IPs for automotive application - Functional Safety and Reliability
Priyank Shukla, Director, Analog Mixed Signal Design, Insilico
An electronic design that can be used in multiple ASICs/SoCs is a potential “IP” in the semiconductor industry. The premise of semiconductor IP market is simple – IP vendor focuses on designing, maintaining and updating the IP and ASIC/SoC companies focus on their differentiation, thereby fuelling innovation and reducing time-to-market. For an IP to be commercially viable, there must be many adopters of the same IP which enables an IP vendor to amortize its development cost. This means the start of a number of new designs is essential for a thriving semiconductor IP market. Mobile and datacenter SoC have been the traditional drivers of the IP industry. Of late, the ecosystem is focusing on IPs qualified for automotive application, also known as automotive IPs!
Semiconductors have long back found their way into automobiles when in 1960s German company Bosch employed IC chips into the fuel injection system of cars. Back then automotive IC design was dominated by a handful of companies and considering the safety and reliability aspect of such ICs, entry of an external vendor in the design process was virtually impossible. Fast forward to turn of the millennium and with the introduction of highly advanced electronic intensive features in cars such as autonomous driving, gesture recognition and advance ADAS, it became apparent to auto industry that in order to keep up with customer expectations, they will have to be more inclusive in their IC design process and there is a dire need of new players in the ecosystem. This paved the way for IP vendors in automotive systems.
As automotive industry deals with life critical issues and expectation of reliability in these systems is way higher when compared to the other IP verticals, the auto industry has set up requirements of conformity for an IP to be used in an automotive system. The two most important rule sets are centred around Function Safety (informally called FuSa) and reliability. The documents that codify these requirements for automotive application are ISO26262 for FuSa and AEC-Q100 for reliability.
Let’s start with FuSa. A system can be defined as functionally safe if it always operates correctly and predictably. More importantly, in the event of failures, the system must remain safe for persons and the environment. IEC (International Electro technical Commission), in its specification IEC61508 defines FuSa as a part of the overall safety of a system or piece of equipment and generally focuses on electronics and related software. It looks at aspects of safety that relate to the function of a device or system and ensures that it works correctly in response to commands it receives. In a systemic approach, functional safety identifies potentially dangerous conditions, situations or events that could result in an accident that could harm somebody or destroy something.
Industries such as railway, nuclear and process control have adopted their own versions of the generic IEC61508 standard. ISO26262, started being defined in 2009, is an adoption IEC61508 for automotive application and it defines the development of electric and electronic automotive systems regarding their functional safety. The aim of this standard is to reduce failures and malfunction of such systems. Broadly speaking, the ISO26262 standard
- Provides auto safety life cycle by defining management, development etc.
- Covers FuSa aspect in the entire development process by defining methods for specification, design, implementation, integration, verification, validation and configuration. This is ensured through extensive functional safety analysis for various application use cases by means of FMEDA - Failure Modes, Effects, and Diagnostic Analysis. FMEDA is a systematic analysis technique to obtain subsystem/product level failure rates, failure modes and diagnostic capability and is a must for automotive qualification.
- Provides automotive specific risk-based approach for determining risk classes by defining ASIL (Automotive Safety Integrity Level)
The ASIL is a key part of ISO 26262 compliance and the standard specifically identifies the minimum testing requirements depending on the ASIL of the component. The ASIL of a system depends on the ASIL of the target application. The safety integrity level is determined at the beginning of the development process and it varies from ASIL-A to ASIL-D. Critical applications such as steering or braking systems are rated with the highest safety level ASIL-D.
It is important to note that ASIL is system level specification and it is not necessary that the integrity level of the system should be same as integrity level of all constituting sub-systems. In a system, two identical channels can be compared for diagnostic and if a difference is detected, the system can be forced into a “fail-safe” state and made to stop, thereby making the system more reliable compared to the reliability of its sub-systems. This way, two ASIL B systems can make an ASIL D system.
The other automotive specific aspect is reliability. It indicates that a piece of equipment operating under specified conditions shall perform satisfactorily for a given period of time. Semiconductor IPs can be modified to make the system more reliable. Well known techniques to increase reliably include addition Built-in self-test (BIST) and the inclusion of Failure Mode and Effects Analysis (FMEA) in the design process.
The reliability tests of automotive ICs are defined in AEC-Q100: a specification governed by Automotive Electronics Council (AEC). AEC-Q100 defines failure mechanism based stress test qualification For ICs. It defines the minimum stress test driven qualification requirements and references test conditions for qualification. These tests are capable of stimulating and precipitating semiconductor device and package failures. It is important to highlight AEC does not certify any part or process so there is no such thing called “AEC-Q100 certification”. Successful completion and documentation of the test results from requirements outlined in the spec allow the supplier to claim that the part is “AEC-Q100 qualified”.
Keeping these specifications in mind, the IP industry is rapidly adapting to new design flows and methodologies to make semiconductor IPs readily usable in automotive applications. Which clearly is the first step towards the beginning of a thriving automotive IP market that will accelerate innovation in the auto industry.
Related Semiconductor IP
- 32-bit RISC-V embedded processor with TÜV SÜD ISO 26262 ASIL B certification
- 32-bit CPU IP core supporting ISO 26262 ASIL B level functional safety for automotive applications
- ARC Functional Safety (FS) Processor IP supports ASIL B and ASIL D safety levels to simplify safety-critical automotive SoC development and accelerate ISO 26262 qualification
- RISC-V CPU IP With ISO 26262 Full Compliance
- ASIL-B Ready ISO 26262 Certified VESA DisplayPort 1.4 Forward Error Correction (FEC) Transmitter
Related White Papers
- Functional Safety for Control and Status Registers
- The Functional Safety Imperative in Automotive Design
- Consider ASICs for implementing functional safety in battery-powered home appliances
- How NoCs ace power management and functional safety in SoCs
Latest White Papers
- New Realities Demand a New Approach to System Verification and Validation
- How silicon and circuit optimizations help FPGAs offer lower size, power and cost in video bridging applications
- Sustainable Hardware Specialization
- PCIe IP With Enhanced Security For The Automotive Market
- Top 5 Reasons why CPU is the Best Processor for AI Inference