How to easily achieve the safety of car functions?
Every engineer strives to build a 100% fail-safe system, but it is quite difficult to achieve this ideal goal in an economical way. Therefore, standards such as ISO 26262 and IEC 61508 generally use probabilistic risk assessment methods when defining the functional safety levels required by safety-related systems. These standards define (automotive) safety integrity levels (ASIL / SIL) to specify the system attributes that must be adhered to, and the engineering process rigor that should be used to meet the relevant system certification requirements, including defining system safety goals and tolerance for errors The security concept of the rate, and the security architecture that configures the function to the hardware and software functions, to continuously detect whether the system is operating normally for a long time. Traditionally, security software, hardware, and tools are independent solutions that can solve some of their needs individually, but cannot be integrated. However, there is currently an integrated PRO-SIL â„¢ concept that provides a complete solution, which can achieve functional safety goals in an effective and integrated manner to fully reduce risks, save costs, and reduce complexity.
The basic motivation for developing "safe" systems is to ensure safe operation and clearly defined behavior when defects are found. It is against this background that the IEC 61508 standard was developed in the mid-1980s and is constantly being revised. This standard defines the design of safety systems for electronic and electric devices. In addition, standards for specific needs such as process automation (IEC 61511), mechanical automation (ISO 13849), drive units (IEC 61800-5), nuclear energy (IEC 61513), and automobiles (ISO 26262 draft) are also derived from this general standard Made. The measurement method to ensure compliance with the IEC 61508 standard depends on the safety integrity level (Table 1) required for each hazard in the system (SIL 1 to SIL 4 for automation applications and ASIL A to ASIL D for automotive applications).
Table 1 Safety Integrity Level, which stipulates compliance items in accordance with the system safety certification of IEC 61508 or ISO 26262
In the past two years, functional safety has shifted from system integrator operations to component / software levels. Both simple electronic components and complex microprocessors must support IEC 61508. For system designers, one of the most important and often the most time-consuming challenges is to ensure the safety of the system, and not only to obtain relevant certifications at the highest system level, but also the same level of hardware and registration information for the machine. IEC 61508 specifies detailed hardware management and testing requirements for hardware. Therefore, writing safety-critical software to perform these functions is time-consuming and expensive, and is not easy to carry between devices.
Multiple CPUs-cost and space intensive
Under the single-channel architecture with a single microprocessor, the maximum safety integrity level will be limited to SIL 2. Therefore, SIL 3 or ASIL C / D systems and safety products are designed with multiple CPUs to handle self-tests and ensure redundancy. However, this solution is quite complex and expensive because it takes up a lot of PCB space, and the coverage is limited due to synchronization and transfer problems between the two CPUs. The new method is to add special external hardware blocks and use a software library executed on a standard dual-core 32-bit microprocessor to break through the specified media diagnostic scope (DC) limitations. This solution uses a single microprocessor to reduce development burden and raw material costs, and uses a smart safety concept with all relevant components (including the convenient self-test function developed according to IEC61508 / ISO26262) to quickly and reliably incorporate safety Related systems.
TriCore does not use an external second core to evaluate the malfunction of the microprocessor; TriCore already includes the TriCore CPU itself (microprocessor and DSP) and peripheral control processor (PCP) dual core (Figure 1), so no external second core is needed The core is to conduct a security assessment.
Figure 1 TriCore block diagram-PCP performs self-test function
Complete design kit
There are already different solutions on the market for building safety-critical applications. Although most leading suppliers provide related methods for automotive applications, related methods in other application areas, including industry, are still limited, and the development of available devices is often limited. Automotive systems are demanding strict safety requirements. Infineon leverages its extensive experience in this field to develop PRO-SIL safety products to meet the increasing demands of the industrial market with highly integrated safety solutions. Certified automotive solutions can be easily used by other applications, while providing a variety of devices. PRO-SIL is built on its 32-bit TriCore or 16-bit XC2300 microprocessor, and also includes the SafeTcore test library and CIC61508 safety monitoring chip (Figure 2). This construction has been fully verified and fully complies with the requirements of IEC 61508.
Figure 2 A safety-related system that uses TriCore as the main controller and uses a safety monitoring chip (watchdog) and SafeTcore test software library
TPU Screen Protector Material,TPU Screen Protector Raw Material,TPU Raw Material
Guangdong Magic Electronic Limited , https://www.magicmax.cc