• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Subscribers 63 subscribers
  • Views 1119 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TPS3430: Watchdog for SIL3 complaints

Monish27
Intellectual 636 points
Part Number: TPS3430
Other Parts Discussed in Thread: RM48L952,

Hi Ti,

We are working safety application that is compliant to IEC-61508 SIL3. And we are having the following doubts on our watchdog implementation for 99% of diagnostic coverage.

In our design, we are using TPS3430WDRCR IC where the WDI pin of watchdog IC is toggled from MCU (RM48L952) periodically within the watchdog timeout in order for WDO to not assert. Below are our questions on the IC,

I. Whether this IC has a separate time base and time window?

ii. How to implement logical monitoring of the program sequence?

iii. How to implement a combination of temporal and logical monitoring of program sequence?

Whether by using the above-mentioned watchdog IC, is it possible to achieve diagnostic coverage of 99%, which is required for SIL3.

Thanks and Regards,

Monish P

  • 0
    TI__Guru 56345 points

    Hi Monish,

    Can you provide system block diagram so we can help answer your questions?

    Is the TPS3430 being used a redundant watchdog monitor?

    I. Whether this IC has a separate time base and time window?

    I am not sure about this question but if you are asking about how the window frame is being generated, then yes, the TPS3430 generates its own separate time window where the kick signal that is feeding the TPS3430 WDI pin must happen between the window frame.

    ii. How to implement logical monitoring of the program sequence?

    I don't believe the TPS3430 can output information that allows you to monitor the window frame of the watchdog.

    iii. How to implement a combination of temporal and logical monitoring of program sequence?

    I am not sure how to provide a solution to this request based on my answer to question 2.  The TPS3430 is a very simple watchdog timer product.

    Ben

  • 0 in reply to Ben C
    Intellectual 636 points

    Hi Ben,

    Can you provide a system block diagram so we can help answer your questions?

    Please find the below system block diagram,

    Is the TPS3430 being used a redundant watchdog monitor?

    TPS3430 is used for external watchdog monitoring in our system.

    According to IEC-61508 standard Table A10, we want to know this TPS3430 watchdog will be able to achieve 99% diagnostic coverage to achieve SIL3.

  • 0 in reply to Monish27
    TI__Guru 56345 points

    Hi Monish,

    Please give me a day or two to look into your question about 99% diagnostic coverage to achieve SIL3.  Thank,

    Ben

  • 0 in reply to Ben C
    TI__Guru 56345 points

    Hi Monish,

    After reviewing your system block diagram and speaking to other engineers, the decision is that there is not enough information to proper address your query.  The SIL level is achieved at the system level and it depends on your system setup (how you are programming your system and how did you design your hardware).  

    One thing to note is that the TPS3430 is a "tool" to help the overall system achieve the SIL levels you are aiming for and not having the proper system design may dampen your efforts in achieving a high SIL rating.

    Ben

  • 0 in reply to Ben C
    TI__Guru 56345 points

    Hi Monish,

    Here is an update to your original question:

    I. Whether this IC has a separate time base and time window?

    Yes

    ii. How to implement logical monitoring of the program sequence?

    We need more details about this. If the customer is planning to check if the MCU/HOST is performing the logical operations correctly, then TPS3430 cannot verify this. Different options may exist with the host to check for the same. One option is, user can perform certain logical tasks and check if the output matches predetermined output.

    iii. How to implement a combination of temporal and logical monitoring of program sequence?

    TPS3430 helps temporal monitoring using Window WD operation. Based on the host clock frequency and the program flow, user can decide on a valid time window when user can service WDI pin (kick to WD) when everything is working fine. Any clock changes will lead to the WDI pulse arrive much earlier (faster clock) or too late (slow clock). The Window WD time can be selected such as to ensure the WDI pulse in the close window (fast clock) or after open window (slow clock) generates a RESET pulse.

    Just to reiterate what I mentioned in the last post, the TPS3430 device aids in the system to achieve better fault coverage and thus in turn achieve the required SIL levels. The computation for fault coverage and other relevant compliance ratings depend on system design, safety cases identified which results in the implementation of HW and SW components. So this is a system level spec where TPS3430 can help to achieve your targeted SIL goal.

    Ben

  • 0 in reply to Ben C
    Intellectual 636 points

    Hi Ben,

    Thanks for the prompt reply.

    Regards,

    Monish P

  • +1 in reply to Monish27
    TI__Guru 56345 points

    Hi Monish,

    If there are no further questions, can you close the thread by clicking on "resolved"?  Thanks and have a great weekend!

    Ben