SPRY347 June   2022

 

  1.   At a glance
  2.   Authors
  3.   3
  4.   Introduction
  5.   Functional safety requirements for industrial robots
    1.     ISO 13849 in factory automation
    2.     ISO 10218 in industrial robots
  6.   Designing functional safety architectures for industrial robots
    1.     Dual external safety controllers
    2.     Single integrated safety controller
    3.     Dual integrated safety controllers
  7.   Processor-level integration for industrial robots
  8.   Making certification easier
    1.     Documentation support
    2.     Software support
  9.   Summary
  10.   References

Processor-level integration for industrial robots

Given the complexity of industrial robots, next-generation processors are integrating more system-level requirements on-chip.

As touched on in the previous section, industrial robots typically need to achieve PLd with structure category 3 as described in ISO 13849-1:2006, or SIL 2 with a hardware fault tolerance of 1 (HFT=1) as described in IEC 62061:2005. TI helps achieve this in the most space-efficient and cost-optimized way via an integrated Dual Safety Solution with the DRA82x family of Jacinto processors and the AM24x family of Sitara™ MCUs.

TI’s DRA82x family of Jacinto processors offers vendors the flexibility to choose the best architecture for their system. The SoC is composed of a heterogenous mix of processing cores (Arm Cortex-A72, Cortex-R5F and DSPs) for both performance and real-time processing needs and high-speed communication interfaces. The different variants of the DRA82x devices supports a wide range of performance requirements ranging from approximately 20 kHz to over 100 kHz DMIPS (future roadmap devices) for all levels of compute. Integrated peripherals including LIN, CAN, PCIE, Ethernet switch, I2C, SPI, and more enable simple communication and interfacing with other SoCs, ICs, and sensors in the system.

DRA82x is developed via IEC 61508/ISO26262 processes to achieve SIL-3 systematic fault integrity and includes:

  • hardware diagnostics for random faults including voltage monitors
  • ECC on SRAM
  • temperature monitoring

The safety island is comprised of lockstep R5Fs (ASIL-D capable), its own clocking, power sources, and dedicated peripherals and facilitates safety channel isolation and freedom from interference from the rest of the chip.

TI’s AM243x family of high performance MCUs is also comprised of a heterogenous mix of processing cores. These devices are designed as functional safety-compliant SoCs that target IEC 61508 SIL-3 HFT=1 via a single external channel, with one key assumption of use targeted at motor control applications. The integrated Arm Cortex M4F core (independent MCU channel from the main domain) provides a potential BOM reduction for industrial customers that need a single or dual-channel safety system.

The AM243x family is designed to achieve SIL-3 systematic fault integrity across the entire device. Safety features have been implemented across the entire SoC to support system-level safety, such as ECC on main memories, dual clock comparators, voltage monitoring, temperature monitoring and a diagnostic toolkit. In addition, functional safety collateral is available to help with system-level safety certification for their products.

The AM243x processor family integrates dedicated motor control features as well as extensive communication capability including Ethernet and PCIe interfaces. Integrated security capabilities offer customers the ability to design lower cost systems.

The DRA82x family’s compute, communication, and safety features in conjunction with AM24x family’s control, industrial protocol, and safety features provide system designers a high level of flexibility to architect safe, high performing, and cost-efficient industrial robot solutions.

Figure 4 demonstrates a dual integrated controller safety architecture via a DRA82x family and AM243x family solution.