The latest automotive functional safety standard “ISO 26262” that supports automotive safety

In the automotive field in recent years, as autonomous driving technology continues to innovate and develop rapidly, there has been a growing need for functions (functional safety) that help prevent problems in emergencies, and ISO 26262 that standardizes functional safety. standard. Especially in China, where technological innovation is outstanding, ISO 26262 (functional safety) has been established as a recommended national standard starting with “GB/T”, and the first Chinese translation of ISO 26262 “GB/T 34590” was published in 2017. It was released in October and has been implemented since May 2018.

In this context, not only car manufacturers (OEM), but also more and more automotive electronics manufacturers (Tier1) have also accelerated functional safety support. From a global perspective, functional safety is already the only way to go .

Since 2017, ROHM has been the first in the industry to develop LCD panel chipsets that support functional safety, consisting of LCD driver ICs, etc., and obtained ISO26262 development process certification in 2018 to continuously promote product development that supports automotive functional safety.

This article will introduce you to a summary of the white paper published on the ROHM official website from the perspective of a semiconductor manufacturer, against the backdrop of the increasing interest in functional safety and ISO 26262 and the need for active action. In addition, the white paper includes specific introductions including cases. Welcome to the official website of ROHM for details.

Links to white papers on ISO 26262:

https://rohmfs-rohm-com-cn.oss-cn-shanghai.aliyuncs.com/cn/products/databook/white_paper/iso26262_wp-c.pdf

When introducing “functional safety”, the term that is often quoted is “intrinsic safety”. Here I hope to introduce “functional safety” by comparing it with “intrinsic safety”. “Intrinsically safe” is a method of ensuring safety by eliminating the cause of danger. And “functional safety” is the method of ensuring safety through functional efforts to reduce risk to an acceptable level.

For example, let’s think about what should be done to avoid a collision between a car and a train, using the example of a road and railroad intersection.

In order to eliminate the dangerous causes of the intersection of roads and railways, the practice of separating roads and railways and building bridges to avoid collisions is based on the idea of ​​”intrinsic safety”. According to the idea of ​​”intrinsic safety”, the use of overpasses can physically eliminate the collision between cars and trains.

The “functional safety” approach might be to avoid collisions by setting up railroad crossings. Install sirens and railings at the intersection of roads and railways, and install sensors on the railroads. When the sensors detect the approach of a train, the siren sounds and the railings are lowered. When additional sensors detect that the train has passed, the siren stops and the hurdles are raised. While roads and railroads still physically intersect, railroad crossings can reduce the risk of car and train collisions to acceptable levels. This is the idea of ​​”functional safety”.

The white paper published on ROHM’s official website details the specific methods to achieve functional safety. Welcome to the official website for details.

The latest automotive functional safety standard “ISO 26262” that supports automotive safety

“ISO” refers to the International Organization for Standardization (International Organization for Standardization), a non-governmental organization headquartered in Geneva, Switzerland, which aims to formulate and promote international standards (IS: International Standard). Among them, ISO 9001 (Quality Management System) and ISO 14001 (Environmental Management System) are very well-known standards.

ISO 26262 is an international standard for “functional safety” related to automotive electrical/Electronic systems. As the parent standard of functional safety, there is IEC 61508 (International Electrotechnical Commission: International Electrotechnical Commission), and ISO 26262 is based on this and modified according to the electrical/electronic system of the automobile.

The first edition of ISO 26262 was published in November 2011, and the revised second edition was published in December 2018. In the first edition, the target was mass-produced passenger cars under 3,500kg; in the second edition, the scope was expanded to include trucks, buses and two-wheeled vehicles. Guidance on semiconductors is newly stipulated in Part 11 of the second edition.

While ISO 26262 aims to achieve functional safety, it is not a law. Therefore, it is not illegal to not comply with the ISO 26262 standard. However, automakers won’t buy products that don’t meet the standards. Car manufacturers demonstrate their ability to ensure car safety by designing electrical/electronic systems according to ISO 26262. Also, the design should ensure that even in the event of electrical/electronic system failures, no personal injury (not only the driver and passengers, but also pedestrians, etc.) will occur.

To obtain the above ISO 26262 certification, the usual practice is to accept the review of third-party certification agencies represented by TV Rheinland, TV SUD, SGS TV, DNV-GL, TV Saarland, etc., and obtain certification.

ROHM started to build the ISO 26262 process in 2015, and in March 2018, about two and a half years later, obtained the ISO 26262 process certification through the German third-party certification agency TV Rheinland. In other words, ROHM’s ISO 26262 process has been recognized as an ISO 26262 compliant process. It is common practice to build processes based on the advice of consultants and other foreign aid, but Roma goes beyond that and has held several workshops to learn and understand the standard in order to adjust the direction and establish a process that meets the standard.

The white paper published on ROHM’s official website describes other safety standards, the means to comply with ISO26262, the method of obtaining certification, and ROHM’s ISO 26262 system, etc. Please log on to the official website for details.

In recent in-vehicle applications, how semiconductors are contributing to building functional safety, here is ROHM’s actions and solutions.

1. Solutions for LCD panels

In the application of LCD panels using instrument panels and electronic mirrors, if the timing controller controls two drivers and directly displays the image data from the GPU on the LCD panel, once the Display is abnormal, it will not be able to do any operations, which will directly lead to Accident happens.

In response to this problem, ROHM’s on-vehicle timing controller can monitor the image data from the GPU, and when abnormal data or input signal abnormality occurs, it will display a black screen, or notify the microcontroller to display an error warning screen, etc. This allows the driver to notice the anomaly and successfully resolves the problem.

In addition, ROHM’s chipset for LCD panels has timing controllers that control each LCD driver: BU90AL210 / BU90AL211 / BU90AD410, source and gate drivers for driving LCD panels: ML9882 / ML9873 / ML9872, and multi-function power supply ICs: BM81810MUV, gamma correction IC for image and video correction: BD81849MUV, which can ensure the functional safety of the LCD panel as a whole.

2.Solutions for ECU Power Circuits

In an automotive ECU (Electronic Control Unit), multiple power supplies are usually required. An abnormality in this power supply may cause an accident. Therefore, it is necessary to be able to monitor multiple power supplies in the ECU, and to perform accident avoidance processing according to the abnormality when an abnormality occurs. The power supply monitoring IC plays this role. The power monitoring IC monitors these voltages and notifies the MCU when an abnormality occurs, prompting it to take action.

As mentioned above, in order to achieve “functional safety” in in-vehicle applications, not only the main function, but also a “safety mechanism” is required, that is, it can monitor whether the main function is normal, and when an abnormality occurs, it can be handled according to each function to protect personnel (including driver, passenger and pedestrian) safety features. In addition, a “self-diagnostic function” that can confirm whether these “safety mechanisms” are functioning properly is also required.

In response to this problem, ROHM has realized a power supply monitoring IC that can easily add functional safety to existing power supplies by building various monitoring functions and self-diagnosis functions in an independent power supply monitoring IC, and has already achieved mass production. That is, the power supply monitoring IC “BD39040MUF” that can monitor multiple power supplies. In addition, “BD39042MUF” with higher detection accuracy is also under development.

Only by adding a power monitoring IC to the existing system, the power monitoring function required by functional safety can be implemented in a small space. ROHM’s power monitoring ICs greatly help simplify the design of functional safety systems.

In the white paper published on ROHM’s official website, there are more detailed information on in-vehicle applications and semiconductor products, please log in to the official website to view the details.

In the automotive field in recent years, as autonomous driving technology continues to innovate and develop rapidly, there has been a growing need for functions (functional safety) that help prevent problems in emergencies, and ISO 26262 that standardizes functional safety. standard. Especially in China, where technological innovation is outstanding, ISO 26262 (functional safety) has been established as a recommended national standard starting with “GB/T”, and the first Chinese translation of ISO 26262 “GB/T 34590” was published in 2017. It was released in October and has been implemented since May 2018.

In this context, not only car manufacturers (OEM), but also more and more automotive electronics manufacturers (Tier1) have also accelerated functional safety support. From a global perspective, functional safety is already the only way to go .

Since 2017, ROHM has been the first in the industry to develop LCD panel chipsets that support functional safety, consisting of LCD driver ICs, etc., and obtained ISO26262 development process certification in 2018 to continuously promote product development that supports automotive functional safety.

This article will introduce you to a summary of the white paper published on the ROHM official website from the perspective of a semiconductor manufacturer, against the backdrop of the increasing interest in functional safety and ISO 26262 and the need for active action. In addition, the white paper includes specific introductions including cases. Welcome to the official website of ROHM for details.

Links to white papers on ISO 26262:

https://rohmfs-rohm-com-cn.oss-cn-shanghai.aliyuncs.com/cn/products/databook/white_paper/iso26262_wp-c.pdf

When introducing “functional safety”, the term that is often quoted is “intrinsic safety”. Here I hope to introduce “functional safety” by comparing it with “intrinsic safety”. “Intrinsically safe” is a method of ensuring safety by eliminating the cause of danger. And “functional safety” is the method of ensuring safety through functional efforts to reduce risk to an acceptable level.

For example, let’s think about what should be done to avoid a collision between a car and a train, using the example of a road and railroad intersection.

In order to eliminate the dangerous causes of the intersection of roads and railways, the practice of separating roads and railways and building bridges to avoid collisions is based on the idea of ​​”intrinsic safety”. According to the idea of ​​”intrinsic safety”, the use of overpasses can physically eliminate the collision between cars and trains.

The “functional safety” approach might be to avoid collisions by setting up railroad crossings. Install sirens and railings at the intersection of roads and railways, and install sensors on the railroads. When the sensors detect the approach of a train, the siren sounds and the railings are lowered. When additional sensors detect that the train has passed, the siren stops and the hurdles are raised. While roads and railroads still physically intersect, railroad crossings can reduce the risk of car and train collisions to acceptable levels. This is the idea of ​​”functional safety”.

The white paper published on ROHM’s official website details the specific methods to achieve functional safety. Welcome to the official website for details.

“ISO” refers to the International Organization for Standardization (International Organization for Standardization), a non-governmental organization headquartered in Geneva, Switzerland, which aims to formulate and promote international standards (IS: International Standard). Among them, ISO 9001 (Quality Management System) and ISO 14001 (Environmental Management System) are very well-known standards.

ISO 26262 is an international standard for “functional safety” related to automotive electrical/Electronic systems. As the parent standard of functional safety, there is IEC 61508 (International Electrotechnical Commission: International Electrotechnical Commission), and ISO 26262 is based on this and modified according to the electrical/electronic system of the automobile.

The first edition of ISO 26262 was published in November 2011, and the revised second edition was published in December 2018. In the first edition, the target was mass-produced passenger cars under 3,500kg; in the second edition, the scope was expanded to include trucks, buses and two-wheeled vehicles. Guidance on semiconductors is newly stipulated in Part 11 of the second edition.

While ISO 26262 aims to achieve functional safety, it is not a law. Therefore, it is not illegal to not comply with the ISO 26262 standard. However, automakers won’t buy products that don’t meet the standards. Car manufacturers demonstrate their ability to ensure car safety by designing electrical/electronic systems according to ISO 26262. Also, the design should ensure that even in the event of electrical/electronic system failures, no personal injury (not only the driver and passengers, but also pedestrians, etc.) will occur.

To obtain the above ISO 26262 certification, the usual practice is to accept the review of third-party certification agencies represented by TV Rheinland, TV SUD, SGS TV, DNV-GL, TV Saarland, etc., and obtain certification.

ROHM started to build the ISO 26262 process in 2015, and in March 2018, about two and a half years later, obtained the ISO 26262 process certification through the German third-party certification agency TV Rheinland. In other words, ROHM’s ISO 26262 process has been recognized as an ISO 26262 compliant process. It is common practice to build processes based on the advice of consultants and other foreign aid, but Roma goes beyond that and has held several workshops to learn and understand the standard in order to adjust the direction and establish a process that meets the standard.

The white paper published on ROHM’s official website describes other safety standards, the means to comply with ISO26262, the method of obtaining certification, and ROHM’s ISO 26262 system, etc. Please log on to the official website for details.

In recent in-vehicle applications, how semiconductors are contributing to building functional safety, here is ROHM’s actions and solutions.

1. Solutions for LCD panels

In the application of LCD panels using instrument panels and electronic mirrors, if the timing controller controls two drivers and directly displays the image data from the GPU on the LCD panel, once the Display is abnormal, it will not be able to do any operations, which will directly lead to Accident happens.

In response to this problem, ROHM’s on-vehicle timing controller can monitor the image data from the GPU, and when abnormal data or input signal abnormality occurs, it will display a black screen, or notify the microcontroller to display an error warning screen, etc. This allows the driver to notice the anomaly and successfully resolves the problem.

In addition, ROHM’s chipset for LCD panels has timing controllers that control each LCD driver: BU90AL210 / BU90AL211 / BU90AD410, source and gate drivers for driving LCD panels: ML9882 / ML9873 / ML9872, and multi-function power supply ICs: BM81810MUV, gamma correction IC for image and video correction: BD81849MUV, which can ensure the functional safety of the LCD panel as a whole.

2.Solutions for ECU Power Circuits

In an automotive ECU (Electronic Control Unit), multiple power supplies are usually required. An abnormality in this power supply may cause an accident. Therefore, it is necessary to be able to monitor multiple power supplies in the ECU, and to perform accident avoidance processing according to the abnormality when an abnormality occurs. The power supply monitoring IC plays this role. The power monitoring IC monitors these voltages and notifies the MCU when an abnormality occurs, prompting it to take action.

As mentioned above, in order to achieve “functional safety” in in-vehicle applications, not only the main function, but also a “safety mechanism” is required, that is, it can monitor whether the main function is normal, and when an abnormality occurs, it can be handled according to each function to protect personnel (including driver, passenger and pedestrian) safety features. In addition, a “self-diagnostic function” that can confirm whether these “safety mechanisms” are functioning properly is also required.

In response to this problem, ROHM has realized a power supply monitoring IC that can easily add functional safety to existing power supplies by building various monitoring functions and self-diagnosis functions in an independent power supply monitoring IC, and has already achieved mass production. That is, the power supply monitoring IC “BD39040MUF” that can monitor multiple power supplies. In addition, “BD39042MUF” with higher detection accuracy is also under development.

Only by adding a power monitoring IC to the existing system, the power monitoring function required by functional safety can be implemented in a small space. ROHM’s power monitoring ICs greatly help simplify the design of functional safety systems.

In the white paper published on ROHM’s official website, there are more detailed information on in-vehicle applications and semiconductor products, please log in to the official website to view the details.

The Links:   7MBI100U4E-120 LTM10C210