Safety Integrity of Memory Sub-Systems in Automotive Microcontrollers 2007-01-1494
The memory sub-system is one of the most critical blocks in a microcontroller unit (MCU) with respect to safety integrity: it represents the main repository for data and codes, but at the same time it is the most sensible location for HW and SW faults. For random HW faults, protection techniques exist, both at technology and circuit-level: but some unsolved issues still remain. For SW faults, Memory Protection Units (MPU) are commonly used to prevent unauthorized access to certain memory areas. The standard MPU is CPU-centric and therefore it does not offer a complete protection at MCU level, specifically not for memory subsystems with more than one master (multi-master microcontroller).
This paper describes a fault supervisor for memory sub-system that overcomes known insufficiencies and that has been designed in accordance to IEC 61508. In a reference project together with NXP, the integration of this supervisor has been assessed based on NXP's 32-bit MCU platforms for automotive applications. The paper goes into details of the comprehensive validation, from the Safety Requirements Specification down to the Failure Mode and Effect Analysis, facilitated by a sophisticated fault injection approach. The result section includes figures for costs and benefits of the proposed approach and presents the outcome of the safety integrity evaluation.