Automotive ICs

Introduction – What is Functional Safety?

1.Functional Safety and Intrinsic Safety

 

Functional Safety

“Functional safety” indicates functional tweaks (functions for ensuring safety: safety functions below) made to ensure a level of acceptable safety

 

Intrinsic Safety

“Intrinsic safety” indicates measures taken to reduce or eliminate harm to humans or the environment caused by changes in equipment or structures

For example, a railroad crossing where road traffic crosses a railroad track

  • Idea of “functional safety”
    Railroad crossingA “railroad crossing” is often equipped with bells that start ringing to warn of approaching trains and barriers that force traffic to stop. These safety measures lower the risk of accidents to an acceptable level.

 

  •  Idea of “intrinsic safety”
    Grade separated crossingA “grade separation” is a method to have trains and road vehicles cross each other on separate levels to prevent accidents and ensure safety.

 

 

Note: A grade separation places the railroad above road traffic or vice versa. However, accidents could still cause a wide variety of harm. For example, falling objects, issues in the construction of fences or the complete collapse of the overpass due to a natural disaster or other calamity could occur, so a grade separation does not mean absolute safety. However, in terms of railroad crossing safety, a grade separation is an example of intrinsic safety since it ensures safety by eliminating the crossing (the cause of the problem) itself.

 

A background to the idea of safety

Europe and North America

Even though the manufacturing industry aims for zero defects, things still fail and are damaged, a design may contain bugs and people make mistakes. (The idea that safety was a goal to strive for but impossible to achieve had taken hold.) As systems increase in complexity, it becomes more difficult to ensure complete safety through intrinsic safety. This has led to the standardization of the “functional safety” idea to compensate for the shortcomings of intrinsic safety and to prevent, to the greatest possible extent, injury to humans through product failures or bugs.

Japan

The manufacturing industry has striven for the complete achievement of “intrinsic safety” through greater reliability and 0 defects based on the concepts of design quality improvements and continuous manufacturing improvements. As a result, “Made in Japan” has become internationally famous for high quality that does not easily break down. To launch a product on the world market, it must meet the standards of each specific country and the increasing application of functional safety standards has made the idea known and accepted also in Japan.

Continuous improvement

 

Background to the formulation of  ISO 26262 automotive functional safety standard

The fault* of a single part in an automobile could make it impossible to control the engine, operate the steering wheel, stop the vehicle or other malfunction and such a malfunction must not immediately lead to harm of human beings (driver, passengers or people outside the car).

 

functional safteyThe obfuscation of individual functions through the proliferation of electronics in automobiles, the complexity of managing operations between ECUs (Electronic Control Units) and complexity of design developed by multiple suppliers lead to faults* and errors*. In the event that a failure* leads to an accident, it becomes necessary to determine who is responsible for the resulting human injury and property damage.​

The manufacturer will be able to fulfill accountability for safety and provide evidence if taken to court by revealing the entire development process of striving for 0 accidents from automobile failure under the idea of “functional safety.”

 For this reason, the ISO 26262 safety standard was prepared on the basis of the IEC 61508 to specifically reduce the probability of hazardous events caused by malfunctioning behavior of electrical and electronic (E/E) systems.

*Fault・・・An abnormal condition that can cause system or vehicle failure.
*Error・・・Discrepancy between a computed, observed or measured value or condition and the true, specified, or
theoretically correct value or condition.
*Failure・・・Termination caused by a fault of the ability of a system or vehicle to perform a function as required.

ASIL_flow
Quoted from ISO 26262-10:2018

 

Safety Mechanisms for Functional Safety

“Functional safety” indicates functional tweaks made to ensure a level of acceptable safety.

Automotive systems, components, electronic circuit and software can achieve “functional safety” by adding safety mechanisms.

functional saftey

 

Safety mechanisms include fail-stop and fail-operational (continued functionality) and it is necessary to provide ASIL compliant safety mechanisms.
failsafe operation

 

2.What is ASIL?

ASIL refers to Automotive Safety Integrity Level, a risk classification system defined by the ISO 26262 standard.

ASILs establish safety requirements - based on the probability and acceptability of harm - for automotive components to be compliant with ISO 26262.

ISO 26262 identifies four degrees of ASILs - A, B, C and D. ASIL-A represents the lowest degree and ASIL-D the highest degree of automotive hazard.

ASIL class

Systems such as airbags, anti-lock brakes or power steering require an ASIL-D grade - the highest rigor applied to safety assurance - because the risks associated with their failure is the highest. In addition, all electrical and electronic systems must undergo a safety analysis, for example, the rear lamps and other components are categorized as ASIL-A, headlamps and brake lamps as ASIL-B, while adaptive cruise control is categorized as ASIL-C to D.

 

Example of implementation of safety mechanisms

Redundant design
Main system and Redundant system

A method of design where a backup function takes over to prevent accidents or problems to reduce harm if the main function fails.

 Failure detection

A measure to add functions using other parts to monitor for anomalies in main functions or make them known before they happen to protect from harm.

 

ABLIC ICs assist in building functional safety into product design

Automobiles use multiple MCUs.

If an MCU abnormality is assumed,

  • add a voltage detector to monitor and notify MCU malfunctions caused by overvoltage or low voltage in the power supply.
  • add a watchdog timer to monitor and notify if the MCU program is out of control or has stopped running due to a software bug.

For example, circuits peripheral to the MCU and WDT

If anomalies are assumed in a lithium-ion battery in an electric vehicle (HEV, EV, etc.),

The automotive ICs described below also assist in building functional safety into product design.

 

Application examples

ASIL application-ex

Voltage detetor S-191L/N Connection diagnosis IC S-19700 Connection diagnosis IC S-19680 Connection diagnosis IC S-19682B Connection diagnosis IC S-19683B Watchdog timer S-19400/1 Watchdog timer S-19514/5 Watchdog timer S-19516/7 Watchdog timer S-19518 Watchdog timer S-19519

If you click on the product name, it will link to the product overview page.

※We can provide FIT values calculated to suit your specifications.
 For more information regarding our FIT rate calculation, contact our sales representatives.

 

Product introduction