Use of RM46 microcontrollers for a SIL 3 product

Claudio Andreoli

Other Parts Discussed in Thread: RM46L830, RM46L852, RM46L850, RM46L430, RM46L450, RM46L440, HALCOGEN, SAFETI-HALCOGEN-CSP

Dear Sirs,

We need to design a product for industrial applications with SIL 3 rating according to IEC 61508.

The system must be composed of the following sections:

An input section, which must be able to read analog and / or digital signals (e.g. by means of Hall-effect sensors).
A processing section, which must use a microcontroller with ARM / Cortex core architecture. The microcontroller must also necessarily be equipped with CAN and Ethernet peripherals.
An output section, which must be able to drive up to 4 relays for NE loads.

For the time being, we have the following questions:

In order to reach SIL 3 Safety level, must we necessarily use a redundant architecture with two microcontrollers, or can we use just one microcontroller (provided that its diagnostic coverage is > 99%)?
Regarding the microcontroller selection, we are oriented to the RM46 series. Can you guide use to the selection of the right model for our needs, also considering availabilty and cost issues? Regarding other components, in order to reach SIL 3, must we necessarily use those listed in the https://www.ti.com/technologies/functional-safety/products.html webpage?
In the https://www.ti.com/tool/SAFETI_DIAG_LIB webpage, I see that there is some material available, such as diagnostic FW libraries. What kind of design support can you provide, considering that the product SW must be SIL 3 rated according to IEC 61508 and IEC 61511?

9 months ago

+1 jagadish gundavarapu 9 months ago

TI__Mastermind 40765 points

Hi Claudio,

Claudio Andreoli said:
In order to reach SIL 3 Safety level, must we necessarily use a redundant architecture with two microcontrollers, or can we use just one microcontroller (provided that its diagnostic coverage is > 99%)?

A single Hercules MCU is designed to support IEC61508 up to SIL3 and ISO 22201 up to SIL 2 compliance. Dual Hercules MCU can support IEC 61508 SIL 4 and ISO 22201 SIL 3 (dual channels with comparison).

Transferring thread to an expert to answer 2 & 3 questions.

Thanks & regards,
Jagadish.

+1 QJ Wang 9 months ago

TI__Guru**** 186486 points

Claudio Andreoli said:
Regarding the microcontroller selection, we are oriented to the RM46 series. Can you guide use to the selection of the right model for our needs, also considering availabilty and cost issues? Regarding other components, in order to reach SIL 3, must we necessarily use those listed in the https://www.ti.com/technologies/functional-safety/products.html webpage?

There are 7 products in RM46 series. They are: RM46L440, RM44L840, RM46L850, RM46L450, RM46L830, RM46L430, and RM46L852

First digit after letter "L" indicates memory size:4 (1024KB flash, 128KB RAM), and 8(1280KB flash, and 192KB RAM)

2nd digit indicates network and USB: 3 indicates network is not available, and other values mean the device has ethernet module

3rd digit indicates CPU frequency: 2 (220MHz), 0(200MHz)

All the RM46L devices has 2 DC modules (24 channels), 3 CAN modules, Two packages are supported: 144-pin QFP, and 337-pin BGA.

0 QJ Wang 9 months ago

TI__Guru**** 186486 points

Claudio Andreoli said:
In the https://www.ti.com/tool/SAFETI_DIAG_LIB webpage, I see that there is some material available, such as diagnostic FW libraries. What kind of design support can you provide, considering that the product SW must be SIL 3 rated according to IEC 61508 and IEC 61511?

TI provides the following tools to assist you developing application firmware and using HalCoGen code and SDL APIs to comply with functional safety standard.

1. HalCOGen: https://www.ti.com/tool/HALCOGEN

2. Safeti-HalCoGen-CSP (compliance support package): https://www.ti.com/tool/SAFETI-HALCOGEN-CSP?keyMatch=CSP

3. SDL: https://www.ti.com/tool/SAFETI_DIAG_LIB

4. SDL-CSP: https://www.ti.com/tool/SAFETI-HERCULES-DIAG-LIB-CSP

5. SafeTI CQIT: safety compiler qualification kit. https://www.ti.com/tool/SAFETI_CQKIT