Author Topic: Multi Microcontroller Functional Safety design Consideration  (Read 2693 times)

0 Members and 1 Guest are viewing this topic.

Offline ramesh.rajagopalTopic starter

  • Newbie
  • Posts: 3
  • Country: sg
Multi Microcontroller Functional Safety design Consideration
« on: February 01, 2024, 06:38:38 am »
Hi ,

While designing the System with the multiple Microcontroller. if one MCU is directed to check the heath of the systems.
Other than monitoring the following things, what else we can monitor to ensure stable design
1) Voltage monitoring
2) power supply Current monitoring
3) Communication Monitoring.
4) Vital signal monitoring
5) few points temperature monitoring.
6) Clock monitoring is possible??
7) being an watch dog monitor to another system.

Is there any other things  that we can monitor...'

pls advice.

Thanks
Ramesh.
 

Offline Andy Chee

  • Frequent Contributor
  • **
  • Posts: 707
  • Country: au
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #1 on: February 01, 2024, 07:20:05 am »
A similar principle to the watchdog, you can monitor a vital status flag being set/reset in a subroutine, or indeed a vital ASCII or BCD code.

If that flag or code isn't valid, then you trigger the watchdog.

Of course such a technique may be overkill for simple systems.
 
The following users thanked this post: ramesh.rajagopal

Offline SteveyG

  • Supporter
  • ****
  • Posts: 993
  • Country: gb
  • Soldering Equipment Guru
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #2 on: February 03, 2024, 12:17:49 am »
What does your risk register and failure mode analysis highlight as critical functionality or risks that need addressing? You could monitor all kinds of things, but you need to establish what and why.
YouTube Channel: https://www.youtube.com/user/sdgelectronics/
Use code: “SDG5” to get 5% off JBC Equipment at Kaisertech
 

Offline andre.lubbock

  • Newbie
  • Posts: 9
  • Country: nz
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #3 on: February 03, 2024, 12:33:07 am »
6) Clock monitoring is possible??

If you mean monitoring the clock is running on other MCUs?

The other MCUs would need to output their clock signal on a GPIO pin. The actual signal would be derived from the main MCU clock so it runs at a much slower speed e.g. 1Hz. The MCU that does that health monitoring could read these GPIO pins.

In many MCU, if the main xtal fails, the clock will fallback to internal RC
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14583
  • Country: fr
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #4 on: February 03, 2024, 08:38:02 am »
External "Clock monitoring", when at all possible, doesn't make much sense, that's what watchdogs are for (among other things).

Otherwise, more generally speaking, I'm not sure there's really a benefit of designing a system with multiple processors, with one dedicated to "control" what the rest does. It's usually more effective to have several do the same job (redundancy scheme). That's just a very general consideration, the whole topic could be detailed in several books, and still not be covered.
 

Offline JoeyG

  • Regular Contributor
  • *
  • Posts: 117
  • Country: au
 

Offline ramesh.rajagopalTopic starter

  • Newbie
  • Posts: 3
  • Country: sg
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #6 on: February 23, 2024, 04:43:46 am »
Thanks for all your suggestions.

On the topic of Redundancy, Yes, we tried do add on sensing and actuation portions to avoid single point of failure.



Thanks again.
Ramesh.
 
 

Offline Njk

  • Regular Contributor
  • *
  • Posts: 216
  • Country: ru
Re: Multi Microcontroller Functional Safety design Consideration
« Reply #7 on: February 24, 2024, 08:33:22 pm »
It depends on the requirements. I once designed a system comprising 49 MCUs of three different types. It was working fine with no centralized monitoring functionality implemented. I have doubt on its usefulness unless it's required by the customer. Detecting a failure is one thing but what to do next is the other thing. That's why high availability assumes high redundancy, otherwise self-healing is not possible.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf