22.3.1 Overview

The Error Controller’s (ERRCTRL) purpose is to collect hardware error reports from various systems in a functional safety MCU, present them to the application, and take immediate action if needed. The ERRCTRL is always enabled, and a timeout mechanism ensures it can always respond to errors.

The ERRCTRL is an interface or front-end to various MCU subsystems equipped to detect internal hardware errors, as shown in the block diagram above. The application can associate various severity levels with each hardware error by configuring the Error Source Control x (ERRCTRLn.ESCx) registers.

The ERRCTRL can be configured to output a heartbeat signal on an I/O pin. As long as no error is detected, this signal is a square wave with a specific frequency. When an error is detected, the heartbeat signal stays at a fixed level and does not change.

Each error source, such as Instruction ECC error or Stack Pointer Limit, is connected to an Error Channel. Whenever an MCU component detects a hardware error, it signals the ERRCTRL using the associated error channel. This causes the error channel’s Error Status Flag to be set in the Error Status Flags (ERRCTRL.ESF) register. The error channel’s ERRCTRL.ESCx register determines the resulting severity. The figure below shows how the ERRCTRL is connected to other systems X and Y in the MCU. For additional information, see the Error Injection section.