TOSHIBA ANNOUNCES IMPLEMENTATION OF NEW FUNCTIONAL SAFETY CONCEPT ON MCU FOR SIL3/ASILD LEVEL APPLICATIONS

ARM Cortex™-M3 MCU has been specified, designed and analyzed in accordance with functional safety norms IEC61508 and ISO26262

Düsseldorf, Germany, 18th January, 2010

Toshiba Electronics Europe (TEE) has announced a microcontroller that can be certified to Safety Integrity Level 3 (SIL3) and Automotive SIL D (ASILD) while significantly reducing associated system cost and performance overheads. The Toshiba SIL3/ASILD implementation delivers a more costeffective solution than alternative methods owing to the fact that it has a smaller chip size, smaller program requirement and better performance than conventional dual-core lock-step methods. It is based on a hardware architecture that reduces both effort of safety mechanisms and their detection latency. Detailed diagnostic information and the ability to configure the reaction according to the severity of the error allow new system concepts to be implemented targeting higher availability.

TEE worked closely with YOGITECH SpA, a company specialized in functional safety, and utilized YOGITECH’s fRMethodology based assessment flow and library of Intellectual Properties (fRIPs) in its solution. Approved by TÜV SÜD, the fRMethodology is a “white box” approach and it was used to do functional safety analysis and safety-oriented exploration of the Toshiba Target microcontroller unit (MCU) in compliance with IEC 61508 or ISO 26262.
The MCU was split into sensitive zones, failure rates were computed and used to calculate safety metrics (for example, to compute the diagnostic coverage) and to decide chip architecture. A detailed validation was done by using fault injection. The fRIPs, certified by TÜV SÜD, are small hardware supervisors designed with architectural and functional diversity with respect to the MCU sub-block (e.g. CPU, memory) that they supervise. Further peripheral functions on the chip are monitored by Toshiba’s own hardware diagnostic circuits.

Functional safety related system components generally employ duplicated CPU cores (homogenous redundancy): a “mission” core to run the application software and an identical “monitor” core to guard the system against dangerous faults in the mission core. A conventional dual-core lock-step SIL3/ASILD approach has to add further protective features, such as a guard ring, separate supply voltage, synthesis and timing diversity, which increase
the chip and program size significantly and impact the system performance. Moreover, homogenous redundancy is very much prone to systematic faults.

The fRMethodology enabled YOGITECH to identify critical zones in the mission core, allowing the specification of a monitor core that executes the same instructions as the mission core while excluding unnecessary operations. This process led to the implementation of a diverse and optimized monitor core (the fRCPU), eliminating unnecessary hardware overheads, avoiding systematic faults and also significantly reducing the possibility of common cause failures. The fRCPU version implemented by Toshiba in the MCU is for the ARM Cortex-M3 and it has a gate count up to 58% smaller than is used for the mission core.

The run-time supervision guaranteed by fRCPU hardware leads to high diagnostic coverage for transient faults while the short detection latency (achieved thanks to a dedicated interface between the ARM Cortex-M3 and fRCPU) allows fail operational reactions. There are also special measures on chip to avoid latent faults; for example through built-in self test of supervisor circuits or “scrub and repair” function against bit-flips in memories.
The Toshiba TSB-TC SIL3/ASILD test chip is available now for evaluation by selected partners. It has received Technical Report I from TÜV SÜD for SIL3 functional safety operation. In addition to typical automotive peripheral functions like FlexRayTM and CAN, it offers an operating temperature range of minus 40 to plus 125 degrees Celsius.

[...]

Read the full text of press release also in Italian, German and French at www.toshiba-components.com/pressoffice/PubPRList.asp#5937

--

ABOUT YOGITECH
YOGITECH is a company with proven experience in System-on-Chip (SoC) , Mixed-Signal design & verification and fault-tolerant integrated circuits.
Based on its recognised expertise in IEC61508 and ISO26262, YOGITECH offers faultRobust (www.fr.yogitech.com), a combination of IPs and methodologies to build and assess fault tolerant integrated circuits.

CONTACT
Alessia Bandini
YOGITECH SPA
Public Relations
alessia.bandini@yogitech.com