登陆
注册
Safety: SEooC introduction 03
来源:公众号“汽车安全前瞻研究”
2020-05-25
1953
[Author]
Renhong WENG, AI safety and security investigator
This week, we discuss more about further in the NXP S32R37 microcontroller.
FIRST: Preliminary safety requirement
| ASIL | ID Functional Safety Requirement | Functional Safety Requirement | Safe state | FTTI |
| B | FSR_04_01_02_04_01 | S32R37 Radar microcontroller shall have mechanisms for monitoring surroundings and not trigger unexpected disengagement commands | HDL-64E-S3 microcontroller | etc |
| B | S32R37_01 | S32R37 Radar microcontroller shall have mechanisms for monitoring surroundings | HDL-64E-S3 microcontroller | etc |
Second: system safety blocks
For the requirement allocation into S32R37_01, we have the blocks:
https://mp.weixin.qq.com/s?__biz=Mzg5NTIwMTEzOA==&mid=2247484120&idx=1&sn=343cebbc48b87ea515cf8b149ed06921&chksm=c012b8c5f76531d31c00e66803ee1b465ba22d53a51db5ab12356e5adc0e81d0e201619305d7&token=146087099&lang=zh_CN#rd
| ID Functional Safety Requirement | Functional Safety Requirement | Safe state | FTTI |
| FSR_04_01_02_04_01 | S32R37 Radar microcontroller shall have mechanisms for monitoring surroundings and not trigger unexpected disengagement commands | HDL-64E-S3 microcontroller | etc |
| S32R37_01 | S32R37 Radar microcontroller shall have mechanisms for monitoring surroundings. | HDL-64E-S3 microcontroller | etc |
| S32R37_02 | S32R37 Radar microcontroller shall continuously sampling signals and feedback from surroundings, per 1ms | S32R37 Radar | etc |
| S32R37_02_AoU_01 | Assumed that Radar processing platform shall configur the decent signal processing tool. | Radar processing platform | etc |
| S32R37_02_AoU_02 | Assumed that Radar processing platform shall adopt decent radar accleration factors, and put decent processing threshold as requisite. | Radar processing platform | etc |
| S32R37_02_AoU_03 | Assumed that Radar processing platform shall schedule tasks and algorithm process on time, and with the exceptional handler cooperate in tasks allocation | Radar processing platform | etc |
| S32R37_02_AoU_04 | Assumed that In Specialty, radar processing platform shall cooperate with MMU and MPU for DMA functionality, supposing the training AI sets storaged in remote devices | Radar processing platform | etc |
| S32R37_03 | S32R37 Radar microcontroller shall have some storage places for temporal back up perception data storage, and restore to draft value if present value or perception process corrupted | Memory | etc |
| S32R37_03_AoU_01 | Assumed that Memory shall have ECC functionality to self-diagnosed and corrected when single bits error occurs | Memory | etc |
| S32R37_03_AoU_02 | Assumed that Memory block shall have other mechanisms to self-diagnosed if whole Memory blocks has problems | Memory | etc |
| S32R37_03_AoU_03 | Assumed that Memory block shall have various types of storage, in combination of EEPROM, RAM, ROM, and flash. | Memory | etc |
| S32R37_04 | Self tests and BISTs, even the HW pattern tests shall have to be applicable into memory fault detection | Memory | etc |
| S32R37_05 | S32R37 Radar microcontroller shall have appropriate power management system internally | System & Safety | etc |
| S32R37_06 | S32R37 Radar microcontroller shall have fault tolerance design technology if PMU failure happens | System & Safety | etc |
| S32R37_07 | Matched with Radar processing platform, oscilliation and PLL shall have decent frequency when in main chip | System & Safety | etc |
| S32R37_08 | Temperature status shall be measured by T-sensor | xxx | etc |
| S32R37_09 | For safety data stored in DMA, we shall design extra measures to mitigate, control, and avoid hazards | xxx | etc |
| S32R37_10 | Assumed that debug shall have special safety development mode and tunnel to perform | xxx | etc |
| S32R37_11 | For analog input, we shall have the BIST integrated in SAR ADC | xxx | etc |
| S32R37_12 | SECDEC functionality shall be used to detect the safety behaviour in Module CSE2 | xxx | etc |
| S32R37_13 | Assumed S32R37 DMA will have lockstep mode | xxx | etc |
| S32V234_Safety_Manual_01 | Assumed the S32R37 willl have similar safety mechanisms compared with Image processing units APEX2. | xxx | etc |
| S32V234_Safety_Manual_02 | Assumed the FCCU/FOSU & CRC have good performance in integrity ensurance, and failure report handling | xxx | etc |
| S32V234_Safety_Manual_03 | communications of Ethernet, CAN, Flexray, SPI, etc shall have enough robustness, and safety considerations | xxx | etc |
| S32R37_14 | Assumed the XBAR E2E shall have ECC functionality | xxx | etc |
| S32R37_15 | Assumed the CPU platform shall have enough safety considerations | xxx | etc |
Above requirements will can applied into Chip itself partially, and then we will dig out into NXP S32V234 safety manual as example in the next articles.
[Reference]
S32V234_Safety_Manual
收藏
点赞
- 用户评论
2000
评论
