November 17
28
S
afety
& S
ecurity
application. Developing a safety application
or system requires special attention to these
devices. But how deeply can developers, safety
consultants or programmers understand the
behaviour of an MCU? Plausibility checks
of output data, watchdog usage, test calcula-
tion, cyclic notifications, software diversity for
checks and much more are widely used safety
mechanisms that are integrated to guarantee
the correct operation of an MCU. Also, sim-
ply redundant MCUs are used performing
the same operation; then the output data of
both is compared to be equal. This hardware
redundancy reduces the risk of a failure dras-
tically without understanding the detailed
MCU operation. In the end these are all quite
good safety mechanisms. But unfortunately,
from a safety analysis point of view this might
be not sufficient. To develop a high-quality
safety system a deeper understanding is man-
datory to get realistic values of failure rates
and safe failures. This is not only important
to develop a hard deterministic safety appli-
cation. Furthermore, it is mandatory regard-
ing the different safety standards. For a safety
qualification and classification real figures
and values are needed as proof.
Detailed knowledge of the hardware is man-
datory to develop a complex high performing
safety application. This is even more true for
complex devices like MCUs, where develop-
ers and external experts have a very limited
insight. This is the moment when the MCU
vendor needs to come into play. Optimally,
a silicon vendor can provide FIT (Failure in
Time) rates for the function blocks of the
MCU. The silicon vendor therefore has to do
a detailed MCU hardware safety analysis. This
costs money and time but gives the customer –
the final application developer – the best basis
to make a solid failure probability calculation.
Alternatively, the MCU vendor can also pro-
vide raw data e.g. chip area of function blocks.
With this data and usage of common used
formulas from standards (e.g. from IEC62380,
SN 29500) FIT values can be estimated.
In addition to the theoretical values, a big
MCU vendor can also record field data. A
detailed analysis of faulty devices which are
returned from the field can give additional
information regarding permanent failures.
At this point it should be noted that modern
MCUs rarely show random damages apart
from those caused by wrong operation condi-
tions. Beside the supplying this safety related
data, the MCU vendor may also offer solu-
tions that support the final safety application
development. This can be self-test software as
for example is the case for the Renesas Safety
Solution. This Safety Solution Package sup-
ports devices from Renesas RX MCU series.
This self-test software which tests the CPU,
RAM, and ROM could also be developed by
an external software developer. Key is that
the MCU manufacturer owns the design data,
and therefore the coverage of the self-test
software can be measured. By inserting dis-
crete logical failures to the real MCU netlist
and proofing the software detection of these
logical failures the absolute coverage of a self-
test software can be determined. This is not
possible without the extensive chip design
information. External core self-test software
developments similar to the early versions of
the Renesas self-test software do normally not
reach a sufficient diagnostic coverage. During
the development of the Renesas core self-test
software, multiple test and improvement runs
are therefore done to reach the target of more
than 90% fault coverage. Such proven results
help not only safety application development,
they make the final certification process easier.
This example shows on the one hand that a
lot of effort is necessary to develop a highly
efficient Functional Safety software especially
self-test software. On the other hand it points
out how important the support of an MCU
manufacturer can be.
As said in the beginning, safety system devel-
opment is very complex exercise, and in the
future applications will become even more
complex. Therefore, it will be very import-
ant to build up an application piece by piece
with prepared Functional Safety considering
hard- and software modules. Ideally the parts
come with a certification. Though every appli-
cation is different the usage of modular safety
components, hard- as well as software, is a
less extensive workload for safety developers.
In the future, component manufacturers will
play a decisive role especially MCU vendors.
Application developers will need support to
get high-end functional safety systems. Addi-
tionally, they can accelerate the development
and save a lot of engineering costs.
n
Cadence: Xcelium logic simulation
technology for Arm-based servers
Cadence Design Systems and Arm announced
early access to the Cadence Xcelium Par-
allel Logic Simulation on Arm-based serv-
ers, providing a first-of-its-kind low-power,
high-performance simulation solution for the
electronics industry. Prior to manufacturing,
verifying that SoC designs function correctly
is a massive task accounting for over 70 per-
cent of the EDA compute workload, and is a
key driver for growth and transformation of
the datacenter.
Express Logic: X-Ware IoT platform to
enhance device connectivity in smart
home automation
Express Logic announces that its Industrial
Grade X-Ware IoT Platform will soon include
support for the Thread networking protocol.
Created by the Thread Group, Thread is a
reliable, low-power, secure, and scalable mesh
networking solution that provides a founda-
tion on which any application layer can run.
Designed for devices and things that reside in
the places where people live and work, Thread
is an IPv6 networking protocol built on open
standards for low-power 802.15.4 mesh net-
works, which easily and securely connect hun-
dreds of devices to one another and directly to
the cloud without draining battery life or one
single point of failure.
LDRA streamlines automation for
software safety and security compliance
management
LDRA announced enhanced automation
capabilities in the LDRA tool suite that will
save time and money for those companies
that must adhere to and prove compliance
with functional safety and security stan-
dards. This unprecedented level of automa-
tion streamlines compliance by providing the
infrastructure for transparent and auditable
development workflows necessary in indus-
tries such as automotive (ISO 26262), medi-
cal devices (IEC 62304), industrial controls
(IEC 61508), nuclear energy (IEC 60880), and
aerospace (DO-178) and defense (DEF-STN
00-55).
Keysight: lightweight integrated
handheld RF and microwave analyzer
Keysight Technologies announced new
enhancements for its FieldFox handheld RF
and microwave analyzers. FieldFox analyzers
now connect to Keysight’s 89600 VSA soft-
ware, the industry’s leading toolset for signal
demodulation and vector signal analysis. The
FieldFox to 89600 VSA link provides a pow-
erful combination of hardware and software
for design and troubleshooting of devices
using signal formats, including APCO-25 and
TETRA for public safety radio, IEEE 802.11p
for wireless vehicular communications, low-
power wide area networks and other formats
for the IoT, cellular communications includ-
ing LTE, WCDMA and GSM.
Product News
