Breakfast Bytes Blogs

Today, at CadenceLIVE Europe, we announced the Cadence Safety Solution, a new offering targeting safety-critical applications and featuring integrated analog and digital safety flows and engines for faster ISO 26262 and IEC 61508 certification. The solution, which includes a new FMEDA (Failure Modes, Effects, and Diagnostic Analysis) offering called the Midas Safety Platform, allows customers to perform FMEDA-driven analog and digital verification of safety-critical semiconductors for advanced automotive, industrial, and aerospace applications. The Midas Safety Platform also provides a GUI-driven use model to do an early architectural FMEDA analysis. Once RTL/gate-level design data becomes available, the Midas Safety Platform can carry out a detailed FMEDA analysis that is more accurate.

For more about what ISO 26262 and IEC 61508 are, see my posts:

• "The Safest Train Is One that Never Leaves the Station" (a history of functional safety leading to IEC 61508, and a dive into ISO 26262 first edition)
• History of ISO 26262 (with Kurt Schuler of Arteris who was on the committee for the second edition of the standard)
• ISO 26262...Chapter 11 (chapter 11 is the one on semiconductors in the second edition)

The summary if you don't read those posts is that ISO 26262 is the standard for automotive functional safety (actually since the second edition, almost all vehicles), and IEC 61508 for other applications (industrial applications like oil refineries or robots).

Alessandra Nardi heads up our engineering for functional safety (FuSa). She also heads up the Accellera Functional Safety Working Group. Its mission is:

...to standardize information for capturing and propagating the safety intent from the system down to the SoC/IP design and implementation including failure mode propagation, verification, validation, reliability, and safety mechanisms

For (much) more about the Accelera Working group, see my post Accellera Functional Safety.

The most important output from this working group is USF, the Universal Safety Format. This standard is still a work in progress. USF allows the safety requirements of a system to be captured in a standard way in the same way as IEEE 1801 allows the power intent to be captured in a standard way.

I can't think of a better summation of what automotive functional safety is about than the title of a talk Alessandra gave a few years ago that I wrote about in my post Make Sure Your Car Doesn't Break Too Often...When It Does, Make Sure You Catch It. The technology has advanced a lot but that remains the high-level goal. In the meantime, our cars have gotten more capable with advanced driver assist systems (ADAS) providing capabilities like automatic emergency braking (AEB) and lane assist. Plus, of course, various developments in autonomous driving are getting closer to reality and wider deployment. This has resulted in much more complex SoCs than were traditional in automotive, meaning that they have to be in much more advanced semiconductor processes with their own reliability challenges. There are also estimates of 100M lines of code for a self-driving car, leading to major embedded software development challenges.

So functional safety is important, none of us want our cars to crash and neither do the car manufacturers (OEMs in automotive-speak), nor the governements. There is also a commercial aspect, since Euro-NCAP, the European New Car Assessment Program gives cars a safety rating, and this feeds into insurance costs. Despite its name, Euro-NCAP is an international program, not specifically European. It is not new, either, dating back to 1996 and even before that in its roots in the UK Transport Research Laboratory.

Cadence Safety Solution and the Midas Platform

So what are we announcing today?

The big picture is that we are providing FMEDA-driven analog and digital design and verification of safety-critical semiconductors, with a focus on automotive. But the announcement covers a lot more than just the Midas Safety Platform.

First, the Cadence Safety Solution is a bit like the introduction of Common Power Format (CPF) or double patterning. There was no single tool that implemented CPF or double patterning. Both required extensive changes to a whole portfolio of tools from simulation, to place and route, to signoff. Functional safety, in particular FMEDA, is similar. However, unlike CPF or double patterning there is a new tool, the Midas Safety Platform. But this is more like the conductor of the orchestra—think of something like vManager that orchestrates verification campaigns. The Midas Safety Platform orchestrates FMEDA design and verification.

The Midas Safety Platform takes in the safety requirements in USF and then maps them onto a set of capabilities for digital and a set of capabilities for analog/mixed-signal (AMS). It thus handles the entire design with appropriate design and verification tools. It runs on both Linux and Windows. So the entire safety solution consists of the Midas Safety Platform and a lot of new capabilities across the Cadence product lines, as indicated in the above diagram.

Let's look at the boxes across the bottom in more detail:

Digital Verification

This consists of two parts, vManager Safety that manages the fault campaigns. A campaign is a list of faults to be verified, and classified into:

• Safe (the fault doesn't cause any problem)
• Detected but dangerous (the fault propagates to the outputs but still needs to be mitigated, such as adding ECC to memory, or adding an indicator light on the dashboard as we do for airbag ECU failures)
• Not detected and dangerous (these need to be minimized or eliminated)

The actual verification engines are the Xcelium Safety Simulator and the Jasper FSV App. The Jasper FSV App can save a lot of time since it can eliminate the need to run a lot of expensive fault simulations.

Digital Implementation

Digital implementation is done by Genus Synthesis and Innovus Physical Design (although increasingly these products are merging together as Genus becomes more and more physically aware, and Innovus has a richer selection of restructuring and remapping that it can do during place and route).

Two big capabilities are automated insertion of triply redundant logic and automatic insertion of dual-core lockstep safety islands. If you duplicate a microprocessor core for reliability and safety reasons, you want them to be physically separate on the die, perhaps with different power supplies and so on.

Conformal is then used to verify that all the logic was inserted correctly and the basic functionality of the design is unchanged.

Analog Design and Implementation

Okay, that's two boxes, but analog design is not automated since we don't have analog synthesis and automated layout like we do in digital. So no prizes for guessing that analog design is done in Virtuoso ADE. However, Virtuoso can launch AMS fault simulation setup and collect the results.

But for verification, there is Legato Reliability Solution (which performs AMS fault identification and diagnostic coverage). Also, there is the Spectre Simulation Platform for analog fault simulation. Spectre simulation has been enhanced with various new features to make this higher performance.

Summary

Comprehensive Cadence Safety Solution:

• New unified Midas Safety Platform driving analog and ​
  digital full flows for FMEDA-based functional safety​
• FMEDA analysis: Explore and optimize safety architectures​
• Fault campaign management: Unified across all Cadence engines​
• Enhanced verification engines for highest performance fault simulation ​
• Formal verification: Up to 30% reduced fault list for faster safety verification​
• Automated analog functional safety: Analog fault simulation​
• Automated safety mechanism insertion and verification: Optimized for power, performance, and area (PPA) objectives​
• Automotive, industrial, and aerospace applications​

Learn More

See the Functional Safety product page.

Sign up for Sunday Brunch, the weekly Breakfast Bytes email