Automotive SoC supports the ISO 26262 ASIL B safety standard

2nd February 2016



Posted By : Nat Bowers

Renesas Electronics has announced the development of hardware fault detection and prediction technologies for functional safety in automotive computing systems. The company has also successfully developed a prototype of an automotive computing SoC fabricated in a 16nm FinFET process supporting the ISO 26262 ASIL B standard for automotive functional safety.

Recently, there have been extensive activities in developing self-driving systems for vehicles and it is expected that the autonomous-driving era will arrive by the year 2020. Created by the International Organization for Standardization (ISO), the ISO 26262 ‘Road vehicles – Functional safety’ standard defines the entire safety life cycle for electronics and/or software in safety-related systems in vehicles weighing less than 3,500kg. Included in this are specific recommendations for the mitigation of random hardware faults, including diagnostics and/or the specific implementation of hardware safety systems.

When an internal fault occurs during driving, the automotive computing system used in an autonomous vehicle must either stop the vehicle safely or continue driving safely. Therefore, while SoCs for automotive computing systems have larger scales and more complex functions than earlier SoCs to process at high speeds and in short time periods that the large amount of data sent to them from cameras and other sensors, they are required to have safety mechanisms.

One method for detecting random hardware faults that occur during runtime consists of stopping programme execution in the SoC itself and performing self-tests (runtime self-tests). This method is appropriate in large-scale circuits, since it can detect hardware faults without redundancy in the logic circuits. Furthermore, compared to software-only self-testing, the test time is reduced by using the Built-In Self-Test (BIST) hardware. However, executing runtime self-tests requires the stopping of the SoC’s ordinary functions and application programmes cannot be run during that period. Furthermore, as these chips become more functionally complex and larger scale, the test times become longer and this could result in shutting off functions required for self-driving operation for extended periods.

To resolve this issue, Renesas implemented BIST systems in the CPU and GPU function blocks, and an integrated controller for these BIST systems. Furthermore, Renesas developed functions that enable these runtime self-tests to be executed with test time slicing. This function makes it possible, for example, to support the requirement of audio processing that the processing may only be interrupted for less than 2ms. It does this by: executing the runtime self-test on one specific CPU in the CPU cluster, which consists of four CPUs, and continuing programme execution on the remaining three CPUs; and dividing the GPU self-test into multiple sections and executing those sections in a time-sliced manner.

Renesas has made it possible to achieve the expected criteria such as diagnostic coverage for the ISO 26262 ASIL B standard for functional safety even in complex, large-scale SoCs, by minimising the blackout periods that the SoC cannot be used due to test execution and also minimising that duration to shorter than the tolerance time for which safety function operation may be interrupted.

There are cases where momentary voltage droops occur due to the excessive activation of logic circuits in an SoC. These voltage droops become more conspicuous as the operating frequency of the logic circuits and the fluctuations in the activations of those circuits increase. Previously design applied methods that provided adequate voltage margins to handle the maximum voltage droops were used. However, the lower supply voltages resulting from the use of finer process rule and higher operating frequencies made it difficult to provide voltage margins in the design.

Renesas developed the following three systems to resolve this issue:

  • Ultrafast voltage sampling system – Renesas developed a high-speed voltage sampling system that combines a variable delay circuit whose transmission time changes with the voltage difference and a time-to-digital converter that converts the time difference with respect to a reference clock to a digital value. This voltage sampling system can operate at the same 2GHz as the fastest CPU clock.

  • Voltage droop prediction system – This system predicts the voltage droop four cycles in advance based on the voltage information acquired from the voltage sampling system. If this predicted voltage falls below a threshold value set in advance, it requests that the clock supply be stopped.

  • High-functionality clock control system This system combines a clock gating circuit and a clock divider circuit and immediately stops the clock supply after receiving the clock stop request to suppress voltage droop. The clock supply recovers gradually by increasing the frequency from a frequency lower than the frequency prior to stopping the clock supply to minimise voltage droops which can be caused by restarting the clock supply.

By combining these three systems, voltage droops that might occur can be detected in advance and hardware faults that could occur due to those voltage droops can be prevented.

Based on the hardware fault detection and prediction technologies, Renesas has developed an SoC for automotive computing systems that is fabricated in a 16nm FinFET process and that supports the ISO 26262 ASIL B standard for automotive functional safety. The SoC has a heterogeneous multi-core architecture with a total of nine CPUs of three types. It also includes a GPU that provides massive processing power.

Renesas intends to provide automotive computing system development platforms to lead the autonomous-driving era using these technologies and contribute to the realisation of safe, secure and environment-friendly vehicles.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *