TIDUDS9B December   2017  – November 2022

 

  1.   Description
  2.   Resources
  3.   Features
  4.   Applications
  5.   5
  6. 1System Description
    1. 1.1 Key System Specifications
  7. 2System Overview
    1. 2.1 Block Diagram
    2. 2.2 Design Considerations
      1. 2.2.1 Conditions of Use: Assumption
        1. 2.2.1.1 Generic Assumptions
        2. 2.2.1.2 Specific Assumptions
      2. 2.2.2 Diagnostics Coverage
        1. 2.2.2.1 Dual-Channel Monitoring
        2. 2.2.2.2 Checking ISO1211 Functionality With MCU (SIL1)
        3. 2.2.2.3 Checking TPS22919 Functionality With MCU (SIL1)
        4. 2.2.2.4 Checking TPS27S100 Functionality With MCU (SIL1)
        5. 2.2.2.5 Optional Monitoring Using RDY Pin of ISO5452, ISO5852S or UCC21750 Integrated Analog-to-PWM Isolated Sensor
      3. 2.2.3 Drive State
    3. 2.3 Highlighted Products
      1. 2.3.1 ISO1211
      2. 2.3.2 TPS27S100
      3. 2.3.3 TPS22919
      4. 2.3.4 ISO5852S, ISO5452
    4. 2.4 System Design Theory
      1. 2.4.1 Digital Input Receiver for STO
      2. 2.4.2 STO_1 Signal Flow Path for Controlling VCC1
      3. 2.4.3 STO_2 Signal Flow Path
        1. 2.4.3.1 High-Side Switch for Controlling Secondary-Side Supply Voltage of Gate Driver
        2. 2.4.3.2 Powering up Secondary Side: VCC2 of Gate Driver
      4. 2.4.4 Gate Driver Design
      5. 2.4.5 STO_FB Signal Flow Path
  8. 3Hardware, Software, Testing Requirements, and Test Results
    1. 3.1 Getting Started Hardware
      1. 3.1.1 PCB Overview
    2. 3.2 Testing and Results
      1. 3.2.1 Logic High and Logic Low STO Thresholds
      2. 3.2.2 Validation of STO1 Signal
        1. 3.2.2.1 Propagation of STO1 to VCC1 of Gate Driver
        2. 3.2.2.2 1-ms STO Pulse Rejection
        3. 3.2.2.3 Diagnostic Pulses From MCU Interface
      3. 3.2.3 Validation of STO2 Signals
        1. 3.2.3.1 Propagation of STO2 to VCC2 of Gate Driver
        2. 3.2.3.2 1-ms Pulse Rejection
        3. 3.2.3.3 Diagnostic Pulses From MCU
        4. 3.2.3.4 Inrush Current Measurement
      4. 3.2.4 3.3-V Voltage Rail From Switcher
      5. 3.2.5 60-V Input Voltage and Reverse Polarity Protection
      6. 3.2.6 Validation of Trip Zone Functionality
  9. 4Design Files
    1. 4.1 Schematics
    2. 4.2 Bill of Materials
    3. 4.3 Layer Plots
    4. 4.4 Altium Project
    5. 4.5 Gerber Files
    6. 4.6 Assembly Drawings
  10. 5Related Documentation
    1. 5.1 Trademarks
  11. 6About the Author
  12. 7Recognition
  13. 8Revision History

2.2.2.1 Dual-Channel Monitoring

The STO function is realized through dual channels STO_1 and STO_2, respectively, to de-energized the power to the gate driver (See Figure 2-2). In a safety unit, if one of the STO signals is removed, then the status changes to STO triggered (See Table 2-1). The unit then waits for a fixed amount of monitoring time to check if both inputs are switched off. If the same signal is not present on both the inputs after the session, then the system signals an error. The PLC performs the monitoring by periodically checking the two stop paths for errors through 1-ms OSSD pulses (See Table 2-2).

Figure 2-2 Dual-Channel Isolated STO
Table 2-1 Dual-Channel Isolated STO
STO_1 STO_2 DESCRIPTION OF STATE

0

0

 STO state is triggered and there is no error in STO function

0

1

 STO state is triggered and monitoring for error starts. After some time, error is signaled

1

0

 STO state is triggered and monitoring for error starts. After some time, error is signaled

1

1

 STO state not triggered

In the TIDA-01599, an MCU (SIL 1) is assumed to do the diagnostic coverage. The MCU is not part of the analysis. A hardware based diagnostic coverage is possible too. Table 2-2 shows the diagnostic logic and state. Note that STO related signals are active low.

Table 2-2 MCU Diagnostics Logic Table
STO_1 | STO_2 MCU_STO_1_in | MCU_STO_2_in MCU DIAGNOSTICS : FAULT DETECTED

MCU_Diag_Cntrl_Out1 | MCU_Diag_Cntrl_Out2

 IGBT GATE DRIVER OUTPUT

STATE

1 | 1

1 | 1

No

Normal operation

Normal operationNormal operation
1 | 11 | 1

Yes (for example, Load switch stuck high)

0

0

Safe state

1 | 11 | 1

Yes (for example, No OSSD pulse)

0

0

Safe state

0 | 0

0 | 1

Yes (for example, ISO1211 stuck high)

0

0

Safe state
0 | 0

1 | 0

Yes (for example, ISO1211 stuck high)

0

0

Safe state
0 | 00 | 0

No

0

0

STO