Automotive-grade microcontroller for low-cost development

[Siwastaja]

"automotive part" is completely meaningless, any manufacturer can mean anything arbitrary with it. Sometimes just temperature ranges, sometimes simply nothing.

What's discussed here are some actual certifications, meaning some of the design-for-certification engineering burden have been taken care of. This also means there's a truckload of paperwork available from the manufacturer. For relevant discussions, the actual certification names must be used.

[NivagSwerdna]

ASIL-D doesn't sound like a hobby project...

"ASIL D represents likely potential for severely life-threatening or fatal injury in the event of a malfunction"

ATSAME51 maybe but it really depends on your requirements and which eco system you will be happy in...

... tell us more and don't kill yourself or anyone else!

[voltsandjolts]

Choosing to do a pretend safety rated project as a hobby project??

Maybe something more enjoyable would be to rub a few hundred 0402's into your eyes.

Safety related stuff sucks ALL the fun out of electronics and programming and leaves you dreaming of a different career.
Or maybe its just me.

[Scrts]

"automotive part" is completely meaningless, any manufacturer can mean anything arbitrary with it. Sometimes just temperature ranges, sometimes simply nothing.

This isn't true. If the datasheet states that there's automotive qualified part available, it means that the part has passed AEC-Q100 testing. There's also AEC-Q200, but it's for passive components. Many OEMs do not allow using non AEC components, not even passives, so there was a tremendous issue when the world got into ceramic capacitor shortage.

[Siwastaja]

Safety related stuff sucks ALL the fun out of electronics and programming and leaves you dreaming of a different career.
Or maybe its just me.

Actually thinking about the actual safety, calculating design margins, simulating edge cases, measuring actual performance, and so on, is very rewarding, but I can totally see how seeing the metric shit-ton of paperwork on pretend-safety tailored to pass certification processes, while having to ignore (as per the bosses orders) all real safety issues you can't avoid seeing sucks the life out of you.

The hobbyist at least has the option of putting effort towards actual safety, and not having to listen anyone forcing them to ignore issues that arise.

[Siwastaja]

"automotive part" is completely meaningless, any manufacturer can mean anything arbitrary with it. Sometimes just temperature ranges, sometimes simply nothing.

This isn't true. If the datasheet states that there's automotive qualified part available, it means that the part has passed AEC-Q100 testing. There's also AEC-Q200,...

... and also AEC-Q101. In any case, datasheets of parts passing AEC-Q100 obviously state "AEC-Q100" in the datasheet. I mean, if I pay for all the testing required to pass a standard X, and pay for the (possible) royalties, I sure as hell want to state that on the datasheet.

If I only see "automotive" claimed, I would not make an assumption it's AEC-Q100 (or any other specific standard) qualified, IMHO such assumption would be ridiculously dangerous, but your mileage clearly varies.

[voltsandjolts]

... while having to ignore (as per the bosses orders) all real safety issues you can't avoid seeing sucks the life out of you.

Erm, no. I would quite simply walk out of the door if that happened.

I just find that the majority of the work on safety rated projects is done in spreadsheets, text documents, emails and phone conferencing. Yuk.
Less than 20% of my time is in 'real' engineering and Altium (which is the bit I enjoy).

The hobbyist at least has the option of putting effort towards actual safety, and not having to listen anyone forcing them to ignore issues that arise.

Yeh, skipping all the paperwork and third party assessments makes it more appealing but then its no longer a safety rated project.
It's just playing around with a dual core lock-step micro.

[bobsaccamano]

Yeh, skipping all the paperwork and third party assessments makes it more appealing but then its no longer a safety rated project.
It's just playing around with a dual core lock-step micro.

Yes, the goal is not to get assessed/certified but rather do an efficient "dry run" of the FuSa lifecycle (from safety concept to V&V) in order to gain experience and understand the pitfalls. Some of the building blocks are in place, ex. requirements management but not to a certifiable level (Using an approved requirements management tool with the correct TCL).

I realize that this approach might be heretical (even insane) in the Safety/Automotive community and that is why views and advice from experienced folk are very welcome.

[Rudolph Riedel]

Forget about ASIL, at least for the beginning, that is a whole extra level.

And have a look at ATSAMC21 as an inexpensive upgrade for an M2560 Arduino that is as a bonus available in automotive grade.

Thanks, I looked at the  ATSAMC21-XPRO Eval Board , but unfortunately it has just one CAN connector (I need two).  Do you have the name of the Automotive-grade board with that MCU?

There is none directly from Microchip but it does not really matter.
First of the normal version is pin and code compatible, so for evaluation there is no need to use the automotive version.
And you can easily connect a second transceiver to the extension headers.
PB14 is CAN1_TX and connected to EXT1 Pin 9.
PB15 is CAN1_RX and connected to EXT1 Pin 10.

You need your own board anyways - if things go beyond evaluation.

[mipl]

Do you mind sharing the links to the research projects? That would be really helpful. At the moment, AUTOSAR and certification are not the main concerns, only development time, firmware support and some safety features.

Some links in case TI Hercules is still under consideration.The TI GUI tool for the CPU configuration https://www.ti.com/tool/HALCOGEN, some would have to get used to generated code. However, the generated code tend to be direction in case of safety related functionality. The verification of the correctness is on the different level...
Example of a project focused on a standard, not application related, functionality http://loszi.hu/works/ti_launchpad_freertos_demo/.
Research paper describing one of many aspect in the safety development consideration. http://home.mit.bme.hu/~kollar/papers/Scherer-Graz.pdf
Even the CPU is capable of safety related computation (lockstep / ECC / etc.) it might be, that it still has to be supervised by external watchdog... depends on the system safety goals and decomposition of them.

P.S. Regarding other project it was someway interesting to experience disappointment when prototype develop on a fancy
ARM Cortex R4F had to be ported back to the humble PowerPC for the serial production...