부품 번호 검색

상호 참조 검색

About information presented in this cross reference

The information presented in this cross reference is based on TOSHIBA's selection criteria and should be treated as a suggestion only. Please carefully review the latest versions of all relevant information on the TOSHIBA products, including without limitation data sheets and validate all operating parameters of the TOSHIBA products to ensure that the suggested TOSHIBA products are truly compatible with your design and application.
Please note that this cross reference is based on TOSHIBA's estimate of compatibility with other manufacturers' products, based on other manufacturers' published data, at the time the data was collected.
TOSHIBA is not responsible for any incorrect or incomplete information. Information is subject to change at any time without notice.

키워드 검색

파라미터 검색

재고 확인 및 구매

Select Product Categories

Functional Safety Technologies

Toshiba offers automotive microcontrollers that feature an optimized tightly coupled fault supervisor as a means of ensuring functional safety and have received Technical Report I for IEC61508 SIL3 from an authorized certification body. These microcontrollers deliver safer and more cost-effective solutions.

Toshiba SIL3 Method

This figure provides an overview of the Toshiba SIL3 Method.

In a optimized tightly coupled fault supervisor configuration, execution core A is tightly coupled with a suite of hardware checkers, that reference internal signals. This way, comparison and self-diagnosis can be performed automatically. The new configuration offers hardware and software size reductions,compared to the traditional dual-core configuration.

Proposals on Low-Cost Fail-Safe and Fail-Operational Systems

  Competitors' MCU Toshiba's tightly coupled MCU
1-out-of-1 Single-Core

Can not implement fail-safe functions. (Needs a secondary MCU.)

Can not implement fail-safe functions.
(Needs a secondary MCU.)

Stops the car safely in the event of an unstable cruising condition (Fail-safe)

Stops the car safely in the event of an unstable cruising condition (Fail-safe)

1-out-of-2 Dual-Core

Stops the car safely in the event of an unstable cruising condition (Fail-safe)

Stops the car safely in the event of an unstable cruising condition (Fail-safe)

Keeps the car in a stable cruising condition. (Fail-operational and fault-tolerant system)

Keeps the car in a stable cruising condition.
(Fail-operational and fault-tolerant system)

Toshiba's single-core MCU supports fail-safe function, which traditionally required a dual-core implementation. Additionally, Toshiba's dual-core MCU supports fail-operational and fault-tolerant systems.

Toshiba Functional Safety Package

This figure shows the diagram of functional safety package.

Toshiba offers a support environment not only from a system perspective but also from a customer perspective.

Feature 1: Support from a device perspective

Toshiba's functional safety technology is based on an optimized tightly coupled fault supervisor, which observes and directs the operation of not only the CPU but also its peripherals. The functional safety alarm output at the interface between an MCU and a power supply IC can be monitored to enhance automotive functional safety from a system perspective.

Example of Functional Safety Block for an Automotive MCU (including the interface between the MCU and the power supply IC)

This is a example of functional safety block for an automotive MCU.
Features of the Functional Safety Block
  • Monitors all the peripheral blocks, the CPU, buses and memories used by application software except a few communication control blocks
  • Incorporates an fRNET block that handles alarms from all the monitor functions
  • Sends alarm signals from all the monitor functions directly from fRNET to the external world without involving the CPU
  • Self-diagnosis function of fRNET to protect its alarm-handling function
*1 Fault diagnosis circuit from Yogitech that monitors memories
*2 Fault diagnosis circuit from Yogitech that monitors the on-chip CPU buses
*3 Fault diagnosis circuit from Yogitech that monitors the entire CPU
*4 Fault diagnosis circuit developed by Toshiba
*5 Fault diagnosis circuit from Yogitech that collects all alarm and fault information and manages fault handling

Feature 2: Fault Injection (Under Development)

This figure shows the diagram of fault injection system development flow.

The Full-ICE MCU emulator provides a fault injection test environment that can directly be connected to a customer's hardware evaluation environment. It is easy to learn and yet allows flexible fault injection testing.

Feature 3: Functional Safety IP Library

The Functional Safety IP Library is a software library designed to detect faults in an automotive MCU. It has been created using a software development process certified by TÜV-SÜD.

The Functional Safety IP Library helps its users reduce development time.

This figure shows software library offerings.

Reduction in the time required to create a safety mechanism

This figure shows reduction in the time required to create a safety mechanism.
  • Performs requirements analysis and verification on the fault diagnosis section of an MCU
  • Identifies application-specific interfaces (APIs) to enable quick feedback to a system design
  • Guarantees that the fault coverage required by ASIL D is met

Reduction in the time required to meet accountability requirements

This figure shows reduction in the time required to meet accountability requirements.
  • A set of documents necessary to achieve accountability is pre-packaged.

What Is Functional Safety?

Take, for example, an intersection of a railway and a road. How can you ensure safety there?

  • Overpass: Intrinsically prevents hazards (intrinsic safety)
  • Railway crossing: Prevents hazards by using a safety system (functional safety)

To achieve functional safety, a number of measures against failures must be implemented in a design.

  • Deterministic faults: Were functional bugs weeded out from hardware and software designs?
  • Random hardware faults: Were wear-out and chance failures factored into hardware design?

International standards of rules on electronic control systems

  • Basic functional safety standard applicable to all kinds of industry: IEC 61508 (Second edition released in April 2010)
    Coverage: Atomic power facilities, railroads, processing facilities (plants), industrial machines, automobiles, etc.
  • Adaptation of IEC 61508 for automotive electric/electronic systems: ISO 26262 (published on November 15, 2011)
* Arm and Cortex are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
* System and product names mentioned herein may be trademarks or registered trademarks of respective companies or organizations.

문의

기술 문의

문의

문의

자주 있는 문의

자주 있는 문의

Queries about purchasing, sampling and IC reliability

재고 확인 및 구매

keyword:

A new window will open