Within the automotive sector, the safety of electrical and electronic systems (E/E) is mission critical. As many of you likely already know, ISO 26262 is the international standard for functional safety. For our customers designing ASICs for the automotive industry, ISO 26262 serves as the guarantee that, for the lifecycle of the vehicle, adequate safety has been achieved and preserved, I’m sure you’ve seen and heard a great deal about this particular standard because of the advent of self-driving cars which, as could be expected, placed a huge spotlight on safety. ISO 26262 is the primary industry prescription for developing functionally safe automobiles. This standard covers not just cars, but also trucks, buses, and other types of road vehicles.
ISO 26262 pre-dates autonomous vehicles by years, addressing all aspects of E/E systems in road vehicles. Obviously, when the vehicle itself is doing the driving, safety is paramount. However, even when a human is at the wheel, safety can be compromised by various types of E/E failures. If you’re designing ICs for any part of any electronic subsystem in road vehicles, ISO 26262 is vitally important.
When considering safety, there are many other applications where a failure could easily result in serious injuries or loss of life, including implanted medical devices, offensive and defensive weapons, and nuclear power plants. Even misbehavior in an Internet-of-Things (IoT) device – such as your home security system – could have serious consequences for you and your loved ones. In response, the electronics industry has developed a whole catalog of related standards for industrial, railway, avionics, military, machinery, nuclear, and medical applications, just to highlight a few.
Consequently, a number of designers working on ICs for these applications have already thought seriously about functional safety. The basic idea common to all the safety standards is taking appropriate action in response to a fault in the system to prevent a catastrophic failure. That means you must design your chips to detect faults and either correct them or bring the vehicle to a safe condition.
Road travel is a notoriously difficult environment for electronic systems. You have extremes in temperature and humidity, noise and vibration, alpha particles that can flip memory bits, chip aging effects, and more. You must handle these properly with safety mechanisms that detect or correct faults due to these challenging conditions. This is an area where you can benefit from the years of experience gleaned in safety-critical design for all the applications listed above.
Agnisys makes it easy for you to meet the requirements of ISO 26262 and other safety standards. Our IDesignSpec Suite automatically inserts the safety mechanisms you request into its generated register-transfer-level (RTL) designs. These mechanisms are all well proven by decades of use in a wide range of electronic systems. Agnisys supports the following options:
- Adding and checking a parity bit to detect a changed value
- Calculating and checking a Cyclic Redundancy Check (CRC) to detect a changed value
- Calculating and checking Single Error Correction Double Error Detection (SECDED) to both detect and correct an incorrect value
- Adding Triple Modular Redundancy (TMR) so that two correct values will “outvote” an incorrect value
All this support for safety-critical design takes no effort on your part. You simply tell us which safety mechanisms you want in which parts of your chip, and our solution generates them automatically. The safety assessment methods specified in ISO 26262 enable you to gain a quantitative reading on how well your design is protected against faults of all kinds. Your automotive sector customers are certain to be heavily concerned with ISO 26262, and will ask you to show how your chip meets its requirements, and whether your design process is compliant to the standard.
Safety standards have a ripple effect: end manufacturers demand compliance from their subsystem developers, who in turn demand it from their chip suppliers, who in turn demand it from their electronic design automation (EDA) vendors. As a designer of vehicular electronics systems, you must show that the EDA tools you use in your development flow meet the requirements of ISO 26262.
Qualifying your EDA tools for use in the development of functionally safe chips can be a big effort that consumes precious resources, adds cost, and delays your schedule. Agnisys eliminates all that worry because we qualify our own tools as suitable for ISO 26262 design. Our entire IDesignSpec Suite and development flow is certified by the internationally known testing and inspection organization TÜV SÜD as having achieved the stringent tool qualification criteria defined by ISO 26262 as well as the related underlying standard IEC 61508.
You can have high confidence in this certification, the result of a long and arduous process.
TÜV SÜD conducted a detailed investigation of Agnisys tools, team, and development processes. They evaluated our tools and audited our product verification and validation flow, quality assurance (QA) procedures, configuration and release management, and user support procedures. Their endorsement means that you don’t have to worry about ISO 26262 tool compliance.
With our IDesignSpec Tool Qualification Kit (TQK), you can meet the requirements of both standards and satisfy the compliance demands of your customers. You need take no additional steps at all to qualify or certify our solutions when used in your development flow.
A safety-critical IC is challenging for many reasons, but it’s vitally important to get it right. The electronics industry has many years of experience to draw on, and standards such as ISO 26262 are critical in establishing key requirements and best practices to satisfy them. With Agnisys as your executable specification automation solution partner, you can design automotive chips with automatically inserted safety mechanisms and qualify your development process with no effort needed to certify our solution.
We look forward to helping keep you, your customers, and their end users—the drivers—happy and safe. If you’re facing functional safety challenges with your next IC project, why not schedule a solution discussion or request a demo today? Agnisys is here to help.
Anupam Bakshi
___________________________________________________________________________________________________________
There are multiple causes for design errors, but some of the most common are related to the design specifications and how they are distributed and maintained throughout the product development lifecycle. Learn how to address this issue by reading The IC Designer's Guide to Automated Specification of Design and Verification, for Better Products.
