EN 
DE 
Software and hardware developers appreciate the Safety Management Unit of the Aurix microcontrollers as an independent unit for error handling.
New regulations related to functional safety in both industry and the automotive sector are further driving the adoption of multicore systems like Aurix. On the one hand, manufacturers are responding to customer demands for greater integration to reduce system complexity and costs. On the other hand, this leads to increased efficiency in the implementation of safety-certified systems (IEC 65108, ISO 26262). Together with requirements from software specifications (e.g., AUTOSAR), many new opportunities for the use of multicore systems are currently emerging.
Lock-Step kernels automatically detect single-event effects.
Some embedded projects may require a strict separation and division into safety-relevant and non-relevant application units. ISO 26262, in particular, offers a good way to effectively utilize multicore systems with its ASIL decomposition concept. Appropriate partitioning helps to achieve this on multicore platforms with a high degree of efficiency.
However, fundamental safety principles such as redundancy remain relevant. These are implemented at the core level through resource duplication. So-called lock-step cores execute the same instructions as the "normal" core, albeit with a delay of a few clock cycles. If the results differ, a corresponding alarm signal is triggered, initiating the appropriate response. Single-event effects are automatically detected via this mechanism.
Easily configure write access to resources
Access control for shared resources is becoming increasingly important in such systems. If access is to be possible for all system elements in principle, performance must not suffer. If the other cores are slowed down over a long period, regulations and restrictions should be implemented as needed. For this reason, manufacturers have assigned identification numbers to the different cores and other authorized participants (e.g., DMA). Resources can be configured to allow write access only from explicitly authorized participants. Memory access also falls into this category. However, these are so critical that separate protection units are often implemented for them.
Safety Management Unit as an independent unit for fault handling
All potential alarms that can be triggered by such protective mechanisms are collected in a dedicated unit and processed further. In Aurix, this is achieved using the so-called Safety Management Unit. It serves as a central collection point for all safety-critical alarms. Depending on the configuration, it executes various error handling procedures.
Since such error handling should naturally not be performed on a potentially faulty unit (i.e., the processing core), the SMU is designed as an independent unit. Alarms can be handled individually, but this may not always lead to a successful outcome (safe state or partial shutdown, etc.).
For this purpose, the SMU also provides the option of a backup plan. This is linked to a timer running in the background, which triggers a system reset when it expires.
Bring your Aurix knowledge up to date and learn about modern safety concepts in the specially developed MicroConsult seminars. Aurix multicore microcontroller as well as in special Safety training. Register now!
Further information
MicroConsult expertise on the topic of microcontrollers
MicroConsult Training & Coaching on the topic of multicore
MicroConsult Training & Coaching on the topic of Safety & Security
