Abstract: To ensure correct operation, most microprocessor-based systems requ
ire supervision during power-up and power-down, and when entering or exiting shutdown or sleep mode. The supervisor may only provide a power-on reset, or it may offer additional functions, such as backup-battery management, memory-write protection, low-line early warning, or a software watchdog. The following discussion helps you choose the one best suited to your application, and offers solutions for many common µP supervisory problems.
To ensure correct operation, most microprocessor-based systems require supervision during power-up and power-down, and when entering or exiting shutdown or sleep mode. The supervisor may only provide a power-on reset, or it may offer additional functions, such as backup-battery management, memory-write protection, low-line early warning, or a software watchdog (Figure 1).
Figure 1. A feature-laden µP supervisor (IC1), with the help of the µP itself, performs a variety of functions in this typical application circuit.
You can get these functions all together or in various combinations, by selecting one of the many available microprocessor (µP) supervisor ICs (also called
power-on resets, power-good circuits, reset circuits, etc.). The following discussion helps you choose the one best suited to your application, and offers solutions for many common µP supervisory problems.
First, determine the VCC threshold voltage for which resets will be issued. (The assertion of RESET blocks µP operation when the supply voltage is out of tolerance.) Typical power-on reset circuits consist of a voltage reference, comparator, and timer. Comparing the reference voltage with the rising VCC (via a voltage divider) enables the comparator to make an output transition when VCC crosses a threshold (VRST) set by the divider. This transition triggers the timer, which maintains the reset as necessary to prevent software execution until the system oscillator has started a
When VCC falls below VRST, the supervisor again issues a reset and maintains it as long as VCC remains below VRST. For some microcontrollers (µCs), a simple RC circuit is recommended for timing this power-on reset; others provide reset circuitry on the µC chip. Those approaches, however, assume the supply-voltage behavior is predictable. They don't protect against the code-execution errors that can occur as a result of power-down, or more importantly, during "brownouts," in which VCC can fall slightly out of regulation for an extended period. Supervisory ICs are most valuable for these power-down and brownout conditions.
Factors that affect the threshold value include the tolerance on VCC, the minimum and maximum supply voltages allowed for the system ICs, and the possible need to specify the design for worst-case combinations of these variables. For many systems, the reset function is not intended to cover all possible conditions including the worst-case combinations over temperature. A system might include ICs specified only to 4.75V minimum, for example, yet depend on a supervisor whose min/max trip threshold is 4.5V/4.75V. In that case, the supervisor asserts a reset only after VCC has fallen below the minimum voltage guaranteed for IC operation.
The alternative is to choose a reset threshold between 4.75V and (perhaps) 4.85V. However, these values might allow resets to occur before they are needed. In general, you must decide whether you can tolerate a lower threshold, in order to gain operating time at lower voltages; or whether the extra expense and reduced operating time associated with a higher threshold are a fair trade for the benefit of tighter accuracy. Supervisor ICs are now available with reset-threshold tolerances as tight as ±1% (Figure 2).
Figure 2. These three ICs offer different combinations of supervisory functions, but each monitors VCC with ±1% accuracy.
Monitor More than One Supply
Many applications require both 5V and 3.3V supplies, and if either loses regulation, you must typically reset the whole system. You also need an appropriate duration of power-on reset to ensure proper operation during power-up. A supervisory IC with a power-fail comparator and a manual reset input (active-low MR) offers a cost-effective solution to these problems.
If you choose a supervisory IC whose internal threshold is set to monitor 3.3V, you can then use the uncommitted power-fail comparator to monitor the 5V supply: simply route the power-fail-comparator output (PFO) back to the active-low MR input (Figure 3). These connections cause the IC to assert active-low RESET when either supply loses regulation. The IC is powered from 3.3V, so the active-low RESET output swings 3.3V when active. That level satisfies the VIH requirement of most 5V processors, so the active-low RESET output can usually drive both 3V and 5V processors. If necessary, you can route other system-reset signals to the active-low MR input with diode-OR connections. (Even without these connections a diode is required from the active-low MR input to the PFO output.)
Figure 3. Configured as shown, this supervisory IC monitors both 3.3V and 5V supplies.
Early Warning for Shutdown Routine
Critical systems often require an early warning when the power-supply voltage (VCC) begins to fall. The warning allows time for the µP to store vital data and perform "housekeeping" chores before the declining VCC causes the supervisor to issue a hard reset. If the raw dc input voltage is accessible, it can be monitored with an undervoltage or power-fail comparator, which in turn asserts a processor interrupt
to indicate when the unregulated supply is collapsing.
If you don't have access to this raw input voltage, you must generate the early-warning and reset signals while monitoring the same regulated supply. You can use a single threshold detector for the low-line signal plus a delay timer for the reset signal, or use two different comparators—one for tLOWLINE and one for tRST. Either way, you must ensure that VCC remains valid long enough to complete the shutdown routine that follows an interrupt from the low-line signal.
The time required to complete a shutdown/backup routine varies widely with the application, as does the fall rate of VCC. Thus, you must adjust the delay from low-line to reset according to the application. The two-threshold approach is more flexible than the time-delayed-reset approach. By adjusting the low-line threshold tens of millivolts above the reset threshold and adjusting the VCC fall rate to comply with time requirements for the shutdown routine, you can make one IC serve many different applications.
In most battery-operated portable systems, reserve energy in the battery provides ample time to complete the shutdown routine during the interval between the low-line warning and reset. If the VCC fall time is rapid, as when a high-side switch is opened during normal operation, add capacitance on the load side of the switch to slow the decline of VCC and provide time for executing the shutdown routine. In MAX814 supervisors, for example, the power-fail comparator's delay (less than 50µs) may or may not affect your application.
First, calculate the worst-case time required for the shutdown routine. Using this value, the worst-case load current, and the minimum low-line to reset-threshold difference (VLR(min)), calculate the capacitance necessary for completion of the shutdown routine before reset occurs:
where ILOAD is the current being drained from the capacitor, VLR(min) is the minimum difference between the low-line and reset thresholds, and tSHDN is the time required for an orderly shutdown to occur, including the reset comparator's propagation delay.
Placing the low-line threshold above the reset threshold can allow false low-line triggers due to noise. To overcome this problem, filter the noise with adequate bypassing, and use software to monitor the low-line interrupt after the shutdown routine is completed. When the processor receives an interrupt from the low-line comparator, it completes the backup/shutdown routine and then returns to monitor the interrupt. If a line or load transient causes low-line to return high relatively quickly, the software initiates a "warm
" start-up by reloading the stored parameters. If a power failure occurs, the low-line signal is followed by a reset signal, and the normal battery-backup mode of operation begins.
DC-DC Boost Circuit Extends Shutdown Time
If a backup/shutdown routine requires more time than you can reasonably provide with storage capacitors, you can use a dc-dc converter to sustain VCC while the shutdown routine is in progress. The µP can then shut down the dc-dc converter once the backup is complete.
In Figure 4, for example, IC2 is a step-up converter that provides 5V to the system and µP supervisor (IC3) when the main 5V supply fails. At the onset of such a power failure, as the main supply falls below 4.65V, IC1 turns off Q1, brings IC2 out of shutdown, and interrupts the µP. IC2 then boosts the supply voltage from 4.65V back to 5V. The reset threshold is not encountered, so a reset to the µP is not issued. When the µP finishes its shutdown routine, it simply pulls IC2 into shutdown again and the system goes into its normal battery-backup mode.
Figure 4. A threat of VCC loss causes the boost converter (IC3) to turn on and restore VCCto its nominal level.
The boost converter delivers up to 100mA while powered from a lithium cell that has been drained to 2.5V. If desired, you can provide separate batteries for the RAM backup and the boost converters.
Guarding Against False Resets
The supervisory circuit must not issue resets in response to system noise or VCC load transients. About 50mV of noise on the digital power-supply lines is common. Load transients, which occur when modules, peripherals, and other subsystems are turned on or off, can cause serious problems if the reset comparator's propagation delay is too short.
You can avoid false resets by choosing a supervisory circuit whose reset comparator has a propagation delay of 10µs to 30µs. Shorter propagation delays (of a few hundred nanoseconds) react quickly to VCC transients, and are therefore likely to generate false resets. Long delays, on the other hand, can allow VCC to fall too far outside the system IC's operating range before the processor is reset. The majority of 5V applications include sufficient capacitance to reduce the VCC fall rate such that a reset occurs before VCC falls below the minimum level specified in the IC's electrical characteristics.
For critical systems that require non-volatile memory, the designer can choose either erasable/programmable memory or a CMOS RAM with backup battery. EEPROMs and flash memory are rated not only for memory capacity, but also for the number of write cycles they can undergo. The most common non-volatile memory includes a switch that connects the CMOS RAM to the lithium backup battery or VCC, whichever is higher.
Large capacitors (around 0.5F) offer a popular method for providing a short-duration memory backup. Called SuperCaps™ or MaxCaps™, these capacitors charge from VCC through a diode during normal operation (Figure 5). Charging current is limited by the capacitors' internal series resistance, which is relatively high. The RAM is switched from VCC to the capacitor when VCC collapses below the IC's reset threshold. The available backup time depends on the level of quiescent current into the RAM and supervisor IC, and the self-discharge leakage of the capacitor itself. For the many systems that draw only tens of microamps in backup mode, such backup capacitors can maintain the memory contents for several hours. The 1µA quiescent currents of Maxim supervisors, for instance, are generally insignificant.
Figure 5. A very large capacitor (0.47F in this case) can serve as a backup battery in systems with low quiescent current.
Backup-battery switchover in 3V applications presents a challenge: How do you determine when to switch between a 3.3V VCC and a 3.6V lithium backup cell? One way is to define a ground-referenced voltage that is higher than the CMOS RAM's minimum standby voltage. Thus, VCC supplies the RAM until it falls to slightly more than 2V; RAM is then switched to the backup battery (Figure 6).
Figure 6. When VCC sinks to slightly above 2V, this system switches the CMOS RAM from VCC to the backup battery.
To conserve battery energy, designers of battery-operated portable equipm
ent often make use of the 80CL51 µC's power-down mode. If the preservation of CMOS memory content is critical, IC1's active-low LOWLINE output (Figure 6) generates an interrupt. This interrupt signal can trigger a shutdown routine when the main battery voltage goes low enough to cause VCC to fall out of tolerance. RAM contents are kept alive by whatever energy remains in the battery.
With the µC in power-down mode and the supervisor's RESET connected directly to the µC's RST terminal, a VCC decline below the reset threshold will cause RESET to go high. This, in turn, wakes up the µC and places it in run mode, increasing its quiescent current from approximately 100µA to 6mA. Battery voltage continues to fall and VCC remains below the threshold, so 6mA will drain the battery, considerably shortening the available backup time.
Simply combining active-low LOWLINE and RESET with an AND gate (Figure 7) ensures that IC3's RST is driven high only for the reset timeout period (not when VCC is falling). In other words, RST goes high after VCC has been restored (by recharging the battery or installing a fresh one) and has recrossed the low-line threshold. The AND gate thus allows the sleeping controller to remain in a sleep state.
Figure 7. The AND gate preserves battery energy by preventing an unnecessary shift in microcontroller operation-from sleep mode to the higher-current idle mode.
With VCC in its normal operating range, RESET is low and active-low LOWLINE is high. When VCC falls below the low-line threshold (typically 45mV above the reset threshold), active-low LOWLINE goes low, signaling the 80CL51 to begin its shutdown routine. RESET asserts when VCC encounters the reset threshold, but active-low LOWLINE forces the AND-gate output to remain low.
On power-up active-low LOWLINE remains low, therefore RST remains low until VCC crosses the low-line threshold. RESET then propagates through to the RST terminal for the duration of the reset timeout period. As a result, the 80CL51 exits its sleep mode only when VCC is valid.
Also desirable in this application is an ability to detect whether the battery has discharged below the safe RAM-backup voltage at any time during the sleep period. Using this information, the system decides whether to perform a "warm boot" based on the contents of the RAM, or a "cold boot" that starts from scratch because low battery voltage may have corrupted the RAM data. IC1's BATT terminal (pin 16) tells the µC which boot is appropriate.
IC1 has a low-battery comparator that normally indicates the state of a backup battery connected to its BATT terminal. This comparator output (BATT OK) is not latched. The application of Figure 7 has no backup battery, so you can use BATT to latch the state of BATT OK. Simply connect BATT to an available I/O pin on the 80CL51, and to the BATT OK terminal via a 10kΩ resistor.
To set up for normal operation, the µC pulses the I/O line high for about 30µs, then configures the line as a high-impedance input. The comparator in IC1 drives BATT OK high, which pulls BATT high and latches it in that condition. The comparator is powered by VCC, so its output in the high state is near VCC. If VCC goes as low as 2.25V at any time during the sleep period, the comparator output snaps low and pulls BATT low, latching it in the low condition. After VCC is restored (by recharging the main battery or replacing it) the µC polls BATT before proceeding: high indicates a warm boot, and low indicates a cold boot.
µCs such as the Motorola 68HC11 have bidirectional reset pins that may contend with active-low RESET from the supervisory IC. If the supervisor reset is high, for instance, and the µC tries to pull it low, the result may be an indeterminate logic level. Figure 8 connections allow both the supervisor and µC to assert valid resets to the system, and also ensure sufficient duration for the reset pulses (µC resets may be too short for some devices in the system).
Figure 8. These connections allow dual control of the buffered reset line, and extend the duration of resets issued by the µP.
The capacitor enables resets from the supervisor and µC to pull active-low MR low. active-low MR going low initiates a 200ms timeout within the supervisor, producing a 200ms minimum pulse at its active-low RESET terminal (pin 2) that overrides the µC active-low RESET and drives the system reset line via the buffer. active-low MR returns high as the capacitor charges. When the µC active-low RESET de-asserts following the timeout delay, the capacitor discharges through the active-low MR pull-up resistor and an internal ESD-protection diode.
Maxcap is a trademark of Kanthal Globar, Inc.