Delivering a SIL 3 CANopen Stack for Automotive Safety
trait de séparation
Reading time: 5 minutes
Safety-critical automotive systems demand rigorous certification. In this article, we share how ISIT delivered a CANopen communication stack certified to Safety Integrity Level 3 (SIL 3) under IEC 61508.
The project involved integrating existing safety-critical sensors into a new automotive control unit. Our customer needed a certified communication layer ready to integrate, with full safety evidence
The Challenge
The project requirements were clear but demanding:
- Hardware platform: Texas Instruments TMS570LC4357 MCU, a widely adopted safety-certified microcontroller in automotive applications.
- Real-time operating system: SCIOPTA RTOS, chosen by the customer for its deterministic behavior and safety credentials.
- Safety target: IEC 61508 SIL 3 certification for the complete control unit, including sensor data handling and CANopen / Safety communication.
- Timeline: The customer faced tight development deadlines, leaving no room for lengthy integration cycles or certification rework.
Our Solution: Safety CANopen Stack
We delivered our safety CANopen stack, specifically configured for this hardware and RTOS combination. This approach offered several advantages:
- Faster integration : the customer could integrate the stack directly into their application.
- Proven reliability : Years of experience with SCIOPTA on the TMS570 family allowed us to accelerate the build-and-test cycle with confidence.
- Built-in safety mechanisms. The stack includes safe-fail behaviors, watchdog triggering possibilities, and deterministic scheduling aligned with SIL 3 requirements.
- Streamlined Certification. Our certification approach leveraged ISIT's existing safety assets:
- Minimal documentation rework. The target platform shares key characteristics with previously certified configurations, allowing us to focus on adaptation rather than rewriting.
- Complete safety evidence. We delivered the full documentation package required for the customer's own system-level certification.
Results et benefits
The project delivered measurable value:
- Reduced time-to-market. The ready stack and certification assets shortened the integration phase significantly.
- Proven safety assurance. IEC 61508 SIL 3 certification provides the safety evidence required for automotive applications where failure is not an option.
- Avoiding the need for in-depth CANopen knowledge for developers. The ISIT team was able to prepare a predefined library configuration for the easiest possible system integration.
Conclusion
This project illustrates ISIT's approach to safety-critical communication: we provide certified protocol stacks that accelerate our customers' path to certification, eliminating the need to develop and certify communication layers from scratch.
With over 30 years of experience in certified embedded software and fieldbuses, ISIT supports customers across automotive, aerospace, rail, medical, and industrial markets.
Interested in CANopen, FSoE, or other safety protocol stacks for your next project? Connect with us to discuss your requirements.
Ces articles peuvent vous intéresser
ISIT CANopen stack on STM32
Read the article published by our partner STMicroelectronics.
An Advanced Solution for Safety Communication over EtherCAT: FSOE
Discover the benefits and features of the ISIT FSoE stack.
