45.4.1 ECC Functionality
The ECC feature is enabled by default after a reset, and can then be disabled and re-enabled using the CTRLA.ENABLE bit (for testing the ECC feature for example as detailed in the following “ECC testing” chapter). This disabling/enabling only applies to ECC decoding upon reads. The ECC encoding upon writes is always enabled and cannot be disabled.
Each 32-bit data word in SRAM is completed by 7 additional ECC bits, which are not accessible by the user.
Upon any 8/16/32-bit write in the memory, the 7 ECC bits are computed and stored along with the data (The 8/16-bits writes are actually composed of an atomic read 32 bits, modify, write 32 bits).
Upon any 8/16/32-bit read in the memory, if the ECC feature is disabled, then single or double errors are not detected, and not corrected. If the ECC feature is enabled, the ECC syndrome is computed on the related 32 data bits + 7 ECC bits.
If a single bit error is found, it is corrected on the fly and the corrected data is sent back seamlessly to the Host who requested it, and written back in the memory. The interrupt status INTSTA.SERR is set and the interrupt is triggered if enabled (INTENSET.SERR=1). The characteristics of this single bit error are logged in the error capture registers and will be either overwritten when a later double error is detected, or erased when the INTSTA.SERR bit is cleared.
If a double bit error is found, a bus error response is issued, typically leading to a synchronous abort exception. This enables stopping the bus Host access sequence precisely at the faulty address. The interrupt status INTSTA.DERR is set and the interrupt is triggered if enabled. The characteristics of this double bit error are logged in the error capture registers (potentially overwriting a previous single error information) and will be erased when the INTSTA.DERR bit is cleared.
The characteristics logged in the error capture registers for a single or double error consist of:
- The address of the faulty word in ERRCADR
- The parity bits computed on the read data in ERRCPAR
- The syndrome in ERRCSYN.ERCSYN
- Single error in ERRCSYN.ERR1 and double error in ERRCSYN.ERR2
In case of a single error, the syndrome value gives the position of the faulty bit as shown in the following table:
| ERCSYN Value | faulty bit | ERCSYN Value | faulty bit |
|---|---|---|---|
| 0x40 | ECC[6] | 0x26 | DATA[18] |
| 0x20 | ECC[5] | 0x64 | DATA[17] |
| 0x10 | ECC[4] | 0x2C | DATA[16] |
| 0x08 | ECC[3] | 0x1A | DATA[15] |
| 0x04 | ECC[2] | 0x23 | DATA[14] |
| 0x02 | ECC[1] | 0x2A | DATA[13] |
| 0x01 | ECC[0] | 0x32 | DATA[12] |
| 0x49 | DATA[31] | 0x46 | DATA[11] |
| 0x0D | DATA[30] | 0x4A | DATA[10] |
| 0x0E | DATA[29] | 0x52 | DATA[9] |
| 0x38 | DATA[28] | 0x62 | DATA[8] |
| 0x4C | DATA[27] | 0x13 | DATA[7] |
| 0x1C | DATA[26] | 0x29 | DATA[6] |
| 0x58 | DATA[25] | 0x31 | DATA[5] |
| 0x0B | DATA[24] | 0x43 | DATA[4] |
| 0x54 | DATA[23] | 0x45 | DATA[3] |
| 0x15 | DATA[22] | 0x19 | DATA[2] |
| 0x16 | DATA[21] | 0x51 | DATA[1] |
| 0x34 | DATA[20] | 0x61 | DATA[0] |
| 0x25 | DATA[19] | - | - |
In case of a double error, in the synchronous abort exception handler, if the corrupted RAM word was originally provided from a non-volatile memory (for example a CPU instruction copied from Flash to RAM), it can be safely copied again into the RAM before returning from the abort exception handler. If the abort exception is immediately re-entered, there are ‘stuck-at’ bits in the corrupted memory word, which require applying self-patching code technics prior to returning from the abort exception handler.