August 15, 2020
From autonomous robots to life-critical medical equipment to intelligent transportation, a large number of industrial designs are affected by functional safety technology. Components with functional safety include CPU, SRAM and flash memory chips. With safety-certified components, system developers can prove the claimed specific safety integrity level (SIL).
MCU supporting functional safety
Functional safety is a complex and time-consuming task that developers often have to solve in industrial design. A good example is a system that handles the interaction between robots and humans. To design a system in accordance with the latest functional safety specifications, it is not only necessary to interpret stringent standards, but also to choose third-party software support.
In such an example, the dual MCU configuration can achieve simple safety verification while using diagnostic software. Therefore, embedded designers will not need to develop MCU-specific functional safety software.
Renesas Electronics' RX series microcontroller is an example. This series of microcontrollers is compatible with the IEC60730 functional safety standard and can help achieve fail-safe operation in the industrial equipment it serves. Most importantly, Renesas recently added IEC61508SIL3 certified functional safety software to its RX series MCUs. This new security feature will provide services for all Renesas MCUs based on the company's RXv2 core.
The functional safety solution comes with the SIL3 system software suite, which has a mutual diagnosis function (on the premise of a dual MCU structure) and realizes software isolation between safety and non-safety functions (Figure 1). The dual-structure MCU design is built around RX71M and RX651 microcontrollers.
Figure 1: Renesas claims to obtain the world's first SIL3 certification by performing mutual diagnosis in a dual MCU architecture. (Image source: RenesasElectronics)
Another microcontroller that provides the functional safety capabilities required by industrial applications is the HerculesRM57Lx from Texas Instruments. Using this device, designers can easily and quickly comply with the IEC61508 standard, and provide a variety of safety features for various industrial applications such as aviation anti-skid, programmable logic controller (PLC), motors and drives, and railway signals.
RM57Lx microcontrollers are based on the safety features of HerculesMCU, with single-bit error correction and double-bit error detection, and the instruction and data cache and selected peripheral RAM buffers use error correction code (ECC).
Functionally safe flash memory
Functional safety is usually associated with automotive design, but as shown in the MCU example above, it is also highly related to industrial design, especially industrial equipment that runs 24/7/365. In view of this, flash memory must be seriously considered because it is another key building block in mission-critical industrial systems. It must also comply with applicable functional safety standards. In industrial design, this requirement pushes flash memory to the forefront to provide secure storage and reliable access to complex system codes and algorithms.
Some flash memory architectures have multiple partitions that are independently optimized to achieve high endurance and long-term data retention. High durability and data retention are essential to protect industrial designs from system failures.
For example, CypressSemiconductor’s Semper™ NOR flash memory is built around the company’s EnduraFlex architecture (Figure 2). At extreme temperatures of -40°C to +125°C, its durability exceeds one million program/erase cycles, and the data retention period is at least 25 years. For frequent data writing, the EnduraFlex architecture provides a configurable partition. The 512Mb density part can provide up to 1.28 million program-erase cycles, and the 1Gb part can provide up to 2.56 million program-erase cycles.
Figure 2: The block diagram of the SemperNOR flash memory architecture highlights the embedded functional safety and reliability building blocks. (Image source: CypressSemiconductor)
SemperNOR flash memory provides SafeBoot and error correction features to ensure safe and reliable industrial operation. In addition, it can generate embedded ECC during memory array programming, thus also supporting single ECC and dual ECC. Please note that MCU supplier NXPSemiconductors uses SemperNOR flash memory in its industrial MCU products.
Functional safety toolset
This is the last part of the puzzle-a tool set for safety-critical industrial systems and equipment. Now, the tool set serving industrial embedded systems is catching up with the trend of functional safety.
The number of embedded systems with functional safety requirements is steadily increasing, and at the same time, the demand for safety analysis tools is also increasing. Such tools can run on functional safety certified components and analyze common faults and other issues.
Quantitative analysis techniques such as failure mode impact and diagnostic analysis (FMEDA) can help determine the effectiveness of components (such as MCU safety integration). Then, there are diagnostic software tools that can fill the gap between hardware security measures and established security requirements.
For example, Renesas has been using IARSystems' certification tool suite to develop diagnostic software for embedded applications. As shown in Figure 3, IAREmbeddedWorkbench for RXMCU includes a high-performance compiler and debugger, which has been integrated into an easy-to-use integrated development environment (IDE).
Figure 3: This figure shows how IAREmbeddedWorkbench facilitates the development of safety-related software for RenesasRX microcontrollers. (Image source: IARSystemsSoftware)
In order to improve the reliability of industrial design, the tool set used to verify safety-critical systems can only focus on relevant safety aspects. The tool set usually comes with rich graphic content as well as warning indicators and text.
The most important thing is that safety design must be "soft and hard." Fortunately, both parts are now available to developers.