Integrated circuit devices, in general, may comprise multiple circuit arrangements (or “modules”) on a common “chip.” Such devices, sometimes known as “system on chip” devices or “machines” can include a processor, bus interfaces, memory devices and one or more system buses for communicating information to and from the device or machine. Such integrated circuit devices (or machines) can be found in automotive applications, for example, for engine management, transmission control, control of braking systems and electrical power regulation and control.
Some applications of these integrated circuit devices can be in safety critical systems such as electric power steering and anti-lock braking systems. Any fault which occurs in the integrated circuit device which controls components of a safety critical system could lead to a dangerous situation. For example, a loss of electrical power to an electric power steering system could result in injury to the driver or another person. Safety critical systems such as may be found in automotive systems may not be inherently fault-tolerant. In such cases, additional safety circuitry may be employed by these systems which, in the event of failure such as a loss of electrical power for example, respond in a way that minimises damage to the system or harm to the user. Such safety circuits may in themselves be system on chip devices, sometimes called “failsafe circuits” or “failsafe machines” comprising various functional circuits or modules such as monitoring circuitry, fault detection circuits and fault reporting circuitry. Typically, they may generate an output which may be used to disconnect the monitored device in which a fault has developed and been detected by the safety circuit. It may also, in the event of a power failure being detected, for example, switch in an alternative back-up power supply.
In order to specify functional safety of automotive systems, standards are identified by standardisation organisations. One such standard is the ISO 26262 which defines safety levels, the highest safety level being ASIL-D (Automotive Safety Integrity Level D). For safety applications targeting this level, the safety functions must be ensured even in the case of complete power supply failure.
One known fault tolerant power supply system is described in U.S. Pat. No. 5,745,670. This known system achieves a fault tolerance of an electrical system against power supply failure by providing power from two power sources by two redundant power supply connections to a local power supply and a power distribution bus. Control logic switches in power from the distribution bus if it detects a failure of the local power supply.