Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Functional Safety

dsPIC33 Digital Signal Controllers and PIC24 Microcontrollers for Functional Safety

Designers of applications such as appliances, industrial control systems and vehicles are increasingly relying on electronics to provide efficient control and enhanced user features. These applications require safe and reliable operation to protect end-user well-being. Most of the time, electrical systems operate as intended, but in the event of unexpected condition or system malfunction, safety specifications such as ISO 26262, IEC 60730 and IEC 61508 are used to ensure that manufacturers have designed their products to operate safely.

ISO 26262 (ASIL): Functional Safety for Automotive Applications

Levels: ASIL A, ASIL B, ASIL C

Automotive ISO 26262 Functional Safety - ASIL B ASIL C

dsPIC33 Digital Signal Controllers (DSCs) can be used in high-performance embedded, sensor interfacing, digital power and motor control applications for the automotive market including DC/DC systems, On-Board Chargers (OBCs), actuators and sensors (position, pressure), and other control units targeting ASIL B or ASIL C compliance.

IEC 61508 (SIL): Functional Safety for Industrial Applications

Levels: SIL 1, SIL 2

Industrial ICE 61508 Functional Safety - SIL

dsPIC33 DSCs are designed for reliable operation in harsh environments and make it easy for you to develop high-performance embedded, sensor interfacing, digital power and motor control applications that are IEC 61508 Safety Integrity Level standard (SIL 2) compliant.

IEC 60730: Functional Safety Standard for Household Appliances

Levels: Class A, Class B

Home Appliance IEC 60730 Safety - Class B

We offer a broad portfolio of PIC24 microcontrollers (MCUs) and dsPIC33 DSCs that feature a range of hardware safety features and support software routines that can be readily integrated into your designs to simplify meeting IEC 60730 requirements for Class B Safety.

Functional Safety Ready Icon

Functional Safety Ready

Select dsPIC33 DSCs have been designated as “Functional Safety Ready.” A product that contains the “Functional Safety Ready” designation offers integrated hardware safety features, Failure Modes, Effects, and Diagnostic Analysis (FMEDA) reports, safety manuals, and, in some cases, diagnostic software libraries. A TÜV SUD-certified C-compiler and a complete and fully qualified development environment are also available.

Functional Safety Readiness

Functional
Safety Readiness
ISO 26262
(ASIL B and ASIL C)
IEC 61508
(SIL 2)
IEC 60730
(Class B)
Hardware Safety FeaturesYesYesYes
Safety LibraryASIL B and ASIL C Compliant
Diagnostic Library*
Releasing SoonClass B Safety
Library
AUTOSAR® MCAL DriversYes*N/AN/A
Safety ManualYes*Releasing SoonN/A
FMEDA ReportsYes*Releasing SoonN/A
TÜV SUD-Certified CompilerMPLAB® XC16 Compiler
Code Coverage ToolsMPLAB Code Coverage or third-party tools from vendors such as LDRA

*To access our device-specific safety-related content, all of which are available under NDA, please fill the Information Request Form.

Supported Hardware Modules

AEC-Q100-qualified silicon with specialized hardware safety features, including fault prevention, self-diagnostic, system diagnostic and fault mitigation:

  • Memory with error detection and correction
  • CPU with trap instructions and fault detection
  • Clocking systems including backup oscillators
  • GPIO with ESD protection
  • System monitors: POR, BOR, WWDT, Deadman Timer, hardware limit timer and voltage detection

A full list is provided in the Functional Safety Relevant Features section below.

In addition to the support that comes with the Functional Safety Ready designation, dsPIC33 DSCs that are developed based on the IATF 16949 quality management systems offer a range of features and a comprehensive ecosystem that enable system-level compliance to functional safety.

Safety and Diagnostic Software

  • Diagnostic software libraries that are useful for achieving fault coverage for the hardware device
    • ASIL B and ASIL C compliant diagnostic libraries for the device core, memory and a variety of peripherals
    • Fault injection routines to test system response under a fault condition
    • Static and dynamic code analysis reports and traceability reports to track and achieve consistency between requirements, implementation and verification of safety functionalities
    • Tight integration with recommended diagnostics in the corresponding FMEDA and Functional Safety Manual
    • Availability of test benches and project files on request to verify conformance of libraries to safety standards
  • VDE- and UL-certified Class B libraries that simplify meeting IEC 60730 requirements for Class B Safety
    • Application Note AN1778 describing the Application Programming Interface (API) functions available in the Class B Safety Software Library and how to incorporate them in your project
  • Routines directly integrate into MCU applications to test and verify the critical functionalities

Functional Safety Ecosystem

  • FMEDA to quantify the device’s fault modes, their Failure-In-Time (FIT) rate distribution and corresponding detection methods to help create a coverage plan
  • Functional Safety Manual that provided recommendations on how the device should be used for the safest operation
  • AUTOSAR MCAL Drivers for select dsPIC33 DSC families
  • Liverpool Data Research Associates (LDRA) Tool Suite for functional safety compliance
  • Affiliation with certification bodies

When designing functional safety applications, using development tools that meet the requirements of safety standards can make it easier to create compliant systems. To help you with implementing system-level functional safety in your applications, Microchip has adopted this standard for the MPLAB development ecosystem and offers a TÜV SÜD certified MPLAB XC16 compiler and documents for MPLAB X Integrated Development Environment (IDE) and MPLAB programmers and debuggers to help you qualify your design for functional safety.

Featured Controller Families

Product Family CPUCPU SpeedProgram MemoryAEC Q100Applications
dsPIC33CH512MP508
dsPIC33CH128MP508
Dual Core 90 + 100 MIPS Up to 512 KB Grade 0
Up to 150°C
High-Performance Embedded
Digital Power
Motor Control
dsPIC33CK256MP508
dsPIC33CK64MP105
Single Core 100 MIPS Up to 256 KB Grade 0
Up to 150°C
High-Performance Embedded
Digital Power
Motor Control
Sensor Interfacing
dsPIC33EP128GS808 Single Core 70 MIPS Up to 128 KB Grade 1
Up to 125°C
High-Performance Embedded
Digital Power
dsPIC33EV256GM106 Single Core 70 MIPS Up to 256 KB Grade 0
Up to 150°C
High-Performance Embedded
Motor Control
Sensor Interfacing

Functional Safety Relevant Features – PIC24 MCUs and dsPIC33 DSCs

Dedicated peripherals and functions have been integrated into PIC24 and dsPIC33 devices to help increase the reliability and monitoring for safety-critical applications. These features help ensure that end applications operate as intended, with safe shut down if any exception or issue arises.

Memory (Flash/RAM) Error Detection and Correction
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
CRC Module/Cyclical Redundancy Check (CRC)*   
Flash Error Detection and Correction (ECC)   
Read/Write Memory Protection    
Boot Segment Protection    
Dual Partition Program Memory   
Illegal Opcode Detect   
Load Once Per Reset Config Register    
RAM BIST--   
Self-Readable Flash Memory   
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
System Reset, Detect and Manage
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
Power-on Reset (POR)  
Brown-out Reset (BOR)  
Windowed Watchdog Timer
Dual Watchdog

Std. WDT
 
Deadman Timer- 
Configuration Mismatch Reset  
High/Low Voltage Detect (HLVD)--   
High-Voltage Detect (HVD)--  
PWM Fault Management   
PWM Lock-   
UART Internal Loopback

   
Reset Trace   
Asynchronous Master Clear Reset (MCLR)   
CAN Port Loopback Mode

-
   
ICSP Write Inhibit-   
On-Chip Regulator for CPU   
Capacitor-less Regulator--   
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
GPIO ESD Protection/PPS
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
ESD Protection   
Peripheral Pin Select  
I/O Port Readback  
Virtual Pins--   
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
Clocking Systems Backup Oscillators/Monitors
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
Redundant Oscillator
BFRC
   
Lockable Clock (OSCCON)   
Fail Safe Clock Monitor 
Windowed Watchdog Timer
Dual Watchdog

Std. WDT
 
Two-Speed Start-Up 
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
CPU Trap Instructions/Fault Detection
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
Error Trap Monitors  
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
Analog Internal Vref and Sample/Hold
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
Internal Vref  
Multiple Sample and Hold   
Charge Time Measurement Unit (CTMU)-  
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
Class B Safety Software
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
RAM Variable Memory Test   
Frequency Detect  
Program Counter Stuck-at-Faults   
CPU Register Test   
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available
Other Features
+
FeaturedsPIC33CdsPIC33EPIC24FFault PreventionSelf DiagnosticSystem DiagnosticFault Mitigation
MPLAB® XC CompilersTÜV SUD-certified MPLAB XC16 compiler
MCAL Drivers for AUTOSAR   
LDRA Compliance Management Tool Suite Support (Third Party) 
Definitions:
Fault Prevention - Silicon feature that prevents damage, unintended configuration changes or invalid operation
Self-Diagnostic - Silicon/software feature that identifies if the silicon is working as it should be
System Diagnostic - Silicon/software feature that identifies if the system is working as it should be
Fault Mitigation - Silicon feature that can be used by the system to transition to a safe state after a fault is detected
Legend:
● Available in all devices
○ Available in some devices
- Not Available

Resources

 

16-bit Video Channel