Designing reliable and safe mobile robots with MCX’s error correction features

Los robots móviles se utilizan cada vez más en una amplia gama de aplicaciones, desde la automatización industrial hasta la robótica de servicios. Asegurar su operación confiable y segura es crítico a medida que estos robots asumen tareas más complejas y operan en entornos no controlados.

NXP's new MCX portfolio of microcontrollers help address these challenges. Built on the high-performance Arm® Cortex®-M33 core, MCX MCUs incorporate advanced error detection and correction features, making them well-suited for developing mobile robots requiring high reliability and safety levels.

Preocupaciones comunes sobre la fiabilidad y seguridad en los robots móviles

Mobile robots rely heavily on their onboard electronics to perceive their environment, make decisions and control their actions. However, their operating conditions can be challenging due to various factors such as temperature extremes, vibration and electromagnetic interference. These stressors can cause bit errors and corruption in the robot's memory over time. Therefore, we need to consider the long-term reliability of the electronics, as mobile robots are expected to have long operational lifespans.

Memory errors can lead to various reliability and safety issues in mobile robots. A bit-flip in the robot's control firmware could cause it to execute incorrect instructions, leading to unintended behaviors. Corrupted sensor data could be misinterpreted, causing the robot to make incorrect decisions. Erroneous motor control outputs could result in unexpected motion or potentially damage the robot or its surroundings.

In safety-critical applications such as mobile robots operating near people, the consequences of such malfunctions could be substantial. Mobile robots need robust safeguards against memory errors to ensure reliable and safe operation.

MCX error correction features for flash and RAM

The NXP MCX A microcontroller series incorporates several key features to detect and correct memory errors. The MCX A embeds up to 128KB of flash memory with error correction coding (ECC) capabilities. The MCX N series features up to 2MB of flash memory with ECC. Each 128-bit word of flash incorporates an additional 9 bits of ECC data.

ECC is a technique of storing redundant bits with each data word. These redundant bits help to check the data integrity by regenerating the ECC bits and comparing them with the stored ECC on every read operation. If the regenerated and stored ECC bits mismatch, it means there is an error, which ECC may be able to correct. ECC can also determine which bit is erroneous in case of a single-bit error. However, it can only detect the double-bit errors but not correct them.

If the microcontroller detects an ECC error, the System Controller (SYSCON) module can generate a bus fault or use an interrupt to handle the error. Flexible fault handling allows developers to customize their handling to best suit their applications.

The MCX A also provides 32KB of on-chip SRAM, with an 8KB block (RAMA0) incorporating ECC for single-error correction and double-error detection. The MCX N series provides up to 416KB of RAM when configured as ECC, of which 32KB can be retained in VBAT mode. This feature protects critical runtime data, such as sensor inputs and algorithm state variables. The microcontroller implements an Error Reporting Module (ERM) to provide comprehensive reporting and control over errors. The ERM captures and logs error events from the ECC logic, providing visibility into the health of the memory subsystem. Developers can utilize this error information for diagnostics and predictive maintenance.

For self-diagnostics, the Error Injection Module (EIM) provides capabilities to inject errors when reading ECC RAM. This self-test feature allows developers to implement periodic self-checks to ensure the microcontroller operates reliably.

Además de ECC, la serie MCX A incluye un Comprobador de Bloques de Memoria (MBC) que proporciona control de seguridad en tiempo de ejecución sobre los permisos de lectura, escritura y ejecución para diferentes regiones de memoria. Al definir políticas de acceso a la memoria, el MBC puede prevenir el acceso no autorizado a la memoria.

How MCX error correction enables reliable robotics

The MCX's error correction features work together to improve mobile robot reliability and safety. By automatically correcting single-bit errors in flash memory, the MCX maintains the integrity of the robot's control firmware. This integrity prevents the robot from executing erroneous control logic that could lead to unintended behaviors.

The MCX is equipped to detect double-bit errors, which is crucial for ensuring the safety and reliability of its operations. While it is not possible to correct double-bit errors, detecting them helps prevent the use of corrupted instructions or data. When a double-bit error is detected, the robot can be gracefully put into a safe state, thus avoiding potential hazards or malfunctions.

The MCX's ECC extends its memory protection capabilities beyond flash to cover SRAM. The MCX A’s 8KB RAMA0 SRAM block incorporates ECC, while the MCX N can repurpose RAMG and RAMH for ECC correction, providing up to 416KB of ECC RAM. ECC RAM enables single-bit error correction and double-bit error detection for runtime data. This functionality safeguards critical data such as sensor readings, control outputs and intermediate algorithm variables from accumulating single-bit errors that could otherwise cause inconsistencies in the robot's perception, planning and control logic. By maintaining the integrity of this runtime data, the MCX's SRAM ECC helps ensure the robot's situational awareness and decision-making remain accurate and reliable. The MCX N additionally provides up to 32KB of ECC RAM which can be retained in VBAT mode, allowing for data to remain protected while in a low-power state.

El MBC proporciona una capa adicional de seguridad al imponer políticas de protección de memoria. Puede bloquear el acceso no autorizado a la memoria, ayudando a contener fallos y a evitar que causen comportamientos descontrolados en los robots.

Finally, the ERM enables a data-driven approach to robot maintenance. By logging memory error events, the ERM provides visibility into the health of the robot's electronics. An increasing rate of corrected errors could indicate an impending failure, allowing the robot to be serviced proactively.

Ejemplo de caso de uso

Considere un robot de servicio móvil operando en un entorno industrial. El robot debe navegar de manera autónoma, evitando obstáculos y personas mientras realiza tareas.

However, the industrial environment can be challenging, with equipment generating electromagnetic interference (EMI). Over time, EMI could cause bit errors in the robot's memory.

The MCX's ECC would detect and correct any single-bit errors induced by EMI, ensuring the robot executes its control logic correctly. If a more severe double-bit error occurred, the MCX would detect it and prevent the use of the corrupted data. The robot could then initiate a safe shutdown.

Throughout these events, the MCX's ERM would log the error occurrences. Maintenance staff could monitor these logs, watching for any trends indicating a potential failure. By servicing the robot proactively, downtime is minimized and safety is maintained.

Experiencia de desarrollo MCUXpresso

Para una creación rápida de prototipos con MCX, NXP ofrece la plataforma de desarrollo FRDM de bajo costo. Las placas de desarrollo FRDM vienen con un factor de forma estándar y cabeceras, fácil acceso a las E/S del MCU, un depurador MCU-Link integrado y un cable USB-C.

El GitHub de NXP también proporciona acceso a ejemplos de aplicaciones, los cuales se pueden acceder mediante el portal Application Code Hub (ACH). MCUXpresso IDE y MCUXpresso para VS Code tienen navegación ACH integrada, por lo que los desarrolladores pueden buscar fácilmente las demostraciones y ejemplos disponibles, y filtrar por dispositivo, tecnología de aplicación o periférico/característica antes de cargar el proyecto directamente para su uso.

El centro de tarjetas de expansión (EBH) es una extensión del sitio SDK Builder de NXP donde los desarrolladores pueden encontrar una variedad de tarjetas complementarias de NXP y socios para ampliar las capacidades de la tarjeta de evaluación elegida. Este centro ofrece un filtrado intuitivo para encontrar rápidamente tarjetas y localizar el software de soporte disponible. Los desarrolladores pueden emparejar su tarjeta con diferentes tipos de escudos para evaluar y realizar prototipos rápidos para casos de uso específicos o aplicaciones.

NXP permite la robótica móvil confiable y segura

As mobile robots become more autonomous, ensuring their reliable and safe operation is essential. If not addressed, memory errors induced by challenging operating environments can lead to unexpected robot behaviors.

NXP's MCX microcontroller portfolio is well-equipped to meet the needs of reliable robotics with its error correction features. From ECC-protected flash and SRAM to runtime memory access control and error event logging, the MCX provides multiple layers of protection against memory errors.

Los diseñadores de robots móviles que buscan optimizar la fiabilidad y la seguridad deberían considerar el NXP MCX. Su arquitectura avanzada y su conjunto completo de características lo convierten en una plataforma sólida para desarrollar robots autónomos confiables.