Presentation is loading. Please wait.

Presentation is loading. Please wait.

Functional Safety Solutions for Automotive

Published bySusanna Mäki Modified over 4 years ago

Similar presentations

Presentation on theme: "Functional Safety Solutions for Automotive"— Presentation transcript:

1 Functional Safety Solutions for Automotive
FMEDA automation and predictable ISO compliance Vladislav Palfy

2 SoC/ASIC/FPGA Verification Flow
IC Integrity Functionally correct, safe, secure, and trusted SoCs/ASICs/FPGAs Functional Correctness Trust and Security Safety OneSpin provides certified IC Integrity Verification Solutions to develop functionally correct, safe, secure, and trusted integrated circuits. IC Integrity SoC/ASIC/FPGA Verification Flow Design Integration Implementation

3 SoC/ASIC/FPGA Verification Flow
IC Integrity Functionally correct, safe, secure, and trusted SoCs/ASICs/FPGAs Functional Correctness Trust and Security Safety OneSpin provides certified IC Integrity Verification Solutions to develop functionally correct, safe, secure, and trusted integrated circuits. IC Integrity SoC/ASIC/FPGA Verification Flow Design Integration Implementation

4 Introduction to Functional Safety
The objective of functional safety: Freedom from unacceptable risk of physical injury or of damage to the health of people either directly or indirectly Functional Safety Risks Risk drivers Risk management through functional safety standards Systematic Failures Design faults Tool faults Random Failures Permanent faults Transient faults Continuous increase in flow and tool complexity Continuous increase in functionality Increasing density of the design process node Decreasing energy levels Minimize systematic failures Safeguard against random failures

5 High-Level Safety Flow
Minimize systematic failures Safeguard against random failures Functional Requirements Safety Requirements/Goals HW Specification HW Safety Specification HW Safety Analysis Design Implementation Diagnostic Coverage Determination Safety Mechanism Implementation Functional Verification Quantification of Verification Verification of the Safety Mechanism Evaluation of Hardware Metrics Covered by OneSpin

6 OneSpin FMEDA Methodology Overview
ISO compliant flow Safety Goals HW Safety Analysis ISO work products in regards to random hardware failures Diagnostic Coverage Determination Evaluation of Hardware Metrics

7 Top Down and Bottom Up Safety Analysis
Deductive Top Down Inductive Bottom Up Safety Goal: No unintended inflation of airbag, ASIL C/D Failure Mode: Wrong value from CPU Failure: 4 + 4 = 4 Fault: StuckAt 0 on bit reg[2]

8 Hardware Safety Analysis
Failure Mode Contribution Analysis (FCA) App Safety Engineer analyzes the failure modes causing safety goal violations. But which failure mode can be caused by which fault? Hardware Design Safety Goals Safety Goal Failure Mode Fault HW Safety Analysis And, which Safety Mechanisms are in place? Diagnostic Coverage Determination Evaluation of Hardware Metrics We ran this at over 2 billion transistors. Runs at SoC level. It’s a structural analysis. Failure Mode is conversative

9 Hardware Safety Analysis
Failure Mode Contribution Analysis (FCA) App Safety Engineer analyzes the failure modes causing safety goal violations. But which failure mode can be caused by which fault? Hardware Design Safety Goals Safety Goal Failure Mode Fault HW Safety Analysis And, which Safety Mechanisms are in place? Diagnostic Coverage Determination The FCA App runs a structural HW safety analysis by linking failures to faults (failure mode distribution). This is a deductive (top down) analysis validated by an automated inductive coherency check. Evaluation of Hardware Metrics We ran this at over 2 billion transistors. Runs at SoC level. It’s a structural analysis. Failure Mode is conversative

10 Hardware Safety Analysis
Failure Mode Contribution Analysis (FCA) App Safety Engineer analyzes the failure modes causing safety goal violations. But which failure mode can be caused by which fault? Hardware Design Safety Goals Safety Goal Failure Mode Fault HW Safety Analysis And, which Safety Mechanisms are in place? Diagnostic Coverage Determination The FCA App runs a structural HW safety analysis by linking failures to faults (failure mode distribution). This is a deductive (top down) analysis validated by an automated inductive coherency check. Evaluation of Hardware Metrics Automated failure mode distribution reduces engineering effort. Precise fault allocation minimizes/eliminates fault simulation. We ran this at over 2 billion transistors. Runs at SoC level. It’s a structural analysis. Failure Mode is conversative

11 FCA Example: FIFO with ECC Protection
FCA results with diagnostic coverage estimation data rd_data encode FFs decode rd_error rd_corrected clk/rst read control full write empty Sub part Area / Failure Mode Distribution State Count Fault Count Diagnostic Coverage storage 151.2 72 1024 100% control 32.3 8 434 0% clk/rst-tree 0.7 28 active-encode 4.4 52 ?% active-decode 9.55 126 passive-decode 10.73 130

12 Hardware Safety Analysis Overview
ISO compliant flow Automated design analysis a key factor for efficient analysis of random hardware failures Safety Goals HW Safety Analysis ISO work products in regards to random hardware failures Diagnostic Coverage Determination Evaluation of Hardware Metrics

13 Diagnostic Coverage Determination
Fault Propagation and Detection Analysis (FPA/FDA) Apps How many faults are covered by safety mechanisms? How many of the faults in the safety-related hardware element cannot violate the safety goal (Safe Fault Fraction)? Hardware Design Safety Goals HW Safety Analysis Diagnostic Coverage Determination Evaluation of Hardware Metrics

14 Diagnostic Coverage Determination
Fault Propagation and Detection Analysis (FPA/FDA) Apps How many faults are covered by safety mechanisms? How many of the faults in the safety related hardware element cannot violate the safety goal (Safe Fault Fraction)? Hardware Design Safety Goals Expert judgment of diagnostic coverage leverages precise FCA fault allocation. When expert judgment cannot be applied the FDA App determines the diagnostic coverage or fault simulation is applied. FPA App automates safe fault extraction based on assumptions of use. HW Safety Analysis Diagnostic Coverage Determination Evaluation of Hardware Metrics

15 Diagnostic Coverage Determination
Fault Propagation and Detection Analysis (FPA/FDA) Apps How many faults are covered by safety mechanisms? How many of the faults in the safety related hardware element cannot violate the safety goal (Safe Fault Fraction)? Hardware Design Safety Goals Expert judgment of diagnostic coverage leverages precise FCA fault allocation. When expert judgment cannot be applied the FDA App determines the diagnostic coverage or fault simulation is applied. FPA App automates safe fault extraction based on assumptions of use. HW Safety Analysis Diagnostic Coverage Determination Safe fault extraction eliminates manual fault analysis. Automated diagnostic coverage determination does not require a testbench and can replace fault simulation. Evaluation of Hardware Metrics

16 Fault Detection Analysis App Flow
Input Constraints Fault List Observation Points Diagnostic FDA Fault Classification Report/DB Fault Inputs RTL / Netlist Detected (multipoint) Fault can propagate to at least one observation point and alarm is asserted Non-detected (residual) point and alarm is NOT asserted Non-propagated (safe or latent) Fault does not propagate to observation points Fault Detection Analysis App Flow Diagnostic coverage without simulation Inject Faults in SMs encode decode control FFs

17 FDA Example: FIFO with ECC Protection
Measuring diagnostic coverage for each sub-part data rd_data encode FFs decode rd_error rd_corrected clk/rst read control full write empty Sub part Area / Failure Mode Distribution State Count Fault Count Diagnostic Coverage mem-data 151.2 72 1024 100% control 32.3 8 434 0% clk/rst-tree 0.7 28 active-encode 4.4 52 active-decode 9.55 126 75% passive-decode 10.73 130 24%

18 OneSpin FMEDA Methodology Overview
ISO compliant flow Automated design analysis a key factor for efficient analysis of random hardware failures Safety Goals HW Safety Analysis ISO work products in regards to random hardware failures Diagnostic Coverage Determination Evaluation of Hardware Metrics

19 Evaluation of Hardware Metrics
Hardware Metric Computation (HMC) App Which metrics must be produced to achieve ISO compliance? Single-Point Fault Metric (SPFM) Reflects the robustness of the component with respect to safety goal violation by individual faults Latent Fault Metric (LFM) Reflects the robustness of the component with respect to safety goal violation by multiple-point faults (faults in safety mechanism and function) Probabilistic Metric for Random Hardware Failures (PMHF) Residual risk of the safety architecture. Measured by Failure in Time (FIT) Hardware Design Safety Goals HW Safety Analysis Diagnostic Coverage Determination Evaluation of Hardware Metrics

20 Evaluation of Hardware Metrics
Hardware Metric Computation (HMC) App Which metrics must be produced to achieve ISO compliance? Single Point Fault Metric (SPFM) Reflects the robustness of the component with respect to safety goal violation by individual faults Latent Fault Metric (LFM) Reflects the robustness of the component with respect to safety goal violation by multiple-point faults (faults in safety mechanism and function) Probabilistic Metric for Random Hardware Failures (PMHF) Residual risk of the safety architecture. Measured by Failure in Time (FIT) Hardware Design Safety Goals HW Safety Analysis Diagnostic Coverage Determination The HMC App enables full chip, multi-user, early estimation of the hardware metrics and compliance when data from FCA and the Diagnostic Coverage Determination becomes available. Evaluation of Hardware Metrics

21 Evaluation of Hardware Metrics
Hardware Metric Computation (HMC) App Which metrics must be produced to achieve ISO compliance? Single Point Fault Metric (SPFM) Reflects the robustness of the component with respect to safety goal violation by individual faults Latent Fault Metric (LFM) Reflects the robustness of the component with respect to safety goal violation by multiple-point faults (faults in safety mechanism and function) Probabilistic Metric for Random Hardware Failures (PMHF) Residual risk of the safety architecture. Measured by Failure in Time (FIT) Hardware Design Safety Goals HW Safety Analysis Diagnostic Coverage Determination The HMC App enables full chip, multi-user, early estimation of the hardware metrics and compliance when data from FCA and the Diagnostic Coverage Determination becomes available. Evaluation of Hardware Metrics No expert level ISO knowledge required and avoids spreadsheet madness.

22 Hardware Metric Calculation Example
Web technology enables different use model Calculates hardware metrics SPFM LFM PMHF Supports layering Estimation layer FCA layer Client/Server architecture Multi-user Single DB

23 OneSpin FMEDA Methodology Summary
ISO compliant flow Safety Goals FMEDA HW Safety Analysis ISO work products in regards to random hardware failures Diagnostic Coverage Determination Evaluation of Hardware Metrics Automated FMEDA flow for predictable ISO compliance Reduce fault simulation Reduce/eliminate manual analysis Implement a repeatable, reusable and robust flow

24 Thank You!

Download ppt "Functional Safety Solutions for Automotive"

Similar presentations

Dependability analysis and evolutionary design optimisation with HiP-HOPS Dr Yiannis Papadopoulos Department of Computer Science University of Hull, U.K.

Dependability analysis and evolutionary design optimisation with HiP-HOPS Dr Yiannis Papadopoulos Department of Computer Science University of Hull, U.K.
SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ 2009.09.03 © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.

SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.
Model based development for function safety Continental Automotive France Philippe CUENOT OFFIS Thomas PEIKENKAMP.

Model based development for function safety Continental Automotive France Philippe CUENOT OFFIS Thomas PEIKENKAMP.
Apr. 20, 2001VLSI Test: Bushnell-Agrawal/Lecture 311 Lecture 31 System Test n Definition n Functional test n Diagnostic test  Fault dictionary  Diagnostic.

Apr. 20, 2001VLSI Test: Bushnell-Agrawal/Lecture 311 Lecture 31 System Test n Definition n Functional test n Diagnostic test  Fault dictionary  Diagnostic.
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.

Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
DSI Division of Integrated Systems Design Functional Verification Environments Development Goals Our main goals are in the field of developing modular.

DSI Division of Integrated Systems Design Functional Verification Environments Development Goals Our main goals are in the field of developing modular.
Hazards Analysis & Risks Assessment By Sebastien A. Daleyden Vincent M. Goussen.

Hazards Analysis & Risks Assessment By Sebastien A. Daleyden Vincent M. Goussen.
[ §4 : 1 ] 4. Requirements Processes II Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Software Requirements Specification.

[ §4 : 1 ] 4. Requirements Processes II Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Software Requirements Specification.
EADS TEST & SERVICES TS/EL/T N°08_04/08 Page 1© Copyright EADS TEST & SERVICES 2008 Engineering Process for Systems Testability Analysis. Presentation.

EADS TEST & SERVICES TS/EL/T N°08_04/08 Page 1© Copyright EADS TEST & SERVICES 2008 Engineering Process for Systems Testability Analysis. Presentation.
What Exactly are the Techniques of Software Verification and Validation www.softwaretestinggenius.com A Storehouse of Vast Knowledge on Software Testing.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
10th TTCN-3 User Conference, 7-9 June 2011, Bled, Slovenia AUTOSAR Conformance Tests - Feedback on their development and utilization Alain Feudjio-Vouffo,

10th TTCN-3 User Conference, 7-9 June 2011, Bled, Slovenia AUTOSAR Conformance Tests - Feedback on their development and utilization Alain Feudjio-Vouffo,
Copyright Critical Software S.A. 1998-2006 All Rights Reserved. VAL-COTS Validation of Real Time COTS Products Ricardo Barbosa, Henrique Madeira, Nuno.

Copyright Critical Software S.A All Rights Reserved. VAL-COTS Validation of Real Time COTS Products Ricardo Barbosa, Henrique Madeira, Nuno.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
1. Topics to be discussed Introduction Objectives Testing Life Cycle Verification Vs Validation Testing Methodology Testing Levels 2.

1. Topics to be discussed Introduction Objectives Testing Life Cycle Verification Vs Validation Testing Methodology Testing Levels 2.
Alec Stanculescu, Fintronic USA Alex Zamfirescu, ASC MAPLD 2004 September 8-10, 2004 Design Verification Method for.

Alec Stanculescu, Fintronic USA Alex Zamfirescu, ASC MAPLD 2004 September 8-10, Design Verification Method for.
Analyze Opportunity Part 1

Analyze Opportunity Part 1
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
WILLIAM KIEWICZ-SCHLANSKER LAFAYETTE COLLEGE LiFePO4 Battery Pack Per-Cell Management System.

WILLIAM KIEWICZ-SCHLANSKER LAFAYETTE COLLEGE LiFePO4 Battery Pack Per-Cell Management System.

Similar presentations

Ads by Google