close By using this website, you agree to the use of cookies. Detailed information on the use of cookies on this website can be obtained on OneSpin's Privacy Policy. At this point you may also object to the use of cookies and adjust the browser settings accordingly.

Functional Safety
Compendium

Browse through our safety-related content


Tool Qualification for Functional Safety Standards 


The TÜV SÜD audit reviewed OneSpin’s ability to meet the requirements for the tool qualification methods “evaluation of the development process” and “validation of the software tool” defined in ISO 26262. These methods can be applied to all tool confidence levels and enable tool qualification through ASIL D, the highest automotive safety integrity level. In addition, OneSpin satisfied the requirements for T2 off-line tools, the classification required for verification tools according to IEC 61508 and EN 50128. With this foundation, OneSpin’s certified Tool Qualification Kits ensure that a design flow or tools follow the safety manual without imposing additional requirements. The user can apply the Tool Qualification Kit directly to the tool evaluation step required by the functional safety standards with no additional tool qualification effort. This accelerates the process and eliminates the need to implement extensive tool error-detection justification or other time-consuming tool qualification methods such as “increased confidence from use."

To learn more about OneSpin’s Tool Qualification Kits visit onespin.com/tuv.


Videos

Xilinx talks Safety with OneSpin

Sasa Stamenkovic, senior field application engineer, sat down with Xilinx's senior director of architecture, Sagheer Ahmad, to speak about the challenges of moving into the automotive space even for a company with longstanding experience in other safety-critical domains.

Xilinx talks Safety with OneSpin

Sasa Stamenkovic, senior field application engineer, sat down with Xilinx's senior director of architecture, Sagheer Ahmad, to speak about the challenges of moving into the automotive space even for a company with longstanding experience in other safety-critical domains.

Tech Talk: ISO 26262 Statistics

Jorg Gosse, functional safety product manager at OneSpin Solutions, talks with Semiconductor Engineering about the statistics behind the standards, what is considered good enough, and how those numbers vary across different standards.

Tech Talk: ISO 26262 Statistics

Jorg Gosse, functional safety product manager at OneSpin Solutions, talks with Semiconductor Engineering about the statistics behind the standards, what is considered good enough, and how those numbers vary across different standards.

Tech Talk: Traceability In Functional Safety

Dominik Strasser, vice president of engineering at OneSpin Solutions, talks with Semiconductor Engineering about the impact of functional safety regulations on liability and traceability in automotive, rail, industrial, nuclear and machinery applications.

Tech Talk: Traceability In Functional Safety

Dominik Strasser, vice president of engineering at OneSpin Solutions, talks with Semiconductor Engineering about the impact of functional safety regulations on liability and traceability in automotive, rail, industrial, nuclear and machinery applications.


White papers

Shifting the Burden of Tool Safety Compliance from Users to Vendors

Functional safety standards demand that this risk be assessed and adequately minimized through tool qualification and other processes. For engineering teams, this is a time-consuming task and, worryingly, one for which there are no mature solutions yet. Tool vendors may provide safety certificates or packages, in an attempt to support their customers with safety compliance. Strategies vary and so do the benefits to the user and project.

In this paper, we review requirements on tool classification and qualification, present different safety compliance strategies, and explain their benefits to safety-critical hardware projects.

Download white paper Shifting the Burden of Tool Safety Compliance from Users  to Vendors

The Rise and Fall of Synthesis Bugs in Safety-Critical FPGAs

Functional safety standards require a rigorous development process to minimize the risk of introducing systematic faults. Some RTL issues may only reveal themselves as bugs in the synthesis netlist. Additionally, synthesis tools manipulate the design to map it into the fixed FPGA structure. These complex transformations present a high risk of introducing bugs. Gate-level simulation and lab testing can only cover a tiny portion of the FPGA functionality and are likely to miss implementation bugs. Moreover, they are slow to run and challenging to debug. 

This white paper presents an implementation signoff flow proving that the final FPGA netlist is functionally equivalent to the RTL model. Based on FPGA-specific, mature formal verification technology, the solution is exhaustive and efficient, catching many issues before synthesis starts.

Download white paper The Rise and Fall of Synthesis Bugs in Safety-Critical  FPGAs

Using Formal to Verify Safety-Critical Hardware for ISO 26262

Automotive technology has come a long way since the days of the Ford Model T. Today's smart vehicles not only assist their drivers with tasks such as parking, lane management, and braking, but also function as a home away from home, with WiFi hotspots and sophisticated entertainment systems. These sophisticated features are made possible by increasingly complex electronic systems—systems that present countless new opportunities for things to go wrong. A defective headrest video screen may be an irritation to a young passenger in the back seat, but a malfunctioning corrective steering system could cost the occupants of the vehicle their lives. Adequate verification is essential.

OneSpin's formal verification solutions can help automotive suppliers continue to advance their technology while keeping drivers and passengers safe. Our safety-critical white paper examines the ISO 26262 automotive standard and makes a case for its indispensability.

Download white paper Using Formal to Verify Safety-Critical Hardware for ISO  26262

When correct is not enough – Formal verification of fault-tolerant hardware

Fault-tolerant hardware development is no longer a niche and presents new challenges. Many engineers face the daunting task of having to examine countless faulty variants of their design in order to integrate and verify multiple safety mechanisms within complex Systems-on-Chip (SoCs).

This white paper examines key goals and challenges in fault-tolerant hardware verification, and presents formal solutions that ensure predictable hardware behavior under all relevant operating conditions and fault scenarios, while saving in engineering and computational resources. 

Download white paper When correct is not enough – Formal verification of  fault-tolerant hardware

Technical articles

Demystifying EDA Support For ISO 26262 Tool Qualification

Sergio Marchese at Semiconductor Engineering

My new, mid-size car is equipped with many advanced driver-assistance systems. To be honest, it’s taking me time to get used to some of them, as, for example, lane-centering assist that seamlessly takes control of my steering wheel. However, I cannot wait to get my hands off a fully autonomous vehicle and be able to take a nap while 7nm chips run machine learning and other artificial intelligence algorithms do the driving for me.

Read the full article at Semiconductor Engineering.

Certifying the Certifier – OneSpin Talks About the Extra Burden of Proof

Bryon Moyer at EEJournal

This discussion stems from a conversation with OneSpin at this summer’s DAC. Seems like it was just about this time last year that we talked about how EDA and functional safety work together, but, based on some recent certification announcements, this year we have a view from a different stance.

Read more …

Functional Safety: Art Or Science?

Sergio Marchese at Semiconductor Engineering

Nowadays, most hardware development projects deploy functional verification flows that include UVM-based constrained-random testbenches and formal verification. High design complexity, tough budget constraints, and short time to market are the norm, not the exception. Advanced verification is a necessity for many engineering teams. In our increasingly connected world, where billions of IoT devices soon will be communicating to us and to each other, security rapidly is becoming a key concern.

Read the full article at Semiconductor Engineering.

ISO 26262 and You

Jörg Grosse at Embedded Systems Engineering

Why Automotive electronics suppliers will make increasing use of formal tools to meet the standard’s strict requirements for verification and satisfy supply chain demand.

Read the full article at Embedded Systems Engineering.

Making Sense Of Safety Standards

Tom Anderson on Semiconductor Engineering

If you’re involved in the design or verification of safety-critical electronics, you’ve probably heard about some of the standards that apply to such development projects. If not, then you’re probably puzzled when you read about TÜV SÜD certifying that an EDA tool satisfies functional safety standards ISO 26262 (TCL3/ASIL D), IEC 61508 (T2/SIL 3) and EN 50128 (T2/SIL 3). The industry has quite an “alphabet soup” (more accurately, alphanumeric soup) of functional safety standards. In this post, we’ll try to sort it out.

Read the full article on Semiconductor Engineering…

Bridging the Gap Between Modern, Rigorous FPGA Development Flow and DO-254/ED-80

Sergio Marchese at Embedded Systems Engineering

Focusing on functional verification, this article introduces state-of-the-art formal equivalence checking solutions for field programmable gate arrays (FPGAs) and makes a case for their applicability to AEH development.

Read the full article at Embedded Systems Engineering.

Read more …

Achieving Completeness in IP Functional Verification

Wolfram Buettner and Michael Siegel, OneSpin Solutions at EEtimes

360 MV is the only complete functional verification solution. Verification is objectively 'complete' when all output signals of the design under verification have been verified to have their expected values at any point in time for any possible input scenario. This notion of completeness implies 100% input scenario coverage and 100% output behavior coverage, the highest possible coverage that any functional verification can achieve and the key to ensure error-free operation. It can only be achieved when transforming formal verification from the common bug-hunting and corner-case inspection approach into a full 'functional sign-off' approach. The details on complete functional verification compared to other functional verification approaches – be it simulation-based, assertion-based, or formal – is explained in the following EETimes article:

Read more …


Press releases

Hitachi Turns to OneSpin to Meet IEC 61508 SIL 4 Safety Requirements

OneSpin 360 EC-FPGA, EC-RTL Tools and Qualification Kit Accelerate Verification, Certification of Hitachi Products, Processes 

OneSpin Provides Automated ISO 26262 Safety Analysis, Verification Flow to Kalray

Functional Safety Flow Enables Kalray’s Massively Parallel Processor Arrays to Be Used in Autonomous Vehicles

OneSpin Rolls Out OneSpin 360 EC-FPGA Tool Qualification Kit to Meet DO-254 Standard

Users Deploy EC-FPGA Formal Sequential Equivalence Checking into Aviation Electronic Systems with Support for Certification Processes 

OneSpin Completes All Factory Inspections, Audits by Internationally-Recognized Testing Body TÜV SÜD

Eliminates Tool Qualification Effort for Users Targeting Functional Safety Standards ISO 26262, IEC 61508, EN 50128

OneSpin Announces Immediate Availability of OneSpin 360 EC-FPGA Tool Qualification Kit Certified for ISO 26262, IEC 61508, EN 50128

Users Deploy EC-FPGA Formal Sequential Equivalence Checking into Automotive ASIL D Projects with no Additional Tool Qualification Requirements  

Formal Verification Leader OneSpin Solutions Unveils its Comprehensive Safety Critical Solution for Automotive, Other Mission-Critical Applications

Random Fault Verification Supported by New Safety Critical Apps, Certification Kits


Flyers

OneSpin® 360 Design Verification Solutions

The OneSpin 360 Design Verification (DV) product line leverages the most advanced, high-performance formal technology as the basis for a range of verification solutions, from automated design analysis to advanced property checking. Solutions and apps have intuitive, flexible user interfaces and debug capabilities. They are easy to integrate into existing hardware development flows.

Download flyer OneSpin 360 Design Verification Solutions

OneSpin® 360 EC-FPGA™

The OneSpin 360 EC-FPGA solution ensures that advanced FPGA synthesis optimizations, used to achieve competitive functionality, performance, power consumption, and cost targets, do not introduce functional errors. It supports all sequential synthesis optimizations performed in FPGA design flows. OneSpin 360 EC-FPGA is in use at multiple companies as an accuracy gold standard to test their design solutions.

Download flyer OneSpin 360 EC-FPGA

OneSpin® 360 Safety Verification Solution

Fault-tolerant electronic components in safety-critical systems are now commonplace in many industry sectors, including automotive, aerospace, power generation, defense, and medical. To guarantee the safe operation of SoCs under harsh environmental conditions, safety mechanisms are integrated to ensure a reliable, deterministic reaction to random hardware faults. ISO 26262 and other functional safety standards demand a quantitative analysis of random faults and their outcomes, and require a high ratio of detected, or safe, faults to all faults. This is hard to achieve with simulation-based fault injection alone, as certain faults, such as non-propagatable ones, are difficult to classify. In addition, to avoid systematic faults, such as RTL bugs or synthesis errors, these standards also demand a rigorous development process, with the careful tracking of requirements, from definition to test results and associated verification coverage metrics. Again, simulation alone cannot deliver the required level of verification quality, as a huge number of faults and input stimuli scenarios must be examined.

Download flyer OneSpin 360 Safety Verification Solution

Data sheets

OneSpin® 360 EC-FPGA™ Tool Qualification Kit (ISO 26262)

OneSpin 360 EC-FPGA is an automatic sequential equivalence checker that prevents field programmable gate array (FPGA) design flows from introducing synthesis, place-and-route and other implementation errors. Safety standards require rigorous verification before production to minimize the risk of failures in the field. With the most advanced formal technology, EC-FPGA detects corner-case design-flow bugs with a process that is orders of magnitude more efficient and rigorous than gate-level simulation. With this TÜV SÜD certified Tool Qualification Kit (TQK), users can deploy EC-FPGA seamlessly in their safety-critical flow to achieve a new level of productivity and standard compliance, without additional qualification effort.

Download datasheet OneSpin 360 EC-FPGA Tool Qualification Kit (ISO 26262)

OneSpin® 360 EC-FPGA™ Tool Assessment & Qualification Kits (DO-254)

OneSpin 360 EC-FPGA is an automatic sequential equivalence checker that prevents field programmable gate array (FPGA) design flows from introducing synthesis, place-and-route, and other implementation errors. Safety standards require rigorous verification before production to minimize the risk of failures in the field. With the most advanced formal technology, EC-FPGA detects corner-case design-flow bugs with a process that is orders of magnitude more efficient and rigorous than gate-level simulation. With this DER-reviewed Tool Qualification Kit (TQK), users can deploy EC-FPGA seamlessly in their DO-254 projects to achieve a new level of productivity and standard compliance, including for Design Assurance Level (DAL) A/B applications.

Download datasheet OneSpin 360 EC-FPGA Tool Assessment & Qualification Kits  (DO-254)

OneSpin® 360 Fault Injection Automation App™

OneSpin’s Fault Injection Automation (FIA) App automates the definition and handling of fault injection scenarios. This removes the need for ad hoc verification flows or environments, thereby reducing engineering effort and promoting reusability across projects and teams. The FIA App provides a simple and flexible interface to define any fault scenario, starting with the signals that shall be considered as candidates for fault injection, with no need to change the design or go through code-instrumentation steps.

Download datasheet OneSpin 360 Fault Injection Automation App

OneSpin® 360 Fault Propagation Analysis App™

OneSpin’s Fault Propagation Analysis (FPA) App automatically identifies non-propagatable faults, allowing their safe elimination before pre- and post-simulation, thereby reducing simulation and debug time while increasing the nominal fault coverage. The FPA App uses dedicated formal algorithms and has two highly automated modes requiring minimal user intervention: fast mode and deep mode.

Download datasheet OneSpin 360 Fault Propagation Analysis App

Customer talk about OneSpin

Complete Formal Verification of a Family of Automotive DSPs

Formal verification becomes the method of choice for designs with stringent quality requirements. For complex architectures with many implementation alternatives, however, the development and maintenance of complete formal specifications remains a challenge. In this work, we present an efficient semi-formal specification approach for processor designs with a large number of architectural variants. The semi-formal specification serves as a reference to implementation and facilitates automatic generation of formal properties. We show an application of this method to complete formal verification of a family of automotive digital signal processors (DSP), report on the verification effort, and discuss the lessons learned.

Rafal Baranowski, Marco Trunzer Robert Bosch GmbH, Reutlingen, Germany – DVCon Europe 2016 

Compatible Qualification Metrics for Formal Property Checking

 

Holger Busch, Senior Staff Engineer Verification Infineon Technologies

Complete Formal Verification of TriCore2 and Other Processors

This paper describes an innovative and powerful methodology for the complete formal verification of modules and intellectual property (IP), and its application to the verification of processor IP. Unlike other formal approaches, the methodology is a self-contained approach to hardware verification, independent of simulation. The methodology eliminates all gaps in the verification plan and in the property set. It thus ensures that the IP is free of functional errors − the highest possible verification quality. Its underlying technology has been field-proven on hundreds of modules and IP, two of which are described, including the TriCore2 processor, Infineon's next generation high-end processor for embedded and safety-critical applications.

Tim Blackmore, Fabio Bruno Infineon Technologies Bristol, UK 

Formal Verification Applied to the Renesas MCU Design Platform Using the OneSpin Tools

 

 Toru Shimizu, Ph.D.and Satoshi Nakano, Renesas Electronics Corp.

Using formal verification for HW/SW Co-verification of an FPGA IP core

A new formal verification technique allowed a group of academic and industry researchers to holistically verify tightly coupled hardware and firmware within a Xilinx soft core.

Marcus Wedler, Xilinx – Xcell Journal issue 79


Get inside OneSpin and download our technical materials