8-bit PIC® MCU Fail-Safe Clock Monitor
The Fail-Safe Clock Monitor (FSCM) allows a PIC® MCU device to continue operating if any of these system clock selections; External Crystal/Resonator, ECL – External Clock, EXTRC – External Resistor-Capacitor or Timer 1 Secondary Oscillator stop supplying a clock signal. The FSCM must be enabled by setting a bit in a configuration register.
The FSCM uses a logic circuit to monitor the system clock and continuously looks for a loss of the system clock signal. That loss of signal will trigger the device to switch to the Internal Oscillator at a frequency based on the Internal Oscillator Frequency Select (IRCF) bits in the Oscillator Control Register (OSCCON).
An Oscillator Fail Interrupt Flag (OSFIF) bit in the Peripheral Interrupt register will be set to indicate that the system clock has failed and the FSCM has switched to the internal oscillator. This flag bit can also trigger an interrupt for that bit is enabled. This can be used to trigger a warning to the main application that a switch has occurred so an error message or error recovery operation can be started.
When the system clock starts operating again, the FCSM will switch back and use the system clock for operation. The indicator flag bit needs to be cleared in the software as it isn't automatically cleared when the system clock is restored.
Fail-Safe Detection
The 31 Khz Internal Oscillator (INTOSC) is used as the basis for the Fail-Safe Clock monitoring. The INTOSC clock signal is sent through a divide-by-64 circuit resulting in a 488 Hz signal with a period of roughly 2 milliseconds. This 488 Hz signal is the sample clock.
The system clock being monitored is routed to the Set input of a latch circuit. On each pulse, the Q output is set. The 488 Hz sample clock is sent to the Reset pin of the latch and on each sample pulse, the Q output is set. In a proper operating system, the Q and Q outputs will toggle back and forth.
An AND gate with one inverting input is used to monitor the operation. The non-inverting input is connected to the Q output and the inverting input is connected to the 488 Hz sample clock. When the system clock stops operating the Q output will stay high when the 488 Hz signal also switches to a high state. This will drive the output of the AND gate high and indicate a system clock failure through the setting of the Oscillator Fail Interrupt Flag (OSFIF) bit. That system clock failure signal will trigger a switch to the internal oscillator as the system clock.
Enabling Fail-Safe Clock Monitor
The FSCM is enabled by setting the Fail-Safe Clock Monitor Enable (FCMEN) bit in a configuration register. Enabling the FSCM also automatically enables the Two-Speed Clock Start-up.