Reset MCU when invalid opcode or when executing out of used flash

DavidNaviaux · ‎2023-11-11

In my design, it is very important that a run-away MCU be stopped before it can do damage. In my case damage would occur if a specific MCU pin goes high for more than about 5 microseconds.

Are there any recommendations on the best way to do this (e.g., watchdog timer, Hard Fault interrupt)?

AScha.3 · ‎2023-11-11

so about hrtim -> protection of mosfet/driver

read in rm about hrtim -> fault protection !

the timer has break inputs, to stop output (go to save level - you have to define, what it should do.)

so "usual" way ( i use also) is: to have current limit protection , you need to test/measure the output current anyway;

you have as shown in circuit some current transformer - right? so use its signal to switch the break input; so you get over current protection (switching in ..some ns time outputs off ) and also protection against program errors.

just - test it working and never (also at power up or reset of cpu) any wrong signal is coming from the cpu pins - check with a DSO ! and only if 100% sure, its working fine AND protection also working, connect power to the mosfet part !!!! ( or you will blow up some xx mosfets for sure. :) )

If you feel a post has answered your question, please click "Accept as Solution".

View solution in original post

AScha.3 · ‎2023-11-11

is this again about the hrtim -> mosfet driving ?

https://community.st.com/t5/stm32-mcus-products/protection-against-hrtim-output-locking-high/td-p/606973

If you feel a post has answered your question, please click "Accept as Solution".

DavidNaviaux · ‎2023-11-11

Yes it is, but I thought my previous post was too complex to expect to get an answer. The answer to this post, would allow me to fix this issue as best as I can (about 1000 of these controllers are about to be built and I need them to work reliably).

AScha.3 · ‎2023-11-11

so about hrtim -> protection of mosfet/driver

read in rm about hrtim -> fault protection !

the timer has break inputs, to stop output (go to save level - you have to define, what it should do.)

so "usual" way ( i use also) is: to have current limit protection , you need to test/measure the output current anyway;

you have as shown in circuit some current transformer - right? so use its signal to switch the break input; so you get over current protection (switching in ..some ns time outputs off ) and also protection against program errors.

just - test it working and never (also at power up or reset of cpu) any wrong signal is coming from the cpu pins - check with a DSO ! and only if 100% sure, its working fine AND protection also working, connect power to the mosfet part !!!! ( or you will blow up some xx mosfets for sure. :) )

If you feel a post has answered your question, please click "Accept as Solution".

DavidNaviaux · ‎2023-11-11

Thank you so much for that answer. I'll review the pertinent sections of the rm. My original issue was that I had the BOOT0 pin floating which caused the MCU to execute out of uninitialized RAM the first time I applied power. I was using a current limited power supply that limited damage to the MOSFET and gate driver. I found that I could program the option bits to ignore the BOOT0 pin but that was not the default setting and have since added a pull-down on the BOOT0 pin to fix it so that the MCU can get programmed without damaging the board.