SLLU312A July   2019  – May 2022 TCAN4550-Q1

 

  1.   TCAN4550-Q1 Functional Safety-Manual
  2.   Trademarks
  3. 1Introduction
  4. 2Product Functional Safety-Capability
  5. 3Product Overview
    1. 3.1 Block Diagram
    2. 3.2 Target Applications
      1. 3.2.1 Diagnostic Features
        1. 3.2.1.1 Mode Overview
        2. 3.2.1.2 Sleep Wake Error Timer (SWE)
        3. 3.2.1.3 Undervoltage
        4. 3.2.1.4 Thermal Shut Down
        5. 3.2.1.5 CAN Bus Communication
          1. 3.2.1.5.1 M_CAN
        6. 3.2.1.6 Processor Communication
          1. 3.2.1.6.1 SPI Integrity
            1. 3.2.1.6.1.1 SPI Scratchpad
            2. 3.2.1.6.1.2 SPIERR
            3. 3.2.1.6.1.3 M_CAN Forced Dominant and Recessive
            4. 3.2.1.6.1.4 SPI and FIFO
            5. 3.2.1.6.1.5 ECC for Memory
          2. 3.2.1.6.2 Timeout Watchdog
          3. 3.2.1.6.3 Floating Pins
          4. 3.2.1.6.4 RST Pin
          5. 3.2.1.6.5 Interrupt and Internal Fault Detection
  6. 4Development Process for Management of Systematic Faults
    1. 4.1 TI New-Product Development Process
  7. 5Revision History
3.2.1.5.1 M_CAN

The M-CAN core which is an industry standard core supporting CAN FD and Classical CAN has three interrupts that also lend themselves to confirmation the CAN bus information is accurate. These interrupts are in register 16'h1050 and are as follows:

  • 16'h1050[28] is an interrupt bit for Protocol Error in Data Phase (PED). If this bit shows up as a one register 16'h1044[10:8] - DLEC (Data Phase Last Error Code) need to be reviewed to determine the cause of the error. This is safety mechanism SM-11.
  • 16'h1050[27] is an interrupt bit for Protocol Error in Arbitration Phase (PEA). If this bit shows up as a one register 16'h1044[2:0] - LEC (Last Error Code) need to be reviewed to determine the cause of the error. This is safety mechanism SM-12.
  • 16'h1050[21] is an interrupt for Bit Error Uncorrected (BEU). This is an ECC between the M_CAN core and message RAM. This is safety mechanism SM-13. This is not the same ECC error described in processor communication section.

PED and PEA share the same code when the interrupt is set. These are three bit codes.

  • 0 – No Error: No error occurred since LEC has been reset by successful reception or transmission
  • 1 – Stuff Error: More than 5 equal bits in a sequence have occurred in a part of a received message where this is not allowed
  • 2 – Form Error: A fixed format part of a received frame has the wrong format
  • 3 – AckError: The message transmitted by the M_CAN was not acknowledged by another node
  • 4 – Bit1Error: During the transmission of a message (with the exception of the arbitration field), the device wanted to send a recessive level (bit of logical value ‘1’), but the monitored bus value was dominant
  • 5 – Bit0Error: During the transmission of a message (or acknowledge bit, or active error flag, or overload flag), the device wanted to send a dominant level (data or identifier bit logical value ‘0’), but the monitored bus value was recessive. During Bus_Off recovery this status is set each time a sequence of 11 recessive bits has been monitored. This enables the CPU to monitor the proceeding of the Bus_Off recovery sequence (indicating the bus is not stuck at dominant or continuously disturbed)
  • 6 – CRCError: The CRC check sum of a received message was incorrect. The CRC of an incoming message does not match with the CRC calculated from the received data
  • 7 – NoChange: Any read access to the Protocol Status Register re-initializes the LEC to ‘7’. When the LEC shows the value ‘7’, no CAN bus event was detected since the last CPU read access to the Protocol Status Register