Dave Kelf heads OneSpin’s marketing efforts and services as vice president of marketing. Previously, he was president and CEO of Sigmatix, Inc. He worked in sales and marketing at Cadence Design Systems, and was responsible for the Verilog and VHDL verification product line. As vice president of … More »
Safety-Critical Automotive Applications: Raising the Bar on Verification?
May 22nd, 2014 by Dave Kelf
You may have noticed that one of the DAC themes this year is automotive electronics. If you happen to work on designs that have nothing to do with cars, you may have already disregarded this aspect of the show. Well, not so fast! Its worth a closer look.
We all know that auto electronics has gone through something of a renaissance over the last few years. Cars burst at the seams with processors, perform automated gyrations such as self-parking, and now one or two are taking the ultimate step of driving themselves about town. Who gave the Google Chauffeur car its driver’s license, anyway?
What makes this application area interesting is not necessarily the cool gadgets, but the additional constraints placed upon automotive electronics that are not a factor in other industries. I would like to focus on one, the verification aspect of automotive safety critical components.
Of course, any IC verification process is highly rigorous, with the cost of design failure being prohibitive both in terms of re-spin expense and time-to-market impact. If a strange corner case crops up at the wrong time in a production brake part, for example, the impact will measured in something far more valuable than dollars.
Responding to this concern, the International Organization for Standardization (ISO) created the standard 26262, focused on the quality of safety-critical electronic components, and the level of testing applied to them. The standard defines an “Automotive Safety Integrity Level,” or ASIL, a risk classification scheme that defines multiple levels of certification requirements. Level D is reserved for devices on which lives are dependent and, not surprisingly, it is extremely tough.
ASIL D designs must be architected with stringent failsafe requirements in mind. For example, error correction systems are used to correct stored data in case a key bit is flipped by some external input. Double and even triple redundancy is employed to ensure that a device failure may be trapped and its impact mitigated.
It defines a verification protocol to match. Failure Mode Effect and Diagnostic Analysis or FMEDA-driven diagnostic coverage analysis must be performed, where a component’s failure modes and their affect on system functionality, together with automated diagnostics and their ability to detect the failure, is examined. A Single Pont Fault metric of at least 99% for every part is required.
To accomplish this, additional verification methods must be employed. The injection of various forms of faults into the system, and analysis of the reaction of system operation to those faults is a critical benchmark. Of course, the addition of diagnostics and self-test hardware must itself be verified to ensure that normal operation is preserved in all conditions, as well as the operation when various fault models are applied.
In order to do this and prove the required level of coverage, a thorough qualification of the verification environment is required. All this can really be accomplished only by using formal techniques and advanced coverage methods such as Observation Coverage, which inspects the verification checkers or property sets to ensure that they are effective.
A full picture of these verification environments requires a more in-depth description than what may be covered in a short blog, but you get the idea.
The 51st Design Automation Conference (DAC) is the place to learn more where we’ll see various presentations on this subject. One not to miss will be Holger Busch of Infineon, speaking on “Formal Safety Verification With Qualified Property Sets” at the Designer Track Tuesday, June 3, at 4 p.m. Also, if you want to see these verification environments in action, check out OneSpin’s booth (#1219) where it will use Safety Critical components to demonstrate its formal technologies and solutions.
Category: OneSpin Solutions