To design chips meeting Functional Safety requirements is no cakewalk. What designers need is an automated end-to-end flow to take the guesswork out of Functional Safety design.
Since the dawn of the compute era, the trifecta of power/performance/area (or PPA as we have come to know it) dominates the discussion of any new chip. Together, they bounded the performance of a compute platform and served as a time-tested benchmark for all new silicon projects.
They have company.
Designers of mission-critical chips for automotive, industrial, medical and enterprise applications now must contend with ensuring failures are avoided and any unavoidable failure is as safe as possible. The challenge of Functional Safety is every bit as daunting as the other three dimensions and poses a few quirks of its own.
Broadly defined, Functional Safety ensures that a system will remain dependable and function as intended even if something unplanned or unexpected happens. While relevant to all mission-critical computing applications, the automotive sector, driven in large part by the growing adoption of advanced driver-assistance systems (ADAS), is taking the lead in defining a safety process. Barring a few exceptions, the framework for the semiconductor industry is the ISO26262 international standard for automotive electric/electronic systems. The standard mandates traceable and documented design and verification methodologies backed by quantitative and quantitative measures of failure rates of the underlying hardware.
As a result, automotive electronics is leading the way in demonstrating reliable, repeatable and verifiable Functional Safety through the strict adherence to ISO26262. Chip designers in automotive electronics, as well as the industrial, medical and enterprise areas, must meet the Safety Integrity Levels (SIL) specifications as well, further complicating already complex designs.
Across the board, the semiconductor industry is responding with a variety of safety analysis and hardening techniques and tools. In many ways, the automotive Functional Safety market segment is not too dissimilar from the early days of automated semiconductor design tools when the market was flooded with different types of design tool approaches, all tackling the intractable Moore’s Law.
Today’s Functional Safety providers present an equally diverse picture. While some vendors target traceability and related front-end flows, the established EDA vendors strengthened their simulation capabilities for the inevitable fault-injection methodologies. Meanwhile, a few new entrants offer standard cell-based structural identification tied to IP libraries and techniques for beefing up designs to meet the Automotive Safety Integrity Level (ASIL) criteria.
Automation from conception to certification
That’s all well and okay, but not quite acceptable for mission-critical applications. These techniques all rely on expert intervention which is inherently a manual process. While engineering wisdom is ideal and a necessary component, it needs to be accompanied by a repeatable process. Where Functional Safety is concerned, automation from conception to certification is a non-negotiable requirement. However, where automation is made available, chip designers encounter the all-too-common tool-flow issues vis-a-vis third-party IP styles, design semantics, language constructs and simulator peculiarities.
What's needed instead is an automated end-to-end flow to take the guesswork out of Functional Safety design. Putting together safety analysis, safety synthesis and fault campaigns to cover the full spectrum of Functional Safety engineering for a certification-oriented application is the optimal solution. A design should be able to go from the safety requirements analysis or Hazard Risk Analysis (HARA) through functional analysis, hardening and fault-injection with minimal and traceable manual input. This rigorous process will generate auditable and verifiable collateral that enables the system to receive the required safety integrity certification level and give system designers the confidence that they need in their chips.
The buzz throughout the semiconductor industry is about autonomous cars and the opportunities they’re creating for chip designers. Realizing that dream requires a new paradigm of devising, deploying and certifying Functional Safety compliance.
-- Sanjay Pillay is founder and CEO of Austemper Design Systems. With management and engineering experience in enterprise, automotive and consumer SoC development, and serving as a functional safety consultant, he founded Austemper to address the need for a complete, automated and scalable safety engineering tool suite.