Can Atmega328 corrupt EEPROM without a write

Hi,

I have an Atmega328 application that stores the device address in internal EEPROM. The address is stored just once before the device is deployed in the field. Once the device is operational in the field it will never write to EEPROM and occasionally read the device address from EEPROM.

The device is battery powered and BOD is disabled. The voltage may fluctuate due to the battery having low charge (high internal resistance) and some other chip using more current, resulting in a voltage drop below the operating limit of the Atmega328.

What are the chances of EEPROM corruption, if any?

Thanks and Regards,
WonderfulIOT

(deleted)

If you have the code that writes to EEPROM still in flash the CPU may jump to it by mistake and corrupt the EEPROM. If you program EEPROM via programmer or you overwrite the code writing to it the chance to corrupt EEPROM is small.

Smajdalf:
If you have the code that writes to EEPROM still in flash the CPU may jump to it by mistake and corrupt the EEPROM. If you program EEPROM via programmer or you overwrite the code writing to it the chance to corrupt EEPROM is small.

Indeed - and while you normally don’t have to worry about the MCU running the wrong code (short of a program bug), you don’t have that guarantee when you’re using the microcontroller outside of spec as you describe.

If you’re not using BOD, have you planned how to ensure that it does not end up stuck in a hung state (potentially with output pins in perverse states), leaving the device inoperable until manually reset?

CPU may jump to it by mistake and corrupt the EEPROM.

Assuming that the the program is absolutely bug free and the CPU is under steady running condition at the rated Vcc value, there is no way that the CPU/MCU can make a mistake to execute unscheduled write instructions on the EEPROM for corrupting its data.

  1. The EEPROM gets corrupted during ‘power-up’ and ‘power-down’ conditions when the
    operating voltage starts (a) rising from 0V to Vcc and (b) falling from Vcc to 0V.

  2. At certain point of the transition of Step-1, the CPU encounters a Vcc value which is no longer
    safe (suitable) for the normal operation of the CPU.

  3. The CPU goes crazy (this is not a mistake; it is the feature) when it is forced to operate within
    unsafe Vcc range, and it might begin (actually does) random execution of instructions some of
    which might be writing into EEPROM and thus corrupting its data. There is a history of the
    corruption of EEPROM data of AT89S8252 MCU at Power Switch ON/OFF events (BOD was not set
    properly).

  4. To prevent the EEPROM from being corrupted by the condition of Step-2, the MCU/CPU (ATmega)
    has incorporated ‘Brown-out Detection Logic (BOD)’. The BOD ensures that the MCU remains at
    reset state until Vcc rises to a pre-set value during power-up. Similarly, the the BOD guarantees
    that the MCU enters into reset state when the Vcc falls down at a pre-set value during power down.
    At reset state, the MCU can’t execute any kind of instruction.

  5. Working principle of BOD Circuit of ATmega328 MCU

Extended Fuse Byte, EF ( 1 = Unprogrammed, 0 = Programmed)

Bit Position —> 7 6 5 4 3 2 1 0
Symbolic Name —> - - - - - BODLEVEL2 BODLEVEL1 BODLEVEL0
Default Value —> 1 1 1 1 1 1 1 1
Arduino Value —> 0 0 0 0 0 1 0 1

(EF7 – EF3) No Use in ATmega328 (Reserved for future)
;---------------------------------------------------------------------------------------------------------------
(EF2) BODLEVEL2 Brown-out Detector Trigger Level-2
(EF1) BODLEVEL1 Brown-out Detector Trigger Level-1
(EF0) BODLEVEL0 Brown-out Detector Trigger Level-0

(a) The ATmega328 works on 5V supply (Vcc). There is EEPROM memory inside the MCU, which also
works on 5V. It is used to save critical data like password, balance, and etc. The EEPROM is a
type of memory that can be programmed (read, write, erase) by ROM Programmer, In-system Programmer, and Program Instructions.

(b) During power up, the Vcc slowly rises to 5V. Similarly, during power failure, the 5V (Vcc) slowly
drops to 0V. It has been observed that the EEPROM erratically gets written when the Vcc is
below 3V (typical value). As a result, the data of the EEPROM becomes corrupted.

(c) The ATmega328 contains a circuit called ‘Brown-out Detector which prevents the EEPROM from
being written when the Vcc remains below 3V.

(d) The Brown-out detection circuit (see below) continuously monitors Vcc, and it keeps the MCU at
reset state until the Vcc crosses the voltage level determined by the fuse bits
[BODLEVEL3:BODLEVEL0]. Brown-Out Reset (internal reset) will occur before Vcc drops to a
voltage where correct operation of the microcontroller is no longer guaranteed.

[BODLEVEL3:BODLEVEL0] VBOT (Brown-out Trigger Level)
111 BOD circuit is disabled
110 1.7V – 1.8V – 2.0V
101 2.5V – 2.7V – 2.9V
100 4.1V – 4.3V – 4.5V