SLLU312A July   2019  – May 2022 TCAN4550-Q1

 

  1.   TCAN4550-Q1 Functional Safety-Manual
  2.   Trademarks
  3. 1Introduction
  4. 2Product Functional Safety-Capability
  5. 3Product Overview
    1. 3.1 Block Diagram
    2. 3.2 Target Applications
      1. 3.2.1 Diagnostic Features
        1. 3.2.1.1 Mode Overview
        2. 3.2.1.2 Sleep Wake Error Timer (SWE)
        3. 3.2.1.3 Undervoltage
        4. 3.2.1.4 Thermal Shut Down
        5. 3.2.1.5 CAN Bus Communication
          1. 3.2.1.5.1 M_CAN
        6. 3.2.1.6 Processor Communication
          1. 3.2.1.6.1 SPI Integrity
            1. 3.2.1.6.1.1 SPI Scratchpad
            2. 3.2.1.6.1.2 SPIERR
            3. 3.2.1.6.1.3 M_CAN Forced Dominant and Recessive
            4. 3.2.1.6.1.4 SPI and FIFO
            5. 3.2.1.6.1.5 ECC for Memory
          2. 3.2.1.6.2 Timeout Watchdog
          3. 3.2.1.6.3 Floating Pins
          4. 3.2.1.6.4 RST Pin
          5. 3.2.1.6.5 Interrupt and Internal Fault Detection
  6. 4Development Process for Management of Systematic Faults
    1. 4.1 TI New-Product Development Process
  7. 5Revision History
3.2.1.6.1 SPI Integrity

The TCAN4550-Q1 does not support CRC for SPI communication. There are several ways to periodically determine the SPI bus integrity is valid. These cover potential fault 4.

For the most robust and mostly continuous method is double transmit and reads and double reads to determine if the data is the same. This method though robust reduces the bandwidth capabilities of the device so performing several periodic test can be beneficial.

The periodic test that can be performed are as follows:

  • Scratchpad write/read, safety mechanism SM-14
  • SPIERR flag, safety mechanism SM-15
  • M_CAN forced dominate and recessive testing, safety mechanism SM-16
  • SPI and FIFO, safety mechanism SM-17
  • ECC for memory, safety mechanism SM-18