Highly configurable to meet your needs
The freely programmable high-end controllers with a powerful dual-core ARM Cortex®-R4 lockstep processor are protected by a compact, automotive-style housing suited for harsh environments. The safety controllers fulfill requirements up to SIL 2 (EN 61508) / PL d (EN ISO 13849) / AgPL d (ISO 25119)* / ASIL C (ISO 26262)* – and can be programmed either in C or in CODESYS®. The safety certified CODESYS® Safety SIL 2 speeds up application validation of the certified controller significantly.
The extensive I/O set with various configuration options makes the TTC 500 control units suitable for a wide range of high-end applications: For example, a group of 8 I/O pins can be individually configured for use as voltage output, digital output or analog input. Another use case is to build up a centralized architecture using one of the TTC 500 safety controllers for the whole vehicle. Ethernet and BroadR-Reach® connectivity is available both for the customer application and download and debugging purposes.
Reliable safety without compromise
The majority of run-time tests that is needed to achieve the diagnostic coverage required for SIL 2 / PL d / AgPL d / ASIL C is performed in hardware by the dual-core lockstep CPU and its safety companion. This ensures that much more processing power remains available for the application in comparison to solutions that implement safety measures in software. The available memory protection mechanisms allow to execute safety and non-safety software on the same safety control unit without interference. The time-consuming validation of non-safe software is therefore no longer necessary. Safe data communication is achieved by the standardized CANopen® Safety protocol of the control units. In case of safety-relevant failure, outputs can be shut-off in 3 groups allowing limp-home functionality.
Ensuring efficient and timely execution of all tasks
As an extension of the C-programming environment, the SAFERTOS® integration improves the traditional way of designing and writing an ECU application, allowing the split of the “main loop” user application into multiple working tasks that run until they are interrupted by a higher-priority task, blocked (waiting for an external event) or until a time limit expired. The real-time OS specific functionality has been extended with control application specific features, like run-time separation into safe- and non-safe tasks, a monitoring concept for ensuring timely execution of all tasks and application task ownership of any TTC 500 I/O port used. The efficient inter-task communication and synchronization mechanism using queue implementation permits data to be safely transferred between tasks.
TTC 500 control units are available in five variants, TTC 508, TTC 510, TTC 540, TTC 580 and TTC 590, with different I/O sets and interfaces to meet the different requirements of the OEMs for a high-end controller.
* available for C-programming only
- 96 I/Os with multiple configuration options
- Open programming environments C, CODESYS® Safety SIL 2 and CODESYS® standard
- C programming extended with SAFERTOS® Integration
- Up to 7 CAN interfaces
- CAN ISOBUS interface
- Automatic baudrate detection
- Configurable CAN termination
- Ethernet / BroadR-Reach®
- Automotive-style aluminium housingfor rough operating conditions
- Total current up to 60A
- SIL 2 (EN 61508) / PL d (EN ISO 13849) / AgPL d (ISO 25119)* / ASIL C (ISO
26262)* TÜV certified controllers
- CODESYS® Safety SIL 2 including support for CODESYS® Safety SIL 2 including support for CANopen Safety Master and separation of safe / non-safe code
- CODESYS® “standard“ for applications without safety requirements
- Output shut-off in groups
- 32-bit 180 MHz dual-core lockstep
- Up to 2.3 MB RAM / 32 MB Flash