1 Functional Safety Concept

The devices of the AVR SD Family are general purpose microcontrollers designed according to the ISO 26262 and IEC 61508 safety standards to avoid systematic device faults.

The device family aims to mitigate risks and prevent failures that could lead to hazardous situations, minimize the required development of complex and time-consuming software diagnostics, and reduce the fault detection time for faults in vital functions down to 1 ms.

The AVR SD devices feature autonomous hardware fault detection mechanisms to detect, correct, and report random hardware faults and transient faults in the CPU and the infrastructure it relies upon. This Core-Independent Safety (CIS) makes the devices of the AVR SD Family highly suitable for safety-critical applications with strict safety requirements and demands for fast fault handling. The AVR SD devices suit for safety-critical applications with ISO 26262 (ASIL C) and IEC 61508 (SIL 2) safety requirements.

The primary Core-Independent Safety (CIS) features for the AVR SD devices are:

Error controller, able to autonomously set the device in a safe state upon detection of a critical fault
Dual CPU core in lock step configuration with redundant comparators
ECC protection of Flash, EEPROM and SRAM memories
Parity protection of data bus, with redundant control signals
CRC and ECC protection of device configuration and calibration fuses
Clock frequency monitor and failure detection
Over- and under-voltage detectors for the Voltage Regulator Monitor (VMON)
Dual watchdogs to detect hardware and software faults (WDT and SWDT)
Stack monitor to detect software faults
Redundant operation of most peripherals through duplication
Various other integrity check mechanisms

Functional safety documentation and software are available. These are complemented by a rich set of safety-qualified MPLAB® development tools.