Achieving safety and security in SoC development
The rapid introduction of mandatory safety features and near-ubiquitous driver-assistance systems to modern vehicles is likely to drive brisk growth in the automotive semiconductor sector over the next few years. Market research firm IC Insights forecasts that the automotive IC market will grow at an average 10.8% per year through to 2018, and perhaps beyond.
Companies that want to expand into this and similarly attractive new markets from a base in another sector, such as consumer electronics, will have to learn a whole new set of development procedures. Applications such as back-up cameras, lane–keeping and eCall emergency assistance all have safety implications that require close scrutiny of hardware and software development processes to ensure compliance to the automotive safety standard ISO26262.
Let’s consider a lane-keeping assistant as an example. A hazard analysis might identify lane departure as a hazard and derive a functional safety requirement to “manage excessive motor torque”. This might be achieved by detecting excessive torque, providing a driver alert, diagnostic logs and system deactivation. An Automotive Safety Integrity Level (ASIL) will be assigned through a risk analysis and by combining Severity, Exposure and Controllability. The lane-keeping assistant is likely to be assigned ASIL D, the highest classification, which represents likely potential for severely life-threatening or fatal injury in the event of a malfunction. This requires the highest level of assurance that the dependent safety goals are sufficient and have been achieved.
Take automotive connectivity as another example. The increasing amount of data flowing to and from vehicles creates a security risk, which needs to be considered during any hazard analysis and mitigated during hardware and software development to avoid introducing security vulnerabilities. Much like safety, security needs to be considered throughout the development process, from initial architecture through to code development and testing strategies.
For compliance to ISO26262 and other standards (such as DO254/178 for avionics) both the hardware and software development must follow stringent processes.
For example, a full requirements analysis must be performed involving all stakeholders. The resulting system requirements must be partitioned between hardware and software and traced through the development processes (which are still typically assumed to follow a V-model). This traceability includes both the hardware verification and software testing that provides the proof of implementation. TVS strongly advocates achieving this traceability through a requirements-driven verification approach, in which verification tasks are linked back to the requirements and features from which they are derived.
These tasks are becoming increasingly varied as companies adopt advanced verification techniques. For example, higher levels of safety will require detection of memory errors using ECC (error correction codes), which might best be verified through formal verification at the block level, simulation at the SoC level, and emulation for HW-SW co-verification. Keeping track of verification results generated by each of these approaches, and correlating their results across the entire development cycle, becomes a challenge in itself. TVS’s asureSIGN requirements-driven management and verification tool enables results from a wide range of hardware verification and software-testing techniques to be collected in a results database than can record historic verification results. This is important for tracking progress through the project and for safety compliance, which mandates retention of verification results.
New entrants to the automotive IC sector, especially those whose current main concern is time-to-market, may need to substantially update their development processes. For example, they often use internal scripts as part of the CAD flow – and these will have to be qualified, even though the work required to qualify such scripts often outweighs their usefulness.
Beyond the automotive sector, many opportunities are emerging through Internet of Things strategies, such as drones, smart cities and automated health care, all of which have obvious safety and security issues. Companies that want to enter these markets will need to review their development practices to ensure they comply with the relevant industry safety standards.
To help systems developers understand the challenge, TVS is collaborating with partners OneSpin and Emenda on a seminar entitled “Achieving Safety Compliance in Hardware and Software Development”. OneSpin is a formal verification vendor and will demonstrate how hardware functions such as ECC can be verified through property checking. Emenda is a tool supplier that will present a new approach to software testing for certified projects, covering dynamic testing, source code analysis, and architectural and security concerns for the main software standards IEC 61508, IEC 62304, DO-178 and ISO 26262. TVS will be outlining how to follow a requirements-driven approach to safety compliance.
The “Achieving Safety Compliance in Hardware and Software Development” seminar is being held in Munich on 18 May and is free to attend in person or online. Registration and further details of the event can be found here.
TVS (Test and Verification Solutions Ltd) provides services and products to organisations developing complex products in the microelectronics and embedded systems industries. Such organisations use TVS to verify their hardware and software products, employ industry best practice and manage peaks in development and testing programmes. TVS’s embedded software testing services includes onsite/offshore testing support including assistance with safety certification and security testing. TVS hardware verification services include onsite/offshore verification support and training in advanced verification methodologies. TVS also offers verification IPs and its own verification (EDA) signoff tool.
Dr. Mike Bartley – TVS
+44 7796 307958