• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 62 subscribers
  • Views 213 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

BQ79606A-Q1: Safety Mechanism questions

BQ79606A-Q1: The failure mode analysis covered by safety mechanism

Zizhen Yu
Prodigy 100 points
Part Number: BQ79606A-Q1

Dear...

I have some questions about what failure mode covered by some safety mechanisms, and how to deal with the fault detected by these safety mechanism.

  1. SM502 Short Comm Timeout Check: what failure mode covered by this SM? we have lost communication detection, why we still need this SM? and what reaction will need if detect SM502 fault?
  2. SM740 OTP ECC : why this SM is MPFDI, not a FDTI? I think the double bit error is a single point fault. What is the impact if have double bit error?
  3. SM403 OT/UT DAC Voltage Measurement and SM303 OV/UV DAC Voltage Measurement : What is the impact if detect DACs are not set correctly? and Does this SM fail will cause cell voltage protection/cell temperature protection failure?
  4. SM204 AUXADC Gain/Offset & Register Check and SM104 Vcell Gain/Offset & Register Check: in the description of these SMs, we need to use the registers CELLn_GAIN and CELLn_OFF / GPIOn_GAIN and GPIOn_OFF, and these registers are programmed at the TI factory. Why all registers's value are 0x00?  Do these registers need to be calibrated at user's factory?If we don't use these GAIN and OFFSET because they are all empty, do we still need to implement these mechanisms? and what impact if we don't implement these SMs?

Thankyou.

  • 0
    TI__Expert 5890 points

    Hello Zizhen,

    I will follow up with responses to these SM questions when I receive the answers.

    Regards,

    David

  • +1 in reply to David Ray
    TI__Expert 5890 points
    Zizhen Yu said:
    SM502 Short Comm Timeout Check: what failure mode covered by this SM? we have lost communication detection, why we still need this SM? and what reaction will need if detect SM502 fault?

    SM502 provides supplementary coverage for clock frequency checks and UART communication. It may provide an early warning on instability in clock frequency or comms issues. If faults seen here – could indicate issue requiring reset, or noise or interference issue. If communication is actually lost, SM502 will be the first flag, but loss of comms will be noted soon after.

    Zizhen Yu said:
    SM740 OTP ECC : why this SM is MPFDI, not a FDTI? I think the double bit error is a single point fault. What is the impact if have double bit error?

    ECC is checked anytime OTP is loaded to registers. This is an automatic check. Since it only occurs at memory load, it would typically only be run at system start – hence MPFDI. However if the user reloads memory at any point, the check will occur again. System startup should not continue if DED fault is flagged as memory is now suspect. Restart can be attempted.

    Zizhen Yu said:
    SM403 OT/UT DAC Voltage Measurement and SM303 OV/UV DAC Voltage Measurement : What is the impact if detect DACs are not set correctly? and Does this SM fail will cause cell voltage protection/cell temperature protection failure?

    The DACs are used to translate the digital configuration for the OV/UV thresholds to analog for use in the comparator. If the output from the DACs do not correspond with the user's expectation for the analog thresholds, then protection will not trip where expected.

    Zizhen Yu said:
    SM204 AUXADC Gain/Offset & Register Check and SM104 Vcell Gain/Offset & Register Check: in the description of these SMs, we need to use the registers CELLn_GAIN and CELLn_OFF / GPIOn_GAIN and GPIOn_OFF, and these registers are programmed at the TI factory. Why all registers's value are 0x00?  Do these registers need to be calibrated at user's factory?If we don't use these GAIN and OFFSET because they are all empty, do we still need to implement these mechanisms? and what impact if we don't implement these SMs?
      1. The Gain and Offset are programmed at the factory and values are loaded to registers at run time. The user is able to change the values if needed based on application calibration. Note that unlike the cell measurements, there is no redundant measurement path. SM204 provides coverage for the Gain and offset correction circuits. Other portions of the signal chain are checked by SM201 and SM202. Not implementing this will effect ASIL level of AUX measurement.
      2. SM104 is the sole coverage for errors in the VCELL output registers and the gain/offset registers and provides supplementary coverage to SM101 and SM150 for VCELL measurement signal chain. There will also be impact to the coverage metrics for VCELL measurement if this is omitted.

    Regards,

    David

  • +1 in reply to David Ray
    Prodigy 100 points

    Hi David:

    Thank you for your answers, it's clear.

    But for SM502 and SM204/104 still have questions need to check with you.

    1. SM502: What's your suggestion for SM502 fault? Reset BQ79606?
    2. SM502: I have seen the SM502 work with other safety mechanisms to diagnose clock and communication fault. especially for clock fault, it combine with SM509-SM513 as a group, but in our project, we only use one pcs BQ79606 per ECU, so SM509-SM513 is not applicable. So how to deal with this situation? what's your suggestion?
    3.  SM204 and SM104: we will implement the SM204 and SM104 in our project. But why the value in registers CELLn_GAIN and CELLn_OFF / GPIOn_GAIN and GPIOn_OFF is all 0x00? I thought these registers are programmed at TI's factory, not at our factory, right? Because we recently discovered a sampling accuracy problem, so I doubt why these registers are all empty.

  • +1 in reply to Zizhen Yu
    TI__Expert 5890 points

    Hi Zizhen,

    Zizhen Yu said:
    SM502: What's your suggestion for SM502 fault? Reset BQ79606?

    Yes. The short comm timeout would indicate a fault in daisy chain communication as the BQ79606 is not receiving responses from the daisy chain. In this case it would be recommended to reset the 606's in the stack in an attempt to re-establish communication. The goal of this Safety Mechanism is to help re-establish communication. Since you are using one piece, a loss in communication would most likely be noted by the fact that your read commands are not receiving any response. Therefore, if there was any loss in communication with the BQ79606, the device would not be able to read this fault register anyway. In the case that the IC somehow reads this fault as enabled, communication has already been recovered and the MCU should check the FAULT_SUMMARY register for clues as to why this fault has occurred. If there are no additional faults besides the CTS fault being enabled, resetting the BQ79606 would be recommended.

    Zizhen Yu said:
    SM502: I have seen the SM502 work with other safety mechanisms to diagnose clock and communication fault. especially for clock fault, it combine with SM509-SM513 as a group, but in our project, we only use one pcs BQ79606 per ECU, so SM509-SM513 is not applicable. So how to deal with this situation? what's your suggestion?

    Since only one BQ79606 is being used and SM509-SM513 is not applicable, the two clocks in the BQ79606 are the HFO and LFO. If the HFO is outside of spec, the IC will reset its itself. If LFO is out of spec, SYS_FAULT3[LFO_FLT] will be enabled. Therefore, SM502 would not be necessary to determine an LFO or HFO fault.

    Zizhen Yu said:
     SM204 and SM104: we will implement the SM204 and SM104 in our project. But why the value in registers CELLn_GAIN and CELLn_OFF / GPIOn_GAIN and GPIOn_OFF is all 0x00? I thought these registers are programmed at TI's factory, not at our factory, right? Because we recently discovered a sampling accuracy problem, so I doubt why these registers are all empty.

    TI's factory registers are pre-programmed and are internal inside of the IC. The registers pointed out to be 0x00 are the customer's registers to program at the customer's factory.

    Regards,

    David