SPRACI7A October 2018 – March 2022 TMS320F280021 , TMS320F280021-Q1 , TMS320F280023 , TMS320F280023-Q1 , TMS320F280023C , TMS320F280025 , TMS320F280025-Q1 , TMS320F280025C , TMS320F280025C-Q1 , TMS320F280040-Q1 , TMS320F280040C-Q1 , TMS320F280041 , TMS320F280041-Q1 , TMS320F280041C , TMS320F280041C-Q1 , TMS320F280045 , TMS320F280048-Q1 , TMS320F280048C-Q1 , TMS320F280049 , TMS320F280049-Q1 , TMS320F280049C , TMS320F280049C-Q1 , TMS320F28P550SJ , TMS320F28P559SJ-Q1
With increased deployment of semiconductors in automobile and industrial markets, functional safety is becoming a critical dimension of semiconductor design in addition to the traditional aspects like power, performance, area, and so forth. Functional safety standards (for example, ISO26262 for Automotive, IEC61508 for industrial, IEC60730 for white goods, and so forth) list the requirements to be adhered to during the design and deployment of such systems.
Functional safety requires freedom from unreasonable residual risk originating from faulty behaviour of safety related electronic and electrical systems. Faults can be either systematic or random hardware faults. With regard to random hardware faults, memory (especially SRAM) is one of the most significant components of functional safety in the execution of software in electronics and programmable electronics. This is because SRAM is usually the largest component in the overall device in terms of both area and transistor count. Furthermore, SRAM is very dense and therefore susceptible to subtle defects. Moreover, SRAM operates in reduced voltage ranges vs normal circuit logic and is therefore more susceptible to disturbances. Further discussion of the nature of SRAM and error detection is outside the scope of the application report. For more information, see Error Detection in SRAM.
Customers who use the C2000 devices in functionally safe systems may require a specific diagnostic coverage (DC) of the memory in order to meet various functional safety standards or requirements. A particular diagnostic coverage may be required for both single point faults as well as latent faults. Electronics and programmable electronics used in functionally safe applications might require the capability to perform SRAM and ROM test at start-up or periodically during maintenance cycles. Some other class of safety applications require the memories to be tested periodically in parallel with application execution. M-POST on C2000 is designed and enabled to target the former in order to detect latent faults. M-POST assists customers to achieve their functional safety requirements by providing the capability to perform memory tests at start-up.
Additionally, in order to detect random hardware faults in-system, C2000 devices are equipped with EDAC, or error detection and correction logic, on memories. Furthermore, the F28x7x SafeTI Diagnostic Library (SDL) provides software for a RAM March13n algorithm that specifically targets the data, address and EDAC bits for permanent stuck-at faults, as well as some worst-case path timing faults that can occur from system degradation over time. The March13n test is designed for robust in-system testing of memories and can be easily integrated into a system application. For more information, see C2000™ CPU Memory Built-In Self-Test.
The processing elements on C2000 MCUs that utilize the on-chip memories are equipped with a Hardware Built-In Self-Test (HWBIST) that targets the C28x CPU logic including the TMU, FPU, and VCU and is able to achieve up to 99% DC. For more details, see C2000™ CPU Memory Built-In Self-Test. Furthermore, the Control Law Accelerator Self-Test Library (CLA STL) targets the CLA for 90% DC and enables the use of CLA for processing in functionally safe systems. For more information, see C2000™ CLA Self-Test Library.