Peggy Aycinena is a freelance journalist and Editor of EDA Confidential at www.aycinena.com. She can be reached at peggy at aycinena dot com.
Austemper & Functional Safety: The Alchemy of Modifying Design
July 26th, 2017 by Peggy Aycinena
Austin-based Austemper Design Systems is an EDA startup focused on functional safety that had the good luck to find the Design Automation Conference in their own front yard this year – making it easy for the company to exhibit in Austin and showcase their newly announced suite of tools.
Speaking by phone in a recent call, Austemper Founder & CEO Sanjay Pillay said, “We offer four different tools in our suite, one that analyzes quantitative metrics, two for design automation that go in and add diagnostic conversions and can be used for a single block of IP or for the entire design, and a fourth tool that runs fault-injection analysis.”
Given that the company has only been underway since March 2015, I suggested that tool portfolio represents a lot of productivity over a short amount of time.
Pillay agreed: “Although we are young, we are already working with the largest semiconductor companies in the world, and in the process of negotiating licenses with others.
“DAC was a great place to announce our products. We had more than 30 meetings and demonstrations with potential customers and partners during DAC. It was also an opportunity for us to meet in person with people we have interacted with over e-mails and conference calls, to make that human connection.”
Asked about the origin of the company, Pillay said, “Before starting here at Austemper, I was at HGST/STEC running their Enterprise SSD controller development, and before that was at Maxim and Cirrus Logic, both consumer-product companies.
“My move from companies with a consumer focus,” he continued, “to one with an enterprise focus at HGST was where I first saw an emphasis on functional safety. Where I learned a network interface like PCIe can work with any layout format, but still need a fall-back or safe-state when unexpected thing happen.”
Pillay recalled that designers at HGST went looking for third-party IP blocks that could fill their requirements, but the search proved almost fruitless: “I found not a lot of IP companies addressing functional safety in their products, even though it’s a big issues.
“In fact, I only found one company that would actually support our efforts, but the IP from that vendor were not always Best in Class.”
In response to the dearth of appropriate IP, Pillay said his team at HGST had to innovate: “We added functional safety around the IP we were using, and added that feature set to our custom-built design program.
“We basically licensed IP that we knew to be functionally correct, with correct performance, and then put in the functional safety feature ourselves – things like parity across buses, ECC for memories, etc.”
“Unfortunately,” he continued, “we ran into problems. As everyone knows, if you touch or modify the IP you’ve purchased, the warranties are voided. And typically, the IP vendor will nor redo the verification effort [to confirm functionality within your design]
“This errata within the IP market required us to redo the whole verification effort, effectively pushing out the delivery schedule for our designs by 2-to-3 months.
“When I left HGST, as a result we went looking for a better way to do things.”
“While still at HGST,” Pillay said, “we had a very senior architect who manned the spread sheet, and we had very senior people running that program based on feedback from the designers.
“The process was error prone, however, particularly when the floor plan would not have the correct aspect ratio for memories – which caused us to ask: Is there an automated way to measure these diagnostics?
“And that was the genesis of our SafetyScope tool at Austemper, which starts off with the RTL or netlist. The idea is to cut down on the whole manual process in design analysis, and redo it so nothing can slip through.”
While working with an automotive customer, Pillay saw another un-met need: “We got involved by necessity with some of our customers in the automotive space, the certification space in particular.
“We looked for tools and IP that would help us out – especially for the automotive – but we didn’t see any good solutions out in the market to address our needs.
“The way I looked at it, there must be other/better ways. And that’s why we came up with KaleidoScope at Austemper.
“As I come from the user side – I’ve done design, verification, and some architecture work – and I’ve known the pain points. Kaleidoscope was our first EDA tool development meant to address that pain.”
I asked Pillay to comment on the explosive growth in Automotive semiconductors, as well as Machine Learning edge-node devices.
He responded, “It’s absolutely true, there is a huge initial pull coming from Automotive for functional safety. The complexity required in ADAS silicon [Advanced Driver Assistance Systems] is at least 2 orders of magnitude higher than what we’ve previously seen in automotive, for instance, they are more like an SoC controller or a set-top box.
“Obviously there are tools for 8-bit or 16-bit microcontrollers, but when you try to scale those tools to ADAS, they do not scale well.”
“Our tools, however,” Pillay enthused, “are being built from the ground up to meet the needs of the Automotive space.”
Facebook and Google are building their own chips, I noted, so why aren’t the automobile manufacturers building their own chips to meet their ADAS needs.
Pillay responded, “I’m sure there are some auto vendors – especially the new players from the Valley, which are more like Google and Facebook – who would prefer a vertical integration, but most vendors are more traditional.”
“Which translates to a great market opportunity for you,” I suggested.
“Absolutely,” Pillay said. “With automotive complexity going through the roof, all of the functional and functional safety aspects need to be there in the chips the auto vendors are going to use in their systems.
“The amount of hardware-assisted algorithms in those automotive chips, and the amount of data they’re pumping through, and the amount of decisions being made – the complexity is just huge. I’ve seen some automotive customers with chips in their cars that are actually just as complex as an enterprise SSD controller.”
I asked if Austemper has someone internal who keeps track of the plethora of standards associated with automotive hardware and software.
“Yes we do,” Pillay replied. “And our customers do.
“The big one, of course – the standard around which everyone is consolidating – is ISO 26262. That’s the gold standard for automotive today.
“There are also standards for aero, medical, industrial – but at the end of the day, the process across these various industries is very similar. For some standards, the numbers are qualitative, while for other standards they are more specific.”
“As your tools insert functional safety into design blocks, are you also assuring customers that the modifications will result in silicon that meets current safety standards? What about the liability issues?” I asked.
“That’s a great question,” Pillay replied. “Obviously what we are doing is very related to safety standards, and we are in the process of getting our tools certified relative to those standards.
“At the end of the day, however, if we have done everything using the industry’s most established processes – whether from our tool perspective or our IP enhancement perspective – and we can show that we are following all of the established rules, going above and beyond what we need to do, that should answer all issues around liability.”
I asked if Austemper tools can handle any IP from any vendor.
“Our tools can basically handle any IP that’s out there,” Pillay responded, “whether it’s off-the-shelf, internally developed, or third-party IP.”
“Why have four tools,” I asked, “why not consolidate them all into one larger tool?”
“As we see it,” Pillay said, “each company – especially the established ones – have their own mechanisms for design. They don’t want to change anything. For those customers – especially those who already have an internal flow set up – our tools can improve the productivity and they may not need all of the features in all of our tools.
“For less-established customers, however, they may choose to use all four tools. We can help them do that as well.”
“Implying that your customers also rely on your for some design services?” I asked.
“We have tried to stay tool-flow independent,” Pillay said. “Our tools have taken very large SystemVerilog and Verilog designs and [made the modifications] required for functional safety.
“And we support all of the major EDA vendors – Synopsys, Cadence, Mentor, etc. – and their tool flows. Our goal is to help our customers produce an SoC that will meet all of the safety standards, whether standard or emerging.
“So we have done some design services, but that is not our preferred model of engagement.”
“Where did you get the name for the company?” I asked.
Pillay chuckled, and said very few people have actually asked that question: “Austempering is a metallurgical process that changes the characteristic of metal.
“At Austemper, we take a design which was built for consumer devices, and by putting it through our flow, make it useful in the automotive or medical industry.”
“Isn’t that alchemy, a sort of Dark Art?” I asked.
Again Pillay chuckled: “That’s exactly what we are going for in the name, but it gets even better. The word Austemper has Austin embedded in it, and some of our founding team were based in Austin.”
“And,” he added with a flourish, “the URL was available!
“Most importantly, however, the name conveys what we are trying to do – to create enhanced IP. That’s our focus and that’s what we are able to do.”
SafetyScope implements the estimation of the functional safety (FS) metrics based on a given mission profile and set of diagnostic coverage mechanisms. Where applicable, the tool automatically applies default values from ISO26262 and/or IEC61508 for FIT rates and other DC metrics.
Annealer adds reliability enhancements to structured elements (Modules, RAMs, ROMs, Register Files, FIFOs) to improves fault detection/fault tolerance.
RadioScope adds reliability enhancements inside the block, to the random/internal logic, to improve fault detection/fault tolerance.
KaleidoScope is a parallel fault simulator with hybrid simulation capability. Kaleidoscope’s patent-pending technology enables multiple fault simulations in parallel for single-point or multi-point faults, both permanent and transient, achieving up-to 100x speedup of the total fault campaign compared to gate level fault campaign.