There is a trend that modern automotive ECUs integrate more and more functionality. On one side, this trend is driven by technology scaling that enables ever increasing levels of integration. Moreover, also the highly cost driven nature of the automotive industry forces developers to reduce the total number of ECUs per vehicle.
In this context, electronics plays an increasing role in providing advanced driving assistance functions that particularly help to prevent hazards and reduce the number of fatal injuries.
The integration of said assistance functions inside an ECU is mainly concentrated around a multi-CPU microcontroller that plays a decisive role by hosting the critical computation and control functions. Such a multi-CPU microcontroller may be regarded as a cluster of computation nodes with defined and encapsulated tasks.
Under such assumptions—i.e. that a plurality of critical computation and control functions related to various assistance functions are performed by the same multi-CPU microcontroller—failure isolation is a main concern to address in order to ensure that not all assistance functions are affected by a single error. This requirement influences all building blocks of the safety architecture for a system providing fault containment.
Consequently, embodiments aim at providing a new approach in safely managing errors in order to improve system availability.