The old saying, “may you live in interesting times,” is intended as both a blessing and a curse, and the makers of automotive ICs are indeed living in “interesting times.” In this case, though, the curse (complexity) is also the blessing (competitive advantage) as long as you can manage issues like test, functional safety, and data security. Tessent, part of Siemens Digital Industries Software, offers a solution for managing the new demands of SoCs designed for automotive applications. It’s called the Tessent Safety Island.
Challenges of automotive ICs
Automotive SoCs are larger and much more complex than ever and also need to comply with industry standards, like the ISO 26262 functional safety standard, that drives both hardware and software design. Since the point of compliance is to ensure safety in the SoC and system, it is important to target the correct level of compliance for the target application. These are referred to as the Automotive Safety Integrity Level (ASIL) levels, ranging from A to D. When designing to achieve an ASIL D certification, the on-chip IP subsystems can contain a mix of ASIL support levels. Meeting an overall target requires modularity in safety management at the integration level.
In an SoC with mixed safety-level IP, there must be a way to isolate any subsystem for in-system testing using, for example, logic built-in-self-test (BIST) or memory BIST. Figure 1 shows a potential allocation of functional safety IP on an automotive SoC.
Common resources such as memory must be independent between domains wherever possible, so that failure in one cannot corrupt multiple domains and reduce the overall ASIL rating. Making components independent for test and safety purposes requires some orchestration. Who is in charge? What mechanism will monitor for issues, manage test, then communicate the issues to the larger system?
That’s the function of the Tessent Safety Island (figure 2). It is the mechanism through which the chip can access, manage, and monitor IP on the SoC that represents a mix of different safety support levels and communicate failures to external systems. For example, raising a flag that tells the driver to take control if an ADAS system fails. The Safety Island is also adaptable and upgradable for future needs and use cases.
Bringing all of the in-system test-based safety mechanisms together is easy if you are using the Tessent MissionMode controller, which enables a single point of control. However, the Tessent MissionMode controller is simply the mechanism by which the configuration and scheduling of the different testing are enabled and results collected. By adding a safety CPU, the MissionMode controller can become a dedicated safety island. Connected via an AMBA APB interface provided when the IP is created.
Manage more than just test
Automotive test as managed through specific safety mechanisms like BIST in just one aspect of automotive IC requirements. Once the safety island is implemented, its reach can be extended further. Through the IJTAG interface and additional bus interconnect it is possible to also hook up a range of other IP that can be used to increase IC safety. Figure 3 illustrates the extended safety island connectivity.
Monitoring and triggering the BIST structures to test for structural defects is easily managed through the IJTAG infrastructure that is implemented on-chip along with the BIST IP. The scope of safety is extended by the use of Embedded Analytics IP, which allows for monitoring and data collection within the SoC fabric itself. The Embedded Analytics IP can address a vast range of chip activities, even addressing some ISO 21434 requirements. Functional safety IP can be connected into, then monitored and controlled, by the Safety Island. Parametric monitoring finds issues that arise due to the effects of voltage, temperature, and process drift that can affect the performance and/or the reliability of the device. The data collected using the Tessent Safety Island needs to be analyzed offline, so having an array of different external communication options is critical. The Safety Island enables pre-processing and conditioning of the data to ensure that the data bandwidth and storage is utilized efficiently.
Siemens EDA offers the components to build a complete future-proof Safety Island solution to manage on-chip test, safety, and security IP and capturing the data.
Read our new paper, Automotive safety island: Management of test, safety, and security data at the edge for ISO 26262
https://resources.sw.siemens.com/en-US/white-paper-automotive-safety-island
Figure 1. Typical allocation of functional safety within an automotive SoC.
Figure 2. Basic safety island architecture.
Figure 3. Extended safety-island connectivity.