Intelligent travel has become a significant development trend, with low altitude economy becoming a hot topic in China's manufacturing industry and other fields. Many manufacturers are actively developing new low altitude equipment such as drones and flying cars. At the same time, China has consistently held the title of world automobile production and sales champion for many years, with an annual production and sales volume of up to 30 million units, providing strong impetus for independent innovation. The "new four modernizations" of intelligence, networking, electrification, and serviceization not only profoundly affect the development of the automotive industry, but also provide new opportunities for innovation in intelligent travel solutions, especially in the fields of low altitude equipment and automobiles.
All intelligent travel system products rely on the support of new computing, communication, and connectivity chips, such as microcontrollers (MCUs), central processing units (CPUs), graphics processing units (GPUs), and field programmable gate arrays (FPGAs). However, system level failures or abnormal behavior of these chips may pose security risks. Therefore, when designing chips and building systems, it is necessary to identify and address these issues to ensure the functional safety of low altitude aircraft and automotive chips.
To ensure that electronic systems in these scenarios meet functional safety requirements, the automotive and aviation industries have developed corresponding standards. The automotive industry follows the ISO 26262 functional safety standard, which originates from IEC 61508 and is increasingly valued with the improvement of automotive intelligence. Aviation electronic products follow the "Guidelines for Hardware Design Support of Aircraft Electronic Equipment (DO-254)" and AMC 20-152A standards, which are the general standards for hardware development of aviation electronic equipment and the key to obtaining airworthiness certification for equipment.
With the development of intelligent networking technology, new standards have also been adopted in the design of intelligent vehicles, low altitude equipment, and aviation electronics, but mainly focused on the field of information security rather than the functional security discussed in this article. The establishment of functional safety standards provides clear reliability indicators and operational safety rules for chip or system developers, reduces the risk of electronic circuit failures or abnormal behavior, and provides guidance for product developers when choosing solutions.
Functional safety is crucial in automotive applications. If the car cannot perform its designed functions, functions such as autonomous driving may fail, posing a safety hazard. However, functional safety also requires certain costs, such as increasing chip area, recruiting experienced designers, implementing strict functional safety research and development processes, and obtaining safety certifications. These costs have led many car manufacturers to ignore or reduce functional safety requirements, adding unsafe factors.
There are currently two main functional safety solutions on the market: lock step solution and repeat execution solution. The lock step scheme ensures functional safety by executing the same program on two processor cores and comparing the results, but it consumes twice the chip area. Repeating the execution of the plan will detect errors by performing the same task twice and comparing the results, but it will reduce performance. Both of these solutions pose challenges for automotive and chip manufacturers, making it difficult to fully embrace functional safety in many practical automotive applications.
However, the trend towards automotive intelligence is forcing the industry to make changes. Recently, there has been a disruptive innovation in functional safety technology in the global automotive GPU field - the distributed functional safety mechanism. This mechanism utilizes the parallel computing and thread switching characteristics of GPUs to insert test templates or test sets during thread downtime waiting, ensuring functional safety by comparing the execution results of two threads. This mechanism almost completely eliminates the performance and chip area losses of lock step schemes and repeated execution schemes, greatly reducing the cost of implementing functional safety.
