A while back I had some intermittent trouble with the internal EEPROM of a dsPIC. Every so often, some value in the EEPROM would be found zeroed out on power-on. I tracked the problem down to when the chip lost power after the erase step of the write cycle, but before the write had completed. It was all about the timing of the power-down relative to the firmware execution, which was (in normal operation) random. I solved this by adding a buffer section to my EEPROM, to ensure that an incomplete write-cycle could be completed on restoration of power. I had to turn EEPROM writes into an atomic operation.
Now I'm using a different dsPIC without internal EEPROM, and I'm trying to use an external flash memory chip to store persistent data. I'm wondering if I should have similar concerns. Should I be worried that my external flash chip will power down mid-write and lose data, and write a fix for this in my firmware like I did for internal EEPROM? Or does the chip itself guarantee atomic write operations?
For further detail, my buffering technique defines an area of persistent memory that consists of three fields: address to write to, data to be written, and a READY flag. A "write" consists of four steps: write to buffer, set READY flag, write from buffer, clear READY flag. On power-up, you check the READY flag. If it's set, execute whatever's in the buffer. This worked well in EEPROM, but I'm not sure if it will work well in flash.
Best Answer
I have never heard of a flash memory chip (or processor with internal flash) that has sufficient energy storage internally to complete a write (or erase) cycle if external power should be removed. In other words, if you don't have control over when your system powers down, you always need to create a protocol that can detect and deal with any individual flash update operation that might have been interrupted.
One way around this is to provide the necessary energy storage (e.g., an electrolytic capacitor) on your board, such that you can detect an external power failure, yet still complete any write/erase operation that may have already started.
EDIT: Your write buffer concept could be used with the external flash, but it needs to be modified to take into account the larger erase granularity. According to the datasheet, the minimum erase size is one "sector" (4K bytes).
You'll need to reserve three sectors for your write buffer. One of these will hold your READY flag (call this the WB_R wector). The second will hold the sector address of the sector being updated (call this the WB_A sector). The third will hold the updated data for that sector (call this the WB_D sector).
To update any particular byte (or a group of bytes in a single sector), follow the following steps. We assume that WB_R is already erased.
On power up, check the READY flag, and if it's set (anything other than 0xFF — it may have been only partially written or partially erased), jump directly to step 7.
Note that with this algorithm, each of the write buffer sectors gets written and erased at least once for each write operation you do. This could become a problem if you do a lot (more than 100,000) of writes over the lifetime of the product. If that's the case, you'll need a more sophisticated wear-leveling algorithm.