Infineon watchdog chip pushes TriCore architecture to highest safety levels
The CIC61508 is a safety watchdog which can be integrated into safety relevant applications such as Vehicle Stability Control (VSC), Electric Power Steering (EPS), airbag control, damping systems, and powertrain controls. The watchdog monitors the main microcontroller typically used in these types of embedded systems by providing features to detect common failure modes of clock, power supply and temperature related computational errors on the microcontroller.
Safety electronics is one of the key drivers for reducing road fatalities, as seen by an increasing trend for governments to legislate mandatory use of electronically controlled active and passive safety systems. Furthermore in areas such as EPS the safety aspects are also complemented by a reduction of fuel consumption to provide an overall improvement in vehicle energy efficiency and thus a reduction in CO2 emissions.
Safety Integrity Level (SIL, according to IEC61508) or Automotive Safety Integrity Level (ASIL, defined by ISO26262) specifies the necessary safety measures for avoiding unreasonable risk. There are four SIL (1-4) or ASIL levels (A-D) where D represents the most and A the least stringent level of a given safety function. To help customers efficiently reach the desired SIL certification, Infineon introduced its PRO-SIL safety products, which include SIL-supporting safety hardware, software and documentation. Key components of the Infineon safety solution are the TriCore-based microcontrollers, the dedicated SafeTcore software library, the new signature watchdog CIC61508, and a complete documentation.
Safety systems require an independent watchdog device which implements a robust monitoring channel for main microcontroller supervision in ISO26262 and IEC61508 compliant safety applications. The latest version of the ISO26262 part 5 defined that a coded window watchdog (normally SPI interface) is needed to meet ASIL C or ASIL D, which is a higher requirement than the simple pin toggle window watchdog used in less stringent applications. The Infineon CIC61508 serves as an independent diagnostic monitoring device to allow the safety relevant system to be ASIL-D approved.
Test features supported by the CIC61508 and stored in its ROM include an internal opcode test scheduler/sequencer which generates a sequence of test requests with specific data and checks the response against a user defined table. Other monitoring functions include the capability of detecting undervoltage and overvoltage in up to four power supplies, capability to monitor up to eight parallel data comparisons and verification functions, an operating system task monitor to check the predefined dispatch sequence and execution budgets of critical tasks and three independent system control pins which can be used to bring the system under control into a safe state in a deterministic manner.
With its small TSSOP-38 footprint, the CIC61508 is a space saving and cost-effective option for supporting safety applications. Engineering samples of the CIC61508 for a wide ambient temperature range from -40 °C to 140 °C are available, with volume production planned for Q2 2011. The CIC61508 is supported by the SafeTcore software package featuring microcontroller core and peripherals tests to support functional safety applications according to IEC61508/ISO26262.
The 32-bit SafeTkit offered by the company Hitex Development Tools provides an introduction to the Infineon safety system for the TriCore microcontroller family by providing the heart of an ASIL-D/SIL3 capable platform in an easy-to-configure and easy-to-use format. The SafeTkit includes a TriCore evaluation board with the CIC61508 and the SafeTcore test library. Hitex also provides a complete tool chain including a TriCore compiler evaluation licence, a safety demonstration application and a test bench. A comprehensive set of documentation including safety manuals and quick start guide complete the safety kit. All the major safety features are available and can be reconfigured to assess their effect on system behavior and gain an understanding of the underlying concepts.
Further details on the new signature watchdog CIC61508 and the microcontroller portfolio of Infineon is available at www.infineon.com/CIC61508 and at https://www.infineon.com/microcontrollers. Safecore information and evaluation software are available for download at https://www.infineon.com/SIL