Contact us

Uma nova janela será aberta Uma nova janela será aberta

Functional Safety Technologies

Toshiba offers automotive microcontrollers that feature an optimized tightly coupled fault supervisor as a means of ensuring functional safety and have received Technical Report I for IEC61508 SIL3 from an authorized certification body. These microcontrollers deliver safer and more cost-effective solutions.

Toshiba SIL3 Method

This figure provides an overview of the Toshiba SIL3 Method.

In a optimized tightly coupled fault supervisor configuration, execution core A is tightly coupled with a suite of hardware checkers, that reference internal signals. This way, comparison and self-diagnosis can be performed automatically. The new configuration offers hardware and software size reductions,compared to the traditional dual-core configuration.

Proposals on Low-Cost Fail-Safe and Fail-Operational Systems

Should the engine control MCU fail while driving...
Competitors' MCU Toshiba's tightly coupled MCU
1-out-of-1 Single-Core Can not implement fail-safe functions. (Needs a secondary MCU.)
Can not implement fail-safe functions.
(Needs a secondary MCU.)
Stops the car safely in the event of an unstable cruising condition (Fail-safe)
Stops the car safely in the event of an unstable cruising condition (Fail-safe)
1-out-of-2 Dual-Core Stops the car safely in the event of an unstable cruising condition (Fail-safe)
Stops the car safely in the event of an unstable cruising condition (Fail-safe)

Keeps the car in a stable cruising condition. (Fail-operational and fault-tolerant system)

Keeps the car in a stable cruising condition.
(Fail-operational and fault-tolerant system)

Toshiba's single-core MCU supports fail-safe function, which traditionally required a dual-core implementation. Additionally, Toshiba's dual-core MCU supports fail-operational and fault-tolerant systems.

Toshiba Functional Safety Package

Toshiba offers a support environment not only from a system perspective but also from a customer perspective.

This figure shows the diagram of functional safety package.

Feature 1: Support from a device perspective

Toshiba's functional safety technology is based on an optimized tightly coupled fault supervisor, which observes and directs the operation of not only the CPU but also its peripherals. The functional safety alarm output at the interface between an MCU and a power supply IC can be monitored to enhance automotive functional safety from a system perspective.

Example of Functional Safety Block for an Automotive MCU (including the interface between the MCU and the power supply IC)

This is a example of functional safety block for an automotive MCU.

Features of the Functional Safety Block
  • Monitors all the peripheral blocks, the CPU, buses and memories used by application software except a few communication control blocks
  • Incorporates an fRNET block that handles alarms from all the monitor functions
  • Sends alarm signals from all the monitor functions directly from fRNET to the external world without involving the CPU
  • Self-diagnosis function of fRNET to protect its alarm-handling function

*1 Fault diagnosis circuit from Yogitech that monitors memories
*2 Fault diagnosis circuit from Yogitech that monitors the on-chip CPU buses
*3 Fault diagnosis circuit from Yogitech that monitors the entire CPU
*4 Fault diagnosis circuit developed by Toshiba
*5 Fault diagnosis circuit from Yogitech that collects all alarm and fault information and manages fault handling

Feature 2: Fault Injection (Under Development)

The Full-ICE MCU emulator provides a fault injection test environment that can directly be connected to a customer's hardware evaluation environment. It is easy to learn and yet allows flexible fault injection testing.

This figure shows the diagram of fault injection system development flow.

Feature 3: Functional Safety IP Library

The Functional Safety IP Library is a software library designed to detect faults in an automotive MCU. It has been created using a software development process certified by TÜV-SÜD.

The Functional Safety IP Library helps its users reduce development time.

This figure shows software library offerings.

Reduction in the time required to create a safety mechanism
  • Performs requirements analysis and verification on the fault diagnosis section of an MCU
  • Identifies application-specific interfaces (APIs) to enable quick feedback to a system design
  • Guarantees that the fault coverage required by ASIL D is met

This figure shows reduction in the time required to create a safety mechanism.

Reduction in the time required to meet accountability requirements
  • A set of documents necessary to achieve accountability is pre-packaged.

This figure shows reduction in the time required to meet accountability requirements.

What Is Functional Safety?

Take, for example, an intersection of a railway and a road. How can you ensure safety there?
  • Overpass: Intrinsically prevents hazards (intrinsic safety)
  • Railway crossing: Prevents hazards by using a safety system (functional safety)
To achieve functional safety, a number of measures against failures must be implemented in a design.
  • Deterministic faults: Were functional bugs weeded out from hardware and software designs?
  • Random hardware faults: Were wear-out and chance failures factored into hardware design?
International standards of rules on electronic control systems
  • Basic functional safety standard applicable to all kinds of industry: IEC 61508 (Second edition released in April 2010)
    Coverage: Atomic power facilities, railroads, processing facilities (plants), industrial machines, automobiles, etc.
  • Adaptation of IEC 61508 for automotive electric/electronic systems: ISO 26262 (published on November 15, 2011)

* ARM, Cortex and Thumb are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere.

* System and product names mentioned herein may be trademarks or registered trademarks of respective companies or organizations.

Contatos

Se você tiver alguma dúvida, clique em um destes links:

Dúvidas técnicas
Dúvidas sobre compras, exemplos e confiabilidade de IC
·Before creating and producing designs and using, customers must also refer to and comply with the latest versions of all relevant TOSHIBA information and the instructions for the application that Product will be used with or for.