45.4.3 ECC Testing

For testing the ECC feature, single-bit or double-bit faults can be injected during writes at a specific address.

The following pseudo code shows how to test the ECC:

  • Define in FLTADR the address where the fault injection will occur (take care to use a free memory space, in order to not overwrite existing data in memory)
  • Define in FLTPTR the bit(s) to be flipped on purpose when the address in FTLADR is written (e.g. FLTPTR=0x1 for flipping DATA[0])
  • Program in FLTCTRL.FLTMD the desired single or double fault injection mode (e.g. single for this example)
  • Enable the fault injection by setting FLTCTRL.FLTEN = 1
    Note: Once FLTEN = 1, FLTADR, FLTPTR and FLTMD become protected and cannot be written.
  • Perform a write at the address defined in FLTADR. Because of the fault injection, the selected bit(s) will be flipped in memory. (e.g. write 0xA5A5A5A5)
  • Disable ECC decoding (CTRLA.ENABLE = 0)
  • Read the word at the address defined in FLTADR. The returned data is 0xA5A5A5A4 because DATA[0] was flipped by the single fault injection
  • Enable ECC decoding (CTRLA.ENABLE = 1), disable fault injection (FLTCTRL.FLTEN = 0) and read the same word again. The returned data is now 0xA5A5A5A5 because the single error has been corrected. The single error is logged (INTSTA.SERR = 1) and an interrupt is triggered if it is enabled in INTENSET/CLR.SERREN = 1). ERRCADR will show the address defined in FLTADR. ERRCSYN will be 0x61, matching with an error on DATA[0].
    Note: It is necessary to disable the fault injection at this step, else, the corrected word will be corrupted again by the fault injection mechanism when it is written back in SRAM memory.
  • Disable ECC decoding (CTRLA.ENABLE = 0) and read the same word again. The returned data is now 0xA5A5A5A5 because the flipped bit has been corrected in memory during the write back at the previous step.

The following constraints must be observed during the whole ECC testing process:

  • After changing the configuration, a dummy read access to FLTCTRL is required prior to performing any access to the SRAM
  • When both ECC decoding and fault injection are enabled, no single-bit fault SRAM word should be read at the SRAM fault injection address, since memory correction write-back would inject a fault again
  • When both ECC decoding and fault injection are enabled, a double-bit fault SRAM word at the SRAM fault injection address should be overwritten only with a 32-bit wide access
  • When fault injection is enabled, the data bit(s) to be flipped, as programmed in FLTPTR, should always be part of the bytes modified by the write access to the SRAM fault injection address. A simple way to ensure this is to restrict the write accesses to the SRAM fault injection address to be 32-bit wide only.