Even everyday products such as appliances come with safety considerations. Your microcontroller (MCU)-based washing machine or dryer shouldn't enter an unsafe operating mode regardless of faults within the system – for example overheating and potentially starting a fire after a subsystem failure. Obviously applications such as transportation or factory control add to the need for fail-safe system design. The RL78 MCU family includes a number of features that inherently add safety margin in a system design. Moreover Renesas offers software libraries that will allow a system designer to quickly develop compliance with standards such as IEC/UL 60730.
Today, let's take a high-level look at the safety-centric features and in subsequent posts we will have a deeper discussion of some of the safety elements. We will focus here on features centric to:
Because Flash provides code storage, it's very important to detect bit errors that could lead to the execution on incorrect instructions. The RL78 includes a CRC (Cyclic Redundancy Check) hardware block that can detect errors in the code Flash.
The CRC hardware can be leverage in a system in two distinct ways. After POR (power-on reset), the CRC hardware can check blocks of memory ranging from 4 to 64 kbytes for accuracy. The MCU enters Halt mode during the check, although typically the action requires a few msecs. Upon completion, the CRC hardware generates an interrupt and the safety-centric algorithms in the ISR (interrupt service routine) can read and act on the CRC results.
The CRC hardware can also be applied to blocks of Flash memory, RAM, or serial data during normal program execution. The CRC monitoring tasks are multiplexed along with others. And safety-centric tasks can continuously monitor the results of each CRC operation and take appropriate results. The CPU doesn’t enter Halt mode in such a usage model. The CRC operations do occupy a percentage of the CPU's bandwidth, but in applications that require continuous monitoring, that's a small price to pay.
The RL78 also includes a parity-check function that's applied to all RAM read and write operations. The system designer must decide how to handle parity errors. The MCU can optionally generate a CPU reset upon a parity error. Alternatively, safety-centric ISRs can respond to parity errors and simply mitigate soft errors attributable to EMI and other external events.
The MCU frurther allows a program to selectively set a write-protect guard on blocks of RAM. Safety-centric algorithms can use the feature to protect critical data and guard against runaway programs. The MCU also offers write protection for SFRs such as I/O port settings, clock and oscillator settings, and interrupt control registers.
Several CPU-centric features add to the safety story. The design offers detection of attempted access of illegal memory locations. It also detects illegal opcodes (operation codes). In either case the feature can generate an MCU reset cycle.
In an earlier post we discussed the broad array on-chip functions that eliminate external components with the RL78, including the oscillator. THE MCU also has safeguards related to that oscillator. The RL78 uses the WDT (watch dog timer) and reset to recover from a stopped-clock condition. Safety algorithms can also use on-chip timers to verify that clock operation stays with in an acceptable range. The MCU integrates a second independent clock source for just such usage.
The final safety-centric capability focuses on the A/D converter. We covered this ground in a post on the converter. The converter can perform a self test on power up.
For applications such as appliances, Renesas has a long history of supplying help with compliance to IEC/UL 60730 standards. The support includes sample code for many of the Renesas MCUs. Indeed the company has published an application note and a VDE-certified self-test library for the RL78.
As I said up front, we will get to more details in future posts on some of the safety features that I have covered at a high level here. If you are looking for easy access to more details today, there is an RL78 safety-centric narrated presentation available to registrants of the Renesas Interactive site.