STM32 "Bulletproof" Application Fail Safes (BOR, WDT, etc)

Ddu P · ‎2018-10-03

I have an application which I’m trying to make absolutely “bulletproof�?, so I’m trying to imagine and handle absolutely every possible failure scenario (specifically this query relates to hardware failure scenarios rather than software bugs).

I was wondering what happens on the STM32 in the following scenarios?

One or more VDD/VSS/VDDA/VSSA pins lose connection (e.g. dry joint), whilst other VDD/VSS/VDDA/VSSA pins still have good connection.
Same as above, but for VCAP pins.

Would either of these scenarios be handled by POR/BOR, and what would the behaviour of the IWDT be in these scenarios? Is there any scenario where the MCU could potentially "hang" without this being caught by the IWDT?

Thanks in advance for any insight! 🙂

AvaTar · ‎2018-10-03

Hmmmm.

Use a Cortex R(4) with a dual core in lock step, and satisfy the requirements for the approriate system integrity level (SIL).

> Is there any scenario where the MCU could potentially "hang" without this being caught by the IWDT?

Data memory corruption or ECC error ?

waclawek.jan · ‎2018-10-03

> One or more VDD/VSS/VDDA/VSSA pins lose connection [...] VCAP pins

To detect such is probably beyond any reasonable commercial offering. Why don't you build your external monitoring circuits for this?

> Is there any scenario where the MCU could potentially "hang" without this being caught by the IWDT?

Of course, when the IWDG's clock fails, or it divider's fails, or if software hangs for whatever reason in a loop resetting the IWDG, or if the IWDG's output fails to reset the mcu, because of the reset circuit failure. Search this forum for "push-pull external reset" for some taster.

One can't be paranoid enough; and there's no such thing as

> absolutely “bulletproof�?

JW