Risk management in functional safety
R risk administration SDRAM from Micron
While automotive tier 1s and OEMs have always addressed functional safety requirements, it is obvious that functional safety is gaining more attention from semiconductor vendors as a result of the complexity of today’s and tomorrow’s cars’ electronics systems and their expanding system level.
Micron fulfils the demand for functional safety assistance that adheres to Micron’s authorised SAFER approach in the automotive sector through its JEDEC compliant and automotive qualified products in its automotive product line. Micron’s LPDDR5 memory, created under its SAFER architecture and already available and ready for production, is a solution created for the most sophisticated advanced driver-assistance systems (ADAS) on the market.
At the component and system levels, risk management
The quick adoption of ADAS in today’s cars emphasises how crucial functional safety is. As OEMs and Tier 1s create safety critical ECUs with ever increasing semiconductor content, the performance requirements of ADAS in today’s automobiles are significantly raised, underscoring the need of functional safety for semiconductors.
As in car entertainment features and ADAS become more integrated, system level functional safety is becoming more and more important. Semiconductor memory and storage devices must adhere to high safety standards, such as ISO 12662, at the system level.
Functional safety, according to ISO 26262, is the “absence of unreasonable risk due to hazards caused by malfunctioning behaviour of electrical/electronic systems.” According to the paper, there are two different categories of failures: systematic failures and random failures.
The two essential parts of functional safety, systematic fault coverage and random fault coverage, are concerned with assisting the device in operating as it was intended and planned to do so that occasional, random problems may be detected. Random errors can be flagged so that the whole system can analyse them and react properly.
Several additional steps are added to the semiconductor development process to reduce the risk of systematic failures:
Instructional (such as teaching personnel about ISO 26262)
organisational (such as establishing a separate office for safety and obtaining internal or external certifications in safety)
Informational (e.g., requests for further papers and review)
The process of developing a product must take more stages for each successive ASIL (automotive safety integrity level). As ASIL D is the most demanding functional safety certification level, the most stages are added to the product development process.
Compliance with ISO 26262 results in reduced risk
Although a whole ISO 26262, ASIL D-certified component provides the integrator with the highest degree of safety, the ISO 26262 standard offers three additional, accepted methods to meet a lower risk level for systematic failures:
Hardware assessment: evaluation of quality management hardware (QM HW) components
proven-to-work QM HW components
Decomposition of ASIL
According to clause 13.4.4.1 of ISO 26262-2018:8, Class III hardware components can only apply the hardware assessment technique during the transitional period. It is intended to build the hardware element in accordance with IS 26262 in the future. This Class III device should undergo a formal compliance certification process in order to be used in future designs.
Instead of using a hardware evaluation technique, a design should make use of an existing part that has been verified compatible with the ISO 26262 criteria and is available on the market. This decision lowers the complexity of the integration process, limits risk, and eventually lowers total costs.
LPDDR DRAM ought to be categorised as a Class III Hardware component. The categorization of the HW element in accordance with paragraph 13.4.1.1 of the specification 262626-8.
Criteria for classifying hardware components from exida, a functional safety consulting company
The tried and true quality management (QM) hardware elements technique is based on a small number of return merchandise authorizations (RMAs) and evaluates the profile of return material. This method calls for around five million components in the field and can support their usage in a safety application.
The time it takes to earn an ASIL D certification using this method might range from four to six years. The proved in use technique offers a lower degree of safety assurance, has an inherent high risk, and is not advised as a sustainable solution when taking into account potential supply chain delays, shipment volumes, and working hours.
According to clause 5 of ISO 26262-9:2018, ASIL decomposition is described. Simply said, ASIL decomposition is an organised method of introducing redundancy into the system in order to lower the needed ASIL for certain system components.
Contrary to hardware assessment, ASIL decomposition may be utilised for subsequent generations of goods, but owing to redundancy, it can result in a materially higher overall system cost and component count. ASIL decomposition also has the potential to have a major influence on overall system availability since it emphasises problem detection above fault prevention.
