New Safety Mechanisms for MicroAutoBox II

Safety-critical applications, e.g., for highly automated driving, require additional mechanisms that monitor the correct execution of control functions on an ECU. To reach a higher level of monitoring even in early function development phases, the prototyping system MicroAutoBox II provides several monitoring functions that are common in series production. In the RTI Watchdog Blockset 2.0 (Release 2016-B), the multistage watchdog mechanism was already extended by an integrated challenge-response mechanism to monitor the correct execution of computations on the real-time processor. Version 2.1 of the blockset (Release 2017-A) added various memory integrity checks (heap, stack, and ROM monitoring). The checks make it possible to detect memory faults during start and run time of the real-time application, and the system can be set to a predefined state if an error occurs. Another new feature is supply voltage monitoring, which lets users monitor the supply voltage levels of MicroAutoBox II. This way, they can intervene before a critical supply voltage level is reached.