Austemper tools straddle the functional-safety flow
Austemper Design Systems has launched a portfolio of tools that span the development lifecycle of projects that need to demonstrate functional safety.
Founder and CEO of Austemper said the tools resulted from experience in enterprise computing hardware design and the lack of IP that supports the types of redundancy needed for those projects and in safety-critical systems. The work at Austemper has taken in input from the automotive sector to support the development of a set of tools that focus on functional safety.
“Functional safety is a challenge shared by the automotive, medical, industrial and enterprise markets,” Pillay said.
A flow that uses all four of Austemper’s tools starts with SafetyScope. “It’s used to find out where you stand with respect to FiT [failures-in-time] rate,” Pillay said.
The SafetyScope tool provides estimates of how well safe operation of the target system is supported by its diagnostics checks. The tool takes in a mission profile and descriptions of the diagnostic coverage mechanisms. It applies values from standards such as ISO26262 and ISO61508 and produces the FiT rate estimate. The tool can run hierarchically to improve runtime.
Adding diagnostics
“The next step is to go in add more diagnostic coverage,” Pillay said. “So we have safety synthesis tools to add the necessary coverage mechanisms.”
This is where Pillay found a gap in the market. “We found there are not a lot of people supporting functionally safe embedded IP. We found we were either compromising on functionality or we were buying in the functionality and then adding functional safety by hand.
“So we started the company with Annealer and Radioscope to take IP and harden it. Annealer is the big hammer and Radioscope is more fine-grained,” he said.
Annealer performs tasks such as replicating blocks and state machines and then adding voting or error-checking logic to the resulting array to detect faults or correct for them. “Radioscope runs at the flip-flop level. Things you can do with it include adding parity or ECC to a bank of flops.”
Finally, Kaleidoscope performs fault simulation to discover whether the various diagnostics miss critical faults. But, having implemented a simulator from the ground up for safety work, the company expects it to perform much more quickly than traditional simulators that have been derived from tools originally developed for ASIC-oriented fault simulation. The simulator can operate using RTL rather than demanding a gate-level netlist.
Optimizing simulation
The tool uses the outputs from SafetyScope to build a netlist that can be used for efficient fault injection. “If you have a third-party tool we can take results from that, but they work better if you use them together,” Pillay claimed.
“The unique thing we do take in RTL and an LEC equivalence file and work at RTL,” he added. Another input is a VCD file that is used to target parts of the netlist in a simulation campaign that supports automated parallelization.
The simulator uses a spatial and temporal analysis based on the VCD file to breaks the design into elements that can run in parallel on the same workstation. Multiple servers can then be deployed to run a set of simulation runs in parallel for further speedups.
Stay at RTL
Although the tool can be run on gate-level netlists and one early-access customer does this, Pillay says the company’s recommendation is to work for much of the time at RTL. This has the benefit of making it easier to support fault simulation before reaching the full-chip integration and signoff stage.
“Think of it as being similar to a power-estimation flow. The diagnostics numbers will move around during design but you can get an early look at coverage at RTL and get more coverage upfront. By the time you get to the end, it’s more of a confirmatory test rather than then taking six months to insert all of the diagnostics you suddenly find you need.
“Annealer and Radioscope work at RTL. They input RTL and output RTL. We want our customers to avoid a gate-level flow if they can,” Pillay explained.
To ensure that the synthesized structures are not compromised by test insertion, the Annealer and Radioscope tools create LEC scripts that can be used to check that changes do not alter the intent of the added logic in the final netlist. “The structures we add are inherently test-safe. We don’t do asynchronous resets for example,” he said.