In multi-core microcontrollers adopted for safety critical applications, such as automotive, the frequency of clock signals is typically monitored by dedicated Clock Monitor Units (CMUs), whose correct operation is essential for the microcontroller correct operation and system’s safety. We analyse the effects of resistive bridging faults and transient faults possibly affecting a typical CMU. We will show that 39% of the considered CMU resistive bridging faults do not result in a CMU output error message, thus remaining latent. Depending on the value of their connecting resistance, up to the 49% of the latent bridging faults can make the CMU unable to indicate the presence of a monitored clock signal with an incorrect frequency, with potential catastrophic consequences for the microcontroller correct operation and system’s safety. Instead, as for transient faults, we will show that they can be reasonably considered to do not constitute a serious risk for system’s safety.
Zhupa, M., Naldi, M., Omana, M., Metra, C. (2024). On the Reliability of Clock Monitoring Units for Safety Critical Applications’ Microcontrollers [10.1109/IOLTS60994.2024.10616093].
On the Reliability of Clock Monitoring Units for Safety Critical Applications’ Microcontrollers
M. Naldi;M. Omana;C. Metra
2024
Abstract
In multi-core microcontrollers adopted for safety critical applications, such as automotive, the frequency of clock signals is typically monitored by dedicated Clock Monitor Units (CMUs), whose correct operation is essential for the microcontroller correct operation and system’s safety. We analyse the effects of resistive bridging faults and transient faults possibly affecting a typical CMU. We will show that 39% of the considered CMU resistive bridging faults do not result in a CMU output error message, thus remaining latent. Depending on the value of their connecting resistance, up to the 49% of the latent bridging faults can make the CMU unable to indicate the presence of a monitored clock signal with an incorrect frequency, with potential catastrophic consequences for the microcontroller correct operation and system’s safety. Instead, as for transient faults, we will show that they can be reasonably considered to do not constitute a serious risk for system’s safety.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
