SFFS619 December   2023 MSPM0L1304-Q1 , MSPM0L1305-Q1 , MSPM0L1306-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2MSPM0L Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4MSPM0L Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  OPA
    4. 5.4  CPU
    5. 5.5  RAM
    6. 5.6  FLASH
    7. 5.7  GPIO
    8. 5.8  DMA
    9. 5.9  SPI
    10. 5.10 I2C
    11. 5.11 UART
    12. 5.12 Timers (TIMx)
    13. 5.13 PMU
    14. 5.14 CKM
  7. 6MSPM0L Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1,DMA1,COMP1,GPIO2,TIM2,I2C2,IOMUX1,OA1,SPI2,UART2,SYSCTL5,REF1: Periodic read of static configuration registers
      2. 6.3.2  ADC2: Software test of function
      3. 6.3.3  ADC3: ADC trigger overflow check
      4. 6.3.4  ADC4: Window comparator
      5. 6.3.5  OA2: Test of OA using internal DAC8 as a driver
      6. 6.3.6  COMP3: Testing COMP using an external pin
      7. 6.3.7  CPU1: CPU test using software test library
      8. 6.3.8  DMA2: Software test of DMA function
      9. 6.3.9  SYSMEM1: Write to SRAM from CPU, read from DMA
      10. 6.3.10 SYSMEM2: Write to SRAM from DMA, read from CPU
      11. 6.3.11 SYSMEM5: SRAM March test
      12. 6.3.12 FXBAR1: CPU readback of known data from Flash
      13. 6.3.13 FXBAR2: DMA readback of known data from Flash
      14. 6.3.14 FLASH2: CRC check of flash content
      15. 6.3.15 GPIO1: GPIO test using pin IO loopback
      16. 6.3.16 WDT
      17. 6.3.17 TIM1: Software test of function
      18. 6.3.18 I2C1: Software test of I2C function using internal loopback mechanism
      19. 6.3.19 SPI1 : Software test of SPI function
      20. 6.3.20 SPI3: SPI periodic safety message exchange
      21. 6.3.21 UART1: Software test of UART function
      22. 6.3.22 SYSCTL1: MCLK monitor
      23. 6.3.23 SYSCTL8: Brownout Reset (BOR) Supervisor
      24. 6.3.24 SYSCTL9: FCC counter logic to calculate clock frequencies
      25. 6.3.25 SYSCTL10: External voltage monitor
      26. 6.3.26 SYSCTL11: Boot process monitor
      27. 6.3.27 SYSCTL12: Shutdown memory bits parity protection
      28. 6.3.28 SYSCTL14: Brownout Voltage Monitor
      29. 6.3.29 SYSCTL15: External voltage supervisor on VDD
      30. 6.3.30 REF2: Test of VREF using ADC
  8.   A Summary of Recommended Functional Safety Mechanism Usage
  9.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided
  10.   C Revision History

A Summary of Recommended Functional Safety Mechanism Usage

Table 7-2 summarizes the functional safety mechanisms present in hardware or recommend for implementation in software or at the system level as described in Section 5. Table 7-1 describes each column in Table 7-2 and gives examples of what content could appear in each cell.

Table A-1 Legend of Functional Safety Mechanisms
Functional Safety MechanismDescription
TI Safety Mechanism Unique IdentifierA unique identifier assigned to this safety mechanism for easier tracking.
Safety Mechanism NameThe full name of this safety mechanism.
Safety Mechanism CategorySafety Mechanism - This test provides coverage for faults on the primary function. It may also provide coverage on another safety mechanism.

Test for Safety Mechanism - This test provides coverage for faults of a safety mechanism only. It does not provide coverage on the primary function.

Fault Avoidance - This is typically a feature used to improve the effectiveness of a related safety mechanism.

Safety Mechanism TypeCan be either hardware, software, a combination of both hardware and software, or system. See Section 6.2 for more details.
Safety Mechanism Operation IntervalThe timing behavior of the safety mechanism with respect to the test interval defined for a functional safety requirement / functional safety goal. Can be either continuous, or on-demand.

Continuous - the safety mechanism constantly monitors the hardware-under-test for a failure condition.

Periodic or On-Demand - the safety mechanism is executed periodically, when demanded by the application. This includes Built-In Self-Tests that are executed one time per drive cycle or once every few hours.

Test Execution TimeTime period required for the safety mechanism to complete, not including error reporting time.

Note: Certain parameters are not set until there is a concrete implementation in a specific component. When component specific information is required, the component data sheet should be referenced.

Note: For software-driven tests, the majority contribution of the Test Execution Time is often software implementation-dependent.

Action on Detected FaultThe response that this safety mechanism takes when an error is detected.

Note: For software-driven tests, the Action on Detected Fault may depend on software implementation.

Time to ReportTypical time required for safety mechanism to indicate a detected fault to the system.

Note: For software-driven tests, the majority contribution of the Time to Report is often software implementation-dependent.

Table A-2 Summary of Functional Safety Mechanisms
TI Safety Mechanism Unique IdentifierSafety Mechanism NameSafety Mechanism CategorySafety Mechanism TypeSafety Mechanism Operation IntervalTest Execution TimeAction on Detected FaultTime to Report
ADC1Software test for periodic read of static configured MMRsSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
ADC2ADC sample and conversion testSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
WDTWatchdog Timeout EventSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
ADC3ADC Trigger overflowSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
COMP1Software Read Back of Written ConfigurationSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
COMP3External pin input to COMP Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
CPU1ARM STL Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DMA1Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
DMA2Software testSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
FXBAR1Use hardware redundancy by access same flash location by CPU and DMA Safety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
FXBAR2Periodic Software Read Back of FLASH dataSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
GPIO1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
GPIO2Periodic Software Readback of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
TIM1Test for basic PWM generationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
TIM2Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
TIM3Test for fault generationSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
I2C1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
I2C2Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
IOMUX1Periodic Software Readback of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
OA1Software Read Back of Written ConfigurationSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
OA2DAC8(COMPDAC) to OA and then to ADC LoopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI2Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SPI3SPI PERIODIC Safety Message checkSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL1MCLK monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL2HFCLK Startup monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL3LFCLK MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL4RTC MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL5Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL6SYSPLL Startup monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL8Brownout Reset (BOR) SupervisorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL9FCC counter logic to calculate clock frequenciesSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL10External voltage monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL11Boot process monitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL12Parity protectionSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL13SYSCTL3V State machineSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL14Brownout Voltage MonitorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSCTL15External Voltage SupervisorSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSMEM1Software read of memorySoftwareHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSMEM2Software read of memorySoftwareHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
SYSMEM5RAM March TestSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
UART1Software test of function using I/O loopbackSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
UART2Periodic Software Read Back of Static Configuration RegistersSafety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
REF1Periodic Software Read Back of static configuration registers.Safety MechanismSoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent
REF2VREF to ADC Reference inputSafety MechanismHardware/SoftwarePeriodic/On-DemandApplication dependentReset the deviceApplication dependent