12.4.1.1.1 Error Injection for Fail-Safe Logic

The CLKDIAG (clock diagnostic) register is used for exercising the clock failure detection logic and testing the Fail-Safe Clock Monitor Enable feature.

This functionality works only with FAIL SAFE logic, so we must keep the FSCMEN bit enabled for the clock gen module.

Note: It’s independent of the CLOCK MONITOR module.

  1. Clock Fail Detector Fault Injection:

    Using the STOP bit in the CLKDIAG register, we can disable the clock source selected by the respective clock generator. The associated CLKGEN or PLLGEN will perform a clock switch to the selected backup clock, the associated CLKFAIL status bit will be set, and an interrupt (CLKFInterrupt) will be generated.

    The user sets the STOPGEN bit(s) and then sets the FLTIJEN bit to initiate the clock stoppage to the Fail-Safe Clock Monitor of the clockgen.

    Figure 12-4. Example:
    CLKDIAGbits.STOPGEN4 = 1;          // STOP Reference clock of CLOCKGEN4
CLKDIAGbits.FLTIJEN = 1.           // Insert the Fault

    When the Fault injection function process is completed:

    • The STOP Bit in CLKDIAG must be cleared.
    • The user clears the Fault status bit in CLKFAIL.
    • The user sets the OSWEN bit to switch back to the selected NOSC clock source.
    Figure 12-5. 12-x
    void __attribute__((__interrupt__, no_auto_psv))_CLKFInterrupt(void) 
{
   CLKDIAGbits.STOPGEN4=0;	 // STOP Bit in CLKDIAG must be cleared
   CLKFAILbits.CLKFAIL4 = 0;   // clears the fault status bit in CLKFAIL
   IFS0bits.CLKFAILIF = 0;	 // clears the CLKFAIL Interrupt flag

// switch back to the selected NOSC clock source   
   CLK4CONbits.OSWEN = 1; 	// enable PLL switch
   while (CLK4CONbits.OSWEN);

}

  2. Clock Selection Integrity Checking:

    Each clock generator and PLL generator has Fault-tolerant clock selection integrity checking logic to flag users in the event of errors in the Source Clock Selection logic (COSC bits). The Fault detection logic should be implemented as a complemented version of the Source Clock Select signals (COSC bits).

    If at any point the XOR of the source select signal and its inverse is 0, the corresponding SCSFAIL bit will be set. The user can insert a CLOCK SELECTION FAULT INJECTION by selecting which clock generator to use with the GENSEL[4:0] bits and the SCSFLTDATA[3:0] bits of the CLKDIAG register. The GENSEL[4:0] bits select the CLKGEN or PLLGEN to target for Fault injection. The SCSFLTDATA[3:0] bits select which bits in the selected source select logic (COSC bits) bitfield are inverted. If any error is injected, the associated error status will be asserted, and an error interrupt (CLKEInterrupt) will be generated.

    Figure 12-6. Conceptual Diagram of COSC[X][3:0] Integrity Checking
    Figure 12-7. 12 -x
    CLKDIAGbits.GENSEL = 4;               // clockgen selection: Clock Generator 4
CLKDIAGbits.SCSFLTDATA = 0b0101;	// source select logic
CLKDIAGbits.FLTIJEN= 1;		    // Insert the Fault

If CLKERRIE is enabled, then the following error interrupt will be generated.

void __attribute__((__interrupt__, no_auto_psv))_CLKEInterrupt(void) 
[
   IFS0bits.CLKERRIF = 0;
}