How to tell Keil to write my program to flash at 0x100000 (default in AT91SAM7X256) and to make secondary copy at 0x120000. My program is much smaller than 128kB ;) I don't want to make that manually every time.
I need secondary copy to controll code integrity in SIL application ;)
For whole application we need at last SIL1 (I suppose it is maximum for our hardware, I'm not expert in that) but if we talk only about software it should be SIL2.
Obviously not familiar with your application, I am assuming that unless availability is at risk (see Per's post), self repair would be completely over the top.
For reasons stated, two copies of the code would hardly be useful to improve reliability. The code to switch between both copies is still a single point of failure.
If you use (potentially available) hardware functions for switching you will likely have to reset between switching, too, putting your system (e.g. I/O) in some state that might not be desirable.
My experience is that engineers working on safety critical applications tend to put a lot of effort into largely ineffective measures to "improve" safety. Ineffective extra code however could pose a greater risk than not having it in the first place.
Before implementing stuff, there must be an analysis why something is believed to contribute to overall system safety.
Regards Marcus http://www.doulos.com/arm/