close By using this website, you agree to the use of cookies. Detailed information on the use of cookies on this website can be obtained on OneSpin's Privacy Policy. At this point you may also object to the use of cookies and adjust the browser settings accordingly.

Functional Safety: Art Or Science?

Sergio Marchese portrait

By Sergio Marchese, Technical Marketing Manager

Nowadays, most hardware development projects deploy functional verification flows that include UVM-based constrained-random testbenches and formal verification. High design complexity, tough budget constraints, and short time to market are the norm, not the exception. Advanced verification is a necessity for many engineering teams. In our increasingly connected world, where billions of IoT devices soon will be communicating to us and to each other, security rapidly is becoming a key concern.

Functional safety sits somewhere in between functionality and security. Avionics, railway, industrial, and medical applications have long required specialized electronic development practices to fulfill the demands of safety standards. However, over the past decade two things have changed. First, the complexity of safety-critical applications has increased dramatically. FPGAs for avionics systems, for example, may now include multiple CPU cores and other COTS IP. Challenging performance and power targets and rigorous safety compliance can no longer be achieved without deploying cutting-edge technology and methodology. Second, with the automotive market dominated by advanced driver-assistance systems (ADAS), and autonomous vehicles at the horizon, functional safety has become a high-volume business.

In recent years, countless engineers worldwide had their daily tasks influenced by functional safety. The ISO 26262 standard has been key to bringing safety into the development processes of thousands of companies within the automotive supply chain. The level of awareness and progress made is immense.

However, after 10 years from the publication of the standard’s first draft, many semiconductor and IP providers still struggle to establish a mature, ISO 26262-compliant flow.

Engineers have a plethora of qualitative and quantitative approaches to choose from. Critical tasks are often carried out solely through expert judgement, and largely manual processes where the main supporting tools are nothing more than word processors and spreadsheets. The methodology applied changes hugely from company to company and project to project, depending on the expertise available, application domain, and target safety integrity level.

Diagnostic coverage and other fault-related metrics are key to verify safety mechanisms and accurately estimate how robust an electronic component is with respect to random hardware faults. Nevertheless, the choice of appropriate formulas and base failure rates is not obvious by far. And even a relatively small adjustment in the base failure rates may, in fact, have a large impact on the final product certification. Another area of concern is the qualification of software tools used during product development, as required by safety standards.

Vendors often are not clear on the level of support they offer, mixing the level of quality of a specific tool with the level of quality of the overall development flow. This implies the use of redundant, additional tasks to catch potential errors introduced by tools not adequately qualified in their own right.

Companies that want to streamline their safety-critical hardware development flow or are approaching this market for the first time need advanced, safety-specific tools and support. As is often the case, there is no single tool vendor or consultancy firm that can cover the whole flow. And yet, deploying best-in-class solutions from safety-committed vendors is proving crucial to establish efficient, rigorous development practices for safety-critical electronics.

The market for safety-critical electronics is booming and will continue to do so for the foreseeable future. Development practices must mature to keep pace.

About the author

Sergio Marchese is technical marketing manager at OneSpin Solutions. He started his career at Infineon Technologies, applying coverage-driven constrained-random simulation and formal methods to verify the TriCore CPU, an architecture widely used in today's automotive SoCs. He has since worked on projects in the communications, consumer, industrial and aerospace domains. Most recently, he served as verification expert at Huawei Technologies, leading worldwide formal verification activities for ARM CPU and consumer SoC designs. Marchese also built and managed state-of-the-art teams, successfully signing off complex hardware designs using formal verification.