Recomendados
Recomendados
Mais conteúdo relacionado
Destaque
Destaque (11)
Semelhante a Jamil R. Mazzawi, Founder and CEO, Optima Design Automation
Semelhante a Jamil R. Mazzawi, Founder and CEO, Optima Design Automation (20)
Mais de chiportal
Mais de chiportal (20)
Último
Último (20)
Jamil R. Mazzawi, Founder and CEO, Optima Design Automation
- 1. May 9, 2016 1 Jamil R. Mazzawi Founder and CEO Amir Rahat VP RnD Self-driving Cars & Their Influence on the Automotive-Semiconductor Industry Designing Automotive chips and the long road to ISO-26262 compliance ChipEx2016
- 2. May 9, 2016 2 Changes in the Automotive semiconductor market Drive-by-wire ADAS Self-driving Sensor-fusion v2x Icreased semiconductor content per vhicel ($400/$1000) More semi. Companies entering this market Automotive has HIGH reliability requirments Historically, automotive used old silicon nodes (180nm 95nm) Increase need for performance Increased usage of modern tech. (45nm 26nm) in automotive In general modern technologies are less reliable ISO-26262 standard Functional Safety Standard
- 3. May 9, 2016 3 ISO-26262 • Functional safety standard • Governs all electronics systems in Automotive – Semiconductors – Software – PCB/Systems • Rev1: 2011 • Rev2: WIP, expected 2017
- 4. May 9, 2016 4 ISO-26262 • 5 Levels of Safety, given per feature in the system – QM – basic quality management – ASIL-A (lowest requirements of Functional Safety) – ASIL-B – ASIL-C – ASIL-D (highest requirements)
- 5. May 9, 2016 5 Hard Errors / Permanent FaultSoft-Errors / Transient-Fault • Caused by Cosmic radiation • Can cause the chip to halt operation • Relevant in all markets • Permanent damage to the chip • Caused by extreme working condition • Heat • Pressure • Radiation • Relevant in Automotive & Space • Examples: Stuck-at-0, Stuck-at-1… Two Main classes Of Faults To Consider
- 6. May 9, 2016 6 Methodology • PREVENT Use prevention techniques to lower the possibility of failure happening • CORRECT Use correction techniques to fix faults that happened • DETECT Put in place Safety Mechanism to detect the residual-fault (what happened and cannot be corrected) • FAIL-SAFE mode When a fault is detected, inform the upper system to take the right measure and enter a fail-safe mode Fail-safe can be a reduced functionality mode where some features are disabled example: ABS is disabled, but break-system works
- 7. May 9, 2016 7 Safety Mechanisms: Prevention vs. detection CORRECTION • TMR - Triple modular Redundancy – Flop-level – Unit-level, Core-level – Chip-level • ECC (single error) – Memory DETECTION • DMR – Dual Redundancy • ECC (two errors) • Parity bits • 2 Lock-Step CPUs PREVENTION • Flip-flop Level Hardening • Selective flip-flop level hardening
- 8. May 9, 2016 8 ASIL level determination • What is the residual FIT rate – After all preventions and correction, how often faults will happen • Coverage: When a fault happen, what is the probability it will be detected • How fast it can be detected? • Which fail-safe mechanism is implemented? ASIL-A, ASIL-B, ASIL-C or ASIL-D
- 9. May 9, 2016 9 Challenges designing and certifying for ISO-26262 (A) Soft-errors/transient faults • Measure deration • Selective hardening • Calculate derated FIT rates (B) Safety mechanisms implementation • Diagnostic SW test • Lockstep CPU • ECC/CRC/Parity • Diagnostic HW BIST (C) Safety mechanism coverage: • Measure coverage • Boost coverage (ASIL-C to D) (D) Reporting for Audit and Certification: • Calculate ASIL level • Output reports in right format (E) Compute Resources Each step requires immense amount of simulation time!
- 10. May 9, 2016 10 FIE – Fault Injection Engine Soft-error and Hard-Error fault simulator Sensitivity report (for hardeninig)RTL/ Gate-level Optima’s solutions: CosmicASIC™ & AutoCHIP™ Safety mech. Coverage resuts ASIL calculations Audit trail (for certification)Coverage goal Safety goal
- 11. May 9, 2016 11 Jamil R. Mazzawi Founder and CEO jamil@optima-da.com Amir Rahat VP RnD amir@optima-da.com