The Functional Safety for Automotive standards have four levels of rigor, from ASIL A to ASIL D, with ASIL D representing the highest integrity requirements.
When it comes to automotive safety integrity level (ASIL) of SoCs, where does the automotive industry stand today?
As defined by ISO 26262, Functional Safety for Automotive standards ensure that systems function correctly to avoid hazardous situations and, more importantly, demonstrate an ability to detect and manage faults. There are four levels of rigor, from ASIL A to ASIL D, with ASIL D representing the highest integrity requirements. ASIL D, for example, means that a product’s single points of failure in the entire system are less than 1%.
Figure 1: What different ASIL Levels mean (Source: Synopsys)
Apart from a few MCUs [ASIL D-certified], chip vendors, so far, have made it up to only ASIL B or ASIL C with certified semiconductors used in their ADAS SoCs. But that's okay, said Luca De Ambroggi, principal analyst, Automotive Electronics at IHS Markit, because many are finding “a short-term solution” by “achieving a ‘system-level ASIL D’ certification through the use of ASIL B semiconductor components with redundancy scheme.”
The problem, however, is always associated with cost, he said. "Certifying ASIL D is a significant effort and probably a huge pain for the suppliers, especially for complex SoC.”
The potential for disruptive changes to this compliance progression are a bunch of newcomers, chip vendors with zero automotive experience. Eager to catch up with the incumbents in the auto market, they are forging opportunities. IP core suppliers such as ARM and Synopsys are rolling out ASIL-D-ready-certified, dual-core lockstep processors for licensing.
Over the last several years, ARM has invested heavily in safety-critical processor cores. In 2013, it launched ARM v8-R, a real-time embedded processor core designed with a hardware-assisted virtualisation mode. Last fall, ARM introduced the Cortex-R52 processor—based on ARM v8-R core—partitioned for safety and determinism.
Synopsys is following suit. This week, the company announced the availability of its ARC EM safety-island IP and dual-core lockstep processors. Synopsys said that the new ASIL-D-ready-certified ARC EM4SI, EM6SI, EM5DSI and EM7DSI processors come with a self-checking safety monitor as well as hardware safety features, such as error-correcting code and a programmable watchdog timer to help detect system failures and runtime faults.
Figure 2: Synopsys ASIL D ready dual-core lockstep IP (Source: Synopsys)
Angela Raucher, product line manager, ARC EM Processors at Synopsys, told EE Times, “As more chip companies have growing interest in entering the automotive market, we hope to help them jump-start [their initiatives] with our pre-built, verified processor IPs.”
For new entrants, a full implementation package is the key. Ian Riches, director of Global Automotive Practice at Strategy Analytics, said, “I don’t think anyone would be seriously looking at IP for ASIL D applications unless the IP vendor provided all of the design support and documentation.”