Implementation of a Basic Single-Microcontroller Monitoring Concept for Safety Critical Systems on a Dual-Core Microcontroller 2007-01-1486
Electronic Control Units of safety critical systems require constant monitoring of the hardware to be able to bring the system to a safe state if any hardware defects or malfunctions are detected. This monitoring includes memory checking, peripheral checking as well as checking the main processor core. However, checking the processor core is difficult because it cannot be guaranteed that the error will be properly detected if the monitor function is running on a processing system which is malfunctioning. To circumvent this issue, several previously presented monitoring concepts (e.g. SAE#2006-01-0840) employ a second external microprocessor to communicate with the main processor to check its integrity. This paper will present a concept which maps the functions of the external monitoring unit into an internal second processing core which are frequently available on modern, 32bit, monolithic, dual-core microcontrollers.
Citation: Brewerton, S., Schneider, R., and Eberhard, D., "Implementation of a Basic Single-Microcontroller Monitoring Concept for Safety Critical Systems on a Dual-Core Microcontroller," SAE Technical Paper 2007-01-1486, 2007, https://doi.org/10.4271/2007-01-1486. Download Citation
Simon Brewerton, Rolf Schneider, Denis Eberhard
Infineon Technologies UK Ltd, AUDI AG
SAE World Congress & Exhibition
Automotive Microcontrollers, Volume 2-PT-137, Safety-Critical Systems, 2007-SP-2121, SAE 2007 Transactions Journal of Passenger Cars: Electronic and Electrical Systems-V116-7