SFFS169A April   2022  – May 2022 TPS3704 , TPS3704-Q1

 

  1. 1Introduction
    1.     Trademarks
  2. 2 TPS3704x-Q1 Hardware Component Functional Safety Capability
  3. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  4. 4 TPS3704x-Q1 Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  5. 5Description of Hardware Component Parts
  6. 6 TPS3704x-Q1 Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1.      A Summary of Recommended Functional Safety Mechanism Usage
        1.       B Distributed Developments
          1.        B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
          2.        B.2 Activities Performed by Texas Instruments
          3.        B.3 Information Provided
            1.         C Revision History

A Summary of Recommended Functional Safety Mechanism Usage

Table A-2 summarizes the functional safety mechanisms present in hardware or recommend for implementation in software or at the system level as described in Chapter 5. Table A-1 describes each column in Table A-2 and gives examples of what content could appear in each cell.

Table A-1 Legend of Functional Safety Mechanisms
Functional Safety MechanismDescription
TI Safety Mechanism Unique IdentifierA unique identifier assigned to this safety mechanism for easier tracking.
Safety Mechanism NameThe full name of this safety mechanism.
Safety Mechanism CategorySafety Mechanism - This test provides coverage for faults on the primary function. It may also provide coverage on another safety mechanism.

Test for Safety Mechanism - This test provides coverage for faults of a safety mechanism only. It does not provide coverage on the primary function.

Fault Avoidance - This is typically a feature used to improve the effectiveness of a related safety mechanism.

Safety Mechanism TypeCan be either hardware, software, a combination of both hardware and software, or system. See Section 6.2 for more details.
Safety Mechanism Operation IntervalThe timing behavior of the safety mechanism with respect to the test interval defined for a functional safety requirement / functional safety goal. Can be either continuous, or on-demand.

Continuous - the safety mechanism constantly monitors the hardware-under-test for a failure condition.

Periodic or On-Demand - the safety mechanism is executed periodically, when demanded by the application. This includes Built-In Self-Tests that are executed one time per drive cycle or once every few hours.

Test Execution TimeTime period required for the safety mechanism to complete, not including error reporting time.

Note: Certain parameters are not set until there is a concrete implementation in a specific component. When component specific information is required, the component data sheet should be referenced.

Note: For software-driven tests, the majority contribution of the Test Execution Time is often software implementation-dependent.

Action on Detected FaultThe response that this safety mechanism takes when an error is detected.

Note: For software-driven tests, the Action on Detected Fault may depend on software implementation.

Time to ReportTypical time required for safety mechanism to indicate a detected fault to the system.

Note: For software-driven tests, the majority contribution of the Time to Report is often software implementation-dependent.

Table A-2 Assumed Safety Diagnostic Requirements
Hardware Safety Requirement ID Technical Safety Requirement ID Assumed Diagnostic Requirement (Safety Features in IC that meet corresponding system requirements) ASIL FTTI Status
HSR1-1.1 TSR1-1 For each SENSEx (x=1..4) channel, the TPS3704x-Q1 shall assert CHx_UV_OUT when the voltage on the SENSEx pin is less than the programmed OTP_UV_VALx threshold for a time-interval longer than the propagation detect delay tPD. ASIL A 100ms Assumed
HSR1-1.2 TSR1-1 For each SENSEx (x=1..4) channel, the TPS3704x-Q1 shall assert CHx_OV_OUT when the voltage on the SENSEx pin is greater than the programmed OTP_OV_VALx threshold for a time-interval longer than the propagation detect delay tPD. ASIL A 100ms Assumed
HSR1-1.3 TSR1-1 The TPS3704x-Q1 shall assert each RESETn (n=1..3) output based on CHANx_OV_OUT and CHx_UV_OUT (x=1..4) dependant on device configuration. These options include: RESETn (n=from 1 to 3) matched to same SENSEx (OV only, UV only, or Window), and two RESET (RESET_OV and RESET_UV) calculated as OR(x=1..4) of all available CHx_OV_OUT and CHx_UV_OUT respectively. ASIL A 100ms Assumed
HSR1-1.4 TSR1-1 In the case of RESET asserted on one or more of the RESET ouptut pins due to voltage fault, the TPS3704x-Q1 shall remain in active state to monitor for additional voltage faults. ASIL A 100ms Assumed
HSR1-1.5 TSR1-1 In the case of RESET asserted on one or more of the RESET ouptut pins due to voltage fault, the RESET shall remain asserted for the configured reset delay tD. ASIL A 100ms Assumed
HSR2-1.1 TSR2-1 The TPS3704x-Q1 shall assert all RESETn (n=1..4 depending on configuration) at startup for tSTRT and then release reset once VDD > VDD(MIN). ASIL A 100ms Assumed