SFFS757 February   2024 DLP4620S-Q1 , DLPC231S-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 DLP4620S-Q1 Chipset Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4 DLP4620S-Q1 Chipset Overview
    1. 4.1 Targeted Applications
    2. 4.2 DLP4620S-Q1 Chipset Functional Safety Concept
      1. 4.2.1 Typical Hazards
      2. 4.2.2 Chipset Architecture
      3. 4.2.3 Built-In Self Tests
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1 Description of System Level Built In Self Test (BISTs)
  7. 6Management of Random Faults
    1. 6.1 Fault Reporting
      1. 6.1.1 HOST_IRQ
      2. 6.1.2 Error History
      3. 6.1.3 Fault Handling
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1 Video Path Protection
        1. 6.3.1.1 Video Input BISTs
        2. 6.3.1.2 Video Processing BISTs
        3. 6.3.1.3 Video Output BISTs
      2. 6.3.2 Illumination Control Protection
        1. 6.3.2.1 Communication Interface and Register Protection
        2. 6.3.2.2 LED Control Feedback Loop Protection
        3. 6.3.2.3 Data Load and Transfer Protection
        4. 6.3.2.4 Watchdogs and Clock Monitors
        5. 6.3.2.5 Voltage Monitors
  8.   A Summary of Recommended Functional Safety Mechanism Usage
  9.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided
  10.   C Revision History

6.3.2.1 Communication Interface and Register Protection

The following methods are used to protect communication between ICs in the system and the data stored in critical registers.

  • [SM_14] Host Command CRC: A CRC check on the incoming host commands to detect corrupted commands. Protects against incorrect dimming value being set due to a corrupted command.
  • [SM_15] Loss Of Dimming Command Test: Checks that dimming commands are regularly being received from the host. This enures that communication with the host has not been lost. If communication with the host is lost, and old dimming value may create an image that is too bright for the current driving conditions. The host can configure a timer within which the DLPC231S-Q1 should receive a dimming command. If the command is not received within this timing the test fails. A default value for the timer can also be configured in flash. Upon failure, emergency shutdown will be executed and an error will be logged.
  • [SM_16] TPS99000S-Q1 Interface Signal Connection Test: Checks the SPI and the LED select interfaces between theDLPC231S-Q1 and TPS99000S-Q1. Checks SPI interface by writing to a dedicated register and reading back the value. Checks the LED select interface by sending LED select signals and reading back the LED select values from the TPS99000S-Q1 via SPI. This test can be configured to run at start-up, and it can be executed by command after the software is changed to Stand-by mode via host command. Upon failure, software will not transition Display Mode even if it is commanded by the host. An error will also be logged.
  • [SM_17] DLPC231S-Q1 to TPS99000S-Q1 SPI Byte-Wise Parity: The DLPC231S-Q1 to TPS99000S-Q1 SPI interface implements a byte-wise parity for detecting command or data corruption. The DLPC231S-Q1 sends a parity bit with the payload for any read or write from the TPS99000S-Q1 registers. If the TPS99000S-Q1 detects a parity error it will indicate a parity error to the DLPC231S-Q1 via a status bit. Register writes to the TPS99000S-Q1 will not be performed if a parity error is detected. If the DLPC231S-Q1 detects three consecutive frames of parity error, it will not reset the DLPC231S-Q1 Processor Watchdog Timer (WD1). This will result in an emergency shutdown. An error code will also be logged.
  • [SM_18] DLPC231S-Q1 to TPS99000S-Q1 ADC Interface SPI Parity: The DLPC231S-Q1 to TPS99000S-Q1 implements a parity check to ensure that ADC measurement commands and data are not corrupted. Parity is implemented on both the read command transaction and on the return data. Each command transaction from the DLPC231S-Q1 to TPS99000S-Q1 includes a start bit, the command id, the command id repeated, a parity bit, and a stop bit. The repeated command and data bytes must match and the parity bit must be correct. Additionally, the data returned from the TPS99000S-Q1 to DLPC231S-Q1 includes 12 data bits, 3 error bits, 12 data bits repeated, 3 error bits repeated, and 1 parity bit. The two copies of the 12-bit data, and the two copies of the 3-bit error codes must match. Additionally, the parity bit must be correct. If the TPS99000S-Q1 detects a parity error, it will indicate the error to the DLPC231S-Q1 via a status bit. If 3 consecutive errors are detected, the test fails. Upon failure, emergency shutdown will be executed and an error will be logged.
  • [SM_19] TPS99000S-Q1 Password Protected Register Space: A portion of the TPS99000S-Q1 register space is protected by a password. The DLPC231S-Q1 unlocks this register space by writing the password before updating these registers. After updating these registers, the DLPC231S-Q1 locks this register space.
  • [SM_20] TPS99000S-Q1 Register Checksum: The TPS99000S-Q1 implements a checksum on functionally grouped registers. This checksum is used to detect bit level changes occurring due to random events. When the DLPC231S-Q1 updates any TPS99000S-Q1 registers, it updates the checksum for that group. The TPS99000S-Q1 periodically calculates a checksum on each group of registers and compares it to the last checksum stored by the DLPC231S-Q1. If the TPS99000S-Q1 detects a checksum error, it sets a status bit that can be read by the DLPC231S-Q1 via SPI. If an error is detected, the DLPC231S-Q1 will attempt to re-write the registers and checksum up to three times. If the error persists after three attempts, an emergency shutdown will be executed and an error will be logged.