Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Controls/MCUs

MCU features change for ISO 26262 safety standard

Posted: 28 May 2013     Print Version  Bookmark and Share

Keywords:Functional safety  ISO 26262  MCUs  Dual-core lock-step  advanced driver assistance systems 

Functional safety is becoming increasingly relevant for electrical and/or electronic systems (E/E systems) in the automotive domain through the ever increasing benefits of electronic control. This article explains how state-of-the-art MCUs support current safety standards.

Safety aspect are not only relevant for new automotive systems such as advanced driver assistance systems but also for established systems, such as power steering, and even seemingly simpler systems, such as various lighting controls, to name just a few examples. When looking at such systems it soon becomes evident that a malfunction of such an E/E system could be a source of harm in the form of physical injury or damage to the health of persons. In late 2011, the ISO 26262 standard was released as a sector specific functional safety standard for the automotive sector intended for—but not limited to—E/E systems in series production passenger cars. The objective of functional safety according to the ISO 26262 is to circumvent potential harm to persons that could be caused by malfunctioning E/E systems. In this sense, the standard defines functional safety as the "absence of unreasonable risk due to hazards caused by malfunctioning behaviour of E/E systems."

The ISO 26262 standard distinguishes between two main categories of failures that can lead to malfunctioning behaviour of E/E systems. The one category focuses on systematic failures, which are defined as "related in a deterministic way to a certain cause that can only be eliminated by a change of the design or of the manufacturing process, operational procedures, documentation or other relevant factors." Typical examples for systematic failures are failures such as those caused by SW bugs, manufacturing defects, flawed system design, or similar. Systematic failures can originate in HW as well as in SW. Due to their nature, systematic failures will typically be evident across a broader scope of a mass produced product population. The other category focuses on random hardware failures, which are defined as occurring "unpredictably during the lifetime of a hardware element and that follows a probability distribution." Typical examples for random hardware failures are failures such as those caused by alpha particles, neutrons or similar. Random hardware failures originate in hardware.

Addressing such systematic failures and random hardware failures involves three main types of measures: procedural measures that relate to the design and manufacturing lifecycle of the system, functional measures that provide dedicated services during run-time and structural measures that involve the physical layout and partitioning of the system. The tablelists typical procedural, functional and structural measures.

Table: Typical procedural, functional and structural measures.

The procedural measures are the main line of attack against both systematic SW failures and systematic HW failures. The reason for this is simple. Procedural measures focus on avoidance and are therefore far more efficient than functional measures that are executed during run-time. Functional measures typically serve as the main means to address random HW failures. The same set of measures can also help to address residual systematic failures that remained undetected by the procedural measures. The combination of HW processing redundancy combined with SW diversity and I/O monitoring often yields a preferable balance of techno-economical constraints that need to be met for commercial viability. Last but not least, structural measures are important to address the issue of spatial proximity failures and are often the key to limit the amount of redundancy needed to address random HW failures.

MCUs and ISO 26262 requirements
In light of the needs of functional safety systems, a new class of microcontrollers (MCUs) is emerging with an extensive offering of safety measures targeting the avoidance and control of systematic failures (i.e. failures potentially introduced during the design, development or manufacturing process) as well as the detection and control of random hardware failures (i.e. failures that can occur unpredictably and that follow a probability distribution).
 • From a procedural perspective, these MCUs have been designed under special consideration of the requirements set forth in the ISO 26262 standard for the avoidance of systematic HW failures and offered with related collateral, such as FMEDA and the dependent failure avoidance measures and other relevant information documented in dedicated safety manuals.
 • From a functional perspective, these MCUs offer integrated safety mechanisms for the computational infrastructure, such as dual-core lock-step execution of code, clock monitoring, power monitoring, ECC protection of RAM, ROM and interconnection structures, special considerations of peripheral I/O interfaces, etc.
 • From a structural perspective these MCUs provide special architectural considerations, such as partitioning of the die into separate lakes and column multiplexing of memory structures to improve the effectiveness of ECC.

1 • 2 Next Page Last Page

Comment on "MCU features change for ISO 26262 sa..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top