PXS20RM Datasheet, PDF(139/1368 Page) Freescale Semiconductor, Inc – PXS20 Microcontroller

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

PXS20RM Datasheet, PDF (139/1368 Pages) Freescale Semiconductor, Inc – PXS20 Microcontroller

◁

Chapter 7

Functional Safety

Functional Safety

7.1 Overview

This device offers a set of features to support using it for applications which need to fulfill functional safety

requirements as defined by safety integrity levels SIL3 of IEC61508 and other corresponding

certifications.. Also, the development processes and documentation of this device target these safety

standards. This device is considered a Type B subsystem (âcomplexâ, see IEC 61508-2, section 7.4.3.1.

Architectural constraints on hardware safety integrity) and is assumed to be used in a

âHigh-Demand / Continuous mode of operationâ safety mode (see IEC 61508-1, section 7.6.2,

âRequirementsâ).

7.2 Redundancy

The main approach used to achieve functional safety requirements is redundancy. Redundancy is applied

in different ways for different modules of this device:

â¢ Processing cores: When used for a safety critical application, the two redundant cores must be used

in lock-step mode. Any difference between the outputs of the cores indicates a fault and triggers

the according reaction to prevent propagation of the fault and to put the device into a Fail-Safe

mode.

â¢ Replicated peripherals, if safety critical for the application, have to be used in a redundant way by

the application software. Details are specified in the Safety Application Guide.

â¢ Non-replicated input peripherals, if safety critical for the application and not self-tested, have to be

read twice by the application software. Details are specified in the Safety Application Guide.

â¢ Non-replicated output peripherals, if safety critical for the application and not read-back, have to

be written twice by the application software. Details are specified in the Safety Application Guide.

7.3 Built-In Self-Test (BIST)

7.3.1 BIST during boot

A device BIST is performed every time a destructive or external reset occurs. The device provides full

reset conditions to the outside world while BIST is executed. The BIST is performed transparently for the

application while the device is still under reset. In case the BIST fails, the device is kept under reset.

Application software can only start to run when BIST finished successfully without detecting a fault. The

boot time BIST comprises:

â¢ Memory BIST for all RAMs and ROM

â¢ Scan-based Logic BIST for three partitions of digital logic (for the contents of the individual

partitions see hierarchy definition).

PXS20 Microcontroller Reference Manual, Rev. 1

Freescale Semiconductor

7-1

▷