Seeing car safety design from Freescale's SafeAssure functional safety guarantee program

Just less than ten minutes after reading this article, more than 20 people around the world have left the world because of a car accident, and about 90% of them are from developing countries like China (data reference World Health Organization statistics) ). At the same time that cars benefit people, at a time when global technology is unprecedentedly developed, such a major public security threat caused by traffic accidents is a major tragedy for mankind.

This article refers to the address: http://


Since the birth of the car, people have not stopped pursuing the safe driving of cars. Passive safety measures such as the earliest seat belts and later airbags saved tens of millions of lives, and later developed ABS (Anti-lock Braking System), ESP (Electronic Stability Program), EBD (Electronic Brake Force Distribution System) ) Active safety features have greatly improved car safety. But despite this, traffic accidents are still one of the biggest causes of unnatural deaths.

1.jpg

Figure 1: World Health Organization statistics: Every year, 1.3 million people die from traffic accidents worldwide, and 50 million people are injured.


With the increasing complexity of the system and the large number of applications of software and electromechanical devices, the risk of traffic accidents due to system failures and random hardware failures is increasing. Therefore, in recent years, a new concept of automobile safety, safety prediction, has emerged. "At the "2012 Industry and Technology Outlook Media Seminar" held recently, Dr. Yolanda, Global Product Marketing Manager, Freescale Asia Pacific Automotive and Industrial Solutions Division, pointed out that "security prediction is some systems in the car." It can detect faults in real time, and can prevent and prevent faults before they occur. This is the concept of car function safety advocated by everyone. To this end, Freescale has introduced a safety assurance program called "SafeAssure" to help system manufacturers more easily meet functional safety standards in the automotive and industrial markets, and to significantly reduce development difficulties and shorten development cycles.

2.jpg
Figure 2: Evolution of automotive safety systems – functional safety based on security predictions.

From IEC61508 to ISO 26262, look at the safety evolution of automotive functions

Prior to the introduction of ISO 26262 in November 2011, the functional safety standards followed by the automotive industry were the basic safety standards for electrical, electrical and programmable devices, IEC 61508. However, as a general basic safety standard, the standard has many shortcomings for the particularity of the automotive industry, especially in the context of the increasing complexity of automotive systems in recent years. The ISO 26262 derived from IEC 61508 is tailor-made for the current automotive industry. In particular, ISO 26262's requirements for hardware R&D and software development are suitable for the current state of the art in the automotive industry.

The ISO 26262 standard determines the safety requirements level (Automotive Safety Integrity Level - ASIL) for a component of the system or system based on the degree of safety risk, with ASIL D being the highest level with the most stringent safety requirements. For system suppliers, these higher design requirements due to increased safety levels must be met.

Security events are always accompanied by the usual functions, quality-related R&D activities, and product production. ISO 26262 emphasizes all aspects of safety activities related to R&D activities and product production, and provides a life cycle concept for automotive safety, providing the necessary support during these life cycle phases. ISO 26262 covers the overall development process in functional safety, including planning, design, implementation, integration, verification, validation and configuration.

SafeAssure Security Program

Freescale's SafeAssure security program was first introduced in the industry two months before the introduction of ISO26262. “SafeAssure is a solution designed for functional safety standards in the automotive and industrial markets, helping companies streamline compliance processes, reduce development time and reduce complexity.” Yolanda noted, “Based on the SafeAssure functional security solution, vendors can easily implement ASIL- A to D and system safety standards for SIL-1 to 4 levels."

3.jpg

Figure 3: Freescale: Based on the SafeAssure functional security solution, vendors can easily implement system security standards from ASIL-A to D.

The SafeAssure protection solution covers the Freescale family of technologies, including microcontrollers, analog and power management ICs, and sensors. The SafeAssure security program provides support to vendors in four areas, including:

Safety Process: Selecting products that are defined and designed to meet the requirements of each standard, making functional safety an integral part of the product development process.

Safety hardware: Fault control is achieved through built-in safety features in Freescale microcontrollers, power management ICs and sensors such as self-test, monitoring and hardware-based redundancy. Freescale's automotive analog device solutions provide additional system-level security features, including checking microcontroller timing, voltage, and fault management.

Security Software: Comprehensive automotive functional safety software products, including AUTOSAR OS, MCAL, driver and kernel self-test capabilities, and partner with leading third-party software providers to deliver more security software solutions.

Security Support: Freescale leverages its extensive technical capabilities to provide customer training and system design reviews related to functional safety architecture, as well as extensive security documentation and technical support.

The main goal of SafeAssure is to simplify and simplify. In order to simplify the analysis of failure failures, Freescale also provides an important analysis tool - Failure Mode, Effect and Diagnostic Analysis (FMEDA). This tool analyzes the customer's entire data, and the final result is not Meet the requirements required for functional safety. The FMEDA tool helps customers calculate the final functional safety results based on their application, enabling the SafeAssure solution to simplify functional safety design.

See the functional safety mechanism from MPC5643L microcontroller

Yolanda pointed out: "The concept of hardware security is primarily achieved by detecting and eliminating random hardware failures, using built-in security mechanisms, including self-test, monitoring, and hardware-based redundancy." Vendors can take advantage of Freescale microcontrollers The functional safety mechanisms built into the power management ICs and sensors enable effective fault control to achieve functional safety design requirements in the target market.

Functional safety design needs to be predicted for possible functional failures, including single point failures, potential failures, and common cause failures. In accordance with ISO 26262's highest level of ASIL D, the system is designed to detect single point failure efficiencies greater than 99%, with potential failure detection exceeding 90%. For example, if a system's hourly failure rate is less than 10-8, then the hourly failure rate of the drop to the microcontroller must be less than 10-9. "In our MCU design process, the process is more rigorous and the error probability is smaller." Yolanda said, "The MPC5643L is a single-chip product from Freescale for functional safety. The design of this product embodies the functional safety design concept."

Redundant design is one of the effective measures to effectively improve system failure safety. The MPC5643L fully utilizes redundant design to ensure strict functional safety standards. The MPC5643L uses a dual e200Core core lockstep mode of operation, with one core operating while the other core is monitoring. In addition, the MPC5643L is redundant with major modules such as watchdog timers, memory-related control units, buses, and peripherals. Moreover, in order to prevent single point of failure, the MPC5643L's built-in flash memory also has automatic error correction.

Usually, many systems start to work normally, but after a few years, some failures may occur due to external factors. This is the concept of potential failure, and functional safety design needs to consider potential failures. "In the past, the prevention of potential failures was implemented by software. Every time the software resets the microcontroller, all the memory or logic will be checked once. In the MPC5643L, the verification function is implemented by hardware, that is, built-in self-test. This is a very important requirement for functional safety of the MCU. This self-test function can achieve more than 90% error coverage of memory or logic and peripherals," Yolanda pointed out.

In addition to this, it is necessary to consider the common cause failure. “What is the common cause failure? For example, the clock will provide a lot of modules, and the voltage will be supplied to the entire microcontroller. In addition, temperature is also an important consideration. If the temperature of the chip is too high, it may cause the chip. Failure.” Yolanda explained the definition of common cause failure. “These common cause failures need to be detected. The MPC5643L has detection of clock, voltage and temperature.” From the perspective of cost considerations and application environment, the microcontroller does not have the usual application. Temperature sensors These are functional features that take into account common failures.

In addition, the MPC5643L also integrates a CPU-independent error collection and response module (FCCU). The module is also independent of the CPU on the clock. It can operate completely independently, collect these errors and respond accordingly. Measures. This function module is also not available in traditional microcontrollers.

4.jpg

Figure 4: The functional safety processor MPC5643L takes full advantage of various fail-safe mechanisms such as hardware redundancy design.

Summary of this article

According to Yolanda, the current security predictions based on functional safety have matured in developed markets such as Europe, the United States and Japan. Many related products are about to be introduced into the market, and they are just beginning to take off in China. As a landmark application for safety prediction, the Advanced Driver Assistance System has entered the development process of many high-end vehicles. For example, Freescale offers a complete range of solutions for advanced driver assistance systems, including rear view parking assistance, panoramic assistance, foreground safety predictions (lane departure warning, automatic cruise systems, etc.). In fact, many of the world's leading automotive semiconductor solution providers are targeting high-level driver assistance systems, and the widespread use of functional safety-based vehicle safety predictions is just around the corner.

Line Fittings are metal parts used to connect transmission line towers, conductors, lightning wires and insulators, or protect conductors, lightning wires, insulators and so on. They are usually made of cast steel and malleable iron. The Line Fitting shall be of sufficient mechanical strength and shall have good electrical properties for the fittings that connect the conductor. According to its performance and use, can be broadly divided into: Suspension Clamp, Strain Clamp , Link Fitting , Splicing Fitting, Protective Fitting,Guy Wire  Fitting.

Line Fitting

Line Fittings,Pole Line Hardware,Electric Line Accessory,Overhead Line Hardware,Overhead Line Hardwares,Pole Line Hardwares

Jiangsu Chuandu Electrical Technology Co.,Ltd. , http://www.cdepf.com