Search Results

It is very common that a microcontroller is used in a safety relevant system to acquire data from sensors, process the data and then control actuators. With the shrink of technology every few years it becomes ever more common to use digital serial interfaces and high speed PWM links for both inputs and outputs. The microcontroller vendors have responded to the need for functional safety in the CPU cores by lock-stepping them and adding ECC to buses and memories. They are also implementing highly flexible and complex timer peripherals to be able to automate much of the real-time processing of the digital signals. However these timers are becoming significantly large, and many have their own embedded sequence engines or microkernels, which although powerful, often lack the rigorous diagnostic mechanisms required to reach ASILD.

ISO 26262 is the actual standard for Functional Safety of automotive E/E (Electric/Electronic) systems. One of the challenges in the application of the standard is the distribution of safety related activities among the participants in the supply chain. In this paper, the concept of a Safety Element out of Context (SEooC) development will be analyzed showing its current problematic aspects and difficulties in implementing such an approach in a concrete typical automotive development flow with different participants (e.g. from OEM, tier 1 to semiconductor supplier) in the supply chain. The discussed aspects focus on the functional safety requirements of generic hardware and software development across the supply chain where the final integration of the developed element is not known at design time and therefore an assumption based mechanism shall be used.