• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 30 subscribers
  • Views 114 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TMS570LS3137: About Information Redundancy Techniques - L2/L3 Interconnect Specific

TMS570LS3137: TI Safety Manual SPNU511D : INC7 Transmission Redundancy

Marc Cifuentes
Prodigy 230 points
Part Number: TMS570LS3137

Tool/software:

Hello,

Our FMEDA analysis shown that we would need to perform INC7 Transmission Redundancy test but I am not sure what to do.

I understood that those L2 / L3 interconnection are typically drawn in SPNU499C manual (chapter 2.1.1 and shown below), nevertheless would appreciate to have more specific indication.

At the moment regarding the test required by SPNU511D, I considered the PCR Bus and cross check the associated configuration registers (example :PMPROTSET0 /  PMPROTSET1.....)

for INC4 (Periodic Software Readback of Static Configuration Registers) and  INC6 (Software Readback of Written Configuration). Any advices about if this correct or not would also be welcome ?

Next comes INCA7 (Transmission Redundancy), this test sounds not so obvious about what shall be done there,...

I would assume to check twice the data received or transfer to an interconnect L2/L3 peripherals so PCR (ADC, SPI,... for example) ? 

Thank you for the feedback

Regards,

Marc

  • +1
    TI__Guru 70391 points

    Hi Marc,

    You're understanding and approach for INC4 and INC6 are correct in principle.

    "Transmission Redundancy" refers to ensuring the integrity of data as it moves between different parts of the system, whether internally on the chip or externally. Your assumption to "check twice the data received or transfer to an interconnect L2/L3 peripherals" is a good starting point.

    Here's a more specific breakdown of what INC7 typically entails for a TMS570LS3137:

    1. Internal Bus Integrity (L2/L3 Interconnects):

      • The TMS570LS3137 features robust internal bus architectures (L2/L3) with built-in error detection mechanisms, often including parity or ECC (Error Correcting Code) on the buses themselves and on critical memory regions (RAM, Flash, peripheral RAMs).
      • How to test: The primary way to check this "transmission redundancy" is to monitor the Error Signaling Module (ESM). The ESM collects error flags from various modules (CPU, memory, buses, peripherals). If a bus parity error or ECC error occurs during a data transfer (a "transmission") over the L2/L3 interconnects, the ESM will typically flag it.
      • Action: Your software should periodically check the ESM status registers for any reported errors related to bus transfers. While you can't directly "check twice" the bus transfer itself, the hardware's built-in redundancy (parity/ECC) provides the "redundancy," and monitoring the error flags is the "test."

    2. Peripheral Data Path Integrity:

      • ADC (MibADC):
        • The MibADC is a multi-buffered ADC. For safety-critical analog inputs, you can implement software-based transmission redundancy.
        • Test: Configure two different ADC channels or conversion groups to sample the same physical analog input. Perform the conversions and then compare the two digital results. A significant deviation would indicate a fault in the ADC path (analog front-end, conversion logic, or the data path to the CPU). This is a form of "transmission redundancy" for the analog-to-digital conversion process.
      • Communication Peripherals (SPI, SCI, CAN, LIN):
        • These peripherals often have built-in hardware mechanisms for data integrity, such as CRC (Cyclic Redundancy Check), parity bits, or checksums within their protocols.
        • Test: Monitor the error status registers of these peripherals. For example:
          • DCAN: Check for CRC errors, bit errors, form errors, stuff errors, acknowledge errors, or bus-off states. These indicate issues with the data "transmitted" or "received" over the CAN bus. The DCAN's message RAM also has parity protection, which ties back to the internal bus integrity (ESM).
          • MibSPI/SCI: Check for parity errors, framing errors, overrun errors, or CRC errors (if the protocol uses it).
        • Software Redundancy (if needed): For very critical data transmitted over these interfaces, you might implement an application-level checksum or send the data twice and compare at the receiver, even if the hardware protocol has its own checks. This adds another layer of "transmission redundancy."

    3. DMA (Direct Memory Access) Transfers:

      • DMA moves blocks of data between memory locations or between memory and peripherals without CPU intervention.
      • Test: If safety-critical data is transferred via DMA:
        • Rely on the underlying memory ECC/parity (if the source/destination memory has it) and bus parity/ECC (ESM monitoring).
        • Implement software checksums on the data blocks before and after the DMA transfer. Calculate a checksum on the source data, initiate the DMA, and then calculate a checksum on the destination data. Compare the two checksums. This verifies the integrity of the "transmission" via DMA.

    4. CPU to Peripheral Register Writes/Reads:

      • When the CPU writes data to a peripheral register or reads data from it, this is a "transmission" over the L2/L3 bus.
      • Test: This is primarily covered by the internal bus integrity checks (ESM). If the bus itself has parity/ECC, then the "transmission redundancy" is handled by hardware, and you monitor the ESM for errors. For critical writes, INC6 (read-back verification) also serves as a form of integrity check for that specific "transmission."

    --
    Thanks & regards,
    Jagadish.