SSZT708 may   2018


  1.   1
  2.   2
    1.     3

Sal Pezzino

C2000™ microcontrollers (MCUs) come with a variety of collaterals that can help you develop functionally safe systems that can comply with a wide range of standards for end products in automotive, appliance and industrial applications. Examples include electric vehicle onboard chargers, gas furnaces and industrial servo motor drives.

The new C2000 SafeTI™ Diagnostic Software Library for the Piccolo™ TMS320F2807x series and Delfino™ TMS320F2837xD and TMS320F2837xS series of MCUs is a collection of different safety mechanisms designed to detect faults. These safety mechanisms target different device components, including the C28x core, the control law accelerator (CLA), system control, static random access memory (SRAM), flash, and communications and control peripherals. The software safety mechanisms leverage available hardware safety features such as the C28x hardware built-in self-test (HWBIST), error detection and correction functionality on memories, parallel signature analysis circuitry, missing clock detection logic, watchdog counters and hardware redundancy.


The C2000 SafeTI enablers for the F28x7x device family includes:

  • A companion SafeTI diagnostic library that will help you shorten the time to implement various software safety mechanisms.
  • A collection of application reports to help you develop C2000 (F28x7x) MCU-based functionally safe systems.

The SafeTI diagnostic library includes a software functional safety manual, user guides, example projects and source code to help you make important system decisions and shorten system integration time, helping you to get your products to market faster.  The library package includes a compliance support package (CSP), a series of documents that TI used to develop and test the diagnostic software library. The CSP provides the necessary documentation and reports to assist you with compliance to functional safety standards: software safety requirements specifications, a software architecture document, software module design documents, software module unit test plans, software module unit test documents, static analysis reports, unit test reports, dynamic analysis reports, functional test reports and traceability documents. You can use these documents to comply with route 1s (as described in International Electrotechnical Commission [IEC] 61508-3, section to reuse a pre-existing software element to implement all or part of a safety function. The contents of the CSP could also help you make important decisions for overall system safety compliance.

Three related application reports offer details about how you can develop functionally safe systems with C2000 real-time control devices:

  • C2000 Hardware Built-In Self-Test” discusses the HWBIST safety mechanism, along with its functions and features, in the F28x7x series of C2000 devices. The report also addresses some system-level considerations when using the HWBIST feature and explains how you can use the SafeTI diagnostic library on your system.
  • C2000 CPU Memory Built-In Self-Test” describes embedded memory validation using the C28x central processing unit (CPU) during an active control loop. It discusses system challenges to memory validation as well as the different solutions provided by C2000 devices and software. Finally, it presents the SafeTI Diagnostic Library implementations for memory testing.
  • Error Detection in SRAM” offers technical information about the nature of the SRAM bit cell and bit array, as well as the sources of SRAM failures. It then presents methods for managing memory failures in electronic systems. This discussion is targeted toward electronic system developers or integrators interested in improving the robustness of the embedded SRAM.

Further F28x7x functional safety collateral includes:

  • A functional safety manual that describes all of the hardware and software functional safety mechanisms included in F28x7x.
  • A detailed, tunable (estimation-based) quantitative failure modes, effects and diagnostic analysis (FMEDA) that enables the calculation of random hardware metrics as outlined in International Organization for Standardization (ISO) 26262 and IEC 61508 for automotive and industrial applications, respectively.
  • An independent third-party assessment (from Tüv-Süd) that:
    • Ratifies the ability of the F28x7x device family to meet the random hardware capability of Automotive Safety Integrity Level (ASIL)-B, SIL-2.
    • Confirms the systematic capability (development process compliance) of the F28x7x device family to meet ASIL-D/SIL-3 according to ISO 26262 and IEC 61508, respectively.