Functional safety analysis and higher diagnostic coverage to meet certification requirements
The use of “fail-safe” electronic components in safety critical systems is now commonplace throughout many electronics industry sectors, including automotive, aerospace, power generation, defense, and medical devices. Governed by a range of regulatory standards, the verification of these systems, in general, must be proven to be as rigorous as possible. In addition, to guarantee the safe operation of these systems, safety mechanisms are integrated that ensure a reliable, deterministic reaction to random hardware failures when the device is operating in the field. These too must be verified to operate correctly and trap operational hardware faults.
The automotive market, governed by the ISO 26262 standard, demands a particularly rigorous development methodology. This requires the use of specific verification techniques, as well as a well-defined, thorough verification process.
OneSpin’s Safety Critical Verification solution provides automated functional safety analysis and allows for higher diagnostic coverage to meet certification requirement more efficiently and accurately.
The need for Formal Safety Verification
It is hard to demonstrate that simulation-only verification solutions can provide the required degree of coverage necessary to guarantee safety. The exhaustive nature of formal verification solutions makes it a natural fit for these designs. However, additional capability must be included to prove design reliability and fail-safe operation. Design reliability can be shown by utilizing advanced coverage techniques to demonstrate that any “systematic” bug in the design would indeed be detected by a series of assertions, executed on a formal platform.
OneSpin provides a complete formal verification solution ranging from rigorous verification, and qualification of the verification environment, all the way to the verification of safety mechanisms and diagnostic coverage.
Systematic and Random Errors
The OneSpin Safety Critical Verification Solution encompasses a range of formal tools and techniques that provide a complete verification flow to test for the presence of any systematic faults and verify that a high proportion of random faults will be detected and handled by the device. The solution includes advanced coverage techniques, fault injection and qualification, as well as a broad formal verification solution.
To validate safety mechanisms that trap and resolve “random” field problems, ISO 26262 and other standards demand a quantitative analysis of random hardware failures and their outcomes. Part of this analysis comprises the injection of faults into the gate level models of integrated circuits to determine the single point and latent fault metrics (SPFM/LFM), which are eventually used to calculate the failure rate of a component. These gate level models can be complex and contain numerous possible fault scenarios.
OneSpin provides a formal solution to target these problems in the form of three Apps. The Fault Propagation App (FPA™) operates in the fault simulation flow to reduce the number of tests required while increasing the quality of, and accelerating, the overall process. The Fault Injection App (FIA™) allows the injection of faults without change to the design code for the purpose of testing the fault handling components in the design. The Fault Detection App (FDA™) provides a fully automated fault metric, diagnostic coverage calculation and allows the detection of dangerous random faults or faults not detected by the safety mechanism.
Tool Qualification for Functional Safety Compliance
ISO 26262, IEC 61508, and EN 50128
Support for tool safety compliance is an integral part of state-of-the-art safety critical verification solutions. OneSpin Solutions meets or exceeds the requirements of functional safety standards. The internationally-recognized testing body TÜV SÜD successfully completed a series of factory inspections and audits of OneSpin’s organization and tool development processes. This conformance level enables OneSpin to provide certified formal verification solutions meeting tool qualification requirements set by functional safety standards for automotive and other applications (ISO 26262, IEC 61508, and EN 50128). As a result, OneSpin's formal tools and solutions can be applied by customers up to the highest safety integrity levels (ASIL D and SIL 3).
DO-254 and DO-330
Software tools applied in the development of airborne electronic hardware (AEH) must undergo tool assessment and qualification to comply with relevant functional safety standards. OneSpin provides expert support to reduce the qualification efforts for its family of formal tools. In addition, OneSpin 360 EC-FPGA, a sequential equivalence checking tool to automate the verification of synthesis and other implementation steps, features an optional DO-254 tool qualification kit (TQK) (see press release). The DO-254 TQK enables OneSpin users to meet the highest aviation electronic systems requirements for AEH set by DO-254 (DAL A/B) with minimal effort.
OneSpin’s Fault Propagation Analysis App automatically identifies non-propagatable faults, allowing their safe elimination prior to simulation, thereby cutting on simulation and debug time while increasing the nominal fault coverage.»Learn more about the Fault Propagation Analysis App…
OneSpin’s Fault Injection App automates the definition and injection of fault scenarios, eliminating the need of a separate testbench, thereby cutting on engineering effort while enabling a unified and standard-compliant formal verification flow.»Learn more about the Fault Injection App…
Fault-tolerant electronic components in safety-critical systems are now commonplace in many industry sectors, including automotive, aerospace, power generation, defense, and medical.»Download the flyer…
OneSpin’s Fault Injection App (FIA) automates the definition and handling of fault injection scenarios, removing the need for ad hoc verification flows or environments, thereby cutting on engineering effort and promoting reusability across projects and teams.»Download the data sheet…
OneSpin’s Fault Propagation Analysis (FPA) App automatically identifies non-propagatable faults, allowing their safe elimination prior to pre and post simulation, thereby cutting on simulation and debug time while increasing the nominal fault coverage.»Download the data sheet…
Functional safety standards demand that this risk be assessed and adequately minimized through tool qualification and other processes. For engineering teams, this is a time-consuming task and, worryingly, one for which there are no mature solutions yet. Tool vendors may provide safety certificates or packages, in an attempt to support their customers with safety compliance. Strategies vary and so do the benefits to the user and project.
In this paper, we review requirements on tool classification and qualification, present different safety compliance strategies, and explain their benefits to safety-critical hardware projects.
Functional safety standards require a rigorous development process to minimize the risk of introducing systematic faults. Some RTL issues may only reveal themselves as bugs in the synthesis netlist. Additionally, synthesis tools manipulate the design to map it into the fixed FPGA structure. These complex transformations present a high risk of introducing bugs. Gate-level simulation and lab testing can only cover a tiny portion of the FPGA functionality and are likely to miss implementation bugs. Moreover, they are slow to run and challenging to debug.
This white paper presents an implementation signoff flow proving that the final FPGA netlist is functionally equivalent to the RTL model. Based on FPGA-specific, mature formal verification technology, the solution is exhaustive and efficient, catching many issues before synthesis starts.
Automotive technology has come a long way since the days of the Ford Model T. Today's smart vehicles not only assist their drivers with tasks such as parking, lane management, and braking, but also function as a home away from home, with WiFi hotspots and sophisticated entertainment systems. These sophisticated features are made possible by increasingly complex electronic systems—systems that present countless new opportunities for things to go wrong. A defective headrest video screen may be an irritation to a young passenger in the back seat, but a malfunctioning corrective steering system could cost the occupants of the vehicle their lives. Adequate verification is essential.
OneSpin's formal verification solutions can help automotive suppliers continue to advance their technology while keeping drivers and passengers safe. Our safety-critical white paper examines the ISO 26262 automotive standard and makes a case for its indispensability.
Fault-tolerant hardware development is no longer a niche and presents new challenges. Many engineers face the daunting task of having to examine countless faulty variants of their design in order to integrate and verify multiple safety mechanisms within complex Systems-on-Chip (SoCs).
This white paper examines key goals and challenges in fault-tolerant hardware verification, and presents formal solutions that ensure predictable hardware behavior under all relevant operating conditions and fault scenarios, while saving in engineering and computational resources.
This presentation focuses on the formal verification solutions that can provide high ROI in AEH development projects. These solutions reduce the risk of undetected hardware issues, and enable a more predictable and efficient path to airworthiness certification.»Watch the video on YouTube…
We check the web for relevant safety-critical news content and link directly to the source from here. Want to get your monthly recap of relevant news?»Sign-up to our newsletter…
"Our verification approach is based on the verification methodology of [1,2], which is marketed under the name GapFreeVerification™ by OneSpin Solutions1 . This approach uses so called operational properties to construct complete formal specifications and includes methods to verify specification completeness."
"For portability and accessibility, we store tabular specifications in a standard spreadsheet format. The automatic translators of the tabular representation are implemented using Java Emitter Templates (JET) . The operational properties 7 of core functionality are expressed in SystemVerilog assertions using Timing Diagram Assertion Library (TIDAL™) . The properties of auxiliary clusters are written in plain SystemVerilog assertions. Design verification and completeness checks are performed with OneSpin 360 Design Verifier."
“The MicroSemi ProASIC3 FPGA is a core component of the Advanced Logic System (ALS), and use of the OneSpin 360 Equivalence Checker is an integral part of our FPGA development process for nuclear safety systems.” says Erik Matusek, Safety System Platform Manager at Westinghouse Electric Company, LLC»Read the full article…