This blog post was originally published at Ambarella’s website. It is reprinted here with the permission of Ambarella.
Our ASIL-compliant chips are designed to meet international standards for vehicle safety.
The concept of functional safety isn’t new; it has existed for centuries. As long as there have been machines, there have been attempts to design them in ways that enhance their safety for human use.
When machines were simpler, so were the associated functional safety measures: they may have been as straightforward as a physical barrier between a hand and a moving part. However, as machines have become more complex, functional safety has transformed into a highly sophisticated process, including automated protections, fail-safe mechanisms, and features that anticipate user error—as well as comprehensive verification and validation requirements for every step in the design process to ensure success.
When it comes to modern automobiles, therefore, functional safety is far from simple. It is governed by numerous regulatory standards covering virtually every individual vehicle component. Naturally, this includes things like seatbelts, airbags, and tires, but also includes the embedded electronics systems involved in managing the engine, powertrain, transmission, brakes, suspension, ADAS features, and more. A modern vehicle may include nearly a hundred of these electronics systems. Which means that today’s automotive functional safety standards must cover more than just steel, aluminum, glass, and rubber—these standards must cover digital electronics hardware and its associated software as well.
The international functional safety (FS) standard for safety-critical automotive electronics systems is known as ISO 26262. This standard is designed to address potential hazards caused specifically by hardware and software failures on the road.
As an AI silicon company offering SoCs for applications such as ADAS and autonomous driving, Ambarella has implemented an array of internal processes and procedures to ensure that our FS products comply with ISO 26262. These strict processes and procedures touch every aspect of the work we do—from technical documentation to software engineering to VLSI—and have become an inextricable part of our culture, from top to bottom. My role at Ambarella is to ensure that our organization continues to meet or exceed these standards at every assessment audit.
So, what does this mean to us?
Ambarella SoCs are used worldwide to perform image processing and computer vision processing on the road. In simplest terms, this means that our solutions must successfully interpret and translate the outside world for the vehicle, which in turn uses this information to make safety-critical decisions. For ADAS systems, this means automatic braking, lane-keeping assistance, and more. For autonomous systems, this means full or partial management of navigation itself. In both cases, solutions like ours are vital—and as the saying goes, failure is not an option. We take this responsibility extremely seriously; our CEO drives these efforts personally.
An overview of ISO 26262 standards.
To ensure compliance with ISO 26262, Ambarella conducted an extensive analysis of various automotive use cases (e.g., electronic mirror, ADAS, autonomous driving) and tested a wide variety of possible error conditions for each. In the process, we developed hundreds of error-detection schemes for both image and vision processing, resulting in thousands of dedicated error signals managed by the central error handling unit (CEHU). For extremely critical hardware blocks such as video capture or video display, we have implemented lockstep fault-tolerant systems, creating modular redundancy that enhances error detection and error correction. Similarly, our SDK includes various diagnostic routines for periodic checks, as well as watchdogs for random errors, and we’ve analyzed every software component in the SDK for failure modes and error detection. On top of that, we have added sufficient redundancy with functional monitoring of imaging algorithms for error detection. Any resulting errors are made available via an error handling framework for system integrators to use with their own software code or algorithms in order to quickly transition to a safe state.
Both our hardware and software follow a strict, ASIL-B compliant process. Moreover, we include additional hardware core that can act as a “safety island” for ASIL D compliance. All error conditions—whether generated from software, hardware, or algorithms—are available for system integrators within FTTI.
Ambarella has developed a unique solution for the market with algorithm-specific silicon and a robust SDK, configurable by the customer. Click here for more information about our FS chips. For additional information regarding our ISO 26262 processes, please contact us.
Block diagram for the CV2FS processor.