SPRT759A October   2023  – June 2024 F29H850TU , F29H859TU-Q1 , TMS320F280021 , TMS320F280021-Q1 , TMS320F280023 , TMS320F280023-Q1 , TMS320F280023C , TMS320F280025 , TMS320F280025-Q1 , TMS320F280025C , TMS320F280025C-Q1 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F280040-Q1 , TMS320F280040C-Q1 , TMS320F280041 , TMS320F280041-Q1 , TMS320F280041C , TMS320F280041C-Q1 , TMS320F280045 , TMS320F280048-Q1 , TMS320F280048C-Q1 , TMS320F280049 , TMS320F280049-Q1 , TMS320F280049C , TMS320F280049C-Q1 , TMS320F28075 , TMS320F28075-Q1 , TMS320F28076 , TMS320F28374D , TMS320F28374S , TMS320F28375D , TMS320F28375S , TMS320F28375S-Q1 , TMS320F28376D , TMS320F28376S , TMS320F28377D , TMS320F28377D-EP , TMS320F28377D-Q1 , TMS320F28377S , TMS320F28377S-Q1 , TMS320F28378D , TMS320F28378S , TMS320F28379D , TMS320F28379D-Q1 , TMS320F28379S , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4.   Introduction
  5.   Overview of IEC 60730 and UL 1998 Classifications
    1.     C2000 Capability by Device Family
  6.   C2000 Safety Collateral
    1.     Getting Started
    2.     Functional Safety Manuals
    3.     Software Collateral
  7.   Implementing Acceptable Measures on C2000 Real-Time MCUs
    1.     Implementation Steps
    2.     Example Mapping
    3.     Additional Best Practices
  8.   Mapping Acceptable Control Measures to C2000 Unique Identifiers
    1.     Unique Identifier Reference
    2.     CPU Related Faults
    3.     Interrupt Related Faults
    4.     Clock Related Faults
    5.     Memory Related Faults
    6.     Internal Data Path Faults
    7.     Input/Output Related Faults
    8.     Communication, Monitoring Devices, and Custom Chip Faults
  9.   Glossary
  10.   References

Functional Safety Manuals

The equipment designer and manufacturer are responsible for ensuring a system meets all applicable safety, regulatory, and performance requirements. Most C2000 Functional Safety Manuals are part of a Functional Safety-Compliant design package to aid in compliance with ISO 26262 or IEC 61508 functional safety standards.

A subset of the safety manual can aid in designing for IEC 60730 requirements. Topics of interest to the IEC 60730-focused designer are listed in Table 4. Additional topics not directly applicable to IEC 60730 may also be helpful.

Table 4 Functional Safety Manual Topics

The IEC 60730-focused developer should pay particular attention to:

  • Description of suggested safety features and diagnostics that are mapped to IEC 60730 acceptable measures in Mapping Acceptable Control Measures to C2000 Unique Identifiers.
  • Guidelines for implementing diagnostics.
  • Description of the software diagnostic library and self-test libraries.
  • While some Unique IDs may not map directly to IEC 60730, or may only provide partial coverage, implementation is highly-recommended. Examples of such best-practices are discussed in Additional Best Practices.

Additional topics may be helpful. These include:

  • Product overview.
  • Device architecture drawing with safety features highlighted.
  • Comprehensive list of all safety features and diagnostics.
  • List of safety features specific to peripherals.
  • Descriptions of diagnostics, test for diagnostics, and fault avoidance measures.
  • Suggestions for improving freedom from interference.
  • Suggestions for addressing common cause failures

Within the functional safety manual, a C2000 Unique Identifier (Unique ID) identifies specific safety features and diagnostics. These diagnostics can be divided into:

  • A safety diagnostic
  • A test of a safety diagnostic
  • A fault avoidance technique
The implementation can be:
  • Hardware: implemented in TI silicon
  • Software: must be implemented in the application software
  • Hardware plus software: requires both hardware implemented in silicon and software within the application
  • System: implemented externally to the microcontroller

This document is meant to aid in mapping a IEC 60730 requirement to a suggested C2000 Unique IDs (Mapping Acceptable Control Measures to C2000 Unique Identifiers). The system designer can then reference the Functional Safety Manual's description and implementation suggestions for each Unique ID. This approach is described in Mapping Acceptable Control Measures to C2000 Unique Identifiers.

Mapping Acceptable Measures to C2000 Functional Safety Manuals Figure 2 Mapping Acceptable Measures to C2000 Functional Safety Manuals