Assessing automotive functional safety microprocessor with ISO 26262 hardware requirements

This paper provides a step-by-step guideline for the assessment of an automotive safety microprocessor with ISO 26262 hardware requirements. ISO 26262 part 5 - Product development at the hardware level - specifies the safety activities during the phase of the automotive hardware development. In this phase, hardware safety design is derived (from the results of ISO 26262 part 3 and 4), implemented, integrated, and tested. To prove the compliance with ISO 26262 hardware development process, quantitative evaluations on the hardware are indispensable. These quantitative evaluations are known as hardware architecture metrics and probabilistic hardware metrics. The assessment results qualify a design with an automotive safety integrity level (ASIL) which ranges from ASIL-A (lowest) to ASIL-D (highest). In this paper, we implemented an exemplary safety microprocessor to demonstrate the ISO 26262 hardware assessment process. The derivation procedures of the ASIL level from the hardware architecture metrics and probabilistic hardware metrics are fully discussed. Based on the evaluation results, we also provide design suggestions for the ISO 26262 safety hardware design.