Infineon watchdog chip pushes TriCore architecture to highest safety levels

April 28, 2011 // By Christoph Hammerschmidt
Infineon Technologies announced an intelligent Signature Watchdog for use along with the company's 32-Bit TriCore microcontrollers and the dedicated SafeTcore software. The device provides monitoring features compliant up to the highest risk level of functional safety according to the IEC61508 and ISO26262 automotive industry standards.

The CIC61508 is a safety watchdog which can be integrated into safety relevant applications such as Vehicle Stability Control (VSC), Electric Power Steering (EPS), airbag control, damping systems, and powertrain controls. The watchdog monitors the main microcontroller typically used in these types of embedded systems by providing features to detect common failure modes of clock, power supply and temperature related computational errors on the microcontroller.

Safety electronics is one of the key drivers for reducing road fatalities, as seen by an increasing trend for governments to legislate mandatory use of electronically controlled active and passive safety systems. Furthermore in areas such as EPS the safety aspects are also complemented by a reduction of fuel consumption to provide an overall improvement in vehicle energy efficiency and thus a reduction in CO2 emissions.

Safety Integrity Level (SIL, according to IEC61508) or Automotive Safety Integrity Level (ASIL, defined by ISO26262) specifies the necessary safety measures for avoiding unreasonable risk. There are four SIL (1-4) or ASIL levels (A-D) where D represents the most and A the least stringent level of a given safety function. To help customers efficiently reach the desired SIL certification, Infineon introduced its PRO-SIL safety products, which include SIL-supporting safety hardware, software and documentation. Key components of the Infineon safety solution are the TriCore-based microcontrollers, the dedicated SafeTcore software library, the new signature watchdog CIC61508, and a complete documentation.

Safety systems require an independent watchdog device which implements a robust monitoring channel for main microcontroller supervision in ISO26262 and IEC61508 compliant safety applications. The latest version of the ISO26262 part 5 defined that a coded window watchdog (normally SPI interface) is needed to meet ASIL C or ASIL D, which is a higher requirement than the simple pin toggle window watchdog used in less stringent applications. The Infineon CIC61508 serves as an independent diagnostic monitoring device to allow the safety relevant system to be ASIL-D approved.

Test features supported by