13.5 Functional Description

Each of the 64-bit RAM datum can be protected with 8 additional ECC bits providing single-bit error correction and double-bit error detection.

For the ECC to be used, prior to accessing the RAM from any system bus Host, the MCRAMC address space must be initialized with 64-bit writes only, from the CPU or from a DMA Host. The ECC decoding has to be enabled in the MCRAMC Control Enable A Register, after that the MCRAMC Sync Busy Register has to be read prior to the first read access to the RAM.

If ECC decoding is enabled, the ECC parity bits of the accessed RAM words are checked on every read.

Single-bit error read correction is performed on the fly with no penalty.

The MCRAMC writes back any corrected data into the RAM.

Simply reading the sensitive RAM content on a regular basis, for example from a DMA Host, prevents bit error accumulation. This is known as ECC memory scrubbing.

Double-bit error read detection triggers a bus error response from the MCRAMC, typically leading to a synchronous abort exception at the bus Host. This enables stopping of the bus Host access sequence precisely at the faulty address.

Upon a bus error response, the faulty address is registered in Error Capture Address Register.

For ECC testing purpose, single-bit or double-bit faults can be injected during writes at a specific address. The address needs to be programmed in the MCRAMC Fault Injection Address Register (MCRAMC.FLTADDR), the bits to be flipped need to be programmed in the MCRAMC Fault Injection Pointer Register (MCRAMC.FLTPTR) and the fault injection needs to be enabled in the MCRAMC Fault Injection Control Register (MCRAMC.FLTCTRL).

Then the MCRAMC Sync Busy Register has to be read prior to the first write access to the RAM.

After fault injections, if ECC decoding is disabled in the MCRAMC Control Enable A Register, reading at a faulty address directly shows the faulty data bits, if any. Then ECC decoding can be enabled again and fault injection disabled, to read and check single error correction or double error detection. Then ECC decoding can be disabled again to read and check if a single error has been automatically corrected in the RAM array.

When ECC decoding is enabled in the MCRAMC Control Enable A Register, single-bit and double-bit ECC errors can be flagged in the MCRAMC.

The INTSTA Interrupt Status register and can trigger an interrupt if enabled in the MCRAMC.INTENx Interrupt Enable register.

The characteristics of a single-bit error are captured into the MCRAMC Error Capture registers and held stable until either the MCRAMC INTSTA.SER status bit is cleared by the software or a Double-bit error occurs.

The characteristics of a double-bit error are captured into the MCRAMC Error Capture registers and held stable until the MCRAMC INTSTA.DER status bit is cleared by the software.

The following constraints must be observed during the ECC testing process:

• After one or more writes to the MCRAMC user interface to change its configuration, a single read needs to be done from the MCRAMC Sync Busy Register, prior to performing any access to the RAM.
• When both ECC decoding and fault injection are enabled, no single-bit fault RAM word must be read at the RAM fault injection address, because memory correction write-back would inject a fault again.
• When both ECC decoding and fault injection are enabled, a double-bit fault RAM word at the RAM fault injection address must be overwritten only with a 64-bit wide access.
• When fault injection is enabled, the data bits to be flipped, as programmed in the MCRAMC Fault Injection Pointer Register, must always be part of the bytes modified by the write access to the RAM fault injection address. A simple way to ensure this is to restrict the write accesses to the RAM fault injection address to be 64-bit wide only.