Is Your Functional Safety An Afterthought?

The earlier you can perform functional safety analysis in the design cycle, the higher chance of identifying hotspots and meeting target ASIL.

popularity

Imagine the air bag in your car not inflating during a collision or deploying without a crash during driving! These are two of the failure modes associated with the air bag in your car, none of which you as a driver have any control over. The severity of both these failures is of course very high, but which one would you rate as a higher hazard? The probability of getting into an accident is lower than driving your car every day. We just analyzed the Automotive Safety Integrity Level (ASIL), as it is defined in ISO 26262 Automotive standard for functional safety:

Since the probability of exposure for an airbag not deploying despite a crash is lower, it is ASIL A. The airbag deployment without a crash while driving is ASIL D.

 

Based on ISO 26262, safety is a fundamental requirement in automotive systems to guarantee a tolerable level of risk. So, functional safety engineers need to perform a hazard and risk analysis based on the malfunction of critical safety functions in the design and determine the ASIL to achieve a tolerable risk. ISO 26262 defines the metrics to measure the functional safety targeted by ASIL:

Single Point Fault Metric (SPFM) reflects the robustness of an item or function to an occurrence of a single fault that directly leads to the violation of a safety goal.

Latent Fault Metric (LFM) reflects the robustness of an item or function to an occurrence of an individual fault that, in combination with other independent faults, leads to violation of a safety goal.

For driver-assist functions, such as radar, front view cameras, and smart rear-view cameras (ASIL B/C), there is a movement toward higher ASIL designs for driver safety critical (ASIL D). Functional safety analysis is used to evaluate whether the targeted safety level is achieved in the design. If not, which parts of the design need to be enhanced for safety readiness? Obviously performing this analysis later in the design cycle could leave too little time to make changes. One commonly used methodology is FMEDA (Failure Mode Effects and Diagnostic Analysis), a systematic analysis technique to obtain subsystem or product level failure rates, failure modes, and diagnostic capability. It considers all components of a design, the functionality of each component, the failure modes of each component, etc. For big designs and SoCs, it can be very tedious and time consuming. Also, it is challenging to cover all use cases! Another method is fault injection. The idea is to modify the design code to insert faults or defects, then pass the broken design to the verification to check if any of the tests fails. If the environment/safety mechanisms are robust enough it will detect that the design is broken. The challenge is the availability of the testbenches and their completeness during the early design cycle.

Imagine if you could run your functional safety analysis both at RTL & Gates, at a hierarchical level and not limited to the block level, without a testbench, with no clock constraints, and within a matter of hours, if not minutes, get a report with the SPFM number. What if you could get a list of blocks in the design that have the highest probability of causing functional safety failure and a prioritized list of registers with largest contribution to single point failure as a guide to be replaced with error-tolerant equivalents or redundant registers to bring up the SPFM number to your target?

The Synopsys TestMAX FuSa is a unique functional safety analysis and improvement tool, that uses fast static analysis-based approach to calculate ISO 26262 metrics and provide guidelines to improve SPFM. All the numerical values reported depend on the probabilities of control and observe. The calculation is made using sequential circuit behavior and is not restricted to combinational logic analysis.

With increased complexity in automotive electronics comes increased risks. The earlier you can perform the functional safety analysis in the design cycle, the higher chance of identifying hotspots early and adding modifications to the design to meet your target ASIL.



Leave a Reply


(Note: This name will be displayed publicly)