2013年10月1日 星期二

Power of watchdog timers


Watchdog Timers
SoCs can have timers which will bring a processor or any other controller out of a hung situation by making them transit to a safe state. It can implement a safety feature to execute a task periodically. Timers can specify a period in which a task needs to be executed. If that task does not get executed in the predefined duration, the system is assumed hung. Thus, the SoC can monitor the execution of the task and take appropriate safety measures.


Redundant critical on-chip modules like processor, ISO, DMA controller, internal clock generator, and communications peripherals can improve reliability should a primary hardware module become non-functional while the vehicle is running. Such a system can have in-built error detection mechanisms and on-the-fly switching to redundant hardware to mitigate threats to passenger safety.
But this kind of redundant hardware architecture comes with the penalty of increased area and higher power management in silicon. Area penalties can be minimized by intelligent selection of which functions need to be duplicated in silicon. Power can be minimized by adopting power and clock gating in the redundant modules. Some  in-vehicle computers can be implemented in lock-step of each other, where primary and redundant modules process the same input. Mismatch in the output of the lock-step modules indicates a defect in either of the modules. The system can switch itself off or take appropriate safety measures to avoid any real-time failure. Redundant hardware should be placed quite far in silicon from the primary embedded systems to avoid tampering of both modules together.




refer to: http://www.edn.com/design/automotive/4421704/Safety---security-architecture-for-automotive-ICs

沒有留言:

張貼留言