Never miss a story from SoC Integration. Subscribe for in-depth analysis and articles.
The growing complexity of electronics in modern cars is driving the automotive industry to adopt even more stringent processes throughout the supply chain. The lack of tools and methodologies to enforce a traceable safety lifecycle and exchange of safety-relevant information has created the need for an integrated design flow that addresses the safety requirements of the semiconductor industry and can be used across the supply chain.
This requires a new safety methodology, providing a seamless flow that closes the gap between safety analysis and typical chip design tasks such as safety verification and safety-aware implementation. Furthermore, as the development of safety-critical semiconductors and IPs is a complex and compute-intensive task, the automation of this process is crucial in increasing confidence in the safety methodology and improving productivity.
Commonly used safety analysis tools such as FMEDA are not integrated with IC design tools or flows. Therefore, there is no formal way to describe and propagate the safety intent captured in FMEDA to the IC design flow driving safety tools accordingly (top-down methodology). Conversely, there is no formal way to back-annotate simulation-based data from a fault injection campaign into the FMEDA (bottom-up methodology) to replace estimated failure rates with more accurate values.
Some key enhancements are necessary to support a top-down and bottom-up safety methodology fully:
Cadence has introduced the new Midas Safety Platform to close these gaps. The Midas platform is seamlessly integrated with all Cadence IC design flows to enable an FMEDA-driven design, analysis, verification, and implementation of analog/mixed-signal and digital semiconductors and IPs. The integrated framework provides a workflow that guides the safety engineer through all the key steps, from FMEDA creation, safety analysis, safety verification and safety-aware implementation.
Despite the ISO 26262 standard, the lack of safety standards in formal ways to describe safety intent, including supported tool flows, has led to various in-house developed safety solutions mainly using spreadsheets and scripts. However, standards bodies such as Accellera and IEEE have formed dedicated working groups to address these safety requirements in establishing an adequate safety standard. The Midas platform, as the Cadence Functional Safety Solution, provides a safety framework with various interfaces meant to work within an ecosystem of tools and flows (Figure 1).
Figure 1: Cadence Midas Safety Platform to enable FMEDA-driven safety methodology
The Midas platform is a modular and open solution that can be easily tailored to different applications and use cases while having solid foundations in existing standards for functional safety. This is primarily why the Midas platform integrates a safety analysis engine supporting the ISO 26262 (automotive) and IEC 61508 (industrial) standards.
The safety analysis engine can leverage estimated design information (e.g., area, number of flip flops or memory bits) provided by the user or use chip design data of Cadence IC design tools such as Genus (Synthesis), Innovus (Place & Route) or Xcelium (Fault simulation) to calculate the hardware safety metrics automatically.
In addition, Midas provides a dedicated engine for the Base Failure Rate (BFR) calculation according to the reliability model for integrated circuits defined in the IEC TR 62380 standard. The BFR can be calculated after entering information such as semiconductor process technology, custom mission profiles, and package information.
Safety engineers can start with an “Architectural FMEDA,” an early-phase exploration of different safety architectures to identify the optimal set of safety mechanisms to achieve the safety goals.
To set up the FMEDA, it is necessary to define the parts and subparts representing the functional building blocks of the SoC to create the FMEDA hierarchy (Figure 2). It is also necessary to define one or more failure modes for each part and subpart and map a safety mechanism. If no chip data is available, the base failure rate can be equally distributed across all failure modes. Once the architectural FMEDA is set up, the safety analysis engine can calculate the hardware safety metrics (SPFM, LFM, PMHF).
A “Detailed FMEDA” can be performed once chip design data becomes available. After importing the chip design into the Midas platform, the design hierarchy, including all design blocks, show up as a hierarchical tree (Figure 2). Design instances can now be easily mapped per drag-and-drop to the FMEDA hierarchy. Chip design data such as design instances, numbers for area, gates, and flops are assigned automatically to all failure modes, and the BFR distribution can be adjusted accordingly. Finally, everything is prepared to set up the fault injection campaign in the Cadence Verisium Manager Safety.
Figure 2: FMEDA GUI and set-up
After the safety verification is completed, the simulation results can be back-annotated to the Midas platform. As the failure distribution and diagnostic coverage values are now based on real design and simulation data, the recalculated HW safety metrics are much more accurate.
The Unified Safety Format (USF) is a set of commands to define and verify the functional safety intent in electronic design.
The functional safety intent includes the information required to model, specify, analyze, implement and verify safety-critical systems, semiconductors, and intellectual properties (IPs), enabling the portability of the same information across various commercial EDA tools.
USF facilitates the automation of safety analysis and becomes the common framework to design, verify, and implement safety-critical systems. The safety analysis engine is also available via a command line interface, which makes the Midas platform fully scriptable and supports different levels of automation.
Leveraging USF, safety engineers can model the FMEDA and its effects on the behavior of a system (failure modes) by describing failure modes, including safety mechanisms and their physical implementation.
As with USF, the FMEDA process can be fully captured, and USF can also be modified and reused to automate the FMEDA creation of other projects.
Figure 3 shows a simple example of USF commands describing an architectural FMEDA (design information is estimated at the failure mode level) and detailed FMEDA (design information is gathered from a real design).
Figure 3: USF example – architectural and detailed FMEDA
The Graphical User Interface of the Midas platform integrates various functional safety tasks:
The Midas platform leverages the central role of Cadence as an EDA vendor, providing a safety solution and safety cockpit to enable FMEDA-driven safety verification and safety-aware implementation.
The tight integration of the Midas platform with the Cadence Safety Verification flow represents a flexible verification solution, enabling the validation of assumptions made in the safety analysis phase.
The Verisium Manager Safety plays a critical role in the verification process. It provides a unified fault campaign management to automate and manage complex fault injection campaigns driving all safety engines such as Xcelium, Jasper Functional Safety Verification (FSV) App, Spectre® AMS Designer, and Spectre.
The Verisium platform covers tasks such as fault campaign execution, test selection and ranking, fault classification, coverage, fault debugging, fault campaign reporting, and back-annotation of simulation results into the Midas platform.
After fault injection, the safety verification flow starts with fault analysis using the Jasper FSV App. By applying structural and formal fault analyses, the Jasper FSV App can identify untestable, unobservable, and equivalent faults that can be ignored in the subsequent fault simulation. This significantly reduces the fault list, accelerating the overall safety verification process. After fault analysis, the Xcelium Safety App simulates all remaining faults, leveraging the serial or concurrent fault simulation engines.
Further, the Midas platform also integrates with the Spectre Simulation Platform and Legato Reliability Solution, addressing analog and mixed-signal fault identification and simulation. Similar to the digital safety flow, the Midas platform can collect analog design information from the Spectre Simulator.
The Midas platform enables an FMEDA-driven safety-aware implementation, where the synthesis and Place & Route tools work in tandem.
USF allows the definition of safety mechanisms such as dual-core lockstep, safety islands, triple modular redundancy (TMR), logic isolation, and others. Once defined, the safety mechanism can be generated by the Genus Synthesis Solution. A USF file describing the implementation of the safety mechanisms can be saved and read by Innovus to drive the physical implementation accordingly.
The Midas Safety Platform is the first solution that truly enables an FMEDA-driven safety methodology for analog/mixed-signal and digital. The Midas platform is the unified cockpit across all Cadence safety flows, connecting FMEDA with SoC safety verification and safety-aware implementation. All Cadence safety flows are leveraging USF as the foundation to define the safety intent enabling automated safety-aware design, verification and implementation.
For more information on Midas please visit: https://www.cadence.com/en_US/home/solutions/automotive-solution/functional-safety.html
or watch the short overview video on the Midas Safety Platform: