Currently, the electronic and electrical architecture of automobiles is becoming increasingly complex, and the safety requirements for automotive electronics are also rising. To meet the safety requirements of automobiles, functional safety is gaining more attention. When it comes to functional safety, the first thing that comes to mind is the functional safety standard ISO 26262. In particular, ISO 26262-5(2018) Clause 8 introduces two metrics: Single-point fault metric (single-point fault metric) and Latent-fault metric (latent fault metric). Depending on the required ASIL level, the single-point fault metric and latent fault metric must meet the corresponding levels.

For microcontrollers (MCU, referred to as MCU below), within the electronic and electrical system, they are designed and developed as SEooC (safety element out of context). To meet the aforementioned metric requirements, MCUs need to implement corresponding safety mechanisms. These safety mechanisms can be allocated to both hardware and software modules. The Safety Frame safety library for MCUs is the implementation of safety mechanisms allocated to software.

1.Product Feature

Ø  Can be integrated as a complex driver into AUTOSAR.

Ø  Can be integrated into non-AUTOSAR software architectures, with flexible adaptation.

Ø  Supports multi-core testing and application.

Ø  Safety Frame has internal program flow monitoring.

Ø  High scalability: Each module can be configured to meet the application requirements of different customers.

2.Configuration Tool

During the operation phase, to meet the varying project requirements of customers and enhance the extensibility of SafetyFrame, the RH850F1KM SafetyFrame has implemented configurable modules and has developed a configuration tool for SafetyFrame. Customers can complete the configuration of various SafetyFrame modules according to different requirements using the configuration tool, generate configuration code files, and integrate the generated configuration files into the project.

3.Run Phase

Ø  PreRun Phase

This phase involves testing the safety mechanisms of the MCU, which is generally conducted before the OS starts up.

Ø  Run Phase

This phase takes place during task execution, while the OS is running, and some of the MCU's safety mechanisms are tested during this phase.

4.Process Documentation

The RH850F1KM SafetyFrame is designed to assist customers in achieving functional safety requirements based on the RENESAS RH850F1KM platform. The SafetyFrame is highly scalable and can be configured and redeveloped according to different customer project requirements, ultimately meeting the functional safety requirements of the customers.

The RH850F1KM SafetyFrame is used to implement software safety mechanisms for the RH850F1KM series, including fault testing of internal MCU modules and the driving functions of hardware safety mechanisms.

The RH850F1KM SafetyFrame can be applied to controllers that have functional safety level requirements. For example:

Ø  Battery Management System (BMS)

Ø Advanced Driver Assistance Systems (ADAS)

ØSmart Gateway Controller (Gateway)

Ø  Intelligent Braking System (iBooster)

Ø  Vehicle Stability Control (ESC/Onebox)

Ø  Electric Power Steering (EPS)

Ø  Body Control Module (BCM)

Ø  Engine Management System (EMS)

Ø  Chassis Domain Control System Applications

Ø  Regional Controllers

By integrating the Safety Frame into RH850F1KM-based controls, it is possible to meet the ISO26262 ASIL-D level requirements.

Software Architecture

Implemented functional modules:

Safety Mechanisms Satisfied in the RH850F1KM Safety Application Note:

Note: Safety mechanisms highlighted in color are implemented by the BIST module.

Functional Safety Certificate

ISO26262 ASIL D Certificate

Certificate

Zc.Muniu Software Copyright Registration Certificate

Zc. Muniu Software Product Registration Certificate

Click to download the product manual