MCU Centric * Use Slides 2 through 5, * Then add ONE of the slides
Download
Report
Transcript MCU Centric * Use Slides 2 through 5, * Then add ONE of the slides
Microcontrollers Enabling Safer Designs
Renesas Electronics America Inc.
© 2012 Renesas Electronics America Inc. All rights reserved.
Renesas Technology & Solution Portfolio
2
© 2012 Renesas Electronics America Inc. All rights reserved.
Microcontroller and Microprocessor Line-up
2010
2012
1200 DMIPS, Superscalar
32-bit
Automotive & Industrial, 65nm
600µA/MHz, 1.5µA standby
1200 DMIPS, Performance
Automotive, 40nm
500µA/MHz, 35µA deep standby
500 DMIPS, Low Power
Automotive & Industrial, 90nm
600µA/MHz, 1.5µA standby
165 DMIPS, FPU, DSC
Industrial, 90nm
500µA/MHz, 1.6µA deep standby
165 DMIPS, FPU, DSC
Industrial, 40nm
200µA/MHz, 0.3µA deep standby
8/16-bit
25 DMIPS, Low Power
Industrial & Automotive, 150nm
190µA/MHz, 0.3µA standby
44 DMIPS, True Low Power
10 DMIPS, Capacitive Touch
Industrial & Automotive, 130nm
144µA/MHz, 0.2µA standby
Industrial
& Automotive,
Wide
Format
LCDs 130nm
350µA/MHz, 1µA standby
3
© 2012 Renesas Electronics America Inc. All rights reserved.
‘Enabling The Smart Society’
Challenge:
Increasing requirements for safer operation of equipment.
System-level safety regulations must be considered in the
overall design of electronic-controlled systems
Design Risk
Te = Technology
Solution:
Take advantage of the integration and flexibility of
microcontrollers to simplify design while addressing safety
requirements
Source of diagram: Invensys Operations Management
4
© 2012 Renesas Electronics America Inc. All rights reserved.
Agenda
Introduction to safety
Use of microcontrollers for safer designs
Renesas support for safety standards
Summary
Q&A
5
© 2012 Renesas Electronics America Inc. All rights reserved.
Introduction to Safety
6
© 2012 Renesas Electronics America Inc. All rights reserved.
What is Safety (a.k.a. Functional Safety)?
Part of the overall safety that depends on an active system
operating correctly in response to its inputs
Detect dangerous conditions, and activate corrective
mechanisms to prevent hazardous events
End-to-end in scope: from component to system
7
© 2012 Renesas Electronics America Inc. All rights reserved.
Why Is Safety Important?
Safety to society
Lost productivity from workplace injuries and illnesses: over
$70 billion in 20091
Safer and more reliable products for consumers
Benefits to corporations
“Best places to work” due to lower injury rates
Lower insurance premiums, lesser workers’ compensation
Fewer product recalls
An increasing necessity in electronic controls
Increasing use of software in control systems
1 OSHA
8
(Operational Safety and Health Administration)
© 2012 Renesas Electronics America Inc. All rights reserved.
Functional Safety System View
Process
Level
Designs extends beyond process
Process and machine operates
correctly in response to its inputs
Apply at system-, product- and
component-level
Semiconductor devices that will
help in end-product certification
Machine
Level
Component
Level
Start
Determ ine the
m achine lim its
System-based approach
Risk identification/analysis
Assessment/evaluation
Reduction
RISK
ANALYSIS
Risk Estim ation
Risk Evaluation
RISK
REDUCTION
SAFETY
MEASURES
Is the
m achine
safe?
Reduce Risk
9
© 2012 Renesas Electronics America Inc. All rights reserved.
RISK
ASSESSMENT
End
Risk Analysis Methodologies
Typical techniques
Fault Tree Analysis
Cause and Consequence Analysis
Hazard and Operability Analysis
Failure Mode & Effect Analysis
(FMEA)
– Analyzes single point failures
– Probability of operation
without failure for a specific
length of time
Standards include
recommendations based on
general MCU characteristics
FMEA: Failure Mode & Effect Analysis
10
Input
(speed, torque,
direction, position, etc.)
© 2012 Renesas Electronics America Inc. All rights reserved.
Controller
(MCU)
Power Supply
Power
(IGBT)
Motor
&
Load
Output & Feedback
(torque, speed, temperature, etc.)
Safety Integrity Level (SIL) Classification
SIL
Relative level of risk-reduction provided by the safety function
Statistical representation of the reliability of the safety system
Consequence, frequency of exposure, possibility of avoidance,
probability of occurrence
Higher SIL level = more dependable safety system
11
Safety Integrity
Level
Probability of Failure
on Demand (PFD)
Consequence
Application
Examples
SIL 4
10-5 to 10-4
Many deaths
Rail Switching
SIL 3
10-4 to 10-3
Some deaths
Industrial
Machinery,
Chemical Opns
SIL 2
10-3 to 10-2
Serious injury
Single death
Lathe Machine
SIL 1
10-2 to 10-1
Minor Injury
Office environment
© 2012 Renesas Electronics America Inc. All rights reserved.
Safety Standard Examples
Industry/application-specific standards
Similar development life cycle
General: IEC 61508
Automotive: ISO 26262
Appliances: IEC/UL 60730
Medical:
IEC/UL 60601-1
12
© 2012 Renesas Electronics America Inc. All rights reserved.
Typical Certification Process
Manufacturers can work with certified testing entities, consultants,
or directly with certification institutes
IMQ
(Italy)
Manufacturers:
Incorporate
measures in
VDE
(Germany)
system
LCOE
(Spain)
Perform internal
test and submit
required
documentation
LCIE
(France)
BSI
(UK)
(U.S.)
(U.S.)
13
© 2012 Renesas Electronics America Inc. All rights reserved.
Use of Microcontrollers for Safer Designs
(ex: IEC 60730)
14
© 2012 Renesas Electronics America Inc. All rights reserved.
Design Considerations
System functions
Primary: control main operation of system
Secondary: perform safety functions
Application-specific implementation
Washing machine: motor operation
Oven: temperature control
Modular approach
“Application Code” vs “Safety” code
15
© 2012 Renesas Electronics America Inc. All rights reserved.
Ex: Washing Machine:
• IEC 60730 (Class B) routines
~10% of total code
IEC 60730 Requirements
IEC 60730-1 Class B1 Requirements
Controller’s Module
1
2
3
Fault / Error
Stuck
Interrupt handling and
execution
No interrupt, or too
frequent interrupt
Clock
40 MHz
OCO
CPU
CPU Program counter
2
4
ROM/Flash
All single bit faults
5
RAM
DC Fault
6
External
communication
Failure or not accurate
7
Input/output peripheral
Stuck or not accurate
8
Analog circuits
Failure or not accurate
© 2012 Renesas Electronics America Inc. All rights reserved.
125 kHz
OCO
Program
Flash
ADC
3
Power Module
CLK
Trig
U
U
BLDC
Motor
16-bit Motor
Timer
V
V
M
Shut-off
W
W
7
WDT
Failure or wrong
frequency
4
Motor
Current
8
1
CPU Registers
Note 1: IEC60730-1 Specification Annex H– Table H.11.12.7
16
Ex: Motor System
Data
Flash
5
RAM
Debug
Unit
LVD
Over-current
POR
CLK
LIN
16-bit Timer
6
Host
7
Comp.
1
CPU Test Requirement
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
RAM
Debug
Unit
Example CPU Register Configuration
R2
R2
R3
R3
R0H
R0L
R0H
R0L
R1H
R1L
R1H
R1L
R2
R2 CPU
R3
R3
A0
A0
A1
A1
Program
FBFB
1
ISP
SB
INTBH
Data
Flash
RAM
INTBLDebug
Unit
FLG
40 MHz
OCO
© 2012 Renesas Electronics America Inc. All rights reserved.
16-bit Timer
125 kHz
OCO
LVD
POR
LIN
ADC
Blocks:
General purpose (data,
CLKaddress)
Trig
Program counter
16-bit
Motorpointer
Stack
Timer
Interrupt vector table register
Shut-off
Flag register
Typical test method:
Write test patterns and read
back
16-bit
Timer
CLK
When:
During start-up and
periodically
17
CLK
LIN
Check data integrity
WDT
USP
POR
Purpose:
Flash
PC
Shut-off
LVD
Interrupt Handling Test Requirement
CPU
2
ADC
40 MHz
OCO
125 kHz
OCO
CLK
Program
Flash
Trig
16-bit Motor
Timer
WDT
Data
Flash
RAM
Purpose:
Debug
Unit
Monitor interrupts
Interrupt controllerCPU
and
related dependencies
Typical test methods:
2
RAM
Debug
Unit
ADC
40 MHz
OCO
125 kHz
OCO
Program
Compare occurrence
to
Flash
independent reference timeWDT
base
Data
Track interrupt servicing
Flash
LVD
Periodically1
POR
CLK
LIN
16-bit Timer
Example: Oven Control
Block:
When:
Shut-off
LVD
CLK
Trig
1Min
16-bit Motor
INT
Run_Oven()
Start_Timer
(10 min.)
Timer
Return
Shut-off
1 min. ISR
POR
CLK
LIN
16-bit Timer
10min?
Y
Stop_Oven
TempCheck()
Return
1 Periodic
18
interrupts
© 2012 Renesas Electronics America Inc. All rights reserved.
Clock Test Requirement
CPU
ADC
40 MHz
OCO
3
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
Frequency
Purpose:
Supervise frequency of main
system clock
Block:
Main system clock
CPU
Typical test methods:
Periodically
RAM
Debug
Unit
19
© 2012 Renesas Electronics America Inc. All rights reserved.
POR
CLK
LIN
16-bit Timer
3
Operating
FrequencyCLK
125 kHz
Compare to
within MCU
WDT
Use signals external
to
MCU
Data
When:
Debug
Unit
Shut-off
LVD
ADC
40 MHz
OCO Normal
OCO
Program
reference clock
Flash
Flash
RAM
Trig
16-bit Motor
Timer
Time
Shut-off
LVD
POR
CLK
LIN
16-bit Timer
Use 32kHz sub-clock as
reference
Use 50Hz signal from mains
supply (zero-cross detection)
ROM/Flash Test Requirement
CPU
125 kHz
OCO
4
ADC
40 MHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
RAM
Purpose:
Debug
Unit
Check integrity of data in
non-variable memory
Block:
CPU
ROM or Flash-based memory
Typical test methods:
Perform CRC
When:
4 Program
Flash
Data
Start-up and periodically
Flash
RAM
Debug
Unit
ADC
40 MHz
OCO
125 kHz
OCO
CLK
Trig
16-bit Motor
Timer
WDT
Shut-off
1110110111
LVD
POR
CLK
LIN
16-bit Timer
Generate an interrupt
Request !!!
20
© 2012 Renesas Electronics America Inc. All rights reserved.
Shut-off
LVD
POR
CLK
LIN
16-bit Timer
RAM Test Requirement
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
1
Purpose:
MCU RAM
Check integrity of data in
variable memory
Block:
RAM
CPU
125 kHz
OCO
Program
Write test patterns
and read
Flash
back
WDT
Destructive or non-destructive
Data
Flash
LVD
Start-up & periodically
5 RAM
POR
Debug
Unit
21
© 2012 Renesas Electronics America Inc. All rights reserved.
LIN
CLK
5
MCU RAM
ADC
40 MHz
OCO
RAM used
Typical test method:
When:
2
Data
Flash
RAM
Debug
Unit
RAM area
to test
Trig
RAM used
RAM used
RAM used
3
4
16-bit Motor
Timer
Shut-off
MCU RAM
Shut-off
LVD
POR
CLK
LIN
16-bit Timer
Copy
RAM area
MCU RAM
CLK
March X
16-bit Timer Test on the
selected
area
RAM used
RAM used
RAM used
RAM used
Copy back
RAM area
External Communication Test Requirement
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
Shut-off
LVD
RAM
Purpose:
Debug
Unit
CPU
Communication interfaces
ADC
40 MHz
OCO
Typical test methods:
UART
CLK
Trig
125 kHzMCU
OCO
Data Bus
or checksum
Program
16-bit Motor
Flash (ex:
detection
Timer
RAM
Motor control
WDT
Board
Data
Shut-off
Flash
CRC
LVD
Periodically during
RAM
communication
Debug
Unit
22
16-bit Timer
Modular-Architecture
Block(s):
When:
CLK
LIN
6
Check integrity of
communication data
Perform CRC
Built-in error
LIN)
POR
© 2012 Renesas Electronics America Inc. All rights reserved.
6
POR
CLK
LIN
16-bit Timer
Main
System
Board
Serial I/F
Input/Output Peripheral Test Requirement
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
7
16-bit Motor
Timer
WDT
Data
Flash
RAM
Purpose:
Debug
Unit
Monitor state and timing of
critical I/O signals
Blocks:
CPU
ADC
40 MHz Ex: MCU Controlling
a Motor System
OCO
I/O Ports
125 kHz
Peripherals (ex: PWM Timer)
Typical test
Program
methods:
Flash
Check state of output by
loop-back
Data
Compare timing ofFlash
output
using input captureRAM
When:
Periodically
23
Debug
Unit
© 2012 Renesas Electronics America Inc. All rights reserved.
PWM /
Output
CLK
Compare
Trig
Power
stage
OCO
16-bit
MCU
Motor
Timer
WDT
LVD
7
Input
Shut-off
Compare
timer
POR
CLK
LIN
16-bit Timer
Tachometer inputs
Shut-off
LVD
7
POR
CLK
LIN
16-bit Timer
8
Analog Peripheral Test Requirement
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
RAM
Purpose:
Debug
Unit
Detect malfunction or
inaccuracy in analog
peripherals
CPU
Blocks:
A/D converter
D/A converter Program
Flash
Analog comparators
Typical test methods:
Data
functionalityFlash
with
Check
stable reference voltage
RAM
Connection of D/A to A/D
When:
Debug
Unit
Periodically
24
© 2012 Renesas Electronics America Inc. All rights reserved.
8
ADC
40 MHz
OCO
125 kHz
OCO
CLK
16-bit Motor
Timer
Shut-off
LVD
POR
CLK
LIN
16-bit Timer
Ex: A/D Testing
Trig
WDT
Shut-off
LVD
Renesas
MCU
AD
Converter
Channel 0 Channel 1
POR
CLK
LIN
16-bit Timer
External
Reference
(ex: Diode)
Analog
Signal
Renesas Support for Safety Standards
25
© 2012 Renesas Electronics America Inc. All rights reserved.
Hardware Safety Features Example
RX21A
Memory
Zero-Wait Flash
up to 1MB
Safety
SRAM
up to 128KB
Data Flash
up to 64KB
CRC
Clock system
External Clock
System
20MHz
Event Link
Controller
External Clock
Multi-pin
Function Cont.
Internal OCO
Data Mgmt.
DTC/DMA
Interrupt Contrl.
16 levels 9 pins
POR/LVD
Memory Protection
Unit (MPU)
32.768KHz
Up to 50MHz
Internal LOCO
125KHz x 2
PLL
Timers
Analog
MTU2
16-bit 6 ch
TMR
8-bit 4 ch
ADC
10-bit, 7ch
ADC
24bit ∆∑ + PGA
DAC
10-bit 2ch
Comparator
4ch
CMT
16-bit 4 ch
RTC
Communication
Calendar
AES
I2C
7 x Simple I2C
WDT
External Bus
SCI/UART
7 ch
Power Management
SPI
SLEEP, STOP,
STANDBY
USB
Temp. Sensor
Safety
26
© 2012 Renesas Electronics America Inc. All rights reserved.
Data Operating
Circuit (DOC)
Register
Write Protection
Independent
WDT
Clock Accuracy
Check (CAC)
ADC
Self-Diagnostics
Hardware Safety Features Example (2)
Safety
CRC
Memory & General
RL78/G14
Memory
Clock system
Program Flash
External Clock
up to 256KB
20MHz
SRAM
External Clock
up to 24KB
32.768KHz
Data Flash
Internal OCO
up to 8KB
RAM
Parity Error Check
RAM Guard
Function
Register Write
Protection
Up to 64MHz
Internal LOCO
System
15KHz
DTC
Timers
Interrupt Controller
4 Levels, 20 pins
POR, LVD
Event Link
Controller
Debug
Single-Wire
Power Management
HALT, STOP,
SNOOZE
Communication
2 x Timer Array
16-bit, 4ch
Analog
2 x I2C
ADC
Master / Slave
10-bit, 20ch
8 x I2C
DAC
12-bit, 1ch
Master-only
8-bit, 2ch
RTC
8 x CSI/SPI
Interval Timer
Calendar
7-, 8-bit
Comparator
2ch
3-phase Motor
Timer
4 x UART
Internal Vref.
Encoder Timer
1 x LIN
16-bit, 1ch
Timer RJ
16-bit , 1ch
7-, 8-, 9-bit
Invalid Memory
Access Detection
ECC Flash Memory
Window
WDT
Clock
Frequency Check
Temp. Sensor
1ch
ADC
Test Function
Safety
Digital Output
Level Detection
27
© 2012 Renesas Electronics America Inc. All rights reserved.
Data Operation Circuit (DOC): RAM Test
Three Operation Modes: Comparison, Addition, Subtraction
RAM
Internal Data Bus
Internal
Data Bus
CPU
Internal
Data Bus
DMAC
DOC
2
DODIR
3
Compare
Data
Circuit
Interrupt
Control
4
DODSR
1
DOCR
28
© 2012 Renesas Electronics America Inc. All rights reserved.
High-speed HW CRC: Flash Memory Test
16-bit CCITT-16 CRC fixed polynomial:
G(x)=X^16+X^12+X^5+1
Operates on N x 16KB instruction flash memory boundaries
Speed:
Ex: 512us for 64KB (@32MHz)
29
© 2012 Renesas Electronics America Inc. All rights reserved.
Clock Accuracy Check (CAC): Clock Test
Monitoring:
Main, Peripheral and WDT
clocks
Reference clock
selection:
Internal or external
Reference
clock
MCU
Operating
clock
Clock
Selector for
Reference
Signal
Generation
Edge
Detection
Interrupts:
Measurement, frequency
error, Overflow
Valid edge
signal
Clock
Selector for
Frequency
Measurement
16bit counter
Comparator
CAUBVR
30
© 2012 Renesas Electronics America Inc. All rights reserved.
CALBVR
Interrupt
control
ADC Input Disconnect Detection: ADC Test
Enables detection of analog input disconnection
Off
Discharge
inside of MCU
On
Analog input
ANn
Sensor input
Disconnection
Precharge
control signal
On
Precharge
Sample external circuit*1
Off
Discharge
control signal
Precharge
control signal
Discharge
control signal
R=1MΩ
Precharge
outside of MCU
Discharge
Discharge
outside of MCU
R=1MΩ
Precharge
inside of MCU
Sampling capacitor
Disconnection
MCU
Analog input
ANn
Sampling capacitor
MCU
1
Sample external circuit*
Fixed to 30 ADCLK cycles
ADST
Analog i/p Analog i/p
SW OFF
SW ON
A/D conversion
Sampling time
Disconnection detection
assisting time (0 to 15 ADCLK cycles)
31
© 2012 Renesas Electronics America Inc. All rights reserved.
Analog i/p
SW ON
Conversion time
Analog i/p
SW ON
Analog i/p
SW OFF
Sampling time
Disconnection detection
assisting time (0 to 15 ADCLK cycles)
Conversion time
Output Port Level Detection: I/O Test
PMS (Port Mode Select Register)
PMS0 = 0: Output latch value is read
PMS0 = 1: Digital output level of P06 is read
32
© 2012 Renesas Electronics America Inc. All rights reserved.
Memory Protection Unit (MPU)
Eight different memory protection regions
Programmable attributes:
Read, Write, Execute
CPU
Instruction Address
Operand Address
Background region
Match
Region 1
MPU
Logic Control
8 regions
Address Registers
Hit
Attribute Registers
33
© 2012 Renesas Electronics America Inc. All rights reserved.
User
Supervisor Mode
Memory
Protection Error
Flash Memory with ECC Support
Fully automated: Transparent to application code execution
Original 32-bit Value
6-bit ECC
Flash Write
38-bit word stored in Flash
ECC Encryption
Logic
Flash Read
ECC Decryption
Logic
Decoded 32-bit Value
34
© 2012 Renesas Electronics America Inc. All rights reserved.
RAM Parity Error Check
Fully automated: Transparent to application code execution
RAM Byte
b b b b b b b b P
7 6 5 4 3 2 1 0
Addr
0 1 0 1 0 1 0 1 0
Addr + 1
0 1 1 1 1 1 1 1 1
Addr + 2
1 1 1 1 1 0 0 0 0
|
.
.
.
.
.
.
.
.
.
|
.
.
.
.
.
.
.
.
.
Addr + n
1 1 1 0 1 1 0 1 0
Addr + n + 1
1 1 1 1 1 1 1 1 1
Addr + n + 2
0 0 0 0 0 0 0 1 0
- Parity calculated on Write
- Parity checked on Read,
Parity error
Addr x
1 0 1 0 1 0 1 0 1
Single-bit error due to:
- EMI, ESD
- HW failure
35
© 2012 Renesas Electronics America Inc. All rights reserved.
Renesas MCU Tools for Safety Compliance
IDE compatible with “safety” utilities:
Compatible with MISRA C rule checker tools
“Fault-injection” tools
Compatible with version control tools
On-chip Debug Emulators
Comprehensive on-chip debugging
Advanced Emulator functions
Real-time tracing
Coverage
Extensive support for 3rd-party software tools
Integrated Development Environment
36
© 2012 Renesas Electronics America Inc. All rights reserved.
High-performance In-circuit Emulators
Certified Self-test Routines (IEC 60730)
VDE-certified self-test routines:
Self-test routines
CPU, ROM/Flash and RAM
CRC16-CCITT, March C,
March X
Clock
Supports focused MCU
families
RX600, RX200, RL78, R8C
Application Notes
Benchmark results: code size
and clock cycle count
Development tool
environment / settings
37
© 2012 Renesas Electronics America Inc. All rights reserved.
Functional Safety Kit (IEC 61508)1
Prequalified devices/tools toward functional safety compliance
Fulfill safety standards IEC 61508
Target both SIL2 and SIL3 safety systems
High/continuous mode (HD/CM) of operation
Development of SW core self test (CST)
TUV qualified
Complete Safety Documentation
Safety plan and Safety architecture (SA)
Safety requirement spec (SRS)
Conditions of use (CoU)
High-level FMEA (HL-FMEA)
Safety manual (SM)
1 Under
38
development
© 2012 Renesas Electronics America Inc. All rights reserved.
Ecosystem Partners & Experts on Safety
Safety partners reduce certification
risk and time to market
Safety lifecycle management
Risk assessment
SIL selection and verification
Conceptual design
Proof test procedures
Auditing
Functional
Safety
Consultant
Certification
Body
Renesas
Experts in MCU integration
System-level HW/SW design
expertise to build functional
algorithms, hardware integration,
etc.
39
© 2012 Renesas Electronics America Inc. All rights reserved.
Consortia
Design
Services
Partner
Summary
Growing need for higher safety
Different standards, similar design methodologies
Different ways to implement safety mechanisms
Renesas’ solutions to safety requirements:
Comprehensive device solutions with hardware-assisted safety
features
Software and tools to help you design robust safety systems
Complete safety partner network reduces time to market and
risk
40
© 2012 Renesas Electronics America Inc. All rights reserved.
Questions?
41
© 2012 Renesas Electronics America Inc. All rights reserved.
‘Enabling The Smart Society’
Challenge:
Increasing requirements for safer operation of equipment.
System-level safety regulations must be considered in the
overall design of electronic-controlled systems
Solution:
Take advantage of the integration and flexibility of Renesas
microcontroller-based solutions to address safety requirements
for a wide range of applications.
42
© 2012 Renesas Electronics America Inc. All rights reserved.
Renesas Electronics America Inc.
© 2012 Renesas Electronics America Inc. All rights reserved.
Hardware Safety Features Summary
HW Feature
44
RX600
RX200
RL78
MPU (Memory
Protection Unit)
-
Invalid Memory Access
Detection
RAM Test or Parity
Error Check
SFR write protection
ECC Flash Memory
-
-
CRC
Clock stop or frequency
detection
ADC self diagnostics
GPIO status check
-
-
© 2012 Renesas Electronics America Inc. All rights reserved.
Introduction to IEC 60730-1 Regulation
Introduced in 1999 under IEC 60335-1
Safety Norm for Electronic Controls in Household Appliances
Effective since October 2007 in Europe
Safety Norm for
Electrical Appliances
(General)
IEC 60335-1
Control not related
Class ‘A’
to safety of
equipment Ex: Light Switch
Control to
prevent unsafe
operation
Control dedicated
to prevent special
hazards
45
Class ‘B’
Ex: Washing Machine
Class ‘C’
Ex: Gas Burners/Boilers
© 2012 Renesas Electronics America Inc. All rights reserved.
IEC 60730-1
Safety
Norm
Specific to
Automatic
Electronic
Controls
RAM Test Requirement (2)
CPU
ADC
40 MHz
OCO
125 kHz
OCO
Program
Flash
CLK
Trig
16-bit Motor
Timer
WDT
Data
Flash
5
Single cell:
Debug
Unit
SAF, SOF, TF, DRF
Coupling:
CFin, CFid, CFst
Decoding:
AF
Fault type
SAF’s
TF’s
AF’s
CFin’s
CFid’s
CFst’s
MARCH X
test
100%
100%
100%
100%
50%
62.5%
Complexity
6n
16KB
RAMof cells in memory
n: number
9.6ms
test timing
46
RAM
MARCH Ctest
100%
100%
100%
100%
100%
100%
10n
16ms
© 2012 Renesas Electronics America Inc. All rights reserved.
MARCH C:
Start-up
MARCH X:
Periodically
Shut-off
LVD
POR
CLK
LIN
16-bit Timer