• State Resolved
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 83 subscribers
  • Views 127 views
  • Users 0 members are here
Support feedback
Options
Options
Related

SYSCONFIG: Reliability/Safety Certification for Code Generated by TI's SysConfig + Driverlib (C2000 MCU)

Sang-il Nam
Expert 2730 points

Part Number: SYSCONFIG

Hi all,

I'm working with TI's C2000 MCUs and would appreciate some insight from anyone who has dealt with this in production.

Background

In the past, I developed firmware by directly manipulating MMRs through C structure-based register definitions. More recently, I've been exploring chip configuration code generation using SysConfig and Driverlib. The GUI makes it very convenient to configure pins and peripherals, and I can see why it's becoming the recommended flow.

My Question

I'd like to understand whether firmware built on top of SysConfig-generated code and Driverlib APIs is suitable for use in reliability-critical domains such as automotive or defense/military applications.

Specifically:

1. Are SysConfig and Driverlib themselves designed and distributed to meet any international standards or software certifications (e.g., ISO 26262, MISRA C, DO-178C, IEC 61508)?

2. Or is it the case that SysConfig/Driverlib are intended primarily for early evaluation and rapid bring-up (chip initialization, prototyping, etc.), and any project requiring formal certification or reliability assessment must treat the generated code the same as hand-written register-level code — i.e., the developer is fully responsible for qualifying it?

3. Does TI provide any supporting documentation, safety manuals, qualification reports, or compliance artifacts for SysConfig or Driverlib that would help with a certification effort?

Why I'm Asking

If no formal level of assurance is provided for SysConfig/Driverlib-generated code, then — just like with traditional hand-written code — certification becomes entirely the developer's responsibility. In that scenario, I'm considering a workflow where, at some defined point in the project, the SysConfig tool and its `.syscfg` configuration files are removed from the project, and only the generated source files are kept under version control and referenced going forward. This would freeze the output and make the code base auditable without a dependency on the generator tool.

Does this approach make sense to others who have gone through automotive or safety-critical qualification with C2000? Or is there a better recommended practice?

Any experience, TI documentation pointers, or lessons learned would be greatly appreciated.

Thanks!

Best regards,
Sang-il

  • +1
    TI__Intellectual 1710 points

    Hi Sang,
    No, neither SysConfig nor Driverlib carry any functional safety certification.

    Your instinct to freeze SysConfig-generated output and remove the tool dependency is reasonable

    SysConfig/Driverlib are development aids, not certified components. Since they carry no safety qualification, any code they produce must be treated identically to hand-written code from a certification standpoint
    By removing the .syscfg files and the tool from your build chain, you eliminate a non-qualified code generator from your toolchain   which simplifies tool qualification arguments under ISO 26262 (tool confidence levels) or IEC 61508 (tool classes)
    The compiler still needs qualification. Even after freezing generated code, the compiler remains in your toolchain. TI's Compiler Qualification Kit (QKIT), assessed by TÜV Nord, directly addresses this requirement

    SAFETI_CQKIT IDE, configuration, compiler or debugger | TI.com

    Recommended Workflow Summary
    Prototyping phase: Use SysConfig + Driverlib freely for rapid bring-up and configuration
    Design freeze: Export/freeze all generated source files into version control; remove .syscfg and SysConfig tool dependency from the build
    Qualification phase: Treat frozen code as hand-written — apply your MISRA C static analysis, code reviews, and testing per your target standard
    Integrate SDL + CSP: Layer TI's diagnostic library and compliance support package into your safety architecture alongside your frozen configuration code
    Qualify the compiler: Apply TI's QKIT per your target ASIL/SIL level

  • 0 in reply to Lakshya Verma
    Expert 2730 points

    Hi Lakshya Verma,

    Thank you for your clear response to my inquiry.
    I believe this will be helpful to anyone preparing for C2000 MCU-based system development and the subsequent certification process.
    I will also take a close look at the TI SafeTI CQKIT IDE you linked.

    Best regards,
    Sang-il