This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F28384D: The compiler for IEC 61508 SIL-3 certification

Part Number: TMS320F28384D

Hi champs,

What compiler tools should customer uses for IEC 61508 SIL-3 certification, for both C28x and CM4?

Please advise, thanks for help.

Regards,

Luke

  • We offer a compiler qualification kit for our TI compilers: https://www.ti.com/tool/SAFETI_CQKIT

    Whitney

  • Whitney,

    I have below questions need your comments,

    1. From supported products & hardware list, I don't see F2838x devices. Can this kit be used on F28384D for IEC 61508 SIL-3 cerification?
    2. I see not all compiler versions on SAFETI_CQKIT, for example we don't have ARM CGT v20.2.3 LTS and v20.3.4 LTS. Do you know why?
    3. Since we have TUV Nord assessment reports, do you know why don't we get compiler certification?

    Please advise, thanks.

    Luke

  • From supported products & hardware list, I don't see F2838x devices.

    That is a representative list, and not a comprehensive list of all the devices supported by the C2000 compiler.

    Can this kit be used on F28384D for IEC 61508 SIL-3 cerification?

    Yes

    I see not all compiler versions on SAFETI_CQKIT, for example we don't have ARM CGT v20.2.3 LTS and v20.3.4 LTS. Do you know why?

    I do not know why some of the version 20.2.x.LTS versions do not have a cqkit.  This question implies you can choose to use any version 20.2.x.LTS version.  That being the case, the best choice is version 20.2.7.LTS.  Because, as detailed in the article Compiler Version Numbers and What They Mean, it has the most bug fixes.  And a cqkit is available for it.

    Since we have TUV Nord assessment reports, do you know why don't we get compiler certification?

    No TI compiler is certified.  Instead, we supply the safety compiler qualification kit so you can qualify your use of the compiler.

    Thanks and regards,

    -George

  • George,

    Do you mean the SAFETI_CQKIT for v20x can be used on all versions of v20.x compilers, for example v20.2.2 LTS, even this version is not listed on the website?

    Regards,

    Luke

  • Do you mean the SAFETI_CQKIT for v20x can be used on all versions of v20.x compilers

    No.  You need to use the variant of the cqkit which matches the compiler version.  In this specific case, that means you cannot use compiler versions 20.2.2.LTS, 20.2.3.LTS, or 20.2.4.LTS.  But you can use any of the rest of them, including the most recent one, version 20.2.7.LTS.

    Thanks and regards,

    -George

  • Luke,
    The compiler QKIT has one installer for all releases, however the installed QKIT only includes the validation results for the initial release (eg: 20.2.0.LTS). 
    For future patch releases, go to the QKIT download page for that specific release version to download the validation results for that particular patch release version.
    Otherwise all the other documents in the QKIT apply to any release version of that LTS stream. Only the validation results is specific to a particular release version
    Thanks
    Greg

  • Greg,

    The C2000 CGT v20.2.2.LTS is not listed on QKIT download page, so we don't have the validation results of this compiler version. Does it mean the QKIT cannot be applied to v20.2.2.LTS?

    I ask this because my customer used v20.2.2.LTS for development, he hope not to change compiler version and use QKIT for IEC 61508 SIL-3 certification.

    Please advise, thanks for help.

    Regards,

    Luke

  • Luke, 

    I see what you mean with missing 20.2.2.LTS QKIT download page.

    Yes, unfortunately for the 20.2.x.LTS releases, we only have QKITs available for 20.2.1.LTS, 20.2.5.LTS 20.2.6.LTS and 20.2.7.LTS

    If they only needed compliance with ASIL-B or lower, then the QKIT coverage check is not required and they would only need the validation report for 20.2.2.LTS, however, SIL3 requires the QKIT coverage check and the instrumented compilers are not available for 20.2.2.LTS 

    Please recommend the customer to upgrade to 20.2.5.LTS which has the available validation report as well as the instrumented compilers that are required for applying the QKIT at SIL3 level. 

    The only changes from 20.2.2.LTS to 20.2.5.LTS are bug fixes which can be reviewed with below README files. There are no major feature changes on patch releases.
    https://software-dl.ti.com/codegen/esd/cgt_public_sw/C2000/20.2.3.LTS/README.html
    https://software-dl.ti.com/codegen/esd/cgt_public_sw/C2000/20.2.4.LTS/README.html
    https://software-dl.ti.com/codegen/esd/cgt_public_sw/C2000/20.2.5.LTS/README.html

    Regards
    Greg

  • Greg,

    Do you mean 20.2.2.LTS is compliance with SIL-2, the QKIT coverage check is not required and my customer only need the validation report for 20.2.2.LTS?

    If this is the case and IEC 61508 SIL-2 is acceptable, where can my customer find the validation report for 20.2.2.LTS, for both C28x and CM4?

    Regards,

    Luke

  • Luke,
    Sorry for the confusion.
    The only levels that the QKIT does not require coverage check is for ISO 26262 ASIL-A/B. 
    ASIL-C/D and all SIL levels require the coverage check.
    Your customer will need a compiler version with a QKIT that supports the coverage check capability.
    greg  

  • Hi Greg,

    My customer used v20.2.2.LTS for development and the products are in production, this is the reason my customer hopes not to change compiler versions.

    The certification unit mentioned that if my customer doesn't want to change compiler versions that are not listed on QKIT page, the way to solve this problem is that TI provides the safety assessment reports between different compiler versions, for example the assessment report of the difference between v20.2.1.LTS and v20.2.2.LTS.

    Is it possible we provide this kind of safety assessment reports?

    Regards,

    Luke

  • Luke, We'll generate the 20.2.2.LTS instrumented binaries and validation report and upload. What is there timeline? This will take a few days. 

  • Greg,

    It is great we will have validation report, I will contact you offline. Thanks for your support.

    Regards,

    Luke

  • Instrumented binaries (for QKIT coverage check) and validation reports should be available now for 20.2.2.LTS:
      https://www.ti.com/tool/download/C2000_CLA_SAFETI_CQKIT_RV/20.2.2.LTS
      https://www.ti.com/tool/download/ARM-CQKIT/20.2.2.LTS

  • Greg,

    You mentioned instrumented binaries is for QKIT coverage check, where can we find it and how to use it please?

    Regards,

    Luke

  • Luke,

    They need to apply the QKIT. ie download/install and then use the instructions to apply the QKIT.

    The instructions for running the QKIT coverage check are in a file coverage_testing_instructions.pdf which is linked on above QKIT download pages.

    Greg

  • Greg,

    In the chapter 3 of TSM.docm(in Templates folder), we say,

    3 Usage Specific Guidelines
    During the application of the tool TI C/C++ Compiler there might occur some known bugs, either some that are known before releasing the tool or even some recent bugs that have been observed until the creation (last update) of this tool safety manual.
    For those bugs, the user must determine and employ mitigations that have a high probability to avoid or detect the bug.

    What should the customers do about the mitigtions please?

    Regards,

    Luke

  • Hi Greg,

    I am the QKIT user that Luke just mention as your costumer

    Thank you for both you and Luke's support.

    Now I am using QKIT to qualify the compiler

    According to the template document TQP, TQR, in "4.5 validation " there is a process I need to do

    Looks like that I need to compile my safety program and generate a coverage file and send it to TI

    Can I know the time how long this phase will cost so that I can handle the project schedule to meet the certification.

    BR

  • Luke,

    For many of the known bugs, the mitigation is as simple as ensuring that you are not using a particular compiler feature that is impacted by a bug.

    Or if a bug involved a particular assembly instruction, then you could mitigate by generating the assembly files (-k option), and grep'ing through for instances of a particular instruction.

    Is there a particular bug of concern?

    Regards,
    Greg

  • ChungWen,

    The coverage check usually takes 1 to 2 days, however, for planning purposes the max it should take would be a week.

    Also, if your schedule is tight then I recommend submitting coverage results earlier in your development. We'll generate the report and see if any issues to mitigate. Then the final coverage check a month later should be less of a concern.

    Regards,
    Greg

  • Hi Greg,

    Thank you for the answer

    I still have some problems.

    1. My software project consist of safety program and non-safety program

    I have already done the decouple measure between safety and non-safety part.

    In this coverage check, is it possible to only generate safety program part rather than the whole project's result?

    2. To set the environment variable COVFILELIST, I saw Command line and CCS chapters

    I should use both of them or just pick one way to do?

    3. The command to set COVFILELIST in the user manual is :

    set
    COVFILELIST=C:\ti_cgt_arm_15.12.3.LTS\bin\armcl.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\arma
    cpia.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armopt.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armcg.
    cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armasm.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armlnk.cov,
    C:\ti_cgt_arm_15.12.3.LTS\bin\armilk.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armhex.cov,C:\t
    i_cgt_arm_15.12.3.LTS\bin\armabs.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armembed.cov,C:\ti_
    cgt_arm_15.12.3.LTS\bin\armlnk.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armacp.cov,C:\ti_cgt_
    arm_15.12.3.LTS\bin\armcbe.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armclist.cov,C:\ti_cgt_ar
    m_15.12.3.LTS\bin\armnm.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armsdp.cov,C:\ti_cgt_arm_15.
    12.3.LTS\bin\armcbeia.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armdem.cov,C:\ti_cgt_arm_15.12
    .3.LTS\bin\armocs.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armstrip.cov,C:\ti_cgt_arm_15.12.3
    .LTS\bin\armar.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armdis.cov,C:\ti_cgt_arm_15.12.3.LTS\
    bin\armlibinfo.cov,C:\ti_cgt_arm_15.12.3.LTS\bin\armofd.cov,C:\ti_cgt_arm_15.12.3.LTS\
    bin\armxref.cov

    Should I adjust the command according to my CCS install location? (my CCS install location is D:\ti\ccs1040\ccs)

  • Hello,

    Please note that due to the local holiday and various vacations, a response may be delayed until Tuesday.

    Thanks

    ki

  • ChungWen,

    For 1, you would need to compile the individual "safety" files while you have coverage collection enabled.

    For 2, use CCS settings if you are building your project in CCS. Use COVFILELIST if you are building your project command line.

    For 3, you are correct, update COVFILELIST for the location of your *.cov files

    You can confirm that data collection worked by checking the time stamp on the *.cov files. Several *.cov files should have a recent updated time stamp if the coverage collection setup worked. 

    Regards,
    Greg

  • Thank you for you reply.

    We are now developing safety program and will execute this process when coding is finished.

    But what if I have update on safety program in future(EX: v1.0 --> v1.1), should I execute this process again?

    BR

    CWY

  • ChungWen,

    If the things you specified when initially applying the QKIT change then you must re-apply the QKIT. For example, any of below would require applying the QKIT again: changing compiler options that impact code generation (ie opt_level, changing compiler version, changes to your application code, and so on.

    Regards,
    Greg