-floating all I/O pins is that the pins will remain floating until disabled or the device is reset.
If the STRICT_SAFE_STATE configuration is enabled, the function will run the force float routine even if no errors were detected. This ensures that any peripheral or PORT configurations impacting I/O pins does not take effect until the force float is released when entering Mission Mode.
- Warning
- A detected float error is reported by storing a flag in persistent memory and must be handled later (in T_HandlePreStartupErrors).
-
The float error flag stored between device resets is cleared upon Power-On Reset (POR) and Brown-out Reset (BOR).
-
This function is intended to be called inside the .init3 memory section (see restrictions in init3).
Definition at line 57 of file tasks_pre_startup.c.
◆ T_RunResetDiagnosticFsm()
| void T_RunResetDiagnosticFsm |
( |
void | | ) |
|
Implements an FSM for performing error injection diagnostics leading to device resets.
This function is responsible for executing error injection diagnostics that, if successful, will reset the device. Due to the nature of the diagnostics, the Task is implemented as a Finite State Machine (FSM) that can retain it's state between most device resets and continue execution when called again.
The state machine consists of the following states:
- START:
- CONTINUE:
- COMPLETE:
- Store the result of the WDT Expire diagnostic in persistent memory
- Clean up persistent state variables to reset the FSM
- CORRUPT:
- Abort FSM execution to avoid infinite reset loops and store error in persistent memory
During normal execution, the FSM will start by performing a CPU Lockstep error injection resulting in a device reset. When entering the FSM again, it will continue by storing a passing result for the CPU Lockstep diagnostic before running the SWDT Expire diagnostic and storing the result. Finally it runs the WDT Expire diagnostic, resulting in another device reset and a passing result is stored when entering a final time, completing the FSM.
Should a diagnostic fail to reset the device, the FSM automatically transitions into the next state to run or complete the next diagnostic(s).
- Warning
- This function will reset the device as part of normal execution.
-
This function is intended to be called inside the .init3 memory section (see restrictions in init3).
-
This function depends on T_DetermineResetReason to store the correct error injection reset reason in persistent memory to correctly determine the result of the diagnostics and to avoid infinite reset loops.
-
The result of the diagnostics and any other faults detected during execution is stored in persistent memory and must be handled later (in T_HandlePreStartupErrors). If persistent data used by the FSM is corrupted, the FSM state itself is corrupted and the execution is aborted. This is because retrieving the diagnostic result depends on non-corrupt data and the real reset reason found in T_DetermineResetReason might have been erroneously overwritten by an error injection reset. Thus, if the stored error injection reset reason is set to ERRINJ_RESET_CORRUPT, all data stored in the persistent memory using persistentVal_t and persistentFlag_t is to be considered invalid. In such cases, the data must be cleared before the next device reset to prevent the FSM from remaining corrupted.
-
The FSM state and any persistent data stored between device resets is cleared upon Power-On Reset (POR) and Brown-out Reset (BOR).
-
The SWDT Expire diagnostic does not lead to device resets, but is performed here since it has a side effect of expediting the current SWDT period and enabling the SWDT if not already enabled. To minimize the effect of this side effect, the diagnostic is run before the WDT diagnostic since it will normally result in a device reset which resets the SWDT thus completes the pre-startup sequence without any side effects. However, should the WDT Expire diagnostic fail, the SWDT will continue to run with new timeout value. This timeout value can be configured using PRE_STARTUP_SWDT_RESET_VAL.
Definition at line 122 of file tasks_pre_startup.c.
1.15.0