TMS570LC4357: Safety related Development Tool for hercules?

Hello Remony,

HALCoGen is a tool that is used to generate the Hardware Abstraction Layer of code for Hercules. It allows you to configure each peripheral as you are choosing to use them and then generate the related driver code. Note that each of the drivers has areas that are identified as user code that you can place any customization that you might need. The user code areas are not impacted should you need to go back an re-generate code due to a tool rev change or configuration change. The tool also generates some startup code that includes some safety diagnostics for error path testing, CPU self-test, RAM BIST tests, etc (note the error handling is not included and needs to be filled in according to your application requirements). Once you have the HAL code, you would then build your application on top of it.

This tool is not necessarily required for certification but will help in getting started quickly and also help in insuring proper programming at the hardware level. Of course, your could develop your own drivers without using HALCoGen but it would require an extensive effort and knowledge of the device registers and architecture to complete.

If you use the HALCoGen tool to generate drivers, a key element to getting your application certified is to properly document and test your code and provide evidence of this to any third party assessors such as TUEV SUED, exida, TUEV NORD, etc. For generated code like this it can be a challenging task to do this so TI created a product CSP or Certification Support Package that has all the necessary documentation and test code for the code generated by HALCoGen including a limited license LDRA tool that can execute the instrumented code to complete the code validation and verification at the HAL level (Note, the LDRA licensing does not include testing of any of your application level code) The end result of the CSP package is fully tested driver code along with documenation of the testing that can be presented to the assessors as evidence of this activity. The Demo of this tool is the SAFETI-HALCOGEN-CSP.

Again, this tool is not necessarily required for certification but since the V&V activity is required, it can save you time and effort to develop a similar package on your own.

Next, TI has the SAFETI Diagnostic Library (SAFETI_DIAG_LIB) that is available for download and is free for your use similar to the HALCoGen generated drivers (see SW licensing within the library). This library implements many of the safety diagnostics mentioned in the Safety Manuals for the Hercules devices. Similarly to the HALCoGen generated code, TI also offers a CSP (Compliance Support Package) product for the SAFETI Diagnostic Library. The Demo for this library CSP is SAFETI-HERCULES-DIAG-LIB-CSP.

And, again, use this library is not required for certification although you will need to implement the safety diagnostic mechanisms described in the safety manual that are applicable to your specific application. This package helps reduce the time and effort associated with this task.

A key element in regard to development tools that you have not mentioned in your post is the compiler. There are compilers such as one from IAR that is certified that you can use and is compatible to HALCoGen or, if you want to stick with TI tools, TI offers a compiler qualification kit (HERCULES_SAFETI_CQKIT) as well. We have chosen to utilize this method rather than a full certification since a full certification can limit options where as the qual kit can be used on your specific compiler configuration. Which ever compiler is used, you must have some evidence to prove the suitability of the compiler for use in a Function Safety Application. A demo version of the Hercules CQK is available as SAFETI_CQKIT_DEMO_WIN.

In summary, there are no hard requirements for which tools to use in a Functional Safety project in order to have your project certified. However, there are requirements of the standards to provide evidence that application SW testing has been completed, that you have sufficient diagnostic coverage (DC), and that your development tools are suitable for use in a functional safety application. I would encourage you to review the IEC61508 standard so that you understand the requirements and how they apply to your project paying special attention to the areas about SW requirements and tool requirements (there are three types of tools defined each with their own required levels of verification dependent on the impact on the released code).

Hopefully this is helpful and can get you started. I encourage you to review the requirements in the IEC61508 standard for more complete information and a better understanding (repeated for emphasis). Understanding of the standard and the requirements is not only critical to the success of your efforts, it is also critical to meeting project schedule and having meaningful discussions with your assessor.