Automotive safety compliance is a practice that automakers and component manufacturers must undertake to develop safety-critical hardware and software products and meet the functional safety goals required by automotive industry standards.
As the automotive industry rapidly embraces state-of-the-art electronics to turn the idea of a connected and autonomous vehicle into reality, ensuring safety compliance for these new components is becoming more critical than ever. Increasingly, hardware components are making way for standardized embedded electronics and software components. While these new systems allow automakers to deliver over-the-air (OTA) software and firmware updates for new features and bug fixes, the widespread use of these software-defined electronic and electrical (E/E) systems come with potential risks. With a typical car consisting of millions of lines of software code and several electronic and electrical (E/E) components, any malfunctioning event in the hardware or software can put human lives in danger.
To effectively address the safety concerns, automotive technology developers today rely on a growing number of standards. One such critical automotive functional safety standard is the ISO 26262, which defines a risk classification system called automotive safety integrity levels, or ASIL bands. These different degrees of safety levels aim to reduce potential hazards caused by E/E system malfunctions, ensuring that they work as intended and safely.
This guide explains the importance of automotive safety compliance, how ASIL classifications work, and the tools that can be leveraged to build a connected vehicle software that can safely prevent hazards resulting from hardware faults.
Vehicle safety data provided by the Bureau of Transportation Statistics (BTS) shows that an average of six million vehicle crashes happen every year in the U.S. alone. To reduce this number and prevent road traffic fatalities, the U.S. National Highway Traffic Safety Administration (NHTSA) often issues an auto recall if the vehicle no longer meets the minimum safety standards or if there is a potential safety risk. In 2016, automakers in the U.S. were forced to make a record safety recall of over 53 million vehicles. These statistics indicate that cars are still one of the primary reasons for road accidents, making automotive safety compliance a fundamental requirement.
With the integration of complex safety and comfort solutions, such as antilock braking system (ABS), airbags, advanced driver assistance systems (ADAS), and autonomous driving features, an automobile today is nothing less than a marvel of technological innovation. However, as our vehicles become smarter and more autonomous, the underlying technologies—if not designed correctly—can lead to more safety issues. For instance, malfunctioning hardware meant to control a vehicle's ABS or airbags can lead to life-threatening injuries. Similarly, in an all-electric vehicle, high-voltage power buses and battery packs can pose a risk to human safety if not properly managed and designed as per standards.
As we achieve higher autonomy levels and look forward to a future full of connected vehicles, the functional safety of embedded electronics and software systems controlling these components under the hood will be paramount. Thankfully, several standards exist, most notably the ISO 26262, which significantly reduce the risks by providing a framework to develop electronic hardware and software systems that require functional safety.
For automotive suppliers and technology developers seeking safety compliance for their products, ISO 26262 outlines technical safety requirements (TSRs) and specifications. These guidelines must be followed throughout the vehicle's lifecycle—from design, development, production, and operation to decommissioning—to achieve functional safety.
The ISO 26262 standard follows a risk-based approach to determine the level of risk associated with hazardous operational situations that an electrical or electronic component may encounter in real-world conditions. During this certification, each automotive component (hardware or software) passes through hazard analysis and risk assessment (HARA) to identify all the potential hazards and categorize them based on the three variables: severity, exposure, and controllability.
For example, consider an electronic power steering (EPS) system being evaluated for all possible malfunctioning behaviors. Each hazardous event resulting from the safety analysis of the EPS system is then assigned severity, exposure, and controllability classes. Severity has four classes, ranging from "no injury" (S0) to "fatal injuries" (S3). Similarly, exposure has five classes, with E0 being "incredibly unlikely" to E4 being "highly probable." Controllability, too, has four classes, covering "controllable in general" (C0) to "uncontrollable" (C3).
The required ASIL is then determined by combining these three variables and their classes. ASIL-A represents the lowest potential hazard, while ASIL-D is the highest degree potential hazard. Combining the highest potential hazards from all the three variables (S3 + E4 + C3) will result in the ASIL-D classification. An EPS system also requires an ASIL-D grade, as the risks associated with the failure of this system are the highest. In contrast, the components only require an ASIL-A grade in areas where safety is not critical.
While the ISO 26262 standard provides all the necessary guidelines to address the functional safety aspects of every hardware and software component that goes into a vehicle, it is not keeping up with the increasingly complex automotive embedded systems. Therefore, regulators are working on revising the existing standards and developing new ones to ensure that the latest automotive technologies comply with the safety requirements. The ISO/SAE 21434 is a step in this direction, which is the first standard that addresses cybersecurity concerns in vehicles.
Although more standards will likely be established, and the current ones will be updated in the future, forward-looking automakers and original equipment manufacturers (OEMs) must implement a strategy to develop products with the highest quality and safety features that current standards require. This approach will help future-proofing the products and ensure that they comply with stringent safety norms that are still under development. At Cadence, we offer advanced automotive functional safety solutions to help component developers succeed in their efforts to build safe products for the modern automobile.
As the industry's first DSPs optimized for automotive radar, lidar, and vehicle-to-everything (V2X), Cadence Tensilica ConnX B10 and ConnX B20 DSPs enable developers to achieve ASIL-B random fault and ASIL-D systemic fault-compliant certification faster. The Cadence Tensilica Xtensa Processors with FlexLock are also certified for full ASIL-D compliance, enabling ASIL-D systematic and ASIL-D random fault protection for Functional Safety (FuSa) applications.
Connected vehicle software developers can also leverage our Midas Safety Platform to explore functional safety architectures in the early phase. The safety platform fully automates fault injection and result analysis for IP, SoC, and system designs, enabling automobile technology developers to validate whether their software functions safely when a fault is injected into the hardware. With the automated generation of FMEDA and certification reports, developers can accelerate their assessments for safety compliance, reach their target ASILs, and quickly complete their ISO 26262 verification.
