Functional Safety: A Way Of Life

Rejuvenated over the holidays and back in full swing. This might be TMI, but I have been doing some meditative yoga and I seemed to have finally discovered myself. Though I am partly kidding, it does bring us to theme for this blog.

As we tackle a new year and all the challenges it brings, I have been engaged with mindfulness and meditative yoga, which looks at a holistic approach to bring together the mind, body, and soul in perfect harmony.

In the same vein, functional safety, which is a crucial piece of the process for semiconductor and IP companies, can be vastly improved with harmony between people, process, and product. Thinking about it in smaller parts helps in grasping some of the concepts, but the right approach is one that brings it all together, and cultivates the right culture within the company. I see people as the mind, thinking and consciously applying practices and learnings from past experiences. Process is the body, which provides the structure, flow, and ability to make progress along those lines. And finally, product is the soul, which is the ultimate goal that needs to be refined and perfected.

The main pitfall with a traditional way of thinking is that it cultivates a culture where each of these three are considered in isolation. With today’s new age of complex machines performing human duties, also comes a pressing need to build them in a novel way, instead of going by old-school techniques. Based on my interactions with the Tier1 customers in the automotive space, I have found three cornerstones on which holistic functional safety can and should be built.

Top-down vs. add-on safety: the perils of safety as an add-on feature/package
A parallel can be drawn between the human quest for wealth and prosperity, and the mission of semiconductor/IP companies to build products with excellent functionality: both become the main focus, at any cost. In the manufacture of semiconductors, a lot of initial energy is spent on functionality and safety becomes an add-on, almost the stepchild of the entire process. Apart from performance and area degradation, this can have a huge negative impact on achievable functional safety integrity levels. Redundancy techniques have 2x area impacts, and if that’s not enough, performance and power get beaten up to the point that the product doesn’t meet its intended objectives and falls short of its competition. Both the design and verification approaches have to take this into account.

These impacts can happen on the systematic side of things due to insufficient planning of the product, poor structuring where the team is built purely around functionality while deferring the functional safety aspect. It can also happen on the random hardware faults by pigeonholing the safety features, which not only compromises functionality but has a direct result in increasing the overall states of the design. This opens up more opportunities for random faults to compromise the design.

There is, therefore, a need to make sure safety is considered a first-class citizen, from both the project planning and the IP development points of view. Every FuSa feature needs to be carefully planned along with the functional features, to better understand the interaction and hence minimize interdependencies. Apart from making the functional safety verification easier and thorough, this also has the added benefit of uncompromised area/performance with the highest levels of safety.

Top-down system approach

In-house expertise
The second cornerstone to all this is having in-house expertise, as some of the most important answers come from within. Customers who are tired of being kicked around and being referred to other consultants for support on specific topics need the vendors to understand all aspects and provide fast support for all topics related to the IP. There is no doubt that there have been advancements in EDA offerings for functional safety. But we need to be careful of not becoming dependent on them. Some IP vendors take the approach of outsourcing some of the FuSa design and verification processes and techniques. A good example of the benefits of having in-house expertise is in the area of fault injection and FMEDA analysis, where the techniques are very tightly integrated with the technology and functionality. From the customers’ standpoint, they want to deal with one expert, rather than running around for distributed support. Third party EDA tools can augment internal expertise, but not replace it.

One key aspect that NetSpeed decided upfront is to have experts internally for these analyses, not only to create an optimum product with lowest risks, but also to keep the customer support time to the least. This has gone a long way in facilitating our customers and winning their hearts and designs.

Configurability, configurability, configurability
The last piece of the puzzle is configurability and adapting to target environment. In today’s industry, most products/IPs are configurable, some more than others, and IP vendors need to support and make it easy for SoC teams to integrate the IP into their safety environment. It is fundamental to develop the IP with that in mind. In the quest for happiness, this is similar to being able to adapt to various life situations and circumstances with ease.

Configurability is not only limited to functionality but also to the functional safety design and verification processes that need to account for the various configurations and SoC environments they might fit into. After all, it does nobody any good to build a configurable piece of complex IP, throw it over the fence to the customers, and let them deal with the baggage.

Building an FMEDA can be a daunting task, and it is expensive in time and money to have tens of dedicated engineers to construct FMEDAs for IP that they have acquired and hence do not have the expertise. An IP vendor knows more about the internals of the IP than the customer themselves, and as third-party vendors, it is our job to make the integration into the customers’ environment easy and seamless. There is no one size fits all. Aspects like the FMEDA and fault injection need to be configurable based on the target requirements. Many IP vendors take the easy route of providing customer with details for some hardcoded configuration and expecting the customer to figure it out for their specific configuration. This does not work for customers who have to deal with hundreds of IPs in their ever-growing numbers of increasingly complex chips. And hence it is of utmost importance that along with the IP, all these components have to be configurable and support the customer in their specific environment.