91³Ô¹ÏÍø

The trend towards the new integrated ADAS domain controller SoC architecture is evident in numerous new public product announcements from companies like Delphi Automotive (now Aptiv) and Audi. According to the article ¡°¡± by James M. Amend of WardsAuto: ¡°Delphi Automotive sees a day very soon when a vehicle¡¯s traditional architecture no longer will be able to handle the computing demands of heightened connectivity and, ultimately, fully autonomous driving, but the supplier thinks it has a solution and wants to be the leading integrator of the technology.¡± In the article, Glen De Vos, senior vice president and chief technology officer at Delphi says, ¡°We have to start thinking of the car as a digital platform, and it is a very different way to think about the car.¡± According to , ¡°now for the first time, a central driver assistance controller (zFAS)  permanently forms a comprehensive image of the surroundings from the sensor data ¨C for a wide range of assistance functions. This is created by complementary sensor systems, plus redundant data fusion in the zFAS and the radar control unit.¡±

High volumes of data is driving the adoption of 64-bit processors for automotive ADAS applications. The shift from a distributed architecture to a more centralized ECU is more prevalent, and since the ECUs are integrated, the ADAS SoCs are becoming very complex, requiring the latest semiconductor features, semiconductor process technologies, along with other technologies for ADAS domain controller SoCs:

• Ethernet manages the high data volume including time-sensitive data, and reduces point-to-point wiring
• LPDDR4/4x operates at data rates of up to 3200 megabits per second and beyond, which speeds up the DRAM operations in automotive-grade SoCs
• MIPI standards like MIPI Camera Serial Interface and Display Serial Interface provide high-performance connectivity in imaging and display applications
• PCI Express has high-reliability processor-to-processor connectivity for 4G radios or the future 5G radios and external SSDs
• 5G and IEEE standards, like 802.11p, help provide real-time updates of maps or images to and from the Cloud, and vehicle-to-vehicle or vehicle-to-infrastructure communications
• Security protocols in hardware and software for data protection to and from connectivity via USB, WiFi or Bluetooth
• Sensor and control subsystems offloads the host processor and fuses sensor data to manage the different type of sensor data provided by the sensors
• More advanced manufacturing process technologies from the traditional 90-nanometer (nm), 65-nm and 40-nm to more advanced 16-nm, 14-nm, and even 7-nm FinFET processes

Safety-critical applications are significantly increasing the adoption of ADAS SoCs. However, it is required that the ADAS SoC along with all semiconductor components including the IP that is integrated into the SoC meet the ISO 26262 functional safety standard.

Meeting ISO 26262 Functional Safety Standard Requirements

ISO 26262 is a standard that defines the impacts of failures in automotive systems at four different Automotive Safety Integrity Levels (ASILs): A, B, C, and D; ASIL D is the highest level of functional safety. The ISO 26262 standard defines all the processes, development efforts, and standards that automotive development organizations must implement and comply with when developing products for safety-critical systems. A key objective of ISO 26262 standard is to minimize the susceptibility to all types of random hardware failures, including permanent failures or transient failures, by:

• Defining the functional safety requirements when developing products
• Applying rigor to the development process
• Defining a safety culture
• Implement safety features to minimize the impact of hardware failures
• Assess and analyze the impact of the safety features to ensure mitigation of hardware failures

Industry-accredited inspection companies, such as SGS-TUV Saar, are available to audit products and processes for compliance and certification of ISO 26262.

The ISO 26262 certification process includes multiple steps, policies, and reports and must start from the very beginning of product development. For example, the failure mode effect and diagnosis analysis (FMEDA), a report that development teams generate, provides all the information regarding the adherence to ISO 26262 from a functional safety perspective. Created by design and verification engineers, the report is a critical component of an ASIL assessment, not just for evidence of compliance but also for design targets and a rating assessment at the end of the development flow. Designated safety managers, separate from the development organization, who are fully trained to monitor the development process, milestones and product reviews, ensure all the documentation and traceability is completed throughout the SoC development flow as defined by the standard. The FMEDA report also includes a summary of the safety features, their development, and verification. It clearly documents the safety features contained in the products and how these products react to the random faults that are injected into them. The FMEDA report is mandatory and is given to all parties involved in the product review process.

How ISO 26262 Certification is Implemented

A standard SoC or IP product development flow starts with register-transfer level (RTL) design, which is then implemented, verified, and validated in hardware and software in the final prototypes. An ISO 26262 compliant development adds additional steps over the standard design process including at the very start when defining a core architecture and specification. Designers define a safety plan that includes safety features and goals. The product team and safety manager reviews the safety plan and strategy to achieve the designated functional safety for the end application. It is important to conduct a failure analysis by injecting faults to assess the safety level and the system¡¯s reaction to those faults. The FMEDA shows a fault injection analysis for both permanent and transient faults to assess the impact. The analysis and assessments are clearly documented in the FMEDA report as part of the ISO 26262 certification process along with the safety manuals. This entire process is shown in Figure 2.