Functional Safety implementation on Zynq UltraScale+ MPSoC SOMs


iWave Functional Safety Solution makes use of certified Xilinx devices and tools to quickly meet the safety requirements of your application. Safety-critical applications like automotive, industrial motor control, avionics, and many others need to have high reliability and availability. To meet these requirements and achieve required Safety Integrity Levels (SILs) or Automotive Safety Integrity Levels (ASILs) it is necessary to mitigate soft errors and implement redundancy to have better hard fault toleration. iWave makes use of a range of solutions provided by Xilinx and also provides a means to test and integrate them to achieve the safety requirements of your application.

Applications: Safety-Critical applications such as avionic control systems, automotive, and Industrial Motor Control.

 

Highlights:

                  • Using Functional Safety Certified Xilinx Devices and Tools
                  • Detailed Application Note
                  • Supports Customization
                  • Tested Reference Designs

 

 

 

 

Ready to Integrate Solutions

UltraScale+ SEM IP: Xilinx UltraScale+ Soft Error Mitigation (SEM) IP is used to detect and correct SEU within FPGA configuration memory. SEM IP handles soft errors very efficiently, about 99.7% of soft errors are correctable using SEM IP hence it provides a method for better management of system-level effects caused by soft errors.

TMR MicroBlaze Subsystem: Triple Modular Redundancy is one of the effective solutions used to deal with soft errors in safety-critical applications. TMR MicroBlaze subsystem implements triplicated MicroBlaze soft cores along with triplicated memories, I/O, and other critical blocks. The outputs from these triplicated blocks are majority voted and fed to comparators to mitigate the effects of soft errors. Xilinx MicroBlaze compiler has been certified by SGS TUV Saar to comply with IEC 61508:2010 up to SIL 4 and ISO 26262:2011 up to ASIL D.

Isolation Design Flow: Isolation design flow allows both safety and non-safety functions to be present on a single-chip without affecting each other’s functionality. Isolation design flow is also helping in reducing single event failures when redundant blocks are implemented within the same chip. Xilinx IDF flow is part of Xilinx Vivado which has been certified by TUV Sud to comply with IEC 61508-3:2010 and ISO 26262-8:2011.

ARM Cortex R5 LockStep Mode: LockStep mode of operation is one of the easily achievable dual modular redundant solutions to meet safety requirements. Xilinx Zynq UltraScale+ MPSoC devices have dual-core ARM Cortex R5 processors in the Low Power domain which can be operated in lockstep mode for safety-critical applications. The Low Power Domain of Zynq MPSoC has been certified by Exida to meet the requirements specified by IEC 61508:2010 part 1, 2, 3 up to SIL 3 with HFT of 1 and ISO 26262:2011 parts 2, 4, 5, 6, 7, 8, 9, 10 up to ASIL C.

Isolation using XMPU & XPPU: Zynq MPSoC includes multiple processing subsystems including APU, RPU, PMU, CSU, and a user-defined number of MicroBlaze soft processors implemented in PL. If any of the processing subsystems are running safety-critical applications then the memory or peripherals used by that processing system can be isolated and its access is restricted to other processing subsystems. Xilinx Memory Protection Unit and Xilinx Peripheral Protection Unit helps in achieving this.

Copyright © 2022 iWave Systems Technologies Pvt. Ltd.