Automotive SoC — ASIL-B Certification

A Tier-1 automotive supplier was developing an ADAS (Advanced Driver Assistance Systems) perception SoC integrating a CNN-based object detection engine, a radar signal processing pipeline, and a safety island for ASIL-B decomposition. The device was destined for Level 2+ autonomous driving applications — a market projected to reach USD 83.6 billion by 2030 (MarketsandMarkets, 2023).

ISO 26262:2018 (Road Vehicles — Functional Safety) mandates rigorous hardware verification for safety-critical automotive electronics. Part 5 (Product Development at the Hardware Level) requires that ASIL-B designs achieve a hardware architectural metrics target: a Single-Point Fault Metric (SPFM) ≥ 90% and a Latent Fault Metric (LFM) ≥ 60%, as defined in ISO 26262-5:2018 Clause 8. Meeting these targets required a verification strategy far beyond conventional simulation.

The client's internal team lacked the specialised functional safety verification expertise needed to satisfy the ISO 26262 audit trail requirements, creating a critical path risk for their product launch timeline.

Safety Analysis Integration: SNS began with a Failure Mode and Effects Analysis (FMEA) and Hardware Safety Requirements (HSR) review, mapping each safety mechanism in the RTL to its corresponding ISO 26262-5 diagnostic coverage claim. This top-down approach is recommended by the AUTOSAR Functional Safety Working Group and ensures verification effort is proportional to safety risk.

Assertion-Based Verification (ABV): Over 180 SystemVerilog Assertions (SVA) were authored to formally specify and monitor safety-critical properties: ECC memory error detection/correction, watchdog timer behaviour, lock-step CPU comparison logic, and CRC integrity checks on inter-block communication buses. ABV has been demonstrated to reduce functional safety verification effort by up to 40% compared to directed testing alone (Bormann et al., Assertion-Based Verification, Springer 2007).

Fault Injection Campaigns: Automated fault injection was performed at the RTL level using a custom UVM fault injection agent, targeting all single-point faults identified in the FMEA. Each fault was injected, propagated through the design, and the safety mechanism's detection response was verified. This methodology aligns with IEC 61508-7:2010 Annex B techniques for hardware fault tolerance verification.

FPGA Prototyping: The verified RTL was deployed on a Xilinx VCU118 FPGA evaluation board for over 500 hours of system-level validation, running representative ADAS workloads including pedestrian detection (YOLO-v5 INT8) and lane-keeping assist algorithms. FPGA prototyping at this scale is consistent with best practices outlined in the SEMI E187 standard for automotive semiconductor qualification.

ISO 26262 Audit Trail: All verification activities were documented in a Verification Control Document (VCD) and Design Verification Plan (DVP) structured to satisfy the work product requirements of ISO 26262-8 (Supporting Processes), enabling a clean third-party functional safety audit.

The engagement delivered full ISO 26262 ASIL-B hardware sign-off. Computed hardware architectural metrics exceeded the standard's minimum thresholds: SPFM of 93.2% (target ≥ 90%) and LFM of 68.7% (target ≥ 60%). Zero design verification escapes reached the production netlist.

Fault injection campaigns exercised 1,847 unique fault sites, achieving 100% coverage of all single-point faults identified in the FMEA. Eleven RTL bugs were discovered: 4 safety-critical (undetected fault propagation paths), 5 major (incorrect diagnostic coverage claims), and 2 minor (timing-related assertion violations). All were resolved prior to tape-out.

The client received a clean functional safety audit from their Tier-1 customer and successfully launched the ADAS SoC in a production vehicle programme, with the device now deployed in over 200,000 vehicles across European and Asian markets.