Silicon IP Cores
New ASIL D Certifications Broaden CAST’s Functional Safety IP Line
At CAST we take safety seriously and are proud to offer one of the broadest arrays of silicon IP cores that are certified for Automotive Functional Safety.
Functional Safety (FuSa) in general is the engineering effort to ensure that a system automatically reduces or avoids risk in the face of various hazards.
International standard IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems, governs safety-related systems. Several variants of IEC 61508 provide standards for specific industries, including railways, process industries, power plants, machinery, defense and military aviation, commercial aviation, nuclear, medical devices, space, and automotive systems.
The recent evolution of advanced driver-assistance systems (ADAS) and autonomous vehicles and their potentially life-threatening risks has focused attention on automotive FuSa and the ISO 26262 standard that formally defines it. For silicon IP, ISO 26262 compliance means the core has been designed following the guidelines and metrics defined in the standard, and that it conforms to a particular Automobile Safety Integrity Level (ASIL).
The ASIL designation for a core or system results from a hazard analysis and risk assessment study that considers:
- the Severity Classification — from no injuries to fatal injuries,
- the Exposure Classification — from incredibly unlikely to highly probable, and
- the Controllability Classification — from controllable in general to uncontrollable.
The ASIL for the system can then be expressed as:
ASIL = Severity x (Exposure x Controllability)
ASIL assignments are descriptive rather than rigidly formal and range across four levels:
- ASIL D — the most extreme, life-threatening systems. Airbags, Self-Steering, and Antilock Braking systems have functions at ASIL-D.
- ASIL C through ASIL B — intermediate threats including Camera, Instrument Cluster, Engine Management, and Active Suspension systems.
- ASIL A — unlikely or low-risk threats such as Entertainment systems.
The more severe ASILs also cover lower levels, i.e., an ASIL D system also covers ASIL C, B, and A. (A fifth ASIL, QM, means there’s no unreasonable risk and the system need not follow ISO 26262, just normal quality management processes.)
For an IP core intended for automotive applications, an independent testing lab must evaluate the IP’s adherence to ISO 26262 and determine the appropriate ASIL. The certified core can then be safely incorporated into systems needing certification at that ASIL or lower.
We work with Fraunhofer IPMS to build IP that satisfies ISO 26262; get it certified by a recognized testing agency (SGS-TÜV Saar GmbH); and package and deliver it so designers can reliably build the IP into their systems that require ASIL certification. We strive for the most stringent certification — ASIL D — so that the cores are suitable for all systems.
Fraunhofer IPMS has recently achieved ASIL D certification for safety-enhanced versions of the CAN and LIN bus controller cores. That means CAST has more types of ASIL D IP than available anywhere else:
- CAN-CTRL — CAN 2.0, CAN FD, and CAN XL Bus Controller,
- LIN — LIN Bus Master/Slave Controller,
- LLEMAC-1G — Low-Latency 10/100/1000 Ethernet MAC suitable for automotive Ethernet, including the TSN and 10BASE-T standards, and
- EMSA5-FS — Functional Safety Embedded RISC-V Processor.
CAST customers can thus license multiple functional safety cores from a single trusted source. Our IP quality and deliverables are exemplary, and the technical customer support we provide is among the best in the industry.
We are continuing to work with Fraunhofer IPMS to further expand our ISO 26262 conforming IP line. And, while IP functional safety is so far mostly associated with automotive systems, we are also following the standards efforts for other application areas. Stay tuned for more functional safety IP news soon.