Optima Presents a Workshop at DVCon Europe 2021

Collaborative, Advanced Fault Analysis: Addressing the Functional Safety Verification Challenges From the Accellera Functional Safety White Paper.

Fault injection simulation is necessary to quantitatively assess a safety critical design to comply with various ASIL levels, as described in the ISO 26262 standard. A passing functional simulation testbench, called a workload, is considered for the Design Under Safety Assessment (DUSA) to perform fault injection and simulation.  One of the challenges with fault injection and fault simulation is that as the design grows, the number of faults increase drastically and, hence, the fault simulation time extends sometimes to weeks or months.

Most of the methodologies inject faults in the full hierarchy of the DUSA, perform the fault simulation, and classify the faults as DETECTED (output on observation signals that differ from the good machine) or UNDETECTED (the output of the fault machine and the good machine is the same after the simulation).

These methodologies end up reporting large numbers of UNDETECTED faults, and propose the use of multiple tools, for example  static, formal and simulation. This raises questions on the exchange of data related to functional safety between multiple tools to minimize debug and accelerate ISO 26262 metric analysis. In this tutorial we discuss how practical tool flows might make use of the Accellera Functional Safety Working Group proposals to drive integrated methodologies that achieve ISO 26262 metric analysis more quickly.

Specifically, the recently introduced Accellera Functional Safety White Paper mentions some of the below challenges. We present in this tutorial how these may be addressed using available tools today in commercial methodologies:

1. Multiple tool setup and data exchange: This is a challenge as the suggested methodology consists of different static, formal and fault simulation tools. One source of confusion is which tool to use first. For example, is formal analysis employed to reduce the full design fault list prior to fault simulation or vice versa? Or are Design for Test (DfT) tools leveraged initially, followed by formal or simulation. All these tools have different setups, different runtime commands and different mechanisms to  treat faults. Results are obviously based on the tool core functionality and are not related to fault analysis or the ISO 26262 standard. We propose to address these challenges by leveraging a single platform where setup is easy and consistent. Consistent design and fault data is maintained across the core engines. Leveraging simple commands, a user can follow a suggested methodology.

2. Intuitive Fault Classification: Faults are classified based on Observability and Detectability. This kind of classification will not provide much information if the fault is not detectable. Also the fault status for Functional Safety is generally defined by the user, which can very inconsistent across organizations. We suggest a more intuitive way of classifying faults at various analysis stages, allowing all the engineers working on the design have the same understanding of the classification. This also extends to other organizations supplied with automotive IP from the methodology. Fault classification is maintained throughout different phases of the analysis.

3. Early and accurate feedback to FMEDA: The earlier a user can start building up FMEDA information, and the ease with which design changes and failure modes can be applied to the FMEDA is very important in the ISO 26262 development cycle. We will demonstrate how this early feedback and accurate information may be used to calculate FiT rates. We will also demonstrate how the Optima platform interfaces with the Ansys’ Medini product for FMEDA, showing how the Accellera FS white paper suggestions may be implemented today.

We also consider other challenges mentioned in the Accellera FS white paper and how these may be addressed leveraging advanced core verification engines.