AN3077 Datasheet, PDF(20/82 Page) STMicroelectronics

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

AN3077 Datasheet, PDF (20/82 Pages) STMicroelectronics – Safety application guide

◁

Functional safety requirements for application software

AN3077

Note:

Implementation hint: The eDMA and CRC modules may be used to implement this Safety

Integrity Function (SIF) to avoid overloading the CPU.

â GPI_SWTEST_CMP

This software test is used to execute the comparison between the double reads

performed by the independent channels.

3.13.1.1.4 Implementation details

The only hardware element that can be used for the safety function is the general purpose

input/output (GPIO).

Note:

Implementation hint: Every I/O pad that is not dedicated to a single function can be

configured as GPIO (ADC pads are an exception to this rule, as they can only be configured

as inputs).

Caution: Redundant GPIO shall be selected in a non-contiguous way from the pin perspective to

minimize CCF (see Section 7, I/O pin/ball configuration for details).

Mandatory: The pads shall be configured via the appropriate pad configuration registers

(PCRn) in the SIUL module.

Note:

Rationale: To configure pads used by this safety function, and avoid CCF caused by

improper configuration of the pads.

Table 3. Software BIST and/or test

Software BIST or test

Frequency

SIUL_SWTEST_REGCRC

Once after programming

GPI_SWTEST_CMP

Once for every acquisition

3.13.2

Read PWM Input

For ASIL D applications, digital inputs used for safety purposes are always assumed to be

acquired redundantly as described in the following section.

Read PWM Input means any input read related to signal transitions (rise or fall). This may

also include the time that the signal was high, low or both.

3.13.2.1 Double Read PWM Inputs

3.13.2.1.1

Hardware elements

A Double Read PWM Input is implemented by two channels, one channel provided by

eTimer_0 and the other by eTimer_1. The SIUL module must be configured (via the

appropriate SIUL_PCRn) to provide configuration and input direction of the input pads. To

minimize CCFs, these input pads must not be physically adjacent (see Section 7, I/O

pin/ball configuration for details).

3.13.2.1.2

Safety Integrity Functions

Safety integrity is achieved by reading each input then comparing the values in the

processing function (See Figure 2).

20/82

DocID16384 Rev 10

▷