22.3.19.1 Handling of Interrupts in Systems with Error Controller

A detected error is reported to both the Interrupt Controller and the Error Controller, resulting in a hazard since the interrupt controller may receive two interrupt requests originating from the same error source. These two interrupt requests will reach the interrupt controller in different clock cycles due to register delays in the Error Controller.

Write the interrupt handler to handle this hazard safely so the error is handled correctly and only once. The following pseudocode describes how to do this:

;; Interrupt vectors
RESET_VECTOR: jump START_PROGRAM
NMI_VECTOR: jump NMI_HANDLER
ERRCTRL_HANDLER: jump ERROR_HANDLER
<HW_PART_ERR_HANDLER>: jump ERROR_HANDLER
....
NMI_HANDLER:
    Perform desired actions
    Software Reset
ERROR_HANDLER:
    Clear Error Flag in INTFLAGS
    Clear ESF flag in ERRCTRL 
    Perform other actions
    Return from interrupt OR Software Reset
START_PROGRAM:
    Execute program

The ERRCTRL can be programmed to request an NMI instead of an interrupt, creating another hazard, as the hardware part will request an interrupt while the ERRCTRL will request an NMI. The NMI may arrive later at the Interrupt Controller and possibly disturb the already-started execution of the interrupt. For this reason, if the ERRCTRL is configured to request an NMI instead of an interrupt, the error handler must always exit with a software reset and not a return from interrupt.