Vchalup, Dreamstime.com
Autonomous Vchalup Dreamstime L 95793105 60e891344e5ce

Semiconductors Paving the Way to “Vision Zero” Through Functional Safety

July 14, 2021
Establishing functionally safe systems will depend on reliable semiconductors. A fail-operational architecture and redundancies in vehicle design will help users become more comfortable trusting autonomous technology.

What you’ll learn:

  • How functionally safe systems and electronics can help reduce traffic fatalities.
  • What to consider when designing functionally safe systems.
  • Creating a fail-operational architecture.

Functionally safe systems are key to achieving “Vision Zero,” especially as we see more autonomous vehicles (AVs) entering the market and the roads. Vision Zero is the multi-national road traffic safety project aimed at reducing road traffic fatalities or serious injuries to zero. Currently, more than 40,000 people are killed in the U.S. in traffic crashes each year.

Deploying functionally safe systems in AVs will enable broader use of this technology, working to make the roads safer for all. These new functional-safety requirements are an evolution of safety systems dating back to rearview mirrors, headlights, seatbelts, safety glass, head rests, and airbags. So, historically, achieving safety in automotive applications is an ongoing process and it’s now being taken to a new level.

Establishing trust in these systems is critical for widespread adoption of autonomous technology. This requires dependable systems that are always available, including dependable sensors, computing, actuators, memory, and power (Fig. 1).

Functional-safety standards such as ISO 26262 ensure that these systems perform in a safe manner in the event of a failure. Users need to trust in the technology, which is better established with functional safety in place. It’s a critical piece in the effort to achieve Vision Zero.

Functional Safety

Functional safety consists of three components. When something is fail-safe, it may fail but such failure doesn’t cause harm. Fail operational means in the event of a failure, the system will still have some functionality for a limited period of time. High availability means that in the event of a failure, there’s sufficient capability in the vehicle systems whereby the car can still operate for an extended period of time.

As a whole, functional safety is all about how systems react in the event of a failure. This needs to be in place for all classes of vehicles, from economy to luxury, to help build user trust in autonomous technology.

For all levels of automation, but especially for Levels 4-5, the driver/passenger needs to trust the technology and systems to work. Now, do the systems with less-dependable semiconductors really maintain the requirement of developing trust with the driver? No, but this is where dependable electronics really become important by establishing those fail-safe protocols. We need to trust the technology to work as much as we trust the brakes in the car to work.

For each safety goal, detecting related failures and defining a safe state (what the system should do if the related failure occurs or can be detected) establishes a protocol for what can be done to mitigate consequences. This offers the passenger/driver assurance that a plan is in place if a failure were to occur, with the plan being backup systems.

Fail-Operational System

With the need for this fail-operational architecture established, we must also consider what it could look like. To supercharge these fail-operational systems in AVs, we can use aviation as a model. One common concept for fail-operational electric power steering (EPS) is that it has two of everything, as opposed to fail-safe. It provides redundancy to pick up the slack if one fails.

For example, rather than having two MCUs on a single board for fail-operational safety, we can utilize two separate boards connected to a secondary inverter, sensors, power supply, etc. So, if an entire board fails, the system can revert to the alternate system and avoid a catastrophic outcome (Fig. 2).

While this may add cost, the benefits of redundancy could outweigh the potential drawbacks in some applications. All safety-relevant failure modes need to go through diagnostics checks to determine if actions should be taken to enter a safe state—e.g., disabling a faulted channel. The secondary channel provides a partial assist. Redundant systems can include the MCU, inverters, sensors, dual-wound motors, power supplies, and power sources.

Establishing functionally safe systems to avoid serious incidents and move closer to achieving Vision Zero will depend on reliable semiconductor components. With a fail-operational architecture and redundancies in the design of the vehicle, users can feel more comfortable trusting the autonomous technology, thus laying the groundwork for broader adoption.

About the Author

Steve Gross | Principal System Application Engineer, Infineon

Steve Gross is a Principal System Application Engineer with Infineon Technologies Americas. He has 30 years of electronics industry experience. He holds BSEE, MSEE, and MBA degrees, all from Michigan State University—go green! He is also a certified Functional Safety Professional and has helped multiple automotive Tier 1 companies develop ISO26262-compliant systems. In his free time, he enjoys travel, motorcycles, and a seemingly endless series of home maintenance projects.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!