SafeTI™-HSK - Functional Safety with the TI Hercules™ Platform

Highlights 

  • Try out and understand the Hercules safe island approach
  • Evaluation board with two Hercules microcontrollers and safety companion chip
  • Software stack as demo implementation of a safety-critical application for a Hercules microcontroller
  • Failure injection and observation of system reactions through a Host Control GUI

Safe Island Approach
The Hercules processors share a common safety architecture concept called a “safe island” philosophy. The basic concept involves a balance between application of hardware diagnostics and software diagnostics to manage functional safety while balancing cost concerns. In the “safe island” approach, a core set of elements are allocated continuously operating hardware safety mechanisms. This core set of elements – including CPU, flash memory, SRAM and associated interconnect structures – is needed to guarantee the correct execution of software. Once the correct execution of software is ensured, software-based diagnostics can be applied to check other device elements, such as peripherals.

SafeTI-HSK Tools and Source Code
The SafeTI-HSK comes with all the tools and source code needed to start with the development of a Hercules-microcontroller-based safety-critical system.

  • Texas Instruments Code Composer Studio for the Hercules family
  • Evaluation version of the SAFERTOS safety operating system
  • SafeTI Diagnostic Library
  • Safety application and  control application (as well-documented source code)
  • Host Control GUI

SafeTI-HSK Board
Hercules Microcontroller
The evaluation board contained in the SafeTI-HSK comes with two Hercules controllers, the Safety MCU and the Control MCU. The Safety MCU executes the actual safety application. The operation of the Safety MCU is monitored by the TPS65381-Q1 companion chip.  The Control MCU in turn enables the communication with the Host Control GUI and serves among other things also for the injection faults into the system.

Safety Companion Chip (TPS65381-Q1) 
The TPS65381-Q1 companion chip is a power source that satisfies special functional safety requirements. It supports microcontrollers of the Hercules family as standard. In order to monitor the correct operation of the connected microcontroller, the companion chip contains a watchdog. This watchdog requires specific messages within certain time intervals. If the messages do not appear on time, the safety path – and the Equipment Under Control (EUC) – is disabled.

SafeTI-HSK Software 
Safety Application
The software stack executed on the Safety MCU is schematically depicted on the right hand side. The HW abstraction layer, the Texas Instruments SafeTI Diagnostic Library, the SAFERTOS operating system and the actual user application are part of the software stack.
During start-up the Hercules MCU safety mechanisms are configured by the Diagnostic Library. Subsequently the execution of corresponding tests ensures the correct operation of the MCU. After the system start the user application is executed as independent set of tasks on the SAFERTOS operating system. The Command Handler is one of these tasks that receives instructions from the Control MCU and forwards the commands to the respective target task. A command for fault injection is processed by the so called Fault Injection task.

Control Application
The control application runs on the Control MCU and ensures the communication between board and Host Control GUI and enables the injection of faults into the communication between TPS65381-Q1 and Safety MCU as well as into the Safety MCU itself. Furthermore the Control MCU allows the observation of the system behavior after fault injection and the measurement of system response times. 

Host Control GUI
The Host Control GUI makes the safety-related features of the Safety MCU come alive and offers a comfortable method to observe the behavior of the Safety MCU as response to different fault injections. The graphical representation of the system behavior supports a general understanding of the interaction between Safety MCU and companion chip.