Why Vehicle-Gauge Chips Need to Meet Functional Safety

Founded in September 2003, Chipsea Technology is a full-signal chain integrated circuit design enterprise integrating sensing, computing, control and connection. Focus on the development and design of high-precision ADC, high-reliability MCU, measurement algorithm and AIoT one-stop solution.

With the development of the current domestic automotive MCU "flat" wave, more and more domestic chip design companies are gradually entering the field of automotive MCU design, hoping to gain a place in the context of the new energy and intelligent network era. Compared with the mature industrial and consumer MCU market, the automotive MCU is a completely new area, because of the emergence of new needs and application scenarios, the requirements for automotive MCUS are also greatly increased (which is why it is called the vehicle gauge).

After hundreds of years of development, the automobile industry has formed a very mature design, research and development and manufacturing system. However, in this system, the huge and complex supply chain system makes it difficult for latecomers to fully understand the overall situation of the automobile industry chain at the initial stage, especially the definition of products in their own segments, and it is difficult to accurately identify the demand and the reasons behind the demand.

Compared with Oems and well-known brand car companies directly facing the terminal market, consumers have little understanding of Tier1 suppliers (Tier1), and chip design companies are more difficult to detect the upstream (tier 2) position. Because of this, in the increasingly electronic automotive industry chain, chip companies have undertaken more work, but they are more and more distant from the real customer needs. Due to the lack of understanding of the terminal application, in the chip market research and product specification definition stage, there is often a certain disconnect with the final application, resulting in a good adaptation to the application needs after the market.

For the topic in the field of automotive safety, the author discusses why the vehicle gauge chip meets the stringent standard of AEC-Q100, and also needs to meet the functional safety.

Why should the car gauge chip meet functional safety

At present, China's automobile market is experiencing a wave of transformation from functional vehicles to intelligent vehicles. Some vehicle companies or supply chain vehicles, such as Huawei, Xopeng, and Tesla, are promoting the rapid improvement of the level of automotive intelligence, which has a profound impact on the definition of traditional car forms.

Through various intelligent blessings, whether it is a smart cockpit or autonomous driving, cars are becoming smarter. For example, the latest release of Xpeng G6, XNGP defines a new "commuting mode" that makes traffic smarter and improves the safety of passengers. The basic driving assistance function, LCC, allows the vehicle to stay centered within the road markings. At the same time, when a large vehicle is close to or cuts into the front of the car, the system will alert the danger and assist the driver to slow down properly, improving the driver's sense of security. In addition, although higher levels of autonomous vehicles (L3+) have not yet been produced in a real sense, relevant regulations have been introduced, and I believe that the future can be expected.

Today, the emergence of intelligent connected cars has moved the digital platform to the car, added four wheels, can control the vehicle on the road, and can assist the driver to drive, which is an unprecedented change that provides huge benefits for people. However, one of the problems that comes with this is that the digital platforms we are familiar with will inevitably have glitches or defects in the process of working. If these failures appear on ordinary consumer electronics products, they may only lead to functional failure, but they are not too harmful to the personnel themselves. However, for the safety of cars, unexpected failures may lead to various road accidents, seriously affecting the personal safety of drivers and occupants, and have a huge social impact.

Taking automotive MCU as an example, the device is prone to failure when implementing vehicle ADAS functions such as ACC and AEB. For example, the error or delay of the CPU calculation instruction directly affects the effectiveness and timeliness of the ADAS controller (ECU) to issue the brake instruction to the chassis, and it may be due to the failure to identify the MCU fault in time, which may lead to serious damage to the vehicle. In addition, if it is a car module or other driving scenarios, there will be other kinds of hazardous events.

From the above, we can see that the safety, fault detection and design capabilities of critical devices that are critical to functional realization, such as automotive MCUS, directly affect the safety of end users. At the same time, from the perspective of the market and end users, higher requirements are put forward for automotive MCU chip research and development enterprises, that is, to meet the functional safety of automotive chips.

In the current era, automotive MCU, as a key device of various automotive systems, has received the focus of domestic replacement. Some Oems with research and development capabilities began to enter the field of self-developed car gauge MCU chips, while some Oems chose to cooperate with domestic chip design companies to customize the production of their required chip products. This is both an opportunity and a great challenge. In order to ensure the success of the chip, and ultimately the commercial success, those chip design companies that have not been involved in the field before need to focus on one of the key features, namely functional safety.

Functional safety: Reduces unreasonable risk due to electronic failure

In automotive electronics applications, chip failures can be classified from two macro dimensions: one is the artificial systemic failure introduced by automotive chip design loopholes or incorrect implementation, and the other is the random hardware failure caused by events such as chip aging and electronic migration. In order to solve these two types of failures, automotive safety chip design enterprises must strictly follow ISO26262 functional safety standards. The standard establishes a comprehensive risk classification system and provides methodological guidance based on the Automotive Safety Integrity Level (ASIL) on how to reduce the potential hazards caused by electrical and electronic failures from a process and technical perspective.

At the chip design level, functional safety is a new indicator in the RTL-GDS process. On the basis of the original chip design process, the contents of FUSA verification (such as simulation verification through FPGA tools), fusa analysis (such as failure mode analysis, diagnostic analysis, etc.) and fusa implementation (such as security mechanisms such as TMR inserted through the back end) are added.

The processes at each of these stages are tightly integrated and, through effective implementation, the following objectives can be achieved:

1. Achieve traceability and compliance with safety requirements to reduce concerns of upstream customers

2. Reduce development effort

3. Improve design robustness

In the design of specific fail-safe mechanisms, functional safety standards are also required to meet some quantitative indicators, such as SPFM, LFM and PMHF. These metrics need to be adhered to and traceable at both the chip and IP levels.

For systemic failure, DFMEA method is usually used to identify various possible design failures, and put forward corresponding design prevention and detection measures to avoid the generation of problem chips. The important role of DFMEA is to help design teams identify and resolve actual or potential sources of errors through a structured approach.

For random hardware failures, the combination of various safety analysis and DFA analysis can fully cover random failures and determine the need for additional safety design measures during the chip design process.

Complete fault avoidance and fault tolerance measures are not limited to the above brief description, the actual project development should follow a complete process to implement and implement.

Today, although fully driverless intelligent connected cars have not yet been realized, for assisted driving and other related applications, we can see the importance of vehicle electronics to improve driving safety and comfort. Vehicle gauge level functional safety chip provides system guarantee for the safe operation of these functions. Ensuring that these chip designs meet quality, reliability and safety requirements will help build smarter and safer cars.

After the launch of the vehicle level automotive MCU chip that meets the AEC-Q100 standard, Core Sea Technology is continuing to enter the field of vehicle functional safety MCU. On the basis of ensuring product reliability, the automotive electronics product line of Xinhai Technology will continue to strengthen the serialization of automotive electronic MCU, product development platform and the construction of vehicle regulation functional safety system. For intelligent cockpit, human-computer interaction, vehicle PD fast charge, battery management, body control, driving safety and other application scenarios, to realize the development and market development of serialized automotive MCU chips.