Operational Overview; Microcontroller Monitoring Framework - Infineon Technologies TC1728 User Manual

15.3

Operational overview

15.3.1

Microcontroller Monitoring Framework

The BMU is a component of the PRO-SIL
simplify the overall software monitoring requirements a safety application must fulfil. Two
practical use cases are presented that directly take benefit of the BMU:
• Break-After-Make flow
• Detection of illegal access to safety-related Configuration and Status Registers
(CSFR)
Break-After-Make use case
In a single processing channel (a microcontroller without hardware redundancy at the
application level) there are two common architectures dealing with the detection of
failures at the execution level:
• two processors running in static lockstep or loosely coupled lockstep mode,
executing the same safety code and comparing the results in a near cycle accurate
fashion. Any discrepancy between the master CPU and the checker CPU caused by
any soft or hardware fault is captured by an independent compare unit. The checker
CPU does not produce any data to the peripherals nor to the storage elements
(SRAMs). The lockstep flow is presented in
concept" on Page 15-5
• a single processor runs sequentially two redundant tasks. The redundant tasks can
be implemented with diversity. There is a control task (or control execution thread)
that executes and commits its results to the peripherals. The results from the control
task need to be saved in order to be checked at a later time. The monitor task (or
monitor execution thread) is then scheduled and produces an alternate set of data.
The results of both tasks/threads are gathered and compared by an hardware unit
independent to the processor. The control flow is presented in
After-Make concept" on Page 15-5
TM
the PRO-SIL
driver running on the PCP provide a generic mechanism that can be used by safety
applications to monitor specific data flows to safety-relevant peripherals. The BMU
software driver specification is not in the scope of this document.
User's Manual
BMU, V2.6
(left side).
safety concept. The combination of the BMU hardware and the BMU
TM
Monitoring Framework that enables to
Figure 15-1 "Break-After-Make
(right side). This is the basic scheme used in
15-4
TC1728
Bus Monitor Unit (BMU)
Figure 15-1 "Break-
V1.0, 2011-12