Best Practices for ISO 26262 ASIL Ready Automotive ADAS SoCs

By: Ron DiGiuseppe, Senior Strategic Marketing Manager, Synopsys

According to National Highway Traffic Safety Administration (NHTSA), 94 percent of all automotive accidents are caused by the driver primarily due to poor recognition, poor decision making or poor performance1. Automotive OEMs are adding new advanced driver assistance systems (ADAS) to improve safety for functions such as pedestrian detection/avoidance, lane departure warning/correction, traffic sign recognition, surround view, drowsiness monitoring and other applications (Figure 1). Fueled by consumer interest and government regulations to improve road safety, auto makers are requiring Tier 1 and semiconductor suppliers to develop ADAS system-on-chips (SoCs) that incorporate the latest multimedia standards, run multiple vision base algorithms, and combine image and radar system sensor data. To implement the advanced protocols required to meet high performance operation, the ADAS SoCs use leading edge design and process technologies that are more stringent than most high-end consumer applications. Designers of this new class of ADAS SoCs rely on IP suppliers to help overcome the challenges of implementing the application-specific IP requirements as well as to meet the ISO 26262 functional safety requirements of safety critical automotive applications in shortening design and maturation cycles.

Figure 1: ADAS applications

IP for ISO 26262 ASIL Ready Functional Safety

ADAS SoCs for safety critical applications require IP functions supporting the latest protocols and algorithms in leading foundry processes. In addition to providing the advanced features, small area, high performance and low power required by ADAS applications, IP suppliers must meet the ISO 26262 Functional Safety standard defined by the automotive industry. The ISO 26262 standard, which was released in 2011, applies to functional safety in electrical and/or electronic systems within road vehicles. It addresses all activities of the safety lifecycle such as design and development of safety-related systems and includes SoCs that are classified as Safety-Elements-out-of-Context (SEooC). ISO 26262 provides an automotive-specific approach to determine Automotive Safety Integrity Levels (ASIL) and specifies measures to validate and confirm that the safety levels are achieved. The goal is to minimize susceptibility to random hardware failures by defining functional requirements, applying rigor to the development process and taking the necessary design measures including fault injection and systemic analysis and metrics reporting. Using IP that has been certified according to ISO 26262 will help SoC designers mitigate supply chain risk and accelerate the requirements specification, design, implementation, integration, verification, validation and configuration of their SoC level functional safety.

Synopsys has implemented an ISO 26262 safety culture within our IP development flow. Synopsys’ IP organization implements the policies, processes, strategies and managers required for ASIL Ready IP. In addition to the detailed functional safety training for development engineering, Synopsys’ safety managers have received intense training and certification as Semiconductor Automotive Functional Professionals (SC-AFSP) by leading automotive inspection company SGS-TÜV Saar and are fully empowered to ensure that the IP development adheres to the requirements.

The Synopsys IP development flow includes ISO 26262 “Work Products” (Figure 2) which provides integrated hardware safety features, verification plans, safety plans, verification reports, safety manuals and Failure Mode Effect and Diagnostic Analysis (FMEDA). The Synopsys IP Automotive Safety Packages contain the deliverables which enable designers to develop their SoC-level FMEDA report, thereby accelerating their development. Compliance certifications for SoCs and IP are granted by accredited industry auditors such as SGS-TÜV Saar who perform product and process reviews, assessments and audits of functional safety elements including ISO 26262 Work Products such as safety plans, safety features, failures in time (FIT) rate analysis and FMEDA analysis.

Figure 2: Synopsys IP development includes Functional Safety Work Products

Best Practices for Developing ISO Compliant IP

Leveraging our experience in delivering IP with Automotive Safety Packages, Synopsys has defined a number of best practices:

  1. Participation by safety managers in each stage of the IP development, including process audits, with concurrent reviews performed by multiple engineers to eliminate bias.
  2. Documentation for each key decision as part of requirements tracing by an assigned team member.
  3. Perform a complete block-by-block analysis for the FMEDA assessment, where the IP designer must identify all the possible failure modes for each of the blocks and the error detection/diagnostics/corrections for these failure modes (random faults).

In addition, the diagnostic coverage number based on FIT rate and diagnostics/coverage/correction is determined. Typical steps in FMEDA development include:

  • Use of industry standard Siemens SN 29500 failure rates
  • Use of failure rate lambda values defined in IEC TR 62380, as shown in Figure 3.

Figure 3: Typical steps in FMEDA IP assessment

After the detailed failure rate and diagnostic analysis is complete, the ASIL metric is determined based on the ISO 26262 risk potential. Figure 4 shows the various ASIL levels based on fault coverage metrics. 

Figure 4: ASIL levels

Providing a complete Automotive Safety Package for IP enables designers to meet SoC level safety goals. To ensure Synopsys deliverables and design flow meet customer requirements, Synopsys takes the extra step to obtain ISO 26262 certification (Figure 5) by an industry accredited automotive safety inspection firm: SGS-TÜV Saar. By obtaining ISO 26262 certification and receiving independent validation of ASIL Ready status, Synopsys reduces customer risk by ensuring our DesignWare® IP meets industry standards.

Figure 5: Example ISO 26262 Certificate for Synopsys IP: Embedded Memory Compilers

Summary

IP suppliers play a key role in the automotive supply chain to enable the new generation of high-performance ADAS SoCs. For example, vision-based SoCs may contain a high amount of third-party IP to implement the key embedded vision, sensor fusion, multimedia, security and advanced connectivity functions. Although IP suppliers have permeated the semiconductor ecosystem for consumer, mobile, PC and communications applications, not all IP suppliers can support stringent automotive level requirements. As designers initiate their next-generation ADAS SoCs, they must assess the IP suppliers’ capability to provide ISO 26262 Safety Packages with ISO 26262 certification. IP suppliers with the commitment and resources to meet automotive industry requirements help ensure the success of automotive SoC suppliers, Tier 1s and OEMs to meet the functionality, performance, quality and reliability levels for ADAS SoCs targeting 28nm and 16/14nm FinFET technologies.

For information on Synopsys' IP portfolio for automotive SoCs, please visit www.synopsys.com/ip-automotive.

References:

1 National Motor Vehicle Crash Causation Survey, NHTSA, February 2015