Embedded basics Part 2: ISO 26262 functional safety for MCUs

Functional safety, a critical requirement in automotive applications, addresses catastrophic failures from data corruption by attaining Automotive Safety Integrity Levels (ASILs) as per ISO 26262 standard.

Contrary to the common perception that only large and powerful system-on-chips (SoCs) incorporate functional safety built around the ISO 26262 standard, MCUs for the next-generation car architectures are increasingly integrating functional safety capabilities. They are part of new software- and data-oriented architectures and deliver real-time performance mandated by domain controllers in drivetrain, chassis, and advanced driver assistance systems (ADAS).

Microcontrollers can run embedded software solutions to address ISO 26262 requirements for road vehicles by incorporating CPUs with lockstep mechanism and large non-volatile memory capacity divided into multiple partitions for deterministic real-time computing. Another feature that enables MCU to facilitate functional safety features is virtualization, which helps run multiple software components on a single MCU without interfering with each other.

Below is a brief description of the features and capabilities that enable MCUs to offer functional safety.

CPU lockstep

The lockstep mode provides an environment for redundant processing and calculations to facilitate functional safety diagnostics. Microcontrollers with multiple cores offer lockstep capabilities to provide acceleration for functional safety features like self-diagnostic fault detection.

The integration of multiple ECUs on a single MCU to support multiple functions is leading to multi-core MCU configurations. These multi-core MCUs provide application-specific acceleration as well as facilitate lockstep capabilities.

Non-volatile memory

Likewise, ample on-chip non-volatile memory frees MCUs from delays of non-integrated memories and helps ensure precise and deterministic control for real-time applications like motor control.

Abundant memory content facilitates instant access to safety-critical operations such as hybrid powertrain and thus ensures maximum reliability. A robust memory is also critical as it allows frequent data writes and ensures protection against failures resulting from data corruption.

Many MCU suppliers are increasing the flash memory content to accommodate software components with varying safety integrity levels, and thus ensure that they can operate independently. And some MCU vendors are introducing new memory technologies like phase-change memory (PCM).

MCU virtualization

The functional safety-ready MCUs are also employing hardware-based virtualization techniques to boost diagnostic coverage. These MCUs equipped with ample memory content boost real-time responsiveness compared to software-based hypervisors that take more processing time to change between CPU states and deliver interrupts.

Testing and certification

Microcontroller makers are also taking steps to simply testing and diagnostics as well as functional safety certification to optimize the cost of implementing automotive safety features. That allows automotive designers to save time and costs while complying to the ISO 26262 standard.

Some MCUs are even adding the built-in self-test (BIST) functionality for fault detection, and that allows MCUs to perform self-diagnostics while still running. The BIST functionality also enables MCUs to avoid disturbing a CPU processing period; the MCU can perform self-diagnostics in the period between when the MCU enters the standby state and when it resumes action.