Increasing diagnostic coverage for functional safety
To guarantee the safe operation of SoCs under harsh environment conditions, safety mechanisms are integrated that ensure a reliable, deterministic reaction to random hardware faults. In order to validate these safety mechanisms, the ISO 26262 and other standards demand a quantitative analysis of random hardware failures and their outcomes. A high ratio of detected or safe faults to all faults is required to meet these standards. This is hard to achieve with simulation-based fault injection alone, as certain faults are difficult to classify, such as non-propagatable faults.
OneSpin’s Fault Propagation Analysis App automatically identifies non-propagatable faults, allowing their safe elimination prior to simulation, thereby cutting on simulation and debug time while increasing the nominal fault coverage.
Increasing the Fault Detection Ratio
Fault propagation analysis comprises the injection of faults into the gate level models of integrated circuits during verification to prove that faults will be detected by a safety mechanism. These gate level models can be complex and contain numerous possible fault scenarios. In order to satisfy hardware safety goals, the number of “dangerous non-detected” faults must be minimized.
Fault simulation is a standard approach to determine fault metrics. Faults are stimulated and propagated to observation points, to ensure detection by a safety function. Any faults not activated or not propagated by the functional stimulus consume a high proportion of the simulation cycles. They are also difficult to debug when considering stimulus improvements. Thus, these faults often remain in the “not detected” group, detracting from the desired detection ratio.
In fact, faults that are not propagated can be classified as “propagatable” and “non-propagatable” faults. Non-propagatable faults can never lead to a malfunction of the system regardless of its state. Hence, they are safe and can be removed from the dangerous fault list, improving the fault metric. This is where formal technology can be effectively applied in an automated way using the OneSpin Fault Propagation (FPA) App.
Formal Fault Propagation Analysis with OneSpin
The OneSpin FPA App is applied to the overall fault population both prior to and after fault simulation. Operating in its “fast mode” the App is run pre-simulation, utilizing formal analysis to efficiently identify non-propagatable faults, thereby enabling the desired fault detection ratio to be rapidly achieved while avoiding unnecessary effort. These faults may be pruned from the fault list without the requirement for fault simulation test vectors. The entire fault-simulation process is significantly accelerated through the removal of this class of faults from those that need to be run in fault simulation.
Operating in its “deep mode” the App can be used to analyze non-propagatable faults identified during a simulation-based fault injection process to either improve the safety mechanism or to classify them as safe. This automated step greatly reduces the manual effort required post-fault simulation to identify any remaining dangerous faults. The analysis is accomplished without modification of the netlist - a requirement of the certification standards.
The only required input is a gate or RTL model for the component. The tool identifies fault locations where it already performs optimizations such as net collapsing to avoid duplications. Alternatively, a fault list or design areas of interest indication may be provided, which is used by the tool to refine the fault list.
Furthermore, an initial design state may be loaded to allow a context analysis. Such an analysis can be important to understand how faults behave when injected at a certain execution time.
After fault list creation, the tool performs a fully automated formal analysis to identify non-propagatable faults. After the analysis, the non-propagatable, as well as the potentially propagatable faults can be written into a simple CSV formatted text file for further processing. In addition, an analysis summary report is generated. A fast statistical analysis may also be performed where the fault list is sampled rather than analyzing all faults.
Formal fault propagation analysis can significantly reduce the fault classification effort, as well as streamline fault debug and safety mechanism refinement. It is an essential activity to make ISO 26262 standard compliance campaigns successful within modern budget and time-to-market constraints.
- White Paper: Using Formal to Verify Safety-Critical Hardware for ISO 26262
- White Paper: When correct is not enough – Formal verification of fault-tolerant hardware