18.3.9.4 CFD Test
The CFD can be tested by writing the corresponding bit in the CLKCTRL.MCLKCTRLC register.
The test facility works by masking all pulses from the monitored clock during one monitor interval. Therefore, the test will require between one and two monitor intervals before the CFD failure is detected, flagged and reported to the Error Controller. The reason for requiring up to two cycles is that the current monitoring cycle must be allowed to complete before a new monitoring cycle, which is ensured to have no edges on the monitored clock, can start.
- Testing the clock failure without influencing the main clock:
To not influence the main clock when testing CFD, the CFDSRC bit field must be configured to a clock source different than the main clock, i.e. CFDSRC in CLKCTRL.MCLKCFD[n]CTRLA must be different from
0x00. Write the CFDn bit in CLKCTRL.MCLKCTRLC to trigger a CFD condition. The CFD condition will set the CFDn flag in the CLKCTRL.MCLKINTFLAGS register but the main clock will not change to the start-up clock source. - Testing the clock failure and changing the main clock to OSCHF:
If the CFDSRC bit field is
0x00, such that the main clock is monitored, and XOSCHF or EXTCLK is the main clock source, writing the CFDn bit in CLKCTRL.MCLKCTRLC triggers a CFD condition. The CFDn bit in the CLKCTRL.MCLKINTFLAGS register will be set and the main clock source will change to OSCHF. - Testing the clock failure and triggering a Machine Check Reset:
If the CFDSRC bit field is
0x00, such that the main clock is monitored, and XOSCHF or EXTCLK is NOT the main clock source, writing the CFDn bit in CLKCTRL.MCLKCTRLC triggers a CFD condition and a Machine Check Reset will be requested.
When a CFD error is injected on the main clock, the main clock is stopped in a safe way, i.e. not generating any glitches or violations of the required clock properties. This will emulate a real error, and also allow the system to continue in a safe way after the failure has been detected.