PIC18F87J10 FAMILY
DS39663A-page 276
Advance Information
2005 Microchip Technology Inc.
23.5
Fail-Safe Clock Monitor
The Fail-Safe Clock Monitor (FSCM) allows the
microcontroller to continue operation in the event of an
external oscillator failure by automatically switching the
device clock to the internal oscillator block. The FSCM
function is enabled by setting the FCMEN configuration
bit.
When FSCM is enabled, the INTRC oscillator runs at
all times to monitor clocks to peripherals and provide a
backup clock in the event of a clock failure. Clock
monitoring (shown in Figure 23-4) is accomplished by
creating a sample clock signal which is the INTRC out-
put divided by 64. This allows ample time between
FSCM sample clocks for a peripheral clock edge to
occur. The peripheral device clock and the sample
clock are presented as inputs to the Clock Monitor latch
(CM). The CM is set on the falling edge of the device
clock source but cleared on the rising edge of the
sample clock.
FIGURE 23-4:
FSCM BLOCK DIAGRAM
Clock failure is tested for on the falling edge of the
sample clock. If a sample clock falling edge occurs
while CM is still set, a clock failure has been detected
(Figure 23-5). This causes the following:
the FSCM generates an oscillator fail interrupt by
setting bit OSCFIF (PIR2<7>);
the device clock source is switched to the internal
oscillator block (OSCCON is not updated to show
the current clock source – this is the fail-safe
condition); and
the WDT is reset.
During switchover, the postscaler frequency from the
internal oscillator block may not be sufficiently stable
for timing sensitive applications. In these cases, it may
be desirable to select another clock configuration and
enter an alternate power-managed mode. This can be
done to attempt a partial recovery or execute a
controlled shutdown. See
Section 3.1.4 “Multiple
Sleep Commands”
and
Section 23.4.1 “Special
Considerations for Using Two-Speed Start-up”
for
more details.
To use a higher clock speed on wake-up, the INTOSC
or postscaler clock sources can be selected to provide
a higher clock speed by setting bits IRCF2:IRCF0
immediately after Reset. For wake-ups from Sleep, the
INTOSC or postscaler clock sources can be selected
by setting IRCF2:IRCF0 prior to entering Sleep mode.
The FSCM will detect failures of the primary or second-
ary clock sources only. If the internal oscillator block
fails, no failure would be detected, nor would any action
be possible.
23.5.1
FSCM AND THE WATCHDOG TIMER
Both the FSCM and the WDT are clocked by the
INTRC oscillator. Since the WDT operates with a
separate divider and counter, disabling the WDT has
no effect on the operation of the INTRC oscillator when
the FSCM is enabled.
As already noted, the clock source is switched to the
INTRC clock when a clock failure is detected; this may
mean a substantial change in the speed of code execu-
tion. If the WDT is enabled with a small prescale value,
a decrease in clock speed allows a WDT time-out to
occur and a subsequent device Reset. For this reason,
fail-safe clock events also reset the WDT and
postscaler, allowing it to start timing from when execu-
tion speed was changed and decreasing the likelihood
of an erroneous time-out.
23.5.2
EXITING FAIL-SAFE OPERATION
The fail-safe condition is terminated by either a device
Reset or by entering a power-managed mode. On
Reset, the controller starts the primary clock source
specified in Configuration Register 2H (with any
required start-up delays that are required for the oscil-
lator mode, such as OST or PLL timer). The INTRC
oscillator provides the device clock until the primary
clock source becomes ready (similar to a Two-Speed
Start-up). The clock source is then switched to the
primary clock (indicated by the OSTS bit in the
OSCCON register becoming set). The Fail-Safe Clock
Monitor then resumes monitoring the peripheral clock.
The primary clock source may never become ready
during start-up. In this case, operation is clocked by the
INTRC oscillator. The OSCCON register will remain in
its Reset state until a power-managed mode is entered.
Peripheral
Clock
INTRC
Source
÷ 64
S
C
Q
(32
μ
s)
488 Hz
(2.048 ms)
Clock Monitor
Latch (CM)
(edge-triggered)
Clock
Failure
Detected
Q