Cadence targets ISO 26262 with verification support
Cadence Design Systems has launched a verification environment around its vManager software that targets organizations building ICs and systems that conform to the ISO 26262 safety standard.
The Functional Safety Verification Solution includes a new simulation engine that provides a tenfold speed boost through the use of compiled code over the venerable Verifault-XL tool, which uses an interpreted simulation engine.
Adam Sherer, director of product management for verification at Cadence, said: “We are aiming at ISO 26262 but it’s applicable to any safety-related standard, such as IEC 61508. We believe [these concerns] will also move into consumer electronics as well, where it’s a need for dependability and not so much safety. If you have a TV in your home and that system every so often locks ups and you have to reboot it, you will simply buy a different brand next time.”
The Incisive Functional Safety Simulator is built on the Incisive simulation engine, providing a new engine designed to handle fault simulation. As well as traditional stuck-at faults the engine simulates the behavior of circuits hit by single-event upsets and single-event transients that are typically radiation-induced. As automotive companies move to denser process nodes, soft errors as well as stray electromagnetic (EM) interference are becoming increasing problems, potentially triggering serious but hard to replicate errors.
Image The Cadence/Yogitech functional safety flow
The tool injects errors into the design under test to determine how it behaves such as whether the error is trapped or goes undetected by the system’s own logic – these results are captured by vManager and fed to a safety-report module.
In contrast to Verifault-XL which injected faults at simulation time, the new tool obtains a speedup by creating the fault during the elaboration phase ahead of compilation to run on the Incisive engine. This is particularly important for the SET and SEU-type faults as they are much more processor-intensive than traditional stuck-ats, Sherer said.
The way that the design is architected means the simulation engine handles one fault at time. Sherer argued this fits the environment of many users now, who have adopted multi-computer regression environments. “It’s the way we believe customers should be doing verification in general. We are extending that to safety.”
Fault pruning
As exhaustively simulating all nodes in a design is likely to take a very long time and be highly wasteful, as some types of logic are far more susceptible to SETs or SEUs than others, Cadence has teamed up with Italian specialist Yogitech, which has developed tools to help build safety verification plans. This plan drives the generation of faults and provides something that the safety reports can trace back to.
Sherer said Cadence is talking to users to determine what other types of fault model need to be included. Today the product is purely digital in nature, but analog fault models could appear over time. “You can expect more products to come from Cadence,” said Sherer. “As the [ISO 26262] standard defined, this is good enough. But as I go out and speak to the user companies, they themselves are trying to get there arms around what constitutes a sufficient process. Every time I meet a user group, questions come up about analog fault injection and system-level considerations such as, how do I fault a transaction? You need to write the right error-checking architecture for a system long before you get to silicon.
“We are trying to circle the whole ocean but we can’t do everything at once. We moving methodically,” Sherer said, adding that methodologies need to be developed to better understand how the more advanced fault models would be used.
