Signature Watchdog supports ASIL-D Safety Applications
Infineon Technologies today announced its intelligent Signature Watchdog CIC61508. In combination with the company’s powerful 32-Bit TriCore microcontrollers and the dedicated SafeTcore software, the CIC61508 can provide monitoring features compliant up to the highest risk level of functional safety according to the IEC61508 and ISO26262 automotive industry standards.
The CIC61508 is a safety watchdog which can be integrated into safety relevant applications such as Vehicle Stability Control (VSC), Electric Power Steering (EPS), airbag control, damping systems, and powertrain controls. The watchdog monitors the main microcontroller typically used in these types of embedded systems by providing features to detect common failure modes of clock, power supply and temperature related computational errors on the microcontroller. With its small TSSOP-38 footprint, the CIC61508 is a space saving and cost-effective option for supporting safety applications.
Safety electronics is one of the key drivers for reducing road fatalities, as seen by an increasing trend for governments to legislate mandatory use of electronically controlled active and passive safety systems. Furthermore in areas such as EPS the safety aspects are also complemented by a reduction of fuel consumption to provide an overall improvement in vehicle energy efficiency and thus a reduction in CO2 emissions.
Safety Integrity Level (SIL, according to IEC61508) or Automotive Safety Integrity Level (ASIL, defined by ISO26262) specifies the necessary safety measures for avoiding unreasonable risk. There are four SIL (1-4) or ASIL levels (A-D) where D represents the most and A the least stringent level of a given safety function. To help customers efficiently reach the desired SIL certification, Infineon introduced its PRO-SIL safety products, which include SIL-supporting safety hardware, software and documentation. Key components of the Infineon safety solution are the powerful TriCore-based microcontrollers, the dedicated SafeTcore software library, the new signature watchdog CIC61508, and complete documentation.
Safety systems require an independent watchdog device which implements a robust monitoring channel for main microcontroller supervision in ISO26262 and IEC61508 compliant safety applications. The latest version of the ISO26262 part 5 defined that a coded window watchdog (normally SPI interface) is needed to meet ASIL C or ASIL D, which is a higher requirement than the simple pin toggle window watchdog used in less stringent applications. The Infineon CIC61508 serves as an independent diagnostic monitoring device to allow the safety relevant system to be ASIL-D approved.
The test features supported by the CIC61508 and stored in its ROM include an internal opcode test scheduler/sequencer which generates a sequence of test requests with specific data and checks the response against a user defined table. Other monitoring functions include the capability of detecting undervoltage and overvoltage in up to four power supplies, capability to monitor up to eight parallel data comparisons and verification functions, an operating system task monitor to check the predefined dispatch sequence and execution budgets of critical tasks and three independent system control pins which can be used to bring the system under control into a safe state in a deterministic manner.
Engineering samples of the CIC61508 in TSSOP-38 packages with a wide ambient temperature range from -40 °C to 140 °C are available, with volume production planned for Q2 2011. The CIC61508 is supported by the SafeTcore software package featuring microcontroller core and peripherals tests to support functional safety applications according to IEC61508/ISO26262. An evaluation version of the SafeTcore software is available for download.