Driving is an extremely dangerous activity. For skydivers, the most dangerous part is actually the drive from home to the airport. In 2002, more than 46,000 people died in car accidents in Europe. This number is higher than the combined death toll from AIDS, meningitis, drug abuse, asthma, violent crime, and fires in the region. Governments are deeply alarmed by these statistics and have been trying for years to improve vehicle safety and prevent harm to the public through litigation. From the first speed limit of 10 mph in Britain in 1861 to the recent tire pressure monitoring legislation in the United States (which came into effect in August 2007), humanity has never ceased its efforts to improve road safety. Not only do governments feel obligated to improve vehicle safety, but the public also strongly desires safer cars. Therefore, the automotive industry has been working towards this goal. A recent NCAP survey shows that safety is the most important factor for consumers when buying a new car, after price and features. A safety rating of 4 stars or higher in NCAP tests can reduce the chance of serious or fatal injury by 30%. This clearly demonstrates the increasing demand from consumers for safer automotive features, and how these safety features are becoming increasingly effective in saving lives. The first car to achieve a 5-star safety rating in the NCAP standards was the Renault Laguna, produced in March 2001. Other cars have also achieved near-5-star ratings, indicating significant improvements in passenger and driver safety, as well as pedestrian safety. The challenge is that as more and more electronic components are incorporated into modern cars, the safety of these systems is becoming increasingly important. Aircraft have been using fly-by-wire systems for several years, but they haven't yet faced the price pressures faced by the automotive industry. Some aviation systems frequently utilize redundancy, sometimes reaching as high as four times redundancy for certain systems. The automotive industry is challenging itself to achieve similar levels without increasing vehicle costs. Now is the time for Tier 1 manufacturers and their suppliers to develop innovative solutions that address critical safety concerns at highly competitive prices. Regarding System Integrity Levels (SIL), in 1998, the IEC published standard 61508. This standard includes requirements for minimizing failures in electronic systems. It provides several definitions of system integrity or its "SIL" level. Based on the probability of a critical failure occurring per hour, applications and systems can be classified as follows: 1. FIT (Failure In Time) is equivalent to a critical failure probability of 10⁻⁹ per hour. Therefore, the complete system must be within the equipment's safety budget. The cumulative FIT is the description of the Safety Inevitability Level (SIL). Determining the required SIL level for an application is by no means a simple task. Clearly, critical aircraft systems need to meet at least SIL 3, and in some cases even SIL 4. In automobiles, this is less obvious. However, there are many examples, such as steer-by-wire or brake-by-wire, which clearly require such high levels. Several tools are also provided to analyze the required SIL level for a system. This article does not intend to assign different SIL requirements to different systems, but simply to illustrate that there are several critical safety systems in today's automobiles that must be carefully considered. Obviously, the steering and braking systems of a car are the most important. But how important are the car's lighting systems or windshield wipers? In rainy weather, what FIT level is acceptable for the system controlling the windshield wipers? Which systems are "safety-related" is becoming less of a question; the increasing question is whether there are any unsafe systems at all. Most systems in today's cars are connected to the CAN bus or LIN subbus. This raises further questions: how can any errors in non-critical applications (such as GPS) propagate to another system (such as the door module) or another critical application? Should every system in a vehicle have at least SIL2 rating? Certainly, as the body computer incorporates more and more functions, the focus on SIL ratings for these applications will become increasingly intense. There are examples in the market of OEMs integrating steering wheel locks into gateways or BCUs. Clearly, if the steering wheel locks due to a system malfunction, the consequences could be catastrophic, leading some BCU systems to require a SIL3 state. Who wrote the software? Another issue facing application developers in the current environment is software development. This problem has existed since software was no longer written by a single team but by several teams from several different companies. CAN drive software might come from one vendor, new algorithms from another specialized company, and algorithms for specific standard applications might be written by OEMs and/or Tier 1 suppliers. With this mix of software from different sources, it's no surprise that OEMs are increasingly focused on these issues. Software defects have become an increasingly significant problem. In 2000, Marcus and Stern pointed out that 40% of system failures were caused by software defects. With increasing software complexity and the growing number of software vendors, software defects will undoubtedly become an even more critical issue in the future. Freescale's advanced S12X product family offers many of the features required for next-generation automotive body computers. It provides a cost-reducing path for existing solutions while offering numerous advantages for future BCUs. The S12X series features capabilities to mitigate the spread of faults to other devices in the system. Its clock and voltage monitoring functions have been greatly improved, enabling rapid and effective responses to system faults. These features allow the microcontroller to monitor oscillator problems and instead run from the internal clock. This not only eliminates the need for a separate clock but also allows the microcontroller to continuously monitor the oscillator, restoring it from a "safe" state to a "normal" state. Concerns about software packages from multiple vendors can also be alleviated by the application of an MPU to the system. The MPU can prevent system errors in software applications, helping to ensure that they can only see, read, and write to the specific memory locations of the tasks at hand. Perhaps the most impressive improvement in the S12XE is Xgate. This tiny coprocessor runs on an instruction set completely different from the S12X core. It operates independently of the CPU and is highly flexible, capable of performing various activities such as an additional internal watchdog timer, effectively complementing the existing Computer Proceedings (COP) module. It can also be configured to run the same algorithms (or different versions) as the CPU, ensuring correct algorithm execution and providing redundancy checks without requiring any other components. Xgate is a versatile solution that can also be configured to run "non-critical" applications, allowing the CPU to handle only "critical" tasks, thus improving responsiveness to errors in other parts of the system. Detailed information on the S12XE series is expected to be available from your local Freescale dealer by mid-2006, after the products are officially launched on the market. In conclusion, standards emerged to meet the requirements of increasingly complex electronic systems. The new IEC 61508 standard is particularly helpful in providing a more stringent context for these requirements. As automotive OEMs strive to improve quality and safety while reducing costs, it's no longer just about placing systems like braking and steering systems under these standards. Safety is increasingly becoming a hot topic, even in the automotive body area. Freescale has always been committed to providing high-performance, cost-effective devices perfectly suited for the body computer market. Undoubtedly, the new S12XE series, launched in mid-2006, will propel Freescale to the forefront of this competitive market.