Contact us

在新視窗打開 在新視窗打開

功能安全技術

東芝公司提供的微處理器具有經過優化的故障緊密監督系統,以此確保功能安全。並且榮獲了授權認證機構頒發的IEC61508 SIL3技術報告1。這些微控制器提供更安全、更具成本效益的解決方案。

東芝公司SIL3技術

這是東芝公司SIL3技術的外形綜述圖。

優化了的故障緊密監督系統,執行內核A與一套硬體檢查器緊密配合工作,每一個檢查器包含一個比較器和一個自我診斷設備。通過這種方式,能夠自動進行比較和自我診斷。與傳統雙核配置相比,新配置減少了硬體的數量和軟體的大小。

這是東芝SIL3技術外觀圖.

符合SIL3標準的設計技術

這是符合SIL3標準的設計技術外觀說明圖.

東芝公司的單核微控制器平臺是專門為SIL3而設計的,它支援故障運行和容錯系統,其功能安全操作受到了外部TÜV-SÜD的高度評價。

低成本故障安全和帶故障運行系統提案

開車時如果控制引擎的MCU出現故障
競爭者的微控制器 東芝公司的緊密耦合微控制器
一對一單核 不能實施故障安全功能(需要從微控制器)
不能實施故障安全功能
(需要從微控制器)
在不穩定巡航的條件下安全地停止汽車(故障安全)
在不穩定巡航的條件下安全地停止汽車
(故障安全)
二中選一雙核 在不穩定巡航的條件下安全地停止汽車(故障安全)
在不穩定巡航的條件下安全地停止汽車
(故障安全)
將汽車保持在穩定巡航的狀態下(帶故障運行和容錯系統)
將汽車保持在穩定巡航的狀態下
(帶故障運行和容錯系統)

東芝公司的單核微控制器支援故障安全功能,傳統上需要執行雙內核才能達到這個目的。另外,東芝公司的雙核微控制器支援故障運行和容錯系統。

Toshiba Functional Safety Package

Toshiba offers a support environment not only from a system perspective but also from a customer perspective.

This figure shows the diagram of functional safety package.

Feature 1: Support from a device perspective

Toshiba's functional safety technology is based on an optimized tightly coupled fault supervisor, which observes and directs the operation of not only the CPU but also its peripherals. The functional safety alarm output at the interface between an MCU and a power supply IC can be monitored to enhance automotive functional safety from a system perspective.

Example of Functional Safety Block for an Automotive MCU (including the interface between the MCU and the power supply IC)

This is a example of functional safety block for an automotive MCU.

Features of the Functional Safety Block
  • Monitors all the peripheral blocks, the CPU, buses and memories used by application software except a few communication control blocks
  • Incorporates an fRNET block that handles alarms from all the monitor functions
  • Sends alarm signals from all the monitor functions directly from fRNET to the external world without involving the CPU
  • Self-diagnosis function of fRNET to protect its alarm-handling function

*1 Fault diagnosis circuit from Yogitech that monitors memories
*2 Fault diagnosis circuit from Yogitech that monitors the on-chip CPU buses
*3 Fault diagnosis circuit from Yogitech that monitors the entire CPU
*4 Fault diagnosis circuit developed by Toshiba
*5 Fault diagnosis circuit from Yogitech that collects all alarm and fault information and manages fault handling

Feature 2: Fault Injection (Under Development)

The Full-ICE MCU emulator provides a fault injection test environment that can directly be connected to a customer's hardware evaluation environment. It is easy to learn and yet allows flexible fault injection testing.

This figure shows the diagram of fault injection system development flow.

Feature 3: Functional Safety IP Library

The Functional Safety IP Library is a software library designed to detect faults in an automotive MCU. It has been created using a software development process certified by TÜV-SÜD.

The Functional Safety IP Library helps its users reduce development time.

This figure shows software library offerings.

Reduction in the time required to create a safety mechanism
  • Performs requirements analysis and verification on the fault diagnosis section of an MCU
  • Identifies application-specific interfaces (APIs) to enable quick feedback to a system design
  • Guarantees that the fault coverage required by ASIL D is met

This figure shows reduction in the time required to create a safety mechanism.

Reduction in the time required to meet accountability requirements
  • A set of documents necessary to achieve accountability is pre-packaged.

This figure shows reduction in the time required to meet accountability requirements.

什麼是功能安全?

以鐵路和公路的交叉口為例,如何確保安全呢?
  • 立交橋:本身便可以阻止危險的發生(本質安全型)
  • 鐵路交叉口:通過使用安全系統阻止危險的發生(功能安全型)
為實現功能安全,在設計時必須實施一系列阻止故障發生的措施。
  • 確定性故障:硬體和軟體的設計是否能消除功能缺陷?
  • 隨機硬體故障:硬體設計時,是否考慮到了磨損和偶發故障?
電子控制系統的國際標準
  • 適用於所有行業的基本功能安全標準: IEC61508 (第二版:2010年4月發行)
    範圍:原子能設備、鐵路、處理設施(工廠)、工業機器、汽車等等。
  • 適用於汽車電氣/電子系統的IEC61508:ISO 26262(2011年11月15日實施)

* ARM,Cortex和Thumb是ARM Limited公司在歐盟和其他國家使用的商標或注冊商標。

* 本文中涉及到的系統和產品名稱可能是相關公司或組織的商標或注冊商標。

相關鏈接

聯繫方式

如您需查詢,請點擊其中任何一個連結

技術方面的問題
購買、樣片和IC可靠性的相關諮詢
·Before creating and producing designs and using, customers must also refer to and comply with the latest versions of all relevant TOSHIBA information and the instructions for the application that Product will be used with or for.