SFFS624A March   2024  – December 2024 MSPM0G3105 , MSPM0G3105-Q1 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3505-Q1 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 MSPM0G Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
  5. 4 MSPM0G Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  DAC
    4. 5.4  OPA
    5. 5.5  CPU
    6. 5.6  RAM
    7. 5.7  FLASH
    8. 5.8  GPIO
    9. 5.9  DMA
    10. 5.10 SPI
    11. 5.11 I2C
    12. 5.12 UART
    13. 5.13 Timers (TIMx)
    14. 5.14 Power Management Unit (PMU)
    15. 5.15 Clock Module (CKM)
    16. 5.16 CAN-FD
    17. 5.17 Events
    18. 5.18 IOMUX
    19. 5.19 VREF
    20. 5.20 WWDT
    21. 5.21 CRC
  7. 6 MSPM0G Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1, COMP1, DAC1, DMA1, GPIO2, TIM2, I2C2, IOMUX1, OA1, SPI2, UART2, SYSCTL5, MCAN3, CPU4, CRC1, EVENT1, REF1, WDT1: Periodic Read of Static Configuration Registers
      2. 6.3.2  ADC2: Software Test of Functionality
      3. 6.3.3  ADC3: ADC Trigger Overflow Check
      4. 6.3.4  ADC4: Window Comparator
      5. 6.3.5  ADC5: Test of Window Comparator
      6. 6.3.6  ADC6: ADC Plausibility Checks
      7. 6.3.7  OA2: Test of OA Using Internal DAC as a Driver
      8. 6.3.8  OA3: ADC Monitoring of OA Output
      9. 6.3.9  COMP2: Software Test of Comparator Using Internal DAC
      10. 6.3.10 COMP3: External Pin Input to COMP
      11. 6.3.11 COMP4: Comparator Hysteresis
      12. 6.3.12 COMP5: Redundant Comparator
      13. 6.3.13 WDT: Windowed Watchdog Timer
      14. 6.3.14 WDT2: WWDT Counter Check
      15. 6.3.15 WDT3: WWDT Software Test
      16. 6.3.16 REF2: VREF to ADC Reference Input
      17. 6.3.17 CPU1: CPU Test Using Software Test Library
      18. 6.3.18 CPU2: Software Test of CPU Data Buses
      19. 6.3.19 CPU3: Software Redundancy
      20. 6.3.20 SYSMEM1: Software Read of Memory, DMA Write
      21. 6.3.21 SYSMEM2: DMA Read from SRAM, CPU Write
      22. 6.3.22 SYSMEM3: Parity Logic Test
      23. 6.3.23 SYSMEM4: Parity Protection on SRAM
      24. 6.3.24 FLASH1: FLASH Single Error Correction, Double Error Detection Mechanism
      25. 6.3.25 FXBAR2: Periodic Software Readback of FLASH data
      26. 6.3.26 FXBAR3: Software Test of ECC Checker Logic
      27. 6.3.27 FXBAR4: Write Protection of FLASH
      28. 6.3.28 DAC2: DAC Test Using Internal ADC as DAC Output Checker
      29. 6.3.29 DAC3: DAC FIFO Underrun Interrupt
      30. 6.3.30 DMA2: Software Test of DMA Function
      31. 6.3.31 DMA3: Software DMA Channel Test
      32. 6.3.32 DMA4: CRC Check of the Transferred Data
      33. 6.3.33 GPIO1: GPIO Test Using Pin I/O Loopback
      34. 6.3.34 GPIO3: GPIO Multiple (Redundant) Outputs
      35. 6.3.35 TIM1: Test for PWM Generation
      36. 6.3.36 TIM3: Test for Fault Generation
      37. 6.3.37 TIM4: Fault Detection to Take the PWMs to Safe State
      38. 6.3.38 TIM5: Input Capture on Two or More Timer Instances
      39. 6.3.39 TIM6: Timer Period Monitoring
      40. 6.3.40 I2C1: Software Test of I2C Function Using Internal Loopback Mechanism
      41. 6.3.41 I2C3, SPI4, UART3, MCAN2: Information Redundancy Techniques Including End-to-End Safing
      42. 6.3.42 I2C4, SPI5, UART4: Transmission Redundancy
      43. 6.3.43 I2C5, UART5: Timeout Monitoring
      44. 6.3.44 I2C6: Test of CRC function
      45. 6.3.45 I2C7: Packet Error check in SMBUS Mode
      46. 6.3.46 IOMUX2: IOMUX Coverage as Part of Other IP Safety Mechanisms
      47. 6.3.47 SPI1: Software Test of SPI Function
      48. 6.3.48 SPI3: SPI Periodic Safety Message Exchange
      49. 6.3.49 UART1: Software Test of UART Function
      50. 6.3.50 UART6: UART Error Flags
      51. 6.3.51 SYSCTL1: MCLK Monitor
      52. 6.3.52 SYSCTL2: HFCLK Start-Up Monitor
      53. 6.3.53 SYSCTL3: LFCLK Monitor
      54. 6.3.54 SYSCTL6: SYSPLL Start-Up Monitor
      55. 6.3.55 SYSCTL8: Brownout Reset (BOR) Supervisor
      56. 6.3.56 SYSCTL9: FCC Counter Logic to Calculate Clock Frequencies
      57. 6.3.57 SYSCTL10: External Voltage Monitor
      58. 6.3.58 SYSCTL11: Boot Process Monitor
      59. 6.3.59 SYSCTL14: Brownout Voltage Monitor
      60. 6.3.60 SYSCTL15: External Voltage Monitor
      61. 6.3.61 SYSCTL16: External Watchdog Timer
      62. 6.3.62 MCAN1: Software test of function using I/O Loopback
      63. 6.3.63 MCAN4: SRAM ECC
      64. 6.3.64 MCAN5: Software Test of ECC Check Logic
      65. 6.3.65 MCAN6: MCAN Timeout Function
      66. 6.3.66 MCAN7: MCAN Timestamp Function
      67. 6.3.67 CRC: CRC Checker
      68. 6.3.68 EVENT2: Interrupt Connectivity Check
  8. 7An In-Context Look at This Safety Element out of Context
    1. 7.1 System Functional Safety Concept Examples
  9.   A Summary of Recommended Functional Safety Mechanism Usage
  10.   B Revision History

A Summary of Recommended Functional Safety Mechanism Usage

Appendix A summarizes the functional safety mechanisms present in hardware or recommend for implementation in software or at the system level as described in Section 5. Table 8-1 describes each column in Table 8-2 and gives examples of what content can appear in each cell.

Table A-1 Legend of Functional Safety Mechanisms
Functional Safety Mechanism Description
TI Safety Mechanism Unique Identifier A unique identifier assigned to this safety mechanism for easier tracking.
Safety Mechanism Name The full name of this safety mechanism.
Safety Mechanism Category Safety Mechanism - This test provides coverage for faults on the primary function. It may also provide coverage on another safety mechanism.

Test for Safety Mechanism - This test provides coverage for faults of a safety mechanism only. It does not provide coverage on the primary function.

Fault Avoidance - This is typically a feature used to improve the effectiveness of a related safety mechanism.
Safety Mechanism Type Can be either hardware, software, a combination of both hardware and software, or system. See Section 6.2 for more details.
Safety Mechanism Operation Interval The timing behavior of the safety mechanism with respect to the test interval defined for a functional safety requirement / functional safety goal. Can be either continuous, or on-demand.

Continuous - the safety mechanism constantly monitors the hardware-under-test for a failure condition.

Periodic or On-Demand - the safety mechanism is executed periodically, when demanded by the application. This includes Built-In Self-Tests that are executed one time per drive cycle or once every few hours.
Test Execution Time Time period required for the safety mechanism to complete, not including error reporting time.

Note: Certain parameters are not set until there is a concrete implementation in a specific component. When component specific information is required, the component data sheet should be referenced.

Note: For software-driven tests, the majority contribution of the Test Execution Time is often software implementation-dependent.
Action on Detected Fault The response that this safety mechanism takes when an error is detected.

Note: For software-driven tests, the Action on Detected Fault may depend on software implementation.
Time to Report Typical time required for safety mechanism to indicate a detected fault to the system.

Note: For software-driven tests, the majority contribution of the Time to Report is often software implementation-dependent.
Table A-2 Summary of Functional Safety Mechanisms
TI Safety Mechanism Unique Identifier Safety

Mechanism

Name		 Safety

Mechanism

Category		 Safety

Mechanism

Type		 Safety

Mechanism

Operation

Interval		 Test

Execution

Time		 Action on

Detected Fault

 Time to Report
ADC1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
ADC2 ADC software

test of functionality

 Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
WDT Windowed watchdog event Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
ADC3 ADC Trigger overflow Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
ADC4 ADC window comparator Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
ADC5 Test of window comparator Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
ADC6 ADC trigger/output plausibility check Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
COMP1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
COMP2 DAC to COMP Loopback Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
COMP3 External pin input to COMP Safety Mechanism System Level Diagnostic Periodic / On Demand Application dependent Reset the device Application dependent
COMP4 Comparator Hysteresis Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
COMP5 Redundant comparator Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
CPU1 ARM Software Test Library Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
CPU2 Write/Read back of data to different regions of memory to detect faults in the bus interconnect components. Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
SYSCTL11 Boot Process Timeout Safety Mechanism Hardware + Software Periodic/On Demand Application dependent Reset the device Application dependent
CPU3 Software redundancy Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
CPU4 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
CRC CRC Checker Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
CRC1 Periodic Software Read Back of Static Configuration Registers Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
DAC1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
DAC2 DAC to ADC Loopback Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
DAC3 FIFO Underrun interrupt Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
DMA1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On-Demand Application dependent Reset the device Application dependent
DMA2 Software DMA transfer test Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
DMA3 Software DMA channel test Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
DMA4 CRC check of the transferred data. Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
EVENT1 Periodic Software Readback of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent

EVENT2

Interrupt connectivity checker

 Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
GPIO3 GPIO multiple (redundant) outputs Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
FXBAR2 Periodic Software Read Back of FLASH data Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
FLASH1 FLASH ECC checker Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
FXBAR3 Software test of ECC checker logic. Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
FXBAR4 Write protection of FLASH Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
GPIO1 Software test of function using I/O loopback Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
GPIO2 Periodic Software Readback of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
TIM1 Test for basic PWM generation Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
TIM2 Periodic Software Read Back of IP Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
TIM3 Test for fault generation Test for Safety Mechanism System Periodic / On Demand Application dependent Reset the device Application dependent
TIM4 Fault detection to take the PWMs to safe state Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
TIM5 Input capture on two or more timer instances Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
TIM6 Timer period monitoring. Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
I2C1 Software test of function using I/O loopback Safety Mechanism Hardware + Software Periodic Application dependent Reset the device Application dependent
I2C2 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic Application dependent Reset the device Application dependent
I2C3 Information Redundancy Techniques Including End-to-End Safing Safety Mechanism Software Periodic Application dependent Reset the device Application dependent
I2C4 Transmission redundancy Safety Mechanism Software Periodic Application dependent Reset the device Application dependent
I2C5 Timeout monitoring Safety Mechanism /Test of Safety Mechanism Software Continuous Application dependent Reset the device Application dependent
I2C6 Test of CRC function Safety Mechanism /Test of Safety Mechanism Hardware + Software Periodic Application dependent Reset the device Application dependent
I2C7 Packet error check in SMBUS mode. Fault Avoidance N/A Continuous Application dependent Reset the device Application dependent
IOMUX1 Periodic Software Readback of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
IOMUX2 IOMUX coverage as part of other IP safety mechanisms. Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
MCAN1 Software test of function using I/O loopback Safety Mechanism Hardware + Software Periodic/On Demand Application dependent Reset the device Application dependent
MCAN3 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
MCAN2 Information Redundancy Techniques Including End-to-End Safing Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
MCAN4 SRAM ECC Safety Mechanism Hardware Periodic/On Demand Application dependent Reset the device Application dependent
MCAN5 Software Test of ECC Logic Test of Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
MCAN6 Timeout on FIFO Activity Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
MCAN7 Timestamp Consistency checks Safety Mechanism Hardware / Software Continuous Application dependent Reset the device Application dependent
OA1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
OA2 OA test using ADC Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
OA3 ADC monitoring of OA output Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
SPI1 Software test of function using I/O loopback Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
SPI2 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
SPI3 SPI periodic Safety Message checks Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
SPI4 Information Redundancy Techniques Including End-to-End Safing Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
SPI5 Transmission redundancy Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL1 MCLK monitor Safety Mechanism Hardware + Software Continuous Application dependent Reset the device Application dependent
SYSCTL2 HFCLK Startup monitor Fault Avoidance N/A Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL3 LFCLK Monitor Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL5 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL6 SYSPLL Startup monitor Fault Avoidance N/A Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL8 Brownout Reset (BOR) Supervisor Safety Mechanism Hardware Periodic / On-Demand Application dependent Reset the device Application dependent
SYSCTL9 Clock frequency measurement Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL10 External voltage monitor Safety Mechanism System Level Diagnostic Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL14 Brownout Voltage Monitor Safety Mechanism Hardware Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL15 External Voltage Supervisor Safety Mechanism System Level Diagnostic Periodic / On Demand Application dependent Reset the device Application dependent
SYSCTL16 External Watch dog timer Safety Mechanism System Level Diagnostic Periodic / On Demand Application dependent Reset the device Application dependent
SYSMEM1 Software read of memory DMA Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
SYSMEM2 Software read of memory CPU Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
SYSMEM3 Parity logic test Test for Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
SYSMEM4 RAM Parity Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
UART1 Software test of function using I/O loopback Safety Mechanism Hardware + Software Periodic/On Demand Application dependent Reset the device Application dependent
UART2 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
UART3 Information Redundancy Techniques Including End-to-End Safing Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
UART4 Transmission redundancy Safety Mechanism Software Periodic/On Demand Application dependent Reset the device Application dependent
UART5 Timeout monitoring Safety Mechanism/Test for Safety Mechanism Software Continuous Application dependent Reset the device Application dependent
UART6 UART error flags Safety Mechanism Hardware Continuous Application dependent Reset the device Application dependent
REF1 Periodic Software Read Back of Static Configuration Registers Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
REF2 VREF to ADC Reference input Safety Mechanism Hardware + Software Periodic / On Demand Application dependent Reset the device Application dependent
WDT1 Periodic Software Read Back of Static Configuration Registers Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
WDT2 WWDT counter check Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent
WDT3 WWDT software test Test for Safety Mechanism Software Periodic / On Demand Application dependent Reset the device Application dependent