6.1.3.1 DIAG_SRAM_MarchCMinus()

diag_result_t __nopa DIAG_SRAM_MarchCMinus (register volatile uint8_t * startAddress, register uint16_t length, register diag_sram_march_mode_t mode)

Software Requirement Reference ID : SW_SRAM_MARCH_TEST_01  

Implements the March C- algorithm, converted to a Word-Oriented Memory (WOM) test. See the Word-Oriented Memory Conversion section for a full explanation of how the March algorithm works. See the Assumption of Use section for a list of all the AoUs for this API.

Attention:

The March test is destructive, meaning that all data stored in the SRAM area under test will be permanently overwritten when the test is completed to ensure full test coverage of the listed Coupling Faults (CFs) between all bits in SRAM under test.

The test is executed with the following steps:

  • If in SRAM_MARCH_STARTUP mode, back up the return address from stack

  • Verify that the input parameters are valid

  • Run the inter-word test

  • Run the intra-word test

  • If in SRAM_MARCH_STARTUP mode, restore the return address to stack

  • If in SRAM_MARCH_STARTUP mode, store the result of the test in a persistent variable

  • If in SRAM_MARCH_PARTIAL mode, return the result of the test

If an error is detected while executing any of the March elements, the return address is restored (in SRAM_MARCH_STARTUP mode), before returning as fast as possible.  

The March C- WOM algorithm consists of the following march elements:

  • Start of the inter-word test:  

    • M0 up (w00000000);  

    • M1 up (r00000000,w11111111);

    • M2 up (r11111111,w00000000);

    • M3 down (r00000000,w11111111);

    • M4 down (r11111111,w00000000);

  • Start of the intra-word test:  

    • M5 down (r00000000, w01010101);

    • M6 up (r01010101, w10101010);

    • M7 down (r10101010, w01010101);

    • M8 up (r01010101, w00110011);

    • M9 down (r00110011, w11001100);

    • M10 up (r11001100, w00110011);

    • M11 down (r00110011, w00001111);

    • M12 up (r00001111, w11110000);

    • M13 down (r11110000, w00001111);

    • M14 up (r00001111);

Note:

Procedural Abstraction (PA) optimization is disabled for this function. This assembly optimization can adversely affect the March test by introducing calls to routines that change the content of the stack in SRAM and can thus cause the March test to fail. This is achieved by using the __nopa directive, which is expanded to __attribute__((nopa, noinline)). This additionally ensures that inlined code is not subject to PA.

Parameters:
startAddress

- Start address of the memory under test

length

- Defines the size of the memory under test

mode

- Selects which mode the function uses, as defined in diag_sram_march_mode_t

Returns:

DIAG_PASS,

DIAG_FAIL,

DIAG_INVALID_ARG,

DIAG_UNDEFINED.

Note:

In SRAM_MARCH_STARTUP mode, discard the return value as it will always be DIAG_UNDEFINED. Call DIAG_SRAM_MarchGetStartupResult() in the main function to get the result of the diagnostic in Start-up mode. In SRAM_MARCH_PARTIAL mode, read the return value directly.

MISRA C:2012 Deviation Advisory: misra-c2012-8.7  

Justification: False positive - The term "referenced" includes both the call of a function and its definition. A function which is defined in one translation unit and called in a different one is compliant with this rule. See the declaration of function R_8_7_2 and its usage in the R_08_07.h, R_08_07_1.c and R_08_07_1.c files in the MISRA-Example-Suite repository on GitHub.

MISRA C:2012 Deviation Advisory: misra-c2012-15.1  

Justification: To adhere to misra-c2012-15.5, a goto statement is used instead of having an additional return statement when detecting invalid input parameters. This is done because the implementation of this function requires the usage of goto statements regardless. This is because the diagnostic function needs to return as soon as an error is detected, without having multiple return statements, and some cleanup is neccesary before exiting when using the SRAM_MARCH_STARTUP mode. Avoiding the use of goto would require either creating a separate cleanup function, which would be called whenever an error is detected (which is not possible since this function cannot call another function), or having multiple additional checks which would add overhead, diminish the code readability and require defaulting the test result to DIAG_PASS. The latter is deemed less safe than only assigning the result to DIAG_PASS when all March elements have run and detected no error. Finally, as misra-c2012-15.2 and misra-c2012-15.3 (regarding the usage of goto) is adhered to, the deviation is deemed safe.