SPRT759 October   2023 TMS320F280021 , TMS320F280021-Q1 , TMS320F280023 , TMS320F280023-Q1 , TMS320F280023C , TMS320F280025 , TMS320F280025-Q1 , TMS320F280025C , TMS320F280025C-Q1 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F280040-Q1 , TMS320F280040C-Q1 , TMS320F280041 , TMS320F280041-Q1 , TMS320F280041C , TMS320F280041C-Q1 , TMS320F280045 , TMS320F280048-Q1 , TMS320F280048C-Q1 , TMS320F280049 , TMS320F280049-Q1 , TMS320F280049C , TMS320F280049C-Q1 , TMS320F28075 , TMS320F28075-Q1 , TMS320F28076 , TMS320F28374D , TMS320F28374S , TMS320F28375D , TMS320F28375S , TMS320F28375S-Q1 , TMS320F28376D , TMS320F28376S , TMS320F28377D , TMS320F28377D-EP , TMS320F28377D-Q1 , TMS320F28377S , TMS320F28377S-Q1 , TMS320F28378D , TMS320F28378S , TMS320F28379D , TMS320F28379D-Q1 , TMS320F28379S , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
  5. 2Overview of IEC 60730 and UL 1998 Classifications
    1. 2.1 C2000 Capability by Device Family
  6. 3C2000 Safety Collateral
    1. 3.1 Getting Started
    2. 3.2 Functional Safety Manuals
    3. 3.3 Software Collateral
  7. 4Implementing Acceptable Measures on C2000 Real-Time MCUs
    1. 4.1 Implementation Steps
    2. 4.2 Example Mapping
    3. 4.3 Additional Best Practices
  8. 5Mapping Acceptable Control Measures to C2000 Unique Identifiers
    1. 5.1 Unique Identifier Reference
    2. 5.2 CPU Related Faults
    3. 5.3 Interrupt Related Faults
    4. 5.4 Clock Related Faults
    5. 5.5 Memory Related Faults
    6. 5.6 Internal Data Path Faults
    7. 5.7 Input/Output Related Faults
    8. 5.8 Communication, Monitoring Devices, and Custom Chip Faults
  9. 6Glossary
  10. 7References

3.3 Software Collateral

While C2000 devices have several hardware safety features, the application level diagnostic software adds value to the hardware features. C2000 provides the following safety-related software packages:

  • C28x Self-Test Library (C28x_STL)
  • CLA Self-Test Library (CLA_STL)
  • Software Diagnostic Library (SDL)
Software Diagnostic Library
Features:
  • A collection of C-callable, optimized, independent test functions.
  • Called and managed by the user’s application.
  • When a failure is detected, the application determines the system-appropriate action.
  • Each function executes a specific task to verify the functionality of a component.
  • Leverages safety mechanisms consistent with safety standards.
  • Has minimal impact on the MCU's real-time control performance.
  • The User's Guide includes benchmarks.
  • Supports power-on test, periodic test, or both.
  • Demonstrates library usage and configuration of diagnostic features.
 Examples include:
  • CAN message RAM March and parity logic test
  • CRC code for communications and memory tests
  • Interface to CPU HWBIST capabilities
  • PIE RAM redundancy test
  • Clock frequency test
  • CPU register test
  • PIE RAM redundancy test

Refer to the safety manual's C2000 Safety Diagnostics Libraries chapter.
Availability:
  • F2837xS, F2837xD and F2807x download here
  • Other device SDLs are in C2000Ware. See the libraries/diagnostic directory.
C28x and CLA Self-Test Libraries
The self-test libraries (STL) check the CPU's logic integrity using the CPU itself. The STLs are independently assessed by TÜV SÜD and found to be suitable for being integrated into safety related systems up to ASIL D and SIL 3 according to ISO 26262:2018 and IEC 61508:2010 respectively.
C28X_STL Features:
  • Represents a safety mechanism with the capability to detect permanent faults of the C28x CPU.
  • Covers the CPU, FPU, TMU, VCU, and VCRC instruction sets.
  • Supports only start-up testing.
  • Available for Class-C, SIL-2 and SIL-3 capable-devices without hardware built-in self test (HWBIST).
  • Includes a user's guide and compliance support package (CSP).
 CLA_STL Features:
  • Represents a safety mechanism with the capability to detect permanent faults of the Control Law Accelerator (CLA).
  • Covers the CLA register bank, control unit, datapath, and so forth.
  • Supports both start-up and periodic testing.
  • Applies to any device with a CLA.
  • Includes a user's guide and compliance support package (CSP).
Availability:
  • The CLA_STL and C28X_STL are not released on TI.com. Contact your TI representative to request access.