Home

XC2388E SafeTkit Quick Start Guide

Contents

1. To get into the READY state the Task Monitor and Data Compare must be started This is done by clicking on the Enable Task Monitor and Enable Data Compare buttons RELEASED SafeTkit XC2388E Quick Start 41 V1 1 2012 02 hitex imum DEVELOPMENT TOOLS Cinfineon PRO SIL XC2000 SafeTkit Test Bench C Temp Serial 4 HOG Oe After a few seconds the CIC61508 state will be displayed on the GUI as READY SYSDIS A r SYSDIS 8 om gt sySDIS c mm gt Table 6 CIC61508 SYSDIS A B C states for READY PRO SIL XC2000 SafeTkit XC2388E As the Opcode Sequence Test Task Monitor and Data Compare are all now running and the voltage monitors are disabled as delivered the CIC61508 will enter the READY state RELEASED SafeTkit XC2388E Quick Start 42 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 6 6 Entering The ACTIVE State Once the READY state has been reached the ACTIVE state can be enabled This is done by clicking on Advance To Active to write the GO command to the CIC61508 MODE SFR Note this is normally done by the PRO SIL XC2000 during initialization State Machine Ready B active M Disabled Advance to Stop state gt CIC61508 Reset This sends the command ESTM GO REO to the CIC61508 s MODE SFR The ACTIVE state causes a change in the SYSDIS X LEDs CIC61508 Output Status State Meaning SYSDIS A
2. RELEASED SafeTkit XC2388E Quick Start 18 V1 1 2012 02 hrtex imum DEVELOPMENT TOOLS PRO SIL XC2000 SafeTkit XC2388E 3 4 2 Building The Application The demonstration application can now be compiled and linked 5 C TASKING C C TASKING VX toolset for C16 File Edit Navigate Search Project Debug wi B gy r Ez C C Proj es ts Navigator O l imd B 4 1 DemoApplication Active Debug gt Em Binaries gt fall Includes gt Debug gt E Debugger gt E HITOP API gt amp Include gt E SCH LIB gt E Source d cstart c gt h cstart h h DemoApplication lsl DemoApplication simulator launch Do this by clicking on e Rebuild Project This will build the project fi Problems EI Console 5 Ed Properties C Build DemoApplication cl66 I808 trial version 12 day s remaining Compiling ApplCbk c c166 I808 trial version 12 day s remaining Compiling AdcInit c c166 1808 trial version 12 day s remaining Compiling CIC State c If the application has been successfully installed you should see an error free build result in the console window in Eclipse Bk Problems EI Console 23 Properties C Build DemoApplication Now Rebuild the User Application using the same procedure so that you are ready to try and run it on the Safe Tkit board Time consumed 23740 ms End of build RELEASED SafeTkit X
3. 4 SCIL UB All the elements of the PRO SIL XC2000 necessary to build an application are m Indud located in the SCII LIB subdirectory inside the Demo Application directory aes a Lib The main PRO SIL XC2000 system consists of thirty C source files These have m kl r been compiled into an object library SCII Source lib during the kit preparation sf This is located in the SCII_LIB Lib directory in the Demo Application The linker Je MakeLibs accesses this library in this location to resolve any PRO SIL external symbols di Source Source The Application call back functions are in Applcbk c This is located in SCII LIBVSource It has been adapted from the standard delivery to record the details of any errors in a global structure All the include files for PRO SIL XC2000 are collected together and placed in SCII LIBVibVUnclude This allows the Demo Application to find all the necessary header files without having access to the normal PRO SIL XC2000 directory structure The Demo Application is essentially fixed and no PRO SIL XC2000 settings can be changed 7 2 Advanced Example Application The Standard Application allows the Task Execution Monitor configuration to be altered and tests to be enabled or disabled in the startup procedure This application is recommended for use as the basis of customers own developments as the transfer to the full source code version of PRO SIL XC2000 is easy It is not included in the Tasking
4. SEND 310 127 SPI Communication Total Actve PRU SIL Detected Errors Error ID Trap ID Trap Description Error Description Error Injection RELEASED SafeTkit XC2388E Quick Start 30 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 5 3 1 2 Injecting Errors Into PRO SIL XC2000 The Safe core window is able to inject error conditions into the running PRO SIL XC2000 system Clicking on the Error Injection bar will reveal SafeTcore Test All of the PRO SIL XC2000 subsystems are available for error injection They can be selected from the pull down list SafeTCoreXC CIC61508 Voltage Monitoring Error Counters CIC State SENA 0 52 Opcode Test Sequence 127 Active SENB 21V N SENC 0 83 Error Injection r ror SEND 3 10 SafeTcore Test Test Execution Monitor Safety Integration Layer SC I Detected Enars ee Error ID Trap ID de Here the CIC Handler is selected RELEASED Safe Tkit XC2388E Quick Start 31 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Here the Error Injector has been told to inject five errors of type Communication Error into the CIC Handler Five represents the error threshold set within PRO SIL XC2000 for the reporting of errors please refer to the PRO SIL XC2000 user manual for more details on error thresholds Clicking Inject will trigger HiTOP to insert
5. Watch2 Watch3 Watch1 Callstack X Output 1x estart 64 WAIT 7 0 RESET TARGET UNASSEMBLE _cstart COUNT 39 MIXED 14 4 gt DIN HISCRIPT Log Messages Find in Files Build m Ready Break 1 User request Debug Ln64 Coll CAP NUM SCRL Halted Before running the Demo Application perform a reset of the XC2388E from the TR Target Reset button This will reset both the XC2388E and the CIC61508 The yellow LED 3 should flash approximately once per second and the CIC61508 s SYSDIS A SYSDIS B and SYSDIS C LED should be off This indicates that the board is in a running condition and that the CIC61508 has reached the ACTIVE mode CIC61508 Output Status State Meaning SYSDIS A ACTIVE SYSDIS C We are now in a position to really see how the PRO SIL safety system functions The Voltage Monitor SENA potentiometer should still be in the correct position so that the voltage read on SENA is within the upper and lower thresholds here 950 bits and 1000 bits If you now move the SENA potentiometer slightly the voltage will move outside of the range and the ClC61508 will start to register test failures Eventually the VA error counter will drop below 0x40 MAINTAIN threshold and the CIC61508 state will drop through the TRIP1 2 8 states to DISABLED Try this whilst looking at the SYSDIS LEDs RELEASED SafeTkit XC2388E Quick Start 55 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2
6. hrtex imm DEVELOPMENT TOOLS PRO SIL XC2000 Safety Concept Starter Kit XC2388E ClC61508 Getting started with the Hitex PRO SIL XC2000 SafeTkit RELEASED SafeTkit XC2388E Quick Start 4231 XC2388E V1 1 2012 02 Hitex Safety Solutions hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Edition 2012 02 Published by Hitex U K Limited University Of Warwick Science Park Coventry CV4 7EZ UK O 2012 Hitex U K Limited All Rights Reserved Legal Disclaimer The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics With respect to any examples or hints given herein any typical values stated herein and or any information regarding the application of the product Hitex UK Ltd hereby disclaims any and all warranties and liabilities of any kind including without limitation warranties of non infringement of intellectual property rights of any third party Information For further information on technology delivery terms and conditions and prices please contact the nearest Hitex Office www hitex com hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Document Change History Date Changed By Change Description 15 2 12 A Wenlock Edit Proof We Listen to Your Comments Is there any information in this document that you feel is wrong unclear or missing Your feedback will help us to continuously improve the quality of
7. DEVELOPMENT TOOLS 5 2 Running The Example Application Before running the Demo Application perform a reset of the XC2388E from the HiTOP54 166 TR Target Reset button This will reset both the XC2388E and the CIC61508 XC2388E Reset Turn the potentiometer near the XC2388E fully anti clockwise to make sure that the GO to ACTIVE mode command is not sent to the CIC61508 The CIC61508 SYS DIS A B C LEDs should be shown below CIC61508 Output Status State Meaning SYSDIS A NOT READY Table 2 CIC61508 SYSDIS A B C states for NOT READY Finally click on the green traffic light icon in HiTIO54 166 8 This will start the PRO SIL XC2000 system The opcode sequence test task monitor and data compare monitor in PRO SIL XC2000 will be running and being serviced by the CIC61508 Safety Monitor The LED on XC2388E P10 1 should illuminate This indicates that the PRO SIL XC2000 has been able to get the CIC61508 into the READY state i e all tests are passing The SYSDIS A SYSDIS Band SYSDIS C LEDs should be illuminated showing that the safety path is in the disabled state Note the SYSDIS pins are active low When the safety path is to be enabled the SYSDIS pins are high When the safety path is enabled the SYSDIS pins are low The board s SYSDIS LEDs are active high so there is an inversion CIC61508 Output Status State Meaning SYSDIS A READY n SYSDIS C O Table 3 CIC61508 SYSDIS A B C
8. Do not show this dialog again Open an existing project Re Import a 3rd party IDE project Create new projec Choose Open an existing project and in the subsequent window navigate to the directory containing the examples Cl D Hitex PRO SILXC2000 MAYFLOWER2 3bSK Implementation_v303_Demo DemoApplication Debugger v Search Debugger File Edit View Tools Help Organize v Include in library Share with v Burn New folder v B 4 Hitex Name Date modified Type 4 PRO SIL XC2000 arr SC DemoApplication XC2388E htp 27 01 2012 14 44 HTP File IM MU HO Tem SCI DemoApplication XC2388E sav htp 27 01 200121404 HTP File 4 Implementation v303 Demo g l gt di metadata buildsheets 4 DemoApplication gt JE Debug Debugger HiTOP_API k Include gt di SCILLIB Source JE Docs firmware gt Ju Hitex UK Size 40 KB 39 KB RELEASED SafeTkit XC2388E Quick Start 23 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Open the project SCII DemoApplication XC2388E htp in C Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation_v303_ Demo WDemoApplication Debugger As this is an evaluation version of HifOP54 TC for the moment you must choose the want to continue evaluation option If you subsequently purchase a full HiTOP54 TC licence this box will not appear Upgrade evaluation license n u HITOP has not
9. HITOP54 TC allows the monitoring of PRO SIL XC2000 and application data in real time As any break in execution would cause an immediate failure detection by the CIC615068 it is important that any monitoring or deliberate forcing of errors is performed non intrusively To get your board into the right state reset the XC2388E with the HiTOP54 166 TR Target Reset button Then make sure that the XC2388E s potentiometer is fully anti clockwise Start execution again with a click on the green traffic light icon in HiTOP The READY state should be entered again CIC61508 OutputStatus State Meaning SYSDIS A READY ssosc om gt SYSDIS C Now that the application is running to examine the PRO SIL XC2000 HiTOPS SCI DemaApplication XC2388E htp Ez state click on the View SafeTcore menu from the top line of HiTOP BEER View fe D D g Source z l G Workspace SFR window mA ex ha Aj ex H s CK Editor Options ex Em ex id a iss Load screen layout k H i0 PB Save screen layout ex 3 K p This will cause the SafeTcore monitoring panel to appear SafeTCoreXC CIC61508 Voltage Monitoring Error Counters CIC State Error Count Ready SENA DE2v 127 Opcode Test Sequence SENE 1 21 127 Data Comparator SENC 083W 127 Task Monitoring SEND 227 V 127 SFI Communication Total 308 PRO SIL Detected Errors Error ID Trap ID Trap Description Err
10. table does not usually need to be modified as this would require changes in the PRO SIL XC2000 which are outside the scope of the SafeTkit RELEASED SafeTkit XC2388E Quick Start 46 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS The Safety Path control panel relates how the SYSDIS A B C pins on the CIC61508 will be set in the various states NOT READY READY ACTIVE etc These can be edited by the user to suit the particular hardware environment The default configuration here results in the following LEDs being illuminated CIC61508 Output Status State Meaning SYSDIS A O n NOT READY On O SYSDIS C O SYSDIS B SYSDIS C On SYSDIS A SYSDIS B SYSDIS C SYSDIS A SYSDIS B SYSDIS C READY ACTIVE TRIP1 SYSDIS A SYSDIS B SYSDIS C SYSDIS A SYSDIS B SYSDIS C DISABLED On SYSDIS A SYSDIS C Table 7 CIC61508 SYSDIS A B C states for all states The Trip Timeouts are supplied at their maximum values of 133ms The Fail Decrements and Pass Increments decimal values allow the sensitivity of the CIC61508 to test failures in the opcode test and voltage monitors to be adjusted A test pass causes the related error counter to be incremented and fail causes it to be decremented by the amounts given here From this the failure reaction time can be calculated In the default configuration an opcode test pass is weighted as 30 whereas a failure is weighted as 4 Thus f
11. 2012 02 hitex imm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS HiTOP54 166 will start and reveal the following menu Fh t Mew wy Duug KIDS Ads felene Sytun Winds tip 0825 ABB 4327 AA TH AamTeng m WB 3nhiPit460625m 9g B 0eznniinmk oe oem sae TOP eee pre V sra vides diri beta to S TOP sten Wer eating HTCP af ating ae etomatcaly raved in fa paeo te which tan ter om be weed ba redere Ihe sermoe siste Vine djaki zkou bagia ls Em ed atm nm M Cw rar mena Mech Open o Mew we provided a ta Fa verne config onn Him gordon prost hangisi nue can be verd bo li td Ar ph mo L t ird Vo hd Pu Fd epa n H7 OP bo f Fa TD andre help Do ret shaw the dog apert MU OTT bens Most DE pst I Crete a pmo im OMM dio pu vant 1o 007 vas Build log W 4 MN MBCRIPT Lag Menager Find in Piken Built HITOP uses projects to store all relevant settings belonging to a HiTOP session When exiting HITOP all settings are automatically stored in the project file which can later on be used to restore the session state Tou should always begin with loading an existing project or defining new one In the main menu Project Open or Projects New are provided Far this For some configurations Hitex provides project templates which can be used to easily set up a new project IF YOU are a new user we recommend to read the First Steps in HiTOP chapter in the HiTOP online help What do you want to do
12. Eclipse workspace but it can be found in C Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation_v303_Demo Standard Application In this application the PRO SIL XC2000 again exists as a library but the PRO SIL source files TexM c Sil c Sil Cfg c have been placed in the SCI_LIB Source directory to allow local changes to be made Sil Cfg c contains the peripheral SFR configuration check structures that are used in the startup and shutdown hooks The upper and lower error thresholds for each monitor as well the enabling or disabling of tests is performed via the SCII cfg h file located in SCII LIBVnclude The object files created by compiling these from within the applications replace the standard ones in the SCII Source lib The Standard Application can be configured using the guidance contained in the full PRO SIL XC2000 User Manual in Chapter 5 Configuring PRO SIL XC2000 Generic Please note that the evaluation tools and software supplied in the Safe T kit have limitations that allow prototype application development but preclude the creation of commercial applications These restrictions can be overcome by purchasing the full versions from Hitex RELEASED Safe Tkit XC2388E Quick Start 59 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 73 SafeTkit Default PRO SIL XC2000 Configurations The settings contained in the default SCII Cfg H for use on the SafeTkit XC2388E are Lower Error Count Threshold
13. LEDS do not change it is possible that the CIC61508 firmware is not present in the device Please refer to Appendix A for details on how to reprogram it RELEASED Safe Tkit XC2388E Quick Start 20 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 5 Running And Monitoring Applications First Session This session will load the Demo Application example run it and show how the PRO SIL monitoring windows in HiTOP54 TC are used You will see how to verify that the internal safety tests are working correctly in real time The next chapter covers how the PRO SIL TestBench is used to monitor the behaviour and configuration of the CIC61508 It is recommended that you work through the steps given reading the explanatory text as you go This will provide a simple introduction to the basic concepts and terminology used in the SafeTcore system 5 1 Loading and Running The Example Application 5 1 1 Preparations Make sure that the following items have been installed from the supplied CD or CD image Tasking Eclipse C166 VX v3 0r3 Evaluation Version HiTOP54 166 SafeTkit Evaluation Version Example Application PRO SIL TestBench p e qm Set up the SafeTkit board as shown in section 4 1 so that it is powered and connected via USB to your PC The steps to follow are given in the next section RELEASED SafeTkit XC2388E Quick Start 21 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT
14. Output Status State Meaning SYSDIS A ssosB om ACTIVE sose O o gt To create a real error carefully remove the red link from jumper JP401 Replace it immediately back into its original position Figure7 Location Of JP401 This will cause the CIC615068 to lose its power supply and it will no longer respond to messages from the XC2388E and the PRO SIL XC2000 This causes an immediate system shutdown The SYSDIS LEDs will move to the DISABLED state and a Communications Error originating from the CIC handler will be reported by the SafeTcore window in HiTOP CIC61508 Voltage Monitoring Error Counters CIC State Error Count Active SENA O62 enn Opcode Test Sequence SENE O21 127 Data Comparator SENC 0 83 127 Task Monitoring SEND 1 65 SFI Communication Total S08 FRO SIL Detected Errors Error ID Trap ID Trap Description Error Description 5 2 CIC Handler Communication error Error Injection ie Z E RELEASED SafeTkit XC2388E Quick Start 33 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 5 3 2 Restarting The Example Application After An Error Injection Test To restart the SafeTkit please carry out the following steps 1 Stop execution of the PRO SIL example using the red traffic light button in HiTOP 2 Cause a Target Reset TR button 3 Restart execution CIC61508 Output Status State M
15. Run time Options Communications Board Options C LiveUpdate Port 1 COM63 Voltage Reference 3 3v Enable ee Enable Error Counter Minimum i i Q gt B Task Monitor 8 C Temp Serial C gt Value for Maintain 4o Rea dy Act Mz D ISA D ed state hex C Enable E77 MEM Data Compare R CAProgram Files Write modified seas Error System 01111000 Al Voltage Monitoring Data Comparator A B System TaskStart 00 Seq 80 Task MN State ErrorSys NRY ABIES ALIOO BH F8 BLco 8 bit joo oo SUMO 60 TaskEnd 00 vare vel l suMijoo A 10 bit 0304 B 20 bit 03 3 16 bit 0000 0000 akeReload oo vc frr VD LE SVER 30 m m E gt a BIN gt 8 32100 82 bit 00000000 00000000 m WakePrescaler 00 Compare Comm z oo oo CH rs CLioo DH F2 DL 40 MODE oo Security Sequencer Test m Register OTRLLI D3 OTRAL 35 C A0bit 0304 D 10bit j03co Window Watchdog HVER 102 SEC oc OTRLH 19D OTRHH 94 gt c 3 1610 gt D 31264 Min 02 Max oc SEQ oo Software Version ID 30 HardwarelD Flash variant step 02 ROM CRC 0x17 Driver Info Version v1 0 GUI version 2 9 10 Port Open 9 Communicating Figure 11 Live Update of CIC61508 SFR Contents At this stage only the opcode sequence test is running so the CIC61508 is in the NOTREADY state CIC61508 Output Status State Meaning p B Error System 01111000 SYSDIS A On SYSDIS B on NOTREADY State Errorsys NRY SYSDIS C On
16. SZbitfoorrrroo joorroo00 Comp oo for Security Sequencer Test CHIFS eoo DHIF2 Dij4o EE OTRUL 38 OTRHL F3 C 10 bit osp D 10 bit 03C9 Window Watchdog SEG 00 OTRLH es OTRHH 49 c s1e v gt D 3126V Minjo2 max oc seafos Software Version ID 30 Hardware ID Flash variant step 02 j ROM CRC 0x17 Driver Info Version v1 0 GUI version 2 9 10 PortOpen Communicating The final step is to move the CIC61508 to the ACTIVE mode using the Advance to Active button Reach active M Disable Advance to Active gt Advance to Stop state gt lt CICB1508 Reset You should see the SYSDIS X LEDs change as per CIC61508 Output Status State Meaning ace M BE DENE lt CIC61508 Reset This is the state that the PRO SIL XC2000 reaches during its initialization procedure so that by the time the StartupHook function exits the CIC615068 is in a stable state with the Safety Path enabled Call SafeTcore start up hook Sil StartupHook RELEASED SafeTkit XC2388E Quick Start 52 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 6 12 Entering The DISABLED State Once in the ACTIVE state only the DISABLED state is possible Under normal system operation this would be when power down occurs and the XC2388E would send the STOP command to the CIC61508 to give an orderly shutdown However i
17. Sfr extern huge char lc ub system stack CIC StatesCIC Sfr f0xEE 0x54 0xE9 0x62 0xC 0 E 4 40 vCIC get state extern huge char lc ue system stack xj f vCIC_updateSFRcoy extern huge char lc base dpp0 fO vManage CIC state extern huge char lc base dppl CicH extern huge char Ic base dpp2 Mg Cic extern huge char 1c vector table Mg cstart extern cptab t 1c copy table fO cstart mu Dcmp 4 t HiTOP API cstart startup code invoked from the RESET vector ta EEE EEE EEE EEE EEE ERE ERE EEE EEE EEE EEE ERE EEE AA Ad 2 main ys i 2 MPU ME Opc 3 3 Opc Cfg if WDT ENABLED nearp32 l H s3 E a diswdt disable watchdog timer H RAMTest sendif sbst stream 3j 3 Scheduler 2 SCI Target Initialize registers 1 Sf CAN LLC DERN s NEN iidei WDICUN H s SA CAN Loopback if WDICON INIT WDICON U WDTCON VALUE Mg Sfl ECC amp else when no WDTCON available use WDTREL and WDTCS 8 Sfl Init ifdef WDTREL 3 1 Sfl InitRAM if WDTREL INIT WDIREL U WDTREL VALUE p a SALISR i ae WDICS 1 GS u i 7 SfL MCHK if NWDICS INIT WDTCS U WDTCS U amp WDTCS MASK WDT i Sfl Opc endif 4 3 Sfl PCC endif Ara Sfl PEC if WDT ENABLED Sfl RAM Cell o __srvwdt serve watchdog timer endi 3j 1 3 Sfl RAM Pattern Ww M ifdef XPERCON m l ModuleView FileView b Register Mem0 Locals
18. Source PRO SIL XC2000 source code and library creation project RELEASED SafeTkit XC2388E Quick Start 17 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 3 4 Working With Tasking Eclipse IDE This section shows how to open and build the example application in the Tasking Eclipse IDE 3 4 1 Opening Eclipse Start the Tasking Eclipse When asked for which workspace to use Browse to C Hitex PRO SIL XC2000MAYFLOWER2 3bSKMmplementation v303 Demo as shown below C Workspace Launcher Select a workspace TASKING VX toolset for C166 v3 0r3 stores your projects in a folder called a workspace Choose a workspace folder to use for this session Hite PRO L XC2000VMAYFLOWER2 3bSkImplementation v303 Demo Use this as the default and do not ask again Figure 4 Choosing the Eclipse workspace Eclipse will initialise and shown the Demo Application in the workspace Fle Edit Navigate Search Project Debug Window Help d 8 6 G PR HED Fri riz v E E TANGO is amp Navigator O BE Outine 4 BS 4 i DemoApplication Active Debug iP Binaries ial Includes amp Debug amp Debugger S HTOP API Include amp STB amp Source F cstart c ih cstarth A DemoApplication lsl 5j DemoApplication simulator launch Problems El Console 31 N Properties Ade No consoles to display at this time
19. Workspace 2 SCI DemoApplication XC2388E htp 3 PRO SIL TesBenchLoader htp 4 SCII DemoApplication XC2388E htp 5 SCII Application XC2388E htp Figure 15 Reloading The Demo Application Project Please note that as the voltage monitor A in the CIC61508 is now enabled the Demo Application may not enter the READY state as the SENA potentiometer may not be in the correct position Please refer to section 6 12 to see how to correctly set the SENA potentiometer before proceeding RELEASED SafeTkit XC2388E Quick Start 54 V1 1 2012 02 PRO SIL XC2000 hrtex ium SafeTkit XC2388E DEVELOPMENT TOOLS 6 13 1 Testing The New CIC61508 Configuration With The PRO SIL XC2000 Application 6 13 1 1 Restart PRO SIL XC2000 With SENA In The Correct Position It is assumed that the Demo Application has been reloaded into the Safe Tkit We can now restart the PRO SIL XC2000 application HiTOP54 166 should appear as shown below 5 HiTOP5 SCI DemoApplication XC2388E htp EasyKit XC166 cstart c File Edit View Project Debug RTOS Analyze System Window Help 8X i Dc EG 8l BB 4 EO EP GB i DemoApplicatic o al A AR PPO OD m A Workspace ModuleView 7 X Disassembly Sil RAMTest TexM SCI Target CicH CIC State Scheduler cstart uoco mai gt Watch Watchi or CK61508 Statue extern near char lc ub user stack3 ID Expression Value Type CIC
20. editor tab click on this now In the following text the terms DFLASH data calibration data set and NVM tables all refer to the data displayed in this window Infineon 1 B Kl Ka of EME ae oen aj unas a oe swe as OxFFO00000 BJ row a lt e o FFFro000 af sire a lt e oer E E E E Figure 13 The NVM Data Editing Tab The following functions are available 1 Read the DFLASH contents into the TestBench s local editing area 2 Read a new DFLASH calibration from the reference CIC61508 spreadsheet e g CIC61508 BuildSheet VANIA30 SafeTkit xls 3 Change values of any item in this area 4 Edit the data tables in a user friendly manner 5 Write the new DFLASH data into the CIC61508 DFLASH 6 Export the DFLASH editing area s contents to a XLS spreadsheet a BIN binary dump file a HEX file or a C text file containing the DFLASH contents as a compilable C const array After first connecting to the CIC61508 the current DFLASH contents are uploaded from the device and displayed here Note that the CIC61508 Task Monitor and Data Compare functions are enabled The Opcode Sequence Test Table panel shows the table of expected answers to be returned by the PRO SIL XC2000 in response to predefined questions The answers are calculated by the PRO SIL XC2000 based on specially designed instruction set sequences that will prove the correct operation of the XC2388E CPU The
21. off ACTIVE SYSDIS C From now on any disturbance to the opcode test will cause the CIC to drop out of the ACTIVE state and move to the TRIP1 TRIP2 TRIP3 and finally the DISABLED state 6 7 Moving To The DISABLED State To move to the DISABLED state send the STOP command to the CIC61508 MODE SFR Clicking on the Advance To Stop state will do this The CIC61508 will then move to the DISABLED state State Machine CIC61508 Output Status State Meaning SYSDIS A DISABLED SYSDIS C On CIC61508 Reset RELEASED Safe Tkit XC2388E Quick Start 43 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 6 8 Restarting After DISABLED Mode Once in the DISABLED state only a RESET will allow the CIC61508 to recover This is done either by pressing the CIC61508 reset button on the SafeTkit or by clicking the CIC61508 Reset button in the GUI If the live update button task monitor and data compare are still enabled the CIC61508 will go straight to the READY state CIC61508 Output Status State Meaning SYSDIS A READY SYSDIS C On However if you disable the Live Update button clicking the CIC61508 Reset button will cause the CIC615068 to reset but then go to the NOT READY state this is the state expected when the PRO SIL XC2000 restarts CIC61508 Output Status State Meaning SYSDIS A NOT READY This is because the simulated opcode t
22. the CIC61508 which stays in the NOT READY state all SYSDIS LEDs on SYSDIS B 1 ON NOTREADY ossos ce o On O When this has completed the TestBench will display the current SFR contents Infineon PRO SIL XC2000 SafeTkit Test Bench CATemp Serial Figure 10 Connected To The SafeTkit RELEASED SafeTkit XC2388E Quick Start 40 V1 1 2012 02 PRO SIL XC2000 hrtex ium SafeTkit XC2388E DEVELOPMENT TOOLS 6 5 Live Update Of CIC61508 SFRs As the TestBench has read the CIC61508 s DFLASH it knows the opcode test table which the CIC61508 expects Normally PRO SIL XC2000 generates the opcode test table values through a sequence of comprehensive instruction set tests aimed at proving the continued correct operation of the CPU The TestBench can simulate this so that the CIC61508 can be run from the NOT READY state through the READY STATE to ACTIVE The simulation involves sending the expected test answers at the correct times so that the CIC61508 is fooled into thinking that there is a real PRO SIL XC2000 running This trick allows the real operation of the CIC61508 to be experimented with and calibrated To begin the simulation click the Live Update button f Infineon cena A Rapid Development for the Infineon Safety System TARDISS N x Cinfineon PRO SIL XC2000 SafeTkit Test Bench Configuration and Live SFRs NVM Data Tables System Configuration State Machine
23. 01 against a red background Cinfineon PRO SIL XC2000 SafeTkit Test Bench C Temp serial SYSDIS A SYSDIS B NOT READY SYSDIS C Now move the SENA potentiometer slowly so that the voltage moves between the lower and upper thresholds The VA error count and the actual voltage readings should become green The VA error count will then rise to 0x7F showing that the tests are passing RELEASED SafeTkit XC2388E Quick Start 91 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Enable the Task Monitor And Data Compare tests and the CIC61508 state should now move to READY i Infineon CIC61508 Test and Rapid Development for the Infineon Safety System TARDISS gt TA nu C Cinfineon PRO SIL XC2000 SafeTkit Test Bench Configuration and Live SFRs NVM Data Tables System Configuration Communications Board Options Port COM53 Autodetect Voltage Reference 3 3v B ger v Cuire iip mE 4o EB A ct ve D sd b d state hex semen contiguration rite C Program Files lt CIC61508 Reset Error System 00111100 Task Monitoring Error Counts Voltage Monitoring Data Comparator A B TaskStart 107 Seq r frr Task 80 State ErrorSys RDY TaskEnd 07 VAS SE a Bit 00 Joo WakeReload 00 vell volt 0bim osoo B 10bimjoscs 16 bit FFo0 ooo WakePrescaler 00 Compare 7E Comm 80 gt A 3190V gt B
24. 012 02 hitex PRO SIL XC2000 DEVELOPMENT TOOLS SafeTkit XC2388E List of Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 XC2388E SafeTkit With CIC61508 Safety Monitor rrrnrrnnrrrnnnnnnnnrvrnrrrnnnnnnnsrrnnnrrnnnnsnnnrennnrnnnnnnnnnee 9 Block Diagram Of The XC2388ESafe kit Board rrrrnrrnnnrrrrrrrnnnnnrrnnrnnnnnrrnvrnnnnnrnnnrnnnnnrnnnrnnnnnrennnnnn 10 Safe kit Demonstration Application Directory Structure default rrrrrnnrrrrnnnnrrrrnnnrrrrnnnrennnnnnrnnnnn 17 Choosing ihe Eclipse WOIKSDSCS Jaa dneede 18 Safe kit XC2388E Default Configuration With Power And USB Cables 20 Lo ahon OF HI OP54 166 Project FICS uarsmmmenisednnsdmakmemnasmsaansodnnsomatmebn dnasanis dkn 22 LOCAHOR SE EE EE EEE 33 Reloading The Demo Application Project rrrrnnrrrnrnnnnrnrnnnnvrnnnnnnvnvnnnnrnnnnnnrnnnnnnsnnnnnnnrnnnnnnsnnnnnnsennnnnee 37 Initialization Of The Internal DFLASH Edit Buffer rsnrrrnrrrrrrrrnnnnnrorrrnnrrrnnnnnnnsrrnnnrrnnnnnnnssrnnnrrnnnnsnnnee 39 Connected To The NE RE REE REE 40 Live Update of CIC61508 SFR Contents rrrrnnrnrnnrrnnnnnvrvrnnnnnrrnnrnnnnnnrrnrnnnnnrrnnnnnnnsennnnnnsnsennnnnnsssrnnnnnn 41 The CIC61508 Voltage Monitor Potentiometers cccccccsseseeeceeeeeeeeeeeeeeeeeeeseaaeeeseeeeeeessaaaeeeeeeeees 45 The NVM Data E
25. 388E DEVELOPMENT TOOLS They will end up in the DISABLED state but you may be able to detect them sequencing through the TRIP states on the way CIC61508 Output Status State Meaning SYSDIS A DISABLED The yellow LEDs will stop flashing and all 4 will be on showing that the PRO SIL XC2000 application has shut down 6 13 1 2 Restart PRO SIL XC2000 With SENA In An Incorrect Position If PRO SIL XC2000 tries to start from reset with SENA at the wrong voltage it will never reach the READY or ACTIVE states remaining in the NOTREADY condition CIC61508 Output Status State Meaning SYSDIS A NOT READY SYSDIS C This simulates a power up fault where perhaps the supply voltage for a critical element is out of limits and so the PRO SIL system prevents the system from starting up in a potentially dangerous or unstable state 6 13 2 Restoring The SafeTkit To A Running Condition It is not a good idea to leave the SafeTKit in a state where it will not power up and run in the ACTIVE mode To get it working again we will need to check the state of the Voltage Monitor A error counter Make sure that the XC2388E potentiometer below the LCD panel is fully anti clockwise Checking the state of the error counters is done using the Watch window in HiTOP54 166 Click on the Watch1 tab to reveal a structure within PRO SIL XC2000 that contains an image of the current CIC61508 SFRs called CIC Sfr Registe
26. 54 166 ST10 Debugger FRO SIL XC2000 library and application PRO SIL TestBench The Quick Start Guide that follows this section assumes that you have installed all of the items listed below e Tasking C166 VX v3 03 SafeTkit Evaluation Version e HiTOP54 166 Debugger e PRO SIL XC2000 library and applications e PRO SIL Testbench CIC61508 configuration tool We strongly recommend that you do this Each of the items has its own sub installer and each one will run automatically in sequence RELEASED SafeTkit XC2388E Quick Start 13 V1 1 2012 02 PRO SIL XC2000 hrtex ium SafeTkit XC2388E DEVELOPMENT TOOLS 3 2 Installing The XC2388E Example Application There is an example application supplied in the kit It is loaded into the Safe Tkit FLASH using the HiTOP54 166 debugger Demo Application This is the PRO SIL XC2000 reference application for the XC2388E SafeTkit modified to provide information for the HiTOP Safe Tcore monitoring windows lt demonstrates the basic features of an ASIL B D application It is intended for training and experimentation The PRO SIL XC2000 has been specially altered to allow it to run as an object library set but still allowing some important configurations to be changed This version will only run on the SafeTkit To run PRO SIL XC2000 on any other platform will require a proper Software Development Kit licence available from Hitex The example applications installer has its own user in
27. 8 6 4 Connecting To The SafeTkit Board rrrrrnnrrrnnnnnnnovvvrnrrnnnnnnnnvrnnnrnnnnnnnnssrnnnnnnnnnnnnsssennnnnnnnsnnsssennnnnnnnn 39 6 5 Live Update Of CIC61508 SFRS rrrnnnnrrrnnnnnnnnrrnnrrnnnnnnnnsrnnnrrnnnnnnnnsrnnnnrnnnnnnnnssennrnnnnnnsnsssnnnnnnnnnnnnaeeennn 41 6 6 Entering The ACTIVE State E 43 6 7 Moving To The DISABLED State ccccccccccccssseeeeeeeeeeeeaeseeeceeeeeeseeaeeeeceeeeeessseeseeeeeeesssseaseeeeeeeeesaaas 43 6 8 Restarting After DISABLED Mode ssesessesssseeeeneeeennne nennen nnne nnn nnns nna nnn nnns nnn rine 44 6 9 Editing The CIC61508 Calibration Data In DFLASK eee anne nn nn 45 6 10 The PRO SIL TestBench DFLASH Editor rrnnrnnnrrrnnnnnrnrvrnnrrnnnnnnnnrrnnnnrnnnnnnnnsennnnrnnnnnnnnsennnnnnnnnnnnnee 46 6 11 Enabling Voltage Monitor Channel cesses nnne nennen nennen nn nnns 48 6 11 1 Testing The New Configuration In The TestBenCh 0000000000000 nenene nn nn 50 6 12 Entering The DISABLED AN O O O 53 6 13 Reloading And Starting The PRO SIL XC2000 Demo Application eee 54 6 13 1 Testing The New CIC61508 Configuration With The PRO SIL XC2000 Application 55 6 13 1 1 Restart PRO SIL XC2000 With SENA In The Correct Position rrrrrrrrnnnnrrrrvrnnnnrrrrnnnnnnnrennrnnnnnnenn 55 6 13 1 2 Restart PRO SIL XC2000 With SENA In An Incorrect Position rrrrrrnnrnnrnnrnnnnnvvnnr
28. 88E Quick Start 36 V1 1 2012 02 PRO SIL XC2000 hitex imm SafeTkit XC2388E DEVELOPMENT TOOLS EEE Du lg 468 02 BB 424 WH T 7L BEM SP BA B TARDIS XC230 SER BU MB P00 D RE B HA NNNSNINNNNINN Disssembhy Tardis Sera Comms MAIN cstan 5 4 TARDISS XC2300 4 extern huge char 1c ub system stack g Exit extern _ huge char _lc_ue_system_stack m a CC2 extern _ huge char _lc_base_dpp0 p a CIC SecureMode extern huge char lc base dppl bma ciat extern _ huge char _lc_base_dpp2 Pod 0 extern huge char lc vector table PT extern cptab t _lc copy table ha 10 p a MAIN Jk ROG ORG ROGO E ERE EE aa OpcTest cstart startup code invoked from the RESET vector SCS rekker E Te i ENES Sere es PE aS Spi t aS Tardiss_Serial Comms if WDT ENABLED H a UOCO __diswdt disable watchdog timer H a U1CO fendif H a USICO D js Mg Globals Initialize registers ifdef WDICON Start the driver by clicking on the green traffic light icon 8 in HiTOP as before The PRO SIL TestBench GUI on the PC can now be started 6 2 Reloading The Demo Application Project When you have finished using the PRO SIL TestBench to reload the Demo Application the HiTOP project SCII DemoApplication XC2388E htp must be loaded Close the current HiTOP project and then Open the Demo Application project as shown below lyze System Window Help 444 Ama RWE 1 PRO SIL
29. 88E potentiometer fully clockwise the CIC61508 will enter ACTIVE mode the SYS SFR will go to Ox1E We RDUM Etiam the yellow LED will start flashing and all the SYSDIS LEDs will be L OTSRHH 0x8248 wFB unsigned char extinguished SP EISE unger cine c unsigned char L OTSRLL OxE8 232 LES unsigned char The SafeTkit is now in running condition again H WMAX gt h WMIN 0x022 2 unsigned char h SEQ 0x0C 12 x char ETE unsigned char L OTSCNT Ox7F 127 x7F unsigned char L VLTMACNT Ox7F 127 DAF unsigned char h VLTMBCNT Ox7F 127 x7F unsigned char h VLTMCCNT Ox7F 127 DAF unsigned char h VLTMDCNT 0x80 128 x80 unsigned char TSKMCNT 0x7D 125 Y unsigned char L DCMPCNT Ox7F 127 x7F unsigned char F SPICNT 0x80 128 x80 unsigned char RELEASED SafeTkit XC2388E Quick Start 57 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 6 14 Conclusion That completes the Quick Start Introduction The next few sections cover more advanced information on the topics covered so far RELEASED Safe Tkit XC2388E Quick Start 58 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 7 PRO SIL XC2000 Example Applications 7 1 Adapting The PRO SIL XC2000 For The SafeTkit XC2388E The PRO SIL XC2000 has been adapted to make it more suitable for use in a starter kit environment The major adaptations are listed below
30. ASED SafeTkit XC2388E Quick Start 35 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 6 1 Loading The PRO SIL TestBench Driver Into The SafeTkit To make use of the TestBench a special driver program must be loaded into the SafeTkit board This is done by loading a new project into HITOP54 TC To do this the current Demo Application project must be closed and a new project opened To do this click on Project Close File Edit View Project Debug RTOS Analyze System Win D d s As KMA 4 Bag 3 vort Workspace Module Ca Exit g io putc gm Addnit ApplCbk a CIC X a CIC_State eS Compile Ctrl F7 ga CicH Build 2 43 cstart kii Rebuild All extern huge cha fO cstart p extern cpt E VES l cstart star nigi main EEEEEEEEEEEEREEEEE ay MPU dy EN gs Opc E m a Ope_Cfg pha pnearp32 if WDT ENABLED Then Open the project PRO SIL TestBenchLoader htp File Edit View Project Debug RTOS Analyze System Window Help D a luii New 14 amp A mA BON BET mo gO M 1 sarDamehpplton XC EPA crm al AL estbenchLoader m i E 3 PRO SIL TesBenchLoader htp 4 SCII DemoApplication XC2388E htp 5 SCII Application XC2388E htp Compile Ctrl F7 Eg B u i d F i Rebuild All Cancel build The driver is now programmed into the SafeTkit RELEASED SafeTkit XC23
31. C2388E Quick Start 19 c166 I808 trial version Linking to DemoApplication elf lk166 I460 trial version 12 day s remaining 12 day s remaining V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 4 First Steps With The SafeTkit This section will check that the SafeTkit is in a workable condition prior to loading new applications in the following section It is assumed that the board is in the factory condition 4 1 Basic Board Check Check that the jumpers on your board are set as shown in the picture below If any jumpers are incorrect move them to the correct state This default configuration has the board powered from the external power supply connector E RM 2E RS m an 1 2 43494846 27 Chann Figure 5 SafeTkit XC2388E Default Configuration With Power And USB Cables Turn the potentiometer to the right of the LCD display fully anti clockwise Connect the mains power supply jack to the jack socket and then attach the USB port on the board to a free USB port on your PC with the supplied cable The yellow LED 3 should flash approximately once per second and the CIC61508 s SYSDIS A SYSDIS B and SYSDIS C LED should be off This indicates that the board is in a running condition and that the CIC61508 has reached the ACTIVE mode CIC61508 Output Status State Meaning SYSDIS A ACTIVE SYSDIS C Off If there appears to be no response and the SYSDIS X
32. Hobinjoso D 10 bit 0309 Window Watchdog The version supplied with the SafeTkit is a A NEUES UD EN specially adapted version of the full PRO Ps Meee FF DESER ROM variant step FF ROM CRC OxFF Driver Info Version v1 0 GUI version 2 9 10 Port Open Communicating SIL TestBench toolkit PRO SIL TestBench functions include 1 Simulation of the PRO SIL XC2000 opcode sequence test using the opcode test table stored in the CIC61508 DFLASH Simulation of the task monitor and data compare using data tables stored in the CIC61508 DFLASH Live update of CIC61508 SFRs Editing of SFR values Reading of the DFLASH calibration data Editing of DFLASH data such as safety path pins states voltage monitor thresholds etc Programming of revised calibration data into the DFLASH Importing DFLASH data from standard CIC61508 Build Sheet XLS files Export of DFLASH data to binary files HEX files or compilable C const arrays O pu i en Ud 3 In the SafeTkit the PRO SIL TestBench driver has been included into the example application By loading starting the PRO SIL TestBench and clicking connect the driver will take control of the application and allow the GUI to take over The CIC61508 SFHs can then be inspected or changes made to the DFLASH calibration data When the changes have been made the PRO SIL demonstration application can be re loaded into the board and the effect of the changes assessed RELE
33. N LLC ma Sfi CAN Loopback mes SALECC AE SA Init 9 S InitRAM Wes Sfi ISR m Sil MCHK 22 Sfi Ope SA PCC ma Sfi PEC 5 S RAM Cell Sfi RAM Pattern mer Sfi ROM se Sil p RE E JE E gt z HS 9 gt a WPa Globals EMU 44 defined XPERC VALUE amp Ox07D3 amp amp m 1 66 defined SYSCON ModuleView FileView Calistack 9 X Output t 4 DUMP 0x0000 LEN 16 WORD P n n DUMP 0x0000 LEN 32 WORD DUMP 0xC00204 LEN 32 WORD The program is now ready to run RELEASED SafeTkit XC2388E Quick Start p jo putc F extern char ic ub user stack3 GA Adelina extern char 1c ub system stack p ApplCbk extern char lc us system stack d Ma CIC N extern char ic base dppo p Ma CIC State ip M CicH oo m char Og cstart extern cptab t _ fO cstart 48 Demp b6 999099 tovo o to NITTEN GENET EN ENTEN EVIE 9990090009909920 disable vatchdog timer srvwdt serve vatchdog timer VALUE 6 Ox0004 amp amp M p H HISCRIPT Log Messages Find in Files Build 25 n X Watch Watch3 ax ID Expression Value Type 01 ff AppiCbk UserApy 0 0 0 0 0 0 0 0 2 struct sAppC Register Mem Locals Watch2 Watch3 Watchl 9 x Debug Ln64 Coll CAP NUM SCRL Halted 30 01 2012 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E
34. OWER 2 3b He Please wait while Software copies PRO SIL XC2000 MAYFLOWER 2 3b5K on your computer Extracting files C implementation v303 Demo DemoApplicationDebug amp ource X UOCO obj d It will finish with TEJ Copy PRO SIL XC2000 MAVFLOWER 2365 Completing the PRO SIL XC2000 N MAYFLOWER 2 3bSK Wizard QI A Software has finished copying PRO SIL XC2000 MAYFLOWER 2 3bSK on your computer Click Finish to exit Software RELEASED SafeTkit XC2388E Quick Start 16 V1 1 2012 02 hrtex ium PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS The directory structure created will look like Fledm 4 Hitex PRO SIL XC2000 a MAYFLOWER 3bSK E di Implementation v303 Demo gt di metadata K buildsheets a DemoApplication gt Debug Debugger JE HiTOP API Include 4 SCILLIB Include JE Lib MakeLibs i Source Source di Docs di firmware gt Hitex UK Figure 3 SafeTkit Demonstration Application Directory Structure default The contents of each directory is Application Example PRO SIL application that uses the source code version of PRO SIL XC2000 Buildsheets CIC61508 calibration data buildsheet as a spreadsheet DemoApplication Alternative form of the example application that uses a fixed library based version of PRO SIL XC2000 Docs PRO SIL XC2000 User Manual Preliminary Firmware HEX file for programming into CIC61508F or XC866 on the SafeTkit board SCII
35. TOOLS 5 1 2 Real Time PRO SIL XC2000 Testing And Monitoring With HiTOP54 TC In this section the demonstration PRO SIL XC2000 application will be loaded into the board and executed The demonstration project supplied is located in the default directory C Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation_v303_ Demo DemoApplication Debugger me QU Js m Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation v303 Demo DemoApplication Debugger v gt Search Debugger File Edit View Tools Help Organize v Include in library v Share with v Burn New folder es gt 4 Hitex Name Date modified Type Size 4 PRO SIL XC2000 4 MAYFLOWER2 3bSK 2 Implementation v303 Demo D pm metadata k buildsheets 4 d DemoApplication P Debug pr Debugger JE HiTOP API M Include gt SCILLIB M Source d Docs di firmware gt Ju Hitex UK SCH DemoApplication XC2388E htp 27 01 2012 14 44 HTP File 40 KB _ SCI DemoApplication XC2388E sav htp 27 01 2012 14 04 HTP File 39 KB n Figure6 Location Of HITOP54 166 Project Files Start HiTOP54 166 from the Windows Start menu E see one pm Google Earth E Graphviz 2 26 3 M HiTOP Debugger HiTOP Release Notes Help and Support zu Modify Setup Starts HiTOP Debugger pm Application Notes White Papers X Firmware Update Devices and Printers Default Programs k HiTOP Help M RELEASED SafeTkit XC2388E Quick Start 22 V1 1
36. TestBenchLoader htp apaga 3 PRO SIL TesBenchLoader htp 4 SCII DemoApplication XC2388E htp 5 SCII Application XC2388E htp Settings B Compile Ctri F Build F7 Rebuild All Cancel build Figure8 Reloading The Demo Application Project RELEASED SafeTkit XC2388E Quick Start 3 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 6 3 Starting The PRO SIL TestBench It is assumed that the Safe Tkit is powered up and that the PRO SIL TestBench driver has been loaded Start TestBench from the Windows start menu System Configuration Communications Board Options Port comes Voltage Reference 3 3v Serial debug r Enable Error Counter Minimum gt Value for Maintain 40 state hex Connect configuration File 4 CA Program Files SC Restart The first time the TestBench starts up you will have to carry out three special steps i In the Configuration File box the name of the configuration file for the CIC61508 needs to be entered ii The COM port to which the SafeTkit s USB port has enumerated needs to be entered iii The analog voltage reference value of 3 3V must be entered to suit the Safe Tkit board The CIC61508 configuration file is located in C Program Files x86 PRO SIL Safe Tkit Test BenchidatalMILInfoT able cfg Click on the file icon and navigate to this file and select it Note If you find in subsequent TestBench sessions that this file has not bee
37. afety path into the disabled state e PRO SIL PRO SIL Safety System consisting of the SafeTcore ll safety subsystem on the XC2388E and the CIC61508 Safety Monitor device e Opcode Sequence Test Sequence Test Test of the XC2388E CPU core that is verified via the external CIC61508 safety monitor connected via SPI e System Period 6ms system period The period of the opcode sequence test i e all 4 opcode sequence test SFRs will have been written within this period e System Tick 600us basic heartbeat rate of the CIC61508 RELEASED Safe Tkit XC2388E Quick Start 12 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 3 Installation Of SafeTkit Software And Documentation 3 1 Introduction The SafeTkit software is supplied on a CD but it can also be installed from a CD image on your hard disk To install from a CD simply insert the CD into your PC s CD DVD drive and allow it to initialize If you are installing from an image of the CD on hard disk simply click the installer executable SETUP EXE The installer welcome screen will appear momentarily and you should be left with the installer menu m SafeTkit Installer InstallAware Wizard SafeTkit Installer SafeTkit Installer will install the available setup s consecutively Please click Install to start the execution sequence or change the selection below Setup Executables TASKING VX toolset for C166 v3 0r3 PC Windows HiTOP
38. diting Tab PR R O sanseiensebeawsdspaasecbdebesesdsactseceecuedexbenes 46 Enabling Voltage Monitor Channel A cccccssccccseeeeccesseecceseeecsaeeecsaseeeseseeessagseessaseesssgeeessageees 48 Reloading The Demo Application Project cccccscccccseseeccseseeeccesscecseseeeceaeeecsaseeeseseeessseeessaeees 54 RELEASED SafeTkit XC2388E Quick Start 6 V1 1 2012 02 hitex PRO SIL XC2000 DEVELOPMENT TOOLS SafeTkit XC2388E List of Tables Table 1 Py UMN Jumper GS mmm 11 Table 2 CIC61508 SYSDIS A B C states for NOT READY eee eee nen nn ha hn 26 Table 3 CIC61508 SYSDIS A B C states for READY i eruunrnnnvnrnnnnvvnnnvnvnnnevsnnenrnnnenvnnnnnvnnnenvnnnenvnnnevvnneennnnenvnnn 26 Table 4 CIC61508 SYSDIS A B C states for ACTIVE runrannnnrnnnnvvnnnvvvnnnevnnnnevnnnenvnnnnnvnnnenvnnnenvunnevvuneernnnenvnnne 26 Table 5 CIC61508 SYSDIS A B C states for DISABLED eee een nen ha ana tn nn 27 Table 6 CIC61508 SYSDIS A B C states for READY ze terit eren tee v sada asana based ua arm ae 42 Table 7 61061508 SYSDIS A B C states for all states 3 seensus esasecedisadetovaadeecdrani ausdada ocesodc 47 RELEASED Safe Tkit XC2388E Quick Start 7 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 1 SafeTkit XC2388E Quick Start Guide Introduction Welcome to the Hitex SafeTkit for the XC2388E This document is intended to show you the main elements of the kit in a semi guided manner It co
39. eaning SYSDIS A ACTIVE SYSDIS C On PRO SIL XC2000 is now running stably again and the Safe core monitor window should be updating once more RELEASED Safe Tkit XC2388E Quick Start 34 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 6 Configuring And Monitoring The CIC61508 The PRO SIL XC2000 TestBench IS a Infineon C1061508 Test and Rapid Development for the Infineon Safety System TARDISS TT i special GUI based tool that allows the CIC61508 to be tested and configured and Cinfineon PRO SIL XC2000 SafeTkit Test Bench is part of the TARDISS family of CIC61508 PRO SIL support tools It relies on a special driver running on the ae XC2388E to allow it to access the E TM mm S ZZ CIC61508 s SPI interface from a COM port ouma Ready BM Active Bd Disabled on a PC The driver manages the flow of Configuration and Live SFRs NVM Data Tables System Configuration state hex Configuration File data between the XC2388E s USIC RcwosrenFies nd asynchronous serial ASC and SPI P Error System 111111111 Tak een EK Voltage Monitoring Data Comparator A B interfaces The ASC interface is ity Comm i I AI rs E se n connected to an FTDI USB to serial To EN e converter chip AE Soo rM aaa 3 a MODER oo 1 Security Sequencer Test CH rs coo pH r2 Difi of odios Register OTRU rr OTRHL rr C
40. ee to the terms and conditions below choose the check box I do not accept the agreement and the installation procedure will not be started If you agree to these conditions select accept the agreement otherwise end the installation now The default location for the application is C Hitex PRO SIL XC2000MA YFLOW ER2 3bSK but you can change this if you wish However we strongly recommend that you stay with the default location at least until you are more familiar with the SafeTkit i Copy PRO SIL XC2000 MAYFLOWER 2 3bSK lt Select Destination Location Where should PRO SIL XC2000 MAYFLOWER 2 3b5K be stored Software will store PRO SIL XC2000 MAYFLOWER 2 3b5K into the following folder To continue dick Next If you would like to select a different folder dick Browse z Hitex PRO SIL XC2000 MAYFLOWER 2 3bSK At least 27 8 MB of free disk space is required Click Next to continue RELEASED SafeTkit XC2388E Quick Start 15 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS i5 Copy PRO SIL XC2000 MAYFLOWER 2 3bSK Ready to Copy Software is now ready to begin copying PRO SIL XC2000 MAYFLOWER 2 3b5K on your computer Click Copy to continue with the copying process or dick Back if you want to review or change any settings Destina tion location C HitexlPRO SIL XC2000 MAYFLOWER 2 3bsK 13 Copy PRO SIL XC2000 MAYFL
41. est task monitor and data compare only run when the live update function is enabled Hence the NOT READY state is only maintained until the opcode test error counter has reached or exceeded 0x40 CIC61508 User Manual section 2 2 1 RELEASED Safe Tkit XC2388E Quick Start 44 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 6 9 Editing The CIC61508 Calibration Data In DFLASH With the default configuration in the CIC61508 DFLASH the four voltage monitors are disabled This means that the potentiometer settings are not taken into account when the CIC61508 determines whether it can enter the READY state just having a successful opcode test sequence task sequence and data compares from the PRO SIL XC2000 are sufficient Figure 12 The CIC61508 Voltage Monitor Potentiometers However in a real system the analog channels would be connected to critical voltages in the main system such as the supplies to the XC2388E for example The SafeTkit XC2388E supports this but for this test the potentiometers must be used as the voltage sources In the next session we will enable the voltage monitor A SENA channel to see what effect it has on overall system behaviour RELEASED SafeTkit XC2388E Quick Start 45 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 6 10 The PRO SIL TestBench DFLASH Editor The TestBench allows you to edit the data in DFLASH via the NVM Data Tables
42. found a Full license for your system HTOF allows pou to download applications which are code size limited to bt Bytes You can get a 30 days license without code size limitation for free or vou mar purchase a full license want to get 30 day full license want to buy full license want to continue evaluation In case You already have purchased a full license wou mar add it ta the license database using the HITUP license manager Open the HiTOP License Manager The SCI DemoApplication XC2388E htp project will prompt you before loading the example application Click OK and the example will be loaded into the XC2388E s FLASH ROM RELEASED Safe Tkit XC2388E Quick Start 24 V1 1 2012 02 hitex mum DEVELOPMENT TOOLS PRO SIL XC2000 SafeTkit XC2388E This operation will take a few seconds to complete Finally HiTOP will show the start of the program at the address 0xC00000 gt Easykit XC oc htp Las ALDO Debug RTOS Analyze System Window Help Demo Eile Edit View Project DF ag Si wae BH VE annes gp g E DemoApplicatu Gau S ABP Gu O tm Workspace Moduleview X Disassembly RAMTest UOCO HiTOP_API main B cstart w invoked from the RESET tartf code AY HiTOP API He main MPU ma Opc 2 2 Opc Cfg 2 pnearp32 22 RAMTest 9 sbst stream ma Scheduler Sa SCH Target mer Sfi CA
43. il on the XC2388E a variable voltage supply can be used to check that the PRO SIL system response is correct 1 1 2 SafeTkit Software The SafeTkit includes the PRO SIL XC2000 Safety Driver Library to provide an ASL B D capable software platform for custom developments This library takes care of the configuration and start up testing of the XC2388E as well as taking care of SPI communications with the CIC61508 safety monitor PRO SIL XC2000 includes the Infineon Software Built In Self Test SBST which runs continuous checks of the CPU functionality at a gate level The results of the checks are externally verified by the independently powered CIC615068 safety monitor In a real application the CIC61508 would be able to disable the system via its System Disable pins but on the SafeTkit it operates LEDs it can also optionally reset the XC2388E This meets one of the major requirements of 15026262 PRO SIL XC2000 is also able to monitor task execution times and calling sequences plus check the results of redundant calculations made by parallel threads in the XC23xx application RELEASED Safe Tkit XC2388E Quick Start 8 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS e 16 32 bit XC2388E Future CPU with safety extensions e Expansion connector with all IO available e CIC61508 Safety Monitor for ASIL B D e Separate power regulators for CIC61508 and XC2388E e CIC61508 monitors XC2388E Vppe Von and Vppim opt
44. in XC2300 SafetyConcept IFX pdf 2 1 Default Configuration As shipped the four SafeTkit voltage monitors are disabled i e potentiometer settings are ignored by CIC61508 This is due to the calibration data in the CIC61508 and not to any board jumper settings The DFLASH contents of the CIC61508 are as per CIC61508 BuildSheet VANIA30 SafeTkit xls The jumpers are set in the following default configuration Jumper Default Comment JP405 SENA uses potentiometer as input JP405 SENB uses potentiometer as input Closed Table 1 Default Jumper Settings JP402 SEND uses potentiometer as input 1 2 JP403 SENC uses potentiometer as input It is recommended that you check that your board is configured this way to allow the demonstration application to run successfully RELEASED SafeTkit XC2388E Quick Start 11 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 2 2 Terms Used Here are some basic terms used in this document e SCII SafeTcore Il PRO SIL XC2000 safety subsystem running on the XC2388E e Safety Path The physical lines that allow the CIC s SYSDIS pins to disable critical hardware or the XC2388E itself in the event of a failure in either the CIC or the PRO SIL XC2000 e ACTIVE mode CIC61508 is controlling the safety path and the PRO SIL XC2000 is correctly performing the opcode test e DISABLED mode The CIC61508 has detected a critical failure and has put the s
45. ional e 2x CAN buffered interfaces brought out to 10 way pin headers e SPI EEPROM e 2x CAN interfaces with transceivers e Flexray interface e XC2388E monitors CIC61508 Vppp and Vppc optional e XC2388E brown out simulator e TLE6711 voltage regulator with window watchdog for ASIL B only e USB JTAG X2388E debug interface e USB virtual COMport e 4analog voltage sources for CIC61508 e 1 analog voltage source for XC2388E e Provision for full cross linked voltage and system disable pin monitoring e SPl driven LCD display e Power from USB or main power supply e 10 user LEDs P10 e System disable SYSDIS X LEDs e Optional linking of CIC61508 and XC2388E resets to aid debugging USB Debug CIC61508 SENx XC2388E COMport Potentiometer Inputs LCD Display Reset JURY 000000000 E vr SYSDIS 8 das Y E 08 pl Y VY E N i sd 20446 C LED E tk or a mom ar MI 94Vv 0 M M a CIC61508 7 jd gue 80m Em Reset im 3 IO Expansion XC2388E out JP401 vier DC Power Optional CAN XC2388E ERAY SYSDIS XC2364B interfaces User LEDS Interfaces A amp B LEDs Safety monitor Figure 1 XC2388E SafeTkit With CIC61508 Safety Monitor RELEASED SafeTkit XC2388E Quick Start 9 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 1 2 SafeTkit XC2388E Major Functional Blocks The major components of the board are shown below The most important user configuration
46. irst Session rrrannuvrnnnnnvennnnnnnnnnnnnnnnnnnnvennnnnvennnnnnner 21 5 1 Loading and Running The Example Application cccccccsseseeecseeeeeeseeeeeecseeeeeeseeeeeeseaeeeessaeeeesaaeees 21 5 1 1 mi ociie EE NE O Demwarbsweas 21 5 1 2 Real Time PRO SIL XC2000 Testing And Monitoring With HiTOP54 TG rrrnrvvnnnnnnnnrrnnvvvnnrrnnnnnnnne 22 5 2 RUNNING The Example Application icsisicvcisiocciennsata versiones saaowilareisbdaariasacantvinws ee Fu wd PR kase Lr RUE Pcia 26 5 3 Monitoring The PRO SIL XC2000 State 000 0000000000000 A nnns KKK KRKA Annan nn nn 28 5 3 1 Understanding The SafeTcore Monitoring Window ccccccccceeecseeeeeeeeeeeeeeaeeeeeeeeeeesssaeaeeeeeeeeeeeeaas 29 5 3 1 1 Momo GN Fe 29 5 3 1 2 Injecting Errors Into PRO SIL XC2000 00000 n P KK K KKK RR P KK KR A KKK Ren 31 5 3 1 3 Monitoring Real 1100 ie 33 5 3 2 Restarting The Example Application After An Error Injection Test rrnnrrnnnnnnnrnnnnnnennnnnnrrnnnnnnennnnnn 34 6 Configuring And Monitoring The CIC61508 rrrervnnnnnnvennnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnnnevnnnnnnnnnennnnnnnnnen 35 6 1 Loading The PRO SIL TestBench Driver Into The Safe Kit rrrrnnnnnnnnrrvrnnrnnnrrvennrnnnerernnnnnnrrerennnn 36 6 2 Reloading The Demo Application Project rrrrnnrrrrrnnnnrrnnnnnvnnnnnnnvnrnnnnrnnnnnnrnnnnnnsnnnnnnnrnnnnnnsnnnnnnsnnnnnnee 37 6 3 Staing The PRO SLTES BEN uden 3
47. jumpers are also given Where there is a default or recommended setting for a jumper it is shown with a narrow line This is not an accurate representation of the Safe Tkit schematic and is only intended for the purpose of identifying the major elements of the board 9V 0 3V3 Variable TLE7278 1 BrownOut TLE4274 XC2388E Otdr 9 8d v8d 6 9 SIGSAS E GND Xx Figure2 Block Diagram Of The XC2388ESafeTkit Board RELEASED SafeTkit XC2388E Quick Start 10 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 2 SafeTkit XC2388E Contents The SafeTkit XC2388E consists of Mains power supply unit USB cable SafeTkit XC2388E evaluation board with CIC61508 Safety Monitor An installation CD containing Tasking VX Toolset v3 0r3 evaluation version HiTOP54 166 debugger and FLASH programmer PRO SIL XC2000 library for XC2388E TARDISS TestBench GUI TestBench driver supplied as a HEXfile and ELF file 10 A demonstration application Demo Application 11 An application suitable for further development Standard Application 12 PRO SIL XC2000 User Manual and Quick Start Guide this document oe ee sco coe e This guide covers installing all the components and running a simple exercise More detailed information on PRO SIL XC2000 can be found in PRO SIL XC2000 UM v1 8 pdf A complete overview of the XC23xx CIC61508 and PRO SIL Safety Concept can be found
48. n remembered it probably suggests that you did not have Administrator rights when you installed the GUI originally To find the COM port used by the Safe Tkit click on Autodetect and after a few seconds the COM port number will appear in the Port box The TestBench is now ready for use RELEASED Safe Tkit XC2388E Quick Start 38 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 6 4 Connecting To The SafeTkit Board Make sure that the TestBench driver in the board is running and that the CIC61508 is in ACTIVE mode SYSDIS A ACTIVE SYSDIS C Off Click Connect in the GUI and the TestBench will take control of the SafeTkit via the XC2388E s USIC ASC port The Connect button will change to Initialising C Temp Serial It will then enter Secure SPI mode See CIC61508 User Manual section 2 8 and read the contents of the DFLASH area putting them in its internal DFLASH edit buffer This process can take around 20 30 seconds and finishes with a device reset Uploading DFlash image iS Infineon CIC61508 Test and Rapid spment for the Infineon Safety System TARDISS Infineon PRO SIL XC2000 SafeTkit Test Bench H B Temp Serial Figure 9 Initialization Of The Internal DFLASH Edit Buffer RELEASED SafeTkit XC2388E Quick Start 39 V1 1 2012 02 PRO SIL XC2000 hitex imm SafeTkit XC2388E DEVELOPMENT TOOLS Finally it resets
49. n the event of a fault such as a voltage brown out on the XC2388E the voltage on for example the SENA channel would fall out of the legal range and cause the Voltage Monitor A error counter to drop to below 0x40 This would cause the CIC61508 drop into the DISABLED state This can be simulated by moving the SENA potentiometer slightly The CIC61508 will then move to the DISABLED state CIC61508 Output Status State Meaning State Machine SYSDIS A O DISABLED Ready Active DEE CIC61508 Reset Now click on the CIC61508 Reset button and slowly move the SENA potentiometer back to the correct position so that ACTIVE mode is re entered You should see the SYSDIS X LEDs change as per CIC61508 OutputStatus State Meaning SYSDIS A SYSDIS B ACTIVE SYSDIS C Advance to Stop state gt lt CIC61508 Reset RELEASED Safe Tkit XC2388E Quick Start 53 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 6 13 Reloading And Starting The PRO SIL XC2000 Demo Application When you have finished using the PRO SIL TestBench in order to reload the Demo Application the HiTOP project SCII DemoApplication XC2388E htp must be opened Close the current HiTOP project and then open the Demo Application project as shown below File Edit View Project Debug RTOS Analyze System Window Help Qa TE 1 PRO SIL TestBenchLoader htp mimm
50. nnnnnvrnnrnnnnnvennnnnn 56 6 13 2 Restoring The SafeTkit To A Running Condition rrrsnrrrnnrnnnrrrnnnnnnnorrnnrrnnnnnnnnsrnrnnnnnnnnnnnnrsnnnnnnnnnsnnnee 56 6 14 ONC SN p T 58 7 PRO SIL XC2000 Example Applications rrrrnnnnnnnnennnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnvennnnnnnnvennnnnnnn 59 7 1 Adapting The PRO SIL XC2000 For The Safe Tkit XC2388E 000 ener nn 59 7 2 Advanced Example Application llenan nnn 59 1 9 SafeTkit Default PRO SIL XC2000 Configurations ccccceeeecceccseeeeeeeeeeeeeeeeeseeeeeeeeesaaeeeesessaaeeeees 60 HELEASED SafeTkit XC2388E Quick Start 4 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 8 gta ea oe PERO 61 8 1 Information On The Application Of PRO SIL XC2000 TO IS026262 rrrrrrrnnnnnronnnnnnernnnnnronnnnnnennnnnne 61 8 2 Information On Importing And Exporting CIC61508 Calibration Data Sets 61 8 3 Advanced CIC61508 Operation ccccccccccccsssseeeeceeeseeeecceeeeeceeecsaaeeeeesseececeesesaaseeeessueaeeeessssageeeeesaas 61 8 4 Detailed Operation And Configuration Of The PRO SIL XC2000 Safety Driver 61 9 Appendix A Programming The CIC61508 Firmware annnxxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnennnnnnnnnennnnn 62 9 1 mstaling The UN EN 62 RELEASED Safe Tkit XC2388E Quick Start 5 V1 1 2
51. ntains specific instructions on how to operate the basic features whilst at the same time giving an introduction to the concepts and terminology used in the PRO SIL XC2000 Safety System 1 1 SafeTkit XC2388E Introduction 1 1 1 SafeTkit Board The Safe Tkit board has been designed to show the typical hardware configuration required for an ASIL B D system based on the XC2300 and the CIC61508 Safety Monitor It can also be configured as a platform for ASIL B by using the XC2300 with the TLE6711 window watchdog voltage regulator To eliminate any common cause failure on the power supply the XC2388E and CIC61508 have separate power regulators and each device is able to monitor the other s power supplies for early brown out detection The board can be configured in a demonstration mode default where the CIC61508 does not fully monitor the operation of the XC2388E Analog voltages that in a real application would come from the XC2388E are in fact derived from simple potentiometers Likewise the XC2388E does not monitor the CIC61508 system disable pins or power supply For early development of real applications the board can be configured to run in accordance with the PRO SIL Safety Concept Here the CIC61508 monitors the supply voltage Vppp to the XC2388E plus its internally generated voltages Vpp and Vppm In turn the XC2388E monitors the CIC61508 s Vppp and Vppc plus checks the system disable pins for plausibility To simulate a power fa
52. on is then required JTAG SYSDIS Te C LED mg CIC61508 Reset The Infineon FLOAD tool is recommended and this is supplied in C Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation_v303_Demo firmware FLOADsetup_v4 7 exe This must be installed using this setup EXE file The ClC61508 firmware is contained in C Hitex PRO SIL XC2000 MAYFLOWER2 3bSK Implementation_v303_ Demo firmware cic61508 XC2388ESafeTkit hex RELEASED SafeTkit XC2388E Quick Start 62 V1 1 2012 02
53. or Description Error Injection RELEASED Safe Tkit XC2388E Quick Start 28 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 5 3 1 Understanding The SafeTcore Monitoring Window 5 3 1 1 Monitoring CIC61508 SFRs The current contents of the most important CIC61508 SFRs are displayed in real time These are the error counters for each CIC61508 monitor subsystem e Opcode Sequence Test e Data Comparator e Task Sequence Monitor e Voltage Monitor In addition the overall CIC61508 system state is shown i e NOTREADY READY ACTIVE DISABLED etc The voltage present on each of the 4 analog channels is shown e SENA e SENB e SENC e SEND A full description of the CIC61508 SFRs can be found in the CIC61508 User Manual 1 0 section 2 2 5 These SFRs are also visible via the PRO SIL TestBench tool RELEASED SafeTkit XC2388E Quick Start 29 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS If you now move the XC2388E potentiometer fully clockwise the CIC61508 will move to the ACTIVE state CIC61508 Output Status State Meaning SYSDIS A On SYSDIS C On ssos B 1 om ACTIVE The CIC State box in the SafeTcore window will now change from READY to Active SafeTCoreXC ILE Voltage Monitoring Error Counters CIC State Error Count SEMA DEY 127 Opcode Test Sequence SENE O21 127 Data Comparator SENC 0083Y 128 Task Monitoring
54. or each opcode test pass we need 7 5 failures i e 30 4 for each pass before we consider that a critical problem may be occurring This is just a starting point and in a real application the ratio would be much smaller The voltage monitors are by default disabled but they can be individually enabled via the tick boxes Once enabled the CIC61508 will compare the voltage on each channel against an upper and lower threshold expressed in bits If the voltage is within the thresholds the corresponding voltage monitor error counter is incremented by 14 otherwise it is decremented by 4 RELEASED SafeTkit XC2388E Quick Start 47 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 6 11 Enabling Voltage Monitor Channel A Now we will enable the voltage monitor channel A so that the SENA potentiometer will have an effect Do this by clicking on the VA tick box in the Enabling Monitoring panel PRO SIL XC2000 SafeTkit Test Bench E LM EA IS Figure 14 Enabling Voltage Monitor Channel A The Program To DFLASH button will now start to flash in yellow Click this button and the modified calibration data will be blown into the CIC61508 s DFLASH RELEASED SafeTkit XC2388E Quick Start 48 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS Cinfineon PRO SIL XC2000 SafeTkit Test Bench E g E E The TestBench reads the DFLASH back to verify it so the tickbox should still be
55. r Mem Locals Watch2 Watch3 Watchl Click on the to the left of CIC_State CIC_Sfr to expose the structure elements Watch Watchl a x Expression Value T ID ype CIC State CIC Sfr 0x7 0x42 0xB0 0xB1 0xC 0xd struct RELEASED SafeTkit XC2388E Quick Start 56 V1 1 2012 02 PRO SIL XC2000 SafeTkit XC2388E hrtex ium DEVELOPMENT TOOLS The two important SFRs are SYS and VLTMACNT These are the overall system state READY ACTIVE DISABLED etc and n Valse Type the Voltage Monitor A error counter Start the Demo Application 37T aD ODEOCHOAE OG struct Er OTSRHH 0x3D 61 unsigned char 8 HiTOP is able to recover the values of the application data in L OTSRHL OxDE 222 DE unsigned char real time The SYS SFR should show the value 0x78 This E Pm A ERE corresponds to the NONREADY state Now move the SENA MWMAX 0x0C 12 f unsigned char potentiometer slowly until the VLTMACNT goes to a value of TEC signe greater than Ox7E This will happen when the SENA voltage isin RPG the correct 950 1000 bit range The SYS SFR will change to H OTSENT m b VLTMACNT 0011 W unsigned char 0x3C READY state F VLTMBCNT Ox7F 127 x7F unsigned char h WLTMCCNT 0x7F127 x7F unsigned char H VLTMDCNT Ox7F 127 x7F unsigned char z TSKMCNT 0x7D 125 Y unsigned char H DCMPCNT Ox7F 127 x7F unsigned char F SPICNT 0x80 128 x80 unsigned char Now if you move the XC23
56. s 10 Upper Error Count Thresholds 5 XC2388E clock 80MHz System period 6ms System tick time 600us All tests enabled in startup and shutdown hooks RAM Cell test and Peripheral Configuration test enabled for cyclic operation For detailed information on the operation and configuration of the PRO SIL XC2000 SafeTkit version please refer to the PRO SIL XC2000 User Manual RELEASED Safe Tkit XC2388E Quick Start 60 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 8 Further Information This document provides a brief introduction to the Safe I kit and the PRO SIL safety system You can find out more in the following documents 8 1 Information On The Application Of PRO SIL XC2000 TO ISO26262 4227 XC2300 SafetyConcept IFX pdf 8 2 Information On Importing And Exporting CIC61508 Calibration Data Sets PRO SIL TestBench User Manual 8 3 Advanced CIC61508 Operation CIC61508 User Manual v1 0 pdf 8 4 Detailed Operation And Configuration Of The PRO SIL XC2000 Safety Driver PRO SIL XC2000 UM v1 8 pdf RELEASED Safe Tkit XC2388E Quick Start 61 V1 1 2012 02 PRO SIL XC2000 hrtex imum SafeTkit XC2388E DEVELOPMENT TOOLS 9 Appendix A Programming The CIC61508 Firmware 9 1 Installing The CIC61508 Firmware The CIC61508 firmware is programmed via a dedicated JTAG connector m A USB JTAG interface such as the Hitex Tantino or MiniWiggler must be CIC61508 attached to this A programming applicati
57. states for READY The system is now in a stable state Any test failures in the PRO SIL XC2000 or CIC61508 will cause the NOTREADY state to be re entered It must be stressed that such a failure is extremely unlikely Now turn the XC2388E s potentiometer fully clockwise The application will now tell the PRO SIL XC2000 to send the GO command to the CIC61508 s MODE SFR causing it to move to the ACTIVE state The third Port 10 LED will now start to flash once per second and will continue to do so while ACTIVE mode is maintained The SYSDIS A SYSDIS A and SYSDIS A LEDs should be extinguished indicating that the safety path is enabled CIC61508 Output Status State Meaning SYSDIS A ACTIVE SYSDIS C Off Table 4 CIC61508 SYSDIS A B C states for ACTIVE RELEASED Safe Tkit XC2388E Quick Start 26 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS Turning the potentiometer anti clockwise again will cause the STOP command to be sent to the CIC61508 and it will move to the DISABLED state The SYSDIS X LEDs should be illuminated showing that the safety path is disabled once again CIC61508 Output Status State Meaning SYSDIS A DISABLED Table 5 CIC61508 SYSDIS A B C states for DISABLED RELEASED Safe Tkit XC2388E Quick Start 27 V1 1 2012 02 hitex PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS 5 3 Monitoring The PRO SIL XC2000 State In the stable ACTIVE state
58. terface which is described later The applications are supplied as complete Tasking Eclipse project file systems which will open directly in the supplied evaluation toolchain 3 3 Running The Installer When invoking the installer PROSILXC2000v2 3bSK exe this dialog appears PRO SIL XC2000 MAYFLOWER 2 3bSK You are about to copy The PRO SIL XC2000 MAYFLOWER 2 3b5K Source Code And Example Application Package onto your computer Click Mext to continue Clicking Next reveals the Infineon licence terms that cover the PRO SIL XC2000 libraries contained in the installation RELEASED Safe Tkit XC2388E Quick Start 14 V1 1 2012 02 hrtex ium DEVELOPMENT TOOLS PRO SIL XC2000 SafeTkit XC2388E j5 Copy PRO SIL XC2000 MAYFLOWER 2 3bSK O Please read the following important information before continuing Please read the following License Agreement You must accept the terms of this agreement before continuing with the copying process Important Note and Terms of Use Please read the following important note as well as the following terms and conditions carefully The extraction of the downloaded documents as well as the installation of the downloaded software is only possible if you agree to such terms and conditions By choosing the check box I accept the agreement below you agree to have read the important note set forth below and to be bound by the following terms af use If you do not agr
59. the five communications error reports into the Test Execution Monitor TexM directly This causes the PRO SIL XC2000 to think that the SPI communications link to the CIC61508 has failed and so it immediately shuts the system down and the CIC61508 will enter the DISABLED state CIC61508 Output Status State Meaning SYSDIS A svsDIsB 1 On DISABLED On SYSDIS C On The Safe Tcore window now reports the error safeTCoreXC CIC61508 Voltage Monitoring Error Counters CIC State Error Count Active SENA 062W 127 Opcode Test Sequence SEMB O21 128 Data Comparator SENC UG 128 Task Monitoring SEND 220 v 127 SPI Communication Total 510 PRO SIL Detected Errors Error ID Trap ID Trap Description Error Description 5 2 CIC Handler Communication error Error Injectian Note the CIC State is not updated to DISABLED as the SPI link appears to be faulty hence the true CIC61508 state cannot be read back by HiTOP RELEASED SafeTkit XC2388E Quick Start 32 V1 1 2012 02 PRO SIL XC2000 hrtex mmm SafeTkit XC2388E DEVELOPMENT TOOLS 5 3 1 3 Monitoring Real Errors If an error occurs during normal running of the PRO SIL XC2000 this window will display the cause of the error To demonstrate this stop HiTOP executing with the Red traffic light button 8 Next reset the XC2388E with the Target Reset button Start execution again and make sure that the CIC61508 enters the ACTIVE mode CIC61508
60. this document Please send your comments including a reference to this document to comments Qhitex co uk RELEASED Safe Tkit XC2388E Quick Start 3 V1 1 2012 02 hitex mum SafeTkit XC2388E DEVELOPMENT TOOLS Table of Contents 1 SafeTkit XC2388E Quick Start Guide Introduction nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnr 8 1 1 SafeTkit XC2388E Introduction ccccsseeececcceeseeceeecaesseceeeeaeuceeeeeeaasceeessaaseceeessaaseeeesssaageeeesseageeeessaas 8 1 1 1 ez AGA o o PON SONC ERR x 8 1 1 2 STN 8 1 2 SafeTkit XC2388E Major Functional Blocks rrrrnnnrrennrnnnnnrrnrrnnnnnrrnrnnnnnnrrnnnnnnnnrennnnnsnsrnnnnnnsnsennnnnnsnee 10 2 Mae TRIEXG2388E NT 11 2 1 Default Configuration ee 11 2 2 Terms A SCO PR R O O nn rerenn nn erenen nenen 12 3 Installation Of SafeTkit Software And Documentation rrurrrnnnnnnnnnnnnnvnvnnnnnnnnnnnnevevnnnnnnnnnnnerevnnnnnn 13 3 1 La 1 016 NO MS R R O E 13 3 2 Installing The XC2388E Example Application 02e000 0000000000000 000 nene hran nn nn nn 14 3 3 RUNNING EEE iM UU s 14 3 4 Working With Tasking Eclipse DE zs vsi dod odds dii aS ro va ER brouka na bb Fa EE Bavaria 18 3 4 1 TENNE 18 3 4 2 BNC MIME AOC AON eresse a a aoai 19 4 First Steps With The Sale FKIE ve 20 4 1 BASIC BO ate piste EE EE O OP VP 20 5 Running And Monitoring Applications F
61. ticked The voltage thresholds are set by default at 950 and 1000 bits The actual voltages that these correspond to is determined by the reference voltage being used by the CIC61508 s 10 bit analog to digital converter On the SafeTkit this is 3 3VV Thus the 950 bits lower threshold implies a voltage of 950 1023 3 3 3 06V and the upper threshold of 1000 bits is 1000 1023 3 3 3 22V Note in a real system the voltage reference would more likely be 2 5V and would use a precision reference device The SafeTkit XC2388E has this facility but it is not used in this Quick Start Guide RELEASED SafeTkit XC2388E Quick Start 49 V1 1 2012 02 PRO SIL XC2000 hitex imum SafeTkit XC2388E DEVELOPMENT TOOLS 6 11 1 Testing The New Configuration In The TestBench Return to the Configuration and Live SFRs tab and make sure that the Voltage Reference box is set to 3 3V using the drop down menu Now click the Live Updates button and you should see that the voltages being displayed are now referenced to 3 3V Depending on how your board has been shipped the SENA potentiometer may not be correctly set so the display may show a red background on channel A RELEASED SafeTkit XC2388E Quick Start 50 V1 1 2012 02 hitex mm PRO SIL XC2000 SafeTkit XC2388E DEVELOPMENT TOOLS If your board shows channel A as green please move the SENA potentiometer slightly so that the voltage goes out of range and the VA Error Count is now

Download Pdf Manuals

Related Search

Related Contents

Philips 17" LCD Monitor  Operating Manual Conveyor Toaster    Manual  Philips AZ1826 MP3 CD Soundmachine  Téléchargez le manuel d`utilisation en français  Zanussi ZOB 460 User's Manual  

Copyright © All rights reserved. Failed to retrieve file