Automotive Safety Functionality ISO 26262, Second Edition, Calls for Semiconductor Development Requirements

Source: TTI Market Eye article

05/14/2018 // Murray Slovick for TTI Market Eye
Functional safety is an immutable requirement for critical automotive systems. As such, in November 2011 the ISO 26262 standard was introduced defining the safety aspects for development of electric and electronic automotive systems. ISO 26262 describes all requirements to achieve functional safety. As an example: compliant systems must be able to identify their malfunctions and mitigate the effects such that passenger safety is preserved. Compliance with the standard is achieved between vehicle manufacturers, Tier 1 automotive suppliers, semiconductor suppliers and IP providers.

The standard describes four automotive safety integrity levels (ASILs) ranging from level A, for the lowest integrity requirements and steps up through levels B and C to D, for the highest integrity requirements – which in turn define the various processes that automotive development teams must use to meet the standard. An ISO 26262 development flow sits alongside the main design flow and ensures that the SoC or associated IP meets the required functional safety level. Design teams working to meet ISO 26262 standards must systematically analyze the status of any component or system throughout the supply chain.

ISO 26262 quickly became the guiding standard for functional safety for the automotive development process. But in the seven years since 26262 was published much has changed: intensified use of car sharing services, development of Advanced Driver Assistance Systems (ADAS) and the emergence of self-driving vehicles, to name just three key technology drivers.

With automotive progress has come greater need for absolute certainty that electronic systems are going to perform as intended without malfunctioning. Autonomous vehicles, for example, bring the challenge of not just functional safety but fail-operational functionality, sometimes also referred to as fault-tolerance, where a failure in one component does not stop the whole system from working correctly – the system is expected to reconfigure itself as necessary to ensure that it does so.

Rapid progress in the development of ADAS and autonomous driving technology is now challenging the semiconductor industry to bring the rigorous safety standards used in the automotive industry to its design process.

The problem is that while ISO 26262 included a section on hardware development, the standard previously had no specific guidelines for semiconductors themselves.

Until now. A new second edition will be released this year and perhaps not long after you read this. Designated ISO 26262:2018 it will add two additional parts to the original standard. Importantly, in Part 11 this second edition will lay out guidelines for the application of ISO 26262 requirements to semiconductor development. Part 11 also addresses intellectual property (IP), specifically for ISO 26262-related silicon IP suppliers. Part 11 has been written to ensure that the 20662 standard remains relevant when applied to systems commonly used in ADAS and fully autonomous driving architectures. In this way it could help to close any safety gaps now appearing during on autonomous driving tests.

Part 11 guideline provides detailed information to help semiconductor manufacturers develop ISO 26262 compliant parts. The section has tips, recommendations, and examples for creating ISO 26262 compliant ICs and IP, and includes information on failure rates and transient faults, as well as specifying diagnostic coverage.

The update has numerous other changes, including sections on improving cybersecurity functional safety. Part 12 of the second edition adds specific content for motorcycles, trucks, buses, trailers and semi-trailers.

This forthcoming release will bring significantly more information to support semiconductor suppliers In the areas of digital and analog components, programmable logic devices (PLDs), multi-core processors and sensors and as well as silicon IP.

Let’s look at these one at a time:

Of course any automotive application also must meet the automotive reliability requirements defined by the Automotive Electronics Council’s AEC-Q100 “Stress Test Qualification for Packaged Integrated Circuits,” AEC Q101 for discrete parts, AEC-Q102 for Discrete Optoelectronics, AEC-Q104 for Multichip Modules and AEC-Q200 for passive components.

 

Exit mobile version