Automotive Functional Safety Solution
The modern vehicle contains a plethora of electronic systems. A vehicle in 2018 typically contained 100-300 microcontrollers or processors, 50+ complex electronic control units, between 5 and 20 million lines of software code, and miles of wire harness to connect them.
All of these electronic devices must be considered “safe” to a specified tolerable level of risk. This is the purpose of the automotive safety ISO 26262 standard.
The quality requirements for automotive hardware components are documented in the ISO (International Organization for Standardization) 26262 standard, named “Road vehicles – Functional safety.” ISO 26262 notes two failure types that must be considered during electronic system and semiconductor development.
- Systematic Failures. These failures are related to the development, manufacturing, etc., of devices.
- Random Failures. Random failures are issues that occur during the operation of a device due to various reasons, including environmental effects.
A key aspect of the standard is the determination of the risk level associated with Random failures. The Automotive Safety Integrity Level (ASIL) is defined as the level of risk reduction needed to achieve a tolerable exposure, and four ASIL levels from A to D, where D is the highest. As an example, an anti-lock brake controller would be categorized as ASIL-D.
For development environments, minimizing the risk of systematic failures involves the careful specification of requirements, rigorous design practices to meet those requirements, highly effective verification techniques, and the measurement of coverage to close the loop.
It is the random failures that present greater difficulties and is the focus of the Optima Design Automation product line. A random failure is a fault that occurs in the system during its operation and caused by environmental effects (for example, radiation from the sun flipping a memory bit). Potential faults must be measured to understand their contribution towards the random failure risk, and where possible eliminated, such that a certain level of overall fault tolerance is achieved.
Safety Mechanisms (SM), which detect and, if possible, correct the faults are built into the device. Examples of Safety Mechanisms include:
- Error Correcting Codes (ECC)
- Dual and Triple Modular Redundancy
- Lock Step Operation Duplication
- Hardened Flip-Flops
- Built-In Self Test (BIST)
- Cyclic Redundancy Checking (CRC)
Faults may be broadly translated into Permanent Faults, also known as “Hard Errors,” and Transient Faults, also known as “Soft Errors.” As the names suggest, permanent faults consist of Stuck at 1 or Stuck at 0 faults, bridging faults, and tri-state faults. Transient faults are faults that exist for a short amount of time before the signal returns to regular operation.
Understanding the risk level associated with an automotive device is a complex and time-consuming business. An analysis must be performed to test for various fault types, specifically checking to ensure no dangerous faults are able to cause an operational change in the device. A coverage metric must be provided to demonstrate that a device fully complies with this requirement based on its specified ASIL rating. Closing coverage to this high degree can occupy many hours of engineering effort.
Traditional fault simulation intended for manufacturing test analysis is often used for this purpose. Fault simulation involves running a simulator that exercises design functionality while injecting faults into the design to check for operational changes. The run time of traditional fault simulation can be measured in weeks. As such, comprehensive fault analysis can occupy several months at the end of the development process, prohibitive in terms of time.
This time constraint is being mitigated by new technology. Optima’s advanced and specially designed Fault Injection Engine (FIE™) technology platform, which in benchmarks has demonstrated performance improvement greater than 1,000 times the nearest alternative simulator, is one such new approach.
THE OPTIMA SAFETY PLATFORM
The Optima Safety Platform drives a series of solutions, or apps, that target specific scenarios.
All of these solutions are fully automated and provide an accelerated path to ISO 26262 compliance while increasing coverage and the quality of the final device.