Safety Features
125
SPRUHE8E – October 2012 – Revised November 2019
Copyright © 2012–2019, Texas Instruments Incorporated
System Control and Interrupts
NOTE:
[1]
The location which is jammed onto the C28x CPU program counter in case of normal
vector fetch errors is 0x3FFFBE - this is below the default C28 vector table in ROM.
[2]
Summarizing mismatch condition error handling:
•
For NMI vector fetch:
–
Address 0x3FFFBE is jammed onto the CPU program counter.
–
NMI will be given to M3 system.
–
ePWM tripped
•
For non-NMI vector fetch:
–
Address 0x3FFFBE is jammed on to the CPU program counter.
–
ePWM tripped
[3]
There is a provision for the user to register a function handler address that is called when
the error condition happens. This can be done using the USER_SWREG1 and
USER_SWREG2 registers. More details are explained in the Boot ROM Handling of PIE
Vector Address Validity Failure section.
1.6.4.1
Boot ROM Handling of PIE Vector Address Validity Failure
The address 0x3FFFBE is located in the control subsystem's ROM (C-ROM), and a handler is installed by
TI in C-Boot ROM. The handler installed by boot ROM at this location first checks the USER_SWREG1
and USER_SWREG2 registers to identify if the user has any handler address registered. If these registers
are at their default value then boot ROM knows that user has not yet registered any handler and simply
proceeds on to handling the error as mentioned in this section. If a user handler is registered, then that
function is called, and if the function returns, it proceeds to handle the error as if no handler is registered.
To handle this error by itself, boot ROM checks if this exception is happening because of a PIE VECTOR
ADDRESS MISMATCH during an NMI vector fetch or during a normal vector fetch. If it is due to an NMI
vector fetch, the handler will clear the required NMI flags and send an IPC message to the master
subsystem indicating that the control subsystem is seeing a PIE vector address mismatch. A while (1) loop
is entered without further executing any code on the control subsystem.
If this exception on the control subsystem is due to vector address mismatch while fetching a PIE interrupt
vector, the master subsystem is not going to receive an interrupt. The user needs to depend on the IPC
message sent by the control subsystem boot ROM. It is up to the user on how to handle this interrupt or
IPC message from the control subsystem. The details on the IPC message sent by the control subsystem
boot ROM installed handler are given in the
Boot ROM
guide chapter of this document.
If this exception on the control subsystem is due to a vector address mismatch while fetching an NMI
interrupt vector, the master subsystem is going to get an NMI, and it is up to the user on how to handle
this NMI. As mentioned earlier, the control subsystem boot ROM is going to clear the required NMI flags,
so that it will not get reset by the CNMIWD. A while (1) loop is entered after sending an IPC to the master
subsystem. In case the vector address mismatch is detected during an NMI fetch on the control
subsystem, the master subsystem is going to get an NMI in addition to the IPC message from C-Boot
ROM.
1.6.5 NMIWDs
Both the master subsystem and control subsystems have user-programmable NMIWD period registers in
which users can set a limit on how much time they want to allocate for the device to acknowledge the
NMI. If the NMI is not acknowledged, it will cause a device reset.
1.6.6 Watchdog Timers
The master subsystem has two watchdog timers, each operating on independent clocking domains
(WDT0 uses M3SSCLK and WDT1 uses MAIN OSCCLK) with programmable interrupts and reset
generation logic. The watchdog timer can be configured to generate an interrupt to the master subsystem
on its first time-out, and generate a reset signal on its second timeout. Once the watchdog timer has been
configured, the lock register can be written to prevent the timer configuration from being inadvertently
altered. Please refer to the
Watchdog Timers
chapter for more details.