• State TI Thinks Resolved
  • Locked Locked
  • Replies 17 replies
  • Answers 3 answers
  • Subscribers 83 subscribers
  • Views 2038 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F28388D: SIL-4 capabilities

PAk
Mastermind 7025 points
Part Number: TMS320F28388D
Other Parts Discussed in Thread: C2000-SAFETI-DIAGNOSTICS-LIB

Good morning TI.

I would like to know if the F28388D is capable of reaching SIL-4 level.

If not, why and what deviced do you have that support this level?

If yes, how could we endorse it to our clients?

Thank you

  • 0
    TI__Expert 7985 points

    Dear Francisco, 

    Thanks for reaching out to us.  Please tell us more about your requirements and the types of applications that you are trying to support. 

    Regards,

    Krishna 

  • 0 in reply to Krishna Allam
    Mastermind 7025 points

    Thank you Krishna.

    We have developed a small radar device for traffic and railway control systems. The SIL-4 requirement is for the radar's train detection.

  • 0 in reply to PAk
    TI__Expert 7985 points

    Thanks for the prompt reply!  I have a couple more questions for you.  Which features of the TMS320F28388D are you planning to use for your radar application? 

    Regards,

    Krishna

  • 0 in reply to Krishna Allam
    Mastermind 7025 points

    We have already implemented a real time coherent radar solution using the following peripherals:

    • ADCs
    • Timers - PWM
    • Communications (Ethernet, SCI, SPI,etc)
    • GPIOs

    We have tested it on traffic scenarios and ehealth applications like vital signs detection.

  • 0 in reply to PAk
    TI__Expert 7985 points

    Thanks again for the prompt response.  I will take your feedback and discuss this with the related subject matter experts in my team and get back to you in a day or two.

    Regards,

    Krishna 

  • 0 in reply to PAk
    TI__Intellectual 958 points

    HI PAk

    Thanks for your question about the capability of F28388D reaching (or being endorsed) for SIL-4. Let me provide you with as complete an answer as possible. Please let me know if you have any other questions.

    1. IEC 61508 (which is the parent of the railway safety standard such as EN 50128 or 50129 that you might be referring to) requires that HFT be >/= 0 for SIL-4
    2. If you are using a single F28388D MCU on your system your HFT (at least from the MCU perspective) = 0
    3. Consequently, you are not meeting the normative architectural requirement for a SIL 4 system as required by IEC 61508

    Hopefully this helps answer your question...?

    If any additional clarification is required please do not hesitate to ask

    Bharat 

  • 0 in reply to Bharat Rajaram
    Mastermind 7025 points

    Thank you for the detailed answer. Excellent!!

    My doubt is if it is possible to reach SIL-4 by implementing two F28388D on the system (in parallel reading data from the same sensor or a twin sensor). On the other hand, are the rest of requirements met? (like the PFDavg, PFD, etc)

    If not, what Texas instruments devices do you recommend?

    Best regards

  • 0 in reply to PAk
    Mastermind 7025 points

    PAk said:

    Thank you for the detailed answer. Excellent!!

    My doubt is if it is possible to reach SIL-4 by implementing two F28388D on the system (in parallel reading data from the same sensor or a twin sensor). On the other hand, are the rest of requirements met? (like the PFDavg, PFD, etc)

    If not, what Texas instruments devices do you recommend?

    Best regards

    Hello, I would like to know if you have an answer for this.

    Thank you!!

  • 0 in reply to Bharat Rajaram
    Mastermind 7025 points

    Bharat Rajaram said:
    • IEC 61508 (which is the parent of the railway safety standard such as EN 50128 or 50129 that you might be referring to) requires that HFT be >/= 0 for SIL-4
    • If you are using a single F28388D MCU on your system your HFT (at least from the MCU perspective) = 0
    • Consequently, you are not meeting the normative architectural requirement for a SIL 4 system as required by IEC 61508

    Hello.

    I would like to know if TI has a document regarding how to chieve functional safety with their DSPs or MCUs.

    How could we demonstrate that F28388D reaches SIL-3, for example its PFH and PFD. WOuld we need a RTOS for certification of the software? 

    Regards

  • 0 in reply to PAk
    TI__Intellectual 958 points

    Hi PAk:

    Here are answers to your questions:

    Question: How could we demonstrate that F28388D reaches SIL-3?

    Answer: F28388D is not targeted to meet the SFF required to meet SIL-3

    Question: for example its PFH and PFD?

    Answer: </=100 FIT

    Question: Would we need a RTOS for certification of the software?

    Answer: Requiring an RTOS, the type of RTOS used are all system level choices that have to be finalize by the system integrator.

    Texas Instruments develops components that may be used in Functionally safe systems. Component development happens in compliance with SEooC (Safety-Element-out-of-Context) requirements.  Consequently Texas Instruments is unable to make any recommendation regarding the system's functional safety choices/needs.

    Hope this helps?

    Bharat

  • 0 in reply to Bharat Rajaram
    Mastermind 7025 points

    Thank you Bharat for your detailed answer, however I made a mistake asking.

    Bharat Rajaram said:

    Question: How could we demonstrate that F28388D reaches SIL-3?

    Answer: F28388D is not targeted to meet the SFF required to meet SIL-3

    From the F2837X datasheet, these devices are targeted as :

    • Functional Safety-Compliant:

    – Developed for functional safety applications

    – Documentation available to aid ISO 26262 system design up to ASIL D; IEC 61508 up to SIL 3; IEC 60730 up to Class C; and UL 1998 up to Class 2

    – Hardware integrity up to ASIL B, SIL 2

    I assumed that F28388D was the same, but it is not, so please, then use F28379D in consideration for my previous questions. In fact I reckon there is a TUV certificate about this Part Numbers (F2837X)

    Bharat Rajaram said:

    Question: for example its PFH and PFD?

    Answer: </=100 FIT

    Where could I find all this technical data?

    Bharat Rajaram said:

    Question: Would we need a RTOS for certification of the software?

    Answer: Requiring an RTOS, the type of RTOS used are all system level choices that have to be finalize by the system integrator.

    Texas Instruments develops components that may be used in Functionally safe systems. Component development happens in compliance with SEooC (Safety-Element-out-of-Context) requirements.  Consequently Texas Instruments is unable to make any recommendation regarding the system's functional safety choices/needs.

    We do not want to strictly use a RTOS, so maybe you can answer/help us with the requirements.

    Since the datasheet states that:

    Documentation available to aid ISO 26262 system design up to ASIL D; IEC 61508 up to SIL 3; IEC 60730 up to Class C; and UL 1998 up to Class 2

    We would like to check that documentation.

    Thank you




  • 0 in reply to PAk
    TI__Intellectual 958 points

    Hi PAk:

    Please find below additional detailed responses to your follow-up questions:

    1. When the original question was "How could we demonstrate that F28388D reaches SIL-3?" the assumption was this was a reference to the diagnostic coverage (DC) metric such as SFF. F28388D will not meet a SFF of >/= 99% i.e. to reach a DC of SIL-3. F2837x and F2838x are both targeted to achieve an SFF of >/= 90% (i.e. a SIL-2 level of DC)
    2. The reference to the F2837x data sheet may be explained as follows:
    • Please refer to The additional explanation for system design up to SIL-3 is explained as follows:
    • At Texas Instruments we have an (internal) product development process that meets the Techniques and Measures (Ts & Ms) detailed in Annex F IEC 61508-2:2010 for the avoidance of systematic failures. Texas Instrument's development process incorporates all the Ts & Ms in the SIL-3 column of Tables F.1 and F.2. Additionally, this TI (internal) development process has been independently assessed by TUV-SUD and confirmed to meet the systematic capability compliance (SCC) of SIL-3. The independent TUV certificate may be viewed at  https://www.ti.com/lit/ml/spny010a/spny010a.pdf
    1. Question on PFH of </= 100 (where is the technical data)?
    • This information is documented in the Failure Modes Effects and Diagnostics Analysis (or FMEDA)
    • The FMEDA contains TI internal information and is not available on . Consequently, access to the FMEDA has to be requested. You may request this access via the following URL - 
    • Once this request form has been completed, a TI Product Marketing Engineer (or TI Sales Engineer) will verify the requirement (need for access) and send you an email which authorizes your my.ti.com user ID to access the My Secure SW (MSS) location which will contain the FMEDA.
      • However, please note that Texas Instruments currently only has an FMEDA for F2837x, F2807x and F28004x products.
      • The FMEDA for the F2838x product is being developed and a release date has not yet been finalized
        • But you may start with the F2837x FMEDA and get a preliminary (and fairly accurate) estimate for what the SFF, PFH for the F2838x product will be (when the F2838x FMEDA is released)

    This should hopefully answer your questions completely...?

    Bharat

  • 0 in reply to Bharat Rajaram
    Mastermind 7025 points

    Thank you, this is clearer now!!

    As you may understand, all the info is dispersed across TI website, so I was not able to get it together. We have used both F28379D and F28388D, so starting with 79D is not an issue at all.

    Only three things: 

    - the URL to the request is not working.

    - I don't understand why you stated: 

    Bharat Rajaram said:
    At Texas Instruments we have an (internal) product development process that meets the Techniques and Measures (Ts & Ms) detailed in Annex F IEC 61508-2:2010 for the avoidance of systematic failures. Texas Instrument's development process incorporates all the Ts & Ms in the SIL-3 column of Tables F.1 and F.2. Additionally, this TI (internal) development process has been independently assessed by TUV-SUD and confirmed to meet the systematic capability compliance (SCC) of SIL-3.

    but, on the other hand:

    Bharat Rajaram said:
    F28388D will not meet a SFF of >/= 99% i.e. to reach a DC of SIL-3. F2837x and F2838x are both targeted to achieve an SFF of >/= 90% (i.e. a SIL-2 level of DC)

    It seems you state SIL-3 is not reacheable at system design level. How is then met?

    - On the other hand, is there any documentation besides examples for the C2000-SAFETI-DIAGNOSTICS-LIB and C2000-SAFETI-CLA-STL included in the package? We would like to use it as a guideline working with your devices.

    Thank you again for your time

  • 0 in reply to PAk
    Mastermind 7025 points

    Hello, I wonder of you would have the time to answer the points above?

    Thank you.

  • 0 in reply to Bharat Rajaram
    TI__Expert 7985 points

    Hi PAk, 

    I will go ahead and close this post with the understanding that all your questions are answered.  If you have additional questions please go ahead and reopen this one or submit a new one. 

    Cheers! 

    Krishna

  • 0 in reply to Krishna Allam
    Mastermind 7025 points

    Krishna Allam said:

    Hi PAk, 

    I will go ahead and close this post with the understanding that all your questions are answered.  If you have additional questions please go ahead and reopen this one or submit a new one. 

    Cheers! 

    Krishna

    Thank you for your interest Krishna, however there are little issues we need to resolve yet.

    In specific:

    PAk said:

    Only three things: 

    - the URL to the request is not working.

    - I don't understand why you stated: 

    Bharat Rajaram
    At Texas Instruments we have an (internal) product development process that meets the Techniques and Measures (Ts & Ms) detailed in Annex F IEC 61508-2:2010 for the avoidance of systematic failures. Texas Instrument's development process incorporates all the Ts & Ms in the SIL-3 column of Tables F.1 and F.2. Additionally, this TI (internal) development process has been independently assessed by TUV-SUD and confirmed to meet the systematic capability compliance (SCC) of SIL-3.

    but, on the other hand:

    Bharat Rajaram
    F28388D will not meet a SFF of >/= 99% i.e. to reach a DC of SIL-3. F2837x and F2838x are both targeted to achieve an SFF of >/= 90% (i.e. a SIL-2 level of DC)

    It seems you state SIL-3 is not reacheable at system design level. How is then met?

    - On the other hand, is there any documentation besides examples for the C2000-SAFETI-DIAGNOSTICS-LIB and C2000-SAFETI-CLA-STL included in the package? We would like to use it as a guideline working with your devices.

    Thank you for your time.

  • 0 in reply to PAk
    TI__Expert 7985 points

    Hi PAk, 

    Ok thanks.  Let me see if I can help you further. In regards to the following:

    Bharat Rajaram
    At Texas Instruments we have an (internal) product development process that meets the Techniques and Measures (Ts & Ms) detailed in Annex F IEC 61508-2:2010 for the avoidance of systematic failures. Texas Instrument's development process incorporates all the Ts & Ms in the SIL-3 column of Tables F.1 and F.2. Additionally, this TI (internal) development process has been independently assessed by TUV-SUD and confirmed to meet the systematic capability compliance (SCC) of SIL-3.
    This is just information about what are able to do in regards to systematic capability.
     

    Bharat Rajaram

    F28388D will not meet a SFF of >/= 99% i.e. to reach a DC of SIL-3. F2837x and F2838x are both targeted to achieve an SFF of >/= 90% (i.e. a SIL-2 level of DC)

    It seems you state SIL-3 is not reacheable at system design level. How is then met?

    Can you please clarify your question?  

    Lastly, 

    - On the other hand, is there any documentation besides examples for the C2000-SAFETI-DIAGNOSTICS-LIB and C2000-SAFETI-CLA-STL included in the package? We would like to use it as a guideline working with your devices.

    Yes there is documentation and examples available in the C2000-SAFETI-DIAGNOSTICS-LIB.  You can download this now. However, the C2000-SAFETI-CLA-STL is not available at this time.

    Hope this helps!  Look forward to your feedback. 

    Thanks,

    Krishna