I have a question regarding the lockstep architecture and functional safety features of the aurix.
The lockstep architecture allows the detection of errors in the CPU because both cores are executing the exact same machine code, and errors are detected by the lockstep principle.
When I have a bug in my code, which leads to a fault in my application, the lockstep architecture does not recognize the bug. For example, when I have an error in a calculation which leads to a misbehavior of my safety relevant hardware i.e. the opening of some emergency switches, the aurix does not detect the error.
Wouldn't it be much more safe when I am running two different source codes on different Microcontrollers to detect such errors?
Which error categories are detected in particular by the special architecture of the aurix? Only Errors in the ALU/Memory/Bus itself?
Perhaps there is special documentation which answers my question?
Thank you very much,
If you have registered myICP, please access and download Safety Manual of TC3xx.
The lockstep operation has no effect on the software execution. Additional measures are implemented in hardware to mitigate common cause faults between the redundant TriCore CPU instances.
Here give a description and details please consult your disti or Infineon representative.