Transcription of PCI Express Technology for Automotive Functional Safety (FuSa)
1 PCI Express Technology for Automotive Functional Safety (FuSa). PCI-SIG Automotive Webinar Series Speakers Ron DiGiuseppe Stephanie Friederich Thierry Beaumont Automotive IP Segment Manager, Synopsys Systems Engineer, Intel Corporation Functional Safety Engineer, Intel Corporation Ron DiGiuseppe is the Automotive IP Segment Stephanie Friederich is a Systems Engineer at Intel Thierry Beaumont is a Functional Safety Engineer at Manager at Synopsys. He is responsible for Automotive Corporation. She is responsible for system architecture Intel Corporation. He is responsible for analyses of SoC. segment marketing for Synopsys DesignWare for both Automotive and industrial applications in the in the Autonomous Transportation and Infrastructure Intellectual Property (IP) solutions for ADAS, Connected Autonomous Transportation and Infrastructure Division.
2 Division. Car, & Infotainment applications. Ron brings more than Stephanie brings in experience in developing and 22 years of semiconductor experience to Synopsys. debugging complex system designs including high Prior to joining Intel Corporation, Thierry work for 10. speed data transmission. years in the Automotive industry, held team lead position Prior to joining Synopsys, Ron held a range of and developer position for ECU up to ASIL D at management positions at Xilinx for Automotive Stephanie earned her MS and PhD in Electrical Continental Powertrain. connectivity IP products as well as engineering Engineering from the Karlsruhe Institute of Technology . development and management roles for companies including Oki Semiconductor, NEC, and Raytheon Corporation.
3 2. Agenda Introduction of PCIe Technology in Automotive for Safety critical applications Functional Safety (FuSa) background PCIe Functionality for Functional Safety PCIe Technology and additional Safety mechanisms to meet ASIL B and beyond PCIe Technology for Automotive FuSa Summary 3. Introduction 4. PCIe Technology : Ideal for Automotive Applications (1/2). ADAS Domain Controller Data Backbone Actuator Actuator Actuator Actuator Actuator Actuator Actuator Actuator Actuator Zonal Zonal Actuator Actuator Gateway Sensor Sensor Gateway Actuator Sensor Sensor Sensor Sensor Sensor Central Processing Module Actuator Actuator Actuator Actuator Actuator Actuator Actuator Zonal Actuator Actuator Zonal Actuator Sensor Gateway Gateway Actuator Actuator Sensor Actuator Sensor Sensor Sensor Sensor Technology Requirements Technology Requirements High Bandwidth High Bandwidth Scalability Low Latency Low Latency EMC/EMI Reliability of long reach Hypervisor / Virtualized applications cable link Better usage of power/thermal Security Security
4 Functional Safety Functional Safety 5. PCIe Technology : Ideal for Automotive Applications (2/2). Storage SSDs for Infotainment and AD Telematics Connectivity Multi-modem: 5G. V2X. SSD TCU. WiFi Automotive SSD. High Bandwidth Bluetooth Processor PCIe Lanes GNSS. Soc SSD Head Unit Technology Requirements Technology Requirements High bandwidth and fast startup/boot High Bandwidth/Throughput Very Low latency Data Reliability and Integrity Very High Endurance & Extended data retention EMC/EMI Reliability of long reach cable link Very High Density & Guaranteed write performance Security Stable performance over time/temperature Functional Safety SRIOV. Functional Safety 6. PCI Express for Automotive Functional Safety Use Case Item PCIe Use Model Application ADAS & IVI Domain Controllers Scaling Compute Autonomous Vehicle (AV).
5 1 Chip-to-Chip Processing Zonal architecture -Central Processing 2 Data Backbone Long Reach Zonal architecture -In Car Network BlackBox Chip-to-Chip 3 PCIe Based Storage ADAS/AV Mapping Module Infotainment Chip-to-Chip Connectivity: Telematic Telematics: BT, WIFI, 4G & 5G. 4 Module Control Unit (TCU) V2X. Long Reach 7. PCIe architecture : Mission Critical for Automotive SoCs ADAS PCI Express Technology is mission critical for Automotive SoCs NVMe Embedded Memories LPDDR5/4/4X Security Interfaces: LPDDR5/4/4X, Ethernet TSN, Logic Libraries (x12). 64-bit Cache UFS. Processor Safety Manager MIPI, HDMI, CXL, eDP, CAN. Data path SD/eMMC. Safety Processing Subsystem & Security Storage Processing: AI Accelerators, Embedded Interconnect Vision, DSP, Security Vision Subsystem Display Connectivity Subsystem CAN, DSP Graphics Core CAN-FD.
6 Ethernet AVB/TSN. Security & SoC Safety Manager Embedded MOST. ISP Vision eDP. CXL Sensor Fusion Processor FlexRay HDMI. MIPI CSI. MIPI DSI UART PCIe 16-/14-nm 8-/7-nm 5-nm Functional Safety 8. Functional Safety (FuSa) background Safety Standards and Automotive Safety Standard Overview Definition Example : Lane Departure Warning 9. Safety Standards IEC 61508:2010. Foundational standard Electrical, electronic, and programmable electronic systems (typically in Industrial). Stand-alone & basis for sector-specific standards ISO 26262: 2018 2nd Edition ( Automotive ). Programmable electronics installed in series production passenger vehicles Addresses possible hazards caused by the malfunctioning behavior of Safety related electrical and/or electronic (E/E) systems ( , malfunctions in the presence of faults).
7 10 parts are Normative 2 parts are Guideline 10. ISO 262626 Definition Fault and Safety Measure fault definition from ISO26262:2018 Part 1 Vocabulary abnormal condition that can cause an element or an item to fail Note 1 to entry: Permanent, intermittent, and transient faults (especially soft -errors) are considered. Note 2 to entry: When a subsystem is in an error state it could result in a fault for the system. Note 3 to entry: An intermittent fault occurs from time to time and then disappears again. This type of fault can occur when a component is on the verge of breaking down or, for example, due to a glitch an internal malfunction in a switch. Some systematic faults ( timing marginalities irregularities) could lead to intermittent faults.
8 Safety measure definition from ISO26262:2018 Part 1 Vocabulary activity or technical solution to avoid or control systematic failures and to detect random hardware failures or control random hardware failures, or mitigate their harmful effects Note to entry: Safety measures include Safety mechanisms. Example : FMEA and software without the use of global variables, ECC, Parity 11. Example: ADAS Lane Departure Warning ADAS. ADAS. Automotive Safety Integrity Level (ASIL) ISO 26262- 3:2018, Road vehicles Functional Safety Part 3: NVMe Embedded Memories LPDDR5/4/4X Security Logic Libraries (x12). Concept phase 64-bit Cache Safety UFS. Processor Manager Data path SD/eMMC. Item: Lane Departure Warning Safety Processing Subsystem & Security Storage Malfunction: Lane departure warning is Interconnect unavailable to notify driver of car drifting outside Vision Subsystem Display Subsystem Connectivity CAN, Ethernet of lane DSP Graphics Core CAN-FD AVB/TSN.
9 Embedded eDP MOST. Hazard: Car will stray from intended path ISP Vision CXL. Processor FlexRay HDMI. MIPI CSI. MIPI DSI UART PCIe Malfunction / Hazard Operational Domain Mitigation/failback Harm Lane departure warning is unavailable City Street Driver maintains correct path Side collision with car to notify driver of car drifting outside of (Exposure of E3) (Controllability of C3) (Severity of S2). lane ISO 26262 Part 10 Clause 9 Safety Element out of Context Assumed Safety Goal ASIL Assumed Safe State Fault on the inter processor communication shall be B Feature deactivated and driver mitigated warned 12. ISO 26262 Work Product Overview Item Definition Functional Safety Concept Safety Plan Technical Safety Concept Integration and Testing Hardware Safety Requirement Failure Mode Effect Analyses (FMEA).
10 Software Safety Requirement Safety Manual 13. What Types of Faults Does ISO Cover? Systematic Faults Systematic faults can only be eliminated by a change of the design or of the manufacturing process, operational procedures, documentation or other relevant factors. Examples of systematic faults include incorrect requirements, Work Product Related Item Definition Safety Plan Functional Safety Concept Technical Safety Concept Hardware Safety Requirement Software Safety Requirement Software Unit Testing Verification of Software Requirements Tool Classification and Qualification for Hardware and Software 14. What Types of Faults Does ISO Cover? Hardware Random Faults Related to faults of the hardware itself: Permanent Fault examples: Stuck-at bit, over voltage condition Transient Fault example: Soft error Rate due to radiation strike JESD89-2A TEST METHOD FOR ALPHA SOURCE.
