MotoHawk FCCU Reaction Definition

This MotoHawk block allows the developer to specify what faults the microcontroller's Fault Collection and Control Unit (FCCU) will monitor and how it should react when a monitored fault is detected.

Block ID

FCCU Reaction Definition

Library

motohawk_FCCU_lib

Description

This MotoHawk block allows the developer to specify what faults the microcontroller's Fault Collection and Control Unit (FCCU) will monitor and how it should react when a monitored fault is detected. Typically this block is used in conjunction with the Reaction Trigger block, which allows the application to react to a detected fault. The Inject Fault block can be used to induce a fault, which allows functional testing of the application's fault handling to be carried out.

Block Parameters

Core Tab

Parameter Field Values Comments/Description
Name Alpha-numeric text, single quote enclosed Named instance of the behavior. This name shall be used by referencing blocks like the FCCU Reaction Trigger.
Resource Drop-down list A list that includes (None) implies the FCCU is not available for the selected module.
Alarm to Fault Timeout* (ms) Non zero numeric The FCCU enters the ALARM state when it detects a monitored fault that has a reaction that triggers an alarm. The FCCU will issue a reset if the interrupt service routine (ISR) that should execute in response to this fault fails to execute and acknowledge the fault before this timeout expires.
Alarm Service Timeout* (ms) Non zero numeric Specifies the time allowed for all FCCU Reaction Triggers to complete their execution. An Alarm Service Timeout Reset will result if the timeout expires before all the triggers have completed their execution.
Allow parameters marked * to be calibrated Checkbox Allows attributes marked with (*) to be calibrated.
Read Access Level 0-8 Sets security level 0 lowest, 8 highest, for user access to read value
Write Access Level 0-8 Sets security level 0 lowest, 8 highest, for user access to write value
Instrumentation Group Alpha-numeric text, single-quote enclosed Determines Folder name and hierarchy to be used by an Instrumentation Tool. Use "|" character between folder names to delineate subfolder structure.

Fault Reaction Definition Tab

The Fault Reaction Definition tab has a list of collapsible panels, one for each possible fault that the Fault Reaction Definition block could support. Each fault that is not supported by the target module will include (Unsupported) in its name. These faults can still be defined, but they won't be monitored by the FCCU and won't generate code.

Each fault can specify a reaction that will result should the fault be detected, which are summarized below:

Parameter Field Values Comments/Description
Use Fault Checkbox Check to define a FCCU reaction for this fault
Default Reaction Drop-down list The default reaction to be applied to the fault (which may allow subsequent calibration).
Support Calibration Checkbox Allow the Reaction to be calibrated when checked.
Allow Disable Fault Reaction Checkbox Allows the option to calibrate the Disable Fault Reaction for this fault.
Allow Execute Trigger on Detection Checkbox Allows the option to calibrate the Execute Trigger on Detection reaction for this fault.
Allow Execute Trigger then Reset on Detection Checkbox Allows the option to calibrate the Execute Trigger then Reset on Detection reaction for this fault.
Allow Reset on Detection Checkbox Allows the option to calibrate the Reset on Detection reaction for this fault.
Read Access Level 0-8 Sets security level 0 lowest, 8 highest, for user access to read value
Write Access Level 0-8 Sets security level 0 lowest, 8 highest, for user access to write value
Instrumentation Group Alpha-numeric text, single-quote enclosed Determines Folder name and hierarchy to be used by an Instrumentation Tool. Use "|" character between folder names to delineate subfolder structure.

Possible Faults

The FCCU Reaction Behavior can support a number of faults. The following describes some of the faults that the FCCU could detect and that have a MotoHawk implementation.

Disabled Checker Core Fault

Microcontrollers that support a checker core, like the MPC5777C, need to be explicitly enabled. Typically this is a native MotoHawk operation. However an application may expect that the checker core has been enabled and for whatever reason it hasn't. This fault is detected if a checker core exists, but has not been enabled.

A checker core that has been disabled by inappropriate configuration may report a continuous fault that cannot be cleared. A checker core may also report as disabled when the application software has not enabled the core that is to be checked. This is the case for an MPC5777C executing an application that has not been configured for multi-core operation.

To avoid the application from having to continuously service a reaction (because the fault won't clear) it is recommended that a reaction of Disable Fault Reaction is configured for the Disabled Checker Core Fault and that the application poll the fault status via the FCCU Reaction Get Fault Status block. Continuously servicing the reaction to the exclusion of everything may lead to a continuous reset condition that software will not be able to recover from.

Checker Core Lock Step Fault

A checker core runs in lockstep with another core. The FCCU monitors that core's execution and issues a fault if it does not agree with the monitored core's execution.

Core Clocks Frequency Fault

At least one of the primary clocks driving the module's core(s) were detected as not operating within the expected frequency range.

Support Clocks Frequency Fault

Support clocks, like an eTPU clock for example, that are used by the module were detected to be operating outside of the expected frequency range.

Clock Loss of Lock Fault

The PLL and/or oscillator source was lost or lost lock. Silicon manufacturers (e.g. NXP for the MPC5777C) recommend that when this reaction is enabled that the reaction is only configured to be a Reset on Detection reaction.

The code generation may warn or even error if this reaction is enabled, but something other than a Reset on Detection reaction is applied.