Other Parts Discussed in Thread: C2000WARE
Tool/software:
Development envirement:
MCU: TMS320F2800156-Q1
CCS: 12.7
SDK: C2000Ware_5_02_00_00
Refer to: TMS320F280015x Real-Time Microcontrollers Technical Reference Manual
Version: FEBRUARY 2023 – REVISED MAY 2024
Background:
In our project, customer required functional safety ASIL B level, and has a MPU requirement: non-functioanl safety module can not change functional safety variables.
--------------------------------------------------------------
Functional safety module named ASIL module;
Functional safety task named ASIL task;
Functional safety function named ASIL function;
Functional safety variables named ASIL variables;
Non-Functional safety module named QM module;
Non-Functional safety task named QM task;
Non-Functional safety function named QM function;
Non-Functional safety variables named QM variables;
-------------------------------------------------------------------------
Our current strategy is:
We place ASIL variables to M0/M1 ram area.
1,when ASIL task run, ASIL variables can be changed by setting CPUWRPROTx; when QM task run, ASIL variable can not be changed by setting CPUWRPROTx;
2,When ASIL module interrupt occured, ASIL variables can be changed by setting CPUWRPROTx;When QM module interrupt occured, ASIL variables can not be changed by setting CPUWRPROTx;
3,When QM task run, and call ASIL function, ASIL variables can be changed by setting CPUWRPROTx in every ASIL function;
4,When ASIL task run, and call qm function, ASIL variables can not be changed by setting CPUWRPROTx in every qm function;
For 3,4 case, in our SW, there are lots of function, we need add the setting in every functions, I think it's not convenient for us, do you have good suggestion for this case?
In addition, do you have better solution for MPU requirement: non-functioanl safety module can not change functional safety variables?
thank you
/BR
Samuel
