Functional Safety on MicroAutoBox III – Concepts and Mechanisms
Safety built in. Confidence built on.
MicroAutoBox III delivers an advanced suite of functional safety (FuSa) features that enhance reliability and robustness throughout your prototyping process. Its FuSa I/O functions – or FuSa block sets – combine intelligent monitoring with precisely defined safety responses to ensure your system stays predictable, protected, and in control, even under unexpected conditions.
Key Concepts
Internal hardware components of the MicroAutoBox III for the functional safety functionality (FuSa).
1. FuSa monitors – smart, real time protection
FuSa monitors continuously track the health of the model, application, and device using powerful hardware and software mechanisms such as watchdogs and memory integrity checks.
At the first sign of irregular behavior, they instantly activate the FuSa response to safeguard the system.
2. The FuSa response – reliable action when it counts
When a safety-relevant issue occurs, MicroAutoBox III executes a clear and controlled response. From visual indicators and logged messages to full device reboots or user defined routines, the system ensures predictable, transparent behavior in every fault scenario.
FuSa Monitors: Overview
Proactive fault detection for maximum reliability
MicroAutoBox III integrates multiple monitoring technologies – such as ECC memory checks and challenge response mechanisms – to detect faults early and place the system into a defined safe state. All components fit seamlessly into your overall vehicle safety concept.
Challenge Response Monitoring
Challenge response monitors (CRM) take watchdog supervision to the next level.
At regular intervals, a hardware CRM issues a 32 bit challenge. The model must return the correct response within a precise time window.
Any delayed or incorrect response triggers the FuSa response, ensuring continuous task integrity.
With multiple hardware driven CRMs, the independent and uncompromised supervision of multiple model tasks is possible.
Memory Integrity Checks
ECC RAM strengthens the real-time application through built-in memory protection:
- Automatic correction of single-bit errors
- Immediate safety action when double-bit errors occur
Hardware ECC, combined with robust Linux kernel handling, provides exceptional data integrity for real time operations.
System Monitoring
MicroAutoBox III autonomously monitors critical hardware parameters, including:
- Internal operating temperature
- Supply voltage levels
If limits are exceeded, the device immediately activates the FuSa response – fully hardware-driven for an instant, reliable response.
Monitoring External Inputs
A dedicated digital input allows seamless integration of external safety logic.
When the connected signal reaches a specified state, the hardware instantly triggers the FuSa response – perfect for connecting emergency stops or third party safety mechanisms.
Custom Monitoring
Customer-specific safety logic is tailored to application and safety requirements.
User-defined plausibility checks can detect inconsistencies and trigger a reaction – providing full flexibility when designing a safety concept.
FuSa Response: Overview
Clear, consistent, and configurable safety behavior
When a FuSa monitor detects an error, MicroAutoBox III executes a set of mandatory and optional safety actions, ensuring transparent and controlled system behavior.
Mandatory Error Responses
These always occur to guarantee visibility and traceability:
- Automatic opening of the FuSa relay
- The FuSa LED lights up red
- Error logging and storage in non volatile memory
- Transmission of the error to a connected host PC
Optional Error Responses
For more advanced handling, the additional actions can be configured:
- Trigger a subsystem within the real time model
- Reboot the device
- Stop the running real time application
These flexible options help developers shape system behavior to meet safety, performance, and application-specific requirements.