-
Notifications
You must be signed in to change notification settings - Fork 1
FDIR
Grzegorz Gajoch edited this page Nov 2, 2016
·
7 revisions
In this documents possible faults should be adressed and anaylsed in their consequences and possible solutions.
Possible problems:
- no sign of error (SEU in usused part of memory),
- faulty calculations (SEU in constant part),
- not executing part of the code correctly,
- total loss of subsystem (e.g. processor get stuck, not responding to any command)
Mitigation:
- some kind of bootloader which have smaller memory footprint (probablity of failure is much lower) which will load data from external memory (flash/fram) with some voting (e.g. majority out of 5).
- in case of fuse-bits processor could boot no more - there is no known mitigation scheme for this - but probability of this event is very low (fuse bits are 3 8-bit registers)
Possible problems:
- no sign of error (SEU in usused part of memory),
- faulty calculations (invalidating calculations),
- stack corruption,
- processor hangs, gets into inifinite loop etc
Mitigation:
- watchdog should periodically check if processor is alive,
- in case of "wrong" calculations processor should be reset to recalculate everything
- processor should be rebooted every TBD hours to prevent errors to build up
Notes: in AVR devices user code cannot access flash memory - no in case of sram corruption flash will be untouched.
Possible problems:
- no sign of error (SEU in usused part of memory),
- peripherials won't respond/will respond with incorrect results,
- processor hangs, gets into inifinite loop etc
Mitigation:
- watchdog should periodically check if processor is alive,
- in case of "wrong" calculations processor should be reset to recalculate everything
- processor should be rebooted every TBD hours to prevent errors to build up
Notes: every control register