U6813B
Fail-Safe IC with High-Side Driver and Relay Driver
Description
The function of microcontrollers in safety critical ap-
plications (e.g. anti-lock systems) needs to be monitored
permanently. Usually this task is accomplished by an in-
dependent watchdog timer. The monolithic IC U6813B –
designed in bipolar technology and qualified according to
the needs of the automotive industry – includes such a
watchdog timer and provides additional features for
added value. With the help of integrated driver stages it
is easy to control safety related functions of a relay and
of an N-channel power MOSFET in high side applica-
tions. In the case of a microcontroller malfunction or
supply voltage anomalies the U6813B provides positive
and negative reset and enable output signals. This flexi-
bility guarantees a broad range of applications. The
U6813B is based on the experience of the Atmel Wireless
& Microcontrollers Failsafe ICs U6808B and U6809B.
D
Positive and negative reset output
D
Over-/ under-voltage detection
D
Relay and power-FET outputs protected against
standard transients and 55-V load dump
Features
D
Digital self-supervising watchdog with hysteresis
D
One 150-mA output driver for relay
D
One high-side driver for n-channel power FET
D
Positive and negative enable output
Block Diagram
V
CC
Bandgap
reference
2,44 V
Reset
debounce
fosc
3.3-V under- and
overvoltage detect.
RELO
V
CC
14
Current
limitation
V
CC
5-V under- and
overvoltage detect.
N-EN
6
1
Power-on
reset
Reset
delay
fosc
N-RES
4
P-RES
3
3.3V
16
RELI
13
19k
FETI
12
19k
WDI
11
19k
Watchdog
Internal
oscillator
fosc
RC-
oscillator
supervisor
RC
oscillator
V
CC
P-EN
5
FETO
9
FET
output
7
V
S
15
SGND
2
GND
10
WDC
8
CAPI
14193
Figure 1. Block diagram
Ordering Information
Extended Type Number
U6813B
Package
SO16
Remarks
Rev. A4, 18-Sep-01
1 (13)
U6813B
Pin Description
RELO
GND
P-RES
N-RES
P-EN
N-EN
V
S
CAPI
1
2
3
4
5
6
7
8
14194
16 3.3V
15 SGND
14 V
CC
13 RELI
12 FETI
11 WDI
10 WDC
9
FETO
Figure 2. Pinning
Table 1 Pin types and functions
Pin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Name
RELO
GND
P-RES
N-RES
P-EN
N-EN
V
S
CAPI
FETO
WDC
WDI
FETI
RELI
V
CC
SGND
3.3V
Supply
Type
Open-collector output driver
Digital output
Digital output
Digital output
Digital output
Battery supply
Analog input
Power FET output
Analog input
Digital input
Digital input
Digital input
Supply
Supply
Analog input
Function
Failsafe relay driver
General ground
Positive reset signal
Negative reset signal
Positive enable signal
Negative enable signal
Voltage for charge pump
Input bootstrap capacitor
High voltage for n-channel FET
Ext. RC for watchdog timer
Watchdog trigger signal
Activation of power FET
Activation of relay driver
5-V supply
Sense ground, reference for V
CC
and 3.3V
3.3-V supply
Reset: H
Reset: L
Logic
Driver on: L
Enable: H
Enable: L
Pulse sequence
FET on: H
Driver on: H
2 (13)
Rev. A4, 18-Sep-01
U6813B
Fail-Safe Functions
A good fail-safe IC has to maintain its monitoring
function even if there is a fault condition at one of the pins
(e.g. short circuit) ensuring that a microcontroller system
would not go into a ”critical status”. A system would get
into critical status for example if it would not be able to
switch off the relay or disable the power MOSFET or
Table 2 Truth table
could not to give a signal to the
mC
via ENABLE- and
RESET- outputs in the case of a fault condition. The
U6813B is designed to handle those fault conditions
according to the following table for a maximum of system
safety.
VCC
ok
ok
ok
ok
ok
x
wrong
3.3V
ok
ok
ok
ok
ok
wrong
x
WDI
ok
ok
ok
ok
wrong
x
x
RELI
H
L (d)
x
x
x
x
x
FETI
x
x
H
L (d)
x
x
x
RELO
on
off
x
x
off
off
off
FETO
x
x
on
off
off
off
off
N–RES
H
H
H
H
H
L
L
P–RES
L
L
L
L
L
H
H
P–EN
H
H
H
H
L
L
L
N–EN
L
L
L
L
H
H
H
d = default state at open input
N–EN disable: high
P–EN disable: low
Application Circuit
From
mC
FET in
Relay in
Watchdog in
V
Batt
Sense ground
3.3V
1
2
C
1k
2
B
E
36k
V
CC
1
2
1
1
2
2.7M
47n
1
16
3.3V
15
SGND
14
VCC
13
RELI
12
FETI
11
WDI
10
WDC
9
FETO
1
2
6.8n
U6813B
1
RELO
GND
P–RES
N–RES P–EN
N–EN
VS
CAPI
1
2
3
4
5
6
7
8
47n
2
1
1
2
To
mC
V
Batt
2
1
1
3
2
1k
1
1
2
100n
1
1
1
1
Figure 3. Application circuit
Rev. A4, 18-Sep-01
3 (13)
U6813B
Description of the Watchdog
WDC
Binary counter
Dual MUX
WDI
RESET
OSCERR
Slope
detector
Up/down
counter
RS–FF
WD–OK
16599
Figure 4. Watchdog block diagram
Abstract
The microcontroller is monitored by a digital window
watchdog which accepts an incomming trigger signal of
a constant frequency for correct operation. The frequency
of the trigger signal can be varied in a broad range as the
watchdog‘s time window is determined by external R/C
components.
The following description refers to the block diagram
(Fig. 4)
OSCERR Input
A smart watchdog has to ensure that internal problems
with its own time base are detected and do not lead to an
undesired status of the complete system. If the RC oscilla-
tor stops oscillating a signal is fed to the OSCERR input
after a timeout delay. It resets the up/down counter and
disables the WD-OK output.
Without this reset function the watchdog would freeze its
current status when f
RC
stops.
WDI Input (Pin 11)
The microcontroller has to provide a trigger signal with
the frequency f
WDI
which is fed to the WDI input. A posi-
tive edge of f
WDI
detected by a slope detector resets the
binary counter and clocks the up/down counter addition-
ally.The latter one counts only from 0 to 3 or reverse. Each
correct trigger increments the up/down counter by 1, each
wrong trigger decrements it by 1. As soon as the counter
reaches status 3 the RS flip-flop is set; see Fig. 4 (WD
state diagram). A missing incoming trigger signal is de-
tected after 250 clocks of the internal watchdog frequency
f
RC
(see WD OK output) and resets the up/down counter
directly.
RESET Input
During power-on and under-/ overvoltage detection a
reset signal is fed to this pin. It resets the watchdog timer
and sets the initial state.
WD-OK Output
After the up/down counter is incremented to status 3 (see
Fig. 6, WD State Diagram) the RS flip-flop is set and the
WD-OK output becomes logic ”1”. As WD-OK is di-
rectly connected to the enable pins, the open-collector
output P-EN provides also logic ”1” while a logic ”0” is
available at N-EN output. If on the other hand the up/
down counter is decremented to ”0” the RS flip-flop is
reset, the WD-OK output and the P-EN output are logic
”0” and N-EN output is logic ”1”. The WD-OK output
also controls a dual MUX stage which shifts the time win-
dow by one clock after a successful trigger thus forming
a hysteresis to provide stable conditions for the evaluation
of the trigger signal ”good or false”. The WD-OK signal
is also reset in the case the watchdog counter is not reset
after 250 clocks (missing trigger signal)
WDC Input (Pin 10)
With an external R/C circuitry the IC generates a time
base (frequency f
WDC
) independent from the micro-
controller. The watchdog‘s time window refers to a
frequency of
f
WDC
= 100
f
WDI
4 (13)
Rev. A4, 18-Sep-01
U6813B
Time/s
79/ f
WDC
80/ f
WDC
169/ f
WDC
170/ f
WDC
250/ f
WDC
251/ f
WDC
Watchdog window
update rate is good
Update rate
is too fast
Update rate is
either too fast
or good
Update rate is ei-
ther too slow or
good
Update rate
is too slow
Update rate
is either too
slow or pulse
has dropped
out
Pulse has
dropped out
Figure 5. Watchdog timing diagram with tolerances
Watchdog State Diagram
Initial status
bad
bad
O/F
bad
good
1/F
good
Figure 6. Watchdog state diagram
bad
2/F
good
good
1/NF
bad
bad
3/NF
2/NF
good
good
RC Oscillator
t
WDC
(s) = 10
–3
[C
osc
(nF)
0.0005]]
f
WDC
(Hz) = 1 / (t
WDC
)
Watchdog WDI
f
WDI
(Hz) =0.01
t
WDC
= 200
ms
f
WDI
= 50 Hz
f
WDC
–> f
WDC
= 5 kHz
–> t
WDI
= 20 ms
[(0.00078
R
osc
(kW)) +
WDI pulse width for fault detection after 3 pulses:
Upper watchdog window
Minimum: 169/ f
WDC
= 33.8 ms –> f
WDC
/ 169 = 29.55 Hz
Maximum: 170/ f
WDC
= 34 ms –> f
WDC
/ 170 = 29.4 Hz
Lower watchdog window
Minimum: 79/ f
WDC
= 15.8 ms –> f
WDC
/ 79 = 63.3 Hz
Maximum: 80/ f
WDC
= 16 ms –> f
WDC
/ 80 = 62.5 Hz
WDI dropouts for immediate fault detection:
Minimum:
Maximum:
250/ f
WDC
= 50.0 ms
251/ f
WDC
= 50.2 ms
Explanation
In each block, the first character represents the state of the
counter. The second notation indicates the fault status of
the counter. A fault status is indicated by an ”F” and a no
fault status is indicated by an ”NF”. When the watchdog
is powered up initially, the counter starts out at the 0/F
block (initial state). ”Good” indicates that a pulse has
been received whose width resides within the timing win-
dow. ”Bad” indicates that a pulse has been received
whose width is either too short or too long.
Remarks to Reset Relay
Watchdog-Window Calculation
Example with recommended values
C
osc
= 6.8 nF (should be preferably 10%, NPO)
R
osc
= 36 kW (may be 5%, R
osc
<200 kW due to leakage
current and humidity)
The duration of the over- or undervoltage pulses deter-
mines the enable- and reset outputs. A pulse duration
shorter than the debounce time has no effect on the out-
puts. A pulse longer than the debounce time results in the
first reset delay. If a pulse appears during this delay, a 2nd
delay time is triggered. Therefore the total reset delay
time can be longer than specified in the data sheet.
Rev. A4, 18-Sep-01
5 (13)
京公网安备 11010802033920号
EEWORLD
