Key Requirements for Automotive SoC Design

Thanks to the intelligence inside, your car can do a lot more on its own than ever before. When your vehicle senses it is getting too close to the car in front, it can apply the brakes. Or if your car recognizes it’s about to cross into another lane, it can alert you or center itself. And, while they’re not yet commercially available, self-driving cars are being tested and operated on our roadways.

Today’s connected vehicles are digital platforms. At the high end, it’s not uncommon to find upwards of 150 million lines of software code distributed among 150 or more electronic control units (ECUs), as well as in sensors, cameras, radar, and LiDAR devices. Software provides a lot of the vehicle differentiation, working in tandem with the hardware to turn concepts like automated braking, lane departure warnings, and self-parking into viable features.  

With technology driving so many of the capabilities in modern vehicles, it’s no wonder that automotive SoCs are a key point of focus for carmakers. Some automotive OEMs are designing their own chips, and many others are investigating the possibilities. When it comes to ensuring the dependability of these chips, four key characteristics are needed: quality, reliability, functional safety, and security. Read on to learn more about the requirements to address each of these areas in your automotive SoC designs.  

Reliability: Ensuring High SoC Performance Through the Life of the Vehicle

Since cars are expected to operate for more than 15 years, having reliable automotive SoCs could mean the difference between components that perform well for the expected lifespan and those that fail earlier than anticipated. Achieving a level of chip robustness involves avoiding service failures that are more frequent and/or more severe than acceptable.

Reliability is impacted by process/voltage variability; wear-out failures stemming from factors such as aging, thermal effects, electromigration (EM), and electrostatic discharge (ESD); and random failures due to environmental issues such as power surges. One of the key automotive industry standards addressing reliability, along with longevity, comes from the Automotive Electronics Council: AEC-Q100. AEC-Q100 provides failure mechanism-based stress test qualification for packaged automotive ICs. Given that automotive chips must operate under harsh conditions, stress testing while they are being designed can lead to more reliable automotive systems.

Many of the issues that impact SoC reliability require innovation to analyze and fix at the SoC level, with coverage for all paths. Device aging must be analyzed according to the stress temperature, stress voltage, lifetime, and signal probability of the SoC, otherwise known as the “mission profile.” A static timing analysis- (STA-) based solution that covers all paths in the design and provides high accuracy with the low cost of library characterization enables the analysis to be performed for comprehensive mission profiles. Automated design robustness analysis and optimization technology that can identify cells that are susceptible to process variation, or paths that are susceptible to voltage variation, are crucial to prevent timing failures.

Signal and cell-level EM is another challenging consideration. For automotive reliability, the design must meet signal EM requirements (average, RMS, and peak current) as specified by the semiconductor process foundry. EM analysis involves accurate modeling, extraction, and calculation of current through wires in the design. In addition to signal EM rules, cells must be used under reliable conditions to not exceed the maximum frequency or toggle rate. As such, cell-level EM must be modeled during library characterization to record the maximum frequency for different slew and load conditions. Signal EM violations must be fixed during optimization in physical implementation. Cell-level EM violations must be fixed during ECO by replacing cells to meet EM requirements.

During the SoC’s in-field operation, employing silicon lifecycle management (SLM) techniques can extend its lifetime. On-chip path margin monitoring (PMM) can be implemented to reduce the operating voltage for targeted performance profiles. Reducing the operating voltage offers the benefit of reducing voltage and temperature stress on devices, which increases the SoC’s lifetime. Continuous path-margin monitoring provides analytics to optimize the SoC’s performance.

Functional Safety: Reducing Risks Caused by Malfunctions

Systemic faults, like bugs or an incorrect implementation, and random hardware failures from events such as silicon aging and EM effects, are two potential sources of safety risks in automotive electronics. The ISO 26262 functional safety standard provides guidelines automotive chipmakers must meet to have safety critical devices qualified to run inside vehicles. The standard’s risk classification system, the Automotive Safety Integrity Levels (ASILs), aims at reducing potential hazards caused by electrical and electronic system malfunctions.

Functional safety (FuSa) is a new metric in the RTL-to-GDS flow. It involves FuSa verification (DC validation through fault categorization is one example), analysis (such as failure modes, effects, and diagnostic analysis (FMEDA)), and FuSa implementation (such as the insertion of safety mechanisms). Tight integration of automated flows for each of these phases is important to deliver on three key factors:

• Confidence, with traceability and safety compliance
• Productivity, with reduced engineering effort
• Efficiency, with optimized turnaround time and power, performance, and area (PPA)

Designing fail-safe hardware involves adhering to certain hardware architecture metrics, such as SPFM, LFM, and PMHF. FMEDA at the IP, subsystem, and SoC levels can track these metrics and, in conjunction with dependent failure analysis (DFA), covers random faults. Addressing systematic faults calls for state-of-the-art verification with traceability and design failure mode and effect analysis (DFMEA). Verification validates whether inserted safety mechanisms are effective, while traceability provides a way to manage the functional safety requirements during the development process. DFMEA helps to identify and resolve errors or potential sources of errors in a design.