产品简介 Monitor IC (CIC61508) Vdd1 e.g. 5V Vdd2 e.g. 1.5V SPI Power Supply Reset Main CPU (TriCore™) TriCore™ 与CIC61508 强大的安全计算平台 英飞凌安全计算平台组件 需符合ISO26262和IEC61508标准的安全应用的实施需要通过一个独立可靠的安全监 测芯片来完成对主微控制器的有效监视工作来完成。 平台的可扩展性确保了最优的性 价比 因此,以微控制器为基础的安全系统必须由3个组件构成 主微控制器 带有强有力监测通道的独立监测芯片 支持安全软件 依靠它的安全计算平台, 英飞凌涵盖了所有所需要的3个组件: 32位TriCore™微控制 器, CIC61508即 一个独立的强大的监测芯片, 加上SafeTcore安全驱动软件库。 所有的3个组件都是被专门开发出来,为了有效地进行系统设施并快速地将应用产 品推向市场。 英飞凌安全计算平台的所针对的典型目标应用,通常是那些需达到高至IEC61508/ SIL3和ISO26262/ASILC-ASILD要求的应用。 支持SIL的主要特征: 带有多达3个可选安全控制路径的强有力的监测通道 –– 内部测试调度器/定序器 –– 电源监控 –– 系统关闭 监测处理器的功能以确保用户的过程监控软件能够正确运算 – 涵盖CPU,存储器和片内外设的自我测试软件 – 用户定义的应用程序测试的一体化路径 – 冗余的系统关机路径 独立的安全监控软件 – 任务监控(调度,定时保护) – 数据核查单元 给客户带来的利益 采用经实践证明了的、已在使用中的安全概念所设计的应用产品可以很快投放市场 全面的安全文件 任务监控时的低CPU负载可释放高达20%的CPU性能 智能的错误管理可避免错误报警并因此可以降低FIT率 [ www.infineon.com/sil ] AUDO MAX/TriCore™ 32位单片机 –– 高性能CPU核心与存储器保护 单元 –– 所有存储器(包括内存和闪存), 都 带有纠错码(ECC) –– 灵活的CRC引擎 –– 总线监控单元 –– 提供具有不同存储器大小、 性 能和封装的产品 CIC61508 –– 智能错误管理 –– 强有力的监测通道 –– 多达3个有关安全的启动/禁止 路径 –– 宽温度范围 (-40 to 140°C) –– 采用TSSOP- 38封装 SafeTcore安全软件库 –– 处理器监测及自我测试 –– 独立的安全监控软件 –– 与Tasking V5r2p3版本的编译器 相配合使用 –– 符合IEC61508标准的开发进程 –– 所需占用的内部存储器很少(典 型值是92KB ROM和4.6KB RAM) 产品简介 TriCore™ 与CIC61508 强大的安全计算平台 安全相关系统(SRS)结构框图 CIC61508 构框图 Safety-Related System (SRS) TriCore™ Dual-Core Microcontroller Peripheral Bus Output Peripherals Trigger Vdd1 e.g. 5V Reset Control Vdd2 e.g. 3.3V 32-bit MC e.g. TriCore™ SafeTcore CIC61508 Safety Monitor (watchdog) Safety Watchdog CIC61508 Voltage Monitors Error State Monitor Opcode Test Sequencer Control Logic SPI SSC Safe State Control Reset Path Control Safety Path Control NVM Appl. Main Switch Output Peripherals PCP Task Monitoring TC Task Monitoring Safety Applications Safety Driver 1) Power Supply Plausibility Checks of Control Loop Output Element Input Peripherals Input Peripherals Input Element Vbat CPU Opcode Test Sequence Config Chksum PCP 2) Safety Applications Safety Driver 1) DMA Control Loop Process Safety Process Time 1) SafetTcore Library 2) Peripheral Control Processor Actuator Software Component Notify SafeTcore Library Notify 安全软件实现结构框图 AUTOSAR Interface Application Software Component AUTOSAR Interface Actuator Software Component Actuator Software Component AUTOSAR Interface AUTOSAR Interface RTE (with built-in “protection layer”) Safety Functions Vbat CIC61508 Fail Safe Circuitry Published by Infineon Technologies AG 85579 Neubiberg, Germany © 2011 Infineon Technologies AG. All Rights Reserved. Visit us: www.infineon.com Order Number: B158-H9696-X-X-5D00 Date: 02 / 2012 Standardized Interface Standardized AUTOSAR Interface Standardized Interface AUTOSAR Interface AUTOSAR Interface Operating System BSW 1 Communication BSW ... BSW ? Standardized Interface Standardized Interface Standardized Interface Standardized Interface Standardized Interface SafeTcore Library (Safety Monitor) Basic Software PCP TriCore™ ATTENTION PLEASE! The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics (“Beschaffenheitsgarantie”). With respect to any examples or hints given herein, any typical values stated herein and/ or any information regarding the application of the device, Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind, including without limitation warranties of non-infringement of intellectual property rights of any third party. INFORMATION For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office (www.infineon.com). WARNINGS Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office. Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If they fail, it is reasonable to assume that the health of the user or other persons may be endangered.