1. Field of the Invention
The present invention relates to microcontrollers, and more particularly, to fault detection in program memory of microcontrollers.
2. Description of the Related Art
Microcontrollers are used in a wide variety of electronic products, for example, microwave ovens, dishwashers, automobile antilock brake systems, facsimile machines, etc. In order to function properly, every such electronic device or system must execute its program instruction code precisely. If there are errors associated with the storage and subsequent execution of the program instructions, there may be a system or device failure or even damage to the system or device itself.
To help prevent errors associated with the storage and execution of program instructions, Underwriter's Laboratories of Northbrook, Ill. developed a new safety standard that requires a microcontroller to be able to detect any faults related to its own program memory. Program memory is memory that stores program instruction code, while data memory is memory that stores data.
Detecting faults with a microcontroller's own program memory, however, is problematic when a data bus and an instruction bus are separated, for example, as with Harvard architecture microcontrollers. One problem is that prior art microcontrollers are not designed for performing some form of self checking the program memory data. Rather, the program instruction data in program memory is merely available for execution and not for reading to a data register or data memory. Thus, because the central processing unit does not store program instruction data in data memory, the program instruction data cannot be accessed by programs or systems that can perform data checks on the integrity or validity of the program instruction data.
One attempt to detect faults in program memory included using an instruction, "LAID," as for example, in an 8-bit complex instruction set computing ("CISC") architecture microcontroller by National Semiconductor of Santa Clara, Calif. The LAID instruction uses a contents of an accumulator to point to a fixed data table stored in a program memory. The contents of the accumulator are exchanged with a contents of a lower 8-bits of a program counter. Data accessed from the program memory location addressed by the program counter is then transferred to the accumulator. Simultaneously, the original contents of the lower 8-bits of the program counter are transferred back to the lower 8-bits of the program counter from the accumulator.
It is noted that the upper 7-bits of the program counter are unaffected and unchanged during execution of the LAID instruction. Thus, the accumulator and associated fixed data table must both be located in the current program memory of 256 bytes. Therefore, the LAID instruction is very restrictive because it does not allow for freely reading any location in the program memory without extensive set-up, making the LAID instruction unsuitable for fault checking in program memory.
Another attempt to detect faults in program memory is to have the microcontroller add two extra parity bits to each instruction inside the code memory, as for example, in a reduced instruction set computer ("RISC") architecture microcontroller. At each instruction fetch, the prior art microcontroller performs a parity check on every fetched instruction and the two parity bits. When a parity check fails, the program code is halted and an error message is transmitted. A problem with using the extra two parity bits is that there are extra system resources required for checking each instruction inside the program memory, thereby increasing the cost of the microcontroller. Further, because the parity bits for each instruction must be checked, the processing time for executing instructions is also increased and results in an overall decrease in microcontroller performance.
Using two extra parity bits to detect faults in program memory also decreases overall microcontroller flexibility. A RISC microcontroller uses instructions of the same bit length. Every different kind of instruction, e.g., arithmetic logic unit operations, branches, load instructions, store instructions, must fit into the same bit length. Thus, for a microcontroller having, for example, a 12-bit instruction word, the number of data addressing modes is limited. Because of a limited number of data addressing modes available in a RISC architecture microcontroller, such microcontrollers are ill-suited to have instructions that can read randomly any location in program memory and store the result into the data memory for subsequent data checking.
Therefore, there is a need for a system and a method for detecting faults in a program memory of a microcontroller that provides the flexibility to test the integrity of the program memory immediately after reset or during runtime of main program.