Safety Features
124
SPRUH22I – April 2012 – Revised November 2019
Copyright © 2012–2019, Texas Instruments Incorporated
System Control and Interrupts
NOTE:
[1]
The location which is jammed onto the C28x CPU program counter in case of normal
vector fetch errors is 0x3FFFBE - this is just below the normal C28 vector table.
[2]
Summarizing mismatch condition error handling:
•
For NMI vector fetch:
–
Address 0x3FFFBE is jammed onto the CPU program counter.
–
NMI will be given to M3 system.
–
ePWM tripped
•
For non-NMI vector fetch:
–
Address 0x3FFFBE is jammed on to the CPU program counter.
–
ePWM tripped
1.6.4.1
Boot ROM Handling of PIE Vector Address Validity Failure
The address 0x3FFFBE is located in the control subsystem's ROM (C-ROM), and a handler is installed by
TI in C-Boot ROM. The handler installed by boot ROM at this location checks if this exception is
happening because of a PIE VECTOR ADDRESS MISMATCH during NMI vector fetch or during a normal
vector fetch. If it is due to an NMI vector fetch, the handler will clear the required NMI flags and send an
IPC message to the master subsystem indicating the control subsystem is seeing a PIE vector address
mismatch. A while (1) loop is entered without further executing any code on the control subsystem.
If this exception on the control subsystem is due to vector address mismatch while fetching a PIE interrupt
vector, the master subsystem is not going to receive an interrupt. The user needs to depend on the IPC
message sent by the control subsystem boot ROM. It is up to the user on how to handle this interrupt or
IPC message from the control subsystem. The details on the IPC message sent by the control subsystem
boot ROM installed handler are given in the
Boot ROM
guide chapter of this document.
If this exception on the control subsystem is due to a vector address mismatch while fetching an NMI
interrupt vector, the master subsystem is going to get an NMI, and it is up to the user on how to handle
this NMI. As mentioned earlier, the control subsystem boot ROM is going to clear the required NMI flags,
so that it will not get reset by the CNMIWD. A while (1) loop is entered after sending an IPC to the master
subsystem. In case the vector address mismatch is detected during an NMI fetch on the control
subsystem, the master subsystem is going to get an NMI in addition to the IPC message from C-Boot
ROM.
1.6.5 NMIWDs
Both the master subsystem and control subsystems have user-programmable NMIWD period registers in
which users can set a limit on how much time they want to allocate for the device to acknowledge the
NMI. If the NMI is not acknowledged, it will cause a device reset.
1.6.6 Watchdog Timers
The master subsystem has two watchdog timers, each operating on independent clocking domains
(WDT0 uses M3SSCLK and WDT1 uses MAIN OSCCLK) with programmable interrupts and reset
generation logic. The watchdog timer can be configured to generate an interrupt to the master subsystem
on its first time-out, and generate a reset signal on its second timeout. Once the watchdog timer has been
configured, the lock register can be written to prevent the timer configuration from being inadvertently
altered. Please refer to the
Watchdog Timers
chapter for more details.
1.6.7 ECC and Parity Enabled RAMs, Shared RAMs Protection
RAM memories in both the master and control subsystems are ECC and parity enabled. All single bit
errors in RAM are auto corrected and an error counter is incremented every time a single bit error is
incremented. If the error counter reaches a predefined user configured limit then an interrupt is generated
to each CPU. Refer to the
Internal Memory
chapter for more details on RAM errors.