Why should automotive chips meet functional safety requirements?

With the development of the current domestic automotive MCU "substitution" wave, more and more domestic chip design companies are gradually entering the automotive MCU design field, hoping to gain a place in the era of new energy and intelligent networking in the automotive industry. Compared with the mature industrial and consumer MCU market, automotive MCU is a brand new field. Due to the emergence of new demands and application scenarios, the requirements for automotive MCUs have also increased significantly (which is why it is called automotive).

After hundreds of years of development, the automotive industry has formed a very mature design, R&D and manufacturing system. However, in this system, the huge and complex supply chain system makes it difficult for latecomers to fully understand the overall situation of the automotive industry chain at the initial stage, especially the definition of products in their own segments, and it is difficult to accurately identify demand and the reasons behind demand.

Compared with OEMs and well-known car companies that directly face the terminal market, consumers know very little about Tier 1 suppliers, and chip design companies are in an upstream (Tier 2) position that is difficult to detect. Because of this, in the increasingly electronic automotive industry chain, chip companies have taken on more work, but are getting further and further away from real customer needs. Due to insufficient understanding of terminal applications, there is often a certain disconnect between the chip market research and product specification definition stages and the final application, resulting in the inability to adapt well to application needs after listing.

The author now focuses on the topic of automotive safety and discusses why automotive chips meet such stringent standards as AEC-Q100 while also needing to meet functional safety.

Why should automotive chips meet functional safety requirements?

01

The current Chinese auto market is experiencing a transformation from functional cars to smart cars. Some vehicle companies or supply chain companies, such as Huawei, Xiaopeng, and Tesla, are promoting the rapid improvement of the level of automotive intelligence, which has a profound impact on the definition of traditional car forms.

Through various intelligent enhancements, whether it is a smart cockpit or autonomous driving, cars have become smarter. For example, the latest release of Xiaopeng G6, XNGP defines a new "commuting mode", making traffic smarter and improving the travel safety of passengers. The basic assisted driving function LCC allows the vehicle to stay centered within the road markings. At the same time, when a large vehicle approaches or cuts in front of the vehicle, the system will prompt the danger and assist the driver to slow down appropriately to improve the driver's sense of security. In addition, although there are no truly mass-produced cars of higher levels of autonomous driving (L3+) yet, relevant regulations have been introduced one after another, and I believe there is a lot to look forward to in the future.

Nowadays, the emergence of intelligent networked cars has moved the digital platform to the car, added four wheels, can control the vehicle to run on the road, and can assist the driver to drive. This is an unprecedented change that provides great benefits to people. However, a problem that comes with it is that the digital platform we are familiar with will inevitably have failures or defects during operation. If these failures occur on ordinary consumer electronic products, they may only cause functional failures, but not much harm to the personnel themselves. But for cars, which focus on safety, unexpected failures may cause various road accidents, seriously affect the personal safety of drivers and passengers, and have a huge social impact.

Taking automotive MCU as an example, this device is prone to failure when implementing vehicle ADAS functions such as ACC and AEB. For example, errors or delays in CPU calculation instructions directly affect the effectiveness and timeliness of the ADAS controller (ECU) issuing braking instructions to the chassis. In a matter of seconds, failure to identify MCU failure in time may cause serious damage to the entire vehicle. In addition, if it is an automotive module or other driving scenarios, there will be various other harmful events.

From the above, we can see that the safety, fault detection and design capabilities of key components that are crucial to the realization of functions, such as automotive MCUs, directly affect the safety of end users. At the same time, from the perspective of the market and end users, higher requirements are placed on automotive MCU chip R&D companies, that is, they must meet the functional safety of automotive chips.

In the current era, automotive MCU, as a key component of various automotive systems, has received the focus of domestic substitution. Some OEMs with R&D capabilities have begun to enter the field of self-developed automotive MCU chips, while some OEMs have chosen to cooperate with domestic chip design companies to customize the chip products they need. This is both an opportunity and a huge challenge. In order to ensure the success of the chip and ultimately guarantee commercial success, chip design companies that have not previously been involved in this field need to focus on one of the key features, namely functional safety.

Functional safety: reducing unreasonable risks caused by electronic component failure

02

In the application of automotive electronic products, chip failures can be classified from two macro dimensions: one is the artificial systemic failure introduced by automotive chip design vulnerabilities or incorrect implementations, and the other is the random hardware failure caused by events such as chip aging and electronic migration. In order to solve these two types of failures, automotive safety chip design companies must strictly follow the ISO26262 functional safety standard. This standard establishes a complete risk classification system and provides methodological guidance based on the automotive safety integrity level (ASIL), guiding how to reduce the potential dangers caused by electrical and electronic failures from a process and technical perspective.

At the chip design level, functional safety is a new indicator in the RTL-GDS process. Based on the original chip design process, new contents have been added: FUSA verification (such as simulation verification through FPGA tools), fusa analysis (such as failure mode analysis, diagnostic analysis, etc.) and fusa implementation (such as inserting safety mechanisms such as TMR through the back-end).

The processes in each of the above stages are closely integrated. Through effective implementation, the following goals can be achieved:

1. Achieve compliance with traceability and safety requirements and reduce concerns of upstream customers

2. Reduce development workload

3. Improve the robustness of the design

In the design of specific fault protection mechanisms, functional safety standards also require the satisfaction of certain quantitative indicators, such as SPFM, LFM, and PMHF. These indicators need to be complied with and traceable at both the chip level and the IP level.

For systematic failures, DFMEA is usually used to identify various possible design failures and propose corresponding design prevention and detection measures to avoid the generation of problematic chips. Among them, the important role of DFMEA is to help the design team identify and solve actual errors or potential error sources through a structured method.

For random hardware failures, combining various safety analyses with DFA analysis can fully cover random faults and determine the safety design measures that need to be added during the chip design process.

Complete fault avoidance and fault tolerance measures are not limited to the brief description above. Actual project development must follow a complete process to execute and implement.

Today, although fully driverless smart connected cars have not yet been realized, for assisted driving and other related applications, we can see the importance of automotive electronic devices in improving driving safety and comfort. Automotive-grade functional safety chips provide system guarantees for the safe operation of these functions. Therefore, ensuring that these chip designs meet quality, reliability and safety requirements will help build smarter and safer cars.

After launching the automotive-grade MCU chip that meets the AEC-Q100 standard, Xinhai Technology is continuing to enter the field of automotive functional safety MCU. On the basis of ensuring product reliability, Xinhai Technology's automotive electronics product line will continue to strengthen the serialization of automotive electronic MCUs, product development platformization, and the construction of automotive functional safety systems. Targeting application scenarios such as smart cockpits, human-computer interaction, in-vehicle PD fast charging, battery management, body control, and driving safety, the research and development and market development of serialized automotive MCU chips will be realized.