cd00004221

AN1336
Application note
Power-fail comparator for NVRAM supervisory devices
Introduction
Dealing with unexpected power loss
Inadvertent or unexpected loss of power can cause a number of system level problems. Memory loss,
uncontrolled program status and indeterminate processor state are just a few of the issues which can
occur during catastrophic power failure. Power-fail recovery is critical for applications created to perform
machine control or instrumentation monitoring, therefore knowing the state of the operating system at
the time of power loss is very important.
The function of the power-fail comparator is to provide several milliseconds of early warning that power
is failing. This advance warning (see Figure 1: "Power-fail warning") will allow a system to perform
operations necessary to prepare for a controlled shutdown sequence. By using a special power-fail input
(PFI) to monitor the unregulated supply voltage, a power fail output ( PFO ) can be generated tPFD after
the supply falls below the power-fail threshold (VPFI). This is made possible by the ability of a power
supply to continue to function and to provide output power for a period of time after the input power to
the power supply has failed. This facility enables the power supply to ride through missing half cycles or
missing cycles in an AC supply (Figure 2: "Supply hold-up").
Figure 1: Power-fail warning
PFI
VPFI
tPFD
PFO
AI04224
March 2014
DocID007594 Rev 2
1/10
www.st.com
Functional description
AN1336
Figure 2: Supply hold-up
AC Input
Regulated Output Voltage
Power-Fail Warning
Power-Fail Output
Supply Hold-up
AI04223
This is a result of the RC time constant inherent to most power supplies (see Figure 3: "Typical power
supply" ). This time constant is dominated by capacitors C1 and C3 (C2 is usually quite small). C1 will
affect the VUNREG slew rate during power-fail, while C3 and C1 will more directly affect the regulated VCC
slew rate. Thus when the AC input fails, this capacitance will continue to power the circuit for several
milliseconds, typically in the order of 10 ms or more.
Figure 3: Typical power supply
VUNREG
REGULATOR
C1
C2
VCC
C3
AI042222
2/10
DocID007594 Rev 2
AN1336
1
Functional description
Functional description
An independent bandgap reference comparator is used to monitor the unregulated supply
voltage by connecting this supply to the power-fail input pin. The RC time constant of the
typical power supply will provide several milliseconds of operating voltage before decaying
below a usable value. The power-fail input is constantly compared with an internal voltage
reference of 1.25 V (see Figure 4: "Power-fail comparator circuit"). If the input voltage falls
below 1.25 V, the power-fail output goes low. When it later goes above 1.25 V, the output
returns high.
Adding two external resistors (see Figure 5: "PFI/PFO in a typical system" ) as a voltage
divider circuit allows the comparator to supervise any voltage above 1.25 V. The formula to
calculate the trip point voltage of PFI (VPFI), which is dependent upon R1 and R2 is:
( R1 + R2 )
V TRIP = V PF I-------------------R2
where VPFI = 1.25 V
Figure 4: Power-fail comparator circuit
+
PFI
PFO
1.25V
–
+
–
AI04221
The sum of both resistors should be about 1 Mohm to minimize power consumption and to
ensure the current in the PFI pin can be neglected compared with the current through the
resistor network. The suggested resistor values are shown below (see Table 1: "Look-up
table for different trip points"). The tolerance of the resistors should not exceed 1% to
ensure the sensed voltage does not vary too much.
Table 1: Look-up table for different trip points
R1 (kOhms)
R2 (kOhms)
Vtrip (V)
750
130
8.5
910
130
10.0
820
100
11.5
820
91
12.5
1100
100
15.0
DocID007594 Rev 2
3/10
PFI/PFO operation in a system (how does it
work?)
2
AN1336
PFI/PFO operation in a system (how does it work?)
Figure 5: PFI/PFO in a typical system
9V
5V
Regulator
AC in
120/240V
50/60HZ
AC
VUNREG
VPFI
VIN
VCC
M41ST85W
VCC
MCU
SRAM
VOUT
VCC
VCC
RST
RST
W
PFO
NMI
G
INT
INT
E
R1
PFI
R2
ECON
AI04220
A typical power failure can be described by the following three events (see Figure 6:
"Power failure sequence"):
1.
PFI triggered (t0): As VUNREG falls below the VPFI threshold, PFO is asserted on the
2.
MCU’s Non-Maskable Interrupt (NMI) pin. When NMI is asserted, the MCU halts its
current task and begins saving critical data to the NVRAM (safeguard routine).
VCC begins to fall (t1): the MCU will continue functioning until the safeguard routine is
complete or RESET occurs.
3.
RESET asserted and/or Write Protect occurs (t2):
At this point, the MCU needs to have completed the safeguard routine. This results in a
safeguard window from PFI to RESET /Write Protect (t2 - t0).
4/10
DocID007594 Rev 2
AN1336
PFI/PFO operation in a system (how does it
work?)
Figure 6: Power failure sequence
V
(t0) Power-Fail Input detected Begin Safeguard Routine
VUNREG
PFI
(t1) VCC begins to fall
(t2) Reset and/or Write Protect
(whichever occurs first)
VCC
VPFD
Safeguard Window
t
t0
t1
t2
AI04219
This safeguard window can be used for a number of purposes, depending on the
application:
Power save
The MCU can switch off, one by one, all non-critical peripheral components to conserve
energy for safeguard routines.
Data transfer
The MCU may transfer data from the scratch pad memory to the non-volatile memory. It
takes only a few MCU cycles if using NVRAM, but can take several milliseconds when this
data needs to be stored in an EEPROM or Flash memory.
Scratch pad RAM overwrite
Many applications are now required to run encode/decode algorithms (e.g. DES or RCA)
for higher security.
Therefore it is sometimes preferable to overwrite the working space before power-down to
prevent the contents of the RAM from being read illegitimately.
DocID007594 Rev 2
5/10
Advantages over traditional power monitoring
3
AN1336
Advantages over traditional power monitoring
Typical power monitoring (or supervisory) devices offer features such as brown-out detect
by monitoring the voltage at the VCC pin, then asserting a RESET output when VCC drops
below a minimum level. Some may also include chip-enable gating or chip-enable write
protection which will disable access to the memory, thereby protecting the SRAM contents
from errant writes by an MCU that is operating in an undervoltage condition. These are
good features and necessary to avoid catastrophic data loss, but unfortunately do not occur
early enough to allow the MCU to gracefully enter a fail-safe state. Any of the following
scenarios will result in unsatisfactory system shutdown:
Loss of processor state
When the RESET occurs, any information not already stored to the NVRAM will be lost.
This includes the processor state, the program status, and any information still in the
scratch pad RAM, but not in the NVRAM.
RESET occurs during a write cycle
If the MCU is writing to memory when RESET occurs, that data will most likely be
corrupted. This applies to EEPROM and Flash memories as well as NVRAM.
Write protect occurs before RESET
If the NVRAM gates off access to the SRAM prior to processor RESET, the processor may
continue accessing/writing the NVRAM expecting that the data written is secure (when it
has in fact, been lost).
6/10
DocID007594 Rev 2
AN1336
4
Hysteresis
Hysteresis
Hysteresis may be added to PFI for additional noise margin if desired (see Figure 7:
"Adding hysteresis"). The ratio of R1 and R2 should be selected such that PFI sees VPFI
when VUNREG falls to its trip point (VTRIP). Connecting R3 between PFI and PFO provides
the hysteresis and should typically be more than 10 times the value of R1 or R2. The
hysteresis window will extend both above (VH) and below (VL) the original trip point.
Figure 7: Adding hysteresis
VIN
PFO
R1
0V
VCC
0V
VL
VTRIP
VH
VIN
PFI
VTRIP = VPFI
R3
R2
( R1R2+ R2 )
( R11 + R21 + R31 )
V
VL = R1 [ VPFI ( 1 + 1 + 1 ) – CC]
R1 R2 R3
R3
C1
VH = (VPFI + VPFH ) (R1)
PFO
GND
where
VPFI = 1.25V
VPFH = 10mV
TO
CONTROLLER
AI03077
Connecting an ordinary signal diode in series with R3 (see Figure 8: " Hysteresis on rising
VIN") so the lower trip point (VL) coincides with the trip point without hysteresis, causing the
entire hysteresis window to occur above VTRIP. This method provides additional noise
margin without compromising the accuracy of the power-fail threshold when the monitored
voltage is falling. The current through R1 and R2 should be at least 1 μA to ensure that the
25 nA PFI input current does not shift the trip point. The capacitor C1 is added for noise
rejection and should be quite small (e.g. ~100 nF), but is optional.
DocID007594 Rev 2
7/10
Hysteresis
AN1336
Figure 8: Hysteresis on rising VIN
VIN
PFO
R1
0V
0V
VCC
VTRIP
VIN
VH
PFI
R2
( R1R2+ R2 )
V
VH = R1[(VPFI + VPFH )( 1 + 1 + 1 ) – D ]
R1 R2 R3
R3
R3
VTRIP = VPFI
C1
PFO
GND
TO
CONTROLLER
where
VPFI = 1.25V
VPFH = 10mV
VD = Diode Forward Voltage Drop
AI03076
8/10
DocID007594 Rev 2
AN1336
5
Revision history
Revision history
Table 2: Revision history
Date
Revision
02-Jul-2001
1
21-Mar-2014
2
Changes
Initial release
Revised document presentation
Updated Figure 5: "PFI/PFO in a typical system"
Removed table entitled "Supervisory ZEROPOWER/TIMEKEEPER®
products with power-fail comparator"
DocID007594 Rev 2
9/10
AN1336
Please Read Carefully
Information in this document is provided solely in connection with ST products. STMicroelectronics NV and its subsidiaries ("ST") reserve the
right to make changes, corrections, modifications or improvements, to this document, and the products and services described herein at any
time, without notice.
All ST products are sold pursuant to ST’s terms and conditions of sale.
Purchasers are solely responsible for the choice, selection and use of the ST products and services described herein, and ST assumes no
liability whatsoever relating to the choice, selection or use of the ST products and services described herein.
No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted under this document. If any part of this
document refers to any third party products or services it shall not be deemed a license grant by ST for the use of such third party products or
services, or any intellectual property contained therein or considered as a warranty covering the use in any manner whatsoever of such third
party products or services or any intellectual property contained therein.
UNLESS OTHERWISE SET FORTH IN ST’S TERMS AND CONDITIONS OF SALE ST DISCLAIMS ANY EXPRESS OR
IMPLIED WARRANTY WITH RESPECT TO THE USE AND/OR SALE OF ST PRODUCTS INCLUDING WITHOUT
LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE (AND THEIR
EQUIVALENTS UNDER THE LAWS OF ANY JURISDICTION), OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR
OTHER INTELLECTUAL PROPERTY RIGHT.
ST PRODUCTS ARE NOT DESIGNED OR AUTHORIZED FOR USE IN: (A) SAFETY CRITICAL APPLICATIONS SUCH AS
LIFE SUPPORTING, ACTIVE IMPLANTED DEVICES OR SYSTEMS WITH PRODUCT FUNCTIONAL SAFETY
REQUIREMENTS; (B) AERONAUTIC APPLICATIONS; (C) AUTOMOTIVE APPLICATIONS OR ENVIRONMENTS, AND/OR
(D) AEROSPACE APPLICATIONS OR ENVIRONMENTS. WHERE ST PRODUCTS ARE NOT DESIGNED FOR SUCH USE,
THE PURCHASER SHALL USE PRODUCTS AT PURCHASER’S SOLE RISK, EVEN IF ST HAS BEEN INFORMED IN
WRITING OF SUCH USAGE, UNLESS A PRODUCT IS EXPRESSLY DESIGNATED BY ST AS BEING INTENDED FOR
"AUTOMOTIVE, AUTOMOTIVE SAFETY OR MEDICAL" INDUSTRY DOMAINS ACCORDING TO ST PRODUCT DESIGN
SPECIFICATIONS. PRODUCTS FORMALLY ESCC, QML OR JAN QUALIFIED ARE DEEMED SUITABLE FOR USE IN
AEROSPACE BY THE CORRESPONDING GOVERNMENTAL AGENCY.
Resale of ST products with provisions different from the statements and/or technical features set forth in this document shall immediately void
any warranty granted by ST for the ST product or service described herein and shall not create or extend in any manner whatsoever, any
liability of ST.
ST and the ST logo are trademarks or registered trademarks of ST in various countries.
Information in this document supersedes and replaces all information previously supplied.
The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners.
© 2014 STMicroelectronics - All rights reserved
STMicroelectronics group of companies
Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan Malaysia - Malta - Morocco - Philippines - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America
www.st.com
10/10
DocID007594 Rev 2