 |
|
|
This MotoHawk block allows the developer to specify what faults the microcontroller's Fault Collection and Control Unit (FCCU) will monitor and how it should react when a monitored fault is detected.
FCCU Reaction Definition
motohawk_FCCU_lib
This MotoHawk block allows the developer to specify what faults the microcontroller's Fault Collection and Control Unit (FCCU) will monitor and how it should react when a monitored fault is detected. Typically this block is used in conjunction with the Reaction Trigger block, which allows the application to react to a detected fault. The Inject Fault block can be used to induce a fault, which allows functional testing of the application's fault handling to be carried out.
| Parameter Field | Values | Comments/Description |
|---|---|---|
| Name | Alpha-numeric text, single quote enclosed | Named instance of the behavior. This name shall be used by referencing blocks like the FCCU Reaction Trigger. |
| Resource | Drop-down list | A list that includes (None) implies the FCCU is not available for the selected module. |
| Alarm to Fault Timeout* (ms) | Non zero numeric | The FCCU enters the ALARM state when it detects a monitored fault that has a reaction that triggers an alarm. The FCCU will issue a reset if the interrupt service routine (ISR) that should execute in response to this fault fails to execute and acknowledge the fault before this timeout expires. |
| Alarm Service Timeout* (ms) | Non zero numeric | Specifies the time allowed for all FCCU Reaction Triggers to complete their execution. An Alarm Service Timeout Reset will result if the timeout expires before all the triggers have completed their execution. |
| Allow parameters marked * to be calibrated | Checkbox | Allows attributes marked with (*) to be calibrated. |
| Read Access Level | 0-8 | Sets security level 0 lowest, 8 highest, for user access to read value |
| Write Access Level | 0-8 | Sets security level 0 lowest, 8 highest, for user access to write value |
| Instrumentation Group | Alpha-numeric text, single-quote enclosed | Determines Folder name and hierarchy to be used by an Instrumentation Tool. Use "|" character between folder names to delineate subfolder structure. |
The Fault Reaction Definition tab has a list of collapsible panels, one for each possible fault that the Fault Reaction Definition block could support. Each fault that is not supported by the target module will include (Unsupported) in its name. These faults can still be defined, but they won't be monitored by the FCCU and won't generate code.
Each fault can specify a reaction that will result should the fault be detected, which are summarized below:
| Parameter Field | Values | Comments/Description |
|---|---|---|
| Use Fault | Checkbox | Check to define a FCCU reaction for this fault |
| Default Reaction | Drop-down list | The default reaction to be applied to the fault (which may allow subsequent calibration). |
| Support Calibration | Checkbox | Allow the Reaction to be calibrated when checked. |
| Allow Disable Fault Reaction | Checkbox | Allows the option to calibrate the Disable Fault Reaction for this fault. |
| Allow Execute Trigger on Detection | Checkbox | Allows the option to calibrate the Execute Trigger on Detection reaction for this fault. |
| Allow Execute Trigger then Reset on Detection | Checkbox | Allows the option to calibrate the Execute Trigger then Reset on Detection reaction for this fault. |
| Allow Reset on Detection | Checkbox | Allows the option to calibrate the Reset on Detection reaction for this fault. |
| Read Access Level | 0-8 | Sets security level 0 lowest, 8 highest, for user access to read value |
| Write Access Level | 0-8 | Sets security level 0 lowest, 8 highest, for user access to write value |
| Instrumentation Group | Alpha-numeric text, single-quote enclosed | Determines Folder name and hierarchy to be used by an Instrumentation Tool. Use "|" character between folder names to delineate subfolder structure. |
The FCCU Reaction Behavior can support a number of faults. The following describes some of the faults that the FCCU could detect and that have a MotoHawk implementation.
Microcontrollers that support a checker core, like the MPC5777C, need to be explicitly enabled. Typically this is a native MotoHawk operation. However an application may expect that the checker core has been enabled and for whatever reason is hasn't. This fault is detected if a checker core exists, but has not been enabled.
It should also be noted that the checker core may report as disabled because the software has not enabled the core that is to be checked. This is the case for an MPC5777C executing an application that has not been configured for multi-core operation. It is not possible to clear the fault in such a situation so a Disable Fault Reaction combined with the application polling the fault status might be the most appropriate way to handle this fault.
A checker core runs in lockstep with another core. The FCCU monitors that core's execution and issues a fault if it does not agree with the monitored core's execution.
| Copyright 2018 Woodward Corporation. All Rights Reserved. | Visit Us: mcs.woodward.com |