Startup Optima Design Automation has developed a suite of analysis tools that examine designs for their susceptibility to radiation-induced errors and which the company claims offers dramatic speed improvements over conventional fault-simulation techniques.
Although soft-error analysis can be used across a range of industries, from data-center computing to space, Optima’s main focus for commercialization at this stage is on automotive designs. Jamil Mazzawi, founder and CEO of the Narazeth, Israel-based company, said the tools in its safety platform are being evaluated at a number of automotive semiconductor providers.
Mazzawi claimed the company’s technology would make it much easier to build resilience to hard and soft errors into automotive silicon by focusing effort on circuits that are likely to be most susceptible, rather than forcing the use of techniques such as triple modular redundancy across entire SoCs or complete boards. He said he believes the use of this approach can lead to more ambitious SoC designs that can reach ASIL D compliance by avoiding the need to spread radiation hardening across the entire chip.
Although it is at its core a fault simulator, the Fault Injection Engine (FIE) that is used inside the Optima-HE and Optima-SE tools, for hard- and soft-error analysis respectively, employs a number of techniques derived from formal verification to narrow down the regions that need to be simulated. On top of that, Mazzawi said taking a new approach to fault simulation for this kind of analysis revealed dramatic speedups – of several orders of magnitude in some cases – over conventional approaches that borrowed from the world of device test. In principle, this makes it easier to analyze much larger SoCs that was possible using existing fault simulators.
One way in which the FIE technology cuts down on simulation time is through fault pruning. “It will analyze which parts of the chip will affect the safety goals and which can’t,” Mazzawi said, using the information derived from an ISO 26262 categorization process.
The analysis takes into account factors such as the detection logic that may already be implemented in the design and whether the logic cone from a fault in one section can influence the behavior of parts that are deemed safety critical. The latter can be treated as “safe invisible”; the former as “unsafe detected”. The focus is then on the classes of soft error that are both potentially unsafe and would go undetected in a live system.
Another technique Mazzawi calls fault collapsing, which performs only one stuck-at analysis for gates where it makes sense: for example, on the input and output of a NOT gate the two types of stuck-at fault will have the same effect.
Following the circuit analysis, the core fault simulation algorithm can be spread across many processors to gain further speedups.
For soft errors, Optima-SE will identify problems that can be caused by transient faults and help home in on elements such as flip-flops that can provide high resilience to these problems without forcing all the flip-flops to use area-intensive radiation-hardened structures. “It calculates for each flip-flop how important it is to the system and the probable impact it will have on the safety goal. If it has a low architectural availability factor – which can range from zero to one hundred – hardening may be unnecessary. For most cases, only about 10 percent of flops will score above 20,” Mazzawi said. That smaller subset can be the focus of any hardening. “You can probably solve your problems with a 2 to 3 percent silicon cost.”
The first pair of tools are available today. A version of Optima-HE to be released in the spring will include the CoverageMaximizer. The will use coverage analysis to identify areas of the device that can not be adequately tested and provide guidance on methods to improve visibility in those sections.