"Automotive Grade" routine: conform, reach, satisfy, comply
What is Automotive grade? Is consistent reliability.
From the moment the engine starts, the car has to work in the heat of summer and the cold of winter nights. Cell phones last 2 to 4 years, but your car will last more than 10 years. In addition, all auto parts must withstand greater temperature fluctuations. If a consumer electronic device, such as a smartphone, is subjected to temperatures beyond its limited tolerance range, it may send the wrong message or simply shut down.
This is intolerable in a gauge level system. So automotive engineers have to make sure that everything from instrument clusters and navigation screens to advanced driver assistance systems and self-driving sensors and chips can meet stringent requirements.
This is why our automotive solutions (hardware) are rated to operate at -40 to 105 degrees Celsius, or even 125 degrees Celsius.
Temperature resistance is just one of the key factors affecting Chinese automobile system specification and testing. Compared with similar consumer products, Chinese automobile system specification and testing method are more strict requirements.
For example, safety features must have a dedicated line certified with ISO 26262 ASIL (as well as IATF16949) to eliminate the possibility of human error during manufacturing. Using any commodity that falls short of the highest requirements amplifies the dangers posed by driving safety.
Car rules, fish in troubled waters have
In recent years, more and more sensors, chips and other new automotive electronic products are introduced into the automobile industry, and the vehicle gauge level also began to become chaotic.
Meet, conform to, reach...... There are startups all over the street, and of course there are some that add "mass production" after the first word, which is another kind of unspeakable "naked" PR.
Conform to, the Chinese dictionary explains: conform to the existing style, format or norm. To be satisfied is to "feel" enough about something. Note that this is a subjective judgment. Reach, interpretation: most of the abstract thing or degree, such as reach/not reached, both subjective judgment.
In other words, conformity is "genuine". The words that are called fulfillment are your "imagination." There are also some subtle names: for example, listen to the car gauge level design. Well, there's a catch.
Of course, no matter how much PR you do, the product will eventually be sent to the "battlefield" to be tested (for example, you will often meet a lot of suppliers, "their products can pass the regulations").
At present, the vehicle gauge level automotive electronics relative to AEQ quality standards.
AEC-Q100 is a failure mechanism based on stress testing of packaged integrated circuits. Based in the United States, the Automotive Electronics Council (AEC) was originally established by the Big Three automakers (Chrysler, Ford, and General Motors) to establish common standards for parts qualification and quality systems.
The idea for the AEC was born at a JEDEC meeting in the summer of 1992. The idea of a common qualification norm was put forward as a possible way of improving the situation. At the subsequent JEDEC meeting, the idea of a common conformity specification was determined to be feasible, and work on the Q100(integrated circuit stress test qualification) began shortly after.
At present, the application of AEC-Q100 in integrated circuit mainly consists of discrete component AEC-Q101 and passive component AEC-Q200.
AEC-Q100 is divided into five grades based on the temperature range. Of these, level 0 is the highest (-40°C to+150°C), Level 1 is -40°C to+125°C, Level 2 is -40°C to+105°C (i.e., the more common), and level 4 is the lowest (0°C to+70°C). Level 0 is mainly used under the hood for the worst environmental conditions, while level 1 and 2 are used in other parts of the car.
In addition to AEQ, another specification that needs to be followed is ISO 26262 developed by the International Organization for Standardization (ISO) in 2011 for functional safety components such as ADAS-related sensors and systems.
The Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by ISO 26262 - Road Vehicle Functional Safety Standard. This is an adjustment to the IEC 61508 safety integrity level used in the automotive industry.
This classification helps define the safety requirements necessary to comply with ISO 26262 standards. ASIL is defined by looking at the severity, exposure and controllability of the vehicle driving scenario, using potential hazards as the target of risk analysis. The hazard safety objective is also in line with ASIL's regulations.
ASIL A, ASIL B, ASIL C and ASIL D are four grades, among which ASIL D has the highest requirement on product integrity, while ASIL A has the lowest.
ASILs are established by hazard analysis and risk assessment. For each electronic component in a car, engineers must measure three specific variables: severity (the classification of injuries to drivers and passengers) and exposure (the number of times the car is exposed to a hazard) and controllability (how much the driver can do to avoid harm), all of which are broken down into subcategories.
The severity ranges from "no injury" (S0) to "fatal/fatal injury" (S3). Exposure is divided into five categories, covering "very unlikely" (E0) and "very likely" (E4). There are four types of controllability, namely the transition from "generally controllable" (C0) to "uncontrollable" (C3).
All variables and subcategories are analyzed and combined to determine the desired ASIL.
Systems such as airbags, anti-lock brakes and power steering require ASIL-D -- the most stringent system for safety — because of the greatest risk associated with failure. At the other end, taillights and other parts only need ASIL-A grade. Headlights and brake lights are generally ASIL-B, while cruise control is generally ASIL-C.
Given the gueswork involved in determining ASIL hazard levels, the Society of Automotive Engineers (SAE) in 2015 drafted J2980, "Considerations for ISO 26262 ASIL Hazard Levels." These guidelines provide clear guidelines for the evaluation of exposure degree, severity, controllability and other aspects of specific hazards.
ISO 26262 has become the guiding standard for functional safety in automotive development. But in recent years, with the rapid introduction of ADAS and autonomous driving technology, the standard bottleneck has begun to appear.
J2980 continues to evolve -- SAE released a revised version in 2018. As autonomous vehicles evolve, ISO 26262 will need to redefine "controllability," a definition that currently belongs to human drivers.
By current standards, the absence of a human driver means that controllability will always be C3, the "uncontrollable" limit. "The severity (injury) and exposure (likelihood) of other variables will undoubtedly need to be reexamined as well.
In March, the International Organization for Standardization also updated ISO26262:2018. This edition adds guidance on semiconductor design and use in automotive functional safety environment.
For the first time, a chip (single chip microcomputer) was used in an automobile to control the operation of the engine. It's called the ECU or engine control unit. The first ECUs appeared in 1968 in Volkswagen cars with a specific function: EFI (electronic Fuel injection).
Today, there are more than 50 ECUs in cars that monitor everything from powertrain, in-car entertainment, active safety and communication systems. Next, in addition to distributed networks and centralized domain control architectures, more chips (more complex than past ECUs) will also appear in new cars.
Part 11 of ISO26262:2018 provides a comprehensive overview of the research and development projects of functional safety-related semiconductor products. These problems include the overall description of semiconductor components and their development and possible partitioning. This includes related hardware failures, errors, and failure modes. The invention also relates to intellectual property (IP), particularly in relation to ISO 26262, which has one or more security requirements.
Safety and reliability should always be maintained
But more and more new problems are emerging in the reliability of automotive electronics, causing chaos throughout the supply chain, and a series of problems are being discovered, such as inadequate data, unclear definitions, and uneven levels of expertise.
Most automotive chips, for example, are not developed based on advanced nodes. But technologies that require a lot of computing power to make safety-critical decisions in a split second, such as artificial intelligence, will require the highest available density.
The resulting reliability issues have been largely ignored at advanced nodes because most of the chips developed using these technologies were previously intended for consumer electronics or controlled environments.
At the same time, newer manufacturing processes often produce more defective parts than established and older processes. This high defect density means that higher defect coverage must be achieved when the same quality level is achieved in post-manufacturing testing.
The traditional method of using abstract logic fault model to generate test sequence for defect detection is not fully applicable. To use complex integrated circuits of higher-level process nodes to achieve quality levels at an automation level, test pattern generation needs to understand how and where defects are physically exposed, and must know how these defects behave in an analog sense, not just a digital sense.
For example, before the use of finFET process, defects in the logical unit and interconnect split in half is common. When finFET is proposed, the complexity of transistor and related logic unit fabrication process increases proportionally relative to the interconnect layer. As more transistor technologies are proposed, the difference is expected to extend to 5nm,3nm and lower.
But all automotive electronics, especially safety-critical components and systems, are now subjected to rigorous testing during and after production.
Reliability also has a problem that is proportional to cost. Each supplier up and down the supply chain has to complete more of the design of safety-critical components and systems, which adds more testing time and, in turn, costs.
As we all know, the inspection of auto parts is the most complex and expensive inspection. Now people are looking for ways to cut costs, but the auto industry is very cautious and methodical.
There are two quite different ideas to solve this problem. One is to use system-level testing, which is more expensive but allows testing in a real-world system context. But it's not clear that system-level testing actually adds to the overall cost, since temperature typically requires three different insertion points and system-level testing may only require one insertion.
Another approach is to focus on cost first and then figure out which tests are necessary and which are not.
Also, not all mistakes are created equal, and not all mistakes are predictable. ISO 26262 identifies system failures, which are failures that we can detect, predict, and fix, while random failures are classified as "things that happen."
For automotive systems to be reliable and safe, the entire automotive supply chain must now incorporate a safety culture where reliability is fundamental, although not 100% reliable.
At the same time, the automobile supply chain relationship is becoming more and more complex.
For example, on the one hand, traditional semiconductor suppliers need to start deep exchanges with OEM manufacturers, whereas in the past these exchanges were at the Tier1 level.
On the other hand, traditional semiconductor suppliers may also have to compete with Tier1s or Oems, which may produce their own chips or impose explicit requirements on their semiconductor supplier partners.
Then there are the thousands of startups that have flocked to the auto industry with relatively little experience. However, ISO 26262 requires a high level of collaboration and information sharing throughout the value chain, which may be unfamiliar to new entrants.
Supply chains used to be based on a waterfall model, where Oems would provide a specification to tier 1 suppliers, and then they would decide which tier 2 suppliers to involve, and so on down to level 3 and 4.
Today, that process has become too slow for automakers, with inadequate communication. Many automakers are starting to break out of this traditional value chain. They are reaching out directly to the original technology vendors (which may have been Tier2 or even Tier3 in the past) because they want to know what the technology can really do, especially at the cutting edge.
They also want to know what experiments these previously unconnected indirect suppliers are doing to ensure product life cycles last more than 10 years.
Tier2 and even Tier3 are interested in these products because they also want to know what the end user Oems are doing with these products and under what application conditions should they run?
Throughout the automobile industry, technology is constantly changing, and safety and reliability standards are increasingly stringent. And for those who shout "car regulation level" entrepreneurial enterprises, cheating does not apply to the automobile industry, on the contrary is the automobile industry "high barriers to entry" performance.
