Functional safety starts with the supplier

Add bookmark
Peter Els
Peter Els
10/23/2017

Advanced Driver Assistance Systems (ADAS) and Automated vehicles are rolling out faster than many in the industry ever imagined: In May 2017 Germany became the first EU country to legalize self-driving cars, allowing any form of automated driving as long as a licensed driver is behind the wheel. A mere two months later, the American House Energy and Commerce Committee approved self-driving legislation that could see manufacturers road-testing up to 25,000 vehicles per manufacturer in the first year the bill is enacted, 50,000 vehicles in year two and 100,000 vehicles each in years three and four. 

Already valued at USD 22.69 billion in 2015 the increasing popularity of these vehicles is set to drive the global ADAS market to USD 78.19 billion by 2020, according to an April 2017 report by Mordor Intelligence. 

Similarly, fueled by the demand for pedestrian detection/avoidance, lane departure warning/correction, traffic sign recognition, surround view, drowsiness monitoring applications, the global automotive semiconductor market is expected to reach an estimated $45.9 billion by 2022 according to an April 2017 report on ‘Research and Markets.’

Functional safety requires supplier involvement

Powered by this consumer interest and government regulations auto makers increasingly require Tier 1 and semiconductor suppliers to develop System on Chips (SoCs) that incorporate the latest multimedia standards, run multiple vision based algorithms, and combine image and radar system sensor data.

Image Source: QNX Auto Blog

Designers of this new class of ADAS SoC expect intellectual property (IP) core suppliers to meet the challenges of implementing the application-specific IP requirements as well as meeting the robustness, reliability and safety demands of automotive applications in shortening design and maturation cycles.

Implementing functional safety in such an ADAS system requires that the system avert or mitigate any action or behavior that could cause harm. The assessment of the probability of harm and the severity of that harm caused by a failure in the system allows system designer to classify levels of risk and to take appropriate measures to minimize this threat.

To ensure robust functional safety, all key safety-relevant components in the system must contribute to the overall functional safety; meaning that safety begins at the source.

Often, in Tier 1 and 2 companies, this requires fundamental changes, not only in the development process, but also in the corporate safety-culture, ranging from organization structure to safety roles/officers and safety documentation, manuals, and standards.

Functional safety drives the new class of semiconductor SoC

In the roll out of the new generation of high-performance ADAS SoCs, IP suppliers are playing an increasingly important role in the supply chain: Vision-based SoCs, for instance, contain high levels of third-party IP driving embedded vision, sensor fusion, multimedia, security and advanced connectivity functions.

While IP suppliers have permeated the semiconductor ecosystem for consumer, mobile, PC and communications applications, not all IP suppliers can support the stringent automotive safety requirements.

As designers initiate their next-generation ADAS SoCs, they must assess the IP suppliers’ capability of attaining ISO 26262 certification while at the same time passing existing AEC Q100 testing and TS16949 quality management standards and audits.

Automotive safety requires more than the current ISO26262

Tier 1's and component suppliers carrying out development of SoCs need to be assessed to identify and mitigate the new risks assosciated with higher levels of automated functionality.

In this role ISO 26262 provides an automotive-specific approach to determine Automotive Safety Integrity Levels (ASIL) and specifies measures to validate and confirm that the safety levels are achieved.

The standard applies to functional safety in electrical and/or electronic systems within road vehicles. It addresses all activities of the safety lifecycle such as design and development of safety-related systems and includes SoCs that are classified as Safety-Elements-out-of-Context (SEooC).

Although semiconductors were not initially included in the original ISO 26262 development in 2011, their official inclusion in the Standard not only standardizes the approach to functional safety but also increases the liability in the case of a failure.

Using IP that has been certified according to ISO 26262 will help SoC designers mitigate value chain risk and accelerate the requirements specification, design, implementation, integration, verification, validation and configuration of their SoC-level functional safety.

The goal is to minimize susceptibility to random hardware failures by defining functional requirements, applying rigor to the development process and taking the necessary design measures; including fault injection and systemic analysis and metrics reporting. 

However, the current 1st edition of ISO 26262 mostly does not offer guidelines on the measures to be taken in the development of integrated circuits (ICs) during the early implementation phases. 

To address this, an international working group consisting of members of the ISO 26262 standardisation committee has published an initial draft, ISO/PAS 19451, which will be incorporated into the 2nd edition of ISO 26262 as Part II.

ISO/PAS 19451-1:2016 (the draft version of ISO 26262:2018 - Part II) applies to developers evaluating the use of semiconductor components in hardware components or systems developed according to ISO 26262. When developing semiconductor ICs or IP for automotive technology, suppliers are required to comply with the functional safety guidelines of ISO 26262 and ISO/PAS 19451.

Moreover, to meet stringent reliability requirements, automotive SoCs must also meet the AEC Q100 specification as part of production qualification for automotive applications. To simplify the process it is important that designers select IP that has also been tested and characterized against AEC Q100 requirements.

By using semiconductor IP that has been pre-tested according to AEC Q100 stress tests, designers can reduce risk and accelerate their SoC qualification.

Another critical focus for IP suppliers providing IP products to designers of ADAS SoCs is to meet the automotive industry’s quality requirements.

The TS 16949 Quality Management standard applies to the product development process and defines the quality metrics for automotive products. The specification defines the development of a quality management system that provides for continual improvement, emphasizing defect prevention and consistency in the automotive supply chain.

Selecting an IP supplier who develops IP according to the ISO/TS 16949 quality standard helps ensure that product planning, design, development, verification and validation of automotive SoCs, including the integrated IP, meet the quality levels required by automotive supply chain.

The German Association of the Automotive Industry (VDA) Quality Management Center has determined ISO/TS 16949 certification to be the entry ticket for suppliers to the automobile industry and is therefore implementing ISO TS 16949 beyond Tier1/Tier2 suppliers.

While the transition to automated vehicles has introduced several non-traditional automotive suppliers, adding a new set of competencies to the industry, it has also increased the need to expand the responsibility for functional safety across the supplier base. The imminent introduction of ISO 26262 Part II will go a long way to addressing this, but in this rapidly changing environment, will likely require frequent updates to keep pace.

Sources:

• Eric Kulisch; Automotive News; House committee approves self-driving legislation, refines safety exemptions; July 2017; http://www.autonews.com/article/20170727/MOBILITY/170729774/house-committee-approves-self-driving-legislation-refines-safety

• Marcus Rau; SGS-TÜV Saar; Semiconductor Development according to ISO 26262 and ISO/PAS 19451; June 2017; http://www.sgs-tuev-saar.com/en/functional-safety-training/automotive-training/semiconductor-development.html

• ON Semiconductor; Evaluating Functional Safety in Automotive Image Sensors; July 2017; http://www.onsemi.com/pub/Collateral/TND6233-D.PDF

• Mordor Intelligence; Advanced Driver Assistance Systems Market - Growth, Trends, and Forecasts (2017-2022); April 2017; https://www.mordorintelligence.com/industry-reports/advanced-driver-assistance-systems-market?gclid=EAIaIQobChMI9uCB3I-u1QIVxbDtCh2SOgnhEAAYASAAEgJc4fD_BwE

• Research and Markets; $45.9 Billion Growth Opportunities in the Global Automotive Semiconductor Market, 2022 - Research and Markets; April 2017; https://www.researchandmarkets.com/research/98z4g3/growth


RECOMMENDED