Auto SoCs headed for enhanced functional safety features
PARIS — Where does the automotive industry stand today on the Automotive Safety Integrity Level (ASIL) of the SoCs in their current ADAS models or in the autonomous cars on their drawing boards?
Functional Safety for Automotive standards, defined by ISO 26262, ensure that systems function correctly to avoid hazardous situations, and, more importantly, demonstrate an ability to detect and manage faults. There are four levels of rigor, from ASIL A to ASIL D, with ASIL D representing the highest integrity requirements. ASIL D, for example, means that a product’s single points of failure in the entire system are less than 1%.
Apart from a few MCUs [ASIL D-certified], chip vendors, so far, have made it up to only ASIL B or ASIL C with certified semiconductors used in their ADAS SoCs. But that's okay, said Luca De Ambroggi, principal analyst, Automotive Electronics at IHS Markit, because many are finding “a short-term solution” by “achieving a ‘system-level ASIL D’ certification through the use of ASIL B semiconductor components with redundancy scheme.”
The problem, however, is always associated with cost, he said. "Certifying ASIL D is a significant effort and probably a huge pain for the suppliers, especially for complex SoC.”
The potential for disruptive changes to this compliance progression are a bunch of newcomers, chip vendors with zero automotive experience. Eager to catch up with the incumbents in the auto market, they are forging opportunities. IP core suppliers such as ARM and Synopsys are rolling out ASIL-D-ready-certified, dual-core lockstep processors for licensing.
Over the last several years, ARM has invested heavily in safety-critical processor cores. In 2013, it launched ARM v8-R, a real-time embedded processor core designed with a hardware-assisted virtualization mode. Last fall, ARM introduced the Cortex-R52 processor — based on ARM v8-R core — partitioned for safety and determinism.
Synopsys is following suit. This week, the company announced the availability of its ARC EM safety-island IP and dual-core lockstep processors. Synopsys said that the new ASIL-D-ready-certified ARC EM4SI, EM6SI, EM5DSI, and EM7DSI processors come with a self-checking safety monitor as well as hardware safety features, such as error-correcting code and a programmable watchdog timer to help detect system failures and runtime faults.
Angela Raucher, product line manager, ARC EM Processors at Synopsys, told EE Times, “As more chip companies have growing interest in entering the automotive market, we hope to help them jump-start [their initiatives] with our pre-built, verified processor IPs.”
For new entrants, a full implementation package is the key. Ian Riches, director of Global Automotive Practice at Strategy Analytics, said, “I don’t think anyone would be seriously looking at IP for ASIL D applications unless the IP vendor provided all of the design support and documentation.”
Safety-critical requirements in the automotive market constitute a line drawn in the sand, separating incumbents from newbies in the automotive chip market.
Auto-industry veterans have pumped major resources into pioneering the development of ASIL D-certified MCUs.
Continue reading page two on Embedded's sister site, EE Times: "Auto SoCs: Race to ASIL D."