• State TI Thinks Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1393 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS570LS1224: Need Suggestion on TI Safety Library API usage

Bharat@Honeywell
Prodigy 180 points
Part Number: TMS570LS1224
Other Parts Discussed in Thread: HALCOGEN

Hello Team,

As part of functional safety we want to implement self tests, diagnostics and test for diagnostic on the TMS570ls1224 Microcontroller. 

In my opinion we can ahceive this by two ways: (correct me if i am wrong)

1) Safe TI diagnostic library api's can be mapped to Hercules Safety MCU diagnostic features, which can be used in our application to do the diagnostics or to provide the test of the diagnostic feature itself.

2) Configuring Safe_INIT tab in the Halcogen.  Enable all the safety related settings in the Safe_INIT tab (like CPU self test , CCM self test, enable RAM ECC, FLASH ECC,PBIST....)

Now i have some basic question which i am unclear after reading safety manuals:

  TMS570 architecture uses the Safe island approach.

."In the “safe island” approach, a core set of elements are allocated continuously operating hardware safety mechanisms. This core set of elements, including power and clock and reset, CPU, Flash memory, SRAM and associated interconnect to Flash and SRAM, is needed to assure any functionally correct execution of software. Once correct operation of these elements is confirmed, software can be executed on these elements in order to provide software-based diagnostics on other device elements, such as peripherals. "

That means if hardware is safed, we can run software and saftware based diagnostic for peripherals

1) why i have to use the Safe TI Diagnostic library API's? 

2)if we enable all the safety settings in halcogen. Do we still need to use Safe ti diagnostic lib api's? 

3) is Safe ti lib API's are used for fault insertion and test for diagnostic use only??

4) when i enable CPU self test in safe ti init tab of halcogen,  function  stcSelfCheck() ; is getting called in sys_startup.c file.

That means at boot time stcSelfCheck() ;  is triggered.  what & how about checking stcSelfCheck() ;on demand/ periodic ?? should i use safe ti lib api SL_Selftest_STC()  or should i don't bother as safe island approch  will continously monitor the STC ??

please provide your feedback.

Bharat

  • 0
    TI__Guru**** 197036 points
    Hi Bharat,

    1. Yes, the SDL APIs are mapped to the diagnostic items in safety manual. For example, the SL_SeflfTest_PSCON is mapped to PMM2 and PMM5. Please refer to the user guide of the SafeTI Diagnostic Library

    2. We recommend to use the APIs instead of the INIT functions generated through the HALCoGen
  • 0 in reply to QJ Wang
    TI__Guru**** 197036 points
    In the "safe island" approach, a core set of elements are allocated continuously operating hardware safety mechanisms. This core set of elements, including power & clock, reset, CPU , Flash memory, SRAM and associated interconnect, is needed to assure any functionally correct execution of software. Once correct operation of these elements is confirmed, software execution can begin on these elements in order to provide software-based diagnostics on other device elements, such as peripherals.

    The Hercules architecture also provides various safety mechanisms and technical recommendations for the use of safety mechanisms. The Diagnostic Library (SDL) provides interfaces to these safety mechanisms. Based on the final system requirements the system integrator can use these APIs to incorporate appropriate mechanisms in the final system to meet safety requirements.

    The SDL consists of the following blocks
    1. Initialization: is responsible for configuring the safety mechanisms and detecting any failures at system boot (through Safety Tests)
    2. ESM Handler: is responsible for handling various errors at run time
    3. Self-Test and Fault Injection API: Those API can be called in fault injection and self-test modes.
    • Fault injections allow the application to induce faults and verify the fault handling in their application.
    • Self-Test is a mechanism for providing latent fault diagnostics. It verifies the safety mechanisms available on the device.
    4. I/O diagnostic

    The SDL APIs are recommended to be used in a system for periodic tests on the fault diagnostics. It is expected that this is done in the diagnostic time. These API configure the fault diagnostics in special modes to check the function of the diagnostic. The return value of the Self-Test APIs indicate if the diagnostic is functioning as expected or if there is a fault in the device.

    The Fault injection API is used to create faults at run time such that the application developer may be able to simulate faults and their handling during development. Similar to the Self-Test API, the Fault Injection API configures fault diagnostics in special modes to create the desired fault. It is possible to insert faults at any time.
  • 0 in reply to QJ Wang
    Prodigy 180 points

    Hello Wang,

    Thanks your detailed answer. 

    I still have some questions on Safe island approach.

    " In the "safe island" approach, a core set of elements are allocated continuously operating hardware safety mechanisms." 

    will  this core set of elements which are allocated, monitor the hardware(CPU,STC,CCM,Clock,SRAM,FLASH) continuosly(periodically)  or only during boot time???

    what is the scope and life of this  core set of elements are allocated(which monitors hardware) ??? will this core elements monitor the TMS570 microcontroller till it is powered on  or only boot time in sys_starup.c file??

    Regards

    Bharat

  • 0 in reply to Bharat@Honeywell
    TI__Guru**** 197036 points
    Hello Bharat,

    For example:
    1. VMON, and PSCON lockstep for power supply and power management
    2. CLK detector, PLL slip detector, and DCC for clock signal
    3. CPU Lockstep , CPU lockstep comparator, LBIST, etc for CPU
    4. PBIST, ECC, redundant address decoder for internal SRAM
    5. ECC (data, address), MPU, CRC etc for Flash memory

    Some of them are continuous, and some of them are enabled on demand. Please refer to the safety manual
  • 0 in reply to QJ Wang
    Prodigy 180 points

    Dear Wang,

    Thanks for your time and answer.

    I have one question regarding Diagnostic Operation in "Appendix A: Summary of Recommended Safety Feature Usage" of safety manual.

    safety manual classifies Diagnostic Operation as two types: Continuous or Periodic/On-Demand

    On-Demand : Diagnostics which are performed on demand by invoking the Safety TI lib API's.

    Continuous or Periodic :  safety features and diagnostics which are performed continuosly.   

    Can you explain how a continuous / periodic diagnostic work ?? 

    I am little bit confused with the word Continuous or Periodic.

    Does continuous mean if you call the Safety TI lib API (eg: CPU2B)  will it monitor LBIST STC life time?? or is it a one time execution??

    For continuous Diagnostics why we have to call Safety TI lib API?? Just enable LBIST in Halcogen, it will run diagnostics continuously.

    I want to know how TI has classified Diagnostics as Diagnostic Operation: Continuous or Periodic/On-Demand. 

    Regards,

    Bharat

  • 0 in reply to Bharat@Honeywell
    TI__Guru**** 197036 points

    Hi Bharat,

    Sorry for the late response. This device has many built-in HW safety mechanism. Those are are continuously operating and their behavior cannot be changed by the software, for example VMON, ECC, LockStep, Glitch filter, etc. LBIST STC is defined as periodic diagnostic or on-demand diagnostic.