| Sl No | Component | Sub Component | Fault / Error | Acceptable Measures | Requirement ID (SW) | Diagnostic API | Additional APIs | Comments |
|---|---|---|---|---|---|---|---|---|
| 1 | CPU | 1.1 Registers | Stuck at | Functional test, or periodic self-test using either: static memory test, or word protection with single bit redundancy |
CPU_REGISTER_RESET_STATE_TESTCPU_CONTROL_REGISTER_TEST
|
DIAG_CPU_RegResetStateTest()DIAG_CPU_ControlRegTest()
|
DIAG_CPU_SelfTest() |
|
| 1.3 Programme counter | Stuck at | Functional test, or periodic self-test, or independent time-slot monitoring, or logical monitoring of the programme sequence |
PROGRAM_COUNTER_TEST |
DIAG_PC_ProgramCounterTest() |
||||
| 2 | Interrupt | Handling and execution | No interrupt or too frequent interrupt | Functional test, or time slot monitoring |
INTERRUPT_FREQUENCY_CHECK |
DIAG_INTERRUPT_FrequencyCheck() |
DIAG_INTERRUPT_ServicingTest()DIAG_INTERRUPT_IsrClearedCheck()DIAG_INTERRUPT_HardTrapTest()DIAG_INTERRUPT_ExternalInputTest()
|
|
| 3 | Clock | Wrong frequency (for quartz synchronized clock: harmonics / subharmonics only) | Frequency monitoring, or time slot monitoring |
FAIL_SAFE_CLOCK_MONITOR_TEST |
DIAG_CLOCK_FscmTest() |
|||
| 4 | Memory | 4.1 Invariable memory | All single bit faults | Periodic modified checksum or multiple checksum, or word protection with single bit redundancy |
FLASH_ECC_SINGLE_DOUBLE_ERROR_DETECTION_TEST |
DIAG_FLASH_SingleDoubleErrorDetectionTest() |
DIAG_FLASH_IntegrityReadPractice()DIAG_FLASH_WriteVerifyPractice()DIAG_FLASH_CRCCalculate()DIAG_FLASH_CRCPractice()
|
|
| 4.2 Variable memory | DC fault | Periodic static memory test, or word protection with single bit redundancy |
SRAM_BIST_TEST orSRAM_ECC_SINGLE_DOUBLE_ERROR_DETECTION_TEST
|
Hardware bit set orDIAG_SRAM_SingleDoubleErrorDetectionTest()
|
DIAG_SRAM_SetSramSingleBitIsrEntryStatus()DIAG_SRAM_SetSramDoubleBitTrapEntryStatus()
|
|||
| 4.3 Addressing (variable & invariable memory) | Stuck at | Word protection with single bit parity including the address | NA | — | External memory | |||
| 5 | Internal data path | 5.1 Data | Stuck at DC fault | Word protection with single bit redundancy. Comparison of redundant CPUs by either: reciprocal comparison, independent hardware comparator, or word protection with multi-bit redundancy including the address, or data redundancy, or testing pattern, or protocol test |
FLASH_ECC_SINGLE_DOUBLE_ERROR_DETECTION_TEST |
DIAG_SRAM_SingleDoubleErrorDetectionTest()DIAG_SRAM_ReplicationWrite()DIAG_SRAM_IsBackedUpDataValid()
|
||
| 5.2 Addressing | Wrong address | Word protection with single bit redundancy including the address. Comparison of redundant CPUs by: reciprocal comparison, independent hardware comparator, or word protection with multi-bit redundancy including the address, or full bus redundancy, or testing pattern including the address | NA | NA | External memory | |||
| 6 | External communications | 6.1 Data | Data corruption of up to Hamming distance 3 | Word protection with multi-bit redundancy, or CRC – single word, or transfer redundancy, or protocol test |
CRC_FUNCTIONAL_TEST |
DIAG_CRC_FunctionalTest() |
||
| 6.2 Addressing | Wrong address | Word protection with multi-bit redundancy including the address, or CRC – single word including the addresses, or transfer redundancy, or protocol test |
CRC_FUNCTIONAL_TEST |
DIAG_CRC_FunctionalTest() |
||||
| 6.3 Timing | Wrong point in time | Time-slot monitoring, or scheduled transmission | NA | NA | Application domain | |||
| Wrong sequence | Logical monitoring, or time-slot monitoring, or scheduled transmission | NA | NA | Application domain | ||||
| 7 | Input / output periphery | 7.1 Digital I/O | Fault conditions specified in Clause H.27 | Plausibility check. Comparison of redundant CPUs by either: reciprocal comparison, independent hardware comparator, or input comparison, or multiple parallel outputs, or output verification, or testing pattern, or code safety |
GPIO_PORTS_INPUT_PRACTICEGPIO_PORTS_OUTPUT_TESTGPIO_ACTIVITY_CHECKGPIO_PPS_OUTPUT_CONNECTION_TESTIO_MONITOR_TEST
|
DIAG_GPIO_InputPractice()DIAG_GPIO_OutputTest()DIAG_GPIO_ActivityCheck()DIAG_GPIO_PpsOutputConnectionTest()DIAG_GPIO_IntegrityMonitorTest()
|
DIAG_GPIO_InterruptGenTest() |
|
| 7.2 Analog I/O | ADC_BOUNDARY_MONITOR_TEST |
DIAG_ADC_BoundaryMonitorTest() |
||||||
| 7.2.1 A/D and D/A convertor | Fault conditions specified in Clause H.27 | Plausibility check. Comparison of redundant CPUs by either: reciprocal comparison, independent hardware comparator, or input comparison, or multiple parallel outputs, or output verification, or testing pattern |
ADC_STARTUP_TESTADC_BOUNDARY_MONITOR_TEST
|
DIAG_ADC_StartupTest()DIAG_ADC_BoundaryMonitorTest()
|
DIAG_UTIL_ADC_RedundantInputsPractice()DIAG_ADC_LinearityMonotonicityTest()
|
|||
| 7.2.2 Analog multiplexer | Wrong addressing | Plausibility check. Comparison of redundant CPUs by either: reciprocal comparison, independent hardware comparator, or input comparison, or testing pattern | Application domain | |||||
| 8 | Monitoring devices and comparators | Any output outside the static and dynamic functional specification | Tested monitoring, or redundant monitoring and comparison, or error recognizing means |
TIMER_FUNCTIONAL_TESTTIMER_LINEARITY_TEST
|
DIAG_TIMER_FunctionalTest()DIAG_TIMER_LinearityTest()
|
Timer can be treated as a comparator of Timing registers Application domain |