Safety electronics is one of the key drivers for reducing road fatalities, as seen by an increasing trend for governments to legislate mandatory use of electronically controlled active and passive safety systems. Furthermore in areas such as EPS the safety aspects are also complemented by a reduction of fuel consumption to provide an overall improvement in vehicle energy efficiency and thus a reduction in CO2 emissions.
Safety Integrity Level (SIL, according to IEC61508) or Automotive Safety Integrity Level (ASIL, defined by ISO26262) specifies the necessary safety measures for avoiding unreasonable risk. There are four SIL (1-4) or ASIL levels (A-D) where D represents the most and A the least stringent level of a given safety function. To help customers efficiently reach the desired SIL certification, Infineon introduced its PRO-SIL™ safety products, which include SIL-supporting safety hardware, software and documentation. Key components of the Infineon safety solution are the powerful TriCore-based microcontrollers, the dedicated SafeTcore software library, the new signature watchdog CIC61508, and complete documentation.
Safety systems require an independent watchdog device which implements a robust monitoring channel for main microcontroller supervision in ISO26262 and IEC61508 compliant safety applications. The latest version of the ISO26262 part 5 defined that a coded window watchdog (normally SPI interface) is needed to meet ASIL C or ASIL D, which is a higher requirement than the simple pin toggle window watchdog used in less stringent applications. The Infineon CIC61508 serves as an independent diagnostic monitoring device to allow the safety relevant system to be ASIL-D approved.
The test features supported by the CIC61508 and stored in its ROM include an internal opcode test scheduler/sequencer which generates a sequence of test requests with specific data and checks the response against a user defined table. Other monitoring functions include the capability of detecting undervoltage and overvoltage in up to four power supplies, capability to monitor up to eight parallel data comparisons and verification functions, an operating system task monitor to check the predefined dispatch sequence and execution budgets of critical tasks and three independent system control pins which can be used to bring the system under control into a safe state in a deterministic manner.
Availability
Engineering samples of the CIC61508 in TSSOP-38 packages with a wide ambient temperature range from -40 °C to 140 °C are available, with volume production planned for Q2 2011. The CIC61508 is supported by the SafeTcore software package featuring microcontroller core and peripherals tests to support functional safety applications according to IEC61508/ISO26262. An evaluation version of the SafeTcore software is available for download at http://www.infineon.com/SIL.
SafeTkit: All elements for ASIL-D or SIL3 certification
The 32-bit SafeTkit offered by the company Hitex Development Tools provides a great introduction to the Infineon safety system for the TriCore microcontroller family by providing the heart of an ASIL-D/SIL3 capable platform in an easy-to-configure and easy-to-use format. The SafeTkit includes a TriCore evaluation board with the CIC61508 and the SafeTcore test library. Hitex also provides a complete tool chain including a TriCore compiler evaluation licence, a safety demonstration application and a test bench. A comprehensive set of documentation including safety manuals and quick start guide complete the safety kit. All the major safety features are available and can be reconfigured to assess their effect on system behavior and gain an understanding of the underlying concepts. Hitex has been honored at this year’s “Embedded World” tradeshow with the “embedded Award 2011” for the SafeTkit.