TMS570LC4357: Clarify response to AXI uncorrectable ECC errors during speculative reads?

Hi Andy,

I got your questions, and check the answer for you. 

Andy said:

What is the expected effect of a speculative AXI flash read with an uncorrectable ECC error on the TMS570LC4357, given that the CPU event bus and NMFI FIQs (CPSR.F = 0) are enabled? Is it ESM group 2.3, nERROR assertion, and NMI FIQ, regardless of whether the speculatively read data is "used" (in contrast to the TRM text above)?

You are correct. Double bit ECC error on Flash or SRAM doesn't generate abort, but ESM 2.3 will be set, and nError will be asserted, and FIQ interrupt (ESM high) is generated.

Andy said:

On the TMS570LC437, does this effect apply to both speculative data reads and speculative instruction fetches?

Yes, it does. There is speculative fetch for both data read and instruction. The address of the speculative data can be anywhere in the memory range. 

Andy said:

If our used flash range doesn't contain any unprogrammed "holes", but unprogrammed flash with uncorrectable ECC errors exists before and after the used area of flash, could we still be vulnerable to speculative reads to those unprogrammed areas?

Yes, it can go anywhere.

Andy said:

Is there any way to predict or restrict where these speculative reads occur, or do we need to think about them as unpredictable things that could access truly anywhere in flash? Is there any other way to guarantee this won't be a problem other than programming every word of the entire 4 MB flash range with valid ECC? (E.g., with MPU rules?)

The MPU settings do not affect the generation of speculative addresses.

Thank you very much for the quick responses!

I am curious why configuring the unused flash regions as Device or Strongly Ordered memory, plus Execute-never, in the Cortex-R5 MPU would not be sufficient to suppress speculative data reads/instruction fetches to those ranges?

Section A3.5.1 of the ARMv7-A/R TRM (DDI 0406C.d) says, "To ensure correct system behavior, the access rules for Device and Strongly-ordered memory are more restrictive than those for Normal memory, so that: Neither read nor write accesses can be performed speculatively."

Section B5.2 of the same TRM says, "If the XN bit, the Execute-never bit, is set to 1... the implementation must not access the region to fetch instructions speculatively.... In ARMv7, all regions of memory that contain read-sensitive peripherals must be marked as XN to avoid the possibility of a speculative fetch accessing the locations." It seems like flash memory possibly containing ECC errors could be treated like one of these read-sensitive peripherals?

Please refer to my FAQ about MPU normal/device and strongly-ordered modes:

https://e2e.ti.com/support/microcontrollers/arm-based-microcontrollers-group/arm-based-microcontrollers/f/arm-based-microcontrollers-forum/1159114/faq-tms570lc4357-what-are-the-differences-among-the-memory-attributes-memory-types-and-cache-policy-in-mpu-settings/4357983?tisearch=e2e-sitesearch&keymatch=NOrmal%2520AND%2520device%2520AND%2520strongly%2520ordered#4357983

Thank you for the reference! I think it doesn't cover the speculative access properties from the ARM TRM I mentioned above, though--could this still be a means to avoid speculative reads to flash locations with invalid ECC?

Hi Andy,

The memory attribute (Normal, device, and strongly-ordered) in MPU settings doesn't affect the speculative addresses. 

Speculative instruction prefetch will always occur in the memory defined by your application. Speculative data prefetch could occur outside the memory defined by your application. A user should define all accessible memory in the application to avoid undesired behavior. Speculative instruction prefetch is only applicable to "normal" memory type, but speculative data prefetch can be in normal, device and strongly-ordered memory region..