Toshiba Corporation Semiconductor & Storage Products Company
HOME > Applications > Automotive > Safety and Drive Assist > Functional Safety > Functional Safety Technologies

Functional Safety Technologies

Toshiba offers automotive microcontrollers that feature an optimized tightly coupled fault supervisor as a means of ensuring functional safety and have received Technical Report I for IEC61508 SIL3 from an authorized certification body. These microcontrollers deliver safer and more cost-effective solutions.

Presentation of Functional Safety Technologies

Please enable JavaScript.

Toshiba SIL3 Method

This figure provides an overview of the Toshiba SIL3 Method.

In a optimized tightly coupled fault supervisor configuration, execution core A is tightly coupled with a suite of hardware checkers, that reference internal signals. This way, comparison and self-diagnosis can be performed automatically. The new configuration offers hardware and software size reductions,compared to the traditional dual-core configuration.

This figure provides an overview of the Toshiba SIL3 Method.

Design Techniques for SIL3 Compliance

This figure illustrates Design Techniques for SIL3 Compliance.

Toshiba's microcontroller platform specifically designed for SIL3 functional safety operation was highly appraised by an external certification body, TÜV -SÜD.

Top of this page

Proposals on Low-Cost Fail-Safe and Fail-Operational Systems

Should the engine control MCU fail while driving...
  Competitors' MCU Toshiba's tightly coupled MCU
1-out-of-1 Single-Core Can not implement fail-safe functions. (Needs a secondary MCU.)
Can not implement fail-safe functions.
(Needs a secondary MCU.)		 Stops the car safely in the event of an unstable cruising condition (Fail-safe)
Stops the car safely in the event of an unstable cruising condition (Fail-safe)
1-out-of-2 Dual-Core Stops the car safely in the event of an unstable cruising condition (Fail-safe)
Stops the car safely in the event of an unstable cruising condition (Fail-safe)		 Keeps the car in a stable cruising condition. (Fail-operational and fault-tolerant system)
Keeps the car in a stable cruising condition.
(Fail-operational and fault-tolerant system)

Toshiba's single-core MCU supports fail-safe function, which traditionally required a dual-core implementation. Additionally, Toshiba's dual-core MCU supports fail-operational and fault-tolerant systems.

What Is Functional Safety?

Take, for example, an intersection of a railway and a road. How can you ensure safety there?
  • Overpass: Intrinsically prevents hazards (intrinsic safety)
  • Railway crossing: Prevents hazards by using a safety system (functional safety)
To achieve functional safety, a number of measures against failures must be implemented in a design.
  • Deterministic faults: Were functional bugs weeded out from hardware and software designs?
  • Random hardware faults: Were wear-out and chance failures factored into hardware design?
International standards of rules on electronic control systems
  • Basic functional safety standard applicable to all kinds of industry: IEC 61508 (Second edition released in April 2010)
    Coverage: Atomic power facilities, railroads, processing facilities (plants), industrial machines, automobiles, etc.
  • Adaptation of IEC 61508 for automotive electric/electronic systems: ISO 26262 (published on November 15, 2011)

« Jump to Safety and Drive Assist

* System and product names mentioned herein may be trademarks or registered trademarks of respective companies or organizations.

Top of this page