AN 999: Drive-on-Chip with Functional Safety Design Example: Agilex™ 7 Devices

Download PDF
ID 823627
Date 7/04/2024
Public

Visible to Intel only — GUID: bga1716295158737

Ixiasoft

View Details

Document Table of Contents
Document Table of Contents x
1. About the Drive-on-Chip with Functional Safety Design Example for Agilex™ 7 Devices 2. Getting Started 3. Rebuilding the Drive-on-Chip Design 4. Functional Description of the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices 5. HPS Channel Safety Software 6. Drive-on-Chip Design Recommendations and Disclaimers 7. Document Revision History for AN 999: Drive-on-Chip with Functional Safety Design Example for Agilex 7 Devices
1. About the Drive-on-Chip with Functional Safety Design Example for Agilex™ 7 Devices x
1.1. Features of the Drive-on-Chip with Functional Safety Design Example for Agilex 7 Devices 1.2. About the Safety Concept 1.3. Other Drive-on-Chip Design Documents
1.2. About the Safety Concept x
1.2.1. High-Level Block Diagram of the Drive-On-Chip with Functional Safety Design Example
2. Getting Started x
2.1. Software Requirements for the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices 2.2. Hardware Requirements for the Safe Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices 2.3. Downloading and Installing the Design 2.4. Installing Python 2.5. Creating an SD Card Image 2.6. Setting Up your Development Board for the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices 2.7. Debugging and Monitoring the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices with Python GUI 2.8. Looking into the Drive-On-Chip Output
2.3. Downloading and Installing the Design x
2.3.1. Design Directory Structure
2.7. Debugging and Monitoring the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices with Python GUI x
2.7.1. GUI Safety Function Tab for the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices
3. Rebuilding the Drive-on-Chip Design x
3.1. Generating the Platform Designer System 3.2. Generating and Building the NiosV/g BSP for the Drive-On-Chip Design Example 3.3. Compiling the Hardware in the Intel Quartus Prime Software 3.4. Modifying the Motor Control Software Application 3.5. Generating .jic and .rbf files After Hardware Modifications 3.6. Recreate an SD Card Image 3.7. Modifying the HPS Safety Function Application
4. Functional Description of the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices x
4.1. Drive-on-Chip Related Subsystems 4.2. HPS Safety Subsystem 4.3. Safety Subsystem 4.4. Shared Memory Subsystem 4.5. External Safety Logic 4.6. Hardware Subsystem 4.7. Voltage Thresholds 4.8. IP Input and Output Signals 4.9. Registers
4.3. Safety Subsystem x
4.3.1. Safety Block 4.3.2. Quadrature Encoder Pulse 4.3.3. Interval Timer
4.3.1. Safety Block x
4.3.1.1. Safety Function Block 4.3.1.2. Cross-Comparison Block
5. HPS Channel Safety Software x
5.1. Meta Layer and Yocto Build 5.2. HPS Channel Speed Monitoring Safety Application
5.1. Meta Layer and Yocto Build x
5.1.1. Layer Configuration Files 5.1.2. Board Support Package Recipes (recipes-bsp)
5.2. HPS Channel Speed Monitoring Safety Application x
5.2.1. Main (hps_safe_channel.c) 5.2.2. Speed Estimation Thread (speed_estmation.c/.h) 5.2.3. Printing Thread (print_safety.c/.h) 5.2.4. Safety Function Application (srt.c/.h) 5.2.5. Access to Devices 5.2.6. Core Isolation and Core Affinity
1. About the Drive-on-Chip with Functional Safety Design Example for Agilex™ 7 Devices
2. Getting Started
3. Rebuilding the Drive-on-Chip Design
4. Functional Description of the Drive-On-Chip with Functional Safety Design Example for Agilex 7 Devices
5. HPS Channel Safety Software
6. Drive-on-Chip Design Recommendations and Disclaimers
7. Document Revision History for AN 999: Drive-on-Chip with Functional Safety Design Example for Agilex 7 Devices

4.5. External Safety Logic

The external safety logic identifies common causes of failures and disparities in the overall system. You can model the external safety logic via internal logic when no external device is present. The following descriptions state each of the diagnostics external safety logic Implements.

Results of payload comparison

Both the FPGA and HPS process their own comparisons to ensure both values of payload agree. The design passes these outputs into the external safety logic to ensure that both comparison checks agree

Clock Checker

The external safety logic actively takes in respective FPGA and HPS clocks as inputs of different frequencies. The design processes these signals through the clock checker to ensure frequencies are in a tolerable range.

The clock checker takes a fixed reference clock and its respective reset, and compares it to a clock under comparison. Using fixed parameterizable thresholds, the clock checker determines whether the clock under test falls into appropriate and safe frequencies. The external safety logic uses the clock checker to ensure that HPS and FPGA clocks operate at appropriate frequencies, and the design has no instances of skewing or jitter when passing through various blocks.

Channel Operation

Refers to the two heartbeat signals present in FPGA and HPS operations. These signals help to identify that everything is functional within a process safety time. The external safety logic receives these signals as inputs, which the design then delays using two flip-flops to prevent any metastable values that might fluctuate through. The design applies a window check to allow for the heartbeat to arrive within a determinable time span.

CRAM Configuration Check

Ensures that no soft errors or transient faults occur.

Power Supply Check

Ensures no failures because of loss of power or unsafe operating voltage conditions. The design checks the power supply by using the Mailbox Client with Avalon Streaming Interface IP. The design compares the voltages to optimal operating voltage conditions. Refer to Agilex 7 User Guide.

Temperature Check

Ensures no failures because of unsafe temperatures. The design checks the temperature by using the Mailbox Client with Avalon Streaming Interface IP. The design compares the temperature values against parameterizable temperature limits to ensure they are in a safe range. For more details on power supply and temperature check, refer to Agilex 7 Power Management User Guide.

Complementary Bit Package

The complementary bit package contains a typedef for a definition of type called compli which allows effective storage of complementary bit pairs. The complementary bit check also contains fault checking functions to ensure that received complementary pairs are organized into the correct format.

The design processes external safety logic's I/O in a complementary manner to detect any stuck bits during transmissions. To accommodate any timing delays, complementary pairs can arrive within a preset and adjustable window.

Level Two Title