Posts

ask the experts - question section

Ask the Expert: Reducing the Single Point Failure Count with Optimal Turnaround Time

Some designs have multiple Safety Mechanisms for failure detection. As practice shows, one of the Safety Mechanisms needs to be set as a detection point, fault simulation is to be performed. Despite a significant amount of fault simulations there will probably be some Single Point Faults (SPFs) that are not covered by the particular safety mechanism. These require experimentation with more detection points, increasing the number of simulations and time to results. This is quite time-consuming and resource intensive. So how can one effectively reduce SPF count with faster turnaround time?

What does Optima have to say about Single Point Faults?

Talking about ISO 26262, Single Point Faults are faults that violate the safety goal and do not have any safety mechanism covering them. SPFs will still be seen despite the safety mechanisms available in the design. One of the reasons for this can be that the identified detection strobes are not complete, or more than one safety mechanism is required.

Most of the EDA tools available in the market for Functional Safety (FuSa) verification require simulation to find potential SPFs. This increases simulation time and, as a result, time to market.

The Optima Safety Platform™ (OSP™) introduces a revolutionary technology through our integrated core engines exclusively for fault analysis, making this task very easy. Optima-SA™, the Static Analysis Engine from the OSP™, is designed to analyse failure modes and faults and deduce SPFs without simulation. Along with the SPFs, Diagnostic Coverage (DC) can be determined in zero time. Optima’s Coverage Maximiser, Optima-CM™, then performs static checks to understand the best safety mechanism/detection point to include in the analysis that can detect a failure.

The OSP™ Safety Setup captures the Failure Mode of the design as follow:

  1. Failure Strobes: Internal or primary output signals at which a fault can manifest as a failure.
  2. Detection Strobes: Safety Mechanism signals at which a fault can be detected.

 

Failure Mode graphic by Optima

Image 1: Failure Mode of the design

Unlike other EDA tool setups, the OSP™ safety setup does not require fault locations to be specified. Cone of Influence (COI) analysis is performed by Optima-SA™ to specifically find the relevant faults for further analysis. The following fault categories are identified after SA, as depicted in the picture below.

Fault categories graphic by Optima

Image 2: Fault Categories

Faults categories:

·         SI ➡ SAFE INVISIBLE 

SAFE: NOT Observed at Failure Strobe

INVISIBLE: NOT Observed at Detection Strobe

 

·         UI ➡ UNSAFE INVISIBLE No Safety Mechanism (SPF)

UNSAFE: Observed at Failure Strobe

INVISIBLE: NOT Observed at Detection Strobe

 

·         SV ➡ SAFE VISIBLE 

SAFE: NOT Observed at Failure Strobe

VISIBLE: Observed at Detection Strobe

 

·         UV ➡ UNSAFE VISIBLE Possible Detects (Diagnostic Coverage)

UNSAFE: Observed at Failure Strobe

VISIBLE: Observed at Detection Strobe

 

One way to reduce the SPF is to see if other failure modes defined for the design cover the SPF faults of the current analysis. Optima-SA™ allows the merging of several safety setups (failure modes) which in turn shows the percentage of changed faults in each category, based on the new merged safety setup. By merging the COI, the combined failure and detection strobe effect are analysed. The diagram below shows the effect of the merging process.

the merging process of detection strobes and failure strobes

Image 3: The merging process

FM1 has an F1 fault as UI (SPF) and an F2 fault as UV (Potentially Detectable). By merging with FM2, the new detection strobe DM2 covers both F1 and F2. So in the merged Safety Setup F1, which was UI (SPF), has been changed to UV (Possible Detect).

The OSP™ has an automated way to cover the UI (SPF ) faults to reduce the number of single point faults. Optima-CM™ (Coverage Maximiser) runs in both static and dynamic analysis. In Static Analysis, we can use the Optima-CM™ static capability to find the Safety Mechanism’s detection strobes. Once the analysis is performed, it reports detection signals in descending order, to cover the maximum faults by making that particular signal a detection strobe in the Optima Safety Setup.

Conclusion

Single point faults have to be reduced as a first step in Functional Safety Verification. This ensures that there are a minimal number of faults without any safety mechanism. The OSP™ revolutionary technology allows users to experiment with different safety mechanisms in the DUSA (“Design Under Safety Assessment”, shown in image 2) and choose the method to reduce SPFs.