Key Requirements for Automotive SoC Design

Alessandra Nardi, Uyen Tran

Apr 04, 2023 / 6 min read

Thanks to the intelligence inside, your car can do a lot more on its own than ever before. When your vehicle senses it is getting too close to the car in front, it can apply the brakes. Or if your car recognizes it’s about to cross into another lane, it can alert you or center itself. And, while they’re not yet commercially available, self-driving cars are being tested and operated on our roadways.

Today’s connected vehicles are digital platforms. At the high end, it’s not uncommon to find upwards of 150 million lines of software code distributed among 150 or more electronic control units (ECUs), as well as in sensors, cameras, radar, and LiDAR devices. Software provides a lot of the vehicle differentiation, working in tandem with the hardware to turn concepts like automated braking, lane departure warnings, and self-parking into viable features.  

With technology driving so many of the capabilities in modern vehicles, it’s no wonder that automotive SoCs are a key point of focus for carmakers. Some automotive OEMs are designing their own chips, and many others are investigating the possibilities. When it comes to ensuring the dependability of these chips, four key characteristics are needed: quality, reliability, functional safety, and security. Read on to learn more about the requirements to address each of these areas in your automotive SoC designs.  

Automotive Infotainment System

Quality: Reducing Defective Parts Per Billion

Defects are never a good thing in a chip design and when it comes to automotive SoCs, requirements for an acceptable number of defects are extremely stringent. Process contaminants, latent defects, and process variation can all come into play to affect quality, defined as conformance to specifications at the beginning of the useful life.

Effective identification of silicon defects requires continued testing throughout the device’s lifecycle. To be sure, this faces challenges:

  • Time on the tester is growing increasingly expensive
  • Multiple monitor instances and designs for test (DFT) occupy valuable real estate
  • The time and effort needed to generate test programs can be high

A thorough test program can alleviate these challenges. Effective advanced fault modeling tools, advanced compression and defect-driven memory test, physically aware DFT, advanced tools for efficient implementation, and on-chip monitoring that generates real-time analytics can all help enhance the test program and the design.

Reliability: Ensuring High SoC Performance Through the Life of the Vehicle

Since cars are expected to operate for more than 15 years, having reliable automotive SoCs could mean the difference between components that perform well for the expected lifespan and those that fail earlier than anticipated. Achieving a level of chip robustness involves avoiding service failures that are more frequent and/or more severe than acceptable.

Reliability is impacted by process/voltage variability; wear-out failures stemming from factors such as aging, thermal effects, electromigration (EM), and electrostatic discharge (ESD); and random failures due to environmental issues such as power surges. One of the key automotive industry standards addressing reliability, along with longevity, comes from the Automotive Electronics Council: AEC-Q100. AEC-Q100 provides failure mechanism-based stress test qualification for packaged automotive ICs. Given that automotive chips must operate under harsh conditions, stress testing while they are being designed can lead to more reliable automotive systems.

Many of the issues that impact SoC reliability require innovation to analyze and fix at the SoC level, with coverage for all paths. Device aging must be analyzed according to the stress temperature, stress voltage, lifetime, and signal probability of the SoC, otherwise known as the “mission profile.” A static timing analysis- (STA-) based solution that covers all paths in the design and provides high accuracy with the low cost of library characterization enables the analysis to be performed for comprehensive mission profiles. Automated design robustness analysis and optimization technology that can identify cells that are susceptible to process variation, or paths that are susceptible to voltage variation, are crucial to prevent timing failures.

Signal and cell-level EM is another challenging consideration. For automotive reliability, the design must meet signal EM requirements (average, RMS, and peak current) as specified by the semiconductor process foundry. EM analysis involves accurate modeling, extraction, and calculation of current through wires in the design. In addition to signal EM rules, cells must be used under reliable conditions to not exceed the maximum frequency or toggle rate. As such, cell-level EM must be modeled during library characterization to record the maximum frequency for different slew and load conditions. Signal EM violations must be fixed during optimization in physical implementation. Cell-level EM violations must be fixed during ECO by replacing cells to meet EM requirements.

During the SoC’s in-field operation, employing silicon lifecycle management (SLM) techniques can extend its lifetime. On-chip path margin monitoring (PMM) can be implemented to reduce the operating voltage for targeted performance profiles. Reducing the operating voltage offers the benefit of reducing voltage and temperature stress on devices, which increases the SoC’s lifetime. Continuous path-margin monitoring provides analytics to optimize the SoC’s performance.

Functional Safety: Reducing Risks Caused by Malfunctions

Systemic faults, like bugs or an incorrect implementation, and random hardware failures from events such as silicon aging and EM effects, are two potential sources of safety risks in automotive electronics. The ISO 26262 functional safety standard provides guidelines automotive chipmakers must meet to have safety critical devices qualified to run inside vehicles. The standard’s risk classification system, the Automotive Safety Integrity Levels (ASILs), aims at reducing potential hazards caused by electrical and electronic system malfunctions.

Functional safety (FuSa) is a new metric in the RTL-to-GDS flow. It involves FuSa verification (DC validation through fault categorization is one example), analysis (such as failure modes, effects, and diagnostic analysis (FMEDA)), and FuSa implementation (such as the insertion of safety mechanisms). Tight integration of automated flows for each of these phases is important to deliver on three key factors:

  • Confidence, with traceability and safety compliance
  • Productivity, with reduced engineering effort
  • Efficiency, with optimized turnaround time and power, performance, and area (PPA)

Designing fail-safe hardware involves adhering to certain hardware architecture metrics, such as SPFM, LFM, and PMHF. FMEDA at the IP, subsystem, and SoC levels can track these metrics and, in conjunction with dependent failure analysis (DFA), covers random faults. Addressing systematic faults calls for state-of-the-art verification with traceability and design failure mode and effect analysis (DFMEA). Verification validates whether inserted safety mechanisms are effective, while traceability provides a way to manage the functional safety requirements during the development process. DFMEA helps to identify and resolve errors or potential sources of errors in a design.

Automotive Functional Safety (FuSa) Diagram

Security: Defending Against Threats

Malicious threats are a challenge for many market segments. For automotive, a compromised chip could profoundly—even fatally—impact human life. In addition, hackers seek to utilize connectivity vulnerabilities to interfere with new over-the-air (OTA) software updates targeting new business models for application upgrades. Maintaining the security of automotive SoCs, as well as software, is imperative. ISO/SAE FDIS 21434 Road Vehicles – Cybersecurity Engineering, developed with the ISO 26262 functional safety standard as its foundation, provides a cybersecurity framework for the lifecycle of road vehicles. The framework spans:

  • Security management
  • Project-dependent cybersecurity management
  • Continuous cybersecurity activities
  • Associated risk assessment methods
  • Cybersecurity within the concept of product development and post-development stages of road vehicles
  • Ongoing cybersecurity monitoring

The idea is for automakers to develop consistent, repeatable processes to protect vehicles against malicious attacks for the duration of their useful lives. Defenses against attacks on the hardware include physical unclonable functions (PUFs), probe-resistant designs, logic locking, and watermarking. Pre-silicon simulation of attacks could identify vulnerabilities and also verify that mitigation measures are effective. Hardware attack-resistant designs through techniques such as rule checking, property checking, and simulation can help prevent known design weaknesses.

Automotive SoCs Accelerate Innovation

Electronic design automation (EDA) and IP solutions vendors can provide automotive SoC designers with the technologies needed to achieve high levels of quality, reliability, safety, and security in their designs. Synopsys, for example, delivers automotive solutions spanning design and verification, implementation, signoff, and manufacturing/in-field operations to help designers comply with standards including ISO 26262 and ISO 21434. Our active participation in various automotive standards organizations means we have a seat at the table, contributing to the evolution of important protocols.

Even vehicles that aren’t capable of self-driving now possess an impressive array of autonomous features that enhance the safety and comfort of the ride. Automotive-grade silicon chips play a key role in bringing these capabilities to life. Ensuring that these chip designs meet quality, reliability, safety, and security requirements will help produce smarter, safer vehicles.

Continue Reading