Mentor Safe IC ISO & IEC Functional Safety

Transcription

1 Mentor Safe IC ISO & IEC Functional Alex Grove European Application Engineer Bryan Ramirez Strategic Marketing Manager Automotive Functional Professional Sanjay Pillay Functional Technologist Austemper Founder & CEO November 2018

2 ISO INTRODUCTION

3 ISO & IEC What is Functional? Driving down risk of Electrical and Electronics malfunctioning due to failures Systematic Faults Random Faults Malicious Faults Incomplete Specs Misinterpreted Specs Bad RTL HW/SW Interface Problems Challenges Process & requirements IC complexity Exhaustive & efficient EMI Electro-migration Permanent or transient Latent Challenges Emerging requirement Manual -> automation Scale with IC complexity Encryption Vulnerabilities Denial of Service Untrusted IC Hardware Trojan Challenges Exhaustive Scalability

4 Functional Terms & Fault Metrics ISO Part 5 ASIL B ASIL C ASIL D FIT Rate (PMHF) <10-7 h -1 <10-7 h -1 <10-8 h -1 Single-point Fault Metric (SPFM) 90% 97% 99% Latent Fault Metric (LFM) 60% 80% 90% Failure In Time (FIT) is a unit for expressing the expected failure rate of semiconductors and other electronic devices. One FIT equals one failure per billion (10 9 ) hours (once in about 114,155 years) Single-point/latent fault metric (SPFM/LFM) is a hardware architectural metric that reveals whether or not the coverage by the safety mechanisms is sufficient to prevent risk from single point/latent faults in the hardware architecture. Diagnostic coverage (DC) is a measure of effectiveness of the diagnostics implemented in the system. Mathematically, it is the ratio of the failures detected and/or controlled by a safety mechanism to the total failures in the element.

5 MENTOR SAFE IC

6 Tool Qualification IC Development Process Operate Correctly Fail Safely Development Process Developing Safe ICs ICs must operate correctly & fail safely for ISO functional safety Requirements & Traceability Mentor Safe IC System Specification Architectural Design Functional Design Functional Verification Circuit Design Planning FMEDA Mechanisms Fault Injection Lifecycle Management Analysis Design For Physical Design Physical Verification Verification Fabrication Compliance Systematic Faults Random HW Faults

7 Productivity Flow Mentor Safe IC Most complete functional safety IC solution automating the path to compliance Lifecycle Management Managing the complete functional safety lifecycle from planning to compliance Compliance Analysis Understanding risks associated with design faults through FMEDA analysis Siemens Polarion Questa Verification Management KaleidoScope TM Questa Formal Veloce Fault App Tessent DefectSim Mentor z Safe IC Scope TM Synthesis Tessent BIST Verification Providing evidence for compliance through multi-domain fault injection Performance Design for Mitigating potential failures through the insertion of safety mechanisms

8 LIFECYCLE MANAGEMENT

9 Increased efficiency & reduced risk through collaboration & automation Polarion - Functional Lifecycle Management Managing the complexities of development within the framework of functional safety Requirements management & traceability Change & configuration management Planning Functional safety workflows & governance Cross-project collaboration & visibility Audit & review management Siemens Polarion ALM

10 Polarion & Questa Verification Management Automatic requirement driven verification with full traceability through development flow Enterprise Level Requirements Management Testplan Higher Level Requirements Derived from relationship Verification Requirements Testplan UCDB Questa Integrated Traceability Higher Level Requirements Directed Tests Verified by relationship Higher Assertions, Level Requirements Directives, Coverpoints Engine UCDBs merge Questa Testplan Tracker Automatic Testplan Creation Questasim Questa HTML/Text Reporting Results UCDB

11 SAFETY ANALYSIS

12 Austemper TM Scope TM analysis solution Lifecycle Management Diagnostic Coverage Mechanism Coverage Contribution Report Design for IC Development Lifecycle Management Design Files FMEDA FIT Rate & Diagnostic Coverage Computation FMEDA FIT Rate & Diagnostic Coverage Analysis Verification Mission Profile Fault Injection List

13 Scope FIT Computation IEC62380 is used to calculate Failure In Time (FIT) #Transistors for Endpoint (EP)= #Transistors Cone + #Transistors Endpoint LambdaFile (input file) Temperature Profile (input file) Mission Profile (input file) IEC FIT Equation FIT Design = FIT Endpoints Default # Transistors = 6 E P Default # Transistors = 62 Default # Transistors = 2 Package Spec (input file) Package Material (input file) MissionProfilePhase (input file)

14 DESIGN FOR SAFETY

15 Austemper TM Synthesis Automatic safety mechanism insertion in RTL IC Development IC Development Resilience Check Unsafe Design Mechanism Verification Verification Safe Design Analysis Macro List Automated and Verifiable Mechanism Insertion Mechanism Verification IC Development Equivalency Check

16 Austemper Synthesis Advantage Industry s only automated safety mechanism insertion solution Features Annealer TM RadioScope TM Error Detection & Correction Hamming code based n-bit detect/m-bit correct Structures supported RAM, ROM, Reg Files, FIFOs, Stacks Flip-Flop Banks User-defined structure selection Auto-grouping of structures User selectable protection (Parity, EDC, ECC) Multi-pass w/ incremental safety insertion mode Fault Tolerance Redundancy Macro/Module Level Localized Logic Cones Duplication/Triplication Multi clock designs Auto-identification Memories State Machines Protocol Checks Covered Items Interface parity/protocol, FIFO overflow/underrun FSM valid states and transitions

17 Tessent BIST & MissionMode System-controlled diagnostic testing for detection of permanent faults Key On Tessent BIST & MissionMode Online MissonMode Controller MBIST & LBIST engines BIST Efficient fault detection mechanism Permanent faults Long detection interval Key Off Complements Synthesis Latent faults Secondary checking

18 SAFETY VERIFICATION

19 Digital IC Fault Injection Digital IC Verification Successive refinement to optimize fault injection campaign and maximize results Analysis Formal Analysis Simulation Scope TM Questa SafeCheck Fault list generation Initial fault list pruning Formally optimized & prioritized fault list to improve efficiency downstream Exhaustively prove stimulus dependent results High performance, concurrent fault simulation KaleidoScope TM Smart fault campaign management Emulation Veloce Fault App Accelerate fault injection of large, complex SOCs or long testcases Only approach to understand how SW safety mechanisms react to HW faults FPGA Prototyping KaleidoScope TM HSE & VPS Accelerate fault injection on FPGA prototypes Test fault injection within system context

20 Austemper KaleidoScope TM Concurrent fault simulation Design for IC Development Analysis Analysis Safe Design RTL Sims Alarms Fault List Managed, high performance safety verification Alarm Triggered Error Masked Alarm Not Triggered Not Resolved Further analysis Credit Diagnostic Coverage Safe Fault Unsafe Fault Kscope HSE Analysis Analysis Analysis Verification

21 Austemper KaleidoScope TM HSE Hybrid Simulation Extension for guaranteed fault resolution IC Development IC Development RTL Design Files KaleidoScope TM HSE Fault injection to resolve any fault Simulator Questa Alarm Triggered Credit Diagnostic Coverage Analysis Verification Netlist Design Files Automatic Fault Embedding Mixed-Signal Questa ADMS Error Masked Safe Fault Analysis IC Development Injected Fault Test Case Emulation Veloce FPGA VPS Alarm Not Triggered Loss of Diagnostic Coverage Analysis

22 CONCLUSION

23 Top Functional IC Challenges How Mentor + Siemens can accelerate your path to compliance CHALLENGE Use qualified tools to ensure a safe development tool chain Establish a safety culture and practices Adopt requirements driven development Deliver ISO26262 & IEC61508 fault metrics Enhance designs to mitigate affects of random hardware faults Prove designs are sufficiently safe from random hardware faults HOW MENTOR CAN HELP Mentor Safe Tool Qualification Most extensive EDA tool qualification program Mentor Consulting and Siemens Polarion Extensive safety critical experience and software to guide the adoption Siemens + Mentor Requirements Management Only requirements management solution w/ traceability to EDA Mentor Analysis Most accurate automated metric computation and safety exploration Mentor Design for Only automated safety mechanism insertion to increase design safety Mentor Verification Most extensive fault injection platform to validate metrics

24 Q&A

25 Mentor Safe - Tool Qualification ISO report certification that streamlines the compliance process Mentor Safe Certified qualification reports for the Mentor tool portfolio Broadest portfolio of qualified tools s-technology/functional-safety-iso26262 TUEV-Saar ISO Questa Sim & Verification Management Questa CDC & Formal Questa Visualizer Analog / Mixed-Signal Simulation Veloce StratoOS Calypto Tessent Calibre

26