Making Vehicle Electronics Safe With ISO 26262 Compliance

There are many semiconductor applications with high demands on safety, including spaceborne systems, nuclear power plants, and embedded medical devices. But automotive electronics are probably foremost in most peoples’ minds when they think about safe operation under all conditions. The advent of fully autonomous vehicles is responsible for much of this attention. Like other safety-critical applications, automobiles and other road vehicles must be compliant to relevant industry standards, in this case ISO 26262. Ensuring that development of automotive system-on-chip (SoC) devices is compliant to this standard is not a trivial task, but it is made more tractable with the right tools and solutions in place.

The standard defines functional safety as the absence of unacceptable risk due to hazards caused by systems malfunctioning or exhibiting unintended behavior. A fault is defined as an abnormal condition that can cause the system or a part of a system to fail. An error is a discrepancy between an observed value or condition and the theoretically correct value or condition. A fault may be detected as an error and an error may result in a failure, in which the system or part of the system is unable to perform a required function. Systematic faults are the result of errors in the design and are always permanent. Random faults occur due to external conditions and may be permanent (such as manufacturing errors or aging silicon) or transient (such as a memory bit flip due to radiation).

To satisfy the requirements of ISO 26262, automotive SoC development teams must reduce or eliminate the impact of both systematic and random faults. Every step of the process requires evidence of confirmation measures and safety awareness for people, procedures and documentation. One key step is the implementation and confirmation of the quality of safety mechanisms that detect faults and control failures to achieve or maintain a safe state. Developers must:

• Identify Failure Mode and Effects Analysis (FMEA)
• Define safety mechanisms to protect against random failures
• Compute estimated safety metrics with Failure Mode and Effect Diagnostic Analysis (FMEDA)
• Run fault injection to measure safety metrics on the implemented design
• Generate an FMEDA report and a safety manual

The analysis includes the risk introduced by the tools used in the development process. ISO 26262 requires the assessment of tool confidence level, determining whether a malfunction could introduce an error in the SoC and the confidence that such a malfunction would be detected during development. For example, a logic synthesis tool with a bug might generate an erroneous netlist, but this would be detected during logical equivalence checking. Meeting all the requirements for functional safety typically increases the development effort by 50% to 100% over a chip without these requirements.

Functional safety verification is a key part of ISO 26262 compliance, and a comprehensive unified solution can improve the development team’s productivity during this task. This solution must provide:

• A collaborative and scalable environment automating the process from FMEA to FMEDA and the generation of work products for assessors or customers
• A fault campaign management framework based on unified fault definition and database shared across all tools, automating FMEDA annotation and metrics
• Fast and efficient verification engines
• Industry standard planning, debug, coverage and integration with requirement tracking tools
• Tool certification material demonstrating the robustness and quality of the verification environment

Synopsys provides the first functional safety verification solution to meet these requirements. VC Functional Safety Manager automates FMEA/FMEDA and the unified fault campaign. The functional safety team can identify failure modes, drive the fault campaign, calculate metrics, and configure data required for the generated work products. The unified fault campaign automation ensures that all verification engines have a common fault definition and a unified fault database, eliminating the risk of errors or duplication during the calculation of FMEDA metrics. This process integrates the industry’s most powerful verification engines, including static analysis, concurrent and distributed fault simulation, fault coverage, fault simulation for analog, emulation for long fault scenarios, comprehensive debug, and functional qualification of the verification testbench.

Synopsys delivers certification for both individual tools and the overall tool chain. This reduces the assessment risks for project teams working with certification authorities such as SGS-TÜV and Exida. Synopsys uses the functional safety verification solution for internal development of intellectual property (IP) and subsystems, leveraging this experience to provide expert functional safety verification guidance. The solution and expert guidance accelerate time to compliance from planning all the way through development and production, typically improving productivity by more than 50%.

The automotive segment is now one of the key drivers for the semiconductor industry. Satisfying the strict requirements of ISO 26262 for functional safety requires a robust verification process with multiple tools and technologies integrated into a unified flow. FMEA/FMEDA automation, a unified fault campaign, the fastest verification engines, powerful debug and analysis, tool certification and flow qualification are the key steps to ensure compliance with the standard while minimizing the impact on development effort. The Synopsys unified functional safety verification solution improves productivity for a faster time to ISO 26262 compliance.