> What happens if the power > failure comes while you are writing the flag, so that it is erased but > not yet programmed with the new value? When you power up and read it, > the flag could be 0xff.Actually it could be almost any other value as well. When the erase or the program operation is interrupted "in the middle", it could happen that some of the bits are already erased (or programmed) while others are not. The probability of this to happen depends on the process tolerance. Since all bits are intended to be manufactured equally, the power fail time window is quite small. However, it's not impossible, and less so if somebody deliberatly looks for it (to attack the application). You can avoid this by the following algorithm: a) Reserve a large empty area of byte-write eeprom memory for the "status". b) Add a version number to the "status" (ever increasing number) to be able to determine the latest from several versions of "status". c) When writing the status: 1) find an "empty" slot in the eeprom memory, 2 bytes larger than your "status" 2) write the last byte of the slot to 0xff 3) write the first byte to 0x00. This indicates that this slot is "writing" 4) write "status" in between these two bytes 5) write the last byte to 0x00. This indicates that this slot is "valid" d) When reading the status: 1) read all memory slots that have the first and last byte 0x00. 2) using the version number, determine which one is the last one and ignore the others. e) When you can't find an empty slot (eeprom full): 1) find an invalid slot (which doesn't have both bytes set to 0xff), or the oldest version of"status" 2) write the last byte to 0xff. This indicates "writing". Go on as shown in c) This helps against power failure of any kind at any moment. It also spreads the wear over the eeprom memory, increasing the maximum number of writes. You can use a shorter write cycle time if you want. Kind regards, Marc
Log runtime to EEPROM?
Started by ●June 27, 2006
Reply by ●June 29, 20062006-06-29