Safety requirements for automotive electronics are being standardized in a number of application segments. An example of application segments includes chassis applications, which United States government legislation requires to be standardized for each new vehicle from 2012. A further example is electric power steering.
Automotive braking applications and steering applications also both require sophisticated electronic solutions that allow switching to a safe state in case a malfunction is detected. Accordingly, awareness of safety issues, for example by a system-on-chip (SoC), is of increasing importance in today's vehicular applications, although the usage of such devices is not limited to such applications. However, the safety level required differs from application to application. For example, some applications may require Safety Integrity Level (SIL) 3, whilst other applications may require SIL 2. Safety Integrity Levels (SIL) are defined as a relative level of risk-reduction provided by a safety function, or as a specific target level for risk reduction. Four SIL levels are defined by the International Standard IEC 61508, ranging from SIL 4, being the most dependable, to SIL 1, being the least dependable.
Different levels of safety may require varying amounts of redundancy of building blocks and connectivity within the SoC. As a result of this, known SoCs are designed with a specific SIL in mind. However, the need to develop multiple SoC architectures to support multiple SILs makes the development of safety aware devices complex and costly.
One particular area of importance for such SoCs is the Random Access Memory (RAM) provided on the SoC, which is a major contributor for possible failure conditions within the performance of the SoC. Since redundancy of a building block such as RAM within SoCs is typically tightly coupled to the architecture of the SoC and the application intended to run thereon, this is an issue for creating a family of safety aware devices.
Redundant storage elements are an important feature of a safety aware system. The rising importance of safety issues makes them a key element for any future application. Unfortunately, redundancy in this context is an expensive feature, since the memories within a SoC typically occupy more than fifty percent of the die size. The impact of doubling the required integrated circuit real estate to implement redundant storage on the overall system cost is therefore significant.
Redundancy of data stored in random access memories (RAM) is not always required, and for many applications it is sufficient to use a non-redundant RAM for the storage of less critical information. However, it is nearly impossible to accurately determine in advance the ratio between redundant RAM and non-redundant RAM required by a certain application. Since the need for safety features differs from application to application, it is highly desirable to only implement redundant memory up to the level required by the actual application.
However, the cost of integrated circuit (IC) mask sets is constantly increasing, and is a significant cost in the development of SoCs. Typical publications in this field discuss a cost factor of about US$1 million for a single mask set for 90 nanometer (nm) devices. Consequently, the need to develop multiple SoC architectures to support multiple SILs is becoming an obstacle to the development of safety aware devices, since only devices that can be sold in high volumes are cost effective to be fabricated. Thus, for applications requiring different levels of safety, different SoCs must be developed. Since redundancy of the building blocks is usually tightly coupled to the architecture of the SoC, this is an issue for creating a family of safety aware devices.
In the future, the production of cost effective devices for safety aware applications will require the ability of such devices to support a wide range of applications. Each application will have its own trade-off between redundant building blocks and the performance level made possible.