Optima-SE™: Optima’s Soft Error Analysis Solution

Optima-SE™ has the following specifications:

• Ultra-fast fault analysis reduces months of simulation to days
• Auto-iterative hardening analysis ensures optimum flip-flop usage
• Final device power consumption minimized while maintaining ASIL rating

Transient faults, or soft errors, are one of the most complex fault types that must be eliminated in an automotive device as noted in ISO 26262. Soft errors are temporary state changes in flip-flops or memories that last for a short time. If these occur at just the wrong time in the device operation process, they have the potential to disrupt normal device operation and cause a hazard.

Soft errors in flip-flops are usually remedied by using Dual or Triple Modular Redundancy (DMR/TMR).  The flip-flop there is duplicated or triplicated and the output of the two or three flops compared. If one of the flops is different from the other(s), an error has occurred. This “hardening” of the flop can be applied to every flip-flop in the design, resulting in an average 70% increase in silicon usage, assuming DMR.

Depending on the logic of the design, it is not necessary to harden most flops. As a matter of fact, temporary faults will be masked by the rest of the design logic and/or will not cause an unsafe condition. The Architectural Vulnerability Factor (AVF) of a flip-flop provides measure of the probability of an error on the flop making it to a safety goal output. Only flops with a high AVF need to be hardened to achieve a high ASIL rating. Often this may be 5% or fewer of all the flops, with a considerable saving in power consumption and silicon area versus hardening all the flops in the design.

To measure AVF requires fault simulation. Unfortunately, traditional fault simulators will take many 1,000s of hours to provide an accurate measure across the device. This is where Optima-SE™ plays a key role.

Device Hardening and Verification Process

Leveraging Optima’s Fault Injection Engine (Optima-FIE™) technology, the calculation of the AVF may be accelerated to just a few hours by Optima-SE™. Optima-SE™ starts by measuring the Failure-In-Time (FIT) rate by running an exhaustive simulation of the device. All these is done while injecting faults, one by one, on every flip-flop. This produces an AVF for each flop. Hardening is then applied to every flop with an AVF greater than 20%, and the fault simulation rerun. This process is repeated while adjusting the hardening application, until the required FIT rate is achieved. The overall FIT rate should be reduced to a factor great than 99% for the device to be considered safe to the ASIL-D level.

Optima-SE™ Inputs/Outputs and User Interface

Optima-SE™ provides all of the calculations to produce the AVF reports and the FMEDA parameters to calculate the ASIL-D rating. Moreover, it provides certification audit information. Its debug environment reveals critical flip-flop coverage detail to allow engineers to easily hone in on issues.

The use of Optima-SE™ transforms complex fault simulation processes that may take many months and lead to indeterminate results. It allows this task to be performed in just a few days. At the same time automating information output to complete an ISO 26262 audit easily and reliably.

Memory bit flips are also a major issue in automotive devices.  Memory reliability is often handled using Error Correcting Codes (ECC). There the memory words are encoded before writing, and then decoded. Coding systems such as Hamming Codes allow single bit changes to be switched back to their correct values and dual bit changes to at least be recognized as a fault.

The ECC safety handling circuit must also be tested using fault simulation where faults are injected on each memory bit and the simulation run to ensure the faults are correctly handled. Similarly to the flip-flop case, these soft errors must also be eliminated to a level greater than 99%.

Together with other products from Optima Safety and Security Platform (OSSP), Optima-SE™ has received TUV Nord Certification for ISO 26262 ASIL-D Functional Safety Verification, as well as ASIL-D READY Functional Safety Certification from SGS-TÜV Saar.