A microcontroller unit (MCU) is a data processing device implemented within a single integrated circuit. An MCU may, for example, comprise one or more processor cores, memory units and peripherals. An MCU may have a functional state and a reset state. The functional state may be a normal operating state in which the MCU or a part thereof is capable of executing the tasks it is designed for. A reset state, on the other hand, is a state in which the MCU, or the respective part, has a reduced degree of functionality. In the reset state, the MCU, or the respective part of the MCU, may notably be unable to execute any software applications installed on it. The operation of setting the MCU into the reset state may also be referred to as a reset of the device.
An MCU may have one global reset state. Alternatively, an MCU may comprise several parts, e.g., modules or partitions, each part having its own functional state and reset state. The functional state and the reset state referred to herein may therefore be states of the entire MCU or of a part thereof.
For example, in safety-oriented systems on system-on-chips (SOC), a reset can be triggered by safety monitors. The safety monitors may, for example, generate a reset in response to the detection of a fault of a monitored block of the SOC. In a situation in which the faults are repetitive or continuous, the device may permanently remain in the reset state or it may cycle between the reset state and the functional state. This latter phenomenon, known as reset cycling, may occur, for example, when the MCU attempts to return to its functional state but is immediately forced back into its reset state because of the persistence of the repetitive or continuous faults. When the MCU is in its reset state, any active applications on it may stop executing their functional tasks and the device may stay in the reset state.
The reset state may be a safe state. A safe state is a state that satisfies certain safety requirements. For example, it may be required that all applications must be stopped. Indeed, it may be expected that in the event of a detection of faults by the SOC, it may be safer to stop all or at least some of the tasks performed by the SOC.
When the MCU is in the reset state, it may be impossible to debug the device. Furthermore, setting the MCU back into its functional state may require power cycling, that is, powering it entirely off and then powering it on again. Volatile information present on the SOC, including, for example, status information, may be lost in this process. This can make it difficult to analyze the faults that provoked the reset.
Furthermore, when the MCU is in its reset state, an application oriented selection of a possible reaction of the device may be impossible. For example, each power domain in, e.g., devices intended for functional safety applications may be protected by means of a low voltage detect (LVD). Operating the device without using the broken domain may be envisioned. This would, however, require a configuration option during the reset phase of the device.