22.3.18 Error Controller and System Startup

At system start-up, the ERRCTRL is configured as follows:

• The ERRCTRL state is NORMAL
• The Timeout Value (ERRCTRL.TIMEOUT) register contains ‘0xFF’ (255 decimal), so the timeout feature is enabled, and timeout will occur after (255*4) = 1020 clock cycles
• All Error Source Control x (ERRCTRL.ESCx) registers contain 0x82, i.e., FLOAT is ’1’, and ERRLVL is NONCRITICAL

The consequences are:

• The ERRCTRL is in the NORMAL state when Reset is released, and the MCU starts executing instructions
• Errors detected and reported to the ERRCTRL during this period will lead to the appropriate Error Status Flag (ESF) being set, and the error is treated as a NONCRITICAL error, which will:
  • Transfer the ERRCTRL to the ALARM state
  • Raise an interrupt request since the reset value of the ALARM State Interrupt Type (INTTYPE) bit in the Control A (ERRCTRL.CTRLA) register is INT
  • This request will be left pending since the reset value of the Global Interrupt Enable bit in the CPU’s Status Register (CPU.SREG) is ’0’
• The timeout mechanism is enabled, and after a period of (255*4) clock cycles, any received and unhandled NONCRITICAL error will be escalated, transferring the ERRCTRL to the FAULT state and causing a safe state entry through a Machine Check Reset
• The start-up and system initialization code needs to reconfigure the ERRCTRL and examine any reported errors detected during the system start-up phase that has set any ESF within (255*4) clock cycles. Reconfiguration will typically require:
  • Configuring the ERRCTRL.ESCx registers to the desired value
  • Writing INTTYPE bit in ERRCTRL.CTRLA to the desired value
  • Writing ‘1’ to the Global Interrupt Enable bit in CPU.SREG so NONCRITICAL errors can be handled by an interrupt, which is only relevant if the INTTYPE bit in ERRCTRL.CTRLA is INT