Functional Safety Introduction
What is Functional Safety
Functional Safety is a methodology designed to ensure that a system operates at an acceptable level of safety. ISO 26262 is an automotive safety standard that defines the necessary safety indicators for a secure vehicle system. Through the implementation of planned safety mechanisms, the vehicle can issue warnings and reach a safe state to prevent harm to humans.
Who needs Functional Safety
OEM (Original Equipment Manufacturer)/OBM (Original Brand Manufacturer)
Tier 1:Sub-system supplier, for example: ADAS
Tier 2:Module supplier, for example: Camera
Tier 3:Chip supplier, for example: PMIC
Tier 4:Material supplier, for example: IP
The system manufacturer is responsible for analyzing potential hazards to personnel caused by system failure. Considering a system comprises many components, it's important to include specific components that enhance functional safety. These functional safety components are designed to independently handle potential failures, reducing the need for the overall system to analyze and respond to random component failures.
Automotive Safety Integrity Level (ASIL)
An Automotive Safety Integrity Level (ASIL) shall be determined for each hazardous event based on the classification of Severity, Exposure, and Controllability — to determine a grade (from QM, A to D) by asking the following questions:
Severity class
|
Exposure class
|
Controllability class
|
| C1 |
C2
|
C3
|
| S1 |
E1
|
QM |
QM
|
QM
|
| E2 |
QM |
QM
|
QM
|
| E3 |
QM |
QM |
A |
| E4 |
QM |
A
|
B
|
| S2 |
E1 |
QM |
QM |
QM |
| E2 |
QM |
QM |
A |
| E3 |
QM |
A |
B |
| E4 |
A |
B |
C
|
| S3 |
E1 |
QM |
QM |
A
|
| E2 |
QM |
A |
B |
| E3 |
A |
B |
C |
| E4 |
B |
C |
D |
1. Severity:
If a failure occurs, what would the consequences? Would it affect the driver, passengers, and/or those outside the vehicle? Severity is comprised of the following ratings:
- S1 (Light to moderate injury)
- S2 (Severe injuries where survival is probable)
- S3 (Severe and fatal injuries) For example, rear-ending another vehicle.
2. Exposure:
How often is the system going to be exposed to this particular environment or situation? Exposure is comprised of the following ratings:
- E1 (Very low probability)
- E2 (Low probability)
- E3 (Medium probability)
- E4 (High probability) For example, the driving on the highway.
3. Controllability:
If a failure occurs, how easily will those around or operating the vehicle be able to avoid injury and/or damage? Controllability is comprised of the following ratings:
- C1 (Simply controllable)
- C2 (Normally controllable)
- C3 (Difficult or uncontrollable) For example, high automation where driver is not in the loop.
ISO 26262 is divided into five levels:
- QM: Quality Management pertains to levels that do not lead to safety hazards in vehicles.
- ASIL A: This is the least stringent safety level to achieve.
- ASIL B: Covers conditions ranging from minor to moderate.
- ASIL C: Encompasses conditions from moderate to severe.
- ASIL D: Meets the requirements for severe scenarios.
Richtek Functional Safety Product Feature
1. Built-In Self-Test (BIST):
Safety mechanisms including integrated safety features, offer high diagnostic coverage to ensure reliability during each driving cycle.
2. Voltage Monitoring:
Instability in the reference voltage can result in chip instability, increased errors, and decreased performance. Thus, the quality of the reference voltage is crucial for the chip’s proper operation. The chip incorporates a reference voltage detection mechanism that monitors the system’s reference voltage by introducing redundant reference voltages.
3. Clock Monitoring:
The system’s clock signal serves as the synchronous signal for various circuits and modules within the IC, ensuring that they execute respective operations at the correct time and in the correct sequence. Monitoring the clock signal is particularly crucial during IC design. The chip uses a reference clock to mutually monitor the system’s clock. If the system clock drifts beyond preset limits, it triggers a low signal, interrupts the chip, and reports the error.
4. Independent Fault:
In the context of functional safety, error notification holds immense importance. Our approach involves the creation of an independent error output interruption system. Reliable error notification can help prevent accidents and ensure the overall safety and performance of a system.