Hi ADI team:
When we using the safety mechanisms in safety manual of ADuCM342, we have some questions need your support.
In ADuCM342 safety manual, there are five safety mechanisms nee to execute once per driving cycle, they are SM20, SM60, SM151, SM161 and SM181. We are confusing all these SMs are used to cover MPF(multiple point fault)?
We use ADuCM342 to measure 12V battery current, and measure 12V battery voltage, and control external MOS and execute logic strategy, all of these functions are functional safety related.
Can you clarify every these SMs(SM20, SM60, SM151, SM161 and SM181) is against to cover SPF or MPF for measure 12V battery current, and measure 12V battery voltage, and control external MOS and execute logic strategy?
Besides,
- For SM20(Clock cross check internal clock compare): Does ADI assume the SM21 used to detect SPF for clock, and SM20 used to detect MPF? But if ADuCM342 has low frequency oscillator and high frequency oscillator, the SM20 is enough to detect the SPF for clock? why still need SM21? If we not use SM21, is it OK for functional safety?
- For SM151(Program NVM signature) and SM161(Data NVM signature): There are ECC mechanism(SM152 and SM162) to detect NVM fault, why still need SM151 and SM161? Does ADI assume the SM151 and SM161 are used to detect the function failure of SM152 and SM162? What's the impact on the safety related function if SM151 or SM161 detect a fault?
- SM181(MMR readback): In SM181, we need to read back many registers to check these values are equal to expected value or not. But we don't know what's the impact if detect some registers failure, especially for these internal configuration registers. So what's your suggestion if SM181 check failure?
Best Regards!
Zizhen.