Reliability design is a system engineering, and the reliability of a single-chip system must be fully considered in terms of software, hardware, and structural design. The reliability design of the hardware system is the basis of the reliability of the single-chip system, and the reliability design of the software system plays a role in suppressing external interference. The main methods of software system reliability design are: power-on self-test, software trap (for program "running" detection), setting program running status flag, output port refresh, input multiple sampling, software "watchdog" and so on. Through the reliability design of the software system, the impact of the interference on the system work is minimized, and the single-chip microcomputer is found to promptly find errors caused by the interference, and restore the system to the normal working state or timely alarm.
First, the boot self test
After booting, first check the hardware and software status of the MCU system. Once it is found to be abnormal, it will be processed accordingly. The power-on self-test routine usually includes detection of RAM, ROM, I/O port status, and so on.
1 Detect RAM Check whether the RAM read and write is normal. The actual operation is to write "00H" to the RAM unit, read "00H", write "FFH" to it, and read "FFH". If the RAM unit reads and writes an error, a RAM error (sound and light or other form) should be given and wait for processing.
2 Checking the contents of the ROM unit The detection of the ROM unit is mainly to check the checksum of the contents of the ROM unit. The so-called ROM checksum is to add the contents of the ROM one by one to obtain a value, which is called the checksum. The ROM unit stores programs, constants, and tables. Once the program is written, the contents of the ROM are determined and the checksum is unique. If the ROM checksum error occurs, a ROM error message (sound and light or other form) should be given and wait for processing.
3 Check the status of the I/O port Firstly, determine the state that the I/O port of the system should be in the standby state, and then check whether the I/O port of the MCU is in the standby state (such as whether there is a short circuit or open circuit). If it is not normal, an error message (sound and light or other form) should be given and it is waiting for processing.
4 other interface circuit detection In addition to the detection of the internal resources of the above-mentioned single-chip microcomputer, other interface circuits in the system, such as extended E2PROM, A/D conversion circuit, etc., such as the 555 single-stable temperature measurement circuit in the digital thermometer, All should be tested by software to determine if there is a fault.
Only if all the checks are normal, the program can continue to execute, otherwise it should prompt an error.
Second, the software trap
There will always be some areas in the program memory that are not used. If the PC counter value of the instruction counter is misplaced due to interference, the program will jump to these unused program memory space and the system will go wrong. The software trap is in the unused area of ​​the program memory, plus a number of empty operations and unconditional jump instructions. The unconditional jump instruction points to the entry address of the program "running" processing subroutine. If the program jumps to these unused areas, an unconditional jump instruction is executed and the corresponding program error "runaway" handler is transferred. In addition to the unused area of ​​the program, you can insert software traps between the blocks (such as between subroutines and after a section of processing) and at the end of a page, the effect will be better. Here is a program with a software trap;
DSP: ...; display subroutine
RET
NOP; software trap
NOP
NOP
LIMP FLY
D10MS: MOV R0, #010H; delay subroutine
......
RET
NOP; software trap
NOP
NOP
LJMP FLY
......
FLY: ... ; "running" processing subroutine
RET
Third, the procedure
"Running" processing to carry out the program "running" processing, it is necessary to distinguish the impact of the program "running", and the process running before the program "running", which requires the corresponding signs to be set.
RAM Data Normal Flag The RAM data normal flag is to detect whether the data in the RAM area has changed due to the program "running" or other interference. If the data in the RAM area is changed due to the program "running" or other interference, the system cannot recover to the original error location by itself, and can only be executed from the beginning by manual or by software reset. To perform normal detection of the RAM area data, first set the RAM data normal flag to several units of the RAM in the initialization program. Usually, several units are selected in the RAM area, and they are set to a fixed number in the initialization program, such as "55H" or "0AAH". As long as the program runs normally, the contents of these units will not be modified. “Running†or other interference causes data in any of these RAM cells to change, indicating that the contents of other RAM cells may also change, failing to reflect the results and status of the program, and not recovering the program based on the flags in the RAM area. Run the scene.
The program run flag program running status flag is to set some flag bits in the RAM area, these flags represent the different stages of the program operation and the status after the operation. In the initialization program, the initial values ​​are first set for these units. At different stages of the program operation, the contents of these units will be changed to specific values, marking the stage in which the program is running and the status after the operation. In addition to the conditional transfer function in the normal operation of the program, these flags can also play the role of restoring the program running scene when the program "runs away" and the RAM area data is normal.
The program "running" processing program "running" processing is to transfer to the "running" processing program after the program detects "running" from the software trap. The "running" processing program determines the degree of influence of "running", depending on the degree of influence, whether it is an alarm reset or an automatic recovery of the scene. If the site is automatically restored, it needs to be marked according to the program running status. How to carry out the program "running" process depends on the design requirements of the control system.
Fourth, the output port refresh
Since the I/O port of the microcontroller is susceptible to interference from external signals, the state of the output port may also change. Periodically adding an output refresh command in the program can reduce the effect of interference on the state of the output port. In the program, the state in which the RAM unit stores the output port should be specified, and the I/O port is refreshed according to the contents of these RAM units during the running of the program.
Five, input multiple sampling
Interference with the input to the microcontroller will cause errors or misreading of the input signal for instantaneous sampling. To eliminate the effects of interference, repeated sampling and weighted averaging are usually used.
For example, for external level sampling (such as buttons), the software reads the keyboard every 10ms or reads it several times in succession. The data read each time is the same or the voting key method is used to confirm the input key value. Another example is the use of a one-shot circuit to detect temperature (see "Electronics", No. 51, ninth edition, 1999). The pulse width is counted for the one-shot circuit, and then the temperature value is checked. In order to eliminate the influence of interference, it is possible to take three samples for averaging, or to take two samples, the difference is less than the set value, and then average (also called software filtering). In short, the input signal is sampled multiple times, and then how to process it according to the actual processing effect of the specific object is preferred, the reader can determine by the effect of interference during the laboratory debugging and the debugging of the on-site environment.
Sixth, the software "watchdog"
A software trap is a method of detecting a program error when the program runs to an illegal area of ​​the ROM. The "watchdog" is based on the program does not perform the corresponding operation within the specified time interval, that is, the watchdog timer is not reset on time to judge the program running error.
In the case of system cost, a special watchdog circuit chip or an on-chip microcontroller with a watchdog timer should be selected. If the conditions do not allow, the software "watchdog" should be added.
Dc Gear Motor,Dc Motor 24V,220V Gear Motor,Permanent Magnet Dc Motor
NingBo BeiLun HengFeng Electromotor Manufacture Co.,Ltd. , https://www.hengfengmotor.com