Smart verification of hardware safety mechanisms
Random hardware faults can compromise the operation of electronic systems, ultimately causing harm to people. This is not acceptable in safety-critical applications, for example, in automotive, medical and aerospace. Functional safety standards, like ISO 26262 and DO-254, demand the integration of safety mechanisms, and this extra hardware must be rigorously verified to be standard-compliant. Engineers require a dedicated testbench to model and inject faults that activate safety functions. This ad hoc approach leads to sub-optimal solutions that are also harder to reuse across projects and teams.
OneSpin’s Fault Injection App automates the definition and injection of fault scenarios, eliminating the need of a separate testbench, thereby cutting on engineering effort while enabling a unified and standard-compliant formal verification flow.
Safety Mechanisms and Their Verification
Hardware safety mechanisms are necessary to guarantee determinist SoC behavior in the event of random faults. Typically, implementing hardware safety mechanisms involves some form of redundant logic that does not directly contribute to the implementation of the circuit’s mission function. In the presence of faults, this logic becomes truly active and is responsible to detect, possibly correct, and report these faults to relevant part of the system. Functional verification planning, tracking and execution of both mission and safety functions is critical to meet the strict demands of safety standards. Key aspects in the verification of safety functions are that they:
- do not interfere with the hardware functionality under normal operation
- detect faults and correctly route information (alarm, fault corrected, etc.) to the relevant part of the system
- improve system availability by correcting the effect of some faults
Safety mechanisms bring another dimension to the already complex and time-consuming task of functional verification. There are countless fault scenarios to examine and engineers often need a dedicated test environment to handle fault injection, related checkers, and coverage data.
The OneSpin Fault Injection App overcomes these problems by optimizing and automating the use of formal assertion-based verification (ABV) on hardware safety mechanisms.
Formal Fault Injection with OneSpin
The OneSpin Fault Injection App (FIA™) provides a simple and flexible interface to define and inject fault scenarios, with no need to change the design, go through complex code-instrumentation steps, or develop a dedicated verification environment.
A fault scenario can be seen as a set of faulty variants of the original design, the design under test (DUT). The first element of a fault scenario is the set of bit-level design signals where faults shall be injected. The other elements define when and which types of faults shall be injected. The original design corresponds to the particular fault scenario of no faults being present.
Users have the flexibility of defining custom fault scenarios, or pick predefined ones. A simple scenario could describe the injection of stuck-at-0 faults on all bits of a number of design signals, all the time. A custom scenario could describe the injection of a SEU fault, e.g. a bit-flip, in an arbitrary bit of a memory location, occurring only once and coinciding with some other condition, for example a memory read on a specific address. User assertions can be associated with specific fault scenarios, and powerful proof strategies are automatically setup to handle the simultaneous exhaustive verification of huge fault populations in large and complex designs. Moreover, dedicated debug features speed up the daunting task of examining assertion failures on fault-injected designs, where things can get quite confusing. Finally, OneSpin Quantify can measure the coverage of the overall set of assertions at the push of a button and expose both mission and safety-related functional areas that have verification gaps.
The Fault Injection App is applicable on both RTL and netlist designs.
The OneSpin Fault Injection App enables the efficient formal verification of hardware safety mechanisms and removes the need for a separate flow or environment. A simple interface and dedicated debug features allow for an optimized and reusable handling of fault scenarios, delivering the rigorous verification demanded by safety standards. The OneSpin Fault Injection App is available as part of OneSpin 360 DV-Verify.
- White Paper: Using Formal to Verify Safety-Critical Hardware for ISO 26262
- White Paper: When correct is not enough – Formal verification of fault-tolerant hardware