W H I T E

PA P E R
Jeff Stafford,
TI Motor Solutions
Texas Instruments

Accelerating motor control

design for functional safety
Introduction

Safety is everywhere in todays world

Designing a differentiated motor drive is a com-

Functional safety standards in a variety of applications, such as automotive systems, industrial

plex task. Often these drives are single proces-

automation, household appliances and more, make the world safer for all of us. They also

sor that combine constraints of real-time em-

provide an additional opportunity to differentiate your product from competition. The SafeTI

bedded designs such as limited memory size

design packages for functional safety help designers achieve compliance to international

and processing time, with the complications

functional safety standards (IEC 61508, IEC 60730 and ISO 26262) and get to market quickly.

that motors bring electrical noise and faults.

In some cases, designers will be able to go beyond meeting the basic requirements of the

When you add functional safety and

certification requirements the new design, test and documentation deliver-

current industry standards and position their products for longer life cycles, avoiding redesign
due to evolving standards.
Today, systems are more complex and more dependent on the electronic control of motor-

ables require a significant amount of ad-

ing operations that need to meet strict functional safety standards. Whether it is the motor

ditional effort. The additional functional

in control of the power steering assist in a car, controlling the lift and doors of an elevator

safety

or directly connected to the drum of a front-load washing machine without belts or gears,

requirements are often seen as

an even bigger constraint and too diffi-

functional safety in motor operation is fundamentally important. A motor system designed with

cult to deliver a differentiated, functional

functional safety will have a lower level of risk from improper operation. When a failure does

safety motor drive on time or on budget.

occur, whether it is a random or systematic fault, the functionally safe design will detect this

Safety certification efforts directly im-

fault and respond to minimize impact.

pact time to market and can often have

drastic impact on project costs. Recertification for product updates often becomes a reason to delay or a rationale
for skipping design updates altogether.
To help ease the functional safety design process, SafeTI design packages
from Texas Instruments (TI) for functional
safety help solve these issues by easing the design and certification process
for designers and allow the engineering
and marketing teams to focus on delivering successful, differentiated products.

SafeTI design packages speed functional safety designs

and certification
To help designers more easily achieve industry standards, such as IEC 61508, IEC 60730 and
ISO 26262, TIs new SafeTI design packages can help accelerate design and certification in
areas such as industrial, transportation, energy and medical. This functional safety platform
augments TIs 20+ years of safety-critical design expertise and includes design packages with
analog companion devices and embedded processors from microcontrollers to digital signal
processors as well as software, supporting documentation and independent third-party
evaluation and certification.
All SafeTI functional safety-enabled embedded processing and analog semiconductor devices include components offered as part of TIs broad product portfolio and are tested to work

Texas Instruments

together in a system. These SafeTI hardware components allow designers of safety systems to more easily
meet their safety goals without using multiple channels or vendors of system-level hardware.
But it doesnt stop with the hardware. SafeTI design packages include five key components for functional
safety:
1. Functional safety-enabled semiconductor components developed as safety-standard-compliant
items to help enable designers to build safe systems with confidence.
2. Safety documents, tools and software to decrease development and certification time. SafeTI
documents include a Safety Manual, detailing product safety architecture and recommended usage;
Safety Analysis Report including details of safety analysis and Safety Report, summarizing compliance to
targeted standards.
3. Complementary embedded processing and analog components work together to help designers
meet safety standards.
4. Quality manufacturing process has been applied to help assure that SafeTI components meet the
component-level requirements concerning ISO 9001 or ISO/TS 16949 (including AEC-Q100 for automotive), helping enable the customer to deliver robust solutions.
5. Safety development process that follows ISO 26262, IEC 61508 and IEC 60730 requirements, which
is assessed by auditors as prescribed by safety standards.

Meeting stringent
industry safety
standards

International functional safety standards are defined to ensure that functional safety techniques are detailed
for a specific industry sector and that these techniques are consistently applied. IEC 61508 is a basic safety
standard, which is the basis of all IEC and some ISO functional safety standards. It is used as a basis for
sector-specific standards but where these do not yet exist, it is also intended for direct use. Some standards
that refer to IEC 61508 include:
EN 50128 railway
IEC 60601 medical equipment
IEC 61511 process industry
ISO 13849/ IEC 62061 industrial machinery
IEC 60880 nuclear power industry
IEC 50156 furnaces
For these specific industry standards, SafeTI-61508 design packages for functional safety include
component-level-compliance to IEC 61508:2010, which supports SIL levels from SIL-1 to SIL-3 and system
level compliance to SIL-4. The above standards can be daunting, but the SafeTI functional safety design

Accelerating motor control design for functional safety

October 2012

Texas Instruments 3

package provides confidence to tackle stringent safety requirements and ease the design and certification
process.
Automotive designers can use SafeTI-26262 design packages for component-level compliance to ISO
26262 safety requirements to support ASIL-A to ASIL-D for applications such as steering, braking, transmission, electric vehicle battery management and advanced driver-assistance systems (ADAS). TI is a member of
U.S. and international working groups for ISO 26262.
Designers for household appliances can use SafeTI-60730 design packages to meet IEC 60730, or related
standards UL 1998 and IEC 60335. SafeTI-60730 design packages for functional safety include software
certified to IEC 60730 for household appliances supporting Class A to Class C.

Development tools
and software
for SafeTI design
packages

As part of the SafeTI design packages, several development tools and software pieces are available to further
ease the design and certification process:
Safety-enabled hardware supports standards-based, safety integrity levels (SIL) enabling designers to
build systems with confidence.
Safety documents decrease development and certification time.
Compilers for safety: The SafeTI ARM Compiler Qualification Package establishes confidence in development tools. The kit will help designers document, analyze, validate and qualify use of the TI ARM compiler
to help meet the requirements of the ISO 26262 and IEC 61508 standards.
GUI-based peripheral configuration tools: SafeTI HALCoGen graphical user interface works to configure peripherals, interrupts, clocks and other C parameters and generates peripheral and driver code.
Developers can use this to accelerate development on new projects and can import this into TIs Code
Composer Studio integrated development environment (IDE) v.5 and select third-party IDEs.
MCAL and Safe AutoSAR for ISO 26262: Designers can get the Microcontroller Abstraction Layer
(MCAL) 4.0 from TI and Safe Automotive Open System Architecture (AutoSAR) from TTTech/Vector. ISO
26262 AutoSAR support is available from Vector and Elektrobit.
Certifiable RTOS Support for IEC 61508: Real-time operating system support is available from Wittenstein High Integrity Systems SAFERTOS, Micriums C/OS, Express Logics ThreadX and SCIOPTA RTOS.

Integrating safety
in motor control
systems

A typical motor control system block diagram consists of processing feedback from motor rotor sensors, as
well as measuring voltages and currents from the inverter (strategically and deterministically), and then processing this data to be used as inputs to regulate compensation of torque, speed and position control loops
to finally generate an appropriate pulse-width modulator (PWM) output to the inverter (Figure 1 on the following page). These closed loops are standard and depend on a great number of components, both hardware

Accelerating motor control design for functional safety

October 2012

Texas Instruments

Hercules RM46x MCU

Cortex-R4

Angle (SMO)

Angle
Check
&
Select

Angle

SPI

Resolver

eQEP

Encoder

eCAP

Hall
Sensor

PWM (x6)

Angle
PWM
Check
Speed
Ref

Speed
Torque
PID

Torque/Flux
Ref

Torque
Flux
Angle

PWM

Safety Flow

Error Signal
Core & I/O Voltage

DRV8301

eTPWM
PWM
Phase
Currents
Phase
Currents

DCBus V

SMO
Angle
Estimation

Reset

Typical Flow

ADC
Check

MOSFETs

High-end
Timer

FOC Software Control Loop

Phase
Currents

Speed
Estimation

PWM
FDBK

PWM

Speed
FDBK

Motor
Sensors

ADC 1

Temp
Monitor
Bridge
Error Mon

Voltage
Monitor
Current
Monitor

Diagnose

Bridge
Driver

ADC 2

3x

DCBus V

Clock
Monitor

TPS65381-Q1
Voltage
Monitor

Temp Diagnose
Monitor
WD

Power Supply
Safety Companion

Enable

Figure 1. Motor control system block diagram with safety checks.

and software. TIs embedded processors in the SafeTI design package (in this case, microcontrollers) support
functional safety throughout these processes.
When measuring the inverter voltages and currents, designers must know if the analog-to-digital converter
(ADC) is both functional and producing correct results. A common technique connects a PWM output to
an ADC input through a filter. The full-scale ADC range can then be tested. Some TI microcontrollers even
integrate a digital-to-analog converter (DAC) to serve this purpose. One method to gain safety coverage is to
have multiple ADCs converting the same control signals. This allows a comparison to occur on the actual signal used in the control process. Because many SafeTI MCUs provide multiple ADCs, the same sensor signal
can be converted with two separate ADCs, thus reducing common cause failures.
Knowing the motors exact rotor position is critical to most motor systems. For safety-critical systems
using a resolver, encoder or hall sensor, TI provides software that estimates the rotor angle to compare to the
angle measured by the electro-mechanical sensor. Microcontrollers in SafeTI design packages include safety
features in the hardware (Figure 2 on the following page) versus software to provide the performance headroom to easily include these self-sensing angle-estimation routines. This capability, having two separate
and diverse channels to obtain the motors rotor angle, can enable the designer the option to reduce system
costs by replacing a more expensive SIL-3 resolver or encoder with a standard version.
The next step is processing these signals. As the leader of commercial lock-step microcontroller architectures, SafeTI microcontrollers provide cycle-by-cycle diagnostics for the CPU. While two CPUs execute the

Accelerating motor control design for functional safety

October 2012

Texas Instruments 5

Dual-core lockstep
cycle-by-cycle CPU
fail-safe detection

ECC for Flash / RAM /

interconnect evaluated
inside the Cortex-R4F

Motor control
software loop

Memory
Flash
w/ ECC
RAM
w/ ECC

ARM

CortexR4F

Flash
EEPROM w/ ECC

On-chip clock
and voltage
monitoring

Program & memory

self test to check for
latent faults

Power, Clock, & Safety

OSC PLL

PBIST/LBIST

POR

ESM

CRC

RTI/DWWD

High-end
Timers

Self-capture
PWMs and
compare

ePWM

eQEP
eCAP

Virtual encoder
and sensored
feedback

Safety hardware

Dual
ADC

PORST

Enhanced System Bus and Vectored Interrupt Module

Dual ADC for

feedback
check

Software techniques

Figure 2. Block diagram of TI safety microcontrollers with hardware safety features.

same code, comparison logic guarantees that each software instruction is executed exactly the same for both
CPUs and notifies the system immediately if they do not match. Also, every local Flash and RAM access by
these CPUs is checked by a single-bit error correcting and double-bit error detecting (SECDED) error code
correction controller (ECC). To extend coverage further, both the CPU and memory have hardware BIST (builtin self test) to verify functionality at start up. Embedded diagnostics also include self-test capability to ensure
proper operation before start of safety-critical operation.
With the processing now complete, the next step is to output appropriate PWMs to the inverter. These
outputs can be verified by connecting them to input captures. SafeTI microcontrollers provide extra input
captures for this purpose with eCAP and high-end timer modules. To get more system coverage, a designer
can connect the motor phases to the input captures, using appropriate signal conditioning, to verify that the
transitions are within expectations.

Industrial, medical
and energy
functional safety
motor c ontrol SafeTI
design packages

The latest microcontrollers introduced as new SafeTI-61508 design packages are optimized for motor
control in safety-critical designs. They include the Hercules RM46x and RM42x ARM Cortex-R4
safety microcontrollers, designed for motor control in industrial automation, medical monitoring and energy
applications. The Hercules RM46x/RM42x safety microcontrollers include 15 devices, offer USB and CAN,
and operate across the full industrial temperature range. Hercules RM46x floating-point safety microcontrollers (Figure 3 on the following page) provide additional memory and performance configurations with
expanded motor-control capabilities and pin compatibility with production-qualified Hercules RM48x safety

Accelerating motor control design for functional safety

October 2012

RM46x Block Diagram

Cortex-R4F Floating Point Microcontroller

6ARM
Texas
Instruments

Performance / Memory

Up to 220 MHz ARM Cortex-R4F w/ Floating Point

Up to 1.25MB Flash and 192KB Data SRAM
Dedicated 64KB Data Flash (EEPROM Emulation)
16 Channel DMA

Features

Targeted Applications

General IEC61508 Safety Applications

Industrial, Medical, Energy

ARM

-
ARM
Cortex

Memory
1.25MB Flash
w/ ECC
192KB RAM
w/ ECC
64KB Data Flash
EEPROM w/ ECC

Power, Clock, & Safety

OSC PLL

POR

Safety
PBIST
CRC
Dual CPUs in Lockstep
CortexR4F
CPU Logic Built in Self Test (LBIST)
160MHz
LBIST
RTI/DWWD
R4F
Up to 12 CPU MPU regions
Up to 220MHz
Memory Interface
Calibration
Flash & RAM w/ ECC (w/ bus protection)
Fail Safe
Memory Built-in Self Test (PBIST)
SDRAM EMIF
JTAG Debug
Detection
Cyclic redundancy checker module (CRC)
Peripheral RAMs protected by Parity
DMA
Communication Networks
Enhanced System Bus and Vectored Interrupt Module
10/100 Ethernet MAC w. MII/RMII, MDIO Option*
Timers / IO
ADC
Serial I/F
Network I/F
USB 2.0 Full Speed: Host and Device Option *
MibSPI1
USB 2.0 *
3 CAN Interfaces
2x High End Timer
MibADC1
128 Buffers; 6 CS
Host & Device
5 SPI (3 Multi-Buffered)
(N2HET)
64 Buffers
2 UART, 1 I2C
160 words
12-bit, 24ch
MibSPI3
CAN1 (64mb)
(16ch shared)
Enhanced I/O Control
128 Buffers; 6 CS
CAN2 (64mb)
2x High End Timer Coprocessor (N2HET) w/DMA
eTPWM (14ch)
MibSPIP5
CAN3 (64mb)
Up to 40 pins plus 6 monitor channels
128 Buffers; 6 CS
eCAP (x6)
MibADC2
All pins can be used as Hi-Res PWM or Input Capture
2x UART (LIN1)
64 Buffers
SPI2
(2CS)
eQEP (x2)
Motor Control Timers
I2C
12-bit, 16ch
7x eTPWM (14 ch), 6x eCAP, 2x eQEP
(16ch
shared)
GIOA/INT(16)
SPI4 (1CS)
10/100 EMAC*
2 x12-bit Multi-Buffered ADC
24 total input channels (8 shared)
Packages: LQFP: 144pin -20x20; nfBGA: 337 pin-16x16, 0.8mm;
Calibration and Self Test
-40 to 105 C Temperature Range
Up to 101 GPIO pins (16 dedicated)
Figure 3. Hercules RM46x safety microcontrollers
ARM Cortex -R4 Microcontroller

RM42x Block Diagram

Applications
TI Confidential Targeted
NDA Restrictions

Performance / Memory

100 MHz ARM Cortex-R4

384KB Flash and 32kB Data SRAM
Dedicated 16kB EEPROM Emulation Flash (4x4k)

Features

General IEC61508 Safety Applications

Industrial, Medical, Energy

ARM

Memory
384 KB Flash
w/ ECC

Power, Clock, & Safety

Safety
OSC PLL
POR
-
Dual CPU in Lockstep
ARM
Cortex
32 KB
CPU Logic Built in Self Test (LBIST)
PBIST
CRC
CortexR4F
RAM w/ ECC
Up to 12 CPU MPU regions
160MHz
R4
16KB emuE2 PROM
Flash & RAM w/ ECC (w/ bus protection)
LBIST
RTI
100MHz
Memory Protection
Memory Built-in Self Test (PBIST)
Cyclic redundancy checker module (CRC);
Fail Safe
JTAG Debug
Detection
Peripheral RAMs protected by Parity
Communication Networks
2 CAN Interface
Enhanced System Bus and Vectored Interrupt Module
3 SPI (1 Multi-Buffered)
Timers
ADC / IO
Serial I/F
Network I/F
1 UART
Enhanced I/O Control
CAN1 (32mbx)
MibADC
High End Timer
MibSPI1
High End Timer Coprocessor (NHET)
64 Buffers
128 words
128 Buffers (4CS)
Up to 19 channels
12-bit, 16ch
up to 19ch
CAN2 (16mbx)
12-bit Multi-Buffered ADC (3.3V)
16 total input channels
2 x SPI (1CS)
1x LIN/UART
eQEP (x2)
GIOA/INTA (8)
Continuous Conversion Mode
Calibration and Self Test
Motor Control Timers
Package: LQFP: 100pin
2x eQEP
-40 to 105 C Temperature Range
Up to 45 GPIO pins (8 dedicated)
Figure 4. Hercules RM42x safety microcontrollers
TI Confidential NDA Restrictions
7

Accelerating motor control design for functional safety

October 2012

Texas Instruments 7

microcontrollers, introduced last year. The new Hercules RM42x safety microcontrollers (Figure 4 on
the previous page) provide a smaller package, lower cost, entry-line solution with integrated motor control
interfaces while also meeting safety standards.

Automotive and
transportation functional
safety motor control
SafeTI design packages

To help speed design and certification for automotive and transportation designs, TI introduced 12 new Hercules TMS570 ARM Cortex-R4 safety microcontrollers as part of the SafeTI-26262 and SafeTI-61508 design
packages. These new devices and add FlexRay (a safety-centric protocol used primarily in automotive), are
AEC-Q100 compliant and operate from 40C to +125C for transportation motor applications, such as rail
propulsion control, aviation anti-skid control, electric power steering, air-bag deployment, hybrid and electric
vehicles, pumps and compressors and more. The newest Hercules TMS570 safety microcontrollers expand
the product line to include 36 configurations from which customers can choose to meet application-specific
needs. The new Hercules TMS570LS12x/11x floating-point safety microcontrollers provide additional
memory and performance configurations with expanded motor control capabilities (see Figure 5) while the
Hercules TMS570LS04x/03x safety microcontrollers provide a smaller package, lower cost, entry-line
solution with integrated motor control interfaces (see Figure 6 on the following page).

ARM

-
ARM
Cortex
CortexR4F
160MHz
R4F

Memory
1.25MB Flash
w/ ECC
192KB RAM
w/ ECC
64KB Data Flash
EEPROM w/ ECC

Power, Clock, & Safety

Calibration

Memory Interface

JTAG Debug

SDRAM EMIF

Up to 180MHz

Fail Safe
Detection

OSC PLL

POR

PBIST

CRC

LBIST

RTI/DWWD

DMA
Enhanced System Bus and Vectored Interrupt Module

Serial I/F

Network I/F

MibSPI1
128 Buffers; 6 CS

2 ch FlexRay
8K Message RAM

MibSPI3
128 Buffers; 6 CS
MibSPIP5
128 Buffers; 6 CS
SPI2 (2CS)
SPI4 (1CS)

CAN1 (64mb)
CAN2 (64mb)
CAN3 (64mb)
2x UART (LIN1)
I2C
10/100 EMAC*

ADC
MibADC1
64 Buffers
12-bit, 24ch
(16ch shared)

Timers / IO
2x High End Timer
(N2HET)
160 words
eTPWM (14ch)

MibADC2
64 Buffers
12-bit, 16ch
(16ch shared)

eCAP (x6)
eQEP (x2)
GIOA/INT(16)

Packages: LQFP: 144pin -20x20; nfBGA: 337 pin-16x16, 0.8mm;

-40 to 125 C Temperature Range

Figure 5. Hercules TMS570LS12x / LS11x safety microcontrollers

Accelerating motor control design for functional safety

October 2012

Texas Instruments

ARM

-
ARM
Cortex
CortexR4F
160MHz
R4

80MHz

Fail Safe
Detection

Memory
384 KB Flash
w/ ECC

Power, Clock, & Safety

32 KB
RAM w/ ECC
16KB emuE2 PROM
Memory Protection

OSC PLL

POR

PBIST

CRC

LBIST

RTI

JTAG Debug

Enhanced System Bus and Vectored Interrupt Module

Serial I/F

Network I/F

ADC / IO

Timers

MibSPI1
128 Buffers (4CS)

CAN1 (32mbx)
CAN2 (16mbx)

MibADC
64 Buffers
12-bit, 16ch

High End Timer

128 words
up to 19ch

1x LIN/UART

GIOA/INTA (8)

eQEP (x2)

2 x SPI (1CS)

Package: LQFP: 100pin

-40 to 125 C Temperature Range

Figure 6. TMS570LS04x / LS03x safety microcontrollers

TI makes it easier for customers to get started today with the Hercules RM4x safety microcontrollers
included in SafeTI-61508 and SafeTI-26262 design packages:
Safety documentation including a safety manual and safety analysis reports, details how to implement
Hercules microcontrollers in safety-critical applications, as well as failure modes, effects and diagnostic
analysis (FMEDA) that provides the failure rate information needed to meet safety standards.
Hercules Development Kits Get up and running quickly with a low-cost USB stick for Hercules RM4x
microcontrollers (TMDXRM48USB) or Hercules TMS570 microcontrollers (TMDXLS31USB). Full-featured
kits for Hercules RM4x microcontrollers (TMDXRM42HDK or TMDXRM46HDK) and Hercules TMS570
microcontrollers (TMDXLS04HDK or TMDXLS12HDK) include a development board, TIs Code Composer
Studio integrated development environment (IDE), the HALCoGen peripheral configuration tool and a
safety demo that showcases BIST execution and error-forcing modes.
Hercules Motor Control Kit Spin motors more safely in minutes with the Hercules RM46x Motor Control Kit (DRV8301-RM46-KIT) or the Hercules TMS570 Motor Control Kit (DRV8301-LS12-KIT). Included
in the kit is an RM46x controlCARD (TMDXRM46CNCD) or TMS570 controlCARD (TMDXLS12CNCD),
also available standalone, with the TPS65381-Q1 power supply, a DRV8301 EVM and a Teknic servo
motor. Also included in the kit is TIs MotorWare software, which includes field-oriented-control (FOC)
algorithms that support self-sensing feedback as a redundant/safe channel to a rotor position sensor
and example projects that leverage the ARM CMSIS DSP library and the HALCoGen peripheral library
with built-in safety support.

Accelerating motor control design for functional safety

October 2012

Texas Instruments 9

SafeTI ARM Compiler Qualification Kit Establish confidence in your development tools with TIs
new Compiler Qualification Kit. The kit will help you document, analyze, validate and qualify your use of
the TI ARM compiler to more easily meet the requirements of the ISO 26262 and IEC 61508 standards.
An early adopter release was released in October 2012, with a full-featured release following in 1Q 2013.
AutoSAR software for ISO 26262 Hercules TMS570 microcontroller designers can get the Safe
Automotive Open System Architecture (AutoSAR) with protection mechanisms to ASIL D from
TTTech/Vector. ISO 26262 AutoSAR support is available from Vector and Elektrobit.

Household appliance
motor control SafeTI
design packages

The SafeTI-60730 design package includes a safety manual and supervisory software functions and library
for added safety. Targeted for cost-effective C2000 Piccolo microcontrollers, this package allows
the designer to more easily meet IEC 60730 requirements without losing critical real-time motor control
performance.

Complementary
analog

As part of SafeTI-61508 and SafeTI-26262 design packages, a complementary multi-rail power supply, the
TPS65381-Q1 power management integrated circuit (PMIC) combines multiple power supplies and safety
features such as voltage monitoring in a single device to reduce design time and board space (Figure 7).
Functional safety architecture in the PMIC integrates features such as question-answer watchdog, MCU errorsignal monitor, clock monitoring on internal oscillators, self-check on clock monitor, CRC on non-volatile memory
and a reset circuit for the microcontroller. In addition, a BIST allows for monitoring the device functionality

TPS65381-Q1: PMIC for microcontrollers in safetycritical applications

VIN (6 36V)
Charge
Pump

SAFETY /
DIAGNOSTICS
BIST

BUCK
Converter

LDO

Functional safety
architecture features
6V @ 1.5A
(Pre-regulator)

5V @ 300mA
(CAN or ADC supply)

Q&A
Watchdog
MUX
Wake-Up
SPI
Interface

Diagnostic
State

Additional sensor
supply built-in
LDO

uC Error
Monitoring
Oscillator
Monitoring
Voltage
Monitoring
Loss of lock
Monitoring
Temp
Monitoring

Includes multiple
power supply rails
in a single device

LDO
Controller

Sensor
LDO

3.3/5V @ 300mA
(uC I/O supply)

Diagnostic interfaces

0.8-3.3V
(uC core supply)

3.3 9.5V @ 100mA

(sensor supply)

Figure 7. The TPS65381-Q1 multi-rail safety PMIC

Accelerating motor control design for functional safety

October 2012

10 Texas Instruments

DRV3201-Q1 motor driver for microcontrollers

in safety-critical applications
Boost Regulator
Vcc, VDD
Safety/
Diagnostics

Functional safety architecture

features

Three-phase
Pre-FET
Drives

Motor driver components

Power Supply

Short Monitoring
Phase Monitoring

Dead-time control
Shoot-through protection
Oscillator monitoring

Device Configuration

Supply monitoring

Programmable gate current

Temperature monitoring

Programmable Gain

Loss of lock monitoring

Sleep Mode Control

Reference
Voltage
Current
Time

Current Sense Amps

Figure 8. DRV3201-Q1 safety motor driver

at start-up and a dedicated diagnostic state allows the microcontroller to check the PMIC safety functions.
These embedded safety features can help remove the need for an additional monitoring microcontroller and
reduces cost, board space and software development time.
Also available for functional safety automotive and transportation motor control designs is the DRV3201-Q1
safety motor driver (see Figure 8). First on the market to support start/stop functionality, the motor driver
integrates functional safety architecture, such as VDS monitoring, phase comparators, shoot-through protection, dead-time control, temperature warning and protection and battery voltage detection for under- and
over-voltage protection. The motor driver also contains a bridge driver dedicated to an automotive threephase brushless DC motor, providing six dedicated drivers for normal level N-Channel MOSFET transistors up
to 250nC charge.

Conclusion

While the world of safety is ever evolving and industry standards become more strict, designs become more
complex and certification becomes increasingly complicated. But you can be one click away from easier
functional safety designs with the SafeTI design packages that can be found on www.ti.com/safeti. On
this website, you can search by application or industry standard to find everything for your motor control
functional safety designs. And of course, augmented by the largest support network, designers are never left
on their own. Learn more today at www.ti.com/safeti.

Important Notice: The products and services of Texas Instruments Incorporated and its subsidiaries described herein are sold subject to TIs standard terms and
conditions of sale. Customers are advised to obtain the most current and complete information about TI products and services before placing orders. TI assumes no
liability for applications assistance, customers applications or product designs, software performance, or infringement of patents. The publication of information
regarding any other companys products or services does not constitute TIs approval, warranty or endorsement thereof.
C2000, Code Composer Studio, Hercules, MotorWare, Piccolo and SafeTI are trademarks of Texas Instruments Incorporated. All other trademarks are the property of their
respective owners.
2012 Texas Instruments Incorporated

SPRY216A

IMPORTANT NOTICE
Texas Instruments Incorporated and its subsidiaries (TI) reserve the right to make corrections, enhancements, improvements and other
changes to its semiconductor products and services per JESD46, latest issue, and to discontinue any product or service per JESD48, latest
issue. Buyers should obtain the latest relevant information before placing orders and should verify that such information is current and
complete. All semiconductor products (also referred to herein as components) are sold subject to TIs terms and conditions of sale
supplied at the time of order acknowledgment.
TI warrants performance of its components to the specifications applicable at the time of sale, in accordance with the warranty in TIs terms
and conditions of sale of semiconductor products. Testing and other quality control techniques are used to the extent TI deems necessary
to support this warranty. Except where mandated by applicable law, testing of all parameters of each component is not necessarily
performed.
TI assumes no liability for applications assistance or the design of Buyers products. Buyers are responsible for their products and
applications using TI components. To minimize the risks associated with Buyers products and applications, Buyers should provide
adequate design and operating safeguards.
TI does not warrant or represent that any license, either express or implied, is granted under any patent right, copyright, mask work right, or
other intellectual property right relating to any combination, machine, or process in which TI components or services are used. Information
published by TI regarding third-party products or services does not constitute a license to use such products or services or a warranty or
endorsement thereof. Use of such information may require a license from a third party under the patents or other intellectual property of the
third party, or a license from TI under the patents or other intellectual property of TI.
Reproduction of significant portions of TI information in TI data books or data sheets is permissible only if reproduction is without alteration
and is accompanied by all associated warranties, conditions, limitations, and notices. TI is not responsible or liable for such altered
documentation. Information of third parties may be subject to additional restrictions.
Resale of TI components or services with statements different from or beyond the parameters stated by TI for that component or service
voids all express and any implied warranties for the associated TI component or service and is an unfair and deceptive business practice.
TI is not responsible or liable for any such statements.
Buyer acknowledges and agrees that it is solely responsible for compliance with all legal, regulatory and safety-related requirements
concerning its products, and any use of TI components in its applications, notwithstanding any applications-related information or support
that may be provided by TI. Buyer represents and agrees that it has all the necessary expertise to create and implement safeguards which
anticipate dangerous consequences of failures, monitor failures and their consequences, lessen the likelihood of failures that might cause
harm and take appropriate remedial actions. Buyer will fully indemnify TI and its representatives against any damages arising out of the use
of any TI components in safety-critical applications.
In some cases, TI components may be promoted specifically to facilitate safety-related applications. With such components, TIs goal is to
help enable customers to design and create their own end-product solutions that meet applicable functional safety standards and
requirements. Nonetheless, such components are subject to these terms.
No TI components are authorized for use in FDA Class III (or similar life-critical medical equipment) unless authorized officers of the parties
have executed a special agreement specifically governing such use.
Only those TI components which TI has specifically designated as military grade or enhanced plastic are designed and intended for use in
military/aerospace applications or environments. Buyer acknowledges and agrees that any military or aerospace use of TI components
which have not been so designated is solely at the Buyer's risk, and that Buyer is solely responsible for compliance with all legal and
regulatory requirements in connection with such use.
TI has specifically designated certain components which meet ISO/TS16949 requirements, mainly for automotive use. Components which
have not been so designated are neither designed nor intended for automotive use; and TI will not be responsible for any failure of such
components to meet such requirements.
Products

Applications

Audio

www.ti.com/audio

Automotive and Transportation

www.ti.com/automotive

Amplifiers

amplifier.ti.com

Communications and Telecom

www.ti.com/communications

Data Converters

dataconverter.ti.com

Computers and Peripherals

www.ti.com/computers

DLP Products

www.dlp.com

Consumer Electronics

www.ti.com/consumer-apps

DSP

dsp.ti.com

Energy and Lighting

www.ti.com/energy

Clocks and Timers

www.ti.com/clocks

Industrial

www.ti.com/industrial

Interface

interface.ti.com

Medical

www.ti.com/medical

Logic

logic.ti.com

Security

www.ti.com/security

Power Mgmt

power.ti.com

Space, Avionics and Defense

www.ti.com/space-avionics-defense

Microcontrollers

microcontroller.ti.com

Video and Imaging

www.ti.com/video

RFID

www.ti-rfid.com

OMAP Applications Processors

www.ti.com/omap

TI E2E Community

e2e.ti.com

Wireless Connectivity

www.ti.com/wirelessconnectivity
Mailing Address: Texas Instruments, Post Office Box 655303, Dallas, Texas 75265
Copyright 2012, Texas Instruments Incorporated