• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 31 subscribers
  • Views 539 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Hercules Clock Monitoring

Prad1
Genius 3825 points
Other Parts Discussed in Thread: RM46L830

Hi,

One of our customer is evaluating Hercules RM46xx(RM46L830) series for their
CATEGORY 3 Safety application.
We need some clarifications about the clock fail safe system.

As you know Hercules MCUs have diagnostics to detect failure of the
clocking subsystem. In case of input clock failure, the device can revert to
operation using the internal LPO.
i.e. it automatically switches all clock domains sourced by OSCIN to the HFLPO clock.

We would like to know how much time is required to switch these clocks from
External(fault clock) to internal HFLPO clock.
Will the CPU put in idle state in between the clock switching?
Our customer is worried whethere there will be any erroneous CPU outputs during that time..

Best Regards.
Prad

  • 0
    TI__Guru**** 198976 points

    Hi Prad,

    Your question has been forwarded to our expert team member. He will be responding soon.

    Regards,

    QJ

  • 0
    TI__Mastermind 49120 points

    Hi Prad,

    The RM46x MCUs implement an on-chip monitoring function for the main oscillator. Also, both the on-chip PLLs have a built-in phase-slip detector.

    The monitoring of the main oscillator is done via an analog macro LPO+CLKDET. This macro has a dual function: it generates two clock sources (LF LPO, HF LPO) and it monitors the main oscillator. The main oscillator frequency is monitored with respect to the HF LPO frequency as explained in the datasheet and TRM.

    An oscillator frequency slower than f(HF_LPO)/4 is deemed to be too slow and a frequency faster than f(HF_LPO)*4 is deemed to be too fast. There is also a capability to detect an "absent" oscillator (no toggles).

    • In case of an absent oscillator, the CLKDET detects an oscillator failure if there is no transition detected for 12 consecutive HF LPO cycles. This is mentioned in the TRM.
    • The CLKDET signals an oscillator failure within 10ns of detecting an oscillator frequency that is too fast or too slow.
    All clock domains mapped to the main oscillator are switched over to the HF LPO whenever an oscillator failure (too fast / too slow / absent) is detected. There is no interruption of the clock provided to the modules. That is, the CPU still gets its clock and is not placed in an IDLE state. This allows the application to continue executing and "limp home" to an application-defined safe state. The CPU can enable notification from the Error Signaling Module (ESM) whenever an oscillator failure is detected. This interrupt service routine can then address the oscillator failure and place the system in a safe state (configure outputs, network communications, etc).
    Regards,
    Sunil