Hi Safety team,
One of my client is not using the SAF, they want to implement the SM.
Q-1. In the Addendum_S32K3xx.xls sheet,Module Clasification section,
Safety machanism for S32K322 Microcontroller is missing. Below Micro variants are mentioned.
S32K344
S32K312
S32K342
S32K358
S32K311
S32K388
Q-2. As per below section, talks about the redundancy. Is it applicable for ASIL B?
6.13.4.1.1 Digital inputs
Functional safety digital inputs may need to be acquired redundantly. To reduce the risk of common cause failures, the redundant channels must use GPIO/PWM functionality on two different ports. The double read digital inputs can be acquired as follows:
Table 45. Digital outputs software tests
Double Write Digital Output Redundant PORT hardware element is used to perform a double-write digital output.
Double Write PWM OutputRedundant PORT hardware element is used to perform a double-write digital output
Q-3. ADC self test ,it’s mentioned that C self-test and the voltage self-test.
Please provide more details, what exactly we have to do in these two test.
Client want to implement this.
As per the Addendum_S32K3xx.xls sheet :--
"ADC self test (periodical test of correct ADC operation).
There are two different modes in self-test,
the C self-test and
the voltage self-test.
The self-test C algorithm tests the :--
whole conversion frontend, CDAC, comparator and data drive out.
What it does not test is most of the channel mux and the reference input,
though when compared with the voltage self-test, :---
then there is only part of the channel mux left untested
Please suggest.
Regards,
Dinesh
Hi Dinesh,
First to understand ADC Self-Test I suggest reading through S32K3 Reference Manual (Rev.10), section 60.3.17 Calibration and self-test. The following table shows in more detail the steps followed by both algorithms.
To get a better grasp of what Self-Test Algorithm C is doing it helps to look at the blocks that make up a SAR ADC. There are three main sub-blocks: a capacitive DAC, a comparator, and the SAR engine that controls the module. An example ADC block diagram of this (not exactly the one for S32K3xx devices, but useful and representative of the main blocks nonetheless) can be seen next:
The capacitive DAC consists of N capacitors with binary weighted values. It provides an inherent track/hold function and uses the principle of charge redistribution to generate an analog output voltage to the comparator plus input.
Algorithm C (steps 0-11) sets these capacitors independently to highlight faults in the sampling capacitive DAC. For each step a sequence of pre-sampling, sampling and evaluation phases are executed. The difference/error of the individual offset value from the previously calibrated value is being returned as an ADC result that is compared with the programmed value in the self-test analog watchdog registers to detect faults.
For Algorithm C, there are recommended threshold values that can be programmed through the ADC registers:
These depend on the stability of the supply and the reference voltage (i.e. noise introduction from the external environment). In a noisier set up, running the self-test with the default/recommended analog watchdog values may cause failures. To overcome the failures in these cases you can relax the threshold values.
For example, for STAW4R and STAW5R, setting THRH of 16d and THRL of -16 means Algorithm C will fail for an error of magnitude greater than (16/8 =2) 2LSB. Setting THRH of 32 and THRL of -32d means that Algorithm C will fail for an error of a magnitude greater than 4LSB.
For more information on Algorithm C, there’s currently not much additional documentation. For ADC in general, not just ADC self-test and in case it’s useful, here are a few other resources you can check:
16-bit SAR ADC calibration (helpful to understand how a SAR ADC works):
https://community.nxp.com/t5/Kinetis-Microcontrollers/16-bit-SAR-ADC-calibration/ta-p/1102292
Thanks,
Daniel V.
