1 How to maintain safety and reliability in your MCU design
SILICA Linecard
Core n More Differentiators MCU Linecardfocusedon leading technologies European Software Support Team Strong partnershipwith MCU manufacturers Proventrackrecordof software project support More than70 certifiedmcu Field Application Engineers Support throughoutthetool Chain, full Asset support 150 technical trained Account Managers Network of 3rd party tool and module vendors
Semiconductor Vendor Rankings CY 2009 MicrocontrollerShipments Europe : CY 2009Ranking 1 st 765 434 395 305 298 226 186 173 147 75 Renesas Electronics Freescale Samsung Infineon ST NXP TI Microchip Atmel Fujitsu Revenue in Millions of US-$ Source: Gartner Group, March 2010 Combineddataof RTE & NEC EE 4
Renesas Product Portfolio Strategic Microcontroller CLCD ASIC & ASSP Peripheral USB Gate Array LCD Driver RF/MW Discrete Memory J-FET Op Amp Comparator NNSAD NNCD Sig. MOS B-IPD Photo-coupler Power MOS MR Sensor Regulator Bipolar Tr. 5
Renesas IBG Product/Core Line up 600MHz 32-Bit Worldwide number one MCU supplier! SH-4A (600 MHz) Providing a choice to optimise 200MHz Performance 16-Bit 8-Bit Performance Cost Power consumption Re-use of existing IP You can always select the optimal solution Common IP and pinout R32C (64 MHz) M16C (32 MHz) R8C (20 MHz) H8SX (50 MHz) H8S (35 MHz) H8 (20 MHz) Common IP Common IP and pinout SH-2, SH-2A (200 MHz) RX600 (100 MHz) RX200 (50 MHz) RL78 (32 MHz) Common IP and pinout V850E2 (64-200 MHz) V850E (64-128 MHz) V850ES (20-50 MHz) 78K0R (20-32 MHz) 78K0 (20 MHz) 78K0S (10 MHz) Common IP and pinout available 100MHz 64MHz 50MHz 32-35 MHz 20MHz 6
Safety and Reliability Today, as automatic electronic controls systems continue to expand into many diverse applications, the requirement of reliability and safety are becoming an ever increasing factor in system design. For example, the introduction of the IEC 60730 safety standard for household appliances requires manufactures to design automatic electronic controls that ensure safe and reliable operation of their products. 7
Introduction to IEC 60730-1 Regulation Introduced in 1999 under IEC 60335-1 Safety Norm for Electronic Controls in Household Appliances Effective since October 2007 in Europe Safety Norm for Electrical Appliances (General) IEC 60335-1 Control not related to safety of equipment Control to prevent unsafe operation Class A Ex: Light Switch Class B Ex: Washing Machine IEC 60730-1 Safety Norm Specific to Automatic Electronic Controls Control dedicated to prevent special hazards Class C Ex: Gas Burners/Boilers 8
Introduction to IEC 60730-1 Regulation Manufacturers of Household Appliances must work with certification institutes to get approval for IEC 60730-1 compliance Appliance Manufacturers: Incorporate measures in system Perform internal test and generate a test VDE (Germany) IMQ (Italy) LCOE (Spain) LCIE (France) BSI (UK) report IEC 60730-1 (U.S.) 9
IEC60730-1 Class B : Major Applications Impacted Over 160M units of Major Household Appliances shipped in EU & U.S. in 2010 Over 350M units/yr worldwide Product Examples Fans, Heating elements Compressors Motors Estimated 15% annual increase in use of electronics Pumps, Valves Source: IMS Worldwide Market for the Major Home Appliances May 2011 & Renesas estimates 10
IEC60730-1 Key Requirements IEC 60730-1 Class B 1 Requirements MCU Controlling Motor System 1 CPU Registers 2 CPU Program counter Interrupt handling and execution 3 Clock Controller s Module Stuck Fault / Error No interrupt or too frequent interrupt Failure or Wrong frequency 4 ROM/Flash All single bit faults 5 RAM DC Fault 6 External Communication Failure or not accurate 7 Input/output peripheral Stuck or not accurate 8 Analog Circuits Failure or not accurate 4 5 1 CPU Progra m Flash Data Flash RAM Debug Unit 2 40 MHz OCO 125 khz OCO WDT LVD POR LIN 6 3 8 CLK ADC Trig 16-bit Motor Timer CLK Shut-off 16-bit Timer 7 Over-current 7 Motor Current Power Module U U V V W W Comp. BLDC Motor M Note 1: IEC60730-1 Specification Annex H Table H.11.12.7 11
IEC60730-1 Class B : MCU on-chip support Independent Watch Dog Voltage level detection CRC module A/D Self-diagnosis Error Correction Unit RAM parity Error Registers Write Protection DOC for RAM March Tests CAC for Clock monitoring GPT for clock monitoring Illegal memory access detection ELC for IEC 60730-1 12
On-chip modules benefits: low BOM costs Reduce system BOM by eliminating external components Voltage monitoring & regulators on-chip Internal Reset on-chip and independent Watch Dog with time window monitoring Data flash on-chip to store safety related parameters RAM parity check on-chip to secure global variables: VDE approved Clock Monitoring on-chip to detect any deviation & failures Error Correction Code for Flash to ensure code flash integrity: VDE approved EEPROM Supply Savings of ~ 0.4 Regulator IC Reset IC Supply REG LVD POR DATA FLASH CODE FLASH RL78 CPU SRAM Vcc/2 A/D Self-diagnosis Error Correction Code RAM parity error Clock monitoring Zero crossing AC 50/60Hz GND IWDT PERIPHERALS GND 13
On-chip modules benefits: Low CPU load CPU load for safety check strongly reduced CRC module: 1ms only to check 64KB flash DOC module: only 1ms to check 1KB to perform MARCH X test CAC module: clock check done in h/w POE module: handle external failure in real-time ELC module: ensure real-time operations of test process No CPU interruption during tests CPU load reduced by 30% REG DATA FLASH RX200 CPU LVD POR A/D Self-diagnosis CODE FLASH CRC module ELC DOC RAM check CAC Clock check IWDT PERIPHERALS POE Fault management 14 DOC: Data Output Control CAC: Clock frequency Accuracy measurement Circuit ELC: Event Link Controller
On-chip modules benefits: higher safety level High safety level for Class B and Class C software. MPU : h/w firewall for safety related & non-safety related s/w DTC: Periodical tests easily performed in h/w External Error handle via I/O port check REG DATA FLASH RX600 CPU LVD POR CODE FLASH SRAM A/D Self-diagnosis CRC module MPU DTC I/O port check PERIPHERALS POE Fault management MPU: Memory Protection Unit DTC: Data Transfer Control 15
16 On-chip modules benefits: higher safety level
Certification? High SW and HW values for Renesas customers No need to re-certify safety s/w block (Savings ~ 10K) High Bill Of Material costs (Savings ~ 0.4 per device) Reduce development time (Savings ~ 3 Man Month 17
IEC60730-1 Class B : Renesas s/w support ALU/CPU checks RAM March tests Flash check Clock Check A/D plausibility check Renesas MCU + certified software package are the perfect solution to ensure Class B software certification for you appliances. S/w is Misra compliance and is easy to integrate into your own project Please download AN, Source code & certificate from www.renesas.eu Enter the file name you wish: e.g. an_r01an0654eg_rx62t_apl.zip 18
IEC60730-1 Class B : Renesas s/w support
IEC60730 RX200 have hardware support for the following 16bit CRC module Port Output Enable Oscillator Stop Detect Frequency monitoring March-X RAM cells test Assist Reset (s/w & h/w) + reset status registers I/O read-back registers (output level consistency) A/D converter including self-diagnosis Internal voltage reference and analog comparator Special function registers protection Watchdog timer with internal oscillator & min and max timeout 20
RX210 Group 20 ns Rx200 32-bit CPU Core 50 MHz, 2.7 5.5v 32 MHz 1.8 5.5v 20 MHz 1.62 5.5v 50 MHz High speed oscillator 125 khz Low speed oscillator 32 khz sub-system oscillator PLL On Chip Memory 128-512 kbytes on chip Flash 8 kbytes EE dataflash ( 100k w/e ) 16-64k kbytes on chip SRAM Timers MTU2 6 ch x 16-bit complex timer CMT 4 channel 16-bit counter module TMR 4 channel 8-bit timer module RTC Real Time Clock calendar with calibration, tamper and alarm function Watchdog Timer with window & reset out Serial I/O 6 x SCI, ( with simple SPI, simple I 2 C ) 1 x SCIX, (LIN, simple SPI, simple I2C ) Multi-master I 2 C interface RSPI Interface with CS Analogue I/O 16 channel 1 µs 12-bit A/D converter 2 channel 10-bit DAC 4 channel comparator Digital I/O 84 I/O pins and 1 input only pin POR & LVD Other DMAC, DTC, ELC, MPC, CRC, Temp sensor, POE Interrupts NMI & 8 IRQ Packages 64-100 pin LQFP 100 pin LGA Temperature Ranges -40 -> +85 degrees C -20 -> +105 degrees C 21
RX200 Unique Peripherals 22
RX200 Flash Memory Single cycle operation 1.62 5.5v read, program & erase 10k write / erase cycles Low power operation modes High speed program and erase Command based programming using hardware sequencer Supports erase suspend function Up to 256 small blocks ( 2 kbyte ) Programs 2, 8 or 128 bytes Supports multiple programming modes SCI boot mode User boot mode User program mode PROM mode Multiple flash protection modes 2KB 2KB 2KB 2KB 2KB 2KB 2KB 2KB RX200 2KB code Erase/Write time: Approx.36ms 23
Rx200 Clock Accuracy Check Clock Source Main External Clock Clock Source HOCO Clock Source LOCO Clock Source SUB (32.768KHz) Reference clock MCU operating clock Clock Accuracy Check Function Fc max Fc min Interrupt :Set max value of normal frequency :Set min value of normal frequency Clock Source External (*1) Select clock source *1 example. AC Zero-cross Reference clock MCU Operating clock Count MCU operating clock in 1 cycle of reference clock Count value > Fc max? Count value < Fc min? Interrupt 24
CRC-16 Module The features of the CRC operation circuit are listed below. CRC code generated for any desired data length in an 8-bit unit CRC operation executed on eight bits in parallel One of three generating polynomials selectable CRC code generation for LSB-first or MSB-first communication selectable Internal bus CRCCCR CRCDIR CRCDOR (16bits) Control Signal CRC code generation circuit The CRC operation circuit has the following registers. CRC control register (CRCCR) CRC data input register (CRCDIR) CRC data output register (CRCDOR) 16bits The following CRC Generating Polynomial is supported. X 8 + X 2 + X + 1 X 16 + X 15 + X 2 + 1 X 16 + X 12 + X 5 + 1 25
Data Transfer Controller (DTC) The DTC is a flexible peripheral that allows data transfer triggered by interrupt or software An arbitrary number of channels can be set Multiple data transfers can be started by one trigger (Chain transfer) The DTC supports the same transfer modes as the DMAC Normal mode Repeat mode Block transfer mode 2ch 1ch DTC basic concept Physical Virtual Built-in RAM 0A ch0 DMAC DTC Transfer 128 bytes data from address H FFE800 to H FFEB00 0B ~ chxx CPU operation H 2000 H 9000 A B C Data transfer instruction1 Data transfer instruction2 Data transfer instruction3 Data transfer instruction1 Data transfer instruction2 Generalpurpose register DTC used H 2000 A H 9000 B DTC C Data transfer instruction3 CPU When 128 bytes data are transferred by byte transfer instruction, a total of 256 instructions are executed CPU is used in this data transfer period, so response time is poor. After initial value of DTC (transferred address etc.) is set and activated, 128 bytes data is automatically transferred, so CPU isn t used during data transfer. 26
RX200 Data Operation Circuit The Data operation Circuit provides the ability to generate an interrupt from the result of a simple arithmetic operation between two pieces of data. When combined with the DTC/DMAC this allows a wide variety of operations to be managed without CPU intervention Addition, subtraction or comparison can be made between two pieces of data and an interrupt generated depending on the result Interrupt can be generated on result, match or mismatch, over h FFFF or under h 00 When combined with the DTC/ DMAC many useful functions can be implemented without CPU intervention March X function SCI address match ADC level comparison alarm..and many more CPU Compare Data DODIR DMAC DTC Internal bus Comparison Data DODSR DOCR Data Operation Circuit CPU Interrupt 27
RX200 DOC & DTC application example ADC in scan mode, samples 4 input channels, and DTC ( chain mode ) & DOC used to check for alarm condition automatically on the result After initialisation, no CPU involvement unless there is an alarm condition DTC transfer request generated by scan mode completion interrupt and 8 transfers of ADC data and alarm value transferred to DOC byt DTC ( chain mode ) sequentially to check for alarm condition Threshold levels programmable and held in SRAM No software development required apart from initilisation routine and ISR ADC Input DTC ADC Results Channel_0 Channel_1 Channel_2 Channel_3 SRAM DTC Table ADC_DTC DTC-Chain DOC Comparison Data Channel_0 Channel_1 Channel_2 Channel_3 ADC DOC CPU Interrupt 28
RX200 Event Link Controller The Event Link Controller ( ELC ) is a control circuit to assign interrupt signals generated by built-in functions such as timer, SCI, external interrupts, etc. as start triggers of other built-in functions. The ELC can reduce interrupt processing requirements by directly connecting peripherals The ELC can improve real time operation by removing the need for interrupt service routines or reducing the processing time required to process interrupts The ELC can reduce program size as the number and size of the Interrupt Service Routines can be reduced The ELC allows the direct control of I/O ports and built in event timers Interupt ELC 3cyc 7cyc 2 cyc more (cyc) 29
RX200 Event Link Controller Automatically triggers peripherals from hardware events Events generated by Timers, Serial, ADC, I/O, Interrupts etc etc Reduces CPU load Automates applications when combined with DTC Interrupts and or DTC transfers can be generated in parallel with Events Normal Micro-controller Interrupt processing Rx200 Event Link Controller Enable / disable interrupts Enable / disable interrupts Built-in modules Interrupt signals CPU INT Built-in modules Interrupt signals CPU INT External interrupt input External interrupt input ELC used/ unused ELC Events occur 30
Using the RX200 Event Link Controller Example operation: External interrupt input Overflow interrupt of timer A/D conversion Completely automatic data capture when combined with DTC, this becomes a completely autonomous sub system Existing processing Processing by ELC CPU 1 2 3 CPU 1 External interrupt input Interrupt controller External Interrupt input Interrupt controller Timer Timer ELC ADC ADC CPU separately controls the operation of modules. ELC separately controls the operation of modules. 31
RX210 12bit ADC Up to 16 channels of 1 µs sample time 12-bit ADC with the following advanced features Wide operating range, 1.62 5.5v 3 simultaneous sample and hold circuits Doubled buffering tuneable sample and hold for each channel to match input signal Individual data registers for each channel Internal voltage reference Single and continuous scan modes available 2 programmable scan groups Addition mode to support multiple measurements per channel with up to 14-bit result Multiple conversion triggers ( Timers, ELC, External pin, software ) Self test functions Pin disconnect detection Internal comparison with voltage reference Internal comparison result stored with each measurement 32
RX210 12bit ADC Block Diagram VREF, 1/2*VREF, 0*VREF generator for Self- diagnosis 33
Renesas MCUs designed with IEC60730 in Mind Cheaper Flexible Flexible design of scheduler Save money & achieve IEC compliance Reliable Easier Fast periodical self-test & low CPU load Easier safety measures impl. 34