When an application implements self reprogramming capability, it is strongly recommended to also simultaneously implement provisions to ensure the microcontroller does not execute at voltages that are too low for the configured frequency (ex: don’t violate the voltage versus frequency graph in the datasheet). Overclocking the microcontroller (ex: by running a full frequency, but at a voltage below the required minimum from the device datasheet) can result in possible instruction op-code mis-fetch or mis-execution. This can result in unexpected code flows, allowing normally unreachable code to get reached. This can potentially result in unintended activation of bootloader/flash memory self programming code, possibly causing the erasure or corruption of important program memory. This potential problem is best avoided by implementing provisions in both the bootloader firmware and the application firmware project, to either outright prevent all code execution during the low/inadequate voltage condition (ex: by enabling and using BOR, and/or putting the microcontroller to sleep mode), or by clock switching to a low enough frequency at runtime, so as to always meet the datasheet voltage versus frequency requirements.
Additionally, special consideration is needed if enabling the watchdog timer (WDT) feature of the microcontroller. The WDT can be used in applications with a bootloader, but the timeout period must always be configured to be longer than the worst case flash page erase and block programming duration. Failure to do so may result in unexpected timeout/reset occurring during the erase/program sequence, leading to unintended NVM contents.
MLA - USB Library Help Version : 2.16
![]() |