There are several approaches to hardware fault detection, such as logic duplication and self-testing.
“In large-scale SoCs, the complexity of functions and high operating frequencies make it difficult to have duplicated logics for the overall functionality. Furthermore, to perform high-reliability self-testing in large-scale SoCs, it would be necessary to shut down functions required for self-driving and other operations for extended periods,” said the firm, which claims its self-testing mechanism to resolve these issues.
“This technology makes it possible, even in the large-scale SoCs used in self-driving systems, to meet the criteria such as diagnostic coverage, which is expected to be required for the ISO 26262 ASIL B standard for functional safety.”
One method for detecting random hardware faults without redundant hardware is to stop programme execution and perform self-tests. However, complex hardware means long test times during which the computer cannot do its day job – driving the car, for example.
Renesas has implemented time-sliced built-in self-test (BIST) in the CPU and GPU function blocks, using an integrated BIST controller.
It executes runtime self-test on only one CPU in the four-CPU cluster and continues program execution on the remaining three CPUs. Similarly it divides GPU self-test into multiple sections and executes those in a time-sliced manner.
“This function makes it possible, for example, to support the requirement of audio processing that the processing may only be interrupted for less than 2ms,” said Renesas.
Also in the chip has has a scheme to suppress hardware faults due to voltage droop – where logic switching alters the on-die rail voltage.
The scheme has three aspects:
- Ultra-fast voltage sampling
- Voltage droop prediction system
- High-functionality clock control
The voltage sampling system combines a variable delay whose transmission time changes with the voltage difference and a time-to-digital converter that converts the time difference with respect to a reference clock to a digital value. This voltage sampling system can operate at the same 2 GHz as the fastest CPU clock.
Droop prediction models droop four cycles in advance based on voltage information acquired by the voltage sampling system. “If this predicted voltage falls below a threshold value set in advance, it requests that the clock supply be stopped,” said Renesas.
Clock control combines clock gating and a clock divider that can stop the clock in advance of a predicted droop. The clock is then bought up gradually from a frequency lower than it had been at.
“By combining these three systems, voltage droops that might occur can be detected in advance and hardware faults that could occur due to those voltage droops can be prevented,” said the firm.
ISO 26262 (Road vehicles – Functional safety) defines the entire safety life cycle for electronics and software in safety-related systems in vehicles weighing less than 3,500kg. Included are recommendations for the mitigation of random hardware faults, including diagnostics and the specific implementation of hardware safety systems.