Developing the technical specifications for automotive-grade IP so that it meets standards such as ISO 26262 (functional safety), AEC-Q100 (reliability), and TS 16949 (now IATF 16949 covering quality management) is one of the most difficult tasks facing engineers in the automotive sector, particularly if they are engaged in designing advanced ADAS systems.
Recently I became aware of a terrific video on YouTube put together by Synopsys entitled “Under the Hood of Automotive Standards Compliance” presented by Navraj Nandra, senior director of marketing, DesignWare Interface and Analog IP. The video will help you understand and appreciate automotive system compliance with the three key standards.
For example, ISO 26262 focuses on safety critical components. The standard specifically identifies the minimum testing requirements depending on the ASIL (Automotive Safety Integrity Level) of the component. There are four safety levels: ASIL A, B, C, and D. Typically, D represents the most secure and most reliable so it naturally has the most safety critical processes and strictest testing regulations.
Here is the Synopsys IP development flow for automotive safety applications. (Source: Synopsys)
Within the standard there are processes such as FMEDA (Failure Mode Effects Diagnostics Analysis). This is a systematic analysis technique to obtain subsystem/product level failure rates, failure modes and diagnostic capability. The FMEDA report considers all components of a design as well as: the functionality of each component and its failure modes; the effect of each component failure mode on the product’s functionality; the ability of any automatic diagnostics to detect the failure; the design strength (de-rating, safety factors); and the operational profile (environmental stress factors).
Some interesting tidbits from the video:
- The foundries, IC vendors, and design tool companies developing chipsets for ADAS have reached the 7 nanometer process node. Other components in an ADAS are at 14 and 16 nm. These are all FinFET technologies. When Synopsys looked at its data, produced over a year’s time, it showed that the demand for FinFET was outstripping the demand for some of the previously established technologies.
- There are reliability tests related to electromigration. At 7 nanometers, electromigration is a challenging topic because the dense array of narrow, thin-film metallic conductors that serve to transport current between the various devises on the chip have very high impedance so they’re very susceptible to electromigration failure. What Synopsys has done in the development of some of these IP blocks is realize that the EM requirements need to be understood at the schematic design level. So they back-annotated the schematics with all the EM effects. As a result, when the company is laying out the devices for USB or PCI Express or LPDDR4 (low-power double data rate random access memory) EM currents are part of the schematic simulation. Incidentally, Nandra said Synopsys customers building ADAS chips at 7nm are asking for LPDDR4 at 4267 megabits per second.
- Electromigration must support the emission profile, which is, say, at the 1 ppm level. But these emission profiles are secret. The OEMs, the automotive companies, and the SoC companies do not share their emission profiles because their value-add is to design SoCs and IP that are robust against that particular emission profile. So they don’t share what their profile is for IP developed to support automotive grade product.
- As ICs get smaller, so do the dimensions between transistors within an IC. Transistor spacing can create conditions for latch-up, where a low impedance path is created between a supply pin and ground. At the more advanced nodes you have a very low-impedance substrate. That low-impedance substrate can cause interference between devices, making the device latch up.
- Because there is a real challenge in developing ADAS chips with a lot of number crunching for real-time data processing, the devices have to be driven above their operating range in order to meet the speed of the processors on the microprocessors used in an ADAS chip. Yes, the reliability requirements for automotive basically tell you not to overdrive transistors. Catch-22. Nandra said that, in fact, you need to super overdrive to meet the real-time processing requirements, boosting the voltage of the device by 20% over its nominal.
- The concept of asynchronous aging vectors, especially for logic libraries, must be taken into account. When building logic libraries, engineers have to analyze the SoC for asynchronous aging using special vectors because elements on the ADAS chip age at different rates—the result of elevated environmental conditions.
- Security hackers for automotive are becoming very sophisticated, and some of these individuals or groups can sense the temperature changes on an ADAS pin. So if you’ve got a big ADAS chip with lots of pins on the side, hackers can actually figure out functionally what’s going on by looking at the temperature changes on the pin. And they’re able to figure out the traffic profile from that; it’s a process called a side-channel attack. The video discusses a trusted execution environment that includes a lot of cryptography blocks and cryptography cores, hardware accelerators, and security protocol accelerators (the more security added to an ADAS chip, the slower things become; the way to get around that is to use security protocol accelerators).
As you might imagine, Synopsys has implemented an ISO 26262 safety culture within its IP development flow and has defined a number of best practices. Synopsys’s portfolio of ASIL B and D Ready ISO 26262 certified DesignWare IP now includes a PCI Express 3.1 controller and PHY, USB 3.0 controller, MIPI (Mobile Industry Processor Interface) CSI-2 controllers and D-PHY, LPDDR4 PHY, EEPROM and Trim NVM (Non-Volatile Memory). In the video, Nandra describes the Synopsys solutions. The main point is that the information you can take away from this 54-minute video is applicable to all engineers involved in developing IP for advanced ADAS systems, whether or not they are using Synopsys IP.
You’d do well to take a look at it.