Renesas Realizes Nine-CPU Multicore SoC Fabricated in 16 nm FinFET Process That Supports the ISO 26262 ASIL B Standard
TOKYO — (BUSINESS WIRE) — February 2, 2016 — Renesas Electronics Corporation (TSE:6723), a premier supplier of advanced semiconductor solutions, today announced the development of hardware fault detection and prediction technologies for functional safety in automotive computing systems. Renesas has also successfully developed a prototype of an automotive computing system-on-chip (SoC) fabricated in a 16 nm FinFET process supporting the ISO 26262 ASIL B standard for automotive functional safety.
Recently, there have been extensive activities in developing self-driving systems for vehicles, and it is expected that the autonomous-driving era will arrive by the year 2020. Created by the International Organization for Standardization (ISO), the ISO 26262 "Road vehicles - Functional safety" standard defines the entire safety life cycle for electronics and/or software in safety-related systems in vehicles weighing less than 3500 kg. Included in this are specific recommendations for the mitigation of random hardware faults, including diagnostics and/or the specific implementation of hardware safety systems.
When an internal fault occurs during driving, the automotive computing system used in an autonomous vehicle must either stop the vehicle safely or continue driving safely. Therefore, while SoCs for automotive computing systems have larger scales and more complex functions than earlier SoCs to process at high speeds and in short time periods that the large amount of data sent to them from cameras and other sensors, they are required to have safety mechanisms. There are several approaches to hardware fault detection, such as logic duplication and self-testing. In these large-scale SoCs, the complexity of the functions and the high operating frequencies make it difficult to have duplicated logics for the overall functionality. Furthermore, to perform high-reliability self-testing in large-scale SoCs, it would be necessary to shut down functions required for self-driving and other operations for extended periods.
Renesas has developed hardware fault detection technology based on a state-of-the-art self-testing mechanism to resolve these issues. This technology makes it possible, even in the large-scale SoCs used in self-driving systems, to meet the criteria such as diagnostic coverage, which is expected to be required for the ISO 26262 ASIL B standard for functional safety.
In addition, Renesas has developed a system to predict and suppress the momentary voltage droops caused by hardware faults, and to prevent these faults from occurring.
Key features of the newly developed technologies are:
(1) Runtime self-test system that supports both time slicing and module independent tests
One method for detecting random hardware faults that occur during runtime consists of stopping program execution in the SoC itself and performing self-tests (runtime self-tests). This method is appropriate in large-scale circuits, since it can detect hardware faults without redundancy in the logic circuits. Furthermore, compared to software-only self-testing, the test time is reduced by using the built-in self-test (BIST) hardware. However, executing runtime self-tests requires the stopping of the SoC's ordinary functions and application programs cannot be run during that period. Furthermore, as these chips become more functionally complex and larger scale, the test times become longer and this could result in shutting off functions required for self-driving operation for extended periods.
To resolve this issue, Renesas implemented BIST systems in the CPU and GPU function blocks, and an integrated controller for these BIST systems. Furthermore, Renesas developed functions that enable these runtime self-tests to be executed with test time slicing. This function makes it possible, for example, to support the requirement of audio processing that the processing may only be interrupted for less than 2 ms. It does this by (1) executing the runtime self-test on one specific CPU in the CPU cluster, which consists of four CPUs, and continuing program execution on the remaining three CPUs, and (2) dividing the GPU self-test into multiple sections and executing those sections in a time division manner.
Renesas has made it possible to achieve the expected criteria such as diagnostic coverage for the ISO 26262 ASIL B standard for functional safety even in complex, large-scale SoCs, by minimizing the blackout periods that the SoC cannot be used due to test execution and also minimizing that duration to shorter than the tolerance time for which safety function operation may be interrupted.
(2) Systems that suppress hardware faults due to voltage droop
There are cases where momentary voltage droops occur due to the excessive activation of logic circuits in an SoC. These voltage droops become more conspicuous as the operating frequency of the logic circuits and the fluctuations in the activations of those circuits increase. Previously design applied methods that provided adequate voltage margins to handle the maximum voltage droops were used. However, the lower supply voltages resulting from the use of finer process rule and higher operating frequencies made it difficult to provide voltage margins in the design.
Renesas developed the following three systems to resolve this issue: