Fault-robust microcontrollers allow automotive technology convergence: Part 1, the nature of faults

In automotive, semiconductor technologies and electronic systems are converging into a "car-on-a-chip." However, this convergence results in a new population of faults and failure modes, so how to make such systems more robust?

By Riccardo Mariani, YOGITECH SpA
automotivedesignline.com

Life is hard for today's automotive electronics MCUs (Microcontroller Units). On one side, you could have 50 or more of them are involved in airbags, brakes, chassis control, engine control, and X-by-wire applications. Deeper (and often immature) silicon technologies are used to reduce costs. New functionalities are implemented in software, so the memory and performance requirements have increased. Standardization efforts and new software architectures such AUTOSAR are driving automotive electronics towards more and more powerful CPUs. Internal buses are crowded by demanding peripherals.

On the other side, as a consequence of such increased complexity, the population of faults is increasing as well. These include:

Modeling uncertainty

Functional verification holes

Specification misunderstanding

EMC (electromagnetic compatibility)

Crosstalk

Unforeseen interactions and misuse

Soft-errors

Malicious accesses

In particular, hardware faults (systematic or random) are worsened by: The increased soft-error failure rates (i.e. cosmic rays); coupling effects and disturbances are more and more important; and intrinsic uncertainty due to model inaccuracy is a problem of new technologies.

Moreover, system complexity and use of third-party IP increase the verification gaps and software faults. If we define "robustness" as the ability to continue mission reliably despite the existence of systematic, random or malicious faults, how do you design fault-robust MCUs ?