• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 267 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS570LS0432: about the cpu safe diagnosis

whong zhao
Genius 4180 points
Part Number: TMS570LS0432

Hello

 I use the safety library API function to test the error  diagnosis

for example "SL_CRC_calculate" "sl_selftest_flash" and so on 

What is the premise of using these functions?

What peripherals are guaranteed?

How to ensure that these peripherals are normal?

 thank you

  • 0
    TI__Guru**** 196566 points

    The SL_CRC_Calculate() is to calculate the HW CRC module on this device. This function doesn't compare the calculated CRC with the predetermined CRC value. It doesn't perform diagnostic test on CRC controller. 

    For CRC diagnostic, you can calculate the CRC value using a verified SW tool or your own CRC code, and compare it with the CRC value generated by CRC controller. To check the compare unit in CRC module, you can intentionally force a mismatch between the data and expected CRC signature, and seeing if the CRC Logic reports an error.

    sl_selftest_flash() is used to perform the flash diagnostic based on the methods listed in diagnostic modes in TRM. Please refer to the Appendix A of the safety manual and the section 5.6 of TRM.

  • 0 in reply to QJ Wang
    Genius 4180 points

    Hello

    Now the certification company asks me, what are the prerequisites for using API functions, how to ensure that there is no problem with API functions, and what needs to be paid attention to for CPU peripherals.

    Some API functions use CPU peripherals, if you can ensure that these peripherals are normal

  • 0 in reply to whong zhao
    Genius 4180 points

    Hello

    Is the safety island test automatic? Does it require software settings?

    If the safety island fails, is it reflected through the ESM interrupt?

  • 0 in reply to whong zhao
    TI__Guru**** 196566 points

    The “Safe Island” is the region of logic that is needed for all processing operations. This logic is protected heavily by the hardware diagnostics. Once this region is safed, it can be used to provide comprehensive software diagnostics on other design elements.

    Safe Island Hardware diagnostics include:

    • CPU incorporates a lockstep checker solution for cycle by cycle fault detection.  

                Lockstep mode is the default mode on start-up. To avoid an erroneous CCMR4F compare error, the application software needs to            ensure that the CPU registers of both CPUs are initialized with the same values before the registers are used. ESM 2:2

                Several diagnostic modes can be used to CCM-R4F self-test: self-test, error forcing, etc. Those diagnostic can be enabled by writing proper vale to CCMKEYR register.

    • The second ARM Cortex-R4F CPU is physically flipped and rotated on the die to reduce the probability of a common cause failure.   

     HW   

    • SECDED ECC for flash and SRAM detects faults on each memory access

    The on-chip Flash memory and RAM memory are supported by single error correction, dual error detection (SECDED) ECC diagnostic. The ECC logics for the Flash and RAM are disabled at reset and must be enabled by application SW.

    The flash wrapper supports several diagnostic modes which can be used by application to test ECC logic. 

    The ESM flags will be set if any ECC error occurs.

    • Hardware BIST engines enable factory grade tests in final application

    This PBIST is used to provide a very high diagnostic coverage on the implemented SRAMs at a transistor level. The PBIST tests is triggered by the software. 

    This LBIST logic is used to provide a very high diagnostic coverage on the lockstep CPUs at a transistor level. The LBIST tests is triggered by the software. LBIST error will be reported to ESM 1:27

    • Power, clock, and reset have internal and external HW diagnostic hooks

    VMON monitors the core and I/O supplies. The VMON operates continuously and requires no software configuration or CPU overhead. Reset is generated if the power supply is out of voltage range.

    Clock: it includes Low Power Oscillator Clock Detector, PLL Slip Detector, and Dual Clock Comparator (DCC). The low-power oscillator clock detector (LPOCLKDET) is a safety diagnostic that can be used to detect failure of the primary clock oscillator. The LPOCLKDET circuitry is enabled by default during the power-on reset state. The diagnostic can be disabled via software. ESM 1:11

    The PLL slip detection diagnostic is active whenever the PLL is enabled and has locked on a target frequency. The diagnostic cannot be disabled by the software. ESM 1:10