STM32 Safety Platform
Explore how easy you can setup a STM32 safety platform, which is ready for medium safety integrity levels (SIL2). With some further work the high safety integrity levels (SIL3+) are possible, too. We use the Flexible Safety RTOS, the Safety AddOns and the Self-Test Library (STL) from STMicroelectronics to build a solid platform.
This article describes the integration step for using the “X-CUBE-STL” for the STM32F4 series with the Flexible Safety RTOS software. The involved components are:
Flexible Safety RTOS (pre-certified RTOS with memory protection)
Safety AddOns (pre-certified modules to check the freedom of interference in systems)
ST X-CUBE-STL (pre-certified functional safety package to achieve IEC 61508 Safety Integrity Level (SIL2/3) certification with STM32)
Benefits of the combines package
The safety manual provided by STMicroelectronics list the safety requirement (hardware, software and application level) considered in the safety analysis of the microcontroller. The following list gives an (incomplete) overview which safety requirement is covered by using the Flexible Safety RTOS and the Safety Addon:
CPU_SM_1 - Control flow monitoring in application software is covered by Safety Addon (PFM)
CPU_SM_4 - Stack hardening for application software is covered by Safety Addon (E2E)
MPU_SM_0 - Periodical read-back of MPU configuration registers is covered by Flexible Safety RTOS
FLASH_SM_0 - Periodical software test for Flash memory is covered by STL or Safety Addon (CRC)
FLASH_SM_1 - Control flow monitoring in application software is covered by Safety Addon (PFM)
RAM_SM_0 - Periodical software test for SRAM memory is covered by STL
RAM_SM_2 - Stack hardening for application software is covered by Safety Addon (E2E)
RAM_SM_3 - Information redundancy for safetyrelated variables in application software is covered by Safety Addon (E2E)
RAM_SM_4 - Control flow monitoring in application software is covered by Safety Addon (PFM)
RAM_SM_5 - Periodical integrity test for application software in RAM is covered by Safety Addon (CRC)
BUS_SM_1 - Information redundancy in intra-chip data exchanges is covered by Safety Addon (E2E)
DMA_SM_1 - Information redundancy on data packet transferred via DMA is covered by Safety Addon (E2E)
Note: your used peripheral interfaces (CAN, I2C, SPI, USB, ETH, ..) may require information redundancy techniques.
Integration Steps
To demonstrate the features and integration of the X-CUBE-STL in a system using the Flexible Safety RTOS, you just need to download the following packages provided by Embedded Office:
The Flexible Safety RTOS demo package
The Safety AddOns
and the single package provided by STMicroelectronics:
The X-CUBE-STL package
As preparation for the integration, please extract all packages from Embedded Office into a single folder of your choice. Afterwards, add the X-CUBE-STL package to get the resulting file structure:
+- addons <- Safety AddOns
+- bsp <- Board support Package
+- cert-mpu <- Flexible Safety RTOS
+- demo
| +- addons
| | +- 03_stlib <- root of demo project
| | | +- source
| | | | +- app.c/.h <- startup of application
| | | | +- app_crc_perf.c/.h <- demonstrate safety addon
| | | | +- stl_app.c/.h <- demonstrate X-CUBE-STL
| | | | +- app_hooks.c/.h <- online test hook example
| | | +- STM32_Safety_STL <- X-CUBE-STL package
Now you can start with the guided integration steps. The steps are:
add the X-CUBE-STL to the make process
add required sections of the X-CUBE-STL to the link process
program the checksums for the flash tests
integrate and execute the X-CUBE-STL in code
The steps are explained in detail in the following chapters which is an example for IAR compiler.
Makefile
Embedded Office provides an example makefile for demo projects. This makefile is located in the demo root folder. This makefile organizes the BSP, RTOS and Safety AddOns build. Now we need to integrate the X-CUBE_STL into the build process.
Add STM32_Safety_STL path for sources and includes:
STL_PATH = ./STM32_Safety_STL
...
VPATH += $(STL_PATH)/Inc
VPATH += $(STL_PATH)/Src Add STL_Lib.a to get it linked:
LIB_FILES = $(STL_PATH)/Lib/STL_Lib.aAdd compiler define STM32F407xx for use with stl_user_param_templates.c, i.e. selection of the correct hardware. The file stl_user_param_templates.c lists the possible hardware variants and therefore the possible defines.
CC_OPTS += -DSTM32F407xxLinker Command File
Similar to the makefile, Embedded Office provides a linker command file in the demo root folder. The linker command filename depends on the development environment. For IAR the file extension is '.icf'.
In this file, we add a "backup_buffer_section" for the X-CUBE_STL RAM tests:
define block FIXED_ORDER_RAM with fixed order {
section backup_buffer_section, readwrite
};
place in core_ram_1 {
block FIXED_ORDER_RAM
};Note: This section is used during RAM tests, so that RAM content is not destroyed.
FLASH Test Checksums
Ensure that CRC checksums for flash tests are also flashed when downloading the demo application. The document "STM32F4 Series self-test library user guide" gives a good explanation where the checksums must be stored in flash. It also provides information and a link to the STM32CubeProgrammer, which can be used as a CRC programming tool.
When using the Lauterbach Trace32 debugger, following code in a scriptfile *.cmm will calculate the CRC checksums and place them to the required locations:
; Set checksums for flash test,
; must match flash test settings:
; 4 sections with 1kB each,
; starting from 0x08000000
Data.SUM 0x08000000--0x080003ff /byte /CRC32
Data.Set 0x080FF000 %Long Data.SUM()
Data.SUM 0x08000400--0x080007ff /byte /CRC32
Data.Set 0x080FF004 %Long Data.SUM()
Data.SUM 0x08000800--0x08000bff /byte /CRC32
Data.Set 0x080FF008 %Long Data.SUM()
Data.SUM 0x08000C00--0x08000fff /byte /CRC32
Data.Set 0x080FF00C %Long Data.SUM()Demo Application
Now we can call the X-CUBE-STL test function within the application. Please consider the following when choosing the calling location:
all test functions require privileged access permissions
the test functions are locking the interrupts for a limited amount of time (see the STM32F4 Series self-test library user guide for details)
For this demonstration, we choose the hook function, which is called within the idle time of the Flexible Safety RTOS: Example:
#include "stl_app.h"
void App_TaskIdleHook(void)
{
/* The STL must be executed with privileged level,
* in order to be able to modify certain core registers
* (for example the PRIMASK register).
*/
/* Note: Idle task hook runs in privileged mode */
StlSingleTest();
StlArtificialTests();
StlMultipleTests();
StlRamTestOneSubset();
StlRamTestMulSubsets();
/* Flexible Safety RTOS Monitoring */
err = SPMonMpuCfgChk();
if (err != SP_MON_ERR_NONE) {
/* Fatal Error: stop CPU in safety state */
OS_SAFETY_CRITICAL_EXCEPTION();
}
}Note 1: The idle task stack must be big enough. See the STM32F4 Series self-test library user guide for the required STL stack usage.
Note 2: The example above just combines all STL demos. In a real project the integrator has to select the fitting tests covering the safety requirements.
Note 3: The Safety Manual of the Flexible Safety RTOS forces the execution of online tests of the MPU configuration.
As an alternative, one or more STL tests can be performed as POST tests before starting the safety application:
#include "stl_app.h"
int main (void)
{
...
/* POST test must run before OSInit() */
StlSingleTest();
StlArtificialTests();
StlMultipleTests();
StlRamTestOneSubset();
StlRamTestMulSubsets();
/* initialize realtime kernel */
OSInit();
...
}Conclusion
In conclusion, the integration of the STM32 Self-Test Library with our Flexible Safety RTOS and Safety AddOns offers a powerful solution for software developers working on safety-critical projects. By leveraging the comprehensive safety checks, real-time fault detection, and diagnostic reporting capabilities of the self-test library, developers can ensure exceptional functional safety, reliability, and compliance with industry regulations.
With our integration service, the process becomes seamless, saving time, and reducing costs. Take your safety-critical projects to the next level and unlock the full potential of your software development with our integrated solution. Contact us today and let us assist you in building high-quality safety products efficiently and effectively.