SFFS624 March   2024 MSPM0G3105 , MSPM0G3106 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3506 , MSPM0G3507 , MSPM0G3507-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 MSPM0G Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4 MSPM0G Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  DAC
    4. 5.4  OPA
    5. 5.5  CPU
    6. 5.6  RAM
    7. 5.7  FLASH
    8. 5.8  GPIO
    9. 5.9  DMA
    10. 5.10 SPI
    11. 5.11 I2C
    12. 5.12 UART
    13. 5.13 Timers (TIMx)
    14. 5.14 Power Management Unit (PMU)
    15. 5.15 Clock Module (CKM)
    16. 5.16 CAN-FD
  7. 6 MSPM0G Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1,COMP1,DAC1,DMA1,GPIO2,TIM2,I2C2,IOMUX1,OA1,SPI2,UART2,SYSCTL5,MCAN2: Periodic read of static configuration registers
      2. 6.3.2  ADC2: Software test of function
      3. 6.3.3  ADC3: ADC trigger overflow check
      4. 6.3.4  ADC4: Window comparator
      5. 6.3.5  OA2: Test of OA using internal DAC as a driver
      6. 6.3.6  COMP2: Software test of Comparator using internal DAC
      7. 6.3.7  WDT: Windowed watch dog timer
      8. 6.3.8  CPU1: CPU test using software test library
      9. 6.3.9  CPU2: Software test of CPU data busses
      10. 6.3.10 SYSMEM4: Parity protection on SRAM
      11. 6.3.11 FLASH1: Flash Single Error Correction, Double Error Detection mechanism
      12. 6.3.12 DAC2: DAC test using internal ADC as DAC output checker
      13. 6.3.13 DAC3: DAC FIFO underrun interrupt
      14. 6.3.14 DMA2: Software test of DMA function
      15. 6.3.15 GPIO1: GPIO test using pin IO loopback
      16. 6.3.16 TIM1: Test for PWM generation
      17. 6.3.17 I2C1: Software test of I2C function using internal loopback mechanism
      18. 6.3.18 SPI1 : Software test of SPI function
      19. 6.3.19 SPI3: SPI periodic safety message exchange
      20. 6.3.20 UART1: Software test of UART function
      21. 6.3.21 SYSCTL1: MCLK monitor
      22. 6.3.22 SYSCTL2: HFCLK startup monitor
      23. 6.3.23 SYSCTL3: LFCLK monitor
      24. 6.3.24 SYSCTL4: RTC monitor
      25. 6.3.25 SYSCTL6: SYSPLL startup monitor
      26. 6.3.26 SYSCTL8: Brownout Reset (BOR) Supervisor
      27. 6.3.27 SYSCTL9: FCC counter logic to calculate clock frequencies
      28. 6.3.28 SYSCTL10: External voltage monitor
      29. 6.3.29 SYSCTL11: Boot process monitor
      30. 6.3.30 SYSCTL12: TRIM bits parity protection
      31. 6.3.31 SYSCTL14: Brownout Voltage Monitor
      32. 6.3.32 SYSCTL15: External voltage monitor
      33. 6.3.33 MCAN1: Software test of function using I/O Loopback
      34. 6.3.34 MCAN4: SRAM ECC
      35. 6.3.35 MCAN5: Software test of ECC check logic
      36. 6.3.36 MCAN6: MCAN timeout function
      37. 6.3.37 MCAN7: MCAN timestamp function
  8. 7An In-Context Look at This Safety Element out of Context
    1. 7.1 System Functional Safety Concept Examples
  9.   A Summary of Recommended Functional Safety Mechanism Usage (Optional)
  10.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided

A Summary of Recommended Functional Safety Mechanism Usage (Optional)

Appendix Asummarizes the functional safety mechanisms present in hardware or recommend for implementation in software or at the system level as described in Section 5. Table 8-1 describes each column in Table 8-2 and gives examples of what content could appear in each cell.

Table A-1 Legend of Functional Safety Mechanisms
Functional Safety MechanismDescription
TI Safety Mechanism Unique IdentifierA unique identifier assigned to this safety mechanism for easier tracking.
Safety Mechanism NameThe full name of this safety mechanism.
Safety Mechanism CategorySafety Mechanism - This test provides coverage for faults on the primary function. It may also provide coverage on another safety mechanism.

Test for Safety Mechanism - This test provides coverage for faults of a safety mechanism only. It does not provide coverage on the primary function.

Fault Avoidance - This is typically a feature used to improve the effectiveness of a related safety mechanism.

Safety Mechanism TypeCan be either hardware, software, a combination of both hardware and software, or system. See Section 6.2 for more details.
Safety Mechanism Operation IntervalThe timing behavior of the safety mechanism with respect to the test interval defined for a functional safety requirement / functional safety goal. Can be either continuous, or on-demand.

Continuous - the safety mechanism constantly monitors the hardware-under-test for a failure condition.

Periodic or On-Demand - the safety mechanism is executed periodically, when demanded by the application. This includes Built-In Self-Tests that are executed one time per drive cycle or once every few hours.

Test Execution TimeTime period required for the safety mechanism to complete, not including error reporting time.

Note: Certain parameters are not set until there is a concrete implementation in a specific component. When component specific information is required, the component data sheet should be referenced.

Note: For software-driven tests, the majority contribution of the Test Execution Time is often software implementation-dependent.

Action on Detected FaultThe response that this safety mechanism takes when an error is detected.

Note: For software-driven tests, the Action on Detected Fault may depend on software implementation.

Time to ReportTypical time required for safety mechanism to indicate a detected fault to the system.

Note: For software-driven tests, the majority contribution of the Time to Report is often software implementation-dependent.

Table A-2 Summary of Functional Safety Mechanisms
TI Safety Mechanism Unique IdentifierSafety Mechanism NameSafety Mechanism CategorySafety Mechanism TypeSafety Mechanism Operation IntervalTest Execution TimeAction on Detected FaultTime to Report
ADC1Software test for periodic read of static configured MMRsSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
ADC2ADC sample and conversion testSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
WDTWatchdog Timeout EventSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
ADC3ADC Trigger overflowSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
ADC4

Window comparator

Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent

t

COMP1Software Read Back of Written ConfigurationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
COMP2DAC to COMP LoopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
CPU1ARM STL Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DAC1Periodic Software Read Back of Written ConfigurationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DAC2DAC to ADC LoopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DAC3FIFO Under-run interruptSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DMA1Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DMA2Software testSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
FXBAR1Use hardware redundancy by accessing same flash location by CPU and DMASafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
FXBAR2Periodic Software Read Back of FLASH dataSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
GPIO1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
GPIO2Periodic Software Readback of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
TIM1Test for basic PWM generationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
TIM2Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
I2C1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
I2C2Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
IOMUX1Periodic Software Readback of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN2Information Redundancy Techniques Including End-to-End SafingSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN3Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN4SRAM ECCSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN5Software Test of ECC LogicSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN6Timeout on FIFO ActivitySafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
MCAN7Timestamp Consistency checksSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
OA1Software Read Back of Written ConfigurationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
OA2DAC8(COMPDAC) to OA and then to ADC LoopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI2Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI3SPI PERIODIC Safety Message checkSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL1MCLK monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL2HFCLK Startup monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL3LFCLK MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL4RTC MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL5Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL6SYSPLL Startup monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL8Brownout Reset (BOR) SupervisorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL9FCC counter logic to calculate clock frequenciesSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL10Extrenal voltage monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL11Boot process monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL12Parity protectionSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL13SYSCTL3V State machineSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL14Brownout Voltage MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL15External Voltage SupervisorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSMEM4RAM ParitySafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
UART1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
UART2Periodic Software Read Back of Static Configuration RegistersSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
REF1Periodic Software Read Back of static configuration registers.Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
REF2VREF to ADC Reference inputSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent