Critical Safety Overview and Definitions

Critical safety systems are necessary to prevent catastrophic outcomes. Achieving this requires a rigorous standards framework and documented processes addressing both hardware and software safety concerns. Safety-critical systems, governed by functional safety (FuSa) and industry-specific standards, protect lives, property, and the environment by ensuring that components or processes function correctly, even during faults. FuSa focuses on detecting, managing, or mitigating malfunctions in hardware and software to minimize the risk of failures and their consequences.

IEC 61508 is an international standard consisting of methods on how to apply, design, deploy, and maintain automatic safety-related protection systems. This is a basic functional safety standard applicable to all industries.

Using IEC 61508 as a starting point, each industry has evolved its own FuSa standard to focus on and address that industry's unique requirements. These standards include RTA/DOI178B (Aerospace), EN 62601 (Factory Automation), IS0 26262 (Automotive), ISO 13849 (Machinery), and IEC 60601 (Medical).

This document provides an overview of the terminology, compliance requirements and system-level considerations for automotive critical safety, with a focus on ISO 26262. FuSa features are integral to every automobile, including the system-on-chip (SoC) devices for tasks such as sensor processing, sensor fusion, artificial intelligence (AI) and machine learning (ML).

ISO 26262 is an international standard for FuSa that is specifically designed for the automotive industry. The standard contains specialized terminology with acronyms and abbreviations that can be misinterpreted or forgotten. The following cheat sheet can be used as a quick reference to reduce confusion, improve efficiency and facilitate collaboration.

Functional Safety Acronym and Abbreviation Table Cheat Sheet

Functional safety in automotive applications depends on adherence to ISO 26262 and the adoption of advanced technologies, such as network-on-chip (NoC)architectures. NoCs enable efficient communication between IP blocks while meeting stringent safety and performance requirements. This capability is the backbone of the design of SoC devices.

For an automotive SoC to meet ISO 26262 standards, developers must address multiple design challenges. Each SoC is composed of hundreds of IP blocks, most of which are acquired from trusted third-party sources. Additionally, there may be one or more proprietary IPs designed to differentiate the SoC from competitive offerings developed in-house. The design team will do their best to use only IPs that have been certified for ISO 26262 compliance. While individual IP certifications are important, they are not sufficient on their own. The entire SoC must achieve system-level certification also.

Today's complex automotive SoCs employ NoC technology, such as Ncore coherent interconnect IP and FlexNoC non-coherent interconnect IP from Arteris. These NoCs provide the efficiency, scalability, and reliability that are demanded by modern automotive applications like ADAS (Advanced Driver Assistance Systems) and autonomous vehicles.

The underlying concept of FuSa is that systems or SoCs will automatically respond to any changes in inputs or internal failures in a predictable, fail-safe manner. This requires a careful design that detects faults, manages system states, and ensures a controlled response to maintain safety without compromising system functionality.

Applying the highest levels of FuSa to every aspect of every system might seem ideal. However, this approach is impractical due to the associated costs, including design time, system size, power and other factors. For example, ISO 26262 defines a risk classification system called Automotive Safety Integrity Level (ASIL). This system categorizes hazards into levels ranging from ASIL A, which represents the lowest degree of risk, such as a taillight malfunction, to ASIL D, which represents the highest level of failure, such as a complete loss of the braking system. Each ASIL level requires a different degree of response that aligns with the severity of the associated hazard.

By integrating advanced safety features directly into NoC designs, developers can simplify compliance with ISO 26262 while enhancing system performance. Arteris implements this approach with its Ncore coherent interconnect IP and FlexNoC non-coherent interconnect IP. The company also offers a FuSa option that provides error detection, correction and system resilience features. These include ECC, packet consistency checkers, unit duplication, initiator timeout, FMEDA generation and fault reporting logic BIST, enhancing data integrity, system reliability and compliance with industry standards.

Arteris NoCs, augmented with the FuSa option, provide the comprehensive features and documentation required to support system-level ISO 26262 certification efforts.