SM2 and SM1 Scheduling sequence

FabioG

Hi There,

In developement of Safety Mechanisms, which is the right scheduling sequence ? I suppose that SM2 run before SM1. Is it correct? Or is it true the opposite way? Or there is no a fixed order ?

For example: "SM2.CMU.sCheck" should be run before "SM1.CMU_FC" and "SM1.CMU_FM", because first is necessary to check if fhe hardware is ok, then it is possible to use CMU for check frequency and measure period. Is it righi ? If yes, is it for all SM1 and 2?

Best Regards,

Fabio

antoinedubois

Hi Fabio,

SM1 define HW Safety Mechanisms, SM2 define SW Safety Mechanisms, it is different than Safety Mechanisms for SPF vs LF.

But in general, it is often he case that the latent fault safety mechanisms is implemented in SW so it is often and SM2.

Then you can probably see in the reference Manual that Safety Mechanisms used for latent fault should be perform within your MPFDTI of your systems. Depending of you timing you can have different strategy:

- Run all your latent fault safety mechanisms at Vehicle Key-ON, MCU Start-up. It is the simplest in term of SW development, but it may increase your start-up time. Your example for clock is the perfect example for that

- Run all of them at Key-OFF, or during Run time (but not during your Safety related operational Mode).

- Use some cyclic combination to make sure it is run once per MPFDTI.

I hope it helps

Antoine

View solution in original post

antoinedubois