Emerson Process Management 3400, 3410, 3420, 3422 manual 282

6.9Self-tests and data reliability

The Mark III electronics has extensive built-in self-test and monitoring features that ensure reliable system operation. These features are a generation leap beyond those found in the Mark II and other existing industry products:

6.9.1RAM integrity

The Mark III utilizes "ECC" (Error Correction Code) SDRAM memory. Every 4 bytes of system memory have 7 bits of a CRC-like "Hamming code" stored with it. This code is checked every time any byte of system SDRAM memory is accessed. Additionally, this code is sufficiently advanced that it can correct single bit memory errors on-the-fly and flag multi-bit memory errors with a non-maskable interrupt.

This type of check is an enterprise and server class; type of integrity monitoring and goes far beyond a simple start-up “walking one's” memory test.

6.9.2Program integrity

All Mark III firmware is stored with a CRC code in non-volatile FLASH memory. The firmware is only executed if the CRC code calculated on start-up matches the one stored with each firmware program.

The CRC code is also checked for new firmware downloads before any firmware upgrades are made in the Mark III. Additionally, after each firmware upgrade, the Mark III firmware upgrade task double-checks the integrity of the stored program against the downloaded program file.

6.9.3Stored data integrity

All Mark III non-volatile data is stored with CRC codes in the non-volatile memory. Additionally, all data is stored in the form of write "transactions". Thus, not only is the integrity of any individual data guaranteed, but also the associativity of multiple data written together is guaranteed across power fails. Thus if power fails in the middle of any transaction, either all of the older data or all of the newer data is guaranteed to be present in the system. Under no situation will part old and part new data be present when power is restored. This functionality has been thoroughly tested by performing thousands of asynchronous power fail cycles while storing data in the system.

6.9.4Hardware watchdog

The Mark III electronics contains a hardware watchdog circuit that must be reset periodically by the firmware. A watchdog task monitors the health of the system. Any detected anomaly or inadvertent lockup of the firmware will always cause a warm start. Thus the meter will never remain in a non-performing situation (say due to a transient) for more than a few tens of seconds.

6.9.5Program execution integrity

The Mark III utilizes a microprocessor with a hardware MMU (Memory Management Unit). This MMU is fully utilized by an enterprise-class “protected-mode” operating system- Linux.

This combination allows for increased operation reliability of the entire system as critical tasks are protected from any non-critical task erroneous operation.