Logic & Memory BIST
Functional safety standards for automotive chips like ASIL (Automotive Safety Integrity Level) recommend BIST (Built-In Self-Test) to be part of a chip. Before transitioning to functional mode, it goes through logic and memory-BIST to assure that the chip has not encountered any manufacturing or aging faults. Chips can implement BIST for critical modules like hardware monitors to detect any dormant faults. Chips can even implement a controller to control and manage the BIST operations.
Redundant critical on-chip modules like processor, ISO, DMA controller, internal clock generator, and communications peripherals can improve reliability should a primary hardware module become non-functional while the vehicle is running. Such a system can have in-built error detection mechanisms and on-the-fly switching to redundant hardware to mitigate threats to passenger safety.
But this kind of redundant hardware architecture comes with the penalty of increased area and higher power management in silicon. Area penalties can be minimized by intelligent selection of which functions need to be duplicated in silicon. Power can be minimized by adopting power and clock gating in the redundant modules. Some in-vehicle computers can be implemented in lock-step of each other, where primary and redundant modules process the same input. Mismatch in the output of the lock-step modules indicates a defect in either of the modules. The system can switch itself off or take appropriate safety measures to avoid any real-time failure. Redundant hardware should be placed quite far in silicon from the primary embedded systems to avoid tampering of both modules together.
refer to: http://www.edn.com/design/automotive/4421704/Safety---security-architecture-for-automotive-ICs
沒有留言:
張貼留言