Product Architecture for Management of Random Faults
www.ti.com
The HRPWM module enhances the resolution of the PWM control and provides unique calibration logic to
track the PWM modulation accuracy and input clock oscillator accuracy. The oscillator accuracy library
functions use the SFO libraries, which use the inherent calibration logic, to measure the accuracy of the
oscillator clock and PLL.
GPIO configuration registers are write-protected with special EALLOW instructions. Most of the GPIO
inputs have a programmable de-glitching filter to screen spurious noise or debouncing. This is especially
important for PWM output trip control signals, to avoid false tripping of PWM outputs.
The Control peripherals are complemented with three 32-bit CPU timers that can support time base
checks, and as redundant channels to implement timing checks.
Piccolo MCUs use industry standard communication ports such as; SCI, SPI, and I2C. These peripherals
are often available in multiple instantiations that allow 1oo2 voting schemes and internal loop back paths
that allow periodic serial data integrity checks.
Section 5 presents many of the functional safety diagnostics schemes that can be implemented to add
safety in each of these MCU functions during run time and power up state.
Analog Subsystem: Piccolo2x analog subsystem supports all the necessary analog sensing and
feedback channels. It has its own independent regulated power, oscillators, temperature sensor and PLL
clock. At runtime, it is synchronized and tightly coupled to the main CPU and control subsystems. Piccolo
MCU addresses the safety requirements of the operating clock redundancy with a minimum of two clocks
sources and an additional external clock source. There are two zero-pin oscillators operating in parallel,
OSC1 and OSC2, an additional on-chip crystal oscillator, and an external clock pin.
The oscillator clocks feed the on-chip watchdog module to provide time-out monitoring of time critical
loops. Device reset is offered through an external pin. This pin is a bidirectional pin allowing on-chip
watchdog reset to propagate to external devices. The reset input signal is always qualified with a
deglitching filter (about 200 ns) that helps to block reset line noise due to any electrical disturbance.
The dependencies of these clock domains and recovery mechanisms are presented in the Piccolo
technical reference manual (see Table 1). For more information, see Table 1 . The on-chip regulator
supports POR and BOR logic to generate under voltage detection.
4.4 Delfino MCU Family
Delfino is high performance member of the C2000 MCU addressing a wide of industrial applications. The
makeup of the family is differentiated at the 32-bit C28x CPU performance, control and analog subsystem
peripherals. These offer devices offer 100 to 150MHz CPU Performance. The Table 2 above provides
Delfino MCU feature set break up between F2833x and F2823x devices. For detailed resource availability,
see the device-specific data sheet for that section and on the TI web site.
Integration of the 32-bit CPU performance and peripherals is mandatory to make these topologies a
deterministic control system. Having proven in many of these applications, at the equipment level there is
a demand to reach the emerging functional safety levels. Functional safety levels are governed by many
of IEC and UL standards to enforce safety discipline in hardware and software development. IEC60730
and UL1998 have published a series of safety test across any microcontroller device. Some of the Delfino
applications target IEC61508 level safety as well. These configurations are primarily in industrial drive
application co-designed with companion chips to reach required level system level safety.
Since Delfino MCU’s architecture is identical to the Piccolo MCU with less analog integration. The
following sections will explain the device configurations. Delfino devices have to be used with companion
chips to implement some of the functional safety requirements. Most of the Piccolo6x, IEC60730 software
library functions are applicable to Delfino devices. Delfino version of IEC60730 will leverage the Piccolo6x
library to build its system level diagnostics. Delfino family is architecturally scalable to different feature and
cost segments, the IEC60730 library is mostly compatible to all of its devices, except that some of the
software functions need some porting to match the peripheral mix used in the end application system.
20
Safety Manual for C2000™ MCUs in IEC60730 Safety Applications SPRUHI3A–April 2013–Revised August 2013
Submit Documentation Feedback
Copyright © 2013, Texas Instruments Incorporated
To Next Page
Loading...
Need help?
General
