CN116932259A - MCU FLASH and Program Counter fault composite diagnosis method and system - Google Patents

MCU FLASH and Program Counter fault composite diagnosis method and system Download PDF

Info

Publication number
CN116932259A
CN116932259A CN202310712361.8A CN202310712361A CN116932259A CN 116932259 A CN116932259 A CN 116932259A CN 202310712361 A CN202310712361 A CN 202310712361A CN 116932259 A CN116932259 A CN 116932259A
Authority
CN
China
Prior art keywords
flash
program counter
part2
part1
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310712361.8A
Other languages
Chinese (zh)
Inventor
曾华鹏
王鹏
李艳
李益敏
欧阳建东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Sino German University of Applied Sciences
Original Assignee
Tianjin Sino German University of Applied Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Sino German University of Applied Sciences filed Critical Tianjin Sino German University of Applied Sciences
Priority to CN202310712361.8A priority Critical patent/CN116932259A/en
Publication of CN116932259A publication Critical patent/CN116932259A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/073Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1068Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices in sector programmable memories, e.g. flash disk
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The application provides a MCU FLASH and Program Counter fault composite diagnosis method and a system, belonging to the microelectronic fault diagnosis field, wherein the method comprises the following steps: the compiled key function part is separated from the firmware and divided into two parts of part1 and part2, a FLASH storage starting address is forcedly appointed for the key function part, and the key function part is sequentially jumped to a FLASH area where the part1 and the part2 are positioned to perform fault detection; if the FLASH area detects no fault, the Program Counter points to the initial address of the area to execute the corresponding key function, and whether the Program Counter can work normally is detected by judging whether the return value of the Program Counter is the initial address of the area. The application can greatly shorten the detection time and avoid the safety problem caused by overlong detection time on the premise of ensuring the effectiveness of FLASH detection; meanwhile, the FLASH starting address where the key function is located is combined with the Program Counter detection, the Program Counter fault detection is carried out while the key function is executed, and the FLASH occupation and time expenditure caused by additionally setting the detection item are avoided, so that the detection is more direct and effective.

Description

MCU FLASH and Program Counter fault composite diagnosis method and system
Technical Field
The application relates to the field of microelectronic fault diagnosis, in particular to a MCU FLASH and Program Counter fault compound diagnosis method. And also relates to an MCU FLASH and Program Counter fault compound diagnosis system.
Background
The vortex compressor has huge energy, so that a protection module is required to be additionally arranged in use, and when the compressor is in an abnormal state, the vortex compressor is stopped in time to prevent safety accidents.
Because the compressor operating environment is harsh (high temperature, low temperature, high humidity, vibration, electromagnetic interference, etc.), the modules themselves are required to be stable, reliable, safe. The protection module is generally designed based on a singlechip, and according to the requirement of UL60730-2 CLASS B, fault diagnosis (CPU Register, FLASH, RAM, program Counter, STACK and the like) is required to be periodically carried out on MCU resources related to key functions of the product, and if the result of a detection item is abnormal, emergency measures of immediate shutdown are adopted, so that the safety is ensured.
As shown in fig. 1, for fault diagnosis of the internal FLASH of the MCU, a mode of performing full detection on a storage area of a firmware (Fimrware) of a single chip microcomputer is adopted, that is, from a FLASH head address of the stored firmware until a FLASH tail address of the stored firmware is finished, a verification operation is performed on a program stored in the range, a verification calculation result is compared with a preset standard value, if the verification calculation result is consistent with the standard value, it is determined that the FLASH is normal, otherwise, it is determined that the FLASH is faulty.
Because the general size of the program firmware is larger, the time required for finishing the check operation of the whole firmware at one time is longer, the time of other software functions can be extruded, the instantaneity of the software functions is affected, and even the functions except the fault self-diagnosis cannot be normally operated. Meanwhile, if the improved full detection method is adopted, the detection is performed in a plurality of periods, and each period (for example, 60 ms) detects the content (for example, 256 bytes) of a part of firmware, the problem of real-time performance can be alleviated to a certain extent, but another problem is caused: the total time of detection is too long (for example, 60×32768/256=7680 milliseconds is required for 32K firmware, 7.68 seconds is required for detecting the FLASH area where the whole program firmware is located), and the time from the start of detecting the fault to the detection of the fault to execute the emergency measure is longer than the preset maximum safety response time, which can cause serious safety consequences.
For the detection of the Program Counter, a series of specific test functions are added in the prior art, when each test function is called, the Program pointer Program Counter points to the entry address of the test function, after the test function is executed, a unique numerical value is returned respectively, in each detection period, all the test functions are called in sequence, each return value is obtained and compared with a preset standard value, if all the return values are the same, the Program Counter can point to the preset address correctly, the operation is normal, and otherwise, the abnormality is judged.
This approach has two drawbacks:
1. since each test function is not in the key function, the Program Counter can work normally when each test function is detected, and the Program Counter can work normally when the key function is operated cannot be proved.
2. A test item is added for the Program Counter, the running time of other functions can be extruded in each Program running period, and the instantaneity is reduced. And the test function occupies extra FLASH space after compiling.
Disclosure of Invention
The application aims to solve the problems that the FLASH detection time is too long, the function instantaneity of a product is affected and the safety is caused when the FLASH detection time is serious in the prior art; the detection of the Program pointer Program Counter can not really and effectively judge whether the key function has a fault or not when running, and the MCU FLASH and the Program Counter fault compound diagnosis method is provided. And also relates to an MCU FLASH and Program Co counter fault compound diagnosis system.
The application provides a MCU FLASH and Program Counter fault compound diagnosis method, which comprises the following steps:
s1, dividing the compiled key function part into a part1 part and a part2 part from firmware independently, and forcedly designating a FLASH storage start address for the part1 part and the part2 part;
s2, writing check values of FLASH areas occupied by the part1 and the part2 into the back of the two FLASH areas to serve as comparison standard values 1 and 2;
s3, jumping to the starting address of the part1, starting to check to the ending address of the part1, comparing the check result with the standard value 1, if the check result is inconsistent with the standard value 1, performing FLASH fault, otherwise, entering S4;
s4, calling a part1 function, running a key function part1, judging a return value of the part1 function, if the return value is inconsistent with a preset value, a Program Counter fails, and otherwise, performing S5;
s5, jumping to the starting address of the part2 to start checking to the ending address of the part2, comparing the checking result with a standard value 2, if not, performing FLASH fault, otherwise, performing FLASH normal;
s6, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the return value is inconsistent with a preset value, a Program Counter is failed, otherwise, the Program Counter is normal;
and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and the MCU FLASH and the Program Counter fault compound diagnosis is completed.
Optionally, several bits in the FLASH memory start addresses of the part1 and the part2 are mutually opposite codes, so as to check the situation of adjacent bit adhesion of the program pointer.
Optionally, in the program, the key functions are packaged into two functions:
Critical_FunctionPart1 () and Critical_FunctionPart2 ();
and taking the starting addresses of the two functions as a preset value 1 and a preset value 2 in the Program Counter detection.
Optionally, determining the end address of the part1 or the part2 includes:
compiling a program;
and calculating the end address of FLASH detection according to the space size occupied by the Critical_FunctionPart1 () and Critical_FunctionPart2 () after compiling the integrated development environment.
Optionally, after the Critical_FunctionPart1 () and Critical_FunctionPart2 () functions are run, the return value is the start address of the Function.
Optionally, the method further comprises:
other non-critical functions in the running program.
The MCU FLASH and Program Counter fault compound diagnosis system comprises: at least one integrated development environment, a control module, an MCU containing FLASH and MCU Program Counter;
the integrated development environment divides the compiled key function part into two parts, namely part1 and part2, from firmware, and forcibly appoints a FLASH storage starting address for the part1 and the part 2; writing cheksum check values of FLASH areas occupied by the par t1 and the part2 to the back of the two FLASH areas to serve as comparison standard values 1 and 2;
the control module controls and executes: jumping to the start address of the part1 to start checking to the end address of the part1, comparing the checking result with the standard value 1, and if the checking result is inconsistent with the standard value 1, performing FLASH fault; if the values are consistent, calling a part1 function, running a key function part1, judging a return value of the part1 function, and if the values are inconsistent with the preset values, performing Program Counter fault; if the return value of the part1 function is consistent with the preset value, jumping to the start address of the part2 to start checking to the end address of the part2, comparing the checking result with the standard value 2, if the return value is inconsistent with the preset value, then performing FLASH fault, otherwise, performing FLASH normal; if the values are consistent, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the values are inconsistent with the preset values, the Program Counter malfunctions, otherwise, the Program Counter detects that the values are normal; and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and the MCU FLASH and the Program Counter fault compound diagnosis is completed.
Optionally, the integrated development environment divides the compiled key function part into two parts, namely part1 and part2, from the firmware, and forcibly designates a FLASH memory start address for the part1 and part2, and further includes:
and a plurality of bits in the FLASH storage starting addresses of the part1 and the part2 are mutually opposite codes so as to check the condition of adjacent bit adhesion of the program pointers.
Optionally, the control module forcibly specifies a FLASH memory address for the part1 and the part2, including:
compiling a program;
and calculating the end address of FLASH detection according to the space size occupied by the Critical_FunctionPart1 () and Critical_FunctionPart2 () after compiling the integrated development environment.
Optionally, after the Part1 and Part2 functions run, the return value is the start address of the function.
The application has the advantages and beneficial effects that:
the application provides a MCU FLASH and Program Counter fault compound diagnosis method, which comprises the following steps: s1, dividing the compiled key function part into a part1 part and a part2 part from firmware independently, and forcedly designating a FLASH storage start address for the part1 part and the part2 part; s2, writing cheksum check values of FLASH areas occupied by the part1 and the part2 into the back of the two FLASH areas to serve as comparison standard values 1 and 2; s3, jumping to the starting address of the part1, starting to check to the ending address of the part1, comparing the check result with the standard value 1, if the check result is inconsistent with the standard value 1, performing FLASH fault, otherwise, entering S4; s4, calling a part1 function, running a key function part1, judging a return value of the part1 function, if the return value is inconsistent with a preset value, a Program Counter fails, and otherwise, performing S5; s5, jumping to the starting address of the part2 to start checking to the ending address of the part2, comparing the checking result with a standard value 2, if not, performing FLASH fault, otherwise, performing FLASH normal; s6, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the return value is inconsistent with a preset value, a Program Counter is failed, otherwise, the Program Counter is normal; and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and MCU FLASH and Program Counter fault compound diagnosis is completed. The application only needs to detect the FLASH area related to the key function, because the area occupied by the key function in the FLASH is far smaller than the area occupied by the whole firmware, the FLASH detection time is greatly reduced, the safety problem caused by the fact that the detection time is longer than the maximum safety response time is avoided, the time of extruding other software functions is avoided, and the instantaneity is improved. For the detection of the Program Counter, the Program pointer Program Counter is detected simultaneously when the key function is operated, so that the effectiveness of the detection of the Program Counter when the key function is operated is ensured, and meanwhile, no additional test item is required, so that the detection time is effectively reduced.
Drawings
Fig. 1 is a schematic diagram of an internal FLASH memory structure of an MCU in the prior art according to the present application.
Fig. 2 is a schematic diagram of the overall flow of the MCU FLASH and Program Counter composite diagnosis in the present application.
Fig. 3 is a schematic diagram of a MCU FLASH memory structure in the present application.
FIG. 4 is a schematic flow chart of a composite diagnostic execution logic in the present application.
Detailed Description
The present application is further described in conjunction with the accompanying drawings and specific embodiments so that those skilled in the art may better understand the present application and practice it.
The following is a detailed description of the embodiments of the present application, but the present application may be implemented in other ways than those described herein, and those skilled in the art can implement the present application by different technical means under the guidance of the inventive concept, so that the present application is not limited by the specific embodiments described below.
The application mainly solves the technical problem of how to reduce the FLAS H detection time, improve the accuracy of the Program Counter detection and improve the detection efficiency in the existing microelectronic fault diagnosis.
Referring to fig. 1, the method for compositely diagnosing faults of a MCU FLASH and a Program Counter provided by the present application includes:
s1, dividing the compiled key function part into a part1 part and a part2 part from firmware independently, and forcedly designating a FLASH storage start address for the part1 part and the part2 part;
s2, writing check values of FLASH areas occupied by the part1 and the part2 into the back of the two FLASH areas to serve as comparison standard values 1 and 2;
s3, jumping to the starting address of the part1, starting to check to the ending address of the part1, comparing the check result with the standard value 1, if the check result is inconsistent with the standard value 1, performing FLASH fault, otherwise, entering S4;
s4, calling a part1 function, running a key function part1, judging a return value of the part1 function, if the return value is inconsistent with a preset value, a Program Counter fails, and otherwise, performing S5;
s5, jumping to the starting address of the part2, starting to check to the ending address of the part2, comparing the check result with the standard value 2, if not, performing FLASH fault, otherwise, performing S6 on the FLASH normally;
s6, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the return value is inconsistent with a preset value, a Program Counter is failed, otherwise, the Program Counter is normal;
and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and the MCU FLASH and the Program Counter fault compound diagnosis is completed.
The key concept of the application is that the FLASH area related to the key function is detected, so that if the FLASH area storing the key function is damaged in certain positions, the data in the FLASH area is incorrect, and thus the operation of the key function is influenced, the FLASH area can be timely detected to take emergency measures; and detecting a Program pointer Program Counter at the same time when the key function is operated, and if the Program Counter fault cannot point to a preset address at the moment, the operation of the key function is affected, and the Program pointer Program Counter can be timely detected to take emergency measures.
The MCU FLASH and Program Counter fault composite diagnosis method provided by the application aims to effectively reduce the MCU FLASH detection time, and can cover the Program pointer (Program Counter) detection in other MCU detection items at the same time, optimize the MCU detection items and improve the detection accuracy and detection efficiency.
Because the area occupied by the key function in the FLASH is far smaller than the area occupied by the whole firmware, the FLASH detection time is greatly reduced.
For the detection of the Program Counter, from the safety point of view, only the Program pointer needs to work normally when the key function is executed.
In addition, since it is necessary to detect the situation that adjacent bits of the program pointer are stuck, at least two program addresses need to be detected, and these two addresses are mutually opposite codes (such as 0x5555 and 0 xAAAA) on some bits.
Based on the above consideration, the key function is divided into an upper part (part 1) and a lower part (part 2) in the FLASH, the starting address in the FLASH is respectively and forcedly specified, and certain bits of the two addresses are mutually opposite codes.
Therefore, the working state of the Program Counter when the key function is accessed is directly judged, and the judgment accuracy is improved; and secondly, judging whether the return value is the FLASH starting address of the key function part1 and part2 by calling the upper part (part 1) and the lower part (part 2) of the key function, and detecting the Program Counter in a mode that the detection item is not required to be set for the Program Counter alone or a series of test functions are not required to be set additionally, so that the running time of other functions is not extruded, and meanwhile, the additional codes are prevented from occupying the space of the FLASH.
As shown in fig. 2, in step S1, the compiled firmware is written into the MCU, and the positions of the critical function and non-critical function programs in the firmware, both critical functions part1 and part2 may be specified before, during or after the non-critical function firmware.
As shown in fig. 3, the compiled key function part is independent from the firmware, and the key function part is divided into two parts of part1 and part2, and fault diagnosis is performed only for the FLASH area where the key function part is located; the test Program Counter performs Program Counter detection while executing the key functions by calling and executing the key functions part1 and part2 and judging whether the return values are FLASH storage start addresses of the key functions part1 and part 2.
The key functions part1 and part2 are embodied in a functional form in a program, and a forced specified FLASH memory address is adopted in the program; both critical functionality part1, part2 may be specified before, during, or after non-critical functionality firmware.
Wherein, a plurality of bits in the FLASH storage initial addresses of the key functions part1 and part2 are mutually inverse codes so as to check the adhesion condition of adjacent bits of the program pointer;
in the program, the critical functions are packaged into two functions: critical_FunctionPart1 () and Critical_FunctionPart2 ();
in the program, the starting address in FLASH is forcedly specified for the two functions, and a plurality of bits of the starting addresses of the two functions are mutually opposite codes so as to check the condition of adhesion of adjacent bits of a program pointer.
In step S2, the start addresses of the two functions are used as a preset value 1 and a preset value 2 in the Program Counter detection.
Program compiling, namely calculating an end address during FLASH detection according to the compiled sizes of the Critical_FunctionPart1 () and the Critical_FunctionPart2 () in the compiling information; the compiling time calculates the check value of the FLASH area occupied by the Critical_Function_Part1 () and Critical_Function_Part2 (), and writes the check value to the back of the two FLASH areas as the compared standard values 1 and 2.
In step S3, the program runs, firstly, the FLASH area where the key function part1 is located is detected, the verification is performed from the starting address to the ending address, the calculated verification value is compared with the standard value 1 of the pre-stored final verification value, if the verification value is consistent with the standard value, the FLASH area has no fault, otherwise, the FLASH fault is reported.
Specifically, when detecting FLASH, only the FLASH region where the key function part is located is detected; firstly, jumping to the start address of part1 to start checking, and checking until the start address of part1 is the end address; comparing the checking result with a check value prestored in the last check sum of the key function part1 firmware; if not, the method returns to 0 (FALSE, FLASH failure is detected), and if not, the method returns to 1 (TRUE, FL ASH is detected to be normal).
In step S4, if the FLASH area where the key function part1 is located is detected to be normal, the key function part1 function is called (the Program Counter points to the starting address of the function), the key function part1 is operated, and after the normal operation is completed, the return value is the starting address of the function; judging the return value of the function, if the return value is inconsistent with the preset value, indicating the fault of the Program Counter, and if the return value is inconsistent with the preset value, detecting the FLASH and the Program Counter of the key function part 2.
In step S5, jump to the key function part2 to perform detection of FLASH and Program Counter, and the FLASH detection algorithm is the same as the key function part1.
Specifically, the program runs, the FLASH area where the key function part2 is located is detected, the verification value calculated from the starting address to the ending address is compared with the standard value 2 of the pre-stored final verification value, if the verification value is consistent with the standard value, the FLASH area has no fault, and otherwise, the FLASH fault is reported.
When detecting FLASH, only detecting FLASH areas where key functional parts are located; firstly, jumping to the start address of part2 to start checking, and checking until the start address of part2 is the end address; comparing the checking result with a check value prestored in the last check sum of the key function part2 firmware; if not, the method returns to 0 (FALSE, FLASH fault is detected), and if so, the method returns to 1 (TRUE, FLASH normal is detected).
In step S6, a key function part2 is called (at this time, the Program Counter points to the start address), the return value of the key function part2 after the operation is finished is the start address of the FLASH where the function is located, and the comparison is performed with the preset value 2 in step 3, if the return value is consistent with the preset value, the Program Counter works normally and points to the start address of the function correctly, otherwise, the Program Counter fails and does not point to the correct address.
Judging the return value of the key function part2 function, if the return value is inconsistent with the preset value, indicating that the Program Counter has a fault, and if the return value is consistent with the preset value, indicating that the Program Counter can work normally.
Calling a key function part2 (at the moment, the Program Counter points to a starting address), comparing the return value of the key function part2 after the operation is finished with a preset value, indicating that the Program Counter works normally and points to the starting address of the function correctly, otherwise, indicating that the Program Counter fails and does not point to the correct address;
if the FLASH areas where the key functions part1 and part2 are located are detected to be normal, judging that the current detection FL ASH has no fault; and if the key functions part1 and part2 run and the Program Counter are detected to be normal, judging that the Program Counter detected by the current round has no fault.
Finally, other non-critical functions in the running program are also performed. And the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, so that MCU FLASH and Prog ram Counter fault compound diagnosis is completed.
The application directly detects the FLASH area where the key function is located, but not the FLASH area where the whole Firmware is located, so that the FLASH detection is more direct and objective.
The overall FLASH detection time is shortened, and safety accidents caused by the fact that the detection time exceeds the maximum safety response time of products are avoided; the running time of other functions in the extrusion program is avoided, and the instantaneity is improved.
The state of the Program Counter when the key function is operated is directly detected, so that the Program Counter detection is more direct and objective; the Program Counter is detected while the key function is running, so that extra time expenditure is avoided, and the detection is faster.
The Program Counter does not need to additionally set a test function, so that FLASH space is saved, and instantaneity is improved.
Furthermore, the FLASH and the Program Counter are checked, and the FLASH is detected and realized under the control of the control module.
The integrated development environment divides the compiled key function part into two parts, namely part1 and part2, from firmware, and forcibly appoints a FLASH storage starting address for the part1 and the part 2; and writing cheksum check values of the FLASH areas occupied by the par t1 and the part2 into the back of the two FLASH areas to serve as the comparison standard values 1 and 2.
The control module controls and executes: jumping to the start address of the part1 to start checking to the end address of the part1, comparing the checking result with the standard value 1, and if the checking result is inconsistent with the standard value 1, performing FLASH fault; if the values are consistent, calling a part1 function, running a key function part1, judging a return value of the part1 function, and if the values are inconsistent with the preset values, performing Program Counter fault; if the first address is consistent with the second address, jumping to the initial address of the part2 to start checking to the end address of the part2, comparing the checking result with a standard value 2, if the first address is inconsistent with the second address, performing FLASH fault, otherwise, performing FLASH normal; calling a part2 function, running a key function part2, judging a return value of the part2 function, if the return value is inconsistent with a preset value, then the Program Counter fails, and otherwise, the Program Counter is normal.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. The MCU FLASH and Program Counter fault compound diagnosis method is characterized by comprising the following steps:
s1, dividing the compiled key function part into a part1 part and a part2 part from firmware independently, and forcedly designating a FLASH storage start address for the part1 part and the part2 part;
s2, writing check values of FLASH areas occupied by the part1 and the part2 into the back of the two FLASH areas to serve as comparison standard values 1 and 2;
s3, jumping to the starting address of the part1, starting to check to the ending address of the part1, comparing the check result with the standard value 1, if the check result is inconsistent with the standard value 1, performing FLASH fault, otherwise, entering S4;
s4, calling a part1 function, running a key function part1, judging a return value of the part1 function, if the return value is consistent with a preset value, then a Program Counter fails, otherwise, performing S5;
s5, jumping to the starting address of the part2 to start checking to the ending address of the part2, comparing the checking result with a standard value 2, if not, performing FLASH fault, otherwise, performing FLASH normal;
s6, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the return value is inconsistent with a preset value, then a Program Counter fails, otherwise, the Program Counter is normal, and entering S7;
and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and the MCU FLASH and the Program Counter fault compound diagnosis is completed.
2. The method for combined diagnosis of MCU FLASH and Program Counter faults according to claim 1, wherein a plurality of bits in FLASH storage start addresses of part1 and part2 are mutually opposite codes so as to check the adhesion condition of adjacent bits of a Program pointer Program Counter.
3. The MCU FLASH and Program Counter fault composite diagnostic method of claim 1, wherein in the Program, the critical functions are packaged into two functions:
Critical_FunctionPart1 () and Critical_FunctionPart2 ();
and taking the starting addresses of the two functions as a preset value 1 and a preset value 2 in the Program Counter detection.
4. The MCU FLASH and Program Counter fault composite diagnostic method of claim 1, wherein determining the end address of part1 or part2 comprises:
compiling a program;
and calculating the end address of FLASH detection according to the space size occupied by the Critical_FunctionPart1 () and Critical_FunctionPart2 () after compiling the integrated development environment.
5. The method for combined diagnosis of MCU FLASH and Program Counter faults according to claims 1 to 4, wherein after the Critical_FunctionPart1 () and Critical_FunctionPart2 () functions are run, the return value is the start address of the Function.
6. The MCU FLASH and Program Counter fault composite diagnostic method of any one of claim 5, further comprising:
other non-critical functions in the running program.
7. An MCU FLASH and Program Counter fault composite diagnosis system is characterized by comprising: at least one integrated development environment, a control module, an MCU containing FLASH and MCU Pro gram Counter;
the integrated development environment divides the compiled key function part into two parts, namely part1 and part2, from firmware, and forcibly appoints a FLASH storage starting address for the part1 and the part 2; writing cheksum check values of FLASH areas occupied by the par t1 and the part2 to the back of the two FLASH areas to serve as comparison standard values 1 and 2;
the control module controls and executes: jumping to the start address of the part1 to start checking to the end address of the part1, comparing the checking result with the standard value 1, and if the checking result is inconsistent with the standard value 1, performing FLASH fault; if the values are consistent, calling a part1 function, running a key function part1, judging a return value of the part1 function, and if the values are inconsistent with the preset values, performing Program Counter fault; if the return value of the part1 function is consistent with the preset value, jumping to the start address of the part2 to start checking to the end address of the part2, comparing the checking result with the standard value 2, if the return value is inconsistent with the preset value, then performing FLASH fault, otherwise, performing FLASH normal; if the values are consistent, calling a part2 function, running a key function part2, judging a return value of the part2 function, if the values are inconsistent with the preset values, the Program Counter malfunctions, otherwise, the Program Counter detects that the values are normal; and S7, the Program Counter jumps to a FLASH starting address of a non-critical function to execute the non-critical function, and the MCU FLASH and the Program Counter fault compound diagnosis is completed.
8. The MCU FLASH and Program Counter fault composite diagnostic system of claim 7, wherein the integrated development environment divides the compiled critical functional portion from firmware into two parts, part1 and part2, and forcibly designates FLASH memory addresses for the parts 1 and part2, further comprising:
and a plurality of bits in the FLASH storage starting addresses of the part1 and the part2 are mutually opposite codes so as to check the adhesion condition of adjacent bits of the Program pointer Program Counter.
9. The MCU FLASH and Program Counter fault composite diagnostic system of claim 7, wherein the integrated development environment enforces assignment of FLASH memory addresses to the parts 1, 2, comprising:
compiling a program;
and calculating the end address of FLASH detection according to the space size occupied by the Critical_FunctionPart1 () and Critical_FunctionPart2 () after compiling the integrated development environment.
10. The MCU FLASH and Program Counter fault composite diagnostic system of claims 7-9, wherein after the Part1 and Part2 functions are run, their return values are the starting addresses of the functions.
CN202310712361.8A 2023-06-15 2023-06-15 MCU FLASH and Program Counter fault composite diagnosis method and system Pending CN116932259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310712361.8A CN116932259A (en) 2023-06-15 2023-06-15 MCU FLASH and Program Counter fault composite diagnosis method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310712361.8A CN116932259A (en) 2023-06-15 2023-06-15 MCU FLASH and Program Counter fault composite diagnosis method and system

Publications (1)

Publication Number Publication Date
CN116932259A true CN116932259A (en) 2023-10-24

Family

ID=88383398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310712361.8A Pending CN116932259A (en) 2023-06-15 2023-06-15 MCU FLASH and Program Counter fault composite diagnosis method and system

Country Status (1)

Country Link
CN (1) CN116932259A (en)

Similar Documents

Publication Publication Date Title
US6654910B1 (en) Intelligent fault management
US6415394B1 (en) Method and circuit for analysis of the operation of a microcontroller using signature analysis during operation
KR20180022759A (en) Method and device for handling safety critical errors
KR20130031888A (en) Method for monitoring a data memory
WO2008061558A1 (en) Memory system with ecc-unit and further processing arrangement
CN108038021B (en) Code memory checking method for computer program operation stage
US20080133975A1 (en) Method for Running a Computer Program on a Computer System
CN113946148A (en) MCU chip awakening system based on multi-ECU cooperative control
CN114968646A (en) Functional fault processing system and method
CN116932259A (en) MCU FLASH and Program Counter fault composite diagnosis method and system
US20180135224A1 (en) Washing machine failure detection and processing method
CN1787410A (en) Method for detecting single board fault
JP2001175497A (en) Logic diagnosing method
CN112052165B (en) Method, system and storage medium for detecting target function debugged
US7484162B2 (en) Method and apparatus for monitoring an electronic control system
CN113342571A (en) Method for preventing EEPROM data from losing in case of power failure applied to embedded system
US20090204844A1 (en) Error-tolerant processor system
Beckschulze et al. Fault handling approaches on dual-core microcontrollers in safety-critical automotive applications
US6986079B2 (en) Memory device method for operating a system containing a memory device for fault detection with two interrupt service routines
JPH05108418A (en) Detection system for program abnormality
US20210357285A1 (en) Program Generation Apparatus and Parallel Arithmetic Device
JPH0816487A (en) Data processor
CN112817805A (en) Memory data security verification system and method based on self-adaptive platform automobile open system architecture
CN116225506A (en) Online upgrade method for embedded software of measuring switch
US20030056065A1 (en) Method and device for memory monitoring, in particular for RAM monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination