Safety Critical Systems and Functional Verification

The push toward automotive safety continues as more designers learn how to work within the Functional Safety Standard ISO 26262 regulations. Aerospace, power generation, defense and medical electronics companies, in addition to auto makers, now rely on the use of fail-safe components in safety-critical systems and are creating demand for verification tools able to meet stringent safety requirements.

Verifying that these systems will work as intended is governed by a range of regulatory standards and must be an exhaustive and rigorous process. Built-in safety mechanisms guarantee the correct operation of these systems and ensure a reliable, deterministic reaction to “random” hardware failures when the device is operating in the field. These must be verified to trap operational hardware faults, in addition to ensuring the design is free of “systematic” design faults through 100% coverage measurements.

While the exhaustive nature of formal verification makes it a natural fit for these designs, additional capabilities must be included to prove design reliability and failsafe operation.

Formal verification offers significant benefits as a way to exhaustively test design properties without the need to create simulation stimulus. New formal tools include safety critical features, such as advanced coverage techniques, fault injection and qualification to test for the presence of any systematic faults, to ensure random faults will be detected and handled by the device.

Coverage is a critical technology and coverage results can provide a reasonable indication of test quality. It can be used in a variety of ways, starting with a test to ensure that all the code has been touched during simulation. Creating meaningful, precise coverage metrics is key and requires more effective mechanisms than basic simulation code coverage techniques. The code base and functionality must be tested to ensure that it is well covered by assertions and tests, thereby proving 100% systematic verification coverage.

ISO 26262 and other standards demand a quantitative analysis of random hardware failures and their outcomes to validate safety mechanisms that trap and resolve “random” field problems. Part of this analysis includes injecting faults into gate-level models of chips during verification to prove that faults will be handled by a safety function. These models can be complex and contain numerous possible fault scenarios. Diagnostic Fault Coverage at levels of 90% or more must be proven by injecting faults into the design and measuring their effect on design operation.

Combining these techniques offers the basis for verification closure decisions (Figure 1).


Figure 1. Multiple IP blocks comprise the top-level design, which must be validated as a whole.

Safety-critical designs are ready-made for the rigorous formal verification process. Project teams agree and have come to rely on formal as a method of ensuring the exhaustive verification of key components of an automotive SoC design. As other segments strive for greater design reliability, they can learn plenty from automotive engineers and the methods that they employ.

Author’s Note: Design Automation Conference (DAC) attendees who want to learn more about safety-critical design are invited to the DAC Pavilion Session, “Steering Safety Innovation in Autonomous Car Electronics,” Tuesday, June 7, at 2 p.m. Moderated by Jim Hogan of Vista Ventures, panelists will include Philippe Magarshack of STMicroelectronics, Martin Lukasiewycz from Bosch Research and OneSpin Solutions’ Raik Brinkmann.
Dave Kelf heads OneSpin’s marketing efforts and services as vice president of marketing. Previously, he was president and CEO of Sigmatix, Inc. He worked in sales and marketing at Cadence Design Systems, and was responsible for the Verilog and VHDL verification product line. As vice president of marketing at Co-Design Automation and then Synopsys, Kelf oversaw the successful introduction and growth of the SystemVerilog language, before running marketing for Novas Software, which became Springsoft (now Synopsys). He holds a Master of Science degree in Microelectronics and an MBA from Boston University.

Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • TwitThis
Extension Media websites place cookies on your device to give you the best user experience. By using our websites, you agree to placement of these cookies and to our Privacy Policy. Please click here to accept.