SiFive - July 22, 2024
SiFive Enhances RISC-V Automotive Safety Leadership with Critical Functional Safety Certification
The automotive market requires high levels of quality and safety. With the rapid increase in the number of chips and electronic systems in vehicles—there are as many as 3000 or more chips in some cars—the need for safety and the ability to test and certify these systems has become more challenging and more critical. Recognizing the importance of quality and safety early on, SiFive formed a team of world leading experts in automotive functional safety (FuSa) to empower our customers to swiftly deliver safe, secure and certified products for connected vehicles. These functional safety products are also beneficial for many other markets, including aerospace and defense. In this blog we’ll share more information about functional safety and will talk about how SiFive is integrating it into our broad portfolio.
What is functional safety?
In the automotive world, functional safety is all about ensuring that electronic systems in vehicles do not pose a risk or harm people, even in the case of a failure. ISO 26262 is the international standard that defines the requirements for functional safety. Achieving certification is a complex process involving rigorous testing, analysis, and documentation to minimize the risk of potentially dangerous malfunctions.
The standard defines functional safety as the “absence of unreasonable risk due to hazards caused by malfunctioning behavior of the electrical/electronic systems.” Functional safety standards like ISO26262 use safety integrity levels as a means to quantify what a reasonable risk could be in a vehicle system. The automotive safety standards define an automotive safety integrity level classification, ranging from ASIL A (which is the least stringent) to ASIL D (which is the most stringent).
To meet the required integrity level of functional safety standards and adequately mitigate risks, companies need to fulfill process requirements (methods and techniques) and/or add functional features to detect and control failures.
Functional safety is focused on preventing two kinds of failures:
Systematic failures, which are present from the beginning (e.g design bugs) and can manifest themself in the final product. They are avoided by adopting a robust development; the correspondent risk mitigation is quantified by the systematic capability.
Random hardware failures, which are due to events randomly appearing on the field, sometimes made possible by degradation (aging). They are detected or controlled by specific features called safety mechanisms and quantified by the hardware random (or diagnostic) capability.
SiFive approaches safety with a divide and conquer approach.
SiFive addresses the complexity of automotive functional safety with a divide and conquer approach. We recognize that a safe vehicle is the result of a collaborative effort across the entire supply chain.
Our strategy begins by embedding safety into the hardware IP that we design. This not only ensures the integrity of our IP, but also empowers our customers to confidently integrate these components into their larger systems. This divide and conquer approach allows each supplier to focus on their area of expertise, ultimately contributing to the creation of a holistically safe vehicle.
Here's how it works: the integrity level allocated to a specific system (e.g. the breaking system) can be decomposed with an integrity level that each and every component on the system has to achieve. This is a typical approach in distributed development. This allows different teams or suppliers to focus on independently achieving the safety requirements for their specific components. SiFive ensures both random hardware faults (through safety mechanisms) and systematic faults (through rigorous development processes) are addressed in our products.
By taking this methodical and collaborative approach, SiFive simplifies the complex task of building safe vehicles. It's a win-win: we create safer, more reliable components, and our customers can seamlessly integrate our certified IP into their systems, accelerating the development of safe, high-quality vehicles for the end consumer.
So why is this so important?
As vehicles become more reliant on electronic systems for everything from engine control to advanced driver assistance systems, the importance of functional safety cannot be overstated. Failures in these systems could have catastrophic consequences resulting in loss of life, along with disastrous implications for the manufacturer.
Furthermore, as the industry moves towards autonomous vehicles, the safety of electronic systems becomes even more important when the driver is not taking control and mechanical systems are replaced with digital ones. These systems also need to last in a vehicle for decades. As a result, electronic systems in autonomous vehicles are very complex, with many interactions between other systems and they have to work as expected in many different conditions, even in cases not imagined during the initial design.
Another challenge is that consumer vehicle manufacturers are very sensitive to cost, particularly as the overall cost of electronics is rising. In order to be competitive, or even affordable, the cost of the electronic system needs to be relatively low. To keep costs down, it is not possible to solve the safety problem by duplicating or triplicating the systems, which is done in avionics and aerospace applications.
Without the right procedures in place, implementing systems with high performance and high complexity at low cost increases the risk of failures. For instance, using advanced technology nodes can lead to new types of faults, and artificial intelligence leads to unpredictable behavior. While combining more functions on the same system (e.g. IVI and ADAS) reduces cost, this creates potential interference that requires a lot of attention.
In short, functional safety isn't just a technical matter; it's about protecting lives and building trust in the increasingly complex technology that powers our vehicles.
Accelerated development and time to market
SiFive enables system integrators to leverage our pre-certified IP, developed as a Safety Element out of Context (SEooC), to significantly reduce development time, effort, and risk. This saves system integrators from having to do audits and map their supplier's process to the requirements of ISO 26262. This makes it easier and faster to develop a safety case for incorporating the IP into broader systems.
Pre-certified IP comes with complete documentation on what has been analyzed, and how and what needs to be done at the system level.
Key benefits to the customer include:
Risk reduction: The rigorous certification process gives system integrators confidence and peace of mind about the quality and reliability of the IP that is integrated into their system. The system integrator knows what has been done and what needs to be covered, and there is no risk of discovering gaps late in the development cycle.
Cost/effort savings: Pre-certified IP has gone through the certification process and so the integrator does not need to repeat it and can concentrate their effort on the remaining part of the system and what they do best. Having third party IP in the certification scope of a system can be very complex due to the limited knowledge and information that the user typically has, so we help to avoid this with our pre-certified IP.
Development time reduction: The certification activities for the pre-certified IP are already done and properly documented, significantly reducing development time and effort.
Competitive advantage: SiFive's certified IP provides customers with a competitive edge in the automotive market. Additionally, SiFive is committed to staying on top of the latest standards and we are active participants in standards bodies to help identify new techniques and methodologies, better understand the intention of standards, and to ensure the latest techniques and methodologies are achievable. With this commitment to safety we’re bringing our customers peace of mind and serving as a valuable resource for them.
SiFive functional safety leadership
By offering pre-certified IP as SEooC, we’re ensuring that the core building blocks of automotive systems are developed following rigorous development processes which are ASIL D compliant. These processes are the cornerstone of preventing systematic failures. This IP is also designed with appropriate safety mechanisms to provide protection against random hardware faults, supporting applications to meet hardware integrity up to ASIL B and ASIL D.
These processes are independently reviewed and audited by a third-party (TÜV SÜD) as part of the functional safety assessment of the SiFive Automotive products. These products are certified to meet ASIL D systematic integrity and achieve up to ASIL B and ASIL D hardware integrity. Designated products have a dedicated safety package to document everything the user needs to properly use them in a safety related system, including: A safety manual Safety analysis report including the Failure Modes, Effects, and Diagnostic Analysis (FMEDA) and the Dependent Failure Analysis (DFA) Development Interface Agreement (DIA)
Which SiFive products are certified?
Today the following SiFive automotive products have successfully obtained ISO 26262 certification:
E6-AB: A 32-bit embedded processor ideal for real-time applications requiring ASIL B hardware safety integrity.
E6-AD: A 32-bit processor designed for advanced driver-assistance systems (ADAS) and other demanding safety-critical applications.
E6-AS: A 32-bit processor supporting split-lock functionality, targeting ASIL D integrity level in lock-mode.
S7-AD: A 64-bit processor optimized for safety-critical functions that delivers exceptional performance for zonal controllers and other complex automotive systems.
SiFive also recently became the first supplier to achieve ISO/SAE 21434:2021 product certification, which provides a comprehensive framework to identify, assess, and mitigate cybersecurity risks across the supply chain.
To sum it up, SiFive’s certified IP lowers risk and development time. By utilizing SiFive's certified SEooC IP, customers can:
Lower risk: Significantly reduce the risk of product recalls, accidents, and legal liabilities.
Increase confidence: Gain confidence in the safety and reliability of their products.
Streamline certification: Simplify the overall certification process for their components/systems.
For more information, contact your SiFive sales representative or reach out through our website.