3 Reference safety architecture
This section reports the details of the STM32F2 Series safety architecture.
3.1 Safety architecture introduction
The STM32F2 Series microcontroller analyzed in this document can be used as a compliant item within different
safety applications.
The aim of this section is to identify such compliant item and therefore to define the context of the analysis in
terms of assumptions with respect to a reference concept definition. This concept definition includes therefore
reference safety requirements as also assumptions on the design external to the defined compliant item.
As a consequence of compliant item approach, the goal is not to provide an exhaustive hazard and risk analysis
of the system around the microcontroller, but rather to list the system-related information considered during the
analysis. Such information include - among others - application related assumptions for dangerousness factors,
frequency of failures and diagnostic coverage already guaranteed by the application.
3.2 Compliant item
This section includes all the information related to the definition of the compliant item, including its usage in
different safety architecture schemes.
3.2.1 Definition of the compliant item
According to IEC 61508:1 clause 8.2.12, a compliant item is any item (for example an element) on which a claim
is being made with respect to the clauses of IEC 61508 series. With respect to its user, at the end of its
development the compliant item must be described by a safety manual.
In this document, the compliant item is defined as a system including one or two STM32 microcontrollers (MCU)
(see Figure 2.). The communication bus is directly or indirectly connected to sensors and actuators.
Figure 2. Definition of the compliant item
Remote
controller
Remote
controller
Remote
controller
Remote
controller
Sensor
Actuator
S
S
A
A
Processing element
Compliant item
STM
MCU(s)
Other components might be related to the compliant item, like the external HW components needed to guarantee
either the functionality of the STM32F2 Series (external memory, clock quartz etc) or its safety (for example the
external watchdog, voltage supervisors).
Defined compliant item can be classified as “element” according IEC61508-4, 3.4.5.
3.2.2 Safety functions performed by the compliant item
In essence, the compliant item architecture can be represented as composed by the following processes
performing the safety function or part of it:
• Input processing elements (PEi) reading safety related data from the remote controller connected to the
sensor(s) and transferring them to the following computation elements;
UM1845
Reference safety architecture
UM1845 - Rev 4
page 7/108
To Next Page
Loading...
