Microcontroller for SIL2 specification

Hello Vitalij,

The first question I must ask is what standard do you target to comply with?  SIL is a level of safety integrity found in many standards, but it is not a standard by itself.  IEC 61508 (functional safety of electrical/electronic/programmable electronic systems) and several of the derived application specific standards which follow IEC 61508 all use the terminology of SIL for safety integrity.  We need to clarify which standard you target to provide a more precise answer.

Assuming that you target the IEC 61508 standard, you may find the requirements for safety management in part 1, system/hardware development in part 2, and software development in part 3.  Unfortunately we cannot share the standard due to licensing issues but you can purchase a copy via www.iec.ch and many other online locations.

With respect to development process, IEC 61508 has a number of fixed requirements which must be addressed by your development.  

With respect to specific needed hardware and software architectural features, you will not find these in the IEC 61508.  IEC 61508 is performance based - this means that it is your responsibility to analyze the target system for potential hazards and risks, apply an appropriate combination of risk reduction measures and diagnostics, and then demonstrate that your applied target architecture achieves the target measures of effectiveness found in the IEC 61508 standard.  For any given application, there are many possible solutions which could be applied in order to demonstrate that the end product achieves IEC 61508 SIL 2 for the implemented safety function.

With respect to hardware components such as our Hercules MCUs, what we can claim is that we have developed the product in a process which is compliant to standard and that we can demonstrate for an example application that target safety metrics can be met.  This does not mean that every possible implementation with the MCU will be compliant - this must be confirmed by the system developer for each system implementation.  While using a compliant component is not explicitly required by IEC 61508 standard, it can greatly reduce the complexity of your system safety analysis, help you get to market faster, and increase the chance that your system will be assessed compliant to the standard.

I hope that this helps.  Please feel free to ask further questions as needed.

Regards,
Karl 

Hello Vitalij,

At present only the TMS570LS20x/10x family is certified suitable for use in IEC 61508 applications up to SIL 3.  Additional product certifications are under way for products which are being qualified for production but I cannot publicly commit to schedules for this activity.

We used an external independent assessor for the certification of the TMS570LS20x/10x, exida.  The certificate can be viewed via exida's web site:  http://www.exida.com/index.php/Resources/SAEL_Detail/texas_instruments/.  Additional information regarding the certificate and assessment report can be made available under NDA if desired.  You can request this data by filling out the form online at http://www.ti.com/safetyreport.

With respect to peripheral function on the LS20x/10x products:

• SCI/LIN peripherals are specialized UARTS which may also be usable for RS485 communications
• N2HET can provide many channels of input capture, PWM generation, and general timer functionality.  In addition the RTI (OS Timer) can provide two free running counters, though most will use to support operating system time ticks.
• SPI and MibSPI modules are available 
• A dedicated GIO module is available.  In addition, most peripheral I/O can be repurposed to GIO (but without pin level interrupt capability).

With respect to product status on the TI website, an ACTIVE product is qualified for production, actively shipping to production, and recommended for use in new designs.  A product in PREVIEW state is announced to market but has not yet completed production qualification but is sampling for prototype use.  We have several TMS570LS and RM4 products which will transition from PREVIEW status to ACTIVE status this year.  

Regarding package, the Hercules MCU selection tool can help you identify products available in 100 LQFP package:  http://www.ti.com/paramsearch/docs/parametricsearch.tsp?sectionId=95&tabId=2834&familyId=1931&family=mcu.  The smallest package available for the TMS570LS20x/10x parts is a 144 QFP package.  The LS04x/03x products are available in 100 LQFP but have lesser capability and are not yet qualified for production nor yet certified suitable for use in IEC 61508 systems.  The LS04x/03x are compatible to the LS20x/10x.

Development kits are described here:  http://www.ti.com/mcu/docs/mcuprodtoolsw.tsp?sectionId=95&tabId=2836&familyId=1931&toolTypeId=1#kits.  

Best Regards,

Karl