• State TI Thinks Resolved
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 32 subscribers
  • Views 353 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS570LC4357: CPU8 Self test

Simon Jagla
Expert 8635 points

Part Number: TMS570LC4357

Hi Experts,

for the CPU8 Lockstep Comparator (CCM) Self Test, do we give a guidance how often this should be preformed?

If i understand this right, the customer has to make a trade off, because when he is running the Comparator Self Test, the Lockstep will be deactivated and he risks running into a CPU error during that time.

  • 0
    TI__Guru**** 200256 points

    Hello Simon,

    During self-test, CPUs execute normally, but the compare logic will not check any CPU signals. The selftest will take thousand CU cycles for CPU output compare logic. When (during startup or normal operation) and how often to run the selftest depends on the requirements of a specific application. 

  • 0 in reply to QJ Wang
    Expert 1895 points

    Hello QJ,

    Our project aims to fullfill SIL3 and the µC runs for 8h per powercycle and we run the selftest during every startup.

    Our concern is that the lockstep safety mechanism is not working for nearly 5000 cycles and any error in that time is missed.
    In Addition the SW needs to turn Lockstep back on, which means that there is also the danger of the lockstep beeing deactivated for an even longer period.

    Q1) So we would like to know if running the self-test during startup is sufficient?

    (Q2) Is there a guidline for us to determine how often certain tests need to be run in an 8h runtime?

    Thank you and best regards,

    Max

  • 0 in reply to Max Wittekind
    TI__Guru**** 200256 points

    Hi Max,

    It is usually sufficient to only execute the CCM-R5F self-test at boot-up. It would be important to understand the actual feedback from the assessors and then look for safety mechanisms / diagnostics to address their feedback.

  • 0 in reply to QJ Wang
    Expert 1895 points

    Hi QJ,

    Thank you for the quick answer.
    This helps alot.

    Best regards,
    Max

  • 0 in reply to QJ Wang
    Expert 1895 points

    Hello QJ,

    I have a few follow up questions. The runtime I have mentioned has potentially become longer. The new runtime would be up to 72 hours.

    (Q1) Is it still sufficient to execute the self-test only at boot-up?

    (Q2) If we execute the self-test during runtime, will an error ocurring during the self-test be missed completly?

    Thank you and best regards,
    Max

  • 0 in reply to Max Wittekind
    TI__Mastermind 49120 points

    Hi Max,

    (A1) This is determined by the FTTI (Fault Tolerant Time Interval) for your application, and is defined by the system designer per the end application requirements.

    (A2) Any errors identified during self-tests are expected to be handled the same way (by software). The error flags behave identically whether the self-tests are run at start-up or during "runtime".

  • 0 in reply to Sunil Oak
    Expert 1895 points

    Hi Sunil,

    Thank you for your answers, but I think this does not answer my questions, so I will try to give more information.

    We are aiming for a powercycle of 72 hours. We are currently deciding which tests need to be run periodically, but the Safety Manual describes only a few tests to be run at boot time or periodically.
    Among the test for which there is no mention when or how often they should be executed is the CPU8 diagnostic, which we will run on boot-up.

    "NOTE: During self-test, both CPUs can execute normally, but the compare logic will not be checking
    any CPU signals. Also during self-test, only the compare unit logic is tested and not the
    memory-mapped register controls for the CCM-R5F. The self-test is not interruptible"

    Our concern is, that the compare logic is turned off for at least 5000 Cycles and an error that would be detected by the compare logic in Active Compare will be missed.
    If I understand this correctly it would mean, that we loose a diagnsotic detecting single point faults, while running a diagnostic for latent faults.

    (Q3)Because this is a diagnostic of a diagnostic we were wondering, do we realy need to run the self-test periodically or is running the self-test at boot-up sufficent or is there a generall recommendation by TI after what time boot-up test should be run again?

    (Q4) Is my understanding of the Comperator behaviour during self-test correct?

    Thank you and best regards,
    Max

  • 0 in reply to Max Wittekind
    TI__Mastermind 49120 points

    Hi Max,

    Whether or not to run the CPU self-tests on start-up, or how many test intervals to run at a time, these are all system-level decisions based on the target application's constraints. There is no single correct answer for these.

    (Q3)Because this is a diagnostic of a diagnostic we were wondering, do we realy need to run the self-test periodically or is running the self-test at boot-up sufficient or is there a generall recommendation by TI after what time boot-up test should be run again?

    >> CPU8 refers to testing the diagnostic mechanism (CPU Compare Module, CCM), and is not a diagnostic in itself. This logic needs to be checked to identify and address any latent faults, which is typically done on a key-on and/or a key-off condition for automotive applications. A fault in this logic by itself does not violate any safety goal. This logic does provide important diagnostic coverage for the CPU logic. A fault in the CCM could mean that a compare error on the CPU outputs goes undetected. For your specific application, you would need to determine how long can you have an undetected fault in the CPU logic before a failure occurs. This is the Fault Tolerant Time Interval metric, which is specific to each application. The FTTI usually determines how often you need to check for latent faults in diagnostic mechanisms such as CCM.

    (Q4) Is my understanding of the Comparator behavior during self-test correct?

    >> Yes, the CCM is not available to compare CPU outputs when in a self-test mode. The CCM self-test runs for 4947 CPU clock cycles, or about 16.5us.