In the ever-evolving landscape of automotive technology, the intersection of Application-Specific Integrated Circuits (ASICs), Functional Safety, and compliance to standards like ISO 26262 has become a keystone for driving innovation and ensuring the reliability of advanced automotive systems.
As vehicles transform into more and more sophisticated and interconnected systems, the average semiconductor components load-out for a vehicle circles around 1,400 for standard models and is expected to grow constantly at a CAGR of 8,3% between 2022 and 2032. In more concrete terms, in the 2000’s, electronics accounted for 18% of the cost of a new car. In 2022, electronics were responsible for 40% of its final cost…
This dramatic increase is not showing any sign of slowing down and for good reasons. ASIC solutions, for example, allow for mass production, complete customization, miniaturization, robust communications, efficient power management, intelligence and cutting-edge performance.
In this paper, we will explore the meeting point between ASIC, Functional Safety (ISO 26262) and Automotive and its three major aspects: the role of Functional Safety in the Automotive industry, the benefits of using ASIC for Automotive Functional Safety and the specific challenges of ASIC design with Functional Safety in mind.
The role of Functional Safety in the Automotive industry
With the increasing number of electrical and/or electronic (E/E) systems for the implementation of critical functions in road vehicles, it is necessary to provide assurance that any unreasonable residual risk due to malfunctioning of these systems is identified and avoided. The ISO 26262 (learn more on ISO webpage) standard has been published for the automotive industry to address this necessity and is now recognized as the state-of-the-art functional safety requirement.
The ISO 26262 standard defines requirements to be met by the safety relevant functions of the system, as well as by processes, methods and tools which are used within the development process. It applies to all activities during safety lifecycle of systems comprising electrical, electronic and software components. It ensures that sufficient level of safety is being met and maintained throughout the vehicle lifecycle.
ISO 26262 standard is aimed to assess the risk of hazardous operational situations and define safety measures to avoid or control systematic failures on the one hand, and to detect or control random hardware failures on the other hand.
Systematic failures occur during the design process and manufacturing phases. They shall be qualitatively managed and mitigated with a robust and rigorous development process that requires a systematic development approach following well-trusted design, verification and validation principles.
Random failures are unpredictable and occur during the lifetime of the hardware or software elements in the system. They shall be addressed quantitatively using FMEDA (Failure Mode Effects and Diagnostics Analysis) to prove that the system achieves the Automotive Safety Integrity Level (ASIL) target. This ASIL target is deduced and assigned to the system from a preliminary Hazard Analysis and Risk Assessment (HARA), generally conducted at vehicle level by Original Equipment Manufacturers (OEMs).
The most stringent ASIL rating is ASIL D, whereas ASIL A is the least. ASIL rating determines the required amount of risk reduction measures and the rigor of the development process to which the supplier must comply. Safety measures, also called safety mechanisms (SMs), are implemented to detect faults and lower the risk of accidents to a socially acceptable level. When triggered, they allow the system to transition to a safe state.
The benefits of using ASIC for Automotive Functional Safety
Automotive ASICs (Application Specific-Integrated Circuit) find extensive role in passenger cars as well as commercial vehicles. These compact and customized integrated circuits are used for various functions including Advance Driver-Assistance Systems (ADAS), engine management systems, braking systems, infotainment systems, interior/exterior lighting. Most of these applications are making today’s car safer, enabling the emergence of autonomous vehicles. They are challenging the automotive electronics industry to achieve new levels of complexity, performance and safety.
Using Application-Specific Integrated Circuits (ASICs) in automotive applications, particularly for functional safety, can offer several benefits.
Benefits from choosing the ASIC path
- ASICs can be designed to meet the high reliability and longevity requirements of the automotive industry, which may involve operating in harsh environmental conditions and extended service life.
- ASICs can consolidate multiple functions into a single chip, reducing the overall component count in the automotive system. Fewer components mean lower system complexity and a reduced likelihood of component failures.
- ASICs are compact and lightweight, making them suitable for space-constrained automotive environments. This is especially important in modern vehicles where space is at a premium.
- ASICs are custom-designed for specific functions, making their behavior highly predictable and deterministic. This predictability is essential for safety-critical applications, as it allows for accurate analysis and verification of system behavior.
- ASICs can be designed with EMI-resistant features to ensure that electromagnetic interference from other vehicle components does not affect their operation. This is essential for maintaining reliable performance in an automotive environment with various electronic systems
Benefits from choosing ASICs in automotive applications, particularly for functional safety and security
- ASICs can be complex and combine digital processing, analog, RF, and power management functions in a single silicon die for applications such as ADAS. As a result, critical safety features are managed on-chip.
- ASICs can be used in electronic control units (ECUs) to control various systems, including the engine and transmission. These systems are critical to the safe operation of the vehicle. Software security measures, such as vulnerability scanning, encryption or access control, can be used to ensure that these automotive ASICs are secured and protected against potential threats.
- ASICs can be designed to incorporate redundancy and fail-safe mechanisms to enhance the reliability of safety-critical systems. For example, redundant circuits can be implemented within a single ASIC to detect and correct faults, reducing the probability of system failure.
- ASICs can integrate safety features and diagnostics directly into the chip design. This makes it easier to implement features like self-testing, self-monitoring, and error detection, which are essential for functional safety.
- ASICs can provide faster response times because they are designed to execute specific tasks efficiently. In safety-critical situations, reduced latency can be critical for preventing accidents or mitigating their severity.
- ASICs can be designed with safety standards and regulatory requirements in mind, making it easier for manufacturers to comply with ISO 26262 certification if they can find the proper Design House.
Specific challenges associated with ASIC design and Functional Safety
Several challenges must be overcome by the IC maker to design an adequate automotive functional safe ASIC.
The first one concerns the entire design and verification process that must be conducted in compliance with the ISO 26262 standard requirements in terms of project management, product development, documentation and tools. This implies a good knowledge and establishment of a supportive safety culture for automotive applications.
Then it must be considered that automotive system ASIC environments are specific and rather complex. There is a surge in the deployment of sensors and connectivity features, as well as advancements in automotive technology, such as autonomous driving and electrical vehicles, which require sophisticated electronic systems powered by automotive ASICs. In the context of functional safety, a close cooperation between the IC maker and the system developer or car manufacturer is mandatory to provide the required solutions for the market.
In particular, the challenge is posed in the development to properly translate the ASILs requirements to technical concepts, and thus accurately define and make understandable the safety goal. The so-called safety goal, is a specific objective defined to ensure an appropriate level of safety for the system in which the ASIC will be used. Safety goal is typically derived from risk analysis and system requirements. It is based on possible failure scenarios, and its formulation depends on the specific application domain and automotive standard.
The acceptable level of safety performance is ranked at this stage in Automotive Safety Integrity Level (ASIL). ASIC designer like IC’Alps shall thus translate the functional safety requirements (FSRs) inherited from the safety goals into appropriate technical safety requirements (TSRs). This exercise requires an excellent understanding of the system around the ASIC. The safety requirements define specific conditions, criteria, or constraints that must be met to ensure the safety of a system.
Technical safety requirements at ASIC level serves as a basis for designing, implementing, and evaluating the necessary safety measures (SMs) to achieve the acceptable level of safety performance.
Ultimately, it is also crucial, from market adoption viewpoint, to not affect the cost model and the development cycle time of the ASIC by adding unnecessary safety features. The perfect balance between additional safety functions embedded in the chip and the targeted coverage shall be appreciated by the IC maker and confirmed by the safety analysis.