Have you notice how smart your automobile is getting? Watching the first round of NFL playoffs I lost count on the number of TV commercials showing cars weaving through tight construction zones (and Star Wars figures), big trucks parking in incredibly tight spaces, cars avoiding rear-end collisions and pedestrians, and even a pickup with specialized sensors used when pulling a trailer. That of course is just the beginning. There is much more to come and the electronics for these systems will be big business for IC providers, but it does beg the question of safety and reliability. And as you would expect, more standards are coming out to address this very thing.
Mentor, a Siemens Business, issued a new white paper outlining the upcoming second edition of the ISO 26262 Functional Safety Standard for road vehicles. The standard’s second edition adds sections to cover heavier road cars, trucks, buses and motorcycles. More interesting to IC folks is a completely new section to the standard that covers design and test of semiconductors that go into vehicles. For all those IC providers hoping to leverage this market, you need to take notice of these changes.
The original ISO 26262 was intended to be applied to safety-related systems that include electrical and/or electronic (E/E) systems in series production passenger cars with a maximum grows weight of 3500 kg. The standard provides a definition of what is meant by “safety” and how safety goals are determine and what is a “safe state” (e.g. where do we end up when we do have a malfunction). The standard also speaks to the safety life cycle from management, development, production, operation, service and eventual decommissioning.
Per ISO 26262, designers must develop a safety plan to achieve stated safety goals. Safety integrity levels for automotive-specific risks are classified depending on the level of severity of effects of a device failure. These are known as ASILs (Automotive Safety Integrity Levels). ASIL levels range from ASIL-A through ASIL-D, with ASIL-D being the most stringent. ASIL-D implies that the likely potential for severe life-threatening or fatal injury in the event of a malfunction. Each vehicle E/E component is ASIL-classified based on the severity of the effects of a failure to the driver and passengers as well to persons near the vehicle.
ISO 26262 was first introduced in late 2011. The standard was revised again in 2012 to give clarity to the standard (section 10) and more recently again in 2016 to add section 11, dealing with semiconductors and section 12 dealing with the additional vehicle types already mentioned. The draft standard from 2016 is the basis for the 2[SUP]nd[/SUP] edition of the standard that is to be released in March of 2018.
Mentor’s interest in this comes from their Tessent family of design automation tools that address quality and reliability of semiconductors during both manufacturing and in-system operation. Tessent test solutions are used to target zero-DPM silicon and their unique diagnosis and yield analysis capabilities enable designers to quickly determine root-cause analysis of field returns as well as the identification of systematic defects that lead to yield excursions. Designers use Tessent products to show evidence (as required by ISO 26262) of how work product functional safety has been reached. Not only can the tool be used to prove how functional safety is built into an IC, but they also specify specific customer use cases which can be used to judge the tools’ impact on safety, so even the Tessent tools get ISO certification.
The new part 11 of the ISO 26262 spec gives a comprehensive overview of functional-safety related items for development of semiconductor parts. Pertinent to Mentor is the Design-for-Test (DFT) section that covers hardware faults, errors and failure modes including definitions of fault models and failure modes in relation to functional safety. Semiconductor IP is also addressed relating to how to qualify an IP and how that IP affects parts of the design that use that IP.
Design-for-manufacturing (DFM) tools work to identify systematic design issues that can cause failure and yield loss. ISO 26262 however focuses on random failures that may be introduced by the environment. Causes of these failures may be things like vibration, moisture, dirt, or circuit effects like noise, EMI or electro-migration. The new part 11 of the standard gives clarity and guidelines with examples for how to calculate and use base failure rates. It also provides guidelines for identification of possible common cause and cascading failures between elements through something known as Dependent Failure Analysis (DFA). Look for more functionality from the Mentor Tessent family of products to address these kinds of analysis in the future.
In the meantime, the new section 11 describes important semiconductor use cases covering digital components, memories, analog and mixed-signal, programmable devices, multi-core components as well as sensors and transducers. These are all right down Mentor’s alley, especially with their recent focus on internet-of-things (IoT) design flows that cut across nearly all of Mentor’s IC products. Currently, Mentor’s Tessent DFT and yield family of tools are all ISO 26262 qualified and available now to help IC makers go after the automotive IC market. Check out their white paper for more details on the Tessent product line and the upcoming 2[SUP]nd[/SUP] Edition to ISO 26262