SFFS948 May   2025 MSPM0L1227-Q1 , MSPM0L1228-Q1 , MSPM0L2227-Q1 , MSPM0L2228-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 MSPM0Lx22x-Q1 Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4 MSPM0Lx22x-Q1 Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  CPU
    4. 5.4  RAM
    5. 5.5  FLASH
    6. 5.6  GPIO
    7. 5.7  DMA
    8. 5.8  SPI
    9. 5.9  I2C
    10. 5.10 UART
    11. 5.11 Timers (TIMx)
    12. 5.12 Power Management Unit (PMU)
    13. 5.13 Clock Module (CKM)
    14. 5.14 Events
    15. 5.15 IOMUX
    16. 5.16 VREF
    17. 5.17 WWDT and IWDT
    18. 5.18 CRC
  7. 6 MSPM0Lx22x-Q1 Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1, COMP1, DMA1, GPIO2, TIM2, I2C2, IOMUX1, SPI2, UART2, SYSCTL5, CPU4, CRC1, EVENT1, REF1, WDT1, VBAT2:Periodic Read of Static Configuration Registers
      2. 6.3.2  ADC2: Software Test of Functionality
      3. 6.3.3  ADC3: ADC Trigger Overflow Check
      4. 6.3.4  ADC4: Window Comparator
      5. 6.3.5  ADC5: Test of Window Comparator
      6. 6.3.6  ADC6: ADC Trigger, Output Plausibility Checks
      7. 6.3.7  COMP3: External Pin Input to COMP
      8. 6.3.8  COMP4: Comparator Hysteresis
      9. 6.3.9  WDT: Windowed Watchdog Timer
      10. 6.3.10 WDT2: WWDT Counter Check
      11. 6.3.11 WDT3: WWDT Software Test
      12. 6.3.12 WDT4: Redundant WDT
      13. 6.3.13 IWDT: Independent Watchdog Timer
      14. 6.3.14 REF2: VREF to ADC Reference Input
      15. 6.3.15 CPU1: CPU Test Using Software Test Library
      16. 6.3.16 CPU2: Software Test of CPU Data Busses
      17. 6.3.17 CPU3: Software Diversified Redundancy
      18. 6.3.18 SYSMEM1: Software Read of Memory, DMA Write
      19. 6.3.19 SYSMEM2: DMA Read from SRAM, CPU Write
      20. 6.3.20 SYSMEM7: ECC Protection on SRAM
      21. 6.3.21 SYSMEM8: ECC Logic Test
      22. 6.3.22 SYSMEM9: RAM Software Test
      23. 6.3.23 FLASH1: Flash Single-Error Correction, Double-Error Detection Mechanism
      24. 6.3.24 FLASH2: Flash CRC
      25. 6.3.25 FXBAR2: Periodic Software Read Back of Flash Data
      26. 6.3.26 FXBAR3: Software Test of ECC Checker Logic
      27. 6.3.27 FXBAR4: Write Protection of Flash
      28. 6.3.28 DMA2: Software Test of DMA Function
      29. 6.3.29 DMA3: Software DMA Channel Test
      30. 6.3.30 DMA4: CRC Check of the Transferred Data
      31. 6.3.31 GPIO1: Online Monitoring Using I/O Loopback
      32. 6.3.32 GPIO3: GPIO Multiple (Redundant) Inputs/Outputs
      33. 6.3.33 TIM1: Test for PWM Generation
      34. 6.3.34 TIM3: Test for Fault Generation
      35. 6.3.35 TIM4: Fault Detection to Take the PWMs to Safe State
      36. 6.3.36 TIM5: Input Capture on Two or More Timer Instances
      37. 6.3.37 TIM6: Timer Period Monitoring
      38. 6.3.38 I2C1: Software Test of I2C Function Using Internal Loopback Mechanism
      39. 6.3.39 I2C3, SPI4, UART3, MCAN2: Information Redundancy Techniques Including End-to-End Safing
      40. 6.3.40 I2C4, SPI5, UART4: Transmission Redundancy
      41. 6.3.41 I2C5, UART5: Timeout Monitoring
      42. 6.3.42 I2C6: Test of CRC Function
      43. 6.3.43 I2C7: Packet Error Check in SMBUS Mode
      44. 6.3.44 IOMUX2: IOMUX Coverage as Part of Other IP Safety Mechanisms
      45. 6.3.45 SPI1: Software Test of SPI Function
      46. 6.3.46 SPI3: SPI Periodic Safety Message Exchange
      47. 6.3.47 UART1: Software Test of UART Function
      48. 6.3.48 UART6: UART Error Flags
      49. 6.3.49 UART7: UART Glitch filter
      50. 6.3.50 SYSCTL1: MCLK Monitor
      51. 6.3.51 SYSCTL2: HFCLK Start-Up Monitor
      52. 6.3.52 SYSCTL3: LFCLK Monitor
      53. 6.3.53 SYSCTL8: Brownout Reset (BOR) Supervisor
      54. 6.3.54 SYSCTL9: FCC Counter Logic to Calculate Clock Frequencies
      55. 6.3.55 SYSCTL10: External Voltage Monitor
      56. 6.3.56 SYSCTL11: Boot Process Monitor
      57. 6.3.57 SYSCTL14: Brownout Voltage Monitor
      58. 6.3.58 SYSCTL15: External Voltage Monitor
      59. 6.3.59 SYSCTL16: External Watchdog Timer
      60. 6.3.60 CRC: CRC Checker
      61. 6.3.61 VBAT1: VBAT Supply Monitor
      62. 6.3.62 Safety Mechanisms Covering PIN Failures
      63. 6.3.63 Safety Mechanisms Covering Common Cause Failures
  8.   A Summary of Recommended Functional Safety Mechanism Usage
  9.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided
  10.   C Revision History

5.11 Timers (TIMx)

There are two timer peripherals in these devices (which support the following key features); (1) TIMGx (general-purpose timer) and (2) TIMAx (advanced timer). The TIMGx is a subset of TIMAx, which means these timers share many common features that are compatible in software. For specific configuration, see Table 5-12:

Specific features for the general-purpose timer (TIMGx) include:

  • 16-bit and 32-bit timers with up, down, or up-down counting modes, with repeat-reload mode
  • Selectable and configurable clock source
  • 8-bit programmable prescaler to divide the counter clock frequency
  • Two independent CC channels for
    • Output compare
    • Input capture
    • PWM output
    • One-shot mode
  • Support quadrature encoder interface (QEI) for positioning and movement sensing available in TIMG8
  • Support synchronization and cross trigger among different TIMx instances in the same power domain
  • Support interrupt and DMA trigger generation and cross peripherals (such as ADC) trigger capability
  • Cross trigger event logic for Hall sensor inputs (TIMG8)

Specific features for the advanced timer (TIMAx) include:

  • 16-bit timer with up, down, or up-down counting modes, with repeat-reload mode
  • Selectable and configurable clock source
  • 8-bit programmable prescaler to divide the counter clock frequency
  • Repeat counter to generate an interrupt or event only after a given number of cycles of the counter
  • Up to four independent CC channels for
    • Output compare
    • Input capture
    • PWM output
    • One-shot mode
  • Two additional capture and compare channels for internal events (CC4 and CC5)
  • Shadow register for load and CC register available in TIMA0
  • Complementary output PWM
  • Asymmetric PWM with programmable dead band insertion
  • Fault handling mechanism to verify the output signals in a safe user-defined state when a fault condition is encountered
  • Support synchronization and cross trigger among different TIMx instances in the same power domain
  • Support interrupt and DMA trigger generation and cross peripherals (such as ADC) trigger capability
  • Two additional capture and compare channels for internal events
Table 5-12 TIMx Instance Configuration
InstancePower DomainCounter ResolutionPrescalerRepeat CounterCCP Channels (External/Internal)External PWM ChannelsPhase LoadShadow LoadShadow CCsDeadbandFault HandlerQEI / Hall Input Mode
TIMG0PD016-bit8-bit-22------
TIMG4PD016-bit8-bit-22-YesYes---
TIMG5PD016-bit8-bit-22-YesYes---
TIMG8PD016-bit8-bit-22-----Yes
TIMG12PD032-bit--22--Yes---
TIMA0PD016-bit8-bitYes4/28YesYesYesYesYes-
Table 5-13 TIMx Cross Trigger Map (PD0)
TSEL.ETSEL SelectionTIMA0TIMG0TIMG4TIMG5TIMG8TIMG12
0TIMA0.TRIGOTIMA0.TRIGOTIMA0.TRIGOTIMA0.TRIGOTIMA0.TRIGOTIMA0.TRIGO
1TIMG0.TRIGOTIMG0.TRIGOTIMG0.TRIGOTIMG0.TRIGOTIMG0.TRIGOTIMG0.TRIGO
2TIMG4.TRIGOTIMG4.TRIGOTIMG4.TRIGOTIMG4.TRIGOTIMG4.TRIGOTIMG4.TRIGO
3TIMG5.TRIGOTIMG5.TRIGOTIMG5.TRIGOTIMG5.TRIGOTIMG5.TRIGOTIMG5.TRIGO
4TIMG8.TRIGOTIMG8.TRIGOTIMG8.TRIGOTIMG8.TRIGOTIMG8.TRIGOTIMG8.TRIGO
5TIMG12.TRIGOTIMG12.TRIGOTIMG12.TRIGOTIMG12.TRIGOTIMG12.TRIGOTIMG12.TRIGO
6 to 15Reserved
16Event Subscriber Port 0 (FSUB0)
17Event Subscriber Port 1 (FSUB1)
18-31Reserved

The following tests must be applied for the targeted ASIL as functional safety mechanisms for this module (to provide diagnostic coverage on a specific function):

Table 5-14 Timers Safety Mechanisms
Safety MechanismDescriptionFaults | Failure Modes
TIM1Test for PWM generationTargeted toward PWM generation logic, including the counters, compare registers, clocking logic, output generation logic, and so forth.
TIM2Periodic software read back of IP static configuration registersTargets the static configuration registers in timer.
TIM3 (latent fault coverage)Test for fault generationThis test is a test for diagnostic, which checks the functioning of fault detection logic in timer.
Note: This test is applicable only to TIMAx.
TIM4Fault detection to take the PWMs to safe stateThis safety mechanism can be used to detect faults which result in system-level failures like overvoltage and undervoltage and overcurrent and undercurrent. The external faults can be monitored using the fault pins or the analog comparators. The faults which can be covered include the faults in the PWM generation logic, faults in external drivers, and so forth.
Note: This test is applicable only to TIMAx.
TIM5Input capture on two or more timer instancesThis test is used to cover the faults in the capture mode logic. The faults can be in clocking, capture logic, counter logic, and so forth.
TIM6Timer period monitoring.This test is a run time check, in which the duration between two interrupts can be measured (using another timer). This check is useful in detecting faults which result in the counter taking more or less time than expected and can also cover the clocking related faults.
WDTWindowed watchdog eventTargeted toward faults which result in missing interrupts (periodic interrupts) affecting the program sequence of the CPU. These faults can be faults in the interrupt logic, the logic which sets the interrupt flags, the logic which generates hardware triggers for other IPs (ADC, for example), and so forth.