NVIDIA invited the automotive safety and reliability company, TÜV SÜD, to perform a safety concept assessment of our new NVIDIA Xavier system-on-chip (SoC).

Xavier is a complex SoC  with 9 billion transistors that enable it to process vast amounts of data. Its GMSL (gigabit multimedia serial link) high-speed IO connects Xavier to the largest array of lidar, radar and camera sensors of any chip ever built.

Inside the SoC, six types of processors — ISP (image signal processor), VPU (video processing unit), PVA (programmable vision accelerator), DLA (deep learning accelerator), CUDA GPU, and CPU — process nearly 40 trillion operations per second, 30 trillion for deep learning alone. This level of processing is 10x more powerful than our previous generation DRIVE PX 2 reference design, which is used in today’s most advanced production cars.

From a safety perspective, this means building in diversity, redundancy and fault detection from end to end. From sensors, to specialized processors, to algorithms, to the computer, all the way to the car’s actuation — each function is performed using multiple methods, which gives us diversity. And each vital function has a fallback system, which ensures redundancy.

For example, objects detected by radar, lidar or cameras are handled with different processors and perceived using a variety of computer vision, signal processing and point cloud algorithms. Multiple deep learning networks run concurrently to recognize objects that should be avoided, while other networks determine where it’s safe to drive, achieving both diversity and redundancy. Different processors, running diverse algorithms in parallel, backing each other up, reduce the chance of an undetected single point of failure.

Xavier also includes many types of hardware diagnostics. Key areas of logic are duplicated and voted in hardware using lockstep comparators. Error-correcting codes on memories detect faults and improve availability. A unique built-in self-test helps to find faults in the diagnostics, wherever they may be on chip.

Xavier’s safety architecture was created over several years by more than 300 architects, designers and safety experts who analyzed over 150 safety-related modules. With Xavier, the auto industry can achieve the highest functional safety rating: ASIL-D.

NVIDIA created DRIVE as an open platform so that the experts in the world’s best car companies can engage our platform to make it industrial strength. We also turned to TÜV SÜD, among the world’s most respected safety experts, who measured Xavier against the automotive industry’s standard for functional safety — ISO 26262.

Established by the International Organization for Standardization, the world’s chief standards body, ISO 26262 is the definitive global standard for the functional safety — a system’s ability to avoid, identify and manage failures — of road vehicles’ systems, hardware and software.

To meet that standard, an SoC must have an architecture that doesn’t just detect hardware failures during operation. It also needs to be developed in a process that mitigates potential systematic faults. That is, the SoC must avoid failures whenever possible, but detect and respond to them if they cannot be avoided.

TÜV SÜD’s team determined Xavier’s architecture meets the ISO 26262 requirements to avoid unreasonable risk in situations that could result in serious injury.

Source: NVIDIA