WP white paper

Guidelines for Meeting IEC

60730 Class B Requirements
with FM3 MCUs
Self-Test Library Implementations

ContentsO
1. Introduction......................................................................................................................................3
Fujitsu FM3 Microcontrollers and Code Library.....................................................................................3
2. IEC 60730 Self-Test Library Structure.................................................................................................3
2.2. Self-Test Library: Structure of Test Routines...................................................................................4
2.2.1 CPU Test and Fow Chart............................................................................................................4
2.2.2 CPU Register Test.....................................................................................................................4
2.2.3 Clock Tests...............................................................................................................................5
2.2.4. Interrupt Test..........................................................................................................................6
2.2.5. ROM/Flash checksum integrity check......................................................................................6
2.2.6. RAM Test (using checkerboard) and Flow Chart.......................................................................8
2.2.7. IO Peripheral Tests..................................................................................................................8
3.3. Fujitsu Self-Test Library Deliverables:............................................................................................9
3. Conclusion......................................................................................................................................10

1. IntroductionO

2. IEC 60730 Self-Test Library StructureO

Fujitsu ARM Cortex FM3 family microcontrollers (MCUs) offer

a variety of integrated functional safety features that suit home
appliances, white goods and other motor-control applications.
Fujitsu also provides an extensive library of safety-related
software routines to make these features easier to use. Because
these software routines are compliant with International ElectroTechnical Commission (IEC) safety standards, using the routines
greatly simplifies IEC certification for the final product.
This application note gives an overview of the use of Fujitsu FM3
microcontrollers and code libraries to comply with the standards.
The focus of this paper is on the library of self-test routines that
address IEC 60730 Class B requirements.

Fujitsu FM3 Microcontrollers and Code Library

All the members of Fujitsus wide-ranging MCU family incorporate
standard ARM CPU core, tools and features, so future programming
can build on a steady foundation. By using the de facto industry
standard ARM core, Fujitsu offers easier migration of code across
product lines and from one product generation to the next.
The high-performance 32-bit architecture of Fujitsus ARM Cortex
microcontrollers provides the computational power necessary for
high-energy-efficiency motor control, while the devices also offer
a versatile range of on-chip peripherals. The FM3 family includes
Basic, High-Performance and Low-Leakage groups of MCUs that
are well suited to applications such as air conditioners, washing
machines, induction cookers and refrigerator compressors.

The Fujitsu self-test library (STL) for the 32-bit ARM Cortex
FM3 Family covers IEC 60730 and IEC60335 requirements. These
libraries use a standard application programming interface (API)
between the system hardware and the application software.
Figures 1A and 1B show the self-test library solution structure.
The Fujitsu Class B routines include two types of processes
start up and periodic runtime self tests:
Pre-Operation Self-Test (POST): These are tests that should
be implemented at system startup. POST tests cover items
such as the CPU, RAM/ROM, and I/O peripherals.
Built-In Self-Test (BIST): These tests should run periodically
while the product is in service.
Fujitsu provides two example projects for this self-test Library:
one is based on the IAR compiler and the other on the Keil
compiler.
As shown in Figure 3B, seven test items are provided: CPU,
Clock, Interrupt, Flash memory, RAM, GPIO and ADC peripheral
tests. CPU test and RAM test are in assembly and all other tests
are coded in C. IEC 60730_demo.c provides an example project
for self-test library calls and an interface for user application
software.

Supporting these hardware enhancements is a new version of

the FM3 firmware library pre-coded digital power and motorspecific algorithms available free from Fujitsu. The Fujitsu
library minimizes code development time and provides a way to
immediately use the MCUs on-chip safety features rather than
expensive external devices. The library supports assembly and C
mixed coding on IAR and Keil Compiler IDE platforms.

iec60730_b_stl

Keil

example
Root
common

IAR

Figure 3A. Fujitsu FM3 Self-Test Library Solution Structure

3

IEC60730_demo.c

IEC60730_B_STL

CPU
test.s

reg_test()
pc_test()

Clock
test.c

Interrupt
test.c

ClkInit()
ClkTestReset()
ClkCnt()
ClkTest()
ClkMonInMainloop()

IntCntPro()
IntTestInit()
IntTest()

RAM
test.s

ROM
test.c

HardwareCRC16 Gen()
HardwareCRC16 Test()
SoftwareCRC16 Gen()
SoftwareCRC16 Test()

ram_test()

IO test.c

GPIOOutput
Test()
GPIOInput
Test()
ADTest()

AD
test.c

ADTest()

Figure 3B. FM3 Self-Test Library Project Structure

2.2. Self-Test Library: Structure of Test Routines

PC (Program Counter) Test

API name

2.2.1 CPU Test and Fow Chart

pc_test

pc_test
Jump to
subroutine1
Store
subroutine 1
address
Verify
subroutine 1
address

API Description
The PC test makes use of eight subroutines and validates
whether a PC value from each subroutine is the same as
a pre-defined value.
Use assembly to implement PC test due to access to PC
register directly.
As the PC is highly critical, the test is designed so that
any PC test error detected causes the program to run into
an infinite loop.
Fulfills IEC 60730 Annex H.2.18.10.2
Function Description

...

The PC test mainly verifies whether the routine jumps

to the right address when calling a subroutine. This
method can detect stuck-at errors.

2.2.2 CPU Register Test

Jump to
subroutine8

Verify
subroutine 8
address

Store
subroutine 8
address

Flowchart for PC Test

API Name
reg_test,
API Description
reg_test performs complete test of registers and is
implemented in privilege mode as POST.
Assembly is used to implement register tests due to
access to registers directly.
4

 As registers are highly critical, the test is designed so

that any register test error detected causes the program
to run into an infinite loop.

2.2.3 Clock Tests

CPU Clock Test

Fulfill IEC 60730 Annex H.2.19.6

API name
ClkInit, ClkTestReset, ClkCnt, ClkMonInMainloop

Function Description
Fujitsu uses the checkerboard method to test the W/R
operation of registers; different test patterns are used
for different registers. The checkerboard method is very
effective for detecting stuck-at errors.

API description
ClkInit: Set to clock test variable (upper/lower frequency
value, threshold value).
ClkReset: Clear clock test flag
ClkTest: Verify if clock frequency is in pre-defined range
(called in watch counter interrupt handler).

Start

ClkCnt: Count clock frequency (called in a timer interrupt

routine)
ClkMonInMainloop: check occurrence of watch counter
interrupt

Select one pattern

Reverse the
pattern

Write pattern data into

register

Write reverse pattern

data into register

Read register

Read register

Verify if read
data is same with write
data

Verify if read
data is same with write
data

Jump to infinite loop

Return

Fulfill IEC 60730 Annex H.2.18.10.1

Function Description
This test uses the watch counter prescaler which is
sourced by the sub clock (32.768kHz oscillator) as the
standard clock, and tests whether the frequency of the
CPU clock is within acceptable bounds by verifying a
time tick counted in a timer interrupt. The time tick of
the timer interrupt should be same as that of the CPU
clock. The case in which the CPU clock is sourced by the
sub clock cannot be tested, as the 32.768kHz oscillator
is assumed accurate.
API ClkCnt is used to count a global variable frequency,
which is called in a timer interrupt handler. The source clock
of the timer should be the same as the CPU clock.

Flowchart for Register Test

Low general register
R1

R2

R13
(PPS or MPS)

R3

R4

R14
(LR)

API ClkTest checks whether frequency is in the pre-defined

range, which is called in the watch counter interrupt
handler.

High general register

R5
ASPR

R6

R7

PRISMASK

R8

R9

FAULTMASK

R10

R11

R12

BASEPRI

API ClkMonMainloop guarantees the occurrence of the

watch counter interrupt in a defined period; this period
depends on the threshold value set by the user application.

Special register

Fujitsu Cortex M3 Register List

Main loop

Watch counter interrupt handler

Timer Interrupt handler

ClkMonInMainloop

ClkTest
ClkCnt
Freq++

Freq

Check if freq is in
(lower, upper)

Int occurrence
flag

Set watch counter

interrupt occurrence flag

Monitored clock

Times
>threshold

Check watch counter

interrupt occurrence flag

Dependent clock

Flowchart for CPU Clock Test

5

2.2.4. Interrupt Test

For example, to measure if timer03 interrupts happen five
times in 10 seconds, assume 10 second timing is obtained from
a reload timer

If the program cannot match the range, the program

jumps to the interrupt error handler routine. This test
belongs to BIST.
Fulfill IEC 60730 Annex H.2.18.10.4
Function Description

Interrupt Test

It is assumed that IntTest is called in specified intervals,

e.g. triggered by a timer or line-frequency interrupt.
Each specific interrupt handler to be supervised must
decrement a dedicated global variable (Freq). IntTest
compares that variable to predefined upper and lower
bounds, sets it to its preset value and calls an errorhandling function if the limits are exceeded.

API name
IntTest, IntInit
API description
IntInit initializes lower and upper occurrence frequency
of interrupts to be tested.
IntTest should be called in a certain period. It verifies if
occurrence frequency of interrupts is in the setting range.

const unsigned int freq_lower[] = {3,3,3,3};

const unsigned int freq_upper[] = {7,7,7,7};
const unsigned int freq_initial[] = {10,10,10, 10};
const unsigned int freq[] = {10,10,10,10};
INTPAR intpar = {freq, freq_lower, freq_upper,
freq_initial, sizeof(freq)/sizeof(freq[0])};

User code

Timer 3 interrupt

Timer 0 interrupt

Timer 1 interrupt

Timer 2 interrupt

User code

User code

User code

User code

freq[0]--

freq[1]--

freq[2]--

freq[3]--

User code

User code

User code

User code

return

return

return

return

Main loop

Reach 10s
timing?

IntTest(&intpar)

error

IntErrorHandle

No error
User code

Flowchart for Interrupt Test

2.2.5. ROM/Flash checksum integrity check

Invariable Test
API Name
MakeHardwareCRC, HardwareCRCTest
MakeSoftwareCRC, SoftwareCRCTest
API description
MakeHardwareCRC generates CRC code using build-in
CRC generator.
HardwardCRCTest checks if the CRC code generated by
build-in CRC generator is the same as the expected CRC
code.
MakeSoftwareCRC generates CRC code with software CRC
arithmetic using the same CRC generator polynomials as
the build-in hardware CRC generator.
HardwardCRCTest checks if the CRC code generated by
software CRC arithmetic is the same as the expected CRC
code.

Fulfill IEC 60730 Annex H.2.19.8.1

CRC arithmetic in communication
The CRC code is the remainder after an input data string is
divided by the pre-defined generator polynomial, assuming
the input data string is a high order polynomial. Ordinarily,
a data string gets a CRC suffix when sent, and the received
data is divided by a generator polynomial. If the received
data is dividable, it is judged to be correct.
CRC functions
This module can either use CCITT CRC16 or IEEE-802.3
CRC32, which can be configured by the CRCCR:CRC32 bit.
In this module, the generator polynomial is fixed to the
numeric values for those two modes.
CCITT CRC16 generator polynomial: 0x1021
IEEE-802.3 CRC32 generator polynomial: 0x04C11DB7

:CRC

:DMA

:CPU
CRC calculation ()

Initialization ()
Data writting ()

Start ()

Data writting ()
Data writting ()
CRC reading ()

Flowchart for CRC Data Read/Write

CRC generation sequence
Initial CRC control register CRCCR and initial value register
CRCINIT

Write data into input data register CRCIN continuously.

Then CRC calculation starts.

Write 1 to the initial value bit (CRCCR:INIT). The value of

CRCINIT is loaded into CRC register CRCR.

To obtain a CRC code, read the CRC register (CRCR).

HardwareCRCTest
(FM3 MCU)

SoftwareCRCTest
(other MCU)

Build-in
Hardware CRC
generator

D0,D1,D2DN

Software CRC
arithmetic

D0,D1,D2DN

Generate
CRC code

Write

D0,D1,D2DN

CRC
code

CRC
code

D0,D1,D2DN

Software CRC
arithmetic

Verify generate CRC

code
Read
Build-in
Hardware CRC
generator

D0,D1,D2DN

D0,D1,D2DN

D0,D1,D2DN
D0,D1,D2DN
Generate
CRC code

CRC code

CRC
code

Verify generate CRC

code

Flowchart for Hardware and Software CRC Checks

2.2.6. RAM Test (using checkerboard) and Flow Chart

Fulfill IEC 60730 Annex H.2.19.6

RAM Test

Function Description

API Names

Checkerboard method is used to do RAM test. It is very

effective at detecting stuck-at errors.

ram_test

Checkerboard arithmetic test flow

API description

Checkerboard arithmetic writes alternate 0 and 1 to

memory, and verifies if the write data is right by reading
back the data written. This method can detect stuck-at
faults and direct coupling faults. The flow to verify one word
using this method is shown in the flowchart below.

ram_test tests all RAM area at reset handler, which is

Pre-Operation Self-Test (POST).
Assembly is used to implement RAM-test due to the
need to test all of the RAM area.
As RAM is highly critical, the test is designed so that any
RAM test error detected causes the program to run into
an infinite loop.

Start

Read the data

from test address
and store it.

Write 0x55555555
to the address in
RAM area

Write 0xAAAAAAAA
to the address in
RAM area

Recover the data

to test address

Verify the write

data

Verify the write data

end

Flowchart for RAM Test

2.2.7. IO Peripheral Tests

GPIOOutputTest can check if the output value is correct.

This test is POST and should be done before user code
initialization.

GPIO Test
API Name

Fulfill IEC 60730

GPIOInputTest

Annex H.2.18.8 (input test)

GPIOOutputTest

Annex H.2.18.12 (output test)

API description
GPIOInputTest can check if selected IO input value is the
same as the expected value. This test is POST and should
be done before user code initialization.

Input mode: Set ADE=0,PFR=0,DDR=0

Output mode: Set ADE=0,PFR=0,DDR=1

Table 3: Example of FM3 MCUs GPIO Register Settings

I/O Port function
Available main function

Available sub function

Analog input pin

N/A

GPIO function input pin

Peripheral function input pin

GPIO function output pin

ADE

PFR

DDR

PCR

EPFR

Disconnect

*0

0
0

GPIO function input pin (FB)

Peripheral function input pin (FB)

Peripheral function output pin

GPIO function input pin (FB)

Peripheral function input pin (FB)

Peripheral function bidirectional

pin

GPIO function input pin (FB)

Peripheral function input pin

GPIO function input pin

Peripheral function input pin (FB)

0
1

Valid
Disconnect

*1

Disconnect

*2

Valid

*3

Valid

*4

GPIOOutputTest

GPIOInputputTest

Start

Start

Write test data

into data register

Read input data

Read data from

data register

Check if read
data is same with write
data

Check if read
data is same with write
data

Return
TEST_ERROR

Return
TEST_ERROR

Return
TEST_NORMAL

Return
TEST_NORMAL

Flowchart for GPIO Test

AD Test
Start

Select A/D unit

ADTest

Check if
convert finish
N

Select A/D
channel

Y
Get A/D convert
vlue

Start A/D convert

A/D value<max &&
A/D>min

Return
TEST_ERROR

Y
Return
TEST_NORMAL

Flowchart for AD test

API Name

Fulfill IEC 60730

ADTest

Annex 2.18.8

API Description
ADTest samples the signal from a selected A/D channel
and checks if the AD convert value is in the expected
range. If the program cannot match the range, the
program calls the AD error handler routine. This routine
is a Pre-Operation Self-Test or POST, which should be
implemented during the startup procedure.
Scan mode is used. Multi-channel mode can be tested at
the same time.

MB9B500 Series A/D converter

The MB9B500 Series has three 10/12-bit A/D converters
with a total of 16 channels.

3.3. Fujitsu Self-Test Library Deliverables:

FM3 IEC 60730 Class B Self-Test Library (STL) source code
Example projects (based on IAR EV-board and Keil
MCB9BF506 board)
FM3 IEC 60730 Class B STL User Manual and Application Note
9

3. ConclusionO
The introduction of IEC/UL 60730 into the design of white
goods and other appliances will add a new level of safety
for consumers. By taking advantage of Fujitsus FM3 Family
MCUs, design teams can comply with the regulations while
maintaining or reducing electronic system cost. Use of these
MCUs and the Self-Test Library enables teams to create a strong
system-level development platform and achieve superior
performance, fast time to market and energy efficiency.

Fujitsu SEMICONDUCTOR America, Inc.

Corporate Headquarters
1250 E. Arques Avenue, M/S 333, Sunnyvale, CA 94085-5401
Tel: (800) 866-8608 Fax: (408) 737-5999
E-mail: [email protected] | Website: http://us.fujitsu.com/semi

2011 Fujitsu Semiconductor America, Inc.

All company and product names are trademarks or registered
trademarks of their respective owners.
Printed in the U.S.A. MCU-WP-21400-04/2011