Automotive

Chorus automotive clock generator: safety with FailSafe technology

25th September 2024
Sheryl Miles
0

SiTime has introduced Chorus Automotive clock generators – the first fully integrated clock system-on-a-chip (ClkSoC) with built-in fault monitoring mechanisms for the entire clock generation signal path.

By Sumeet Kulkarni, Director of Product Marketing, Automotive, SiTime

The FailSafe technology in Chorus automotive delivers a new approach to the industry, integrating MEMS resonator, oscillator, and advanced safety mechanisms into a single package. This integration simplifies system timing architecture and accelerates functional safety development time by up to six weeks. Hardware designers get the combined benefits of up to 10X higher performance in half the size compared to standalone oscillators and critical diagnostic coverage to achieve functional safety metrics more easily.

Autonomous and semi-autonomous driving are becoming reality, and the automotive industry is fast converging on the ultimate goal of Software-Defined Vehicles (SDVs). Whether implementing autonomous driving (AD) or Advanced Driver Assistance System (ADAS), Chorus with FailSafe technology fulfills the timing needs of safety-critical systems.

Timing challenges facing the next-generation of automotive design

Automotive engineers face unique challenges in implementing SDVs. Car buyers expect a user-experience as seamless as smartphones but without compromising safety. As vehicles become more autonomous, hardware malfunctions are not merely annoying, they also can have serious consequences for life and property.

The ultimate SDV is a ruggedised datacentre-on-wheels. SDVs pipe in real-time information from sensors – cameras, LiDAR, radar, and more. The car is expected to process the data and make decisions instantaneously, prioritising safety for the people in the car and on the road. This High-Performance Computing (HPC) infrastructure supports 1,000s of Tera Operations Per Second (TOPS). It requires a synchronous precision timing network with guaranteed reliable performance under shock, vibration, and extreme weather, with lifetimes spanning decades.

SiTime brings its pioneering leadership in ruggedised MEMS timing technology and synchronised high precision timing networks for datacentres to the automotive space. Chorus automotive with an industry-first wide operating temperature range from –40°C to 125°C is uniquely positioned to remove any thermal bottlenecks in the design of safety critical modules.

Safety-focused precision synchronous automotive clock generators

Conventionally, if the clock for a critical component fails, catastrophic failures can occur – a processing unit may stop operating, or a high-speed link may drop packets. A safety microcontroller in the system monitors such large-scale failures and disables the failing function to reach a safe state. For instance, when a car alerts you that lane assist is no longer available, it is ensuring a safe state where you do not rely on the malfunctioning feature. Time is of the essence in these life-saving functions. Engineers aim to reduce this Fault-Tolerant Time Interval (FTTI, or the time between a fault occurring and the system notification). Chorus automotive can shave off critical milliseconds by reporting clock failures far earlier.

FTTI requirements are common for Automotive Safety Integrity Level (ASIL), part of the ISO 26262 standard, the framework for classifying hazards caused by malfunctioning automotive systems. ADAS sensors and central compute ECUs are expected to meet the requirements of high ASIL ratings to be certified for managing the most critical hazards despite malfunctions. Each module requires a detailed analysis of failure scenarios, assigning failure probabilities and diagnostic coverage metrics to every component part.

To ease the certification journey, engineers must start from the right building blocks – components that are less likely to fail and have effective diagnostics for early fault detection. Chorus, with its FailSafe technology, addresses the limitations of legacy quartz-based clock generators in meeting these challenges, with up to 10X lower failure rates and advanced diagnostics.

Chorus reduces clock-tree complexity in automotive systems

In the past, the timing network consisted of standalone oscillators. These oscillators could not be synchronised, nor did they have diagnostic features. Sometimes multi-output clock generators were used, commonly paired with an external quartz resonator, which suffers from impedance matching and noise issues. Chorus Automotive replaces up to four differential or eight single-ended standalone oscillators, shrinking the timing footprint on circuit boards by up to 50% and eliminating any noise or impedance mismatch issues.

Moreover, each Chorus output is individually programmable and controllable. Its behaviour can be tuned for specific system needs, controlling electromagnetic interference (EMI) or adjusting phase shifts and delays to manage long circuit board traces. Now, multiple clocks can be easily integrated into a single compact device, for example, to consolidate a complex clock tree of an ADAS ECU or zonal gateway.

This example shows how Chorus Automotive with FailSafe technology simplifies the ADAS ECU clock tree. A single Chorus handles the precision timing for ADAS compute SOCs and multiple high-speed interfaces. It is the only precision timing device with end-to-end signal monitoring and alerting, enabling greater safety while reducing power, total cost of ownership and board space.

Reduce failure rates, detect and report potential faults 1,000x faster

Competing clock generators, if they have any monitoring features, focus mainly on detecting external quartz resonator failures, which are notoriously common. This leaves a dangerous blind spot in fault coverage with no visibility into the rest of the clock signal chain (oscillator, phase-locked loop, output drivers, etc.).

Having solved the quartz failure problem, Chorus Automotive provides end-to-end, continuous, real-time fault monitoring from the MEMS resonator to output pin, as well as the power rails, internal memory, and chip temperature. Safety visibility for each clock output can be individually tailored, depending on the system’s Functional Safety goals.

With the capability to alert a safety microcontroller of a clock-related fault within microseconds instead of milliseconds, far before any downstream failures can occur, automobiles can return to a safe state up to 1,000x faster than before. This combination of dramatically lower failure rates, expanded diagnostics, and faster reporting allows engineers more room in their overall “safety budget.” It can save weeks of engineering work and lower solution costs spent on external monitoring mechanisms.

Notably, the safety microcontroller itself should be clocked by a separate oscillator to avoid any potential dependent failures. SiTime has the required expertise to advise on intelligent partitioning of the clock tree to achieve the twin goals of integration and safety.

Chorus Automotive with FailSafe Technology

Chorus Automotive orchestrates complex timing for automotive compute and sensor systems by providing up to four configurable differential or up to eight single-ended low skew outputs. Its FailSafe technology enables ease of functional safety design by providing programmable end-to-end safety monitors. It is PCI Express (PCIe) Generations 1 – 6 compliant, with spread-spectrum options, on-chip regulators for extremely good power supply noise rejection, and phase-configurable, and programmable skew outputs.

Chorus can alert an external safety manager MCU to any clock faults via configurable general-purpose I/O (GPIO) pins. The serial interface (I2C or SPI) can be used to read internal registers, including the status of the internal monitoring functions. These devices additionally enable high levels of flexibility using the In-System Configuration (ISC) mode to modify the device configuration and each output behavior via the serial interface.

Key features include:

  • Higher performance: up to 10X better resilience with integrated MEMS resonator.
  • Features to enable functional safety: built-in programmable fault monitors.
  • Design simplicity: integrated MEMS technology speeds the design process and eliminates common issues such as noise and impedance matching.
  • Smaller footprint: up to half the size in a 4 x 4mm QFN.
  • Flexible frequency: programmable frequency from 1MHz to 700MHz.
  • Low RMS phase jitter: 70fs typical (12kHz to 20MHz).
  • Excellent frequency stability: ±20 ppm (–40°C to 105°C) or ±50 ppm (–40°C to 125°C).
  • Flexible output types: up to four differential (LVPECL, LVDS, HCSL, LPHCSL) or eight LVCMOS outputs.
  • Flexible supply voltage: programmable, 1.8, 2.5, or 3.3V.
  • Reduced power and simplified circuitry: FlexSwing output reduces power consumption and eliminates termination resistors.
  • EMI reduction: configurable spread-spectrum, programmable rise/fall times.
  • Compliant with the latest PCIe standard: generation 1 to 6.

Featured products

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier