test-access-public/midware__watchdog__manager__diag_8c_source.html

// Standard Library Includes

#include <stdbool.h>

#include <stdint.h>


// Framework Includes

#include <define_error_flags.h>

#include <driver_cpuctrl.h>

#include <driver_errctrl.h>

#include <driver_swdt.h>

#include <driver_wdt.h>

#include <midware_shared_diag_private.h>

#include <midware_watchdog_manager_diag.h>


// Device-specific Includes

#include <xc.h>


#define UINT24_MAX 0x00FFFFFFUL


// Variables for tracking internal state, must be written to atomically to avoid any race conditions

static volatile bool isWdtCountOngoing = false;

static volatile uint16_t beginWdtCount = 0U;


// Private Function Prototypes

static bool BackupDisableGlobalInterrupts(void);

static void RestoreGlobalInterrupts(bool wasInterruptsEnabled);

static void DisableSwdtChannel(void);

static void RestoreSwdtChannelConfigs(uint8_t swdtChBackup);

static bool InjectSwdtExpireError(void);


errFlag_t MW_DiagSwdtCount(void)

{

    // Disable and backup global interrupts configuration

    AtomicSectionStart();


    // Sufficient to check the least significant byte when immediately reading it again

    const uint8_t firstCountSample  = SWDT_ReadCounterLsb();

    const uint8_t secondCountSample = SWDT_ReadCounterLsb();


    // Restore global interrupts configuration

    AtomicSectionEnd();


    errFlag_t diagResult = NO_ERROR;

    if (firstCountSample == secondCountSample)

    {

        diagResult = ERROR;

    }


    return diagResult;

}


errFlag_t MW_DiagSwdtExpire(uint32_t newReset)

{

    bool invalidNewReset = ((newReset > UINT24_MAX) || (newReset == 0U));

    if (invalidNewReset)

    {

        /* cppcheck-suppress misra-c2012-15.5 */

        return ERROR;

    }


    const uint32_t swdtChMask = 1UL << ERRCTRL_ESF_13_bp;

    const bool isConfigurable = IsErrChConfigurable(swdtChMask);

    if (!isConfigurable)

    {

        /* cppcheck-suppress misra-c2012-15.5 */

        return ERROR;

    }


    // Disable and backup global interrupts configuration

    const bool wasInterruptsEnabled = BackupDisableGlobalInterrupts();


    // Prevent error injection from triggering a real error response

    uint8_t swdtChBackup = ERRCTRL_ReadConfigSwdt();

    DisableSwdtChannel();


    // Set the count value to be loaded after expiring

    SWDT_WriteResetValue(newReset);


    // Enable the SWDT if not already enabled

    SWDT_SetControlA((uint8_t)SWDT_ENABLE_bm);


    bool isDiagPassed = InjectSwdtExpireError();


    RestoreSwdtChannelConfigs(swdtChBackup); // Restore Error Channel to previous state


    // Restore global interrupts configuration

    RestoreGlobalInterrupts(wasInterruptsEnabled);


    errFlag_t diagResult = ERROR;

    if (isDiagPassed)

    {

        diagResult = NO_ERROR;

    }


    return diagResult;

}


void MW_DiagWdtCountBegin(void)

{

    // Disable and backup global interrupts configuration

    AtomicSectionStart();


    beginWdtCount     = WDT_ReadCounter();

    isWdtCountOngoing = true;


    // Restore global interrupts configuration

    AtomicSectionEnd();

}


bool MW_IsDiagWdtCountOngoing(void)

{

    return isWdtCountOngoing;

}


errFlag_t MW_DiagWdtCountEnd(void)

{

    if (isWdtCountOngoing == false)

    {

        /* cppcheck-suppress misra-c2012-15.5 */

        return ERROR;

    }


    // Disable and backup global interrupts configuration

    AtomicSectionStart();


    const uint16_t endWdtCount = WDT_ReadCounter();

    isWdtCountOngoing          = false;


    // Restore global interrupts configuration

    AtomicSectionEnd();


    errFlag_t diagResult = NO_ERROR;

    if (beginWdtCount == endWdtCount)

    {

        diagResult = ERROR;

    }


    return diagResult;

}


errFlag_t MW_DiagWdtExpire(void)

{

    // Set up Watchdog clock to shortest possible duration with window mode disabled

    const uint8_t diagWindowConfig = (uint8_t)WDT_WINDOW_OFF_gc;

    const uint8_t diagPeriodConfig = (uint8_t)WDT_PERIOD_8CLK_gc;

    WDT_WriteControlA(diagWindowConfig | diagPeriodConfig);


    bool waitForReset = true;

    while (waitForReset)

    {

        // WDT will continue to count if it failed to reset the device after expiring

        const uint16_t currentCount = WDT_ReadCounter();

        const uint16_t expireCount  = 8U;

        if (currentCount > expireCount)

        {

            waitForReset = false;

        }

    }


    return ERROR;

}


// Backs up and disables global interrupts

static bool BackupDisableGlobalInterrupts(void)

{

    const uint8_t gieMask           = (uint8_t)CPU_I_bm; // Global Interrupt Enable status bit

    const uint8_t cpuStatusRegVal   = CPUCTRL_ReadStatusRegister();

    const bool wasInterruptsEnabled = ((cpuStatusRegVal & gieMask) == gieMask);


    CPUCTRL_ClearStatusRegister(gieMask);


    return wasInterruptsEnabled;

}


// Restores the Global Interrupt configuration

static void RestoreGlobalInterrupts(bool wasInterruptsEnabled)

{

    if (wasInterruptsEnabled)

    {

        CPUCTRL_SetStatusRegister((uint8_t)CPU_I_bm);

    }

}


// Sets the SWDT Error Channel to NOTIFICATION severity and disables I/O float

static void DisableSwdtChannel(void)

{

    const uint8_t stateMask        = (uint8_t)ERRCTRL_STATE_gm;

    const uint8_t floatConfig      = (uint8_t)(0U << ERRCTRL_FLOAT_bp);

    const uint8_t severityConfig   = (uint8_t)(ERRCTRL_ERRLVL_NOTIFICATION_gc);

    const uint8_t disabledChConfig = (floatConfig | severityConfig);


    ERRCTRL_ModifyControlA(stateMask, (uint8_t)ERRCTRL_STATE_CONFIG_gc);

    ERRCTRL_WriteConfigSwdt(disabledChConfig);

    ERRCTRL_ModifyControlA(stateMask, (uint8_t)ERRCTRL_STATE_NORMAL_gc);

}


// Restores the SWDT Error Channel configs to their backed up configurations

static void RestoreSwdtChannelConfigs(uint8_t swdtChBackup)

{

    const uint8_t stateMask = (uint8_t)ERRCTRL_STATE_gm;

    ERRCTRL_ModifyControlA(stateMask, (uint8_t)ERRCTRL_STATE_CONFIG_gc);

    ERRCTRL_WriteConfigSwdt(swdtChBackup);

    ERRCTRL_ModifyControlA(stateMask, (uint8_t)ERRCTRL_STATE_NORMAL_gc);

}


// Fast forwards the count register to expire before reading and clearing error flag and channel

static bool InjectSwdtExpireError(void)

{

    // Start error injection

    SWDT_WriteControlB((uint8_t)SWDT_TEST_bm); // Force SWDT counter to 1


    volatile uint8_t waitCount = 0U;

    waitCount++; // Ensure sufficient clock cycles has passed after injection on higher optimization


    // Expire error flag should be set two cycles after injection

    const uint8_t expFlagMask = (uint8_t)SWDT_EXP_bm;

    const uint8_t intFlags    = SWDT_ReadIntFlags();

    const bool isExpFlagSet   = ((intFlags & expFlagMask) == expFlagMask);


    // SWDT Error Controller Channel should be set when expire error flag is set

    const uint32_t swdtChMask = (1UL << ERRCTRL_ESF_13_bp);

    const uint32_t chStatus   = ERRCTRL_ReadChannelStatus();

    const bool isSwdtChSet    = ((chStatus & swdtChMask) == swdtChMask);


    SWDT_WriteIntFlags((uint8_t)SWDT_ERROR_bm); // Clear expire error flag


    ERRCTRL_WriteChannelStatus(swdtChMask); // Clear SWDT Error Channel after clearing source


    bool isDiagPassed = (isExpFlagSet && isSwdtChSet);


    return isDiagPassed;

}

define_error_flags.h
Defines error flag type for indicating detected errors in Middleware services.

errFlag_t
errFlag_t
Defines the error flag used by Middleware services to indicate error detection.
Definition define_error_flags.h:42

ERROR
@ ERROR
Definition define_error_flags.h:44

NO_ERROR
@ NO_ERROR
Definition define_error_flags.h:43

driver_cpuctrl.h

driver_errctrl.h

driver_swdt.h

driver_wdt.h

CPUCTRL_ReadStatusRegister
uint8_t CPUCTRL_ReadStatusRegister(void)
Reads the SREG register value.
Definition driver_cpuctrl.c:59

CPUCTRL_ClearStatusRegister
void CPUCTRL_ClearStatusRegister(uint8_t bitmask)
Clears specific bits in the SREG register.
Definition driver_cpuctrl.c:69

CPUCTRL_SetStatusRegister
void CPUCTRL_SetStatusRegister(uint8_t bitmask)
Sets specific bits in the SREG register.
Definition driver_cpuctrl.c:64

ERRCTRL_ReadConfigSwdt
uint8_t ERRCTRL_ReadConfigSwdt(void)
Reads the ESCSWDT register value.
Definition driver_errctrl.c:207

ERRCTRL_ReadChannelStatus
uint32_t ERRCTRL_ReadChannelStatus(void)
Reads the ESF register value.
Definition driver_errctrl.c:247

ERRCTRL_WriteConfigSwdt
void ERRCTRL_WriteConfigSwdt(uint8_t value)
Overwrites the ESCSWDT register value.
Definition driver_errctrl.c:212

ERRCTRL_WriteChannelStatus
void ERRCTRL_WriteChannelStatus(uint32_t value)
Overwrites the ESF register value.
Definition driver_errctrl.c:252

ERRCTRL_ModifyControlA
void ERRCTRL_ModifyControlA(uint8_t groupMask, uint8_t groupConfig)
Modifies specific bit field(s) in the CTRLA register.
Definition driver_errctrl.c:52

AtomicSectionStart
void AtomicSectionStart(void)
Backup and disable global interrupts.
Definition midware_shared_diag_private.c:34

AtomicSectionEnd
void AtomicSectionEnd(void)
Restore global interrupts if previously enabled.
Definition midware_shared_diag_private.c:52

IsErrChConfigurable
bool IsErrChConfigurable(uint32_t channelMask)
Check Error Controller state and error channels indicated by the channel mask input.
Definition midware_shared_diag_private.c:69

SWDT_ReadIntFlags
uint8_t SWDT_ReadIntFlags(void)
Reads the INTFLAGS register value.
Definition driver_swdt.c:52

SWDT_WriteIntFlags
void SWDT_WriteIntFlags(uint8_t value)
Overwrites the INTFLAGS register value.
Definition driver_swdt.c:57

SWDT_WriteResetValue
void SWDT_WriteResetValue(uint32_t value)
Overwrites the RESET register value.
Definition driver_swdt.c:67

SWDT_SetControlA
void SWDT_SetControlA(uint8_t bitmask)
Sets specific bits in the CTRLA register.
Definition driver_swdt.c:35

SWDT_WriteControlB
void SWDT_WriteControlB(uint8_t value)
Overwrites the CTRLB register value.
Definition driver_swdt.c:42

SWDT_ReadCounterLsb
uint8_t SWDT_ReadCounterLsb(void)
Reads the CNT0 register value.
Definition driver_swdt.c:62

MW_DiagWdtExpire
errFlag_t MW_DiagWdtExpire(void)
Performs error injection diagnostic to detect faults in the Watchdog Timer (WDT) Expire mechanism.
Definition midware_watchdog_manager_diag.c:167

MW_DiagSwdtExpire
errFlag_t MW_DiagSwdtExpire(uint32_t newReset)
Performs error injection diagnostic to detect faults in the Synchronous Watchdog Timer (SWDT) Expire ...
Definition midware_watchdog_manager_diag.c:78

UINT24_MAX
#define UINT24_MAX
Defines max value for 24-bit registers.
Definition midware_watchdog_manager.c:42

MW_DiagWdtCountBegin
void MW_DiagWdtCountBegin(void)
Begins diagnostic to detect faults in the Watchdog Timer (WDT) Counter mechanism.
Definition midware_watchdog_manager_diag.c:124

MW_DiagSwdtCount
errFlag_t MW_DiagSwdtCount(void)
Performs diagnostic to detect faults in the Synchronous Watchdog Timer (SWDT) Counter mechanism.
Definition midware_watchdog_manager_diag.c:57

MW_IsDiagWdtCountOngoing
bool MW_IsDiagWdtCountOngoing(void)
Checks whether the Watchdog Timer (WDT) Count diagnostic is ongoing.
Definition midware_watchdog_manager_diag.c:136

MW_DiagWdtCountEnd
errFlag_t MW_DiagWdtCountEnd(void)
Completes diagnostic to detect faults in the Watchdog Timer (WDT) Counter mechanism.
Definition midware_watchdog_manager_diag.c:141

WDT_ReadCounter
uint16_t WDT_ReadCounter(void)
Reads the CNT register value.
Definition driver_wdt.c:43

WDT_WriteControlA
void WDT_WriteControlA(uint8_t value)
Overwrites the CTRLA register value.
Definition driver_wdt.c:33

midware_shared_diag_private.h

midware_watchdog_manager_diag.h
Contains API prototypes for the Watchdog Manager diagnostics.