A typical hw infrastructure
using the faultRobust technology is composed
of a main fault supervisor for the CPU and a set of remote
supervisors, each one for a specified region of the system,
such as the memory, the bus and the peripheral sub-systems.
fRCPU
fRCPU is composed of a CPU Checking Unit
and a System Control Unit. The CPU Checking Unit checks
the instructions' execution, the program flow and the
data processing. It provides alarms to the System Control
Unit. The System Control Unit collects and synchronizes
all the alarms coming from the CPU Checking Unit and also
from remote fault supervisors.
Then, based on this information, it decides if the system
(CPU and peripherals) is in a wrong state and,
based on architectural safety requirements, it performs
actions such as flagging the Operating System, forcing
hw safe-state and so on. At start-up or at a given time,
it launches periodic diagnostic tests.
fRMEM
fRMEM is a family of configurable fault
supervisors for volatile or non volatile memory sub-systems.
Besides the use of Error Correction Codes, they add proprietary
techniques to fulfill the requirements of IEC 61508, to
enable the highest operating frequency, to avoid protection
degradation due to multiple errors and to reduce the memory
area overhead.
They are composed of the f-MEM block including all the
circuitry related to coding/decoding and the mce block
managing the way the bus interacts with the f-MEM. These
two blocks are designed to wrap any third-party memory
sub-system without modifications to the memory controller.
fRBUS
fRBUS is a family of configurable fault
supervisors for bus sub-systems. They consist of a set
of blocks (decoders, arbiters, checkers) monitoring
sources and sinks of the bus interconnect and providing
the information needed to control data integrity. If requested
by the criticality of the application, the supervisor
can be configured to be active: in case of failure of
one of the layers, it can re-connect the masters and provide
the needed arbitration.
fRPERI
fRPERI is a family of configurable fault
supervisors for peripherals such as Timers, GPIO, PWM,
ADC and DAC, SPI and so on. They implement a hardware
verification component: a subset of the protocol checks
and assertions used to verify a given interface are translated
into hardware constructs. A bist unit is included to inject
a pattern at the input of the peripheral or at its output.
This structure facilitates the test of MCU external paths
and it can be used in combination with boundary scan logic.
|
 |
|
