The cost of electronic failure in vehicles is much higher than in other consumer devices.
The modern automobile, especially with the move toward more electrification, presents huge challenges to the designers of vehicular electronics. Gone are the days of mechanical issues and oil changes being primary concerns. Today’s automobile has a high number of semiconductor chips performing functions for self-driving autonomous systems, advanced driver assistance systems (ADAS), connectivity between vehicles and with the cloud, over the air (OTA) software updates, electric vehicle (EV) drive train, power management of batteries, and numerous other features.
The paradigm shift towards a 48V architecture in gasoline-powered cars is also driving rapid development in power electronics. Both traditional automakers and startups are struggling to keep pace with the new features and capabilities demanded by the market. On top of the sheer size and complexity of today’s automotive chips, they must be extremely reliable. They must be able to last for the lifespan of the car without any performance degradation. Cars aren’t consumer game consoles where the new box can replace the old box inexpensively within a couple of years.
The cost of electronic failure in vehicles is also much higher than in other consumer devices. Chips misbehaving can easily cause property damage, injury, or death. They must be able to survive vibration, noise, dirt, extreme temperature and humidity, alpha particles, silicon aging effects, and other environmental hazards. This places a significant burden on automotive chip designers for functional safety (FuSa) mechanisms so that chips can continue to operate, or at least shut down the vehicle safely, if a failure occurs.
Specifically, chips and other aspects of automotive electrical and electronics systems must meet the ISO 26262 international functional safety standard for road vehicles. This standard defines guidelines to minimize the risk of accidents and ensure that automotive components perform their intended functions correctly and at the right time. ISO 26262 defines the Automotive Safety Integrity Level (ASIL), four safety levels (ASIL A, B, C, and D), and the Quality Management (QM) level. Automobile chips can have distinct levels of criticality from a FuSa point of view and are therefore graded differently for different systems in a car, as shown in figure 1.
Fig. 1: ISO 26262 safety levels in an automobile.
Functionally safe design, as mandated by ISO 26262, means that the system detects failures when they occur, or predicts their occurrence, and then takes corrective action. Safety mechanisms must be inserted into the design to detect failures, correct them if possible, or report them to the top-level system so that safe shutdown can occur. As noted earlier, proper implementation of such a scheme is crucial from a safety point of view and could mean the difference between life and death. As the old saying goes: “failure is not an option.”
The topic of safety mechanisms and recovery methods is a broad one, involving both significant designer effort and automatic insertion of some structures. But one particular category of potential or actual chip failure detection is buried deep with the chips: process, voltage, and temperature (PVT) monitors that check for silicon health. PVT monitors are available as intellectual property (IP) blocks that can be easily included in any automotive chip design. The three critical aspects of silicon operation are monitored as follows:
PVT monitor IP is also a key part of an effective solution for silicon lifecycle management (SLM). As shown in figure 2, SLM improves silicon health and operational metrics at every phase of the device lifecycle. PVT monitors enable deep insights from silicon to system. Meaningful data is gathered at every lifecycle stage for continuous analysis and actionable feedback from In-Design, In-Ramp, In-Test, and finally In-Field mission mode operation.
Fig. 2: Benefits of PVT monitors in silicon lifecycle stages.
Synopsys has a full suite of PVT monitor IP built on a foundation of enriched in-chip observability, analytics and integrated automation. The Synopsys IP portfolio with safety packages is ASIL B ready ISO 26262 compliant, as certified by the international testing agency SGS-TÜV Saar. It is designed for use in all safety-critical applications, including satisfying all the FuSa requirements for automotive electronics. The IP development flow incorporates an ISO 26262 safety culture that implements detailed functional safety training and the policies, processes, and strategies required for ASIL Ready IP.
The IP development flow includes ISO 26262 “Work Products” that provide integrated hardware safety features, verification plans, safety plans, verification reports, safety manuals, and Failure Mode Effect and Diagnostic Analysis (FMEDA). The Synopsys IP Automotive Safety Packages contain the deliverables that enable designers to develop their chip-level FMEDA report, thereby accelerating their development schedules and their own compliance efforts. Designers of automotive chips can choose Synopsys PVT monitor IP knowing that they are doing everything possible to ensure safe transportation for end users.
For more information on Synopsys SLM PVT Monitor IP, visit our web page.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply