HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide AN0554EN V1.00 1 / 31 May 5, 2020 HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide D/N: AN0554EN Introduction The International Electrotechnical Commission (IEC) has produced the safety standard IEC 60730 for household appliance development. The IEC 60730-1 standard (Automatic electrical controls for household and similar use - Part 1: General requirements) defines the test and diagnostic methods that ensure the safe operation of the controlled equipment used in household appliances. Annex H is the key part that classifies the software into three categories, Class A, B, and C. Holtek provides an HT32 Safety Test Library (hereinafter referred to as “HT32 STL”) for Class B control functions which are intended to prevent unsafe appliance operation. An example of this could be thermal cut- offs and door locks for laundry equipment. Class B covers a large range of household appliances, including dishwashers, washing machines, refrigerators, freezers, and cookers. According to the IEC 60730, household appliance manufacturers must now design their products following Class B rules. This document describes the functions, environment, system architecture, and usage of the Holtek HT32 STL for IEC 60730-1 Class B certification. The HT32 STL applies to almost all of the HT32 Cortex ® -Mx 32-bit MCU series devices. It provides Class B self-test functions including CPU Register, Program Counter, Interrupt, Clock, Invariable Memory (Flash Memory), Variable Memory (SRAM), Digital I/O, Analog I/O which are defined in Table H11.12.7 in Annex H of IEC 60730-1. The HT32 STL can help users reduce the development time for the self-test functions and accelerate the process to obtain certification.
31
Embed
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide - Holtek · 2020. 6. 18. · HT32 UL/IEC 60730-1 Class B Safety Test Library User ’s Guide. AN0554EN V1.00 1 / 31
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 1 / 31 May 5, 2020
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
D/N: AN0554EN
Introduction
The International Electrotechnical Commission (IEC) has produced the safety standard IEC 60730
for household appliance development. The IEC 60730-1 standard (Automatic electrical controls for
household and similar use - Part 1: General requirements) defines the test and diagnostic methods
that ensure the safe operation of the controlled equipment used in household appliances. Annex H
is the key part that classifies the software into three categories, Class A, B, and C. Holtek provides
an HT32 Safety Test Library (hereinafter referred to as “HT32 STL”) for Class B control functions
which are intended to prevent unsafe appliance operation. An example of this could be thermal cut-
offs and door locks for laundry equipment. Class B covers a large range of household appliances,
including dishwashers, washing machines, refrigerators, freezers, and cookers. According to the
IEC 60730, household appliance manufacturers must now design their products following Class B
rules.
This document describes the functions, environment, system architecture, and usage of the Holtek
HT32 STL for IEC 60730-1 Class B certification. The HT32 STL applies to almost all of the HT32
Cortex®-Mx 32-bit MCU series devices. It provides Class B self-test functions including CPU
Register, Program Counter, Interrupt, Clock, Invariable Memory (Flash Memory), Variable
Memory (SRAM), Digital I/O, Analog I/O which are defined in Table H11.12.7 in Annex H of IEC
60730-1. The HT32 STL can help users reduce the development time for the self-test functions and
accelerate the process to obtain certification.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 2 / 31 May 5, 2020
Functional Description
UL/IEC 60730-1 Class B Self-Test Functions
Table H11.12.7 in Annex H of IEC 60730-1 defines the following Class B components to be tested.
The HT32 STL includes all of them.
Component Test Purposes and the Method that HT32 STL Used
1.1 CPU Register Confirm all the CPU registers are working correctly and are not “stuck” using a firmware periodic self-test.
1.3 Program Counter Confirm the Program Counter is working correctly and is not “stuck” using a firmware periodic self-test.
2.0 Interrupt Detect situations of “no interrupt or too frequent interrupt” using time-slot monitoring.
3.0 Clock Detect “wrong frequency” using time-slot monitoring. 4.1 Invariable Memory Detect “all single bit faults” using a checksum. 4.2 Variable Memory Detect “DC fault” using a periodic static memory test (March C/X). 7.1 Digital I/O Detect specified fault conditions using a plausibility check. 7.2 Analog I/O Detect specified fault conditions using a plausibility check.
Features of the HT32 STL
The HT32 STL includes the following features.
1. Hierarchical Layering
2. Modularise and Configurable
3. Easy to Use and Integrate
4. Supports almost all the HT32 series (Cortex®-Mx Core)
Note: The HT32 STL requires a low-speed timer/counter for the clock test. It does not support
devices without an RTC/Low-speed Timer (for example the HT32F52220/52230). Contact a
local agent for more information.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 3 / 31 May 5, 2020
System Requirements MCU Hardware The HT32 STL is related to the following MCU hardware.
Analog to Digital Converter – ADC SAR ADC engine External and internal analog input channels
I/O Ports – GPIO A large number of GPIOs Port X is mapped onto 16 external interrupts (EXTI) Supports Input Enable function for output pin loopback checking
Real-Time Clock – RTC 32-bit up-counter with a programmable Prescaler Interrupt and wake-up event
MDK-ARM V5 and above. ARMCC V5 (included in the MDK-ARM IDE).
Other Tools Windows command interpreter (cmd.exe) Gsar V1.21 (http://gnuwin32.sourceforge.net/packages/gsar.htm) SRecord V1.64 (http://srecord.sourceforge.net/)
Note: Gsar and SRecord which are included in the HT32 Firmware Library and HT32 UL/IEC 60730-1 Class B STL are release as original Windows binary versions (.exe file). Holtek has not modified any source code. Refer to the corresponding copyright information for details.
Environment Setup
This section introduces how to setup a test environment for the HT32 STL, including the hardware,
software and basic testing.
Hardware
To download and test the HT32 STL library, prepare a Starter Kit and one micro USB cable. Take
the HT32F50241 Starter Kit as an example, there are two USB connectors on the board. Connect
the PC using the USB cable to the onboard e-Link32 Pro connector as shown in the red box below.
5. Press the “Rebuild” icon in the Keil uVision (or press F7 hotkey), confirm that all the build
actions have been successful and the output message is similar to the figure below.
Figure 5. Output message after building the code
6. Download the image into the Starter Kit by pressing the “LOAD” icon (or the menu, “Flash-
>Download”).
7. After the download has completed, press the reset button, after which the LED will flash (on
the left side). This means that the hardware and software environments are operating correctly.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 7 / 31 May 5, 2020
System Architecture
The following sections show the HT32 STL system architecture including the layered architecture,
file/folder organisation, Safe Stop function, usage flow, memory layout, and redundant global
variables.
Layered Architecture
The following figure shows the HT32 STL architecture including the User Layer, STL API Layer,
and Safety Test Library (STL) Layer. Hierarchical layering assists the user to integrate the HT32
STL into their firmware/product quickly. The STL API Layer includes the STL Startup and Main
module.
RESETReset_Handler()
HT32_STL_StartUp()
main() HT32_STL_MainInit()
HT32_STL_MainRoutine()Main Super-Loop
HT32 STL XXXRuntime Test
HT32_STL_SafeStopCritical()
HT32 STL XXXStartup Test
ht32fxxxxx_startup_xx.s ht32_stl_startup.c
main.c
ht32_stl_main.c ht32_stl_xxx.c
HT32 STL XXXInit
User Layer STL API Layer Safety Test Library Layer
HT32_STL_MainTimerHandler_HS()
High Speed Time Base ISR(Default 1 ms)
ht32fxxxxx_it.c
HT32 STL CLK & VARMEMRuntime Test (by interrupt)
Step1Fail
Fail
Step2
Step1
Step2
STL_05_0001
STL_05_0102
Low Speed Time Base ISR(Default 1 s)
HT32_STL_MainTimerHandler_LS()
Interrupt ISR(To be monitored)
HT32 STL INTHT32_STL_IntTick()
STL_05_0204
HT32 STL INT & CLKRuntime Test (by interrupt)
Fail
Fail
Fail
STL_05_0205
STL_05_0206
STL_05_0207
STL_05_2007
STL_05_0205
STL_05_0206
STL_05_3005, STL_05_4205
STL_05_2006/2008, STL_05_3006
HT32_STL_MainIntTick()
STL_05_0207
STL_05_0201
STL_05_0203
Figure 6. HT32 STL Software Architecture
The STL Startup module is used to perform the startup test for the test items which cannot be tested
during run-time. The STL Main module is a major part that helps the user to perform each self-test
function. The Main Routine function of the STL Main module should be called by the user regularly.
Since some of the self-test cannot be interrupted or requires interaction between different timing,
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 8 / 31 May 5, 2020
the main module provides the High-Speed and Low-Speed Timer Handler to collect related self-
test module functions. Users should configure the High-Speed and Low-Speed Timer in the User
Layer and call the corresponding Timer Handler of the STL Main module.
HT32 STL Organisation
The HT32 STL application code contains two folders, which are “application” and “library”. The
following table shows all the folders/files and their description.
Folder / File Name Description “\\library\HT32_SafetyTest_Library_IEC60730_ClassB\” inc\ht32_stl.h The major header file of the HT32 STL. inc\ht32_stl_adc.h src\ht32_stl_adc.c The header file and source code of the Analog I/O (ADC) test item.
inc\ht32_stl_clock.h src\ht32_stl_clock.c The header file and source code of the Clock test item.
inc\ht32_stl_cpu.h src\ht32_stl_cpu.c The header file and source code of the CPU test item.
inc\ht32_stl_digitalio.h src\ht32_stl_digitalio.c The header file and source code of the Digital I/O test item.
inc\ht32_stl_interrupt.h src\ht32_stl_interrupt.c The header file and source code of the Interrupt test item.
inc\ht32_stl_invar_memory.h src\ht32_stl_invar_memory.c The header file and source code of the Invariable Memory (Flash) test item.
inc\ht32_stl_pc.h src\ht32_stl_pc.c The header file and source code of the Program Counter test item.
inc\ht32_stl_startup.h src\ht32_stl_startup.c The header file and source code of the STL Startup module.
The header file and source code of the Variable Memory (SRAM) test item.
inc\ht32_stl_debug.h The debug related definition. inc\ht32_stl_main.h The header file of the STL Main module. “\\application\SafetyTest_IEC60730_ClassB\SafetyTest_Example\” _Tools\ srec_cat.exe srec_cmp.exe srec_info.exe srec_make.bat srec_make_IAP.bat srec_make_manual.bat
The related tools and script for SRecord which help users to calculate/modify the checksum of the image for the Invariable Memory (Flash) test.
linker\linker.lin The Keil linker script example for different memory layout configurations. _CreateProject.bat The batch script for project file creation.
_ht32_project_source.h The project source file which uses the “#include” way to add the source code file into the project compilation list. This file is included by “man.c”.
_ProjectConfig.bat The configuration for the project file creation. ht32_board_config.h Board related configuration file for pin assignment and other settings. ht32_stl_60730b_config.h The HT32 STL configuration file. ht32_stl_main.c The source code file of the HT32 STL main module. ht32f1xxxx_01_it.c ht32f5xxxx_01_it.c Files which include the interrupt service routine.
main.c The source code file of the main function.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 9 / 31 May 5, 2020
Safe Stop Function
The HT32 STL Safe Stop function is located in the STL Main module instead of being located in the
Safe Test Library Layer since the user should modify the procedure according to the application
requirements. Three major steps, handling, notification and stop are designed to help the user stop the
system in a safe state. Users have to provide a correct action to the Safe Stop function and ensure that
it operates as expected. If any failure is detected, the HT32 STL Safe Stop function will be called.
Note: The following defines are located at “ht32_stl_60730b_config.h” #define HTCFG_STL_SAFESTOP_RESET (0) #define HTCFG_STL_SAFESTOP_ENABLE_WDTRELOAD (1)
Figure 7. Safe Stop Function Flowchart
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 10 / 31 May 5, 2020
Usage Flow – Startup Procedure
The STL Startup function is called by the “ht32fxxxxx_startup_nn.s” after an MCU reset. It calls
the startup test function including CPU, Invariable Memory, and Variable Memory. Additionally,
the WDT Reset is also checked here to ensure the HT32 Safe Stop function is called when the
Program Counter test has failed (caused by WDT Reset).
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 15 / 31 May 5, 2020
Reserved for System
0x20000000
Redundant Memory
SRAM Layout
VarMemTest Pointer
0x20000010
VarMemTest Pointer Inv.
0x20000014
0x20000018
VarMemTest Buffer(4 Bytes x 6 )
0x2000001C
WDT Reset Count Inv.
0x20000020
WDT Reset Count
0x20000080
0x20000380 RW Base Address
#define HTCFG_STL_VARMEM_LENGTH
#define HTCFG_STL_VARMEM_RUN_PTR
#define HTCFG_STL_VARMEM_RUN_PTRINV
#define HTCFG_STL_VARMEM_RUN_BUFFER
#define HTCFG_STL_PC_WDT_RESETCNT_ADDR
#define HTCFG_STL_PC_WDT_RESETCNT_ADDRINV
Global Memory(RW, ZI, Stack)
.
.
.
.
.
.Reserved (72 Bytes)
STL_05_4208
#define HTCFG_STL_VARMEM_RUN_CLASSB_START
#define HTCFG_STL_VARMEM_RUN_CLASSB_END0x20000680
#define HTCFG_STL_VARMEM_STARTUP_RAM_END
#define HTCFG_STL_VARMEM_STARTUP_RAM_START
Figure 14. HT32 STL Default Memory Layout
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 16 / 31 May 5, 2020
The following figure is a simplified memory layout that helps to understand the test range of the
Variable Memory (SRAM) test item. The startup test of the Variable Memory test starts from
“HTCFG_STL_VARMEM_STARTUP_RAM_START” and ends with “HTCFG_STL_
VARMEM_STARTUP_RAM_END”. The run-time self-test of the Variable Memory (includes the
Class B global and redundant memory) starts from “HTCFG_STL_VARMEM_RUN_
CLASSB_START” and ends with “HTCFG_STL_VARMEM_RUN_CLASSB_END”.
Redundant Memory
SRAM Layout
0x20000080
0x20000380
Global Memory(RW, ZI, Stack)
.
.
.
STL_05_4210-1
0x20000000
0x20000680
#define HTCFG_STL_VARMEM_RUN_CLASSB_START
#define HTCFG_STL_VARMEM_RUN_CLASSB_END
.
.
.
#define HTCFG_STL_VARMEM_STARTUP_RAM_END
Star
tup
Test
Ran
ge
#define HTCFG_STL_VARMEM_STARTUP_RAM_START
Run-
time
Test
Ran
ge
Figure 15. Variable Memory Test Range
Redundant of the Class B Global Variable
To increase the reliability of information stored in the SRAM, the global variable should be saved
in double storage in physically separated areas in a different format. As the memory map showed
in the previous section, the system reserves a redundant memory area for the Class B global
variables. The Class B global variables which relate to safety functions should use that area to save
redundant values. The mechanism simply re-maps the memory address from the global memory to
the redundant memory by subtracting the address of the global variable with an offset (defined by
HTCFG_STL_VARMEM_LENGTH). For example, if the address of a global variable is
0x20000390, the redundant address should be 0x20000390 – 0x300 = 0x20000090. The mechanism
uses inverting operation as the saved format.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 17 / 31 May 5, 2020
Requirement Method Example
Separate areas Reserve a Redundant Memory area and re-map the global variable to it.
Address Global Variable: 0x20000390 Redundant: 0x20000090
Different format Inverting operation Global Variable: 0x000055AA Redundant: 0xFFFFAA55 Redundant = ~( Global Variable)
According to the above requirements, the mechanism provides the following macros to implement
the redundant process.
Marco Description Example
SYNC Read the global variable, invert it and save to the redundant. A’ = ~A
SET Set both global variables and redundant as the same value. A = A’ = value
SAVE Read the redundant, invert it and save to the redundant. A’ = ~A’
CHECK Check global and redundant variables are OK or not by XOR. Is (A ^ A’) == 0xFFFFFFFF ?
VERIFY Same with CHECK but enter the Safe Stop function if the check failed.
If (A ^ A’) == 0xFFFFFFFF return A Else call Safe Stop function
Note: A’ means the redundant of the variable A.
The following example shows how to use these macros to implement the redundant of the global
variable related to Class B safety. Notice that the global variables including RW (has initial value),
ZI (Zero Initial, without initial value which will be set to zero) and Stack are initialised by the C
Startup function which called by the HT32 STL Startup function. Refer to the STL_05_0102 Startup
function for details. Additionally, the redundant (of global variable) inside the self-test module
usually initiated by the HT32 STL XXX Init function which should be called by the HT32 STL
Main Init in the beginning when entering the “main()” function (call once). On the contrary, the
redundant located at the STL Main Layer or User Layer should be processed by the user using the
macro mentioned here.
u32 gINT_TestFlag = 0x00000055; …. SYNC(gINT_TestFlag); // Sync once when init, (gINT_TestFlag’)= 0xFFFFFFAA; …. SET(gINT_TestFlag) = 0x00000001; // gINT_TestFlag = gINT_TestFlag’ = 0x1 SAVE(gINT_TestFlag); //(gINT_TestFlag’) = ~(gINT_TestFlag’) …. if (CHECK(gINT_TestFlag)) // Execute following code only if the redundant is OK. { if (gINT_TestFlag == 0x00000001) { // Do process here } } …. if (VERIFY(gINT_TestFlag) == 0x00000001) // Enter the Safe Stop function when CHECK failed. { // Do process here }
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 18 / 31 May 5, 2020
Directions for Use
Integrations Example and Checkpoint
The first step is to integrate the HT32 STL into the project file. Copy the following folders and files
from the HT32 STL example path, into the project root path (the same path with “main.c”).
The following table shows the steps regarding modification of the project and source code to fit the
HT32 STL requirement.
Steps Related File Descriptions
1 Include Path
Add the following include path into the project’s “Options for Target”. “..\..\..\..\library\HT32_SafetyTest_Library_IEC60730_ClassB\inc”
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 19 / 31 May 5, 2020
Steps Related File Descriptions
2 After Build
Add after build command, “srec_make.bat $D”.
It is necessary to copy the file “srec_make.bat” manually from the folder “_Tools” to the project file folder (for example, “MDK_ARMv5\”).
3 RW Base Modify the RW Base address from 0x20000000 to 0x20000380 (default value). To change the RW Base, refer to the Memory Layout and Settings of the HT32 STL section.
4 Flash Programming Init File
The following “CRC_LOAD.ini” file should be added to the Flash Programming Init File in Keil uVision. This file is created by the “srec_make.bat” after building the code (which means you should enter the filename manually here since finishing the settings and building the code is not complete). The “CRC_LOAD.ini” file is used to program the CRC checksum into the Flash for the Invariable Memory test.
5 WDT In the file, “system_ht32fxxxxx_nn.c”, modify the setting, “WDT_ENABLE” from 0 to 1, and change the WDT related setting. It is necessary to add the reload WDT function into the code.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 20 / 31 May 5, 2020
Steps Related File Descriptions
6 Timer
The high-speed and low-speed timers need to be configured properly before using the HT32 STL. It is recommended to refer to the “main.c” and “ht32fxxxxx_nn_it.c” of the HT32 STL example code which are tested in the “Basic Test” section. High-speed timer (default 1 ms) Low-speed timer (default 1 s)
7 IRQ Handler
The following IRQ Handler should be taken care of. Refer to the “ht32fxxxxx_nn_it.c” in the HT32 STL example code and compare/modify it to the file carefully. “HardFault_Handler()” “SysTick_Handler()” “RTC_IRQHandler()”
8 “ht32fxxxxx_nn_it.c” It is necessary to add two include files. #include "ht32_stl_60730b_config.h" #include "ht32_stl.h"
9 “main.c”
It is necessary to add three include files. #include "ht32_stl_60730b_config.h" #include "ht32_stl.h" #include "_ht32_project_source.h"
After all the actions above are completed, it is necessary to modify the extra series files of the project.
The following figure and table show the steps regarding how to integrate the HT32 into the user’s
firmware. It is also a checking list that helps to confirm whether the integration is correct or not.
RESETReset_Handler()
HT32_STL_StartUp()
main() HT32_STL_MainInit()HT32_STL_MainStart()
HT32_STL_MainRoutine()Main Super-Loop
HT32 STL XXXRuntime Test
HT32_STL_SafeStopCritical()
HT32 STL XXXStartup Test
ht32fxxxxx_startup_xx.s ht32_stl_startup.c
main.c
ht32_stl_main.c ht32_stl_xxx.c
HT32 STL XXXInit
User Layer STL API Layer Safety Test Library Layer
HT32_STL_MainTimerHandler_HS()
High Speed Time Base ISR(Default 1 ms)
ht32fxxxxx_it.c
HT32 STL CLK & VARMEMRuntime Test (by interrupt)
Fail
Fail
STL_05_0002
Low Speed Time Base ISR(Default 1 s)
HT32_STL_MainTimerHandler_LS()
Interrupt ISR(To be monitored)
HT32 STL INTHT32_STL_IntTick()
HT32 STL INT & CLKRuntime Test (by interrupt)
Fail
Fail
Fail
HT32_STL_MainIntTick()
Step 1
Step 2Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Figure 16. Integration Example and Checkpoint
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 21 / 31 May 5, 2020
Steps Related File Function and Description
1 “ht32fxxxxx_startup_xx.s”
HT32_STL_StartUp() (Note 1) This function must be called by the “Reset_Handler()”.
2 “main.c”
HT32_STL_MainInit() This function must be called (one time) after entering the “main()” function.
3 “main.c”
HT32_STL_MainStart() This function must be called (one time) after entering the “main()” function (after the High/Low speed timer have been initialised).
4 “main.c”
HT32_STL_MainRoutione() This function must be called regularly by the user's Super-Loop in the “main()” function.
5 “ht32fxxxxx_nn_it.c” (Note 2)
HT32_STL_MainTimerHandler_HS() This function must be called by the High-Speed Timer ISR. Default time is 1 ms.
6 “ht32fxxxxx_nn_it.c” (Note 2)
HT32_STL_MainTimerHandler_LS() This function must be called by the Low-Speed Timer ISR. Default time is 1 second.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 22 / 31 May 5, 2020
Steps Related File Function and Description
7 “ht32fxxxxx_nn_it.c” (Note 2)
HT32_STL_MainIntTick() This function must be called by the ISR of the monitored interrupt. The parameter. “&gIntMonitorList[n]” is the structure pointer with the interrupt ID. Besides, you should also edit the interrupt ID in the Safe Stop ID (the “n” OR with the STL_DID_INT_TICK, for debug purposes). HT32_STL_SAFESTOP_FUN(STL_DID_INT_TICK | n); Refer to the “gIntMonitorList[]” (in “ht32_stl_main.c”) and Step 8 for details.
8 ht32_stl_main.c
gIntMonitorList[] The interrupt information list saves the parameters for the interrupt test. It is necessary to edit the structure and add new values according to the interrupt which needs to be monitored in the application.
9 ht32_stl_main.c HT32_STL_SafeStopCritical() Confirm the Safe Stop function has the correct action and operates as expected.
Note: 1. For the default example of the HT32 STL, the “ht32fxxxxx_startup_xx.s” is modified by
the “_CreateProject.bat” automatically. It uses the “gsar.exe” tool and the related
configuration is located in the file, “_ProjectConfig.bat”. It may be necessary to modify
the “HT32_STL_StartUp()” function into the startup file manually if an existing
project/code is used.
2. Users may move the Interrupt Service Routine (ISR) from the “ht32fxxxxx_nn_it.c” to
another C source code file. It is necessary to confirm that the
“HT32_STL_MainTimerHandler_HS()”, “HT32_STL_MainTimerHandler_LS()”, and
“HT32_STL_MainIntTick()” functions have been called correctly in the corresponding
Timer ISR.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 23 / 31 May 5, 2020
HT32 STL Settings
The following table shows some HT32 STL settings which are located in the file,
“ht32_stl_60730b_config.h” (can be found at the root path of the example,
“\\application\SafetyTest_IEC60730_ClassB\SafetyTest_Example”). The settings start with the
prefix, “HTCFG_STL_”. Check the description of each setting before modifying.
Setting Name Description Safe Stop
HT32_STL_SAFESTOP_FUN(id)
The Safe Stop function alias. The default value is “HT32_STL_SafeStopCritical(id)”. This helps users to change the implementation of the Safe Stop quickly.
HTCFG_STL_SAFESTOP_LED_INDICATOR 1: Turn on the LED when entering the Safe Stop function. 0: No action.
HTCFG_STL_SAFESTOP_RESET Reset the system in the Safe Stop function.
HTCFG_STL_SAFESTOP_ENABLE_WDTRELOAD Reload the WDT in the Safe Stop function. This setting has no meaning when “HTCFG_STL_ SAFESTOP_RESET = 1”.
HTCFG_STL_SAFESTOP_WHEN_HARDFAULT Enter Safe Stop function if the Hardfault exception occurred.
STL Test Control HTCFG_STL_STARTUPTEST_EN_CPU HTCFG_STL_STARTUPTEST_EN_INVARMEM HTCFG_STL_STARTUPTEST_EN_VARMEM HTCFG_STL_RUNTEST_EN_CPU HTCFG_STL_RUNTEST_EN_PC HTCFG_STL_RUNTEST_EN_INT HTCFG_STL_RUNTEST_EN_CLK HTCFG_STL_RUNTEST_EN_INVARMEM HTCFG_STL_RUNTEST_EN_VARMEM HTCFG_STL_RUNTEST_EN_DIO HTCFG_STL_RUNTEST_EN_AIO
These settings are used to enable and disable each test function. The test function is ignored when the setting equal to 0.
Program Counter
HTCFG_STL_PC_FUN1ADDR The Flash address of the test Fuincton1 for inititalisation and executing the test function.
HTCFG_STL_PC_FUN2ADDR The Flash address of the test Fuincton2 for inititalisation and executing the test function.
HTCFG_STL_PC_WDT_NORMALRESETCNT_SAFESTOP
The maximum WDT reset count in the normal mode. The STL will enter the Safe Stop function when a WDT reset occurs and the reset count reaches the maximum WDT reset count in the normal mode. The normal mode means the WDT reset reason is not a PC test or Hardfault.
Interrupt
HTCFG_STL_INT_MAINROUTINE_MAXCHKTIME
The maximum Interrupt Main Routine checking time which should be adjusted according to the total executed time of the main super loop. If the global count, “gINT_MainRoutineCount” is greater than the maximum checking time (means the Interrupt Monitor Handler is not called for a while), the Safe Stop function will be executed.
Clock HTCFG_STL_CLK_HIGHSPEED_HZ The frequency of the High Speed interrupts. HTCFG_STL_CLK_LOWSPEED_HZ The frequency of the Low Speed interrupts. HTCFG_STL_CLK_TOLERANCE Clock tolerance such as “0.25”. Invariable Memory (Flash) HTCFG_STL_INVARMEM_HWCRC 1 for hardware CRC, 0 for software CRC.
HTCFG_STL_INVARMEM_BLOCK_SIZE The block size for each time calling the “HT32_STL_FLASH_CRCCheck()”.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 24 / 31 May 5, 2020
Setting Name Description HTCFG_STL_INVARMEM_AP_FLASH_START The start address of the application image. Variable Memory (SRAM) HTCFG_STL_VARMEM_STARTUP_RAM_START The start address of the startup test.
HTCFG_STL_VARMEM_STARTUP_RAM_END The end address of the startup test. Must be 16 Byte aligned.
HTCFG_STL_VARMEM_RUN_CLASSB_START The start address of the run time test. HTCFG_STL_VARMEM_RUN_CLASSB_END The end address of the run time test.
HFCFG_STL_VARMEM_RUN_BLOCK_SIZE Block size of the run time test. Must from 2 to x (x is the size/4 of the VarMemTest Buffer).
HFCFG_STL_VARMEM_RUN_BLOCK_OVERLAP Overlap of the run time test.
HTCFG_STL_VARMEM_RUN_TEST_COUNT_MS The test interval of the Variable Memory test in microseconds.
HTCFG_STL_VARMEM_MARCHX 1: March X, 0: March C. March X is faster than March C.
HTCFG_STL_VARMEM_RUN_PTR Memory pointer for run time test. HTCFG_STL_VARMEM_RUN_PTRINV Redundant of the memory pointer. HTCFG_STL_VARMEM_RUN_BUFFER Backup buffer for run time test. HTCFG_STL_VARMEM_LENGTH Length of the Class B/redundant area. Analog I/O HTCFG_STL_ADC_INTERCH The ADC internal channel number. HTCFG_STL_ADC_INTERCH_MAX Expected maximum ADC value. HTCFG_STL_ADC_INTERCH_MIN Expected minimum ADC value.
HTCFG_STL_ADC_TIMEOUT_LOOP
Timeout loop count for the “HT32_STL_ADCInternalChannelCheck()” function. Should be adjusted according to the conversion time of the ADC setting.
Different Memory Layout
To locate the other Class A variables (which are not related to the Class B function) into another
space to reduce the size of the Redundant Memory and the test time of the Variable Memory run-
time test, a Keil linker script example is provided in the following path.
The linker script assists in implementing a complex memory layout. The following figure shows
the memory layout example when the linker script is used.
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 25 / 31 May 5, 2020
Reserved for Systemand STL Testing
0x20000000
Redundant Memory
Memory Layout
0x20000080
0x20000380Class B
Global Memory(RW, ZI, Stack)
Class AGlobal Memory
(RW, ZI)
STL_05_4211
0x20000680
RAM_CLASSB 0x20000380 0x300 { ht32_stl_*.o (+RW +ZI) startup_*.o (+RW +ZI) ; Add your Class B Global variable here ; =============================================== ; xxxx.o (+RW +ZI) }
RAM_CLASSA 0x20000680 { .ANY (+RW +ZI) }
Figure 17. Linker Script Memory Layout
Refer to the steps below to use the linker script in the project.
1. Open the “Options for Target” of the project under Keil uVision, change to the tab “Linker” and
set the “Scatter File” to the “linker.lin” (We mentioned the file path before in this section).
Figure 18. The Linker Settings to use the linker script (linker.lin)
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 26 / 31 May 5, 2020
2. Open the “_ht32_project_source.h” and change the setting “HTCFG_ENABLE_PROJECT_
SOURCE” from 1 to 0. Add the following file into the project compiling list as shown below.
Figure 19. The setting and compiling list when using the linker script
The Time Cost of the HT32 STL
An important item to consider after adding the HT32 STL into the project is the time cost of each
HT32 STL test item, including the startup test and periodic self-test. The test time cost affects the
implementation and performance of the application. For example, the Variable Memory test item
accesses the RAM during the test (will backup the RAM contents and restore them), it requires the
highest interrupt priority and cannot be interrupted by other functions. Understanding the time cost
of the Variable Memory test items helps to configure the appropriate HT32 STL parameters and
also how to locate the code and HT32 STL together to achieve the requirements of the application
and IEC 60730-1 Class B. The total time cost required for the HT32 STL Main Routine (other test
items which are performed in low priority by the main super loop) is also influenced by the
application such as the user interface design since it is usually called by the main super loop.
Additionally, the total time required to finish each test item of the HT32 STL test should be noted
since it affects the response time of the error detected by the HT32 STL. The IEC 60730-1 Class B
defines the reasonable response time of each safety-related function in the product/application
category.
The HT32 STL integrates basic time measurement function using GPIO toggling. A tool such as a
logic analyser can be used to confirm the time cost of each HT32 STL test item. The following
content shows the related configuration for the integrated basic time measurement in the HT32 STL
configuration file (“ht32_stl_config.h”). The IO3 is only for the HT32 STL Main Routine
measurement. The IO1 and IO2 are designed for multi-purpose use by setting. The first two settings
should be set as “1” and modify others according to requirements.
#define HTCFG_STL_DEBUG_EN (1) // Global Debug Control
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
Note: 1. The time cost measurement of the CPU Register startup test is not integrated in the HT32 STL. 2. It depends on the I/O number and STL function used and is not included in this measurement. 3. It depends on the following ADC settings and converts one internal ADC channel.
ADC Clock 20 MHz / 4 = 5 MHz, Sampling Time = (1.5 + 2 + 12.5) = 16 T
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide
AN0554EN V1.00 28 / 31 May 5, 2020
4. It depends on the following ADC settings and converts one internal ADC channel. ADC Clock 60 MHz / 4 = 15 MHz, Sampling Time = (1.5 + 2 + 12.5) = 16 T
5. Includes the overheads of the function call and I/O control. The result will be changed according to the interrupt impact.
6. The result is based on the 1,536 byte SRAM tested size. The “All Finished” time can be calculated using the following formula. Time = (Memory Size / ((Block Size - Overlap) × 4 Bytes)) × Block Test Interval Where Memory Size = (HTCFG_STL_VARMEM_RUN_CLASSB_END - HTCFG_STL_ VARMEM_RUN_CLASSB_START) Block Size = HFCFG_STL_VARMEM_RUN_BLOCK_SIZE Overlap = HFCFG_STL_VARMEM_RUN_BLOCK_OVERLAP Block Test Interval = HTCFG_STL_VARMEM_RUN_TEST_COUNT_MS Example: (1536 / ((6 - 2) × 4)) × 10 ms = 960 ms
Debugging the HT32 STL
The HT32 STL has some integrated debug functions as listed below:
Debug message: using printf which is retargeted to the UxART.
Debug I/O: for time measurements discussed previously.
LED indicator: to indicate that the self-test has failed and that a Safe Stop has occurred.
Safe Stop ID: indicates the failed source of the Safe Stop.
The following table shows the debug related settings of the HT32 STL. These setting can be found in
the HT32 STL configuration file, “ht32_stl_60730b_config.h”. Refer to the “ht32_stl_debug.h” file
for more details about the interaction of each setting.
Setting Name Description Global Debug Settings
HTCFG_STL_DEBUG_EN
Global debug control 0: Disable all the debug functions. 1: Enable debug functions (according to the debug setting of each test item).
HTCFG_STL_DEBUG_EN_MSG
Debug message control 0: Disable all the debug messages 1: Enable debug messages (according to the debug setting of each test item).
HTCFG_STL_DEBUG_EN_ERR
Error message control 0: Disable all the error messages 1: Enable error messages Note: an error message is one kind of debug message which means it is controlled by the setting, “HTCFG_STL_DEBUG_EN_MSG”.
HTCFG_STL_DEBUG_EN_IO
Debug I/O control 0: Disable all the debug I/O 1: Enable debug I/O (according to the debug setting of each test item).
Enable/Disable Debug Function of Each Test Item HTCFG_STL_DEBUG_EN_MAIN Message & IO3 (StartupTest, Routine) HTCFG_STL_DEBUG_EN_MAIN_HS IO2 (TimerHandler_HS) HTCFG_STL_DEBUG_EN_PC Message
HT32 UL/IEC 60730-1 Class B Safety Test Library User’s Guide