The HY-TTC 500 product family is a high-end electronic control solution equipped for upcoming needs. The controller with its powerful TMS570 dual-core lockstep CPU is designed for use in demanding safety-relevant automotive applications. The five product variants HY-TTC 590, HY-TTC 580, HY-TTC 540, HY-TTC 510 and HY-TTC 508 fulfill safety requirements up to SIL 2 (IEC 61508), PL d (ISO 13849) and AgPL d (ISO 25119)*. They are part of a complete and compatible product family and can be programmed either in C, CODESYS® Safety SIL 2 or in SAFERTOS® environment.
* available only for HY-TTC 508 and 590.
The extensive I/O set with various configuration options makes the HY-TTC 500 controllers suitable for a wide range of high-end applications: For example, a group of 8 I/O pins can be individually configured for use as PVG output, voltage output, digital output or analog input. Commissioning time can be improved by using Ethernet for download and debugging purposes. Commissioning time can be improved by using Ethernet for download and debugging purposes.
A high percentage of the run-time tests that are needed to achieve the diagnostic coverage required for SIL 2 / PL d is performed in hardware by the dual-core lockstep CPU and its safety companion. This keeps much more processing power available for the application in comparison with solutions that implement the safety measures in software. The available memory protection mechanisms allow to execute safety and non-safety software on the same ECU without interference. The time-consuming validation of non-safety software is therefore no longer necessary. Safe data communication is achieved by the standardized CANopen® Safety protocol of the control units. In case of a safety-relevant failure, outputs can be shut off in 3 groups allowing limp-home functionality. The safety certified CODESYS® Safety SIL 2 with its validated compiler and code generator speeds up application development significantly.
As an extension of the C-programming environment, the SAFERTOS® integration improves the traditional way of designing and writing an ECU application, allowing the split of the “main loop” user application into multiple working tasks that run until they are interrupted by a higher-priority task, blocked (waiting for an external event) or until a time limit expires. The real-time OS specific functionality has been extended with control application specific features, like run-time separation into safety-critical and other tasks, a monitoring concept for ensuring timely execution of all tasks and application task ownership of any HY-TTC 500 I/O port used. The efficient inter-task communication and synchronization mechanism using queue implementation permits data to be safely transferred between tasks.