• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • Automotive
    • Connectivity
    • Consumer Electronics
    • Industrial
    • Medical
    • Security
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Videos
    • TI Microcontroller Videos
  • EE Resources
    • DesignFast
    • eBooks / Tech Tips
    • FAQs
    • LEAP Awards
    • Podcasts
    • Webinars
    • White Papers
  • EE Learning Center
    • Design Guides
      • WiFi & the IOT Design Guide
      • Microcontrollers Design Guide
      • State of the Art Inductors Design Guide
      • Power Electronics & Programmable Power

Embedded systems software and programming for a safer world

October 9, 2020 By Jeff Shepard

Functional safety is an important feature in many embedded systems today. Designers need to know the specific safety integrity levels that must be met in various application environments and software development standards and guidelines. The use of an integrated development environment can efficiently bring these various requirements together to maximize the productivity of the development process and the quality of the resulting embedded system software.

Some of the most common functional safety standards include:

  • IEC 61508 is the international umbrella standard for functional safety. The standard, and standards derived from it, are used within all kinds of industries with requirements on reliability and safety, for example, process industries, the oil and gas industry, nuclear power plants, machinery, and railway control systems.
  • ISO 26262 is used for automotive safety-related systems.
  • EN 50128 and EN 50657 are European standards for safety-related software in railway applications. The standards are derived from IEC 61508.
  • IEC 62304 is an international standard which specifies life cycle requirements for developing medical software and software within medical devices.

High-integrity functional safety standards frequently require designers to provide extensive justification for selecting a particular development tool unless the tool is already certified. The proof of compliance for the tools increases cost and time of development. Pre-certified tools can provide an answer to this need.

For example, IAR Systems provides certified editions of IAR Embedded Workbench for Arm, for Renesas RX, RL78, and RH850, and for STM8. The tools’ functional safety editions are certified by TÜV SÜD according to the requirements of IEC 61508, ISO 26262 (ISO 26262-6:2018), EN 50128, and EN 50657. For Arm, RX, RL78, and STM8, the certification also covers IEC 62304.

Embedded systems software and programming
The IAR embedded workbench includes functional safety editions tools certified by TÜV SÜD. (Image: IAR Systems)

Safety integrity levels

The concepts and requirements for various safety integrity levels (SILs) are not consistent among all functional safety standards. Based on the IEC 61508 standard, four SILs are defined in the functional safety standards, with SIL 4 the most dependable and SIL 1 the least. IEC 61508 defines SIL using requirements grouped into two broad categories: hardware safety integrity and systematic safety integrity. A device or system must meet the requirements for both categories to achieve a given SIL. In addition, there are different SIL requirements for systems that operate continuously compared with systems that are used intermittently. The “probability of dangerous failure on demand” (PDF) and the “risk reduction factor” (RRF) can be 10,000-times more stringent for systems that operate continuously compared with systems that are used intermittently.

For embedded industrial applications, Renesas Electronics recently announced the extension of their RX Functional Safety solution, with the release of its Functional Safety over EtherCAT (FSoE) Application Software Kit, the first software offering that supports functional safety on EtherCAT from a semiconductor manufacturer. Renesas’ RX Functional Safety solution is a solution for industrial automation applications that reduces the complexity of IEC 61508 SIL3 certification.

Renesas offers a Functional Safety over EtherCAT (FSoE) application software kit for industrial systems (Image: Renesas)

Renesas’ new FSoE software is based on the FSoE standard published by the EtherCAT Technology Group, the world’s largest industrial Ethernet organization. Developers can obtain an FSoE protocol stack in addition to an RX microcontroller (MCU) with functional safety support and the software – all in a single package, speeding up the development of industrial equipment incorporating FSoE. This allows the quick implementation of communication functions needed to support functional safety, such as essential alarms indicating danger or emergency stop signals using an RX MCU.

Automotive safety integrity levels

While IEC 61508 defines four safety integrity levels from 1 to 4, ISO 26262 defines four automotive safety integrity levels (ASILs) from A to D. ASIL A is the least stringent level of safety reduction, while ASIL D is the most severe. ISO 26262 applies to vehicles with a maximum gross vehicle mass of up to 3,500 kg (about 7,700 pounds).

ASIL classifications of representative automotive systems (Image: Synopsys)

Car manufacturers and system suppliers have traditionally addressed compliance with these requirements. However, with the increasing complexity of automobiles, all supply chain participants are now called to support and enable functional safety and reliability standards. These metrics are becoming an integral part of the semiconductor design flow.

According to ISO 26262:1-2011, a safety mechanism is a technical solution implemented by electrical or electronic functions or elements, or by other technologies, to detect faults or control failures to achieve or maintain a safe state. Examples of safety mechanisms include:

  • Error correction code (ECC)
  • Cyclic redundancy check (CRC)
  • Hardware redundancy
  • Built-in-self-test (BIST)

The effectiveness of the solution to detect these random failures is measured by three metrics to detect fault and failure in time (FIT), as well as the overall likelihood of risk:

  • Single-point fault metric (SPFM)
  • Latent fault metric (LFM)
  • Probabilistic metrics for hardware failures (PMHF)

MISRA C

MISRA C is a set of software development guidelines for the C programming language developed by MISRA (Motor Industry Software Reliability Association). It aims to facilitate code safety, security, portability, and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99. There is also a set of guidelines for MISRA C++. Although originally specifically targeted at the automotive industry, MISRA C has evolved as a widely accepted model for best practices by leading developers in sectors including automotive, aerospace, telecom, medical devices, defense, railway, and others.

MISRA is a collaboration between manufacturers, component suppliers, and engineering consultancies, which seeks to promote best practice in developing safety- and security-related electronic systems and other software-intensive applications. For a claim of MISRA compliance to have meaning, it is necessary to establish:

  • Use of a disciplined software development process;
  • Exactly which guidelines are being applied;
  • The effectiveness of the enforcement methods;
  • The extent of any deviations from the guidelines;
  • The status of any software components developed outside of the project.

Integrated development environment

Regardless of the programming language, standards, or applications environment, embedded software designers need an integrated development environment (IDE). IDEs are designed to maximize programmer productivity by providing a set of development tools with similar user interfaces. IDEs present a single program in which all development is done. This program typically provides many features for authoring, modifying, compiling, deploying, and debugging software.

Examples of the tools included in IDEs are debuggers and emulators. The debugger goes through the code and eliminates bugs and errors, notifying the programmer where they occur. Debuggers pinpoint the lines where issues are found so that programmers can address them quickly.

An emulator is a hardware or software replication of the target system with identical functionality and components. Emulators are used to simulate software performance and see how the code will work in a real-time environment. With an emulator, programmers can change values to reach optimal performance of the code.

This was the final article in a three-part FAQ series on various aspects of embedded system design. The first article looked at managing power consumption and dissipation in embedded systems for a greener world. The second article considered securing embedded systems in a hostile world.

References

Functional Safety Methodologies for Automotive Applications, Cadence
Functional Safety Solution for Industrial Automation, Renesas Electronics
MISRA Compliance:2020, MISRA
Integrated code analysis in functional safety tools, IAR Systems
Safety integrity level, Wikipedia
What is ASIL?, Synopsys

You may also like:

  • attack surfaces
    Safety and cyber security for the connected car
  • functional safety software
    Software brings functional safety to embedded systems

  • Embedded basics Part 3: Functional safety documentation and terminology
  • ISO 26262 functional safety
    Embedded basics Part 2: ISO 26262 functional safety for MCUs
  • IEC 61508 functional safety
    Embedded basics Part 1: IEC 61508 functional safety for MCUs

Filed Under: FAQ, Featured Tagged With: FAQ

Primary Sidebar

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

EE Training Center Classrooms

EE Classrooms

CURRENT DIGITAL ISSUE

A frequency you can count on There are few constants in life, but what few there are might include death, taxes, and a U.S. grid frequency that doesn’t vary by more than ±0.5 Hz. However, the certainty of the grid frequency is coming into question, thanks to the rising percentage of renewable energy sources that…

Digital Edition Back Issues

Subscribe to our Newsletter

Subscribe to weekly industry news, new product innovations and more.

Subscribe today

RSS Current EDABoard.com discussions

  • How to set USB port as RS-485 entrance? How to interpret Growatt solar inverter commands?
  • Find Critical Path in Cadence Genus?
  • Simulation of a Press-ON-Press-OFF push button
  • HFSS 2022 R2 - Waveguide port configuration
  • Why this antenna azimuth and elevation direction are the same?

RSS Current Electro-Tech-Online.com Discussions

  • How know if solder iron has good quality tip?
  • How does a transistor works as a switch?
  • Peltier control
  • How to set USB port as RS-485 entrance? How to interpret Growatt solar inverter commands?
  • Component Identification

Footer

Microcontroller Tips

EE World Online Network

  • DesignFast
  • EE World Online
  • EDA Board Forums
  • Electro Tech Online Forums
  • Connector Tips
  • Analog IC Tips
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • Wire and Cable Tips
  • 5G Technology World

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us
Follow us on Twitter Add us on Facebook Follow us on YouTube  Follow us on Instagram

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy