SiTime on esitellyt Chorus Automotive Clock Generators -tuoteperheen, joka on alan ensimmäinen täysin integroitu kellojärjestelmä yhdellä sirulla (ClkSoC), sisältäen sisäänrakennetut vianseurantamekanismit koko kellosignaalin generointipolulle. Chorus-automotiivien FailSafe-teknologia tarjoaa alalle uuden lähestymistavan, yhdistäen MEMS-resonaattorin, oskillaattorin ja kehittyneet turvamekanismit yhteen pakettiin.

Tämä integrointi yksinkertaistaa järjestelmän ajoitusarkkitehtuuria ja nopeuttaa toiminnallisen turvallisuuden kehitysaikaa jopa kuudella viikolla. Laitesuunnittelijat hyötyvät jopa 10 kertaa korkeammasta suorituskyvystä puolet pienemmässä koossa verrattuna itsenäisiin oskillaattoreihin sekä kriittisestä diagnostiikkapeitosta, joka helpottaa toiminnallisten turvallisuusmittareiden saavuttamista.

Autonominen ja puoliautonominen ajaminen muuttuu todellisuudeksi, ja autoteollisuus lähenee nopeasti tavoitetta kehittää ohjelmistopohjaisia ajoneuvoja (SDV, **Software-Defined Vehicles**). Olipa kyseessä autonominen ajaminen (AD, **Autonomous Driving**) tai kehittyneet kuljettajaa avustavat järjestelmät (ADAS, **Advanced Driver Assistance System**), Chorus FailSafe-teknologialla täyttää turvallisuuskriittisten järjestelmien ajoitustarpeet.

Seuraavan sukupolven ajoitushaasteet

Autoteollisuuden insinöörit kohtaavat ainutlaatuisia haasteita toteuttaessaan SDV-ajoneuvoja. Auton ostajat odottavat käyttäjäkokemusta, joka on yhtä saumaton kuin älypuhelimissa, mutta ilman kompromisseja turvallisuudessa. Kun ajoneuvoista tulee yhä autonomisempia, laitteistoviat eivät ole pelkästään häiritseviä, vaan voivat aiheuttaa vakavia seurauksia ihmishengille ja omaisuudelle.

Täysin ohjelmistopohjainen ajoneuvo on käytännössä kestäväksi suunniteltu datakeskus pyörillä. SDV:t vastaanottavat reaaliaikaista tietoa sensoreista – kuten kameroista, Lidareista ja tutkajärjestelmistä. Auton odotetaan käsittelevän tietoa ja tekevän päätöksiä välittömästi, asettaen turvallisuuden etusijalle sekä auton matkustajille että muille tienkäyttäjille. Tämä suuritehoinen laskentainfrastruktuuri (HPC, **High-Performance Computing**) tukee tuhansia teraoperaatioita sekunnissa (TOPS, **Tera Operations Per Second**). Se edellyttää synkronoitua, tarkkaa ajoitusverkkoa, joka tarjoaa luotettavan suorituskyvyn iskussa, tärinässä ja äärimmäisissä sääolosuhteissa sekä kestää vuosikymmeniä.

SiTime tuo uraauurtavan johtajuutensa kestävässä MEMS-ajoitusteknologiassa ja synkronoiduissa tarkkuusajoitusverkoissa datakeskuksista autoteollisuuteen. Chorus Automotive -tuoteperhe tarjoaa alansa ensimmäisen laajan käyttölämpötila-alueen -40 °C:sta 125 °C:een, mikä poistaa kaikki lämpöön liittyvät pullonkaulat turvallisuuskriittisten moduulien suunnittelussa.

Artikkeli kokonaisuudessaan englanniksi tässä alla. Se löytyy uudesta ETNdigi-lehdestä.

FAILSAFE TIMING FOR AUTOMOTIVES

SiTime has introduced Chorus Automotive Clock Generators—the industry’s first fully integrated clock system-on-a-chip (ClkSoC) with built-in fault monitoring mechanisms for the entire clock generation signal path. The FailSafe technology in Chorus automotive delivers a new approach to the industry, integrating a MEMS resonator, oscillator and advanced safety mechanisms into a single package.

This integration simplifies system timing architecture and accelerates functional safety development time by up to six weeks. Hardware designers get the combined benefits of up to 10X higher performance in half the size compared to standalone oscillators and critical diagnostic coverage to achieve functional safety metrics more easily.

Autonomous and semi-autonomous driving are becoming reality, and the automotive industry is fast converging on the ultimate goal of software-defined vehicles (SDVs). Whether implementing autonomous driving (AD) or advanced driver assistance system (ADAS), Chorus with FailSafe technology fulfills the timing needs of safety-critical systems.

NEXT-GEN TIMING CHALLENGES

Automotive engineers face unique challenges in implementing SDVs. Car buyers expect a user-experience as seamless as smartphones but without compromising safety. As vehicles become more autonomous, hardware malfunctions are not merely annoying, they also can have serious consequences for life and property.

The ultimate SDV is a ruggedized datacenter-on-wheels. SDVs pipe in real-time information from sensors – cameras, Lidar, radar and more. The car is expected to process the data and make decisions instantaneously, prioritizing safety for the people in the car and on the road. This high-performance computing (HPC) infrastructure supports 1000s of tera operations per second (TOPS). It requires a synchronous precision timing network with guaranteed reliable performance under shock, vibration, and extreme weather, with lifetimes spanning decades.

SiTime brings its pioneering leadership in ruggedized MEMS timing technology and synchronized high precision timing networks for datacenters to the automotive space. Chorus automotive with an industry-first wide operating temperature range from -40°C to 125°C is uniquely positioned to remove any thermal bottlenecks in the design of safety critical modules.

SAFETY-FOCUSED PRECISION

Conventionally, if the clock for a critical component fails, catastrophic failures can occur – a processing unit may stop operating, or a high-speed link may drop packets. A safety microcontroller in the system monitors such large-scale failures and disables the failing function to reach a safe state. For instance, when a car alerts you that lane assist is no longer available, it is ensuring a safe state where you do not rely on the malfunctioning feature. Time is of the essence in these life-saving functions. Engineers aim to reduce this fault-tolerant time interval (FTTI, or the time between a fault occurring and the system notification). Chorus automotive can shave off critical milliseconds by reporting clock failures far earlier.

FTTI requirements are common for Automotive Safety Integrity Level (ASIL), part of the ISO 26262 standard, the framework for classifying hazards caused by malfunctioning automotive systems. ADAS sensors and central compute ECUs are expected to meet the requirements of high ASIL ratings to be certified for managing the most critical hazards despite malfunctions. Each module requires a detailed analysis of failure scenarios, assigning failure probabilities and diagnostic coverage metrics to every component part.

To ease the certification journey, engineers must start from the right building blocks—components that are less likely to fail and have effective diagnostics for early fault detection. Chorus automotive, with its FailSafe technology, addresses the limitations of legacy quartz-based clock generators in meeting these challenges, with up to 10X lower failure rates and advanced diagnostics.

This example shows how Chorus automotive with FailSafe technology simplifies the ADAS ECU clock tree. A single Chorus handles the precision timing for ADAS compute SOCs and multiple high-speed interfaces.

CHORUS REDUCES CLOCK-TREE COMPLEXITY IN AUTOMOTIVE SYSTEMS

In the past, the timing network consisted of standalone oscillators. These oscillators could not be synchronized, nor did they have diagnostic features. Sometimes multi-output clock generators were used, commonly paired with an external quartz resonator, which suffers from impedance matching and noise issues. Chorus automotive replaces up to four differential or eight single-ended standalone oscillators, shrinking the timing footprint on circuit boards by up to 50% and eliminating any noise or impedance mismatch issues.

Moreover, each Chorus clock output is individually programmable and controllable. Its behavior can be tuned for specific system needs, controlling electromagnetic interference (EMI) or adjusting phase shifts and delays to manage long circuit board traces.

Now, multiple clocks can be easily integrated into a single compact device, for example, to consolidate a complex clock tree of an ADAS ECU or zonal gateway (see picture on the adjacent p. 24).

This example shows how Chorus automotive with FailSafe technology simplifies the ADAS ECU clock tree. A single Chorus handles the precision timing for ADAS compute SOCs and multiple high-speed interfaces. It is the only precision timing device with end-to-end signal monitoring and alerting, enabling greater safety while reducing power, total cost of ownership and board space.

DETECT AND REPORT POTENTIAL FAULTS 1000X FASTER

Competing clock generators, if they have any monitoring features, focus mainly on detecting external quartz resonator failures, which are notoriously common. This leaves a dangerous blind spot in fault coverage with no visibility into the rest of the clock signal chain (oscillator, phase-locked loop, output drivers, etc.).

Having solved the quartz failure problem, Chorus automotive provides end-to-end, continuous, real-time fault monitoring from the MEMS resonator to output pin, as well as the power rails, internal memory, and chip temperature. Safety visibility for each clock output can be individually tailored, depending on the system’s functional safety goals.

With the capability to alert a safety microcontroller of a clock-related fault within microseconds instead of milliseconds, far before any downstream failures can occur, automobiles can return to a safe state up to 1000x faster than before. This combination of dramatically lower failure rates, expanded diagnostics, and faster reporting allows engineers more room in their overall “safety budget.” It can save weeks of engineering work and lower solution costs spent on external monitoring mechanisms.

Notably, the safety microcontroller itself should be clocked by a separate oscillator to avoid any potential dependent failures. SiTime has the required expertise to advise on intelligent partitioning of the clock tree to achieve the twin goals of integration and safety.

CHORUS AUTOMOTIVE WITH FAILSAFE TECHNOLOGY

Chorus automotive orchestrates complex timing for automotive compute and sensor systems by providing up to four configurable differential or up to eight single-ended low skew outputs. Its FailSafe technology enables ease of functional safety design by providing programmable end-to-end safety monitors. It is PCI Express (PCIe) Generations 1 - 6 compliant, with spread-spectrum options, on-chip regulators for extremely good power supply noise rejection, and phase-configurable and programmable skew outputs.

Chorus can alert an external safety manager MCU to any clock faults via configurable general-purpose I/O (GPIO) pins. The serial interface (I2C or SPI) can be used to read internal registers, including the status of the internal monitoring functions. These devices additionally enable high levels of flexibility using the in-system configuration (ISC) mode to modify the device configuration and each output behavior via the serial interface.