In modern automobiles, more and more functions are implemented by electrical circuits and by software. Particularly in applications which cannot fall back on any mechanical design, e.g. in the case of an all-electric steering or an all-electric brake, the safe operation of the corresponding systems is an essential characteristic. As soon as malfunctions are detected in the corresponding hardware or software, an immediate response is required in order to ensure safe operation or restore safe operation within the respectively defined minimum time period.
Functional safety in the field of automotive applications is defined by the ISO 26262 standard. Microcontrollers which meet the specifications for functional safety are equipped with corresponding safety mechanisms (SM) in order to detect a malfunction of the system controlled by them or a malfunction of the microcontroller and respond appropriately.
The safety mechanisms contained in a microcontroller or microprocessor forward detected faults to a central fault processing module within the microcontroller which then triggers appropriate responses in order to clear the indicated faults or restore a safe status of the system controlled by the microcontroller.
Alarm signals which trigger specific responses of the microcontroller are therefore evaluated within the microcontroller. These responses can comprise, for example, the triggering of an interrupt, the resetting of an application or the resetting of the microcontroller or parts of the microcontroller, e.g. its CPU.
A particular difficulty is posed by the occurrence of a succession of alarm signals which in some instances are uncritical as individual alarms, but which indicate a major fault when occurring together.