feature article
Subscribe Now

The Laws of Automotive Robotics

Synopsys Rolls Out ASIL-Certified IP for Automotive Systems

“What we’ve got here is failure to communicate.” – Strother Martin, Cool Hand Luke

Congratulations! You have an electric car. No, I don’t mean that you’ve suddenly won a Tesla, Nissan Leaf, BMW i3, or the late-lamented Fisker Karma. Or the not-so-lamented GM EV1. (And no, Mister Pedantic, I didn’t forget any of the original electric cars from the early 1900s, either.) No, you’re the proud owner of a rolling data center.

We all had a hunch that our cars were full of electronics. But how full is that? Try over 100 microprocessors per vehicle. And over a mile of copper wiring – so much wire that most automakers are switching to fiber-optic cable just to save weight. Putting electronics in cars is good business because (a) it’s a high-value option that customers will pay good money for; (b) it goes obsolete quickly, thus fueling customers’ perceived needs to upgrade cars constantly; (c) it’s the easiest way to comply with new fuel-efficiency and safety standards; and (d) it’s a high-margin business. Adding satellite radio or collision-avoidance systems tacks on thousands of dollars to the sticker price. Think the components costs that much?

In fact, it’s such good business that market-watchers IC Insights say that automotive electronics is the fastest-growing part of our industry. It was a $21 billion market last year, and it’s on track to grow by around 11% to 15% in each the next few years. That, my friend, is a lucrative business opportunity.

Trouble is, automakers aren’t very good electronics makers. That’s not what they do. No problem – they just farm out that work to subcontractors. In fact, it’s usually the electronics subcontractors who promote all the whizzy new ideas to the automakers, not the other way around. Also, automakers are very heavily regulated. Every nation on earth has a thick rulebook regarding automotive safety requirements, and the rules change from country to country. Until the 1990s, French cars had yellow headlights. Think you’ve got trouble localizing your software? Try doing that with a 3,500-pound electromechanical system full of electronics, leather, plastic, and explosive fuel.

That’s why car electronics lag so pitifully far behind consumer electronics. Getting an Apple Watch or Samsung Galaxy Tab XXVII through the hundreds of different international automotive regulatory processes is pretty much impossible. Safety is their number one concern – as it should be – not accommodating the latest update to Android. 

And therein lies the conflict. Automakers desperately want to put shiny (read: profitable) new electronics in their cars, and government agencies desperately want to ensure that said electronics are safe and reliable. The regulators are not especially swayed by market demand or competitive pressures. They’re just doin’ their jobs.

To apply some rigor to this back-and-forth negotiation, rules and regulations have been drawn up (aren’t they always?). One of those standards is ISO 26262 (say it fast five times), which tries to set out expectations for testing safety. The ’262 standard outlines all sorts of criteria, but one of its grading mechanisms is called ASIL: Automotive Safety Integrity Level. Various parts of the car have to meet various ASIL levels. ASIL-D is the most stringent, and it is reserved for the most complete and testable parts of a car’s drivetrain or safety systems. ASIL-A, on the other hand, is relatively simple and generally applies to components buried within other subsystems. That is, ASIL-D components aren’t safer than those meeting ASIL-A, -B, or –C levels. They’re just more thoroughly testable, so they get the topmost rating.

If you lived through the ISO 9000 quality craze, ASIL is sort of like that. Meeting ISO 9000 didn’t mean you produced a good product. Far from it. It just meant that you could meticulously document how you produced that product, in case anyone wanted to quiz you on details of the production process. Similarly, ISO 26262 sets out testability goals and guidelines, but it doesn’t necessarily guarantee that something is safe. That’s a whole ’nother can of worms that starts with AEC Q100 testing.

Even so, meeting ISO 26262’s ASIL standards is a necessary starting point. If you aint’ got that, you ain’t in the game. And that brings us to a handful of announcements made this week regarding automotive suppliers. Over on the software side, BlackBerry (which owns the real-time operating system QNX), says it now has development tools that meet ISO 26262 standards. That’s important if you’re writing code to go into a car.

And on the hardware side, Synopsys has rolled out a bunch of hardware IP that also meets ISO 26262 standards. At the top of the list is an ARC EM SEP (safety-enhancement package) processor, a tweak on the company’s configurable 32-bit embedded CPU. That’s followed by a new Ethernet controller, an LPDDR4 controller, and embedded SRAMs. There’s more in the pipeline: the company expects to have HDMI, PCIe, and MIPI CSI-2/DSI interfaces certified soon, as well as nonvolatile memories, data converters, and its EV vision processor. Like BlackBerry’s, Synopsys’ software-development tools also come in ISO 26262–compliant versions.

It’s pretty hard to test IP the same way you’d test a completed chip or a working black box. The ISO and AEC standards understand that; Synopsys doesn’t have to show that its netlists are immune to ESD latch-up, for example. But the ISO 26262 ASIL-B qualification does show that the IP in question is testable, verifiable, and transparent enough to let you move on to the next step. It won’t be an impediment, in other words. If your psionic robo-tronic driverless guidance system fails to get certified on all planets, it won’t be Synopsys’ fault. 

One thought on “The Laws of Automotive Robotics”

  1. It may seem pedantic, but it is important to remember that you cannot qualify components (ICs or their contributory IP) to 26262 ASIL levels. All you can say is that the way in which the component was developed makes it suitable for use in a system that will be certified to ASIL level X. The same applies to tools

Leave a Reply

featured blogs
Nov 12, 2018
That return path may or may not be the one that was designed for the circuit. A poorly designed return path will result in the return currents wandering around and escaping as electromagnetic......
Nov 12, 2018
The title of this post seems pretty generic, after all who wouldn't want correct designs. But actually Correct Designs is the name of a company. They have been working closely with Cadence on PSS, the Accellera Portable Stimulus Standard, and Pespec (officially the Caden...
Nov 9, 2018
Samtec is presenting new products and new technologies at Electronica 2018, as well as our full line of interconnects including High Speed Board-to-Board, High Speed Cable Assemblies, Micro/Rugged, Flexible Stacking, Optics and Precision RF.  We are in a new location this ye...
Oct 16, 2018
  IC Insights has just published the September Update to The 2018 McClean Report, and one figure (reproduced below) puts yet another nail into the coffin for poor old Moore'€™s Law. Now please take care. There'€™s a vertical line between the 200mm wafers on the left ...